Look Ahead—Planned Updates on Prisma Cloud
Review any deprecation notices and policy changes planned
in the next Prisma Cloud release.
Read this section to learn about what
is planned to be included in the next release. Note that the details
and functionality listed below are a preview and the actual release
date is subject to change.
Policy Updates
The policy updates planned for release in the next release.
Get the JSON file and review the policy changes on GitHub-Policy Updates by Release.
You can also review the changelog.
New Policies and Policy Updates | |
---|---|
New Policies | Azure Container registries Public
access to All networks is enabled Identifies Azure
Container registries that are enabled for Public access to all networks.
|
Azure Function App authentication
is off Identifies Azure Function Apps that have authentication
disabled.
| |
Azure Function App client certificate
is disabled Identifies Azure Function Apps on which client
certificates are disabled.
| |
Azure Function App doesn't have
a Managed Service Identity Identifies Azure Function
Apps which do not have a Managed Service Identity.
| |
Azure Function App doesn't use HTTP
2.0 Identifies Azure Function Apps which does not
use HTTP 2.0.
| |
Azure Function App doesn't use latest
TLS version Identifies Azure Function Apps which do not
use the latest TLS version. | |
Azure Function App doesn't redirect
HTTP to HTTPS Identifies Azure Function Apps which
do not redirect HTTP to HTTPS.
| |
Policy Updates—RQL and Metadata | AWS Default Security Group does
not restrict all traffic This policy description
has been updated. Impact —None. Does not affect any
existing alerts for the policy. |
The following Azure App Service policies have
updated RQL that monitors the Azure webapp only, and excludes Azure
Function apps: Impact —All open alerts for Azure Function
apps that were triggered by these policies will be marked as Resolved .
| |
| |
The following policies have been updated to
remove the em dash — in the description or
recommendation because it caused encoding issues when viewing CSV
files in some text editors.
Impact —None.
Does not affect any existing alerts for the policy. | |
The following policies have updated RQL:
The
RQL is updated to filter out GKE instances and will no longer generate
alerts for GKE instances, for which you cannot configure automated
remediation. Impact Resolved . | |
Deleted Policies | The following policies will be deleted because
the gcloud-api-key has been removed
on the Google Cloud Platform.
Impact Resolved . |
API Ingestion
The following Cloud Service Provider APIs are planned
for ingestion on Prisma Cloud in 21.3.1:
Service | API Details |
---|---|
Azure Active Directory | azure-active-directory-group-members Additional
permissions required:
Grant
these permissions to the Prisma Cloud app that is registered on
Azure Active Directory. |
Azure Active Directory | azure-active-directory-authorization-policy Additional
permissions required:
|
Google Access Context Manager | gcloud-access-policy Additional
permission required:
This
permission is part of the Project Viewer role, and is required to
reduce the error rate for this API on GCP. |
Google Web Security Scanner | gcloud-web-security-scan-config Additional
permission required:
This
permission is a part of the Web Security Scanner Viewer role. |
Google Compute Engine | gcloud-compute-addresses Additional
permission required: This permission is part of the Viewer role. |
Deprecation Notice
Deprecation Notice | |
---|---|
Deprecation Notice—Prisma Cloud CLI | The Prisma Cloud CLI is being deprecated. |
Deprecation Notice—RQL query format | The config where , event where and network where query
format is being deprecated.
To
give you time to get used to the language changes, RQL statements
will work with the older syntax. When creating new queries or saved
searches, use the new query format, because the older syntax will
be removed in a future release. |
Prisma Cloud Public REST APIs for Alerts | Some Alert API request parameters and response
object fields are now deprecated. Query parameter risk.grade is deprecated
for the following requests:
Request body parameter risk.grade is deprecated
for the following requests:
Response object field riskDetail is deprecated
for the following requests:
Response object field risk.grade.options is deprecated
for the following request:
|
Prisma Cloud Public REST APIs for IaC Scan | Version 1 of the IaC Scan REST APIs is deprecated
and will continue to be supported until January 31, 2021. The deprecated
APIs are:
|
Recommended For You
Recommended Videos
Recommended videos not found.