diff --git a/.hlxignore b/.hlxignore index 7d46a8024c..e25e637ec8 100644 --- a/.hlxignore +++ b/.hlxignore @@ -7,7 +7,8 @@ package.json package-lock.json test/* worker/* -docs/* +docs/**/* !docs/sitemaps +!docs/sitemaps/**/* bin/* *.toml diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e828c53fb..8507c0660b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## [1.0.63](https://github.com/hlxsites/prisma-cloud-docs/compare/v1.0.62...v1.0.63) (2023-12-11) + + +### Bug Fixes + +* update Compute Edition 32 RN book ([54be815](https://github.com/hlxsites/prisma-cloud-docs/commit/54be815907ffea50536e60a3e6a43b6dbe3dfedd)) + +## [1.0.62](https://github.com/hlxsites/prisma-cloud-docs/compare/v1.0.61...v1.0.62) (2023-12-07) + + +### Bug Fixes + +* add Compute Edition 32 books ([14eccee](https://github.com/hlxsites/prisma-cloud-docs/commit/14ecceec5a92d93f90c7ee068a6ffbd20d7f77c3)) + ## [1.0.61](https://github.com/hlxsites/prisma-cloud-docs/compare/v1.0.60...v1.0.61) (2023-10-17) diff --git a/docs/api/_build/src/enrich_spec_saas.py b/docs/api/_build/src/enrich_spec_saas.py new file mode 100644 index 0000000000..8d3a727b38 --- /dev/null +++ b/docs/api/_build/src/enrich_spec_saas.py @@ -0,0 +1,450 @@ +import argparse +import json +import os +import os.path +import pathlib +import re +import yaml +from yaml.representer import Representer + +FIXUPS = ( + ("A P I", "API"), + ("App Embedded", "App-Embedded"), + ("C I", "CI"), + ("C L I", "CLI"), + ("C V E", "CVE"), + ("Ecs", "ECS"), + ("H T T P", "HTTP"), + ("I Ds", "IDs"), + ("Ia C", "IaC"), + ("T A S", "TAS"), + ("U R L", "URL"), + ("V M", "VM"), + ("V Ms", "VMs"), + ("Wild Fire", "WildFire"), + ("X S O A R", "XSOAR") +) + +# Record that holds all command line params. +# spec - OpenAPI JSON +# topic_map - Topic map YAML +# local - How to reference external markdown files (local = relative link on local file system, otherwise HTTPS to GitHub) +class Config: + pass + + +def load_spec(f): + """ + Read the OpenAPI JSON spec + """ + with open(f, "r") as stream: + try: + data = json.load(stream) + except ValueError as e: + print('Error: invalid JSON: %s' % e) + sys.exit(1) + + return data + + +def load_topic_map(f): + """ + Read the topic map, which is in YAML format. + If the file cannot be parsed, exit the program and return 1. + If the file contains !include references to non-existent files, exit the program and return 1. + """ + with open(f, "r") as stream: + try: + data = yaml.load(stream, Loader=yaml.FullLoader) + except yaml.YAMLError as e: + print(f'Error loading {f}: Invalid YAML. {e}') + sys.exit(1) + except OSError as e: + print('Error loading {f}: {e}') + sys.exit(1) + + return data + + +def enrich_spec(config): + + add_api_desc(config) + add_endpoint_operation_id(config.spec) + add_endpoint_summary(config) + add_resource_desc(config) + add_endpoint_desc(config) + + +def add_api_desc(config): + """ + Link to the markdown file for API intro. + """ + spec = config.spec + + spec['info']['description'] = {} + if config.local: + spec['info']['description']['$ref'] = "../descriptions/intro.md" + else: + spec['info']['description']['$ref'] = f"https://raw.githubusercontent.com/hlxsites/prisma-cloud-docs/{config.branch}/docs/api/descriptions/intro.md" + + +def add_resource_desc(config): + """ + Link to markdown file for top-level resource description. + """ + spec = config.spec + topic_map = config.topic_map + + # "tags" are an array, not a dict. + # https://realpython.com/python-enumerate/ + for i, tag in enumerate(spec['tags']): + resource = tag_to_resource(tag) + link = get_resource_desc_link(config, resource) + if link: + spec['tags'][i]['description'] = {} + spec['tags'][i]['description']['$ref'] = link + else: + print(f'WARNING: No top-level desc for {resource}') + +def tag_to_resource(tag): + """ + Convert tag to a key that can used to lookup the resource in the topic_map + """ + return f"/{tag['name'].lower()}" + + +def get_resource_desc_link(config, resource): + + desc = lookup_resource_attr(config.topic_map, resource, 'description') + if desc: + link = desc.get_link(config) + #print(f"FOUND desc for {resource}") + #print(f"LINK = {link}") + else: + link = None + + return link + + +def add_endpoint_desc(config): + """ + Link to markdown file that contains each endpoint's description. + """ + spec = config.spec + topic_map = config.topic_map + + for route in spec['paths']: + for method in spec['paths'][route]: + desc = lookup_endpoint_attr(topic_map, route, method, 'description') + if desc: + spec['paths'][route][method]['description'] = {} + spec['paths'][route][method]['description']['$ref'] = desc.get_link(config) + #print(f"FOUND desc for {method}{route}") + #print(f"LINK = {desc.get_link(config)}") + else: + print(f'WARNING: No endpoint desc for {method.upper()} {route}') + + + +def add_endpoint_summary(config): + """ + Get the summary from the topic map and add it to the spec. + """ + spec = config.spec + topic_map = config.topic_map + + for route in spec["paths"]: + for method in spec["paths"][route]: + summary = lookup_summary(topic_map, route, method) + if summary: + # print(f'FOUND summary for {route} {method}') + spec["paths"][route][method]["summary"] = summary + else: + # print(f"No summary in topic map for {route} {method}") + summary = get_summary_from_desc(spec["paths"][route][method]['description']) + spec["paths"][route][method]["summary"] = summary + # print(f"Derived summary = {summary}") + + +def get_summary_from_desc(desc): + + words = desc.split() + if len(words) >= 1: + desc_str = re.split('(?=[A-Z])', words[0]) + desc_str = " ".join(desc_str) + desc_str = fixup(desc_str) + else: + desc_str = "TODO" + + return desc_str + + +def fixup(desc): + + for substr in FIXUPS: + if substr[0] in desc: + desc = desc.replace(substr[0], substr[1]) + #print(f"desc2 = {desc2}") + break + + return desc + + +def lookup_summary(topic_map, route, method): + """ + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + /subresource: + """ + # Debug + print(f"Look up summary for {method} {route}") + + route_key1 = None + route_key2 = None + + parts = route.split('/') + + if len(parts) >= 4: + route_key1 = '/' + route_key1 += parts[3] + #print(f"route_key1 = {route_key1}") + + if len(parts) > 4: + route_key2 = '' + for part in parts[4:]: + route_key2 += '/' + route_key2 += part + #print(f"route_key2 = {route_key2}") + + if route_key1 and not route_key2: + if route_key1 in topic_map: + if method in topic_map[route_key1]: + if 'summary' in topic_map[route_key1][method]: + return topic_map[route_key1][method]["summary"] + + if route_key1 and route_key2: + if route_key1 in topic_map: + if route_key2 in topic_map[route_key1]: + if method in topic_map[route_key1][route_key2]: + if 'summary' in topic_map[route_key1][route_key2][method]: + return topic_map[route_key1][route_key2][method]["summary"] + + return None + + + +def lookup_resource_attr(topic_map, resource, key): + """ + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + displayName: + description: + /subresource: + """ + if resource in topic_map: + if key in topic_map[resource]: + return topic_map[resource][key] + + return None + + +def lookup_endpoint_attr(topic_map, route, method, key): + """ + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + /subresource: + """ + route_key1, route_key2 = get_route_keys(route) + + if route_key1 and not route_key2: + if route_key1 in topic_map: + if method in topic_map[route_key1]: + if key in topic_map[route_key1][method]: + return topic_map[route_key1][method][key] + + if route_key1 and route_key2: + if route_key1 in topic_map: + if route_key2 in topic_map[route_key1]: + if method in topic_map[route_key1][route_key2]: + if key in topic_map[route_key1][route_key2][method]: + return topic_map[route_key1][route_key2][method][key] + + return None + + +def get_route_keys(route): + """ + Extract the keys required to lookup an endpoint in _topic_map.yml. + + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + /subresource: + /subresource/subresource: + /subresource/subresource/subresource: + """ + key1 = None + key2 = None + + parts = route.split('/') + + if len(parts) >= 4: + key1 = '/' + key1 += parts[3] + + if len(parts) > 4: + key2 = '' + for part in parts[4:]: + key2 += '/' + key2 += part + + return (key1, key2) + + +def add_endpoint_operation_id(spec): + + for route in spec["paths"]: + for method in spec["paths"][route]: + op_id = '-' + parts = route.split('/') + op_id = op_id.join(parts[3:]) + mapping = op_id.maketrans({'{': None, '}': None}) + op_id = op_id.translate(mapping) + spec["paths"][route][method]["operationId"] = f"{method}-{op_id}" + + +def add_endpoint_operation_id2(spec): + + count = 0 + for route in spec["paths"]: + for method in spec["paths"][route]: + spec["paths"][route][method]["operationId"] = f"{count}" + count += 1 + + +def output_spec(spec): + """ + Write the enriched spec to a file. + """ + with open("openapi_enriched_saas.json", "w") as outfile: + json.dump(spec, outfile, indent=2) + + +def include_constructor(loader, node): + value = loader.construct_scalar(node) + return IncludeFile(value) + + +# When the YAML deserializer encounters the !include tag, we encode it in this class. +# The path attribute is validated in __init__ to catch authoring errors in _topic_map.yml. +# When hand editing YAML it's easy to make mistakes, so we're being aggressive about catching and reporting +# issues. +# +# Nice discussion about the options for validating attributes in __init__. +# https://mail.python.org/pipermail/python-list/2009-December/562185.html +class IncludeFile(object): + def __init__(self, path): + print(path) + self.path = path + if not self.validate(path): + raise OSError(errno.ENOENT, os.strerror(errno.ENOENT), path) + + def __repr__(self): + return f"IncludeFile({self.path})" + + def validate(self, path): + return os.path.isfile(self.path) + + def get_link(self, config): + if config.local: + link = self.path + else: + p = pathlib.PurePosixPath(self.path) + rel_p = p.relative_to('../') + link = f"https://raw.githubusercontent.com/hlxsites/prisma-cloud-docs/{config.branch}/docs/api/{rel_p}" + return link + + def append_role(self, role): + self.modify_file() + with open(self.path, "a") as stream: + stream.write('\n') + stream.write('\n') + stream.write('### Role') + stream.write('\n') + stream.write('Minimum role required to access this endpoint: %s.' % role) + + def modify_file(self): + """ + If this script modifies a git-versioned file, then it: + * Creates a temporary working copy of the file where modifications can be made. + Modified files are kept in repo/_build/tmp/. + * Updates the path to point to the temp working copy. + * The intermediate files under repo/_build/tmp/ are ignored with .gitignore. + """ + # Get the path to the !include file relative to the root of this repo. + # This Python script runs in repo/_build/. + tmp_path = os.path.relpath(self.path, '..') + tmp_path = os.path.join('tmp', tmp_path) + # print('tmp path: %s' % tmp_path) + + # Does the dir exist already under tmp/? + # If not, create it. + dirname = os.path.dirname(tmp_path) + if os.path.exists(dirname) == False: + print('new dir name: %s' % dirname) + os.makedirs(dirname) + + # Copy the file to tmp/ + shutil.copy2(self.path, dirname) + + # Update self.path + self.path = tmp_path + + +def main(): + """ + Read the OpenAPI spec file and enrich it. + Print the result to a file. + """ + parser = argparse.ArgumentParser(description='Enrich basic OpenAPI spec for publication on pan.dev.') + parser.add_argument('spec', type=str, help='Path to OpenAPI spec') + parser.add_argument('topic_map', type=str, help='Path to _topic_map.yml') + parser.add_argument('--branch', help='Specify the branch from which to retrieve API endpoint descriptions (default: master)') + parser.add_argument('--local', action='store_true', help='Build for testing locally with redoc-cli') + args = parser.parse_args() + + config = Config() + + # Specify how to process RAML's !include application-specific tag. + # See: https://pyyaml.org/wiki/PyYAMLDocumentation + # See: https://stackoverflow.com/questions/43058050/creating-custom-tag-in-pyyaml + yaml.add_constructor(u'!include', include_constructor) + + # Read the OpenAPI spec file. + config.spec = load_spec(args.spec) + + # Read _topic_map.yml + config.topic_map = load_topic_map(args.topic_map) + + # Get the branch from which to retrieve API endpoint descriptions + if args.branch: + config.branch = args.branch + else: + config.branch = 'master' + + # Enrich OpenAPI spec for local testing or publication on pan.dev. + if args.local: + config.local = args.local + else: + config.local = False + + enrich_spec(config) + + output_spec(config.spec) + + +if __name__ == '__main__': + main() diff --git a/docs/api/_build/src/enrich_spec_sh.py b/docs/api/_build/src/enrich_spec_sh.py new file mode 100644 index 0000000000..27e6453352 --- /dev/null +++ b/docs/api/_build/src/enrich_spec_sh.py @@ -0,0 +1,450 @@ +import argparse +import json +import os +import os.path +import pathlib +import re +import yaml +from yaml.representer import Representer + +FIXUPS = ( + ("A P I", "API"), + ("App Embedded", "App-Embedded"), + ("C I", "CI"), + ("C L I", "CLI"), + ("C V E", "CVE"), + ("Ecs", "ECS"), + ("H T T P", "HTTP"), + ("I Ds", "IDs"), + ("Ia C", "IaC"), + ("T A S", "TAS"), + ("U R L", "URL"), + ("V M", "VM"), + ("V Ms", "VMs"), + ("Wild Fire", "WildFire"), + ("X S O A R", "XSOAR") +) + +# Record that holds all command line params. +# spec - OpenAPI JSON +# topic_map - Topic map YAML +# local - How to reference external markdown files (local = relative link on local file system, otherwise HTTPS to GitHub) +class Config: + pass + + +def load_spec(f): + """ + Read the OpenAPI JSON spec + """ + with open(f, "r") as stream: + try: + data = json.load(stream) + except ValueError as e: + print('Error: invalid JSON: %s' % e) + sys.exit(1) + + return data + + +def load_topic_map(f): + """ + Read the topic map, which is in YAML format. + If the file cannot be parsed, exit the program and return 1. + If the file contains !include references to non-existent files, exit the program and return 1. + """ + with open(f, "r") as stream: + try: + data = yaml.load(stream, Loader=yaml.FullLoader) + except yaml.YAMLError as e: + print(f'Error loading {f}: Invalid YAML. {e}') + sys.exit(1) + except OSError as e: + print('Error loading {f}: {e}') + sys.exit(1) + + return data + + +def enrich_spec(config): + + add_api_desc(config) + add_endpoint_operation_id(config.spec) + add_endpoint_summary(config) + add_resource_desc(config) + add_endpoint_desc(config) + + +def add_api_desc(config): + """ + Link to the markdown file for API intro. + """ + spec = config.spec + + spec['info']['description'] = {} + if config.local: + spec['info']['description']['$ref'] = "../descriptions/intro.md" + else: + spec['info']['description']['$ref'] = f"https://raw.githubusercontent.com/hlxsites/prisma-cloud-docs/{config.branch}/docs/api/descriptions/intro.md" + + +def add_resource_desc(config): + """ + Link to markdown file for top-level resource description. + """ + spec = config.spec + topic_map = config.topic_map + + # "tags" are an array, not a dict. + # https://realpython.com/python-enumerate/ + for i, tag in enumerate(spec['tags']): + resource = tag_to_resource(tag) + link = get_resource_desc_link(config, resource) + if link: + spec['tags'][i]['description'] = {} + spec['tags'][i]['description']['$ref'] = link + else: + print(f'WARNING: No top-level desc for {resource}') + +def tag_to_resource(tag): + """ + Convert tag to a key that can used to lookup the resource in the topic_map + """ + return f"/{tag['name'].lower()}" + + +def get_resource_desc_link(config, resource): + + desc = lookup_resource_attr(config.topic_map, resource, 'description') + if desc: + link = desc.get_link(config) + #print(f"FOUND desc for {resource}") + #print(f"LINK = {link}") + else: + link = None + + return link + + +def add_endpoint_desc(config): + """ + Link to markdown file that contains each endpoint's description. + """ + spec = config.spec + topic_map = config.topic_map + + for route in spec['paths']: + for method in spec['paths'][route]: + desc = lookup_endpoint_attr(topic_map, route, method, 'description') + if desc: + spec['paths'][route][method]['description'] = {} + spec['paths'][route][method]['description']['$ref'] = desc.get_link(config) + #print(f"FOUND desc for {method}{route}") + #print(f"LINK = {desc.get_link(config)}") + else: + print(f'WARNING: No endpoint desc for {method.upper()} {route}') + + + +def add_endpoint_summary(config): + """ + Get the summary from the topic map and add it to the spec. + """ + spec = config.spec + topic_map = config.topic_map + + for route in spec["paths"]: + for method in spec["paths"][route]: + summary = lookup_summary(topic_map, route, method) + if summary: + # print(f'FOUND summary for {route} {method}') + spec["paths"][route][method]["summary"] = summary + else: + # print(f"No summary in topic map for {route} {method}") + summary = get_summary_from_desc(spec["paths"][route][method]['description']) + spec["paths"][route][method]["summary"] = summary + # print(f"Derived summary = {summary}") + + +def get_summary_from_desc(desc): + + words = desc.split() + if len(words) >= 1: + desc_str = re.split('(?