Features Introduced in March 2020
Learn about the exciting new features introduced on Prisma
Cloud in March 2020.
Features Introduced on March 24, 2020
New Features
This release of Prisma™ Cloud includes these improvements:
Features | Description |
---|---|
(Beta) AutoFocus Integration on
Prisma Cloud | With the Prisma Cloud Enterprise Edition license,
threat feeds from AutoFocus, the cloud-based threat intelligence
service from Palo Alto Networks are now available to you. When Prisma
Cloud identifies a suspicious IP address, the threat feeds will
enable you to classify and view more information on the malicious
IP addresses with which the suspicious IP address is communicating,
and detect activity such as bit coin mining and the bad actors that
expose them to risk. You can take advantage of the threat feeds
without making any configuration changes on Prisma Cloud. |
![]() | |
Granular Licensing Data in CSV Format | To view data on hourly or daily licensed workloads
on Prisma Cloud, you can now download data on license usage in one
zip file that includes individual files for each cloud type that
Prisma Cloud monitors - AWS, Alibaba, Azure and GCP. For
a time period of 3 days or less, you can download hourly usage data,
and data on daily usage for a time period greater than 3 days. This
granularity enables you to review usage on a account group level
and manage internal charge backs within your enterprise. ![]() |
User Attribution for Azure Storage Blob Containers | Prisma Cloud now ingests data on the creation and
revision date of an Azure storage blob container. With user attribution,
you can now monitor who made changes using the Audit Trail in the
Resource Explorer for events related to Azure Storage Blob Containers
on the Prisma Cloud administrative console. ![]() |
Geo-Location for Port Scan And Port Sweep
Alerts | The alerts associated with an port scan and
port sweep activity triggered by an external entity, now include
geo-location data to help you identify the location of the IP address
from which the attack originates. ![]() |
API Ingestion Update | Prisma Cloud now ingests the following new
services to help build Config queries for investigating and analyzing
data:
|
Permissions Update for ServiceNow Integration | The Prisma Cloud integration with ServiceNow, no
longer requires you to grant the itil or
the sn_si.admin roles to the user account.
Review the updated list of permissionsrequired. |
Saved Search Additions | Use the following Saved Search to easily create
a policy and generate an alert if you want to check for:
![]() |
Features Introduced on March 10, 2020
New Features
This release of Prisma™ Cloud includes these improvements:
Features | Description |
---|---|
Support for Multi-Tenant Demisto Deployments | When you enable the Demisto integration on
Prisma Cloud, you can now add the tenant name of a Demisto instance
that is a part of a multi-tenant deployment. |
API Ingestion Update | Prisma Cloud now ingests the following new
services to help build Config queries for investigating and analyzing
data:
|
New Policies and Policy Updates
POLICY | DESCRIPTION |
---|---|
AWS Elastic Load Balancer v2 (ELBv2) with
listener TLS/SSL is not configured | Identifies AWS Elastic Load Balancers v2 (ELBv2)
that have TLS/SSL listener disabled, and therefore do not receive
traffic over a secure channel with a valid SSL certificate. |
Ensure a log metric filter and alarm exist for
Management Console sign-in without MFA | Monitors the AWS accounts that do not have
a log metric filter and alarm for AWS management console authentication
failures, when you do not have MFA enabled. |
AWS Log metric filter and alarm does not exist
for usage of the root account | Identifies AWS accounts that do not have a
log metric filter and alarm for monitoring the use of the privileged
root account for login. |
Azure SQL server audit action groups in auditing
policy are not set properly | Identifies Azure SQL servers that are not enabled
with AuditActionGroups to capture critical activities performed
on these servers. |
AWS CloudTrail logging is disabled | Identifies AWS CloudTrail for that do not maintain
an audit trail of activities across different services. |
Policy Updates | The AWS Config Recording is disabled policy
RQL is updated to include the count function. With this change,
instead of generating an alert at the account level, the policy
generates alerts for each region where AWS config recording is not
enabled to detect changes to resource configuration.The updated
RQL is config where cloud.type = 'aws' AND api.name = 'aws-configservice-describe-configuration-recorders' AND json.rule = 'status.recording is true and status.lastStatus equals SUCCESS and recordingGroup.allSupported is true' as X; count(X) less than 1 |
The following remediable policies have updates
to the remediation CLI that require additional permissions:
The
additional permissions required are: “Microsoft.Web/sites/config/write" ,
and "Microsoft.Web/sites/write" |
Recommended For You
Recommended Videos
Recommended videos not found.