Features Introduced in April 2023
Table of Contents
Prisma Cloud Enterprise Edition
Expand all | Collapse all
-
-
- Features Introduced in September 2023
- Features Introduced in August 2023
- Features Introduced in July 2023
- Features Introduced in June 2023
- Features Introduced in May 2023
- Features Introduced in April 2023
- Features Introduced in March 2023
- Features Introduced in February 2023
- Features Introduced in January 2023
-
- Features Introduced in December 2022
- Features Introduced in November 2022
- Features Introduced in October 2022
- Features Introduced in September 2022
- Features Introduced in August 2022
- Features Introduced in July 2022
- Features Introduced in June 2022
- Features Introduced in May 2022
- Features Introduced in April 2022
- Features Introduced in March 2022
- Features Introduced in February 2022
- Features Introduced in January 2022
- Limited GA Features on Prisma Cloud
- Look Ahead—Planned Updates on Prisma Cloud
- Prisma Cloud Known Issues
-
-
- Features Introduced in September 2023
- Features Introduced in August 2023
- Features Introduced in July 2023
- Features Introduced in June 2023
- Features Introduced in May 2023
- Features Introduced in April 2023
- Features Introduced in March 2023
- Features Introduced in February 2023
- Features Introduced in January 2023
- Features Introduced in December 2022
- Features Introduced in November 2022
- Features Introduced in September 2022
- Features Introduced in July 2022
- Features Introduced in June 2022
- Features Introduced in March 2022
- Features Introduced in February 2022
- Look Ahead — Planned Updates on Prisma Cloud Compute
- Prisma Cloud Compute Known Issues
-
-
- Features Introduced in September 2023
- Features Introduced in August 2023
- Features Introduced in July 2023
- Features Introduced in June 2023
- Features Introduced in May 2023
- Features Introduced in April 2023
- Features Introduced in March 2023
- Features Introduced in February 2023
- Features Introduced in January 2023
-
- Features Introduced in December 2022
- Features Introduced in September 2022
- Features Introduced in August 2022
- Features Introduced in July 2022
- Features Introduced in June 2022
- Features Introduced in May 2022
- Features Introduced in April 2022
- Features Introduced in March 2022
- Features Introduced in January 2022
- Look Ahead—Planned Updates on Prisma Cloud Application Security
-
Features Introduced in April 2023
Learn what’s new on Prisma™ Cloud in April 2023.
New Features Introduced in 23.4.2
New Features
FEATURE | DESCRIPTION |
Simplified Onboarding of AWS, Azure, and GCP Cloud Accounts | Prisma Cloud now provides a simplified onboarding experience to adapt to your security priorities in a streamlined manner with support for CSPM, CWPP, Data Security, and Identity Security grouped as Foundational and/or Advanced capabilities (with a few enabled by default). The updated onboarding workflow provides a Faster First Time to Value (FTTV) by allowing you to onboard your AWS, Azure, or GCP cloud accounts and selecting the security capabilities in fewer clicks. ![]() |
Support for New Regions on GCP | Prisma Cloud now ingests data for resources deployed in the Doha and Turin cloud regions on GCP. To review a list of supported regions, select Inventory Assets ![]() |
Addition of New IP Addresses | Prisma Cloud has added new NAT IP addresses to the existing list. Make sure to review the list and update the IP addresses in your allow lists. |
Enhancement Intelligent Network Graph Provides Contextual View | Enhancements to Prisma Cloud’s Investigate Graph provide you with a comprehensive understanding of where your assets are deployed, potential environmental vulnerabilities and their risk level, to help you determine if further investigation is warranted. The new Intelligent Network Graph now provides a contextual view of cloud traffic patterns by automatically grouping assets based on parent relationships and creating a top-down hierarchy for every IP address associated with Prisma Cloud monitored assets. Expand the graph to the level of the asset you’re investigating and select View Details link in the sidecar to analyze specific network traffic flows.You can also download a CSV report of the traffic flow of your entire network, a node, an instance, or a specific connection between a source and a destination node. You can save Searches under My Saved Searches . Use Saved Searches to create custom policies to generate alerts when a specific pattern of network flow is detected. |
Enhancement Adoption Advisor Thresholds | The thresholds on the Adoption Advisor are updated to give you a more accurate progress indicator for the following checks:
With this enhancement, your adoption progress should better reflect the checks you’re enforcing for your business needs, making it easier for you to see how well you’re doing. |
Enhancement IsSubset method for RQL _Set function | The _Set function is enhanced to add support for the _Set.isSubset method that enables you to identify whether a specific value or comma separated list of values returned by the JSON path of the resource is fully contained within the target list.The syntax is:
where <path> = JSON path <target_list> = a set of strings without any whitespace. Example:
|
API Ingestions
SERVICE | API DETAILS |
Amazon Firewall Manager | aws-fms-admin-account Additional permission required:
You must manually add the permission or update the CFT template to enable them. |
Amazon Firewall Manager | aws-fms-compliance-status Additional permissions required:
The Security Audit role includes the permissions. |