=[A-Z])', words[0]) + desc_str = " ".join(desc_str) + desc_str = fixup(desc_str) + else: + desc_str = "TODO" + + return desc_str + + +def fixup(desc): + + for substr in FIXUPS: + if substr[0] in desc: + desc = desc.replace(substr[0], substr[1]) + #print(f"desc2 = {desc2}") + break + + return desc + + +def lookup_summary(topic_map, route, method): + """ + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + /subresource: + """ + # Debug + print(f"Look up summary for {method} {route}") + + route_key1 = None + route_key2 = None + + parts = route.split('/') + + if len(parts) >= 4: + route_key1 = '/' + route_key1 += parts[3] + #print(f"route_key1 = {route_key1}") + + if len(parts) > 4: + route_key2 = '' + for part in parts[4:]: + route_key2 += '/' + route_key2 += part + #print(f"route_key2 = {route_key2}") + + if route_key1 and not route_key2: + if route_key1 in topic_map: + if method in topic_map[route_key1]: + if 'summary' in topic_map[route_key1][method]: + return topic_map[route_key1][method]["summary"] + + if route_key1 and route_key2: + if route_key1 in topic_map: + if route_key2 in topic_map[route_key1]: + if method in topic_map[route_key1][route_key2]: + if 'summary' in topic_map[route_key1][route_key2][method]: + return topic_map[route_key1][route_key2][method]["summary"] + + return None + + + +def lookup_resource_attr(topic_map, resource, key): + """ + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + displayName: + description: + /subresource: + """ + if resource in topic_map: + if key in topic_map[resource]: + return topic_map[resource][key] + + return None + + +def lookup_endpoint_attr(topic_map, route, method, key): + """ + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + /subresource: + """ + route_key1, route_key2 = get_route_keys(route) + + if route_key1 and not route_key2: + if route_key1 in topic_map: + if method in topic_map[route_key1]: + if key in topic_map[route_key1][method]: + return topic_map[route_key1][method][key] + + if route_key1 and route_key2: + if route_key1 in topic_map: + if route_key2 in topic_map[route_key1]: + if method in topic_map[route_key1][route_key2]: + if key in topic_map[route_key1][route_key2][method]: + return topic_map[route_key1][route_key2][method][key] + + return None + + +def get_route_keys(route): + """ + Extract the keys required to lookup an endpoint in _topic_map.yml. + + In the OpenAPI spec file, route has the following format: /api/v1/resource/subresource/subresource. + In the topic map, routes are shorter, and keyed as follows: + /resource: + /subresource: + /subresource/subresource: + /subresource/subresource/subresource: + """ + key1 = None + key2 = None + + parts = route.split('/') + + if len(parts) >= 4: + key1 = '/' + key1 += parts[3] + + if len(parts) > 4: + key2 = '' + for part in parts[4:]: + key2 += '/' + key2 += part + + return (key1, key2) + + +def add_endpoint_operation_id(spec): + + for route in spec["paths"]: + for method in spec["paths"][route]: + op_id = '-' + parts = route.split('/') + op_id = op_id.join(parts[3:]) + mapping = op_id.maketrans({'{': None, '}': None}) + op_id = op_id.translate(mapping) + spec["paths"][route][method]["operationId"] = f"{method}-{op_id}" + + +def add_endpoint_operation_id2(spec): + + count = 0 + for route in spec["paths"]: + for method in spec["paths"][route]: + spec["paths"][route][method]["operationId"] = f"{count}" + count += 1 + + +def output_spec(spec): + """ + Write the enriched spec to a file. + """ + with open("openapi_enriched_sh.json", "w") as outfile: + json.dump(spec, outfile, indent=2) + + +def include_constructor(loader, node): + value = loader.construct_scalar(node) + return IncludeFile(value) + + +# When the YAML deserializer encounters the !include tag, we encode it in this class. +# The path attribute is validated in __init__ to catch authoring errors in _topic_map.yml. +# When hand editing YAML it's easy to make mistakes, so we're being aggressive about catching and reporting +# issues. +# +# Nice discussion about the options for validating attributes in __init__. +# https://mail.python.org/pipermail/python-list/2009-December/562185.html +class IncludeFile(object): + def __init__(self, path): + print(path) + self.path = path + if not self.validate(path): + raise OSError(errno.ENOENT, os.strerror(errno.ENOENT), path) + + def __repr__(self): + return f"IncludeFile({self.path})" + + def validate(self, path): + return os.path.isfile(self.path) + + def get_link(self, config): + if config.local: + link = self.path + else: + p = pathlib.PurePosixPath(self.path) + rel_p = p.relative_to('../') + link = f"https://raw.githubusercontent.com/hlxsites/prisma-cloud-docs/{config.branch}/docs/api/{rel_p}" + return link + + def append_role(self, role): + self.modify_file() + with open(self.path, "a") as stream: + stream.write('\n') + stream.write('\n') + stream.write('### Role') + stream.write('\n') + stream.write('Minimum role required to access this endpoint: %s.' % role) + + def modify_file(self): + """ + If this script modifies a git-versioned file, then it: + * Creates a temporary working copy of the file where modifications can be made. + Modified files are kept in repo/_build/tmp/. + * Updates the path to point to the temp working copy. + * The intermediate files under repo/_build/tmp/ are ignored with .gitignore. + """ + # Get the path to the !include file relative to the root of this repo. + # This Python script runs in repo/_build/. + tmp_path = os.path.relpath(self.path, '..') + tmp_path = os.path.join('tmp', tmp_path) + # print('tmp path: %s' % tmp_path) + + # Does the dir exist already under tmp/? + # If not, create it. + dirname = os.path.dirname(tmp_path) + if os.path.exists(dirname) == False: + print('new dir name: %s' % dirname) + os.makedirs(dirname) + + # Copy the file to tmp/ + shutil.copy2(self.path, dirname) + + # Update self.path + self.path = tmp_path + + +def main(): + """ + Read the OpenAPI spec file and enrich it. + Print the result to a file. + """ + parser = argparse.ArgumentParser(description='Enrich basic OpenAPI spec for publication on pan.dev.') + parser.add_argument('spec', type=str, help='Path to OpenAPI spec') + parser.add_argument('topic_map', type=str, help='Path to _topic_map.yml') + parser.add_argument('--branch', help='Specify the branch from which to retrieve API endpoint descriptions (default: master)') + parser.add_argument('--local', action='store_true', help='Build for testing locally with redoc-cli') + args = parser.parse_args() + + config = Config() + + # Specify how to process RAML's !include application-specific tag. + # See: https://pyyaml.org/wiki/PyYAMLDocumentation + # See: https://stackoverflow.com/questions/43058050/creating-custom-tag-in-pyyaml + yaml.add_constructor(u'!include', include_constructor) + + # Read the OpenAPI spec file. + config.spec = load_spec(args.spec) + + # Read _topic_map.yml + config.topic_map = load_topic_map(args.topic_map) + + # Get the branch from which to retrieve API endpoint descriptions + if args.branch: + config.branch = args.branch + else: + config.branch = 'master' + + # Enrich OpenAPI spec for local testing or publication on pan.dev. + if args.local: + config.local = args.local + else: + config.local = False + + enrich_spec(config) + + output_spec(config.spec) + + +if __name__ == '__main__': + main() diff --git a/docs/api/_build/src/gen_supported_spec_sh.py b/docs/api/_build/src/gen_supported_spec_sh.py new file mode 100644 index 0000000000..e20f38e037 --- /dev/null +++ b/docs/api/_build/src/gen_supported_spec_sh.py @@ -0,0 +1,233 @@ +import argparse +import sys +import collections +from contextlib import suppress +import copy +from dataclasses import dataclass +import json +import pathlib +import re + + +# Constants +COMMA = "," + +METHODS = [ + 'get', 'head', 'post', 'put', 'delete', + 'connect', 'options', 'trace', 'patch' +] + + +# Command line arguments +@dataclass() +class Config: + spec: dict + inclusions: list + exclusions: list + + def __post_init__(self): + """Evaluate wildcards in the list of inclusions and exclusions""" + version = self.spec['info']['version'] + major, minor, *other = version.split('.') + v = f"{major}.{minor}" + + self._replace_wildcard(self.inclusions, v) + self._replace_wildcard(self.exclusions, v) + + def _replace_wildcard(self, eps, v): + for ep in eps: + ep.path = ep.path.replace('*', v) + + +# Endpoint read from supported.cfg +@dataclass() +class Endpoint: + path: str + method: str + + +def gen_spec(spec_file, config_file): + + # Read the OpenAPI spec file. + spec = load_spec_file(spec_file) + + # Read the supported.cfg file. + inclusions, exclusions = load_config_file(config_file) + + # Create a config object. + config = Config(spec, inclusions, exclusions) + + # Apply tag to the spec according to the overrides in the config file. + retag_spec(config) + + # Generate a spec that contains supported endpoints only. + filter_spec(config.spec) + + return config.spec + + +# A defaultdict automatically creates any items you try to access that don't exist yet. +# A standard Python dict, in contrast, would throw a KeyError. +def hasher(): + return collections.defaultdict(hasher) + + +def load_spec_file(f): + """ + Read an OpenAPI spec file in JSON format. + """ + with open(f, "r") as stream: + try: + data = json.load(stream) + except ValueError as e: + print('Error: invalid JSON: %s' % e) + sys.exit(1) + + return data + + +def load_config_file(f): + """ + Read a config file, process the entries, and return a list of inclusions + and a list of exclusions. + + If there are no inclusions or exclusions, return empty lists (len == 0). + """ + inclusions = list() + exclusions = list() + + if f is None: return [inclusions, exclusions] + + with open(f, "r") as stream: + for line in stream: + line = line.rstrip('\n') + # Blank line + if not line: + continue + # Comment + elif line.startswith("#"): + continue + # Inclusion + elif line.startswith("+"): + ep = process_config_entry(line) + if ep: inclusions.append(ep) + # Exclusion + elif line.startswith("-"): + ep = process_config_entry(line) + if ep: exclusions.append(ep) + # Unknown + else: + print(f"Ignoring line from config file - invalid syntax: {line}") + + return inclusions, exclusions + + +def process_config_entry(line): + + ep = None + + # Strip out the + or - directive. + l = line[1:] + + # We expect two values: path and method. + e = l.split(COMMA, 2) + if len(e) == 2: + path, method = e + path = path.strip() + method = method.strip().lower() + + if method in METHODS: + ep = Endpoint(path, method) + + if not ep: + print(f"Ignoring line from config file - invalid syntax: {line}") + + return ep + + +def retag_spec(config): + """Apply Supported API to endpoints to the overrides in the config file.""" + # Endpoints to be included + for ep in config.inclusions: + try: + tags = config.spec['paths'][ep.path][ep.method]['tags'] + tags.append('Supported API') + except KeyError: + print(f"Ignoring line from config file - can't be found in spec: +{ep.path},{ep.method}") + + # Endpoints to be excluded + for ep in config.exclusions: + try: + tags = config.spec['paths'][ep.path][ep.method]['tags'] + if 'Supported API' in tags: + tags.remove('Supported API') + except KeyError: + print(f"Ignoring line from config file - can't be found in spec: -{ep.path},{ep.method}") + + +def filter_spec(spec): + """Filter out endpoints from spec that aren't tagged as supported.""" + supported_paths = hasher() + + for path in spec['paths']: + for method in spec['paths'][path]: + ep = spec['paths'][path][method] + env = spec['paths'][path][method]['x-prisma-cloud-target-env'] + tags = ep.get('tags', []) + selfhosted = env.get('self-hosted') + if (('Supported API' in tags) and (selfhosted is True)): + supported_paths[path][method] = copy.copy(ep) + spec['paths'] = copy.copy(supported_paths) + + +def output_spec(spec): + """ + Write the spec dict to a file in JSON format. + """ + # Write spec to file. + with open("openapi_supported_sh.json", "w") as outfile: + json.dump(spec, outfile, indent=2) + + +def print_status(spec, details=False): + + if details: + print("Supported endpoints") + print("-------------------") + count = 0 + for path in spec['paths']: + for method in spec['paths'][path]: + print(f"{path}, {method}") + count += 1 + print(f"\nTotal endpoints: {count}") + print() + + # Print status to stdout. + print("Success!") + print(" Wrote file: openapi_supported_sh.json") + print(" Run the script with --details to get a list of endpoints in the new spec file") + + +def main(): + """ + Read an OpenAPI spec, identify all supported endpoints, and output a + new spec that only contains supported endpoints to a file named + `openapi_supported_selfhosted.json`. + """ + parser = argparse.ArgumentParser(description='Generates an OpenAPI spec with supported endpoints only') + parser.add_argument('spec', + help='Path to OpenAPI spec file') + parser.add_argument('config', nargs='?', default=None, + help='(Optional) Path to supported.cfg, which overrides which endpoints to include and exclude') + parser.add_argument('--details', action="store_true", + help='Print details about the transformation') + args = parser.parse_args() + + s = gen_spec(args.spec, args.config) + + output_spec(s) + print_status(s, args.details) + + +if __name__ == '__main__': + main() diff --git a/docs/api/_topic_map.yml b/docs/api/_topic_map.yml index 110556b026..b2ae01344a 100644 --- a/docs/api/_topic_map.yml +++ b/docs/api/_topic_map.yml @@ -361,12 +361,12 @@ # # /api/v1/coderepos-ci # -/coderepos-vi: +/coderepos-ci: post: - summary: Add CI Code Repo - description: !include ../descriptions/coderepos-ci/post.md + summary: Add CI Code Repo + description: !include ../descriptions/coderepos-ci/post.md - /resolve: + /evaluate: post: summary: Resolve Code Repos description: !include ../descriptions/coderepos-ci/post_resolve.md @@ -928,6 +928,12 @@ summary: Update Runtime Serverless Policy description: !include ../descriptions/policies/runtime_serverless_put.md + /vulnerability/base-images/{id}: + + delete: + summary: Delete Base Images Rule + description: !include ../descriptions/policies/vulnerability_base_images_id_delete.md + /vulnerability/ci/serverless: get: diff --git a/docs/api/descriptions/coderepos-ci/post_resolve.md b/docs/api/descriptions/coderepos-ci/post_resolve.md index 441e27a865..493d25834d 100644 --- a/docs/api/descriptions/coderepos-ci/post_resolve.md +++ b/docs/api/descriptions/coderepos-ci/post_resolve.md @@ -1,4 +1 @@ Adds vulnerability data for the given code repository scan result. - -> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. -You get an HTTP error response 429 if the limit exceeds. diff --git a/docs/api/descriptions/collections/post.md b/docs/api/descriptions/collections/post.md index 2ac46242c9..168c739708 100755 --- a/docs/api/descriptions/collections/post.md +++ b/docs/api/descriptions/collections/post.md @@ -1,10 +1,6 @@ -Creates a new collection. You must specify a value for mandatory resources such as 'name', 'images', and 'labels' in the collection. +Creates a new collection. Only the `name` field is required; the other fields are optional. The `name` field can contain the characters: 'A-Z', 'a-z', '0-9', '_', '-', and ':'. Optional fields for which you do not specify a value are set to the '*' wildcard. -For 'name': Valid characters are 'A-Z', 'a-z', '0-9', '_', '-', and ':'. -For 'image': If you don't have a specific value, you can initialize with a wildcard '*'. -For 'label': If you don't have a specific value, you can initialize with a wildcard '*'. - -Values for the mandatory resources are required for initialization. If you don't initialize mandatory resources and try to use the collection, you'll get an empty resource error. +If you don't provide a value for the `name` field and try to use the collection, you'll get an empty resource error. To invoke this endpoint in the Console UI: diff --git a/docs/api/descriptions/policies/vulnerability_base_images_id_delete.md b/docs/api/descriptions/policies/vulnerability_base_images_id_delete.md new file mode 100644 index 0000000000..53d71c3865 --- /dev/null +++ b/docs/api/descriptions/policies/vulnerability_base_images_id_delete.md @@ -0,0 +1,4 @@ +Removes all base images under a given scope. + +For the `id` path parameter to be passed correctly in the URL, it needs to be percent-encoded. Further, the percent ("%") character itself must be percent-encoded as "%25". Therefore, each forward slash ("/") character needs to be encoded as "%252F". + diff --git a/docs/api/descriptions/tags/tag_cve_post.md b/docs/api/descriptions/tags/tag_cve_post.md index 995fd266b9..966a80bd8c 100644 --- a/docs/api/descriptions/tags/tag_cve_post.md +++ b/docs/api/descriptions/tags/tag_cve_post.md @@ -152,4 +152,18 @@ Consider the following scenarios when you want to tag a vulnerability to all pac "resources": ["servo-vmware71"] }' \ "https:///api/v/tags/Ignored/vuln" - ``` \ No newline at end of file + ``` + +*Note:* A tag assignment is identified by the combination of the `id`, `packageName`, `resourceType`, and `tag` fields. Invoking the endpoint again for an existing tag assignment overrides the existing tag assignment for the resource. For example, invoking the endpoint consecutively with the following values: +1. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"In progress"}` +2. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"New Tag"}` +3. `{"id":"CVE-1","packageName":"pkg","resourceType":"host","resources":["devbox"],"tag":"New Tag"}` +4. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["node:latest"],"tag":"New Tag"}` + + +Will result in the following tag assignments: +1. The first invocation creates the entry: "In progress", "CVE-1", "pkg", "image", "library/python:latest" +2. The second invocation creates a second (new) entry: "New Tag", "CVE-1", "pkg","image", "library/python:latest" +3. The third invocation creates a third (new) entry: "New Tag", "CVE-1", "pkg","host", "devbox" +4. The fourth invocation overrides the second entry with the following values: "New Tag", "CVE-1", "pkg", "image", "node:latest" + diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-1.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-1.png index 6f611afb7c..6b939c605b 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-1.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-1.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-10.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-10.png index cc400ed4fd..e5c8375e64 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-10.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-10.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-11.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-11.png index 386f22c893..5c681a09e4 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-11.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-11.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-12.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-12.png index 038946bfa6..aa1b82a275 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-12.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-12.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-14.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-14.png index 6dedb21ad0..42c428263b 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-14.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-14.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-2.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-2.png index 62013cfe04..85dc4ef28b 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-2.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-2.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-21.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-21.png deleted file mode 100644 index 371e32db69..0000000000 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-21.png and /dev/null differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-22.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-22.png index 273b86193d..89541397af 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-22.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-22.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-3.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-3.png index 3fb109ae53..2eba4a0ea5 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-3.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-3.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-4.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-4.png index 83768f7eba..d552b49481 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-4.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-4.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-5.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-5.png deleted file mode 100644 index 90af2f1294..0000000000 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-5.png and /dev/null differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-6.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-6.png index 13e45e8463..82a56e0161 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-6.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-6.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-7.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-7.png index 43e46e48a4..2cfa1b6d00 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-7.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-7.