Limited GA Features on Prisma Cloud

Review Prisma Cloud features that have limited generally availability on some stacks for select customers.
Read this section to learn about features that have limited general availability (LGA).
LGA features are not available on all stacks.
Features listed below are subject to change by general availability (GA) release.

LGA Features

FEATURE
DESCRIPTION
Ingestion of AWS DNS Logs from Amazon Kinesis Data Firehose
Available on app, app2, and app3 only
DNS logs provide critical data in detecting threats such as, Cryptomining pools, domain generation algorithms (DGAs), and DNS rebinding. Prisma Cloud fetches DNS logs for accounts that are streamed on Amazon Kinesis Data Firehose in a logging account on AWS.
After you enable DNS log ingestion on Prisma Cloud, all requests made to AWS default DNS resolvers are logged while DNS queries made to external servers or DNS servers not managed by AWS are not logged. Logging is enabled per VPC.
For more details, refer to the AWS DNS Log Ingestion LGA Documentation.
Anomaly Policies for AWS DNS Activity
Available on app, app2, and app3 only
On
Policies
and
Alerts
Overview
, a new
Policy Subtype
for
DNS
displays.
The two new policies that use information in DNS logs for your AWS cloud accounts to detect anomalies are:
  • Cryptomining domain request activity
    —detects when monitored resources attempt to contact a known cryptomining pool using DNS protocol to retrieve the IP address of the cryptominer.
  • DGA domain request activity
    —detects when monitored resources attempt to resolve domain names in which domain names look like they are generated by an algorithm.
When you enable DNS log ingestion, and add the DNS anomaly policies to an alert rule, alerts for DNS anomaly policies are triggered.
These new anomaly policies generate alerts when they detect suspicious domains in DNS queries. With the addition of these policies, you also have the ability to specify a
Domain Name
in an anomaly trusted list to suppress alerts. For the domain names that are added to this trusted list, the DNS anomaly policies will not generate alerts.
Enable Resolved Alert State in Jira Notification Template
In addition to
Open
alert state notifications configured in the notification template, Prisma Cloud integration with Jira now allows you to configure and send notifications for
Resolved
alert states through Jira tickets.
For more details, refer to Integrate Prisma Cloud with Jira.

Recommended For You