Amazon Firewall Manager | aws-fms-policy Additional permissions required:
The Security Audit role only includes the permission . You must manually add the permissions or update the CFT template to enable and . |
Update Amazon RDS | aws-rds-db-cluster This API is updated to include a new field in the resource JSON. |
Azure CDN | azure-frontdoor-standardpremium-origin-groups Additional permissions required:
The Reader role includes the permissions. |
Azure CDN | azure-frontdoor-standardpremium-security-policies Additional permissions required:
The Reader role includes the permissions. |
Update Azure Event Hubs | azure-event-hub-namespace This API is updated to include the following new fields in the resource JSON:
|
Update Azure Service Bus | azure-service-bus-namespace This API is updated to include a new field in the resource JSON. |
Google Cloud Function | gcloud-cloud-function-v2 Additional permissions required:
The Viewer role includes the permissions. |
Google Cloud Memorystore for Memcached | gcloud-memorystore-memcached-instance Additional permissions required:
The Viewer role includes the permissions. |
OCI Database | oci-database-autonomous-database Additional permission required:
You must download and execute the Terraform template from the console to enable the permission. |
OCI Database | oci-database-db-home Additional permission required:
You must download and execute the Terraform template from the console to enable the permission. |
OCI Database | oci-database-db-home-patch Additional permission required:
You must download and execute the Terraform template from the console to enable the permission. |
OCI Database | oci-database-db-system-patch Additional permission required:
You must download and execute the Terraform template from the console to enable the permission. |
OCI DataLabeling | oci-datalabeling-dataset Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI File Storage | oci-file-storage-mount-target Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI JMS | oci-jms-fleet Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI Service Mesh | oci-service-mesh-access-policy Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI Service Mesh | oci-service-mesh-virtual-deployment Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI Service Mesh | oci-service-mesh-meshes Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI Speech | oci-speech-transcription-job Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI Vision | oci-vision-model Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
OCI Vision | oci-vision-project Additional permissions required:
You must download and execute the Terraform template from the console to enable the permissions. |
New Policies
NEW POLICIES | DESCRIPTION |
Workload Protection Policies | For protecting hosts and containers from runtime incidents and detecting vulnerabilities on these workloads, you have 3 new out-of-the-box policies:
To find these policies, select Policies and filter on the Policy Type Workload Incident and Workload Vulnerability.The Apps Embedded detected with Runtime Incidents policy will only work for GCP GCR and AWS Fargate, not AWS EKS and Azure ACI. |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and unusual high volume data transfer activity | Identifies AWS EC2 instances which are publicly exposed, have critical or high vulnerabilities and high volume data transfer activity. The high volume data transfer could be a data exfiltration attempt. Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Attackers can exploit vulnerabilities on the EC2 instance to compromise the confidentiality, integrity and availability of the affected EC2 instance and perform malicious actions. If network connectivity with remote systems known for high volume data transfer activity is observed on a publicly exposed and exploitable EC2 instance, it could indicate that the instance is already under attack or has been compromised. Immediate attention is required to investigate the high volume data transfer activity, remediate the critical or high vulnerabilities and restrict the public exposure reported for the EC2 instance as soon as possible. Policy Severity— Critical. |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and cryptomining domain request activity | Identifies AWS EC2 instances which are publicly exposed and have exploitable vulnerabilities that are connected with remote systems known for cryptomining domain request activities. Cryptomining domain request initiates suspicious DNS queries to domain names that are associated with known crypto-mining pools to generate new coins in cryptocurrencies such as Bitcoin and Monero. The network connectivity with remote systems known for cryptomining domain request on a publicly exposed and exploitable instance indicates that the instance could be under attack or already have been compromised. Policy Severity— Critical. |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and DGA domain request activity | Identifies AWS EC2 instances which are publicly exposed and have exploitable vulnerabilities that are connected with remote systems known for DGA domain request activities. Domain generation algorithms (DGAs) are used to generate pseudo-random domain names, typically in large numbers within the context of establishing a malicious command-and-control (C2) communications channel. The network connectivity with remote systems known for DGA domain request activity on a publicly exposed and exploitable instance indicates that the instance could be under attack or already have been compromised. Policy Severity— Critical. |
Policy Updates
No Policy Updates for 23.4.2.