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor-8.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor-8.png index 5eee30bce4..99ad914879 100644 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor-8.png and b/docs/en/classic/appsec-admin-guide/_graphics/enfor-8.png differ diff --git a/docs/en/classic/appsec-admin-guide/_graphics/enfor.png b/docs/en/classic/appsec-admin-guide/_graphics/enfor.png deleted file mode 100644 index b04a661067..0000000000 Binary files a/docs/en/classic/appsec-admin-guide/_graphics/enfor.png and /dev/null differ diff --git a/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-checkov.adoc b/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-checkov.adoc index 5259c8641c..0d6916b33a 100644 --- a/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-checkov.adoc +++ b/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-checkov.adoc @@ -22,7 +22,7 @@ You can choose between Python (pip), Python3 (pip3) and Homebrew (if you are on + image::checkov-1.png[width=600] + -NOTE: Checkov requires Python version 3.8 - 3.11. +NOTE: Checkov requires Python version 3.8 - 3.12. .. Select *Next*. diff --git a/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-intellij.adoc b/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-intellij.adoc index 593205386b..0efa7ce46a 100644 --- a/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-intellij.adoc +++ b/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-intellij.adoc @@ -24,7 +24,7 @@ The secret key generates with your access key. Save your secret key when you gen + * *Python Installation.* + -Checkov needs Python to run, install https://www.python.org/downloads/[Python version 3.7] or above. If you have a versatile working environment of both pip and virtual environment install https://docs.pipenv.org/[Pipenv] or https://www.docker.com/products/docker-desktop[Docker]. +Checkov needs Python to run, install https://www.python.org/downloads/[Python version 3.8] or above. If you have a versatile working environment of both pip and virtual environment install https://docs.pipenv.org/[Pipenv] or https://www.docker.com/products/docker-desktop[Docker]. + * *Prisma Cloud API URL.* + diff --git a/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-vscode.adoc b/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-vscode.adoc index a567899187..57d40465b6 100644 --- a/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-vscode.adoc +++ b/docs/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-vscode.adoc @@ -22,7 +22,7 @@ The secret key generates with your access key. Save your secret key when you gen + * *Python Installation.* + -Checkov needs Python to run, install https://www.python.org/downloads/[Python version 3.7] or above. If you have a versatile working environment of both pip and virtual environment install https://docs.pipenv.org/[Pipenv] or https://www.docker.com/products/docker-desktop[Docker]. +Checkov needs Python to run, install https://www.python.org/downloads/[Python version 3.8] or above. If you have a versatile working environment of both pip and virtual environment install https://docs.pipenv.org/[Pipenv] or https://www.docker.com/products/docker-desktop[Docker]. + * *Prisma Cloud API URL.* + diff --git a/docs/en/classic/appsec-admin-guide/get-started/drift-detection.adoc b/docs/en/classic/appsec-admin-guide/get-started/drift-detection.adoc index de449c5025..6dc4e284f0 100644 --- a/docs/en/classic/appsec-admin-guide/get-started/drift-detection.adoc +++ b/docs/en/classic/appsec-admin-guide/get-started/drift-detection.adoc @@ -255,17 +255,17 @@ lifecycle { === Troubleshoot Drift Detection -Listed here are causes that maybe effecting the drift detection in your integrated repositories. +Listed here are causes that may prevent drift detection. -* Your Prisma Cloud user role is restricting you from detecting drift. Ensure you have the right permissions when onboarding AWS, GCP and Azure accounts. See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions[Prisma Cloud Administrator Permissions] to know more. +* Your Prisma Cloud user role in your cloud account does not have the proper permissions. Ensure you have the right permissions when onboarding AWS, GCP and Azure accounts. -* The code or cloud account with a runtime resource is not onboarded. +* The repository or cloud account with the resource is not onboarded in Prisma Cloud. * Ensure your repository is private. -* The `yor_trace ID` is a copy of another repository. +* For Terraform, the `yor_trace` ID is not unique to the Prisma Cloud tenant. In other words, the `yor_trace` is duplicated in another onboarded repository in any Prisma Cloud tenant. -* The changes in CloudFormation are not deployed. +* The changes in CloudFormation in the repository are not deployed in the cloud. * Ensure three policies are enabled on Policies for drift detection. ** `AWS traced resources are manually modified` diff --git a/docs/en/classic/appsec-admin-guide/risk-prevention/code/enforcement.adoc b/docs/en/classic/appsec-admin-guide/risk-prevention/code/enforcement.adoc index 7dd65cb35b..0924cd0749 100644 --- a/docs/en/classic/appsec-admin-guide/risk-prevention/code/enforcement.adoc +++ b/docs/en/classic/appsec-admin-guide/risk-prevention/code/enforcement.adoc @@ -33,9 +33,6 @@ Prisma Cloud scans multiple code categories to identify vulnerabilities and viol |*Infrastructure as Code (IaC)* |Misconfiguration issues found in IaC files (relevant for users who provision and manage their infrastructure via code). -|*Build Integrity* -|Misconfigurations in pipelines and VCS platforms integrated with Prisma Cloud, found in branch and CI/CD pipelines configuration files. - |*Secrets* |Secret leaks across code files that might hinder access to information, services or assets. @@ -50,29 +47,24 @@ To understand the default scan parameter on Prisma Cloud with the enforcement ru | | Info| Low | Medium | High | Critical .3+|Vulnerabilities -| | | | | Hard Fail +| | Hard Fail | | | | |Soft Fail | | | | |Comments Bot | | | .3+|Licenses -| | | | | Hard Fail +| | Hard Fail | | | | |Soft Fail | | | | |Comments Bot | | | .3+|IaC -| |Hard Fail | | | -| |Soft Fail | | | -| |Comments Bot | | | - -.3+|Build Integrity -| |Hard Fail | | | -| |Soft Fail | | | -| |Comments Bot | | | +| Hard Fail | | | | +| Soft Fail | | | | +| Comments Bot| | | | .3+|Secrets -| |Hard Fail | | | -| |Soft Fail | | | -| |Comments Bot | | | +| Hard Fail | | | | +| Soft Fail | | | | +| Comments Bot| | | | |=== @@ -80,24 +72,29 @@ You can manage Enforcement configuration scan results by modifying the default c NOTE: See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions[Prisma Cloud Administrator Permissions] and know more about user roles and permissions to configure enforcement. -* <> +* <> + You can modify the default parameters for each code category and set up a new default parameter. However, each time a default configuration is modified, the parameters are applicable across all repositories on the Prisma Cloud console. + NOTE: Soft Fail configuration for any code category must be lower than Hard Fail. -* <> +* <> + You can add an exception configuration for each code category that is applicable only for select repositories that you have access to. The exception configuration runs in addition to the default enforcement configurations. -* <> +* <> + You can choose to prevent an enforcement configuration from running a scan for one or more run rules for a code category. The parameter to turn off a scan for a code category can be an addition to either a default configuration or to an exception configuration. Turning the scan off for a run rule in a code category results in no code review scan. -* <> +* <> + -For every failed scan result you can view the latest Pull Request (PR) of your repository within the Prisma Cloud console. Currently the ability to review violation fix suggestions and view the Pull Request (PR) scans that failed is supported only for Github repositories. From the Prisma Cloud console you can directly access your repositories in Github and remediate solutions through a Pull Request (PR). +Reviewing scan results for repositories is crucial for maintaining security measures, after an Enforcement configuration has been executed. See the evaluation of these results on *Application Security > Development Pipelines* offering two comprehensive views: *Projects and Code Reviews*. +** *Projects*: In the *Projects* view, you gain a holistic perspective on the status of various pull or merge requests (*PR or MR*) within your repositories. This includes insights into *Failed PR or MR*, *Pending PR or MR*, and the *Latest PR or MR*. Additionally, you will find information such as the frequency of *Weekly commits* and the count of *Git users* interacting with the repository. To delve deeper into the causes of failed PRs or MRs, you can directly inspect the latest scan. If you require more contextual information about a specific repository, the option to explore additional details is available by directing you to *Application Security > Projects*. +** *Code Reviews*: The *Code Reviews* view provides a real-time monitoring results, offering contextual information about code security across repositories. Utilize graphical representation to comprehend the overall distribution of Failed and Passed scans. You can directly inspect the scan on the version control system (VCS). Further, you can delve into the specifics of the latest scan results and access supplementary details on *Application Security > Projects*. + +By combining these two views, you can interpret the scan results, ensuring that you have a comprehensive approach for a quick identification of potential vulnerabilities and facilitate remediation and improvement. +//Currently the ability to review violation fix suggestions and view the Pull Request (PR) scans that failed is supported only for Github repositories. From the Prisma Cloud console you can directly access your repositories in Github and remediate solutions through a Pull Request (PR). [.task] @@ -107,16 +104,14 @@ For every failed scan result you can view the latest Pull Request (PR) of your r [.procedure] . Access Enforcement on Prisma Cloud Application Security console. .. Select *Application Security > Development Pipelines > More Actions*. -+ -image::enfor.png[width=800] .. Select *Enforcement*. + -image::enfor-1.png[width=800] +image::enfor-1.png[] + If you are unsure which repository may contain critical issues or if you are receiving unnecessary noise from select repositories, you can optionally access Enforcement from *Application Security > Projects > More Actions > Enforcement*. + -image::enfor-2.png[width=800] +image::enfor-2.png[] [.task] @@ -135,19 +130,18 @@ NOTE: You cannot delete a default enforcement configuration. .. Select a code category. + -image::enfor-3.png[width=600] +image::enfor-3.png[] .. Select the severity threshold corresponding to the code category. + -image::enfor-4.png[width=600] +image::enfor-4.png[] + You can choose to continue modifying other code categories or conclude with a single modification. + You can also choose to <> the severity threshold of a code category. .. Select *Save* the modified enforcement configuration. -+ -image::enfor-5.png[width=600] + [.task] @@ -164,42 +158,42 @@ To ensure your focus is only on critical issues and you receive violation notifi . Add an exception to enforcement. .. Select *Add exception*. + -image::enfor-6.png[width=600] +image::enfor-6.png[] . Configure exception parameters. .. Add *Description* to the new exception. + -image::enfor-7.png[width=600] +image::enfor-7.png[] .. Select the repositories you want to add the exception. + -image::enfor-8.png[width=600] +image::enfor-8.png[] + NOTE: You can only view repositories that you own. ++ +You can optionally, add *Labels* to the exception rule. .. Select a code category. .. Select the severity threshold corresponding to the code category. + -You can choose to continue modifying other code categories or conclude with a single modification. +You can add an exception for more than one code category. .. Select *Save* to save the exception with the parameters. + -image::enfor-21.png[width=600] -+ All exception configurations are listed on *Enforcement*. + -image::enfor-22.png[width=600] +image::enfor-22.png[] + You can optionally choose to edit or delete an existing exception. + ** To edit an exception, hover over the Exception and then select *Edit* to configure the parameters. Select *Save* to save the modification to the exception. + -image::enfor-10.png[width=600] +image::enfor-10.png[] + ** To delete an exception select *Edit* and then select *Delete this exception*. + -image::enfor-11.png[width=600] +image::enfor-11.png[] [.task] @@ -228,41 +222,36 @@ You can set a run rule off for a code category in either a default configuration [.task] -[#review-fail-scans-and-suggestions-on-vcs] -=== Review fail scans and suggestions on VCS (Version Control System) +[#review-scan-result-and-suggestions-for-vcs] +=== Review scan results and suggestions for VCS (Version Control System) -After a scan result that fails the enforcement configuration, to find remediation you can directly access your the latest Pull Request (PR) from the Enforcement scan result. +To examine the results of your repository scans with the Enforcement configuration in the Prisma Cloud console, see the steps here for seamless and insightful review. [.procedure] -. Access *Application Security > Development Pipelines*. +. Accessing Development Pipelines +.. Select *Application Security > Development Pipelines*. + -image::enfor-14.png[width=800] +image::enfor-14.png[] -. Select *Actions* corresponding to the fail scan result. +. Projects View + -image::enfor-23.png[width=600] +By default, you will see the *Projects* view, offering a helpful overview of your repositories and the pull request activity. This view includes crucial information, such as *Failed PR*, *Pending PR*, and the *Latest PR*. This snapshot is enriched with data on *Weekly commits* and the number of *Git users* interacting with the repository. -. Select *Open latest PR* to access the latest Pull Request (PR) in your repository. +. Taking Action on Failed or Pending PRs +.. Select the *Actions* menu and choose either: + -image::enfor-15.png[width=800] +* *Open Failed PR scans on VCS*: This option allows you to directly inspect the failed pull or merge request in the Version Control System (VCS). +* *Review Pending fix PRs in VCS*: Here, you can scrutinize pending fixes for pull or merge requests in the VCS. Additionally, you have the flexibility to accept or reject suggested changes on GitHub. + -You will view the repository with the Pull Request (PR) on *Application Security > Projects*. +NOTE: Ensure that you have the necessary permissions to make changes in the repository via the VCS. -* In addition currently available only for Github repositories, see the instructions here. - -. Select *Review Fix PRs in VCS* to review the fix suggestions from Prisma Cloud for the violation identified in your repository on Github. -+ -image::enfor-16.png[width=800] -+ -You can choose to accept or reject the suggestion on Github. +. Supplementary Details for Repositories + -NOTE: Ensure you have access to the repository on Github. +..Select *Open the latest scan item* to access more detailed information about the repository directing you to *Application Security > Projects*. -. Select *Open failed PRs scans* to view a list of Pull Request (PR) that have failed with your repository on Github. -+ -image::enfor-17.png[width=800] -+ -You can choose to remediate the repository on Github. +. Code Reviews View +.. Select *Code Reviews* to gain real-time insights into the security status of repository scans with Enforcement configurations applied. Here, you have two key *Actions*: + -NOTE: Ensure you have access to the repository on Github. \ No newline at end of file +* *View scan results*: This provides an overview of the scan results, allowing you to quickly assess the security posture of your repositories. +* *View scan results in VCS*: Delve deeper into the results by directly examining them in the Version Control System. \ No newline at end of file diff --git a/docs/en/classic/appsec-admin-guide/risk-prevention/code/monitor-fix-issues-in-scan.adoc b/docs/en/classic/appsec-admin-guide/risk-prevention/code/monitor-fix-issues-in-scan.adoc index 2a3a0a02e1..2ed1373147 100644 --- a/docs/en/classic/appsec-admin-guide/risk-prevention/code/monitor-fix-issues-in-scan.adoc +++ b/docs/en/classic/appsec-admin-guide/risk-prevention/code/monitor-fix-issues-in-scan.adoc @@ -8,7 +8,7 @@ Prisma Cloud performs periodic scans on each integrated repository of the Versio * *CLI and CI/CD runs*: Event driven scans performed on runs as configured by using the Enforcement parameters. On *Projects* you see a consolidated view of the scan results where categorization of issues is by the code category views. -There are five code category views - *IaC misconfiguration, Vulnerabilities, Secrets, Licenses* and *Build Integrity*. In addition you can see a contextual summary of issues across code categories on *Overview*. +There are five code category views - *IaC misconfiguration, Vulnerabilities, Secrets*, and *Licenses*. In addition you can see a contextual summary of issues across code categories on *Overview*. image::proj.png[width=800] @@ -34,9 +34,6 @@ For more information to resolve vulnerability issues see xref:fix-issues-in-a-sc |Licenses |Most open source software includes a license governing its use. License scanning identifies packages that violate open source usage policies. In this view, see the listing of licensing issues through periodic scans. -|Build Integrity -|Misconfigured repositories and CI/CD pipelines can lead to Supply Chain attacks such as data exfiltration and code injection. Use this view to spot VCS and CI/CD misconfigurations. - |VCS Pull Requests | After configuring Enforcement, view issues for scans run on all open Pull Requests (PR) for your integrated repositories. On the Prisma Cloud console, you can access the scan result from the console or choose to access the VCS console and view the specific commit within PR for a manual fix. @@ -77,7 +74,6 @@ Each code category can generate either a resource or a policy issue block. For u |Vulnerabilities |Licenses |Secrets -|Build Integrity |IaC Resource |✔️ @@ -98,28 +94,28 @@ Each code category can generate either a resource or a policy issue block. For u | | |✔️ -| + |Git Repository | | | | -|✔️ + |Git Organization | | | | -|✔️ + |CI/CD pipeline | | | | -|✔️ + |=== @@ -223,21 +219,21 @@ image::proj-5.png[width=800] * *First Detected*: The timestamp of the issue when found. -* *Build Integrity Issue Block* -+ -As a Build Integrity issue, there is an extensive information in the resource block. -+ -image::proj-6.png[width=800] -+ -1. *Branch Name and Path*: Displays the branch name and the code path. If you choose to group issues by *Policy* then you will see the *Policy* with *Severity*. -+ -2. *Total number of Issues*: Displays the total number of issues identified in the repository. -+ -3. *Additional Information*: Displays columns of the information regarding the issue. -+ -* *Policy*: Displays the severity level of non-conformant policy