Features Introduced in February 2022
Table of Contents
Prisma Cloud Enterprise Edition
Expand all | Collapse all
-
-
- Features Introduced in September 2023
- Features Introduced in August 2023
- Features Introduced in July 2023
- Features Introduced in June 2023
- Features Introduced in May 2023
- Features Introduced in April 2023
- Features Introduced in March 2023
- Features Introduced in February 2023
- Features Introduced in January 2023
-
- Features Introduced in December 2022
- Features Introduced in November 2022
- Features Introduced in October 2022
- Features Introduced in September 2022
- Features Introduced in August 2022
- Features Introduced in July 2022
- Features Introduced in June 2022
- Features Introduced in May 2022
- Features Introduced in April 2022
- Features Introduced in March 2022
- Features Introduced in February 2022
- Features Introduced in January 2022
- Limited GA Features on Prisma Cloud
- Look Ahead—Planned Updates on Prisma Cloud
- Prisma Cloud Known Issues
-
-
- Features Introduced in September 2023
- Features Introduced in August 2023
- Features Introduced in July 2023
- Features Introduced in June 2023
- Features Introduced in May 2023
- Features Introduced in April 2023
- Features Introduced in March 2023
- Features Introduced in February 2023
- Features Introduced in January 2023
- Features Introduced in December 2022
- Features Introduced in November 2022
- Features Introduced in September 2022
- Features Introduced in July 2022
- Features Introduced in June 2022
- Features Introduced in March 2022
- Features Introduced in February 2022
- Look Ahead — Planned Updates on Prisma Cloud Compute
- Prisma Cloud Compute Known Issues
-
-
- Features Introduced in September 2023
- Features Introduced in August 2023
- Features Introduced in July 2023
- Features Introduced in June 2023
- Features Introduced in May 2023
- Features Introduced in April 2023
- Features Introduced in March 2023
- Features Introduced in February 2023
- Features Introduced in January 2023
-
- Features Introduced in December 2022
- Features Introduced in September 2022
- Features Introduced in August 2022
- Features Introduced in July 2022
- Features Introduced in June 2022
- Features Introduced in May 2022
- Features Introduced in April 2022
- Features Introduced in March 2022
- Features Introduced in January 2022
- Look Ahead—Planned Updates on Prisma Cloud Application Security
-
Features Introduced in February 2022
Learn what’s new on Prisma™ Cloud in February 2022.
New Features Introduced in 22.2.2
New Features
FEATURE | DESCRIPTION |
GA Knowledge Center | Knowledge Center provides in-product and in-context guidance based on your current workflow without taking you away from the Prisma Cloud app.Access the Knowledge Center on the lower left navigation to see content relevant to what you are trying to accomplish at that particular moment. The topics listed under the Knowledge Center get auto-refreshed when you move to a different page. ![]() |
Improved Alert Rule Workflow | The improved and intuitive Add Alert Rule modal with a faster loading UI provides a better user experience. You can select the optional Alert Notifications, Auto-Remediation, or Auto-Actions ^Limited GA^ settings up front while creating an alert rule. ![]() The Alert Rules also includes a summary page where you can review your selection. |
API Ingestions | AWS Storage Gateway aws-storage-gateway-fileshare Additional permissions required:
|
AWS Storage Gateway aws-storage-gateway-information Additional permissions required:
| |
Amazon Lightsail aws-lightsail-instance Additional permission required:
On Prisma Cloud, the keyonlytags tag value is only displayed for the resources with key only tags that are present in AWS Lightsail instances. | |
Azure Log Analytics azure-log-analytics-workspace Additional permission required:
| |
Update AWS GuardDuty Detector API | The aws-guardduty-detector API is updated to include two new fields, accountId and relationshipStatus in the JSON as shown below:
|
Update Permission in the AWS CFT | The AWS CFT for Monitor now includes additional permissions for EKS Auditing for onboarded cloud accounts. The AWS CFT for Monitor and Protect includes additional permissions for Agentless scanning on EC2 for onboarded cloud accounts. |
Removal of Support for Deprecated RQL Query Format | The config where , event where , and network where query formats are no longer supported.
|
New Policies and Policy Updates
See the look ahead updates for planned features and policy updates for 22.3.1.
