Prisma™ Cloud Release Notes
    : Look Ahead—Planned Updates on Prisma Cloud
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Release Notes
    5. Prisma™ Cloud Release Information
    6. Look Ahead—Planned Updates on Prisma Cloud
    Download PDF

    Prisma™ Cloud Release Notes

    Look Ahead—Planned Updates on Prisma Cloud

    Table of Contents

    Look Ahead—Planned Updates on Prisma Cloud

    Review any deprecation notices and policy changes planned in the next Prisma Cloud release.
    Read this section to learn about what is planned in the 23.10.1 release. The Look Ahead announcements are for an upcoming or next release and it is not a cumulative list of all announcements.
    Note that the details and functionality listed below are a preview and the actual release date is subject to change.

    New Policies

    Learn about the new policies and upcoming policy changes for new and existing Prisma Cloud System policies.

    Access the Look Ahead for New Policies

    To learn about the new policies that will be added in the next release:
    1. Find the Prisma Cloud policies folder on GitHub.
      The folder contains RQL based Config, Network, and Audit Event policies in JSON format. View the GitHub repo.
    2. Select the branch for which you want to review policy updates.
      The
      Master
       branch represents rrent Prisma Cloud release that is generally available. You can switch to a previous release or the next release branch, to review the policies that were published previously or are planned for the upcoming release.
      Because Prisma Cloud typically has 2 releases in a month, the release naming convention in GitHub is PCS-<year>.<month>.<release-chronology, 1 or 2>. For example, PCS-23.10.1
    3. Review the updates.
      Use the changelog.md file for a cumulative list of all policies that are added to a specific release. The policies are grouped by new policies and updated policies.
      Use the
      policies
       folder to review the JSON for each policy that is added or updated as listed in the changelog. The filename for each policy matches the policy name listed in the changelog. Within each policy file, the JSON field names are described aptly to help you easily identify the characteristic it represents. The JSON field named searchModel.query provides the RQL for the policy.

    Policy Updates

    FEATURE
    DESCRIPTION
    Policy Updates—RQL
    Azure Activity Log Policies
    Changes—
     The RQL will be updated to ignore the case for the location parameter
    Global
     for the following policies:
    • Policy Name—
       Azure Activity log alert for Delete security solution does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Security/securitySolutions/delete" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Security/securitySolutions/delete" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for delete policy assignment does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.scopes[*] does not contain resourceGroups and properties.enabled equals true and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Authorization/policyAssignments/delete" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.scopes[*] does not contain resourceGroups and properties.enabled equals true and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Authorization/policyAssignments/delete" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Create or update SQL server firewall rule does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Sql/servers/firewallRules/write" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Sql/servers/firewallRules/write" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Create or update security solution does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Security/securitySolutions/write" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Security/securitySolutions/write" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Create policy assignment does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Authorization/policyAssignments/write" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Authorization/policyAssignments/write" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Create or update network security group rule does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/securityRules/write" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/securityRules/write" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Delete SQL server firewall rule does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Sql/servers/firewallRules/delete" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Sql/servers/firewallRules/delete" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Create or update network security group does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/write" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/write" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Delete network security group does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/delete" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/delete" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Update security policy does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Security/policies/write" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Security/policies/write" as X; count(X) less than 1
    • Policy Name—
       Azure Activity log alert for Delete network security group rule does not exist
    Current RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equals Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/securityRules/delete" as X; count(X) less than 1
    Updated RQL—
    config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-activity-log-alerts' AND json.rule = "location equal ignore case Global and properties.enabled equals true and properties.scopes[*] does not contain resourceGroups and properties.condition.allOf[?(@.field=='operationName')].equals equals Microsoft.Network/networkSecurityGroups/securityRules/delete" as X; count(X) less than 1
    Severity—
     Informational
    Policy Type—
     Config
    Impact—
     Medium. Existing alerts will be resolved as "Policy_Updated" and new alerts will be created.
    Policy Deletions
    AWS EC2 instance publicly exposed with critical/high exploitable vulnerabilities and port scan activity
    This policy will be deleted from Prisma Cloud.
    Severity—
     Critical
    Policy Type—
     Attack Path
    Impact—
     High. Previously generated alerts will be resolved as
    Policy_Deleted
    .