in the code. -+ -* *First Detected*: The timestamp of the issue when found. +// * *Build Integrity Issue Block* +// + +// As a Build Integrity issue, there is an extensive information in the resource block. +// + +// image::proj-6.png[width=800] +// + +// 1. *Branch Name and Path*: Displays the branch name and the code path. If you choose to group issues by *Policy* then you will see the *Policy* with *Severity*. +// + +// 2. *Total number of Issues*: Displays the total number of issues identified in the repository. +// + +// 3. *Additional Information*: Displays columns of the information regarding the issue. +// + +// * *Policy*: Displays the severity level of non-conformant policy in the code. +// + +// * *First Detected*: The timestamp of the issue when found. === Sorting Issues @@ -300,14 +296,14 @@ image::proj-14.png[width=800] [#branch-] ===== Branch -A list of the supported branches of a VCS branch scan. Currently, the repository’s default branch is selected by default and cannot be configured. This configuration is applicable for views - Overview, IaC Misconfiguration, Vulnerabilities, Secrets, Licenses, and Build Integrity. +A list of the supported branches of a VCS branch scan. Currently, the repository’s default branch is selected by default and cannot be configured. This configuration is applicable for views - Overview, IaC Misconfiguration, Vulnerabilities, Secrets, and Licenses. image::proj-15.png[width=800] [#code-categories] ===== Code Categories -A Category filters resources according to Build Integrity, Compute, Drift, General, IAM, Kubernetes, Licenses, Monitoring, Networking, Public, Secrets, Storage, and Vulnerabilities. +A Category filters resources according to Compute, Drift, General, IAM, Kubernetes, Licenses, Monitoring, Networking, Public, Secrets, Storage, and Vulnerabilities. During the time of repositories integration on Prisma Cloud Application Security, your defined Categories associated with the repositories also help with filters. image::proj-13.png[width=600] diff --git a/docs/en/classic/compute-admin-guide/alerts/alert-mechanism.adoc b/docs/en/classic/compute-admin-guide/alerts/alert-mechanism.adoc index e008bc1d44..a7bf511546 100644 --- a/docs/en/classic/compute-admin-guide/alerts/alert-mechanism.adoc +++ b/docs/en/classic/compute-admin-guide/alerts/alert-mechanism.adoc @@ -129,9 +129,6 @@ When you set up alerts for Defender health events. These events tell you when Defender unexpectedly disconnects from Console. Alerts are sent when a Defender has been disconnected for more than 6 hours. -==== CNNS -Cloud Native Network Segmentation (CNNS) - ==== Runtime Runtime alerts are generated for the following categories: Container runtime, App-Embedded Defender runtime, Host runtime, Serverless runtime, and Incidents. diff --git a/docs/en/classic/compute-admin-guide/authentication/assign-roles.adoc b/docs/en/classic/compute-admin-guide/authentication/assign-roles.adoc index bb01870251..b1dc89b4aa 100644 --- a/docs/en/classic/compute-admin-guide/authentication/assign-roles.adoc +++ b/docs/en/classic/compute-admin-guide/authentication/assign-roles.adoc @@ -294,10 +294,6 @@ Monitor/Compliance |Images, Containers, Namespaces, Clusters, Container Deployment Labels (under Labels), Cloud Account IDs. (Cluster collections are not currently able to filter some events such as container audits, specifically.) -|Monitor/Events -|CNNS for Containers -|Images (Destination image), Cloud Account IDs - |Monitor/Events |WAAS for Containers |Images, Namespaces, Cloud Account IDs @@ -326,10 +322,6 @@ Monitor/Compliance |Host audits |Hosts, Clusters, Labels, Cloud Account IDs -|Monitor/Events -|CNNS for Hosts -|Hosts (Source and Destination Hosts), Cloud Account IDs - |Monitor/Events |WAAS for Hosts |Hosts, Cloud Account IDs diff --git a/docs/en/classic/compute-admin-guide/book.yml b/docs/en/classic/compute-admin-guide/book.yml index 319b46eded..291e76301a 100644 --- a/docs/en/classic/compute-admin-guide/book.yml +++ b/docs/en/classic/compute-admin-guide/book.yml @@ -159,33 +159,33 @@ kind: chapter name: Agentless Scanning dir: agentless-scanning topics: -- name: Agentless Scanning - file: agentless-scanning.adoc -- name: Agentless Scanning Modes - file: agentless-scanning-modes.adoc -- name: Onboard Accounts for Agentless Scanning - dir: onboard-accounts - topics: - - name: Configure Agentless Scanning - file: onboard-accounts.adoc - - name: Onboard AWS Accounts - file: onboard-aws.adoc - - name: Configure Agentless Scanning for AWS - file: configure-aws.adoc - - name: Onboard Azure Accounts - file: onboard-azure.adoc - - name: Configure Agentless Scanning for Azure - file: configure-azure.adoc - - name: Onboard GCP Accounts - file: onboard-gcp.adoc - - name: Configure Agentless Scanning for GCP - file: configure-gcp.adoc - - name: Onboard OCI Accounts - file: onboard-oci.adoc - - name: Configure Agentless Scanning for OCI - file: configure-oci.adoc -- name: Agentless Scanning Results - file: agentless-scanning-results.adoc + - name: Agentless Scanning + file: agentless-scanning.adoc + - name: Agentless Scanning Modes + file: agentless-scanning-modes.adoc + - name: Onboard Accounts for Agentless Scanning + dir: onboard-accounts + topics: + - name: Configure Agentless Scanning + file: onboard-accounts.adoc + - name: Onboard AWS Accounts + file: onboard-aws.adoc + - name: Configure Agentless Scanning for AWS + file: configure-aws.adoc + - name: Onboard Azure Accounts + file: onboard-azure.adoc + - name: Configure Agentless Scanning for Azure + file: configure-azure.adoc + - name: Onboard GCP Accounts + file: onboard-gcp.adoc + - name: Configure Agentless Scanning for GCP + file: configure-gcp.adoc + - name: Onboard OCI Accounts + file: onboard-oci.adoc + - name: Configure Agentless Scanning for OCI + file: configure-oci.adoc + - name: Agentless Scanning Results + file: agentless-scanning-results.adoc --- kind: chapter name: Technology overviews @@ -393,36 +393,36 @@ kind: chapter name: Compliance dir: compliance topics: -- name: Compliance - file: compliance.adoc -- name: Compliance Explorer - file: compliance-explorer.adoc -- name: Manage compliance - file: manage-compliance.adoc -- name: CIS Benchmarks - file: cis-benchmarks.adoc -- name: Prisma Cloud compliance checks - file: prisma-cloud-compliance-checks.adoc -- name: Serverless functions - file: serverless.adoc -- name: Windows compliance checks - file: windows.adoc -- name: DISA STIG compliance checks - file: disa-stig-compliance-checks.adoc -- name: Custom compliance checks - file: custom-compliance-checks.adoc -- name: Trusted images - file: trusted-images.adoc -- name: Host scanning - file: host-scanning.adoc -- name: VM image scanning - file: vm-image-scanning.adoc -- name: App-Embedded scanning - file: app-embedded-scanning.adoc -- name: Detect secrets - file: detect-secrets.adoc -- name: OSS license management - file: oss-license-management.adoc + - name: Compliance + file: compliance.adoc + - name: Compliance Explorer + file: compliance-explorer.adoc + - name: Manage compliance + file: manage-compliance.adoc + - name: CIS Benchmarks + file: cis-benchmarks.adoc + - name: Prisma Cloud compliance checks + file: prisma-cloud-compliance-checks.adoc + - name: Serverless functions + file: serverless.adoc + - name: Windows compliance checks + file: windows.adoc + - name: DISA STIG compliance checks + file: disa-stig-compliance-checks.adoc + - name: Custom compliance checks + file: custom-compliance-checks.adoc + - name: Trusted images + file: trusted-images.adoc + - name: Host scanning + file: host-scanning.adoc + - name: VM image scanning + file: vm-image-scanning.adoc + - name: App-Embedded scanning + file: app-embedded-scanning.adoc + - name: Detect secrets + file: detect-secrets.adoc + - name: OSS license management + file: oss-license-management.adoc --- kind: chapter name: Runtime defense @@ -575,8 +575,6 @@ dir: firewalls topics: - name: Firewalls file: firewalls.adoc - - name: Cloud Native Network Segmentation (CNNS) - file: cnns-saas.adoc --- kind: chapter name: Secrets diff --git a/docs/en/classic/compute-admin-guide/compliance/custom-compliance-checks.adoc b/docs/en/classic/compute-admin-guide/compliance/custom-compliance-checks.adoc index 9719be2089..28ee0d2197 100644 --- a/docs/en/classic/compute-admin-guide/compliance/custom-compliance-checks.adoc +++ b/docs/en/classic/compute-admin-guide/compliance/custom-compliance-checks.adoc @@ -1,28 +1,24 @@ == Custom compliance checks -Custom image checks give you a way to write and run your own compliance checks to assess, measure, and enforce security baselines in your environment. - -Prisma Cloud lets you implement your custom image checks with simple scripts. +With custom image checks you can write and run your own compliance checks to assess, measure, and enforce security baselines in your environment. Prisma Cloud allows you to implement your custom image checks with simple scripts. Custom compliance checks are supported for: -- Linux and Windows hosts (Host configured for docker, containerd, or CRI-O) - Docker images on Linux hosts +- Linux and Windows hosts (Host configured for docker, containerd, or CRI-O) - OCI images Custom compliance checks are not supported for: -- Linux and Windows containers +- Agentless scanning on Windows hosts - Docker images on Windows hosts -- Tanzu Application Service (TAS) defender - GKE Autopilot +- Linux and Windows containers +- Tanzu Application Service (TAS) defender -A custom image check consists of a single script. -The script's exit code determines the result of the check, where "0" stands for pass and "1" stands for fail. +A custom image check consists of a single script. The script's exit code determines the result of the check, where "0" stands for pass and "1" stands for fail. -Scripts are executed in the default shell. -The most common default shell for Linux is bash, but that's not always the case. -For Windows container images, the default shell is cmd.exe. +Scripts are executed in the default shell. The common default shell for Linux is bash, in most cases. For Windows container images, the default shell is cmd.exe. [NOTE] ==== diff --git a/docs/en/classic/compute-admin-guide/compliance/detect-secrets.adoc b/docs/en/classic/compute-admin-guide/compliance/detect-secrets.adoc index b3901ff14a..8ed2ed0ab7 100644 --- a/docs/en/classic/compute-admin-guide/compliance/detect-secrets.adoc +++ b/docs/en/classic/compute-admin-guide/compliance/detect-secrets.adoc @@ -67,14 +67,14 @@ Agentless scanning detects sensitive information inside files in your hosts and ==== Compliance Check ID 456 -This check detects secrets inside your hosts' filesystem. -By default, Prisma Cloud alerts you that a secret was detected in a host. +This check detects secrets inside your container images' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a container image. Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. ==== Compliance Check ID 457 -This check detects secrets inside your container images' filesystem. -By default, Prisma Cloud alerts you that a secret was detected in a container image. +This check detects secrets inside your hosts' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a host. Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. [#detected-secrets] diff --git a/docs/en/classic/compute-admin-guide/compliance/trusted-images.adoc b/docs/en/classic/compute-admin-guide/compliance/trusted-images.adoc index d6a1244792..d1ce9c8fb7 100644 --- a/docs/en/classic/compute-admin-guide/compliance/trusted-images.adoc +++ b/docs/en/classic/compute-admin-guide/compliance/trusted-images.adoc @@ -90,6 +90,8 @@ Badges are shown in the following pages: The table is updated at scan-time. ** *Monitor > Compliance > Trusted Images* +NOTE: After a trust policy update, the image data is only updated as a trusted image when you initiate a re-scan. +While, the hostnames with the same image are evaluated as trusted immediately after the policy update. === Events Viewer diff --git a/docs/en/classic/compute-admin-guide/configure/collections.adoc b/docs/en/classic/compute-admin-guide/configure/collections.adoc index 0045ef2ed9..23470498e0 100644 --- a/docs/en/classic/compute-admin-guide/configure/collections.adoc +++ b/docs/en/classic/compute-admin-guide/configure/collections.adoc @@ -336,10 +336,6 @@ Monitor/Compliance |Images, Containers, Namespaces, Clusters, Container Deployment Labels (under Labels), Cloud Account IDs. (Cluster collections are not currently able to filter some events such as container audits, specifically.) -|Monitor/Events -|CNNS for Containers -|Images (Destination image), Cloud Account IDs - |Monitor/Events |WAAS for Containers |Images, Namespaces, Cloud Account IDs @@ -368,10 +364,6 @@ Monitor/Compliance |Host audits |Hosts, Clusters, Labels, Cloud Account IDs -|Monitor/Events -|CNNS for Hosts -|Hosts (Source and Destination Hosts), Cloud Account IDs - |Monitor/Events |WAAS for Hosts |Hosts, Cloud Account IDs diff --git a/docs/en/classic/compute-admin-guide/deployment-patterns/performance-planning.adoc b/docs/en/classic/compute-admin-guide/deployment-patterns/performance-planning.adoc index a944d83f63..1e726b0e37 100644 --- a/docs/en/classic/compute-admin-guide/deployment-patterns/performance-planning.adoc +++ b/docs/en/classic/compute-admin-guide/deployment-patterns/performance-planning.adoc @@ -128,7 +128,6 @@ The test environment is built on Kubernetes clusters, and has the following prop The results are collected over the course of 24 hours. The default vulnerability policy (alert on everything) and compliance policy (alert on critical and high issues) are left in place. -CNNS is enabled. [.underline]#Resource consumption#: diff --git a/docs/en/classic/compute-admin-guide/firewalls/cnnf-self-hosted.adoc b/docs/en/classic/compute-admin-guide/firewalls/cnnf-self-hosted.adoc deleted file mode 100644 index ac0e490d7e..0000000000 --- a/docs/en/classic/compute-admin-guide/firewalls/cnnf-self-hosted.adoc +++ /dev/null @@ -1,214 +0,0 @@ -== Cloud Native Network Firewall (CNNF) - -Cloud Native Network Firewall (CNNF) is a Layer 4 container-aware virtual firewall and network monitoring tool. -Network segmentation and compartmentalization is an important part of a comprehensive defense in depth strategy. -CNNF works as an east-west firewall for containers and hosts. -It limits damage by preventing attackers from moving laterally through your environment when they've already compromised your perimeter. - -Container environments present security challenges that aren't suitably addressed by traditional tools. -In a container environment, network traffic between nodes is usually encapsulated and encrypted in an overlay network. -The IP addresses of the endpoints are ephemeral and largely irrelevant, so rules such as _from 192.168.1.100 to 192.168.1.200, allow tcp/27017_ aren't useful because you usually don't know, or even care, about containers' IP addresses. - -CNNF automatically discovers how entities in your environment communicate, and shows the connection patterns on Radar. -Radar has a container view, which shows the network topology for your containerized apps. -Radar also has a host view, which shows the network topology for hosts. - -Using the connection patterns discovered and displayed on Radar, you can create rules that enforce how entities communicate with each other. - -In addition to network topology, Radar has a data overlay that shows vulnerability, compliance, and runtime state for each node. -Use the combined data to better assess where risk should be mitigated. - - -=== Key capabilities - -Coupled with Radar, CNNF lets you conceptualize connectivity, segment traffic, and compartmentalize attacks. - -* CNNF lets you visualize the network topology of your containerized apps and your hosts. -Radar paints nodes and edges on a 2D canvas to show how entities communicate with each other. - -* CNNF lets you segment your microservices at the container level. -CNNF also lets you segment your hosts. -Create rules that specify how entities are allowed to talk to each other. - -* CNNF lets you monitor the impact of your microsegmentation policy. -Radar draws normal and abnormal traffic patterns on the canvas. -Attempted connections that break from policy are highlighted on Radar and audits for these types of events are emitted. - -* CNNF policy is portable. -You can export all the rules from one Console and import them into another Console. - -NOTE: CNNF policy and enforcement is offered in Compute Edition only. -For Enterprise Edition (SaaS) customers, a microsegmentation solution will be unveiled shortly. - - -[#_architecture] -=== Architecture - -Defender enforces your CNNF policy in real-time. - -Defender inspects and evaluates connections before they're set up, and either allows or denies connections from being established. -After a connection is established, traffic flows directly between source and destination without any further oversight from Defender. - -Defender adds iptables rules to observe TCP's three-way handshake. -The three-way handshake sets up new connections using SYN messages. -For each pod or container IP address, Defender adds an iptables rule with the target set to NFQUEUE. -NFQUEUE is an iptables target which delegates the decision of how to handle a packet to a userspace program (in this case Defender). -When SYN messages arrive, Defender evaluates them against policy to determine whether the connection is permitted. -From this vantage point, Defender can raise alerts or block connections when anomalous activity is detected. - -image::cnnf_arch.png[] - - -[#_enabling_cnnf] -[.task] -=== Enabling CNNF - -CNNF runs in one of two modes: disabled or enabled. - -Disabled:: -CNNF displays limited traffic flows on Radar, including connections local to a node and outbound connections to the Internet. -By default, CNNF ships in the disabled state. - -Enabled:: -CNNF monitors all connections, including connections across hosts and connections to any configured network object. -CNNF enforces traffic flows according to your policy. - -To enable CNNF: - -[.procedure] -. Open Console. - -. Go to *Defend > Radar > Settings*. - -. Enable CNNF for hosts and containers. - - -=== Interpreting Radar - -Radar displays your microsegmentation policy, which is an aggregation of all your rules. -Radar also displays attempted connections that raised alerts or were blocked, as well as attempted connections for which there were no rules. - -Edges in the graph represent connections. -Dotted edges show policy rules. -Solid edges show actual observed connections. -Clicking on an edge in Radar reveals more information about the connection. - -Observed connections are matched against your policy. - -* If there is a matching rule, the color of the port number reflects the matching rule's configured effect. -Yellow port numbers represent connections that raised an alert. -Orange port numbers represent connections that were blocked. - -* If there's no matching rule, by default the connection is allowed. -The port number is painted gray to show that the connection was observed, but there was no matching rule. - -Port numbers painted in gray can indicate holes in your policy, and represent an opportunity to shore it up with additional rules. - -NOTE: If CNNF is disabled, Radar doesn't show outgoing