POLICY UPDATES | DESCRIPTION |
Policy Updates | Improved Anomalous Compute Provisioning Policy For improving the detection capability and reducing the false negative rate of the Anomalous Compute Provisioning policy, it has been moved from subject-based modeling to cloud account-based modeling for volumetric detection. The activity from all subjects, for example, user accounts belonging to the same account are now part of the model. Those with no or low activity during the training period qualify for anomaly detection, provided there are sufficient events at the account level. |
REST API Updates
CHANGE | DESCRIPTION |
New Policy API Endpoint to Validate a Policy Rule | The following new Policy API endpoint is available. It enables you to validate a policy rule without creating a policy: |
Host Findings Count in Network Anomaly Alerts | The response object of the following API request no longer includes the host findings count:
Specifically:
You can still access host findings data through:
|
New Features Introduced in 22.2.1
New Features
FEATURE | DESCRIPTION |
Network Exposure of Cloud Resources | Prisma Cloud Network Security helps enhance your network security posture within public cloud environments. Its Network Analyzer engine automatically calculates net effective reachability of your cloud resources such as EC2, RDS, and Redshift ENIs. In addition, it helps detect unrestricted network access from the Internet or external network domains. Using the RQL query on the Investigate page, you can understand the reachability of your cloud assets and also validate if someone exploited the overly permissive network access.![]() Network exposure queries are currently supported only on AWS. Network exposure queries are currently not available in Government and China regions. |
GA Adoption Advisor | Tracking and measuring your adoption of new features and existing capabilities on Prisma Cloud just got easier! The Adoption Advisor is generally available to all and gives visibility into your adoption journey, identifies your unexplored features, helps you make the most of your investment, and provides guidance on where to take action. ![]() |
ServiceNow Test Incident Improvement | The Prisma Cloud integration with ServiceNow has been improved to generate only one test incident for the Open , Dismissed , or Resolved alert notification states configured within a notification template.With this change, when you test a new integration, only a single incident is sent to your ServiceNow instance as it transitions through the different alert states. ![]() This change is only applicable to the Incident and Security types in ServiceNow. |
Change in Existing Behavior VM Count on Asset Inventory | The Asset Inventory page double counts the number of Azure VMs in your deployment.To address this issue, the 22.2.1 release includes a fix that will reduce the Azure VM count in half (drop of around 50%) in the Asset Inventory. With this change, there is no impact on RQL or licensing. |
API Ingestions | AWS CodeArtifact aws-code-artifact-repository Additional permissions required:
|
AWS CodeArtifact aws-code-artifact-domain Additional permissions required:
| |
Azure Traffic Manager azure-traffic-manager-profile Additional permission required:
| |
Azure Quantum azure-quantum-workspace Additional permission required:
| |
Google Identity Aware Proxy gcloud-identity-aware-proxy-client Additional permissions required:
| |
OCI Networking oci-networking-routetable The permission required is:
| |
OCI Networking oci-networking-internetgateway The permission required is:
| |
OCI Networking oci-networking-drgattachment The permission required is:
| |
OCI Networking oci-networking-drg The permission required is:
| |
OCI Networking oci-networking-localpeeringgateway The permission required is:
| |
OCI Networking oci-networking-natgateway The permission required is:
| |
OCI Networking oci-networking-servicegateway The permission required is:
| |
OCI Networking oci-networking-dns-zone The permission required is:
| |
Update API Ingestion—SNS Subscription Attributes | The following API will no longer be ingested due to a high number of alerts generated:
Impact— Alerts will be resolved as Policy_Updated. |
New Policies and Policy Updates
POLICY UPDATES | DESCRIPTION |
New Policies | Azure MySQL Database Server using insecure TLS version Identifies Azure MySQL Database Servers which are using the insecure TLS version. As a best practice, use the newer TLS version as the minimum TLS version.
|
Azure Storage Account using insecure TLS version Identifies Azure Storage Accounts which are using the insecure TLS version. As a best practice, use the newer TLS version as the minimum TLS version for Azure Storage Accounts.
| |
GCP VM instance OS login overrides Project metadata OS login configuration Identifies GCP VM instances where the OS Login configuration is overriding the project OS Login configuration. Enabling OS Login ensures that the SSH keys used to connect to instances are mapped with IAM users. Revoking access to an IAM user will revoke all the SSH keys associated with that user—it facilitates centralized and automated SSH key pair management which is useful in handling cases like a response to compromised SSH key pairs.
