Prisma™ Cloud Known Issues

Review the list of known issues and deprecation notice on Prisma Cloud.
The following table lists the known issues on Prisma Cloud:
Issue ID
April 21, 2020—Deprecation Notice
The ability to view all the alert rules associated with alerts aggregated by policy name on
View Alert Rules
will be deprecated in an upcoming release. The ability to view the alert rules for each alert will continue to be available.
May 19, 2020—Jira Cloud API deprecation
Jira Cloud has deprecated some APIs to improve user privacy, and this causes an error if your notification template on Prisma Cloud uses fields that invoke these deprecated APIs. When the error occurs, Prisma Cloud is unable to send alert notifications to Jira.
: To fix this issue, you must add a new notification template on Prisma Cloud and attach the new template to your alert rule.
April 21, 2020—Fix that causes a change in existing behavior.
When you add a cloud account using the API, it is in a disabled state by default. To enable the cloud account you must set the
parameter in the API to
Dashboard widgets don't load for a large data set where the time window is also large.
APIs now run once every 24 hours to generate alerts. If you have cloud accounts with a significant amount of ECS/EMR resources, the resource status is updated once a day.
Fixed in the May 19, 2020 release
if your permissions restrict your ability to dismiss alerts, an internal error message displays when you access the page.
With this fix, the error message no longer displays.
Fixed in the May 19, 2020 release
Azure cloud accounts are not getting ingested completely as REST API calls fail ingestion.
This fix ensures that azure cloud accounts do not fail because of a client connection pool shutdown error.
Fixed in the May 5, 2020 release
A system administrator can update/enable
Allow Compute Access Only
for his own role even when he is the only system administrator on Prisma Cloud. This locks the administrator out from accessing the full features and capabilities available on Prisma Cloud.
With this fix, there is a check to ensure that at least one system administrator on Prisma Cloud has access to all the available features and capabilities.
On the
page, the
Policy Subtype
filter does not work as expected, and the results for the build and run policies are not filtered properly.
Fixed in the May 19, 2020 release
Renamed the column header in the network metadata widget from
Host has Responded
If you create a custom policy where the Config RQL query uses the attribute
json.rule = "" as x
such as
config where = 'aws-ec2-describe-vpcs' AND json.rule = shared is false as X;
, the alerts generated against this policy do not match the results when you enter the same query on the
—Use filters in RQL when creating a custom policy. For example, if you have
config where = 'aws-ec2-describe-vpcs' AND json.rule = shared is false as X; config where = 'aws-ec2-describe-flow-logs' as Y; filter '($.X.vpcId equals $.Y.resourceId)'; show X
you must replace it with
config where = 'aws-ec2-describe-vpcs' as X; config where = 'aws-ec2-describe-flow-logs' as Y; filter '($.X.vpcId equals $.Y.resourceId) and ($.X.shared equals false)'; show X
Fixed in the May 5, 2020 release
The list of CLI Variables that are displayed as available for creating or cloning a policy is incorrect.
With this fix, the list displays only the variables that are available for use.
Fixed in the May 5, 2020 release
When a policy is associated with a custom compliance, the customAssigned flag in the response from /policy API is not correct.
With this fix, the customAssigned flag for /policy API is correct.
Fixed in the May 5, 2020 release
On, if you add a GCP Organization and then disable it on the administrator console, when you enable it again the exception
Organization viewer permission required
Fixed in the May 19, 2020 release
When you add the same display name as the name of the ServiceNow field name, the Prisma Cloud administrative console did not display the field name.
With this fix, if the display names and fieldname are identical, it is displayed in the format displayname (fieldname).
Fixed in the May 5, 2020 release
A security issue related to password reset functionality in Prisma cloud has been addressed in this release
Fixed in the May 5, 2020 release
Weekly notification alert emails are not generated consistently.
With this fix, the exceptions are addressed to ensure that scheduled weekly alerts emails are generated.
Fixed in the May 5, 2020 release
Addressed a security issue related to cloud account access keys.
Fixed in the May 19, 2020 release
When onboarding or modifying a Cloud Account, filtering cloud accounts in the Account Groups section does not work properly.
With this fix, the filtering works to include or exclude all child nodes.
Fixed in the May 19, 2020 release
API reports duplicates for shared AMIs.
With this fix, a shared AMI is reported only once and it adds a new metadata attribute
“share"”: true/false
to indicate whether the AMI is shared from other AWS account and is not a public AMI.
Fixed in the May 5, 2020 release
When you snooze an alert triggered against configuration policies on Prisma Cloud, the issue remains open after the snooze period even if the underlying issue is addressed on the cloud resource.
With this fix, when the snooze period expires for an alert, the resource will be rescanned to determine if the underlying issue that triggered the alert is addressed. It the issue is addressed, the alert is resolved.
Fixed in the May 19, 2020 release
The Network policy
Internet exposed instances
generates false positive alerts because it includes Azure NAT/ELB and GCP NAT/ELB workloads that are internet-facing workloads, by design.
With this fix, the policy is modified for AWS only and is renamed as
AWS Internet exposed instances
. The policy now identifies AWS workloads that are exposed to the internet and are a potential misconfiguration, and it excludes AWS workloads that are designed to be internet- facing workloads such as load balancers, web servers, and bastion hosts.
Fixed in the May 5, 2020 release
column header is renamed as
Ingestion Enabled
Cloud Accounts
The 24 New Policies that were added with the February 26, 2020 release have been disabled because of false positives and are being investigated.
Fixed in the May 19, 2020 release
After you remove an account from an alert rule, alerts remain in an open state for the account.
With the fix, when you remove an account from an alert rule, Prisma Cloud stops generating alerts for the account your removed.
The edit workflow for updating a cloud account that you have onboarded to Prisma Cloud (
Cloud Accounts
), does not work as expected.
When you enable Dataflow compression for a cloud account, the subnetwork creation status may display a failure message on the onboarding status page. This error displays because the time threshold to create the subnetwork and report completion exceeds the response time threshold on Prisma Cloud.
—Click to the previous page and click next to load the status page again.
Fixed in the May 19, 2020 release
After 24 hours, deleted cloud account resources are still visible on
page.With this fix, deleted cloud account resources do not display on the
page after 24 hours.
If you have the maximum number of VPCs (5) already created in the project and then you enable flowlog compression, the onboarding fails because Prisma Cloud is unable to add the network needed to enable Dataflow compression. When this happens the remediation steps in the message that displays is incorrect.
Fixed in the May 5, 2020 release
Flow log status message is updated to include the reason when it reports a warning, and you need to check the status on the AWS console.
The integration status check for Jira displays as yellow instead of red even if the integration is misconfigured.

Recommended For You