connections to external IPs. - - -=== CNNF rules - -CNNF rules let you explicitly allow or deny outbound connections from a source to a destination. - -For containers, rules can be defined between: - -* Image to image. -* Image to external network (where Prisma Cloud isn't running). -* Image to DNS domain. - -For hosts, rules can be defined between: - -* Host to host. -* Host to external network (where Prisma Cloud isn't running). - -When external networks are declared, Prisma Cloud draws a node on the Radar canvas to represent it. -If you create a rule that explicitly whitelists traffic between a source and an external network, an edge is drawn on Radar. -If no external network is defined, and a connection is made to an external network, nothing is shown on Radar. - -[NOTE] -==== -Currently, you can't mix DNS rules with image rules. -For example, if you have a network object Image A and you define a DNS rule with it, the network object Image A can't have image rules as well. -The following two rules can't be simultaneously defined: - -* Image A -> DNS A (effect: alert) -* Image A -> Image B (effect: alert) -==== - - -==== Evaluating rules in a policy - -Your manually defined rules represent the full scope of your policy. -When a connection is established between two entities in your environment, CNNF uses the following logic to process policy: - -. Apply the first manually-defined rule where both source and destination match. - -. If there are no matching rules, allow the connection. - - -==== Network objects - -Rules are built around network objects. -Network objects represent sources and destinations in your custom CNNF rules. -You must declare the relevant network objects in your environment before you can create CNNF rules. -Network objects can represent container images, subnets, DNS names, and hosts. - -// https://github.com/twistlock/twistlock/issues/15262 -NOTE: If you have a subnet network object, and you have a rule that blocks or audits on outgoing connections to the subnet for some ports, then blocking and auditing will take effect even if there are rules that allow some of those ports for images or apps that run on machines with IPs from that subnet. -Unfortunately, Prisma Cloud cannot detect such "conflicts" when rules are created or updated. - - -==== Exporting and importing rules - -You can export all manually defined rules. -Rules are exported in JSON format and can be transferred between Consoles. - -To export your policy, go to *Defend > CNNF*. -Click *Export* from either the *Container* or *Host* tab. -Whether you export from the *Container* or *Host* tab, the exported JSON will contain: - -* The state of CNNF (disabled or enabled). -* Container policy (all rules). -* Host policy (all rules). -* Network entities. - -When importing a CNNF policy, everything above will be overwritten by the imported policy. - - -[.task] -=== Creating CNNF rules - -Rules are displayed in Radar as dotted lines. -When a connection is observed, the dotted line turns solid. - -CNNF supports a maximum of 255 manual rules. -Each rule can individually define an action (alert or prevent). - -NOTE: If a rule alerts or prevents outgoing connections to a subnet, blocking/auditing will take effect even if there are rules that allow some of those ports for images/hosts that may be running on machines with IPs from subnets. -The same is true for the All subnet (i.e. `{asterisk}.{asterisk}.{asterisk}.{asterisk}/0`). - -[.procedure] -. Open Console. - -. Go to *Defend > CNNF > {Container | Host}*. - -. Click *Add rule*. - -. Select a source. -+ -If you don't have a network object for the source, click *Add new* in the drop-down list. - -. Select a destination. -+ -If you don't have a network object for the destination, click *Add new* in the drop-down list. - -. Specify a port, port range, or wildcard. - -. Specify an effect. -+ -* *Allow* -- Allows the connection. -* *Alert* -- Allows the connection, but raises an alert. -* *Prevent* -- Blocks the connection and raises an alert. - -. Click *Save*. diff --git a/docs/en/classic/compute-admin-guide/firewalls/cnns-saas.adoc b/docs/en/classic/compute-admin-guide/firewalls/cnns-saas.adoc deleted file mode 100644 index 6c2dbb81d3..0000000000 --- a/docs/en/classic/compute-admin-guide/firewalls/cnns-saas.adoc +++ /dev/null @@ -1,125 +0,0 @@ -:toc: macro -[#cloud-native-network-segmentation] -== Cloud Native Network Segmentation (CNNS) - -Cloud Native Network Segmentation (CNNS) is a Layer 4 container and host-aware virtual firewall and network monitoring tool that enables you to segment your network and compartmentalize communication between the segments as a part of a comprehensive defense strategy. - -CNNS works as an east-west firewall for containers and hosts. -When enabled, CNNS automatically displays communications in your environment on xref:../technology-overviews/radar.adoc[Radar]. -Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively. -You can then define rules to enforce what traffic to allow or block across the network entities. - -For all connections that are monitored using policies, you can set up an alert profile to send it to an external integration such as email. - -toc::[] - -[#cnns-get-started] -[.task] -=== Get Started with CNNS - -CNNS leverages the Defenders that are deployed on your hosts and containers to monitor how your containers and hosts connect and communicate with each other in real-time. - -The Defender inspects the connection before it is set up. -Defender adds iptables rules to observe the TCP three-way handshake and watch for SYN messages required to set up new connections. -When SYN messages arrive, Defender evaluates them to track all connections. -After a connection is established, traffic flows directly between the source and destination without any further oversight from Defender. - -From the Radar view, you can identify how you want to segment your network, create network objects to represent each entity that is a source or a destination for traffic, and define policies to enforce what is allowed, alerted on, or blocked between these network objects. - -You can then audit the connection events to analyze how the policy is enforced, both for CNNS for Containers and CNNS for Hosts. - -[.procedure] -. Confirm that you have deployed Defenders on your hosts and containers. -+ -You will need xref:../install/deploy-defender/host/windows-host.adoc[Container Defenders-Windows], for the Windows Hosts. -+ -And for Linux, xref:../install/deploy-defender/container/container.adoc[Container Defenders-Linux] or xref:../install/deploy-defender/host/host.adoc[Defenders-Linux], running on the supported x86_64 and ARM64 Linux OS. See the xref:../install/system-requirements.adoc[system requirements]. - -. xref:#create-cnns-rules[Create CNNS Rules] -. Next Steps: -+ -* xref:#monitor-cnns-events[Monitor CNNS Audit Events] -* xref:../technology-overviews/radar.adoc#view-connections-radar[View Connections on Radar] -* xref:#configure-notifications[Notifications for CNNS Alerts] - -[#create-cnns-rules] -[.task] -=== Create CNNS Rules - -**Prerequisite**: - -* Enable xref:../technology-overviews/radar.adoc[CNNS] for hosts and containers under *Compute > Radars > Settings*. -+ -NOTE: -When CNNS is disabled, it displays limited traffic flow data on Radar, including outbound connections to the Internet and connections local to the node itself. -You can create CNNS rules for enforcing access on specific ports or protocols for outbound traffic from hosts and containers on which Defenders are deployed. - -* Create xref:../technology-overviews/radar.adoc#add-network-objects[Network objects] under *Compute > Radars > Settings*. -+ -CNNS policies use Network Objects for defining the source and destination in a rule. - -[.procedure] - -. Add CNNS policy from *Compute > Defend > CNNS*. -+ -You can add a maximum of 255 rules. -+ -* To add a rule for containers: -+ -.. Select *Container > Add rule*. -.. Select a *Source*. -+ -The source for a container rule must be a network object of type "Image". -.. Select a *Destination*. -+ -The destination can be another container, subnet or DNS. -.. Select a port or range of ports. -+ -For example * for any ports, a specific port number such as 80 or 443, or a range of ports such as 10-100. -.. Select the *Effect*. -The actions you can enforce are alert to allow the connection and generate an event, allow the connection, or prevent to deny connection and generate an event from the source to the destination on the specified port or domain name. -.. *Save* the rule. -+ -image::cnns-container-rules.png[width=400] - -+ -* To add a rule for hosts: -+ -.. Select *Host > Add rule*. -.. Select a *Source*. -+ -The source for a host rule must be a network object of type host. - -.. Select a *Destination*. -+ -The destination can be another host or subnet. -.. Select *Ports*. -+ -For example * for any ports, a specific port number such as 80 or 443, or a range of ports such as 10-100. -.. Select the *Effect*. -The actions you can enforce are alert, allow, or prevent to deny traffic from the source to the destination on the specified port or domain name. -.. Save the rule. -+ -CNNS rules are indicated by dotted lines in the Radar view. - -[#monitor-cnns-events] -[.task] -=== Monitor CNNS Audit Events -You can view all connections to the CNNS hosts and containers. - -[.procedure] -. Select *Compute > Monitor > Events*. -. Filter for *CNNS for containers* or *CNNS for hosts* to view the relevant connection attempts. -+ -image::cnns-container-events.png[width=600] -. Explore more details on the audit event. -+ -You can view the runtime model for a container. -+ -image::cnns-container-events-details.png[width=600] - -[#configure-notifications] -=== Notifications for CNNS Alerts - -On *Compute > Manage > Alerts*, you can add an xref:../alerts/alert-mechanism.adoc[alert profile] to enable alert notifications for CNNS alerts. -The first event is sent immediately; all subsequent runtime events are aggregated hourly. diff --git a/docs/en/classic/compute-admin-guide/install/deploy-defender/deploy-defender.adoc b/docs/en/classic/compute-admin-guide/install/deploy-defender/deploy-defender.adoc index 74c946659e..b9b5a8715f 100644 --- a/docs/en/classic/compute-admin-guide/install/deploy-defender/deploy-defender.adoc +++ b/docs/en/classic/compute-admin-guide/install/deploy-defender/deploy-defender.adoc @@ -99,19 +99,13 @@ The following table summarizes the key functional differences between Defender t | | -.2+|*Firewalls* +.1+|*Firewalls* |*WAAS* |Y |Y |Y |Y -|*CNNS* -|Y -|Y -| -| - .1+|*Radar (visualization)* |*Radar* |Y diff --git a/docs/en/classic/compute-admin-guide/install/deploy-defender/host/windows-host.adoc b/docs/en/classic/compute-admin-guide/install/deploy-defender/host/windows-host.adoc index 7ac64d0198..8d4b69d8a5 100644 --- a/docs/en/classic/compute-admin-guide/install/deploy-defender/host/windows-host.adoc +++ b/docs/en/classic/compute-admin-guide/install/deploy-defender/host/windows-host.adoc @@ -19,20 +19,11 @@ To deploy Defender on Windows, you’ll copy a PowerShell script from the Prisma The following table compares Prisma Cloud's Windows Server feature support to Linux feature support: -[cols="2,1,1,1,1,1,1,1", frame="topbot"] +[cols="1,1,1,1,1,1,1,1", options="header"] |=== -|Platform |Vulnerability |Compliance 3+|Runtime defense 2+|Firewalls - -h| -h| -h| -h|Processes -h|Network -h|Filesystem -h|CNNS -h|WAAS - -|Linux {set:cellbgcolor:#fff} +|Platform |Vulnerability |Compliance |Runtime - Processes |Runtime - Network |Runtime - Filesystem |Firewalls - CNNS| Firewalls - WAAS + +|Linux |Yes |Yes |Yes diff --git a/docs/en/classic/compute-admin-guide/install/system-requirements.adoc b/docs/en/classic/compute-admin-guide/install/system-requirements.adoc index 4dd7655b7b..16d1f987e2 100644 --- a/docs/en/classic/compute-admin-guide/install/system-requirements.adoc +++ b/docs/en/classic/compute-admin-guide/install/system-requirements.adoc @@ -1,3 +1,5 @@ +//System Requirements spreadsheet for O'Neal +//https://docs.google.com/spreadsheets/d/1Mzz4E_7s3JHI7dBm489HNgxDjrmQbVltWS8AhTKiIsM/edit#gid=0 :toc: macro == System Requirements @@ -25,7 +27,7 @@ Ensure your system meets the following requirements. [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=hardware +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=hardware |=== For more than 10,000 Defenders you need 4 vCPUS and 10GB of RAM for every additional 5,000 Defenders @@ -132,7 +134,7 @@ endif::compute_edition[] [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=x86-operating-systems +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=x86-operating-systems |=== [#arm64-os] @@ -142,7 +144,7 @@ Prisma Cloud supports host Defenders on the following host operating systems on [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=arm-operating-systems +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=arm-operating-systems |=== [#kernel] @@ -182,7 +184,7 @@ Prisma Cloud supports only the versions of the Docker Engine supported by Docker [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=docker +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=docker |=== The following storage drivers are supported: @@ -227,7 +229,7 @@ We support the following versions of official mainline vendor/project releases. [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=x86-orchestrators +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=x86-orchestrators |=== [#arm64-orchestrators] @@ -237,7 +239,7 @@ Prisma Cloud supports the official releases of the following orchestrators for t [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=arm-orchestrators +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=arm-orchestrators |=== [#istio] @@ -284,35 +286,35 @@ The following sections show the supported languages for each feature available f [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=vulnerability-scanning +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=vulnerability-scanning |=== ==== Compliance Scanning [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=compliance-scanning +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=compliance-scanning |=== ==== Runtime Protection with Defender [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=runtime-protection +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=runtime-protection |=== ==== WaaS with Defender [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=waas +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=waas |=== ==== Auto-Defend [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=auto-defend +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=auto-defend |=== [#go] @@ -335,7 +337,7 @@ Prisma Cloud supports the latest versions of Chrome, Safari, and Edge. For Microsoft Edge, only the new Chromium-based version (80.0.361 and later) is supported. -[cortex-xdr] +[#cortex-xdr] === Cortex XDR Prisma Cloud Defenders can work alongside Cortex XDR agents. diff --git a/docs/en/classic/compute-admin-guide/technology-overviews/defender-architecture.adoc b/docs/en/classic/compute-admin-guide/technology-overviews/defender-architecture.adoc index fff7cd003a..b0c2b7c5c2 100644 --- a/docs/en/classic/compute-admin-guide/technology-overviews/defender-architecture.adoc +++ b/docs/en/classic/compute-admin-guide/technology-overviews/defender-architecture.adoc @@ -113,6 +113,6 @@ Even if the Defender process terminates, becomes unresponsive, or cannot be rest === Firewalls -Defender enforces WAF policies (WAAS) and monitors layer 4 traffic (CNNS). +Defender enforces WAAS policies and monitors layer 4 traffic. In both cases, Defender creates iptables rules on the host so it can observe network traffic. -For more information, see xref:../firewalls/cnns-saas.adoc[CNNS] and xref:../waas/waas.adoc[WAAS architecture]. +For more information, see xref:../waas/waas.adoc[WAAS architecture]. diff --git a/docs/en/classic/compute-admin-guide/technology-overviews/radar.adoc b/docs/en/classic/compute-admin-guide/technology-overviews/radar.adoc index b0ab53875e..402e02bb59 100644 --- a/docs/en/classic/compute-admin-guide/technology-overviews/radar.adoc +++ b/docs/en/classic/compute-admin-guide/technology-overviews/radar.adoc @@ -218,21 +218,13 @@ The cluster pivot is currently supported for Kubernetes, OpenShift, and ECS clus All other running containers in your environment are collected in the *Non-Cluster Containers* view. [#radar-settings] -[.task] === Radar Settings -You can enable network monitoring for containers and hosts. +As a Cloud network security measure, you can visualize how your network resources communicate with each other, by enabling *Container network monitoring* and *Host network monitoring* under *Compute > Radars > Settings* and add network objects. -[.procedure] -. Log in to Prisma Cloud Console. +image::radar-settings.png[] -. Select *Compute > Radars > Settings*. - -. Enable CNNS for hosts and containers. -+ -Enable *Container network monitoring* and *Host network monitoring*. -+ -image::cnns-enable.png[width=400] +NOTE: If you have enabled Container/Host Network monitoring under *Compute > Radars > Settings* and are on kernel `v4.15.x` you must upgrade the kernel version to `v5.4.x` or later. [#add-network-objects] [.task] @@ -244,8 +236,6 @@ For example, a payment gateway might pass information to an external service to For hosts:: You can configure network objects to enforce traffic destined from a host to a subnet or another host. For containers:: You can configure network objects to enforce traffic destined from a container (referred to as an image) to a DNS, subnet, or to another container. -When a connection is established between two entities in your environment, CNNS policy evaluates the first rule where both source and destination match. If there are no matching rules, it allows the connection. - [.procedure] . Log in to Prisma Cloud Console. @@ -268,8 +258,6 @@ Some example network objects are: * Type: Image; Value: Name of the containerimage from a collection you have already defined. + A subnet network object can reference a range of IP addresses or a single IP address in a CIDR format. -+ -NOTE: If a rule alerts or prevents outgoing connections to a subnet, traffic will be blocked even if you have defined rules that allow some of those ports for containers/hosts that may be running on machines with IPs from the subnet. [#view-connections-radar] === View Connections on Radar @@ -278,13 +266,4 @@ Radar helps you visualize the connections for a typical microservices app and vi image::cnns-container-radar.png[width=600] -When a connection is observed, the dotted line becomes a solid line, and the CNNS policy is evaluated for a match. -If there is a matching rule, the color of the port number reflects the matching rule's configured effect. -Yellow port numbers represent connections that raised an alert. -Orange port numbers represent connections that were blocked. - -If there's no matching rule, by default the connection is allowed. -The port number is in gray to indicate that the connection was observed, but there was no matching rule. -As a best practice, review the port numbers in gray to assess the need to add additional rules for enforcement. - -NOTE: If CNNS is disabled, you cannot view outgoing connections to external IP addresses. +When a connection is observed, the dotted line becomes a solid line. diff --git a/docs/en/classic/compute-admin-guide/vulnerability-management/vuln-explorer.adoc b/docs/en/classic/compute-admin-guide/vulnerability-management/vuln-explorer.adoc index abb8647269..2e8ec9c70f 100644 --- a/docs/en/classic/compute-admin-guide/vulnerability-management/vuln-explorer.adoc +++ b/docs/en/classic/compute-admin-guide/vulnerability-management/vuln-explorer.adoc @@ -182,7 +182,7 @@ Vulnerability is remotely exploitable. The vulnerable component is bound to the network, and the attacker's path is through the network. * *Reachable from the internet* -- -Vulnerability exists in a container exposed to the internet. The detection of this risk factor requires that CNNS will be enabled and network objects will be defined for external sources under *Radar > Settings*. Then, if a connection is established between the defined external source and the container, the container is identified as reachable from the internet. +Vulnerability exists in a container exposed to the internet. * *Listening ports* -- Vulnerability exists in a container that is listening on network ports. diff --git a/docs/en/classic/compute-admin-guide/welcome/getting-started.adoc b/docs/en/classic/compute-admin-guide/welcome/getting-started.adoc index 1a5c14ccf7..1c7940cdec 100644 --- a/docs/en/classic/compute-admin-guide/welcome/getting-started.adoc +++ b/docs/en/classic/compute-admin-guide/welcome/getting-started.adoc @@ -48,4 +48,3 @@ The following articles will get you started with Prisma Cloud's core features: * xref:../vulnerability-management/vuln-management-rules.adoc[Create vulnerability rules] * xref:../runtime-defense/runtime-defense.adoc[Learn about runtime protection] * xref:../waas/waas.adoc[Set up a cloud native application firewall] -* xref:../firewalls/cnns-saas.adoc[Set up connection monitoring] diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-dns-logs.