| |
New Anomaly Policies | There are 16 new UEBA anomaly policies to detect user activity from the TOR anonymity network. TOR is often used by hackers to hide their identity so that their suspicious operations like creating copies of VM images won’t be traced back to them. Each policy corresponds to one of the different service groups available in AWS, Azure, and GCP—for example—analytics, containers, compute, security, storage, and web. All the policies are classified as high severity and identify defense evasion and impact attack tactics listed in the MITRE ATT&CK framework. The policies are disabled by default, but customers can manually enable them according to their security needs and the cloud services used in their environments. Here’s the list of UEBA policies:
|
Reduction of Alerts for Anomaly Policies | The following anomaly policies have a reduction from high to medium:
The following anomaly policies have a reduction from high to low:
|
New CNS Policies | AWS Redshift managed ENI reachable from any untrust internet source Identifies Network interfaces attached to the Redshift cluster that are exposed to inbound traffic from any untrusted Internet source. Redshift clusters exposed to the Internet are prone to external security threats. As a best practice, restrict network interfaces that are attached to the Redshift cluster to known hosts or services only. |
AWS RDS managed ENI reachable from any untrust internet source Identifies Network interfaces attached to RDS instances that are exposed to inbound traffic from any untrusted Internet source. RDS instances exposed to the Internet are prone to external security threats. As a best practice, restrict network interfaces that are attached to the RDS instance to known hosts or services only. | |
AWS EC2 instance allows outbound unrestricted access (0.0.0.0/0) to the internet Identifies EC2 instances that allow unrestricted outbound traffic to the Internet. As a best practice, restrict outbound traffic and limit the access to known hosts or services. | |
AWS EC2 instance that is internet reachable with unrestricted access (0.0.0.0/0) other than HTTP/HTTPS port Identifies AWS EC2 instances that are reachable from the Internet with unrestricted access (0.0.0.0/0) other than HTTP/HTTPS port. EC2 instances with unrestricted access to the Internet enable bad actors to use brute force on a system to gain unauthorized access to the entire network. As a best practice, restrict traffic from unknown IP addresses and limit the access to known hosts, services, or specific entities. | |
Delete AWS Security Group Related Policies | Changes– The following config policies are deleted because Cloud Network Analyzer provides you alerts for resources which are truly exposed to the Internet. You can create custom policies to alert on specific ports:
Impact– Previously generated alerts will be resolved as Policy_Deleted. The compliance reports for the following are impacted: APRA (CPS 234) Information Security, AWS Foundational Security Best Practices standard, CIS Amazon Web Services Foundations Benchmark v 1.4.0, Cybersecurity Maturity Model Certification (CMMC) v.1.02, Cloud Security Alliance Cloud Controls Matrix (CCM) Version 4.0.1, HITRUST v.9.4.2, ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, Brazilian Data Protection Law (LGPD), MAS TRM 2021, MLPS 2.0, MPAA Content Protection Best Practices, NIST SP 800-171 Revision 2, NIST SP 800-172, NIST 800-53 Rev4, NIST 800-53 Rev 5, NIST CSF, New Zealand Information Security Manual (NZISM v3.4), PCI DSS v3.2.1, Risk Management in Technology (RMiT), CCPA 2018, CSA CCM v3.0.1, GDPR, HITRUST CSF v9.3, MITRE ATT |
Delete Policies to Reduce Alert Fatigue | The following policies are deleted to reduce the number of alerts you receive:
Impact– All open alerts will be resolved as Policy_Deleted. In addition, the reports for the following standards are impacted: APRA (CPS 234) Information Security, AWS Foundational Security Best Practices standard, Cybersecurity Maturity Model Certification (CMMC) v.1.02, Cloud Security Alliance Cloud Controls Matrix (CCM) Version 4.0.1, HITRUST v.9.4.2, ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, Brazilian Data Protection Law (LGPD), MAS TRM 2021, MLPS 2.0, NIST SP 800-171 Revision 2, NIST SP 800-172, NIST 800-53 Rev4, NIST 800-53 Rev 5, NIST CSF, New Zealand Information Security Manual (NZISM v3.4), PCI DSS v3.2.1, Risk Management in Technology (RMiT), CCPA 2018, CSA CCM v3.0.1, HITRUST CSF v9.3, MITRE ATT&CK version 6.3, MITRE ATT&CK v8.2, PIPEDA, SOC 2, and MITRE ATT&CK v10.0. |
Policy Deletion | GCP sink not configured to export all log entries This policy is deleted as GCP started supporting two cloud logging buckets named _Default and _Required. These two buckets can’t be modified and when combined, store all the logs specific to a GCP project.Impact— Previously generated alerts will be resolved as Policy_Deleted. |
Policy Updates—Metadata | Reduce Severity of CIS Policies Changes— Cloud Network Analyzer replaces the following config policies to alert for resources that are truly exposed to the Internet; the severity of these policies are changed from high to low:
Impact– No impact on existing alerts. |
New Compliance Benchmarks and Updates
COMPLIANCE BENCHMARK | DESCRIPTION |
Update Azure CIS v1.4.0 | The Azure Storage Account using insecure TLS version policy has been mapped to Azure CIS v1.4.0, section 3.12.Impact— No impact on existing alerts. The compliance score may be impacted because a new mapping has been added. |
Change Anomaly Policies No Longer Mapped to Compliance Standards | Anomaly policies are no longer mapped to any compliance standard supported on Prisma Cloud, except for the MITRE ATT&CK framework. |
REST API Updates
CHANGE | DESCRIPTION |
CSPM API for Adoption Advisor | A new Adoption Advisor API enables you to explore data about the security capabilities you’ve adopted. It also uncovers unused capabilities that might optimize your security hygiene. |