Changes in Existing Behavior
FEATURE | DESCRIPTION |
Rate Limit Exception for GCP APIs | The API calls from Prisma Cloud now use quota from the onboarded GCP Projects instead of the GCP Project where the service account is created. This change enables Prisma Cloud to ingest resource metadata across multiple projects without exceeding the GCP API rate limits. To ensure continuous insights into all of your GCP resources and to prevent rate limit exception errors, follow the steps listed in prerequisites to onboard GCP and make sure to complete them. If you use the Terraform template provided by Prisma Cloud, the required permissions to the GCP service account are automatically enabled. Impact — Not completing the tasks may result in rate limit exception errors for Prisma Cloud’s authorized API calls to GCP. |
Update for Google Compute APIs | Prisma Cloud now provides global region support, as well as a backend update to the resource ID for gcloud-compute-internal-lb-backend-service API. As a result, all resources for these APIs will be deleted and then regenerated on the management console.Existing alerts corresponding to these resources will be resolved as Resource_Updated, and new alerts will be generated against policy violations if any. Impact —You may notice a reduced alert count. However, once the resources for gcloud-compute-internal-lb-backend-service resume ingesting data, the alert count will return to the original numbers. |
REST API Updates
CHANGE | DESCRIPTION |
Cloud Accounts Endpoints | The following new endpoints are now available for the Cloud Accounts API:
|
Data Security Settings Endpoints | The following new endpoints are now available for the Data Security Settings API:
|
New APIs for Onboarding GCP Cloud Accounts | The following new endpoints are now available for the Cloud Accounts API.
|
New API to Get Cloud Account Deployment Types | The following new endpoint is added to get the deployment types of a cloud account. This endpoint is supported only for Alibaba account.
|
New Parameter Added for Alibaba Account | A new parameter deployment type is added to the request or response body of the following endpoints. This parameter is supported only for Alibaba accounts.
|
Deprecation Notice
FEATURE | DESCRIPTION |
End of Support for AWS Classic EC2 Service | The aws-ec2-classic-instance API is planned for deprecation at the end of April 2023. As AWS has announced the depreciation of the resource type, Prisma Cloud will no longer ingest the aws-ec2-classic-instance API. For more information, see Retiring EC2-Classic Networking. |
Prisma Cloud Data Security v1, v2 APIs | The following Prisma Cloud Data Security APIs (v1, v2) for AWS cloud account onboarding, data settings, data profiles, snippets, and data patterns are deprecated: Cloud Accounts Endpoints
Data Security Settings Endpoints
|
New Features Introduced in 23.4.1
New Features
FEATURE | DESCRIPTION |
Support for New Region on AWS | Prisma Cloud now ingests data for resources deployed in the Hyderabad cloud region on AWS. To review a list of supported regions, select Inventory Assets ![]() |
Enhancement OCI Terraform File Update | Prisma Cloud now supports over 100 IAM policy statements without requiring a service limit increase from OCI. With this change, you must update your existing Terraform file to enable read permissions for all the supported services necessary for an OCI tenant on Prisma Cloud. |
API Ingestions
SERVICE | API DETAILS |
Azure Virtual WAN | azure-vpn-server-configurations Additional permission required:
The Reader role includes the permission. |
Azure Virtual WAN | azure-p2s-vpn-gateway Additional permission required:
The Reader role includes the permission. |
Google Certificate Authority Service | gcloud-certificate-authority-certificate-template Additional permissions required:
The Viewer role includes the permissions. |
Google Traffic Director Network Service | gcloud-traffic-director-network-service-gateway Additional permissions required:
The Viewer role includes the permissions. |
Google Traffic Director Network Service | gcloud-traffic-director-network-service-mesh Additional permissions required:
The Viewer role includes the permissions. |
New Policies