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-dns-logs.adoc index 63fb063a0d..8fae347e9a 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-dns-logs.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-dns-logs.adoc @@ -12,9 +12,9 @@ DNS log ingestion is not supported on Prisma Cloud stacks in AWS China and Gov C [.procedure] -. After you xref:onboard-aws-account.adoc[Onboard Your AWS Account], select menu:Settings[Cloud Accounts]. +. After you xref:onboard-aws-account.adoc[Onboard Your AWS Account], select *Settings > Cloud Accounts*. -. Click the *View* (image:view-cloud-account-icon.png[scale=60]) icon next to the AWS account from which you want to ingest DNS logs. +. Click the *View* (image:view-cloud-account-icon.png[]) icon next to the AWS account from which you want to ingest DNS logs. . Click *Threat Detection*. @@ -61,7 +61,7 @@ Running a stackset requires the following two roles. See the https://docs.aws.am ** https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml[AWS Cloud Formation StackSet Execution Role] ==== -.. After setting up the two roles, in your AWS console select menu:Settings[CloudFormation template > StackSets > Create StackSet]. +.. After setting up the two roles, in your AWS console select *Settings > CloudFormation template > StackSets > Create StackSet*. .. Choose a template for StackSet creation using https://redlock-public.s3.amazonaws.com/cft/prisma-dnslogs.onboarding-cft-stack-part-2.template[Amazon S3 URL]. + @@ -94,7 +94,7 @@ image::amazon-dns-logs-9.png[scale=30] + On successful configuration, Prisma Cloud starts to ingest DNS logs from Amazon Kinesis Data Firehose. -. Once the stackset deployment is complete, in your AWS console select menu:Route 53[Resolver > Query Logging], click *Route-53 query logging config* created by the CFT, and select the VPCs whose DNS query logs you want Prisma Cloud to ingest. +. Once the stackset deployment is complete, in your AWS console select *Route 53 > Resolver > Query Logging*, click *Route-53 query logging config* created by the CFT, and select the VPCs whose DNS query logs you want Prisma Cloud to ingest. + [NOTE] ==== diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-findings.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-findings.adoc index c404c3d7ef..37b3d56f16 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-findings.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-findings.adoc @@ -13,7 +13,7 @@ Prisma Cloud ingests findings and vulnerability data from AWS GuardDuty and Insp ==== [.procedure] -. After you xref:onboard-aws-account.adoc[Onboard Your AWS Account], select menu:Settings[Cloud Accounts]. +. After you xref:onboard-aws-account.adoc[Onboard Your AWS Account], select *Settings > Cloud Accounts*. . Click the *View* (image:view-cloud-account-icon.png[scale=60]) icon next to the AWS account for which you want to configure findings. Make sure that EventBridge is successfully configured for that account. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-flow-logs.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-flow-logs.adoc index ced96321e2..b1c565995c 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-flow-logs.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-flow-logs.adoc @@ -66,7 +66,7 @@ image::aws-s3-sample-flowlogs-4.png[scale=30] For your previously onboarded AWS accounts that are using S3 with 24 hours partition, you can now select hourly partition. Prisma Cloud checks whether flow logs have all the necessary permissions required for hourly partition (it does not check for the fields). [.procedure] -. After you xref:onboard-aws-account.adoc[Onboard Your AWS Account], select menu:Settings[Cloud Accounts]. +. After you xref:onboard-aws-account.adoc[Onboard Your AWS Account], select *Settings > Cloud Accounts*. . Click the *View* (image:view-cloud-account-icon.png[scale=60]) icon next to the AWS account for which you want to configure the logging account and buckets to fetch flow logs from S3. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc index 121989070e..023f3716de 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc @@ -73,7 +73,7 @@ Both the read-only role and the read-write roles require the AWS Managed Policy + .. Select *IAM* on the AWS Management Console. -.. In the navigation pane on the left, choose menu:Access{sp}Management[Policies > Create policy]. +.. In the navigation pane on the left, choose *Access Management > Policies > Create policy*. .. Select the *JSON* tab. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-account.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-account.adoc index 98d286c6a8..1b1366dfd5 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-account.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-account.adoc @@ -17,7 +17,7 @@ The below onboarding workflow automates the process of creating the Prisma Cloud + The CloudWatch log group defines where the log streams are recorded. -... Select menu:Services[CloudWatch > Logs > Create log group]. +... Select *Services > CloudWatch > Logs > Create log group*. ... Enter a name for the log group and click *Create*. + @@ -25,9 +25,9 @@ image::aws-onboarding-create-log-group.png[scale=20] .. Enable flow logs. + -... Select menu:Services[VPC > Your VPCs]. +... Select *Services > VPC > Your VPCs*. -... Select the VPC to enable flow logs for and select menu:Actions[Create flow log]. +... Select the VPC to enable flow logs for and select *Actions > Create flow log*. ... Set the *Filter* to *Accept* or *All*. + @@ -70,7 +70,7 @@ You will also need to xref:manually-set-up-prisma-cloud-role-for-aws.adoc[Manual + image::aws-create-flow-log.png[scale=20] -. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. . Select *Amazon Web Services* as the cloud account you want to onboard and *Get Started*. + @@ -119,7 +119,7 @@ Once you *Download IAM Role CFT*, it is valid for 30 days. Even if you close the .. Select one or more https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-account-groups[account groups] or select *Default Account Group*. + -You must assign each cloud account to an account group and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/create-an-alert-rule[create an Alert Rule for run-time checks] to associate with that account group to generate alerts when a policy violation occurs. +You must assign each cloud account to an account group and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/create-an-alert-rule[create an Alert Rule] for run-time checks to associate with that account group to generate alerts when a policy violation occurs. .. Click *Next*. @@ -129,9 +129,9 @@ image::aws-add-account-3-updated.png[scale=30] + Verify the *Details* of the AWS Account and the status checks for the *Security Capabilities* you selected while onboarding the account on Prisma Cloud. -.. Ensure that all the security capabilities you selected display a green *Successful* or *Enabled* (image:onboard-status-enabled.png[scale=30]) checkmark. +.. Ensure that all the security capabilities you selected display a green *Successful* or *Enabled* checkmark. -.. For the security capabilities that display a red *Checks Failed* (image:onboard-status-check-failed.png[scale=30]) icon, click the corresponding drop-down to view the cause of failure. To resolve the isssue, see xref:troubleshoot-aws-errors.adoc[Troubleshoot AWS Onboarding Errors]. +.. For the security capabilities that display a red *Checks Failed* icon, click the corresponding drop-down to view the cause of failure. To resolve the isssue, see xref:troubleshoot-aws-errors.adoc[Troubleshoot AWS Onboarding Errors]. .. Click *Save and Close* to complete onboarding or *Save and Onboard Another Account*. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-org.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-org.adoc index bb65c80e06..b912012f2a 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-org.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-org.adoc @@ -20,7 +20,7 @@ After you onboard your account as an AWS organization, you cannot roll back. To ==== [.procedure] -. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. . Select *Amazon Web Services* as the cloud account you want to onboard and *Get Started*. + @@ -38,14 +38,14 @@ The *Foundational* capabilities are enabled, by default: + ** *Misconfigurations* grants the permissions required to scan cloud resources and ingest metadata. ** *Identity Security* grants the permissions required to calculate net effective permissions for identities and manage access. -** Enable and add permissions for https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning[Agentless Workload Scanning] (selected by default) to scan hosts and containers for vulnerabilities and compliance risks without having to install a defender. If you do not want the Agentless Workload Scanning capability, you can deselect the checkbox. Scans start automatically once you onboard your organization. You can also update the scanning https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning/onboard-accounts/configure-aws [configuration] for agentless scans. +** Enable and add permissions for https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning[Agentless Workload Scanning] (selected by default) to scan hosts and containers for vulnerabilities and compliance risks without having to install a defender. If you do not want the Agentless Workload Scanning capability, you can deselect the checkbox. Scans start automatically once you onboard your organization. You can also update the scanning https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning/onboard-accounts/configure-aws[configuration] for agentless scans. + * Use the *Advanced* (additional) capabilities to proactively control your cloud operations and identify and remediate issues before they manifest within your runtime environments. + The *Advanced* capabilities that you can choose to enable are: + ** *Threat Detection* (enabled by default) grants the permissions required to detect DNS, Network, and Identity threats. -** Enable and add permissions for *Serverless Function Scanning* to scan cloud provider functions such as, AWS Lambda, Azure, and Google functions for https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/serverless_functions[vulnerabilities] and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/serverless[compliance]. Scans start automatically once you onboard your organization. You can also update the scanning https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning/onboard-accounts/configure-aws for serverless scans. +** Enable and add permissions for *Serverless Function Scanning* to scan cloud provider functions such as, AWS Lambda, Azure, and Google functions for https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/serverless_functions[vulnerabilities] and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/serverless[compliance]. Scans start automatically once you onboard your organization. You can also update the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning/onboard-accounts/configure-aws[scanning] for serverless scans. ** Add permissions for *Agent-Based Workload Protection* to allow for https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/deploy-defender/defender_types[automated deployment of defenders] to provide protection to secure cloud https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/deploy-defender/host/auto-defend-host[VMs], https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/deploy-defender/container/container[containers], and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/deploy-defender/orchestrator/orchestrator[Kubernetes orchestrators]. Registry scanning, Kubernetes audits, and other features required by defenders are also enabled. .. Click *Next*. @@ -74,11 +74,7 @@ After you download the CFT from Prisma Cloud and before you upload and create a * Click *Services* from the left navigation pane. -* Choose *AWS Account Management* from the list of services. - -* Select *Enable trusted access*. - -* Click *Services* again and choose *CloudFormation StackSets* from the list of services. +* Choose *CloudFormation StackSets* from the list of services. * Select *Enable trusted access*. @@ -91,11 +87,11 @@ After you download the CFT from Prisma Cloud and before you upload and create a .. Select an https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-account-groups[Account Group]. + -During initial onboarding, you must assign all the member cloud accounts with the AWS Organization hierarchy to an account group. Then, xref:../../manage-prisma-cloud-alerts/create-an-alert-rule.adoc[create an Alert Rule for run-time checks] to associate with that account group so that alerts are generated when a policy violation occurs. +During initial onboarding, you must assign all the member cloud accounts with the AWS Organization hierarchy to an account group. Then, xref:../../manage-prisma-cloud-alerts/create-an-alert-rule.adoc[create an Alert Rule] for run-time checks to associate with that account group so that alerts are generated when a policy violation occurs. + [NOTE] ==== -If you want to selectively assign AWS member accounts to different Account Group on Prisma Cloud, you can xref:../../manage-prisma-cloud-administrators/create-account-groups.adoc#id75582e6e-407d-4a64-b83a-006dp74631b1[modify the account group to include multiple cloud accounts]. +If you want to selectively assign AWS member accounts to different Account Group on Prisma Cloud, you can xref:../../manage-prisma-cloud-administrators/create-account-groups.adoc#id75582e6e-407d-4a64-b83a-006dp74631b1[modify] the account group to include multiple cloud accounts. ==== .. Click *Next*. @@ -106,9 +102,9 @@ image::aws-add-account-global-org-3.png[scale=20] + Verify the *Details* of the AWS Organization and the status checks for the *Security Capabilities* you selected while onboarding the organization on Prisma Cloud. -.. Ensure that all the security capabilities you selected display a green *Enabled* (image:onboard-status-enabled.png[scale=30]) icon. +.. Ensure that all the security capabilities you selected display a green *Enabled* icon. -.. For the security capabilities that display a red *Checks Failed* (image:onboard-status-check-failed.png[scale=30]) icon, click the corresponding drop-down to view the cause of failure. To resolve the isssue, see xref:troubleshoot-aws-errors.adoc[Troubleshoot AWS Onboarding Errors]. +.. For the security capabilities that display a red *Checks Failed* icon, click the corresponding drop-down to view the cause of failure. To resolve the isssue, see xref:troubleshoot-aws-errors.adoc[Troubleshoot AWS Onboarding Errors]. .. Click *Save and Close* to complete onboarding or *Save and Onboard Another Account*. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-account.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-account.adoc index 78b4b9e85f..76fb14ccfb 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-account.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-account.adoc @@ -15,7 +15,7 @@ For instruction on updating your AWS Organization, see xref:update-aws-org.adoc[ . Select the AWS cloud account you want to modify. + -Select menu:Settings[Cloud Accounts] and click the *Edit* icon for the cloud account to manage from the list of cloud accounts. +Select *Settings > Cloud Accounts* and click the *Edit* icon for the cloud account to manage from the list of cloud accounts. + image::edit-aws-account.png[scale=30] @@ -27,7 +27,7 @@ image::edit-aws-account-1.png[scale=30] .. Log in to https://aws.amazon.com/[AWS console]. -.. Select menu:Services[CloudFormation > Stacks]. +.. Select *Services > CloudFormation > Stacks*. .. Select the *PrismaCloudApp* stack to update and select *Update*. + @@ -45,7 +45,7 @@ If you decide to create a new stack instead of updating the existing stack, you .. *Update* your CFT. + -If you created a new stack, you must log in to the Prisma Cloud administrative console, select your cloud account on menu:Settings[Cloud Accounts], click the *Edit* icon, navigate to *Configure Account*, and enter the *PrismaCloudRoleARN* value from the AWS CFT output in the *IAM Role ARN* field. +If you created a new stack, you must log in to the Prisma Cloud administrative console, select your cloud account on *Settings > Cloud Accounts*, click the *Edit* icon, navigate to *Configure Account*, and enter the *PrismaCloudRoleARN* value from the AWS CFT output in the *IAM Role ARN* field. + [TIP] ==== diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-org.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-org.adoc index 5c2098beed..476d8a2197 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-org.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-org.adoc @@ -10,7 +10,7 @@ In addition to updating the CFT stack for enabling permissions for new services, .. Log in to the Prisma Cloud administrative console. -.. Select menu:Settings[Cloud Accounts] and click the *Edit* icon for the AWS organization from the list of cloud accounts. +.. Select *Settings > Cloud Accounts* and click the *Edit* icon for the AWS organization from the list of cloud accounts. .. In the *Edit Cloud Account* window, navigate to *Configure Account*, and *Download IAM Role CFT*. @@ -18,7 +18,7 @@ In addition to updating the CFT stack for enabling permissions for new services, .. Log in to your master account on the AWS management console. -.. Select menu:Services[CloudFormation > Stacks]. +.. Select *Services > CloudFormation > Stacks*. .. Select *PrismaCloudApp* stack and click *Update Stack*. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-onboarded-aws-accnt-to-org.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-onboarded-aws-accnt-to-org.adoc index cc4ca8bd67..92d9628e23 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-onboarded-aws-accnt-to-org.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-onboarded-aws-accnt-to-org.adoc @@ -10,7 +10,7 @@ If you had previously onboarded an individual AWS account as type *Account* and + image::aws-accnt-to-org-0-1.png[scale=30] -. Select menu:Add{sp}Cloud{sp}Account[AWS]. +. Select *Add > Cloud Account > AWS*. . Select *Organization*. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/create-custom-role-on-gcp.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/create-custom-role-on-gcp.adoc index feb36fc271..a11757ff5a 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/create-custom-role-on-gcp.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/create-custom-role-on-gcp.adoc @@ -41,7 +41,7 @@ image::gcp-custom-role.png[scale=40] . [[idec25890c-95a4-4aea-a40c-b992b042ac5e]]Create a Service Account and attach the custom role to it. + -.. Select menu:IAM{sp}&{sp}Admin[Service Accounts] page in the Google Cloud Console. +.. Select *IAM & Admin > Service Accounts* page in the Google Cloud Console. .. *Create Service Account* and add the role you created earlier to it. @@ -63,17 +63,17 @@ You must associate the Service account you created in the project to the GCP Org + .. Copy the service account member address. + -Select the project that you used to create the service account, and select menu:IAM{sp}&{sp}admin[IAM] to copy the service account member address. +Select the project that you used to create the service account, and select *IAM & Admin > IAM* to copy the service account member address. + image::gcp-service-account-member.png[scale=40] -.. Select your Organization, select menu:IAM{sp}&{sp}Admin[IAM] to *Add* members to the service account. +.. Select your Organization, select *IAM & Admin > IAM* to *Add* members to the service account. .. Paste the service account member address you copied as *New members* and *Select a role*. .. Select the custom role you created above and click *+ ADD ANOTHER ROLE*. -.. Select menu:Resource{sp}Manager[Organization Role Viewer] and *Folder Viewer* role, and click *Save*. +.. Select *Resource Manager > Organization Role Viewer* and *Folder Viewer* role, and click *Save*. + The Organization Viewer role enables permissions to view the Organization name without granting access to all resources in the Organization. The Folder Viewer roles is also required to onboard your GCP folders. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc index 11fc220c57..25064e4a15 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc @@ -51,11 +51,11 @@ If you are onboarding a GCP folder, you must have the https://cloud.google.com/i . Grant the service account permission to access your Cloud Storage bucket. + -.. Select menu:Navigation{sp}menu[Storage] and select your Cloud Storage bucket. +.. Select *Navigation menu > Storage* and select your Cloud Storage bucket. -.. Select menu:Permissions[Add members]. +.. Select *Permissions > Add members*. -.. Add the service account email address for *Members*, select menu:Storage[Storage Admin] and select *Add*. +.. Add the service account email address for *Members*, select *Storage > Storage Admin* and select *Add*. + image::gcp-organization-storage-account-access.png[scale=50] diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-project.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-project.adoc index b6960c1bfa..3a9baa4d88 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-project.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-project.adoc @@ -23,7 +23,7 @@ To analyze your network traffic, you must enable flow logs for each project you + .. Log in to https://console.cloud.google.com/[GCP console] and select your project. -.. Select menu:Navigation{sp}menu[VPC network > VPC networks]. +.. Select *Navigation menu > VPC network > VPC networks*. + image::gcp-flow-logs-vpc-network.png[scale=50] @@ -56,11 +56,11 @@ You must grant the Prisma Cloud service principal permissions to list objects in + You must create a sink and specify a Cloud Storage bucket as the export destination for VPC flow logs. You must configure a sink for every project that you want Prisma Cloud to monitor and configure a single Cloud Storage bucket as the sink destination for all projects. When you xref:onboard-gcp-project.adoc[Onboard Your GCP Project], you must provide the Cloud Storage bucket from which the service can ingest VPC flow logs. As a cost reduction best practice, set a lifecycle to delete logs from your Cloud Storage bucket. + -.. While authenticated into GCP, switch to the new Logs Explorer by selecting menu:Navigation{sp}menu[Logging > Legacy Logs Viewer > Upgrade > Upgrade to the new Logs Explorer]. +.. While authenticated into GCP, switch to the new Logs Explorer by selecting *Navigation menu > Logging > Legacy Logs Viewer > Upgrade > Upgrade to the new Logs Explorer*. .. Create a sink. + -Select menu:Logging[Logs Router > Create Sink]. +Select *Logging > Logs Router > Create Sink*. + image::gcp-flow-logs-stackdriver-logging.png[scale=50] @@ -95,7 +95,7 @@ In *Build inclusion filter* do the following: + By default, logs are never deleted. To manage cost, specify the threshold (in number of days) for which you want to store logs. -... Select menu:Navigation{sp}Menu[Cloud Storage > Browser]. +... Select *Navigation Menu > Cloud Storage > Browser*. ... Select the *Lifecycle* link for the storage bucket you want to modify. + @@ -117,7 +117,7 @@ You can review the status and take necessary actions to resolve any issues encou .. Authenticate into Prisma Cloud and verify that your storage bucket is being ingested. + -Select menu:Settings[Cloud Accounts], filter for GCP cloud accounts. Click the *Edit* icon under the *Actions* column to view the results. +Select *Settings > Cloud Accounts*, filter for GCP cloud accounts. Click the *Edit* icon under the *Actions* column to view the results. .. Navigate to *Investigate*, replace the name with your GCP cloud account name, and enter the following network query: + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-org.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-org.adoc index 876fd5d3ef..b3e7c94560 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-org.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-org.adoc @@ -9,7 +9,7 @@ Begin here to add a GCP organization to Prisma Cloud. If you have added a GCP pr When you add the GCP organization to Prisma Cloud, you can specify which folders and projects to include or exclude under the organization resource hierarchy. [.procedure] -. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. . Select *Google Cloud Platform* as the cloud account you want to onboard and *Get Started*. + @@ -118,7 +118,7 @@ If you selected *Exclude a subset* of folders, the ability to *Maintain recurse + When you choose to create account groups recursively, each account group includes a list of all GCP projects nested within the heirarchical folder structure as you see it on the GCP console. Because the account groups are organized in a flat structure on Prisma Cloud, you cannot see the mapping visually. + -Account groups that are created automatically are indicated with image:automap-icon.png[scale=70], and cannot be edited on Prisma Cloud. See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-account-groups[create account groups] for more details. +Account groups that are created automatically are indicated with automap icon, and cannot be edited on Prisma Cloud. See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-account-groups[create account groups] for more details. + If you want to selectively assign accounts to different account groups on Prisma Cloud, you can xref:../../manage-prisma-cloud-administrators/create-account-groups.adoc#id75582e6e-407d-4a64-b83a-006dp74631b1[modify the account group to include multiple cloud accounts]. + @@ -135,9 +135,9 @@ image::gcp-add-org-3.png[scale=40] + Verify the *Details* of the GCP organization and the status checks for the *Security Capabilities* you selected while onboarding the organization on Prisma Cloud. -.. Ensure that all the security capabilities you selected display a green *Enabled* (image:onboard-status-enabled.png[scale=40]) icon. +.. Ensure that all the security capabilities you selected display a green *Enabled* icon. -.. For the security capabilities that display a red *Checks Failed* (image:onboard-status-check-failed.png[scale=40]) icon, click the corresponding drop-down to view the cause of failure. +.. For the security capabilities that display a red *Checks Failed* icon, click the corresponding drop-down to view the cause of failure. .. Click *Save and Close* to complete onboarding or *Save and Onboard Another Account*. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-project.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-project.adoc index 7cfdf93ddc..9cb1bfccde 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-project.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-project.adoc @@ -8,11 +8,11 @@ Begin here to add a GCP project to Prisma Cloud. If you want to add multiple pro [NOTE] ==== -After you start monitoring your project using Prisma Cloud, if you delete the project on GCP, Prisma Cloud automatically deletes the account from the list of monitored accounts on menu:Settings[Cloud Accounts]. To track the automatic deletion of the project, an audit log is generated with information on the name of the deleted account and the date that the action was performed. +After you start monitoring your project using Prisma Cloud, if you delete the project on GCP, Prisma Cloud automatically deletes the account from the list of monitored accounts on *Settings > Cloud Accounts*. To track the automatic deletion of the project, an audit log is generated with information on the name of the deleted account and the date that the action was performed. ==== [.procedure] -. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. . Select *Google Cloud Platform* as the cloud account you want to onboard and *Get Started*. + @@ -79,7 +79,7 @@ Prisma Cloud recommends that you create a directory to store the Terraform templ + [NOTE] ==== -Make sure to assign each cloud account to an account group and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/create-an-alert-rule.html#idd1af59f7-792f-42bf-9d63-12d29ca7a950[create an Alert Rule for run-time checks] to associate the account group with it to generate alerts when a policy violation occurs. +Make sure to assign each cloud account to an account group and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/create-an-alert-rule.html#idd1af59f7-792f-42bf-9d63-12d29ca7a950[create an Alert Rule] for run-time checks to associate the account group with it to generate alerts when a policy violation occurs. ==== .. Click *Next*. @@ -90,9 +90,9 @@ image::gcp-add-proj-3.png[scale=40] + Verify the *Details* of the GCP project and the status checks for the *Security Capabilities* you selected while onboarding the project on Prisma Cloud. -* Ensure that all the security capabilities you selected display a green *Enabled*(image:onboard-status-enabled.png[scale=40]) icon. +* Ensure that all the security capabilities you selected display a green *Enabled* icon. -* For the security capabilities that display a red *Checks Failed* (image:onboard-status-check-failed.png[scale=40]) icon, click the corresponding drop-down to view the cause of failure. +* For the security capabilities that display a red *Checks Failed* icon, click the corresponding drop-down to view the cause of failure. + It takes between 4-24 hours for the flow log data to be exported and analyzed before you can review it on Prisma Cloud. To verify if the flow log data from your GCP project has been analyzed, you can run a network query on the *Investigate* page. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/prerequisites-to-onboard-gcp.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/prerequisites-to-onboard-gcp.adoc index 7a4194db30..a36417d338 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/prerequisites-to-onboard-gcp.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/prerequisites-to-onboard-gcp.adoc @@ -94,7 +94,8 @@ The following table lists the APIs and associated granular permissions if you wa |`apikeys.googleapis.com` |Authenticates requests associated with your project for usage and billing purposes. |API Keys Viewer -|`apikeys.keys.list``apikeys.keys.get` +|`apikeys.keys.list` +`apikeys.keys.get` | |App Engine API @@ -108,7 +109,10 @@ The following table lists the APIs and associated granular permissions if you wa |`accesscontextmanager.googleapis.com` |Read access to policies, access levels, and access zones. |Access Context Manager Reader -|`accesscontextmanager.accessPolicies.list``accesscontextmanager.policies.list``accesscontextmanager.accessLevels.list``accesscontextmanager.servicePerimeters.list` +|`accesscontextmanager.accessPolicies.list` +`accesscontextmanager.policies.list` +`accesscontextmanager.accessLevels.list` +`accesscontextmanager.servicePerimeters.list` |Project where you have created the service account |Access Approval @@ -122,35 +126,44 @@ The following table lists the APIs and associated granular permissions if you wa |`apigateway.googleapis.com` |Enables you to create, secure, and monitor APIs for Google Cloud serverless back ends, including Cloud Functions, Cloud Run, and App Engine. |API Gateway Viewer -|`apigateway.gateways.getIamPolicy``apigateway.gateways.list``apigateway.gateways.get``apigateway.locations.list` +|`apigateway.gateways.getIamPolicy` +`apigateway.gateways.list` +`apigateway.gateways.get` +`apigateway.locations.list` |Every project that the service account can access |BigQuery API |`cloudasset.googleapis.com` |Allows you to create, manage, share, and query data. |Cloud Asset Viewer -|`bigquery.tables.get``cloudasset.assets.searchAllResources``cloudasset.assets.searchAllIamPolicies` +|`bigquery.tables.get` +`cloudasset.assets.searchAllResources` +`cloudasset.assets.searchAllIamPolicies` |Project where you have created the service account |Binary Authorization API |`binaryauthorization.googleapis.com` |Enables you to configure a policy that the service enforces when an attempt is made to deploy a container image on one of the supported container-based platforms. |Project Viewer -|`binaryauthorization.policy.get``binaryauthorization.policy.getIamPolicy` +|`binaryauthorization.policy.get` +`binaryauthorization.policy.getIamPolicy` |Project where you have created the service account |Cloud Data Fusion |`datafusion.googleapis.com` |Cloud Data Fusion is a fully managed, cloud-native, enterprise data integration service for quickly building and managing data pipelines. |Project Viewer -|`datafusion.instances.list``datafusion.instances.getIamPolicy` +|`datafusion.instances.list` +`datafusion.instances.getIamPolicy` |Every project that the service account can access |Cloud Functions |`cloudfunctions.googleapis.com` |Cloud Functions is Google Cloud’s event-driven serverless compute platform. |Project Viewer -|`cloudfunctions.functions.getIamPolicy``cloudfunctions.functions.list``cloudfunctions.functions.get` +|`cloudfunctions.functions.getIamPolicy` +`cloudfunctions.functions.list` +`cloudfunctions.functions.get` `cloudfunctions.locations.list` |Project where you have created the service account @@ -158,21 +171,41 @@ The following table lists the APIs and associated granular permissions if you wa |`dataflow.googleapis.com` |Manages Google Cloud Dataflow projects. |Dataflow Admin -|`iam.serviceAccounts.actAs``resourcemanager.projects.get``storage.buckets.get``storage.objects.create``storage.objects.get``storage.objects.list`See xref:flow-logs-compression.adoc[Flow Logs Compression] +|`iam.serviceAccounts.actAs` +`resourcemanager.projects.get` +`storage.buckets.get` +`storage.objects.create` +`storage.objects.get` +`storage.objects.list` +See xref:flow-logs-compression.adoc[Flow Logs Compression] |Project that runs Data Flow |Cloud DNS API |`dns.googleapis.com` |Cloud DNS translates requests for domain names into IP addresses and manages and publishes DNS zones and records. |DNS Reader -|`dns.dnsKeys.list``dns.managedZones.list``dns.projects.get``dns.policies.list``dns.managedZones.list``dns.resourceRecordSets.list``dns.responsePolicyRules.list` +|`dns.dnsKeys.list` +`dns.managedZones.list` +`dns.projects.get` +`dns.policies.list` +`dns.managedZones.list` +`dns.resourceRecordSets.list` +`dns.responsePolicyRules.list` |Every project that the service account can access |Cloud Pub/Sub |`pubsub.googleapis.com` |Real-time messaging service that allows you to send and receive messages between independent applications. |Project Viewer and a custom role with granular privileges -|`pubsub.topics.list``pubsub.topics.get``pubsub.topics.getIamPolicy``pubsub.subscriptions.list``pubsub.subscriptions.get``pubsub.subscriptions.getIamPolicy``pubsub.snapshots.list``pubsub.snapshots.getIamPolicy``cloudasset.assets.searchAllIamPolicies` +|`pubsub.topics.list` +`pubsub.topics.get` +`pubsub.topics.getIamPolicy` +`pubsub.subscriptions.list` +`pubsub.subscriptions.get` +`pubsub.subscriptions.getIamPolicy` +`pubsub.snapshots.list` +`pubsub.snapshots.getIamPolicy` +`cloudasset.assets.searchAllIamPolicies` |Every project that the service account can access |Container Analysis @@ -186,7 +219,20 @@ The following table lists the APIs and associated granular permissions if you wa |`dataplex.googleapis.com` |Unifies distributed data and automates data management and governance across that data to power analytics at scale. |Project Viewer -|`dataplex.assets.list``dataplex.assets.getIamPolicy``dataplex.assetActions.list``dataplex.content.list``dataplex.content.getIamPolicy``dataplex.entities.list``dataplex.locations.list``dataplex.lakes.list``dataplex.lakes.getIamPolicy``dataplex.tasks.list``dataplex.tasks.getIamPolicy``dataplex.zones.list``dataplex.lakeActions.list``dataplex.zoneActions.list` +|`dataplex.assets.list` +`dataplex.assets.getIamPolicy` +`dataplex.assetActions.list` +`dataplex.content.list` +`dataplex.content.getIamPolicy` +`dataplex.entities.list` +`dataplex.locations.list` +`dataplex.lakes.list` +`dataplex.lakes.getIamPolicy` +`dataplex.tasks.list` +`dataplex.tasks.getIamPolicy` +`dataplex.zones.list` +`dataplex.lakeActions.list` +`dataplex.zoneActions.list` |Project where you have created the service account .2+|Google Cloud Resource Manager API @@ -207,21 +253,33 @@ Every project that the service account can access |`dlp.googleapis.com` |Cloud Data Loss Prevention is a fully managed service designed to discover, classify, and protect the most sensitive data. |Project Viewer -|`dlp.inspectTemplates.list``dlp.deidentifyTemplates.list``dlp.jobTriggers.list``dlp.deidentifyTemplates.list``dlp.inspectTemplates.list``dlp.storedInfoTypes.list` +|`dlp.inspectTemplates.list` +`dlp.deidentifyTemplates.list` +`dlp.jobTriggers.list` +`dlp.deidentifyTemplates.list` +`dlp.inspectTemplates.list` +`dlp.storedInfoTypes.list` |Project where you have created the service account |Google Cloud Deploy |`clouddeploy.googleapis.com` |Google Cloud Deploy is an opinionated, serverless, secure continuous delivery service for GKE to manage release progression from dev to staging to prod. |Project Viewer -|`clouddeploy.config.get``clouddeploy.locations.list``clouddeploy.deliveryPipelines.list``clouddeploy.deliveryPipelines.getIamPolicy``clouddeploy.targets.list``clouddeploy.targets.getIamPolicy` +|`clouddeploy.config.get` +`clouddeploy.locations.list` +`clouddeploy.deliveryPipelines.list` +`clouddeploy.deliveryPipelines.getIamPolicy` +`clouddeploy.targets.list` +`clouddeploy.targets.getIamPolicy` |Every project that the service account can access |Google Firebase App Distribution -|`firebaseappdistribution.googleapis.com``cloudresourcemanager.googleapis.com` +|`firebaseappdistribution.googleapis.com` +`cloudresourcemanager.googleapis.com` |Firebase App Distributimakes painless distribution of apps to trusted testers by getting the apps onto testers' devices quickly and also can get feedback early and often. |Project Viewer -|`resourcemanager.projects.get``firebaseappdistro.testers.list` +|`resourcemanager.projects.get` +`firebaseappdistro.testers.list` |Project where you have created the service account @@ -236,7 +294,12 @@ Every project that the service account can access |`cloudasset.googleapis.com` |Google Cloud KMS allows customers to manage encryption keys and perform cryptographic operations with those keys. |Cloud Asset Viewer -|`cloudasset.assets.searchAllResources``cloudasset.assets.searchAllIamPolicies``cloudkms.keyRings.get``cloudkms.keyRings.getIamPolicy``cloudkms.cryptoKeys.get``cloudkms.cryptoKeys.getIamPolicy` +|`cloudasset.assets.searchAllResources` +`cloudasset.assets.searchAllIamPolicies` +`cloudkms.keyRings.get` +`cloudkms.keyRings.getIamPolicy` +`cloudkms.cryptoKeys.get` +`cloudkms.cryptoKeys.getIamPolicy` |Project where you have created the service account |Cloud Service Usage API @@ -250,14 +313,16 @@ Every project that the service account can access |`binaryauthorization.googleapis.com` |A service that enables policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run. |Project Viewer -|`binaryauthorization.policy.get``binaryauthorization.policy.getIamPolicy` +|`binaryauthorization.policy.get` +`binaryauthorization.policy.getIamPolicy` |Every project that the service account can access |Google Cloud Armor |`compute.googleapis.com` |Network security service that provides defenses against DDoS and application attacks, and offers WAF rules. |Project Viewer -|`compute.securityPolicies.list``compute.securityPolicies.get` +|`compute.securityPolicies.list` +`compute.securityPolicies.get` |Every project that the service account can access |Google Cloud Billing @@ -272,14 +337,21 @@ Every project that the service account can access |`cloudtasks.googleapis.com` |API to fetch task and queue information. |Project Viewer -|`cloudtasks.locations.list``cloudtasks.tasks.list``cloudtasks.queues.list``run.locations.list` +|`cloudtasks.locations.list` +`cloudtasks.tasks.list` +`cloudtasks.queues.list` +`run.locations.list` |Every project that the service account can access |Google AI Platform |`ml.googleapis.com` |A suite of services on Google Cloud specifically targeted at building, deploying, and managing machine learning models in the cloud. | -|`ml.models.list``ml.models.getIamPolicy``ml.jobs.getIamPolicy``ml.jobs.list``ml.jobs.get` +|`ml.models.list` +`ml.models.getIamPolicy` +`ml.jobs.getIamPolicy` +`ml.jobs.list` +`ml.jobs.get` | |Google Analytics Hub @@ -293,56 +365,90 @@ Every project that the service account can access |`gkehub.googleapis.com` |Anthos offers capabilities built around the idea of the fleet: a logical grouping of Kubernetes clusters and other resources that can be managed together. |Project Viewer -|`gkehub.locations.list``gkehub.memberships.list``gkehub.memberships.getIamPolicy``gkehub.features.list``gkehub.features.getIamPolicy` +|`gkehub.locations.list` +`gkehub.memberships.list` +`gkehub.memberships.getIamPolicy` +`gkehub.features.list` +`gkehub.features.getIamPolicy` |Every project that the service account can access |Google Apigee X |`apigee.googleapis.com` |Apigee X is a new version of Google Cloud's API management platform that assists enterprises in making the transition to digital platforms. |Project Viewer -|`apigee.apiproducts.get``apigee.apiproducts.list``apigee.organizations.get``apigee.organizations.list``apigee.sharedflows.list``apigee.sharedflows.get``apigee.deployments.list``apigee.datacollectors.list``apigee.datastores.list``apigee.instances.list``apigee.instanceattachments.list``apigee.envgroups.list``apigee.environments.get``apigee.environments.getIamPolicy``apigee.hostsecurityreports.list``apigee.proxies.get``apigee.proxies.list``apigee.reports.list``apigee.securityProfiles.list` +|`apigee.apiproducts.get` +`apigee.apiproducts.list` +`apigee.organizations.get` +`apigee.organizations.list` +`apigee.sharedflows.list` +`apigee.sharedflows.get` +`apigee.deployments.list` +`apigee.datacollectors.list` +`apigee.datastores.list` +`apigee.instances.list` +`apigee.instanceattachments.list` +`apigee.envgroups.list` +`apigee.environments.get` +`apigee.environments.getIamPolicy` +`apigee.hostsecurityreports.list` +`apigee.proxies.get` +`apigee.proxies.list` +`apigee.reports.list` +`apigee.securityProfiles.list` |Every project that the service account can access |Google Artifact Registry |`artifactregistry.googleapis.com` |Artifact Registry is a scalable and integrated service to store and manage build artifacts. |Project Viewer -|`artifactregistry.locations.list``artifactregistry.repositories.list``artifactregistry.repositories.getIamPolicy` +|`artifactregistry.locations.list` +`artifactregistry.repositories.list` +`artifactregistry.repositories.getIamPolicy` |Every project that the service account can access |Google Essential Contacts |`essentialcontacts.googleapis.com` |Allows you to customize who receives notifications from Google Cloud services, such as Cloud Billing, by providing a list of contacts. |Project Viewer -|`essentialcontacts.contacts.list ` +|`essentialcontacts.contacts.list` |Project where you have created the service account |Google Firebase Rules |`firebaserules.googleapis.com` |An application development software that enables developers to develop iOS, Android and Web apps. | -|`firebaserules.rulesets.get``firebaserules.rulesets.list``firebaserules.releases.list` +|`firebaserules.rulesets.get` +`firebaserules.rulesets.list` +`firebaserules.releases.list` | |Google Cloud Composer |`composer.googleapis.com` | |Project Viewer -|`composer.environments.list``composer.environments.get` +|`composer.environments.list` +`composer.environments.get` |Every project that the service account can access |Google Cloud Source Repositories API |`sourcerepo.googleapis.com` |A private Git repository to design, develop, and securely manage your code. |Source Repository Reader -|`source.repos.list``source.repos.getIamPolicy` +|`source.repos.list` +`source.repos.getIamPolicy` |Every project that the service account can access |Google Cloud Spanner API |`spanner.googleapis.com` |A globally distributed NewSQL database service and storage solution designed to support global online transaction processing deployments. |Cloud Spanner Viewer -|`spanner.databases.list``spanner.databases.getIamPolicy``spanner.instances.list``spanner.instanceConfigs.list``spanner.instances.getIamPolicy``spanner.backups.list``spanner.backups.getIamPolicy` +|`spanner.databases.list` +`spanner.databases.getIamPolicy` +`spanner.instances.list` +`spanner.instanceConfigs.list` +`spanner.instances.getIamPolicy` +`spanner.backups.list` +`spanner.backups.getIamPolicy` |Project where you have created the service account And @@ -360,49 +466,114 @@ Every project that the service account can access |`compute.googleapis.com` |Creates and runs virtual machines on the Google Cloud Platform. |Project Viewer -|`cloudasset.assets.searchAllIamPolicies``compute.addresses.list``compute.backendServices.list``compute.backendBuckets.list``compute.sslCertificates.list``compute.disks.get``compute.disks.list``compute.firewalls.list``compute.forwardingRules.list``compute.globalForwardingRules.list``compute.images.get``compute.images.list``compute.images.getIamPolicy``compute.instances.getIamPolicy``compute.instances.list``compute.instanceGroups.list``compute.instanceTemplates.list``compute.instanceTemplates.getIamPolicy``compute.targetSslProxies.list``compute.networks.get``compute.networks.list``compute.subnetworks.get``compute.projects.get``compute.regionBackendServices.list``compute.routers.get``compute.routers.list``compute.routes.list``compute.snapshots.list``compute.snapshots.getIamPolicy``compute.sslPolicies.get``compute.sslPolicies.list``compute.subnetworks.list``compute.targetHttpProxies.list``compute.targetHttpsProxies.list``compute.targetPools.list``compute.urlMaps.list``compute.vpnTunnels.list``compute.externalVpnGateways.list` +|`cloudasset.assets.searchAllIamPolicies` +`compute.addresses.list` +`compute.backendServices.list` +`compute.backendBuckets.list` +`compute.sslCertificates.list` +`compute.disks.get` +`compute.disks.list` +`compute.firewalls.list` +`compute.forwardingRules.list` +`compute.globalForwardingRules.list` +`compute.images.get` +`compute.images.list` +`compute.images.getIamPolicy` +`compute.instances.getIamPolicy` +`compute.instances.list` +`compute.instanceGroups.list` +`compute.instanceTemplates.list` +`compute.instanceTemplates.getIamPolicy` +`compute.targetSslProxies.list` +`compute.networks.get` +`compute.networks.list` +`compute.subnetworks.get` +`compute.projects.get` +`compute.regionBackendServices.list` +`compute.routers.get` +`compute.routers.list` +`compute.routes.list` +`compute.snapshots.list` +`compute.snapshots.getIamPolicy` +`compute.sslPolicies.get` +`compute.sslPolicies.list` +`compute.subnetworks.list` +`compute.targetHttpProxies.list` +`compute.targetHttpsProxies.list` +`compute.targetPools.list` +`compute.urlMaps.list` +`compute.vpnTunnels.list` +`compute.externalVpnGateways.list` |Project where you have created the service account |Cloud Bigtable API |`bigtableadmin.googleapis.com` |Google Cloud Bigtable is a NoSQL Big Data database service. |Custom Role -|`bigtable.appProfiles.get``bigtable.appProfiles.list``bigtable.clusters.get``bigtable.clusters.list``bigtable.instances.get``bigtable.instances.list``bigtable.instances.getIamPolicy``bigtable.tables.get``bigtable.tables.list``bigtable.tables.getIamPolicy``bigtable.backups.list``bigtable.backups.getIamPolicy` +|`bigtable.appProfiles.get` +`bigtable.appProfiles.list` +`bigtable.clusters.get` +`bigtable.clusters.list` +`bigtable.instances.get` +`bigtable.instances.list` +`bigtable.instances.getIamPolicy` +`bigtable.tables.get` +`bigtable.tables.list` +`bigtable.tables.getIamPolicy` +`bigtable.backups.list` +`bigtable.backups.getIamPolicy` |Project where you have created the service account |Google Cloud Storage API |`storage-component.googleapis.com` |Cloud Storage is a RESTful service for storing and accessing your data on Google’s infrastructure. |Custom Role -|`storage.buckets.get``storage.buckets.getIamPolicy``storage.buckets.list` +|`storage.buckets.get` +`storage.buckets.getIamPolicy` +`storage.buckets.list` |No specific requirement for Prisma Cloud |Google Organization Policy |`orgpolicy.googleapis.com` |Organization Policy Service provides centralized and programmatic control over organization's cloud resources through configurable constraints across the entire resource hierarchy. |Project Viewer -|`orgpolicy.constraints.list``orgpolicy.policy.get` +|`orgpolicy.constraints.list` +`orgpolicy.policy.get` |Project where you have created the service account |Google Dataproc Clusters API |`dataproc.googleapis.com` |Dataproc is a managed service for creating clusters of compute that can be used to run Hadoop and Spark applications. |Project Viewer -|`dataproc.clusters.list``dataproc.clusters.get``dataproc.clusters.getIamPolicy``cloudasset.assets.searchAllIamPolicies``dataproc.workflowTemplates.list``dataproc.workflowTemplates.getIamPolicy``dataproc.autoscalingPolicies.list``dataproc.autoscalingPolicies.getIamPolicy` +|`dataproc.clusters.list` +`dataproc.clusters.get` +`dataproc.clusters.getIamPolicy` +`cloudasset.assets.searchAllIamPolicies` +`dataproc.workflowTemplates.list` +`dataproc.workflowTemplates.getIamPolicy` +`dataproc.autoscalingPolicies.list` +`dataproc.autoscalingPolicies.getIamPolicy` |Every project that the service account can access |Google Dataproc Metastore |`metastore.googleapis.com` |Dataproc is a managed service for creating clusters of compute that can be used to run Hadoop and Spark applications. |Project Viewer -|`metastore.locations.list``metastore.services.list``metastore.services.getIamPolicy` +|`metastore.locations.list` +`metastore.services.list` +`metastore.services.getIamPolicy` |Every project that the service account can access |Google Data Catalog |`datacatalog.googleapis.com` |Data Catalog is a fully managed, scalable metadata management service which helps in searching and tagging data entries. |Project Viewer -|`datacatalog.taxonomies.list``datacatalog.taxonomies.getIamPolicy``datacatalog.taxonomies.get``datacatalog.entryGroups.list``datacatalog.entryGroups.getIamPolicy``datacatalog.entryGroups.get` +|`datacatalog.taxonomies.list` +`datacatalog.taxonomies.getIamPolicy` +`datacatalog.taxonomies.get` +`datacatalog.entryGroups.list` +`datacatalog.entryGroups.getIamPolicy` +`datacatalog.entryGroups.get` |Project where you have created the service account |Google Datastore @@ -416,14 +587,21 @@ Every project that the service account can access |`datastream.googleapis.com` |Datastream is a serverless change data capture (CDC) and replication service to synchronize data across heterogeneous databases and applications. |Project Viewer -|`datastream.locations.list``datastream.privateConnections.list``datastream.connectionProfiles.list``datastream.streams.list` +|`datastream.locations.list` +`datastream.privateConnections.list` +`datastream.connectionProfiles.list` +`datastream.streams.list` | |Google AlloyDB for PostgreSQL |`alloydb.googleapis.com` |AlloyDB for PostgreSQL is a fully managed, PostgreSQL-compatible database service designed for most demanding workloads, including hybrid transactional and analytical processing. |Project Viewer -|`alloydb.locations.list``alloydb.backups.list``alloydb.clusters.list``alloydb.instances.list``alloydb.users.list` +|`alloydb.locations.list` +`alloydb.backups.list` +`alloydb.clusters.list` +`alloydb.instances.list` +`alloydb.users.list` |Project where you have created the service account |Google Recommendation APIs @@ -432,28 +610,42 @@ Every project that the service account can access `gcloud-recommender-organization-iam-policy-lateral-movement-insight` |Google Recommender provides usage recommendations for Google Cloud resources. Recommenders are specific to a single Google Cloud product and resource type. |IAM Recommender Viewer -|`recommender.iamPolicyRecommendations.list``recommender.iamPolicyInsights.list``recommender.iamServiceAccountInsights.list``recommender.iamPolicyLateralMovementInsights.list` +|`recommender.iamPolicyRecommendations.list` +`recommender.iamPolicyInsights.list` +`recommender.iamServiceAccountInsights.list` +`recommender.iamPolicyLateralMovementInsights.list` |Project where you have created the service account |Google HealthCare |`healthcare.googleapis.com` |Manages solutions for storing and accessing healthcare data in Google Cloud. |Project Viewer -|`healthcare.locations.list``healthcare.datasets.get``healthcare.datasets.list``healthcare.datasets.getIamPolicy` +|`healthcare.locations.list` +`healthcare.datasets.get` +`healthcare.datasets.list` +`healthcare.datasets.getIamPolicy` |Every project that the service account can access |Google Hybrid Connectivity |`networkconnectivity.googleapis.com` |Network Connectivity is Google's suite of products that provide enterprise connectivity from your on-premises network or from another cloud provider to your Virtual Private Cloud (VPC) network. |Project Viewer -|`networkconnectivity.hubs.list``networkconnectivity.hubs.getIamPolicy``networkconnectivity.locations.list``networkconnectivity.spokes.list``networkconnectivity.spokes.getIamPolicy` +|`networkconnectivity.hubs.list` +`networkconnectivity.hubs.getIamPolicy` +`networkconnectivity.locations.list` +`networkconnectivity.spokes.list` +`networkconnectivity.spokes.getIamPolicy` |Every project that the service account can access |Google Cloud Run API |`run.googleapis.com` |Deploys and manages user provided container images. |Project Viewer -|`run.locations.list``run.services.list``cloudasset.assets.searchAllIamPolicies``run.jobs.list``run.jobs.getIamPolicy` +|`run.locations.list` +`run.services.list` +`cloudasset.assets.searchAllIamPolicies` +`run.jobs.list` +`run.jobs.getIamPolicy` |Every project that the service account can access @@ -461,28 +653,37 @@ Every project that the service account can access |`secretmanager.googleapis.com` |Stores sensitive data such as API keys, passwords, and certificates. |Secret Manager Viewer -|`secretmanager.secrets.list``secretmanager.secrets.getIamPolicy``secretmanager.versions.list` +|`secretmanager.secrets.list` +`secretmanager.secrets.getIamPolicy` +`secretmanager.versions.list` |Every project that the service account can access |Google Security Command Center |`securitycenter.googleapis.com` |Security Command Center is centralized vulnerability and threat reporting service which helps to mitigate and remediate security risks. |Project Viewer -|`securitycenter.sources.list``securitycenter.sources.getIamPolicy``securitycenter.organizationsettings.get``securitycenter.notificationconfig.list``securitycenter.muteconfigs.list` +|`securitycenter.sources.list` +`securitycenter.sources.getIamPolicy` +`securitycenter.organizationsettings.get` +`securitycenter.notificationconfig.list` +`securitycenter.muteconfigs.list` |Project where you have created the service account |Google Serverless VPC Access |`vpcaccess.googleapis.com` |Serverless VPC Access allows Cloud Functions and App Engine apps to access resources in a VPC network using those resources’ private IPs. |Project Viewer -|`vpcaccess.locations.list``vpcaccess.connectors.list` +|`vpcaccess.locations.list` +`vpcaccess.connectors.list` |Every project that the service account can access |Google Cloud Filestore |`file.instances.list` |Creates and manages cloud file servers. |Cloud Filestore Viewer -|`file.instances.list``file.snapshots.list``file.backups.list` +|`file.instances.list` +`file.snapshots.list` +`file.backups.list` |Every project that the service account can access |Google Cloud Firestore @@ -496,7 +697,12 @@ Every project that the service account can access |`identitytoolkit.googleapis.com` |Identity Platform is a customizable authentication service which makes it easier for users to sign-up and sign-in by providing back-end services, SDKs, and UI libraries. |Project Viewer -|`firebaseauth.configs.get``identitytoolkit.tenants.list``firebaseauth.users.get``identitytoolkit.tenants.