    API Ingestions

    SERVICE
    API DETAILS
    AWS Budgets
    aws-budgets-budget
    Additional permission required:
    • budgets:ViewBudget
    You must manually add or update the CFT template to enable the permission.
    Amazon EC2
    aws-ec2-launch-template
    Additional permissions required:
    • ec2:DescribeLaunchTemplates
    • ec2:DescribeLaunchTemplateVersions
    The Security Audit role includes the permissions.
    AWS Well-Architected Tool
    aws-well-architected-tool-workload
    Additional permission required:
    • wellarchitected:GetWorkload
    • wellarchitected:ListWorkloads
    You must manually add or update the CFT template to enable the permission.
    Azure CDN
    azure-frontdoor-standardpremium-afd-endpoints
    Additional permissions required:
    • Microsoft.Cdn/profiles/read
    • Microsoft.Cdn/profiles/afdendpoints/read
    The Reader role includes the permissions.
    Azure DNS
    azure-dns-privatedns-zones
    Additional permission required:
    • Microsoft.Network/privateDnsZones/read
    The Reader role includes the permission.
    Google Certificate Manager
    gcloud-certificate-manager-certificate
    Additional permissions required:
    • certificatemanager.locations.list
    • certificatemanager.certs.list
    The Viewer role includes the permissions.
    This API will not provide the details of CLASSIC Certificates under Google Cloud Certificate Manager.
    Google Certificate Manager
    gcloud-certificate-manager-dns-authorization
    Additional permissions required:
    • certificatemanager.locations.list
    • certificatemanager.dnsauthorizations.list
    The Viewer role includes the permissions.
    Google Certificate Manager
    gcloud-certificate-manager-certificate-issuance-config
    Additional permission required:
    • certificatemanager.certissuanceconfigs.list
    The Viewer role includes the permission.
    Google Certificate Manager
    gcloud-certificate-manager-certificate-map
    Additional permission required:
    • certificatemanager.certmaps.list
    The Viewer role includes the permission.
    OCI Cloud Guard
    oci-cloudguard-detector-recipe
    Additional permission required:
    • CG_DETECTOR_RECIPE_INSPECT,CG_DETECTOR_RECIPE_READ
    You must update the Terraform template to enable the permission.

    Deprecation Notices

    Deprecated Endpoints or Parameters
    Deprecated Release
    Sunset Release
    Replacement Endpoints
    Prisma Cloud CSPM REST API for Cloud Accounts
    The following endpoints are deprecated for the AWS, GCP, and Azure cloud types:
    You can continue to use the above endpoints for the Alibaba and OCI cloud accounts.
    23.6.1
    23.10.2
    Prisma Cloud CSPM REST API for Resources
    23.9.1
    23.10.1
    Prisma Cloud CSPM REST API for Resources
    23.9.2
    24.1.1
    End of Life (EOL) for Prisma Cloud Microsegmentation in 24.1.2
    -
    24.1.2
    The Prisma Cloud Microsegmentation module was announced as End-of-Sale effective 31 August 2022. As of the 24.1.2 release planned in end January 2024, the subscription is going End of Life and will be no longer available for use.
    In preparation for the EoL, make sure to uninstall all instances of the Enforcer, the Microsegmentation agent deployed in your environment, as these agents will no longer enforce any security policies on traffic on or across your hosts.
    Date Filter Support
    23.10.2
    -
    The Date filter is being deprecated on
    Inventory
    Assets
    ,
    Asset Explorer
    , and
    Compliance
    Overview
    .
    With the 23.10.2 release, the date filter will no longer be supported. With this change, links in Compliance reports that were generated before 23.10.2 will be removed.
    Data Dashboard
    23.10.2
    -
    The Data Dashboard is being deprecated on
    Dashboards
    Data
    .
    With the 23.10.2 release, the widgets in the
    Data dashboard
     will be available in a custom dashboard. To view the Data Security information, you will be able to create a custom dashboard and add the data security widgets.
    Prisma Cloud CSPM REST API for Alerts
    Some Alert API request parameters and response object properties are now deprecated.
    Query parameter
    risk.grade
     is deprecated for the following requests:
    • GET /alert
    • GET /v2/alert
    • GET /alert/policy
    Request body parameter
    risk.grade
     is deprecated for the following requests:
    • POST /alert
    • POST /v2/alert
    • POST /alert/policy
    Response object property
    riskDetail
     is deprecated for the following requests:
    • GET /alert
    • POST /alert
    • GET /alert/policy
    • POST /alert/policy
    • GET /alert/{id}
    • GET /v2/alert
    • POST /v2/alert
    Response object property
    risk.grade.options
     is deprecated for the following request:
    • GET /filter/alert/suggest
    -
    -
    NA

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.