NEW POLICIES | DESCRIPTION |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and malware activity | Identifies AWS EC2 instances which are publicly exposed and have exploitable vulnerabilities that are connected with remote systems known for malware activities. Malware includes viruses, trojans, worms and other types of malware that affect the popular open-source operating system. The network connectivity with remote systems known for malware activity on a publicly exposed and exploitable instance indicates that the instance could be under attack or already have been compromised. Policy Severity— Critical. |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and botnet activity | Identifies AWS EC2 instances which are publicly exposed and have exploitable vulnerabilities that are connected with remote systems known for botnet activities. A Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection. The network connectivity with remote systems known for botnet activity on a publicly exposed and exploitable instance indicates that the instance could be under attack or already have been compromised. Policy Severity— Critical. |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and cryptominer activity | Identifies AWS EC2 instances which are publicly exposed and have exploitable vulnerabilities that are connected with remote systems known for cryptominer activities. Cryptominer hides on computers or mobile devices to surreptitiously use the machine’s resources to mine cryptocurrencies. The network connectivity with remote systems known for cryptominer activity on a publicly exposed and exploitable instance indicates that the instance could be under attack or already have been compromised. Policy Severity— Critical. |
AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and backdoor activity | Identifies AWS EC2 instances which are publicly exposed and have exploitable vulnerabilities that are connected with remote systems known for backdoor activities. A backdoor allows unauthorized remote access to the instances where the malware is installed while bypassing the authentication mechanisms in place. The network connectivity with remote systems known for backdoor activity on a publicly exposed and exploitable instance indicates that the instance could be under attack or already have been compromised. Policy Severity— Critical. |
Policy Updates
No Policy Updates for 23.4.1.
New Compliance Benchmarks and Updates
COMPLIANCE BENCHMARK | DESCRIPTION |
Support for ISO/IEC 27001:2022 | Prisma Cloud now supports the ISO/IEC 27001:2022 compliance standard. ISO/IEC 27001:2022 provides guidelines for organizational information security standards and information security management practices, including the selection, implementation, and management of controls while taking the organization’s information security risk environment into account. With this support, you can now view this built-in standard and the related policies on Prisma Cloud’s Compliance > Standard page. Additionally, you can generate reports for immediate viewing or download, or you can schedule recurring reports to keep track of this compliance standard over time. |
Changes in Existing Behavior
FEATURE | DESCRIPTION |
Changes to Policy Severity Level First announced in 23.2.1 | Prisma Cloud updated the system default policies to help you identify critical alerts and address them effectively. The policy severity levels for some system default policies are re-aligned to use the newly introduced Critical and Informational severities. Due to this change, the policies have five levels of severity; Critical, High, Medium, Low, and Informational. You can prioritize critical alerts first and then move on to the other levels. For more information, see the updated list of policies.Impact—
This update will not affect the severities of your custom policies or the system default policies for which you have manually changed the severities (custom severity).
Also, if you have included a policy in at least one other alert rule (not based on severity filter) , there will be no change in the alert numbers.If you have any questions, contact your Prisma Cloud Customer Success Representative. |
Update for Google Compute APIs | Prisma Cloud now provides global region support, as well as a backend update to the resource ID for gcloud-compute-url-maps , gcloud-compute-target-http-proxies , and gcloud-compute-target-https-proxies APIs. As a result, all resources for these APIs will be deleted and then regenerated on the management console.Existing alerts corresponding to these resources will be resolved as Resource_Updated, and new alerts will be generated against policy violations if any. Impact —You may notice a reduced alert count. However, once the resources for gcloud-compute-url-maps , gcloud-compute-target-http-proxies , and gcloud-compute-target-https-proxies resume ingesting data, the alert count will return to the original numbers. |
REST API Updates
CHANGE | DESCRIPTION |
New APIs for Onboarding Azure Cloud Accounts | The following new endpoints are now available for the Cloud Accounts API.
|
New APIs for Data Security Onboarding | The following new endpoints are now available for the Data Security Onboarding API.
|