Features Introduced in July 2021

New Features

FEATURE
DESCRIPTION
Account Owner Details For Azure and GCP Accounts
Prisma Cloud now displays the account owners associated with the Azure and GCP cloud accounts in a new column in the details from
Alerts
Overview
.
When you filter for the GCP and Azure cloud types on
Alerts
Overview
, and click the link in the
Alerts
column, the
Violating Resources
table displays.
The
Account Owners
column displays up to five account owners associated with a cloud account in alphabetical order; this column will display by default, but if no values are present then this column will be grayed out. For offline access, when you download ( ) the list of resources the
Account Owners
information is included in the CSV file.
You must be on the Alerts subsystem 2.0 to view the account owner column. To identify the alerts subsystem version on your Prisma Cloud instance, select
Alerts
Overview
and check for the
Version: 2
above the filter ( ) icon.
Support for Europe Central 2 region on GCP
Prisma Cloud can now ingest data on your resources deployed in the GCP Warsaw region 'Europe Central 2'.
Filters
Change in Behavior
When saving filters on
Alerts
Overview
, the time range is saved with the other filters you apply and the choices are preserved for the session.
If you apply a saved filter that has fewer filters than your current preserved session, the additional filters will remain but the selections will be cleared out so that they are not applied, and you will see a combination of your saved filters and your current session filters.
API Ingestion
Google Cloud Task
gcloud-cloud-task
The permissions are included in the primitive Viewer role.

New Policies and Policy Updates

See Look Ahead—Planned Updates on Prisma Cloud to learn what’s coming soon.
POLICY UPDATES
DESCRIPTION
Azure Active Directory Security Defaults is disabled
Identifies Azure AD that has security defaults disabled which could impact alerts being generated for all Azure AD with this setting. This policy is mapped to CIS Azure 1.2.0, section 1.3.0, compliance standard 1.22.
config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-active-directory-enforcement-policy' AND json.rule = isEnabled is false
Azure AD Users can consent to apps accessing company data on their behalf is enabled
Identifies Azure AD which has the following setting enabled:
Users can consent to apps accessing company data on their behalf
. This could impact alerts being generated for all Azure AD which has this setting enabled. This policy is mapped to CIS Azure 1.1.0, sections 1.2.0 and 1.3.0, compliance standard 1.9.
config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-active-directory-authorization-policy' AND json.rule = permissionGrantPolicyIdsAssignedToDefaultUserRole[*] contains microsoft-user-default-legacy
GCP Storage Bucket should not log to itself
Identifies GCP storage buckets that are sending logs to themselves. When storage buckets use the same bucket to send their access logs, a loop of logs will be created which is not recommended. As a best practice, spin up new and different log buckets for storage bucket logging.
config from cloud.resource where cloud.type = 'gcp' AND api.name= 'gcloud-storage-buckets-list' AND json.rule = logging.logBucket equals $.name
GCP Storage Bucket is not configured with default event-based hold
Identifies GCP storage buckets that are not configured with default event-based hold. This setting enables you to protect individual objects which allows an object to persist in your bucket for a specified length of time after a given event occurs.
Policy descriptions update
The following policies descriptions have been updated:
  • AWS EMR cluster is not enabled with local disk encryption using CMK
  • AWS EMR cluster is not enabled with local disk encryption
The word
slave
was removed from the policy description.
Impact
—No changes on alerts.

New Compliance Benchmarks and Updates

COMPLIANCE BENCHMARK
DESCRIPTION
NIST CSF 1.1
The NIST Cybersecurity Framework v.1.1 compliance standard is being updated with more policy mappings across all clouds—AWS, Azure, Alibaba, GCP, and OCI.

REST API Updates

Change
Description
Cloud Account Owners for Azure and GCP
The response object for Alert endpoints will include an array that lists up to five account owners in a new attribute called
cloudAccountOwners
for the Azure and GCP cloud accounts.
In the
CloudResourceModel
object the new attribute
cloudAccountOwners
. is included for the following endpoints:
  • GET /v2/alert
  • POST /v2/alert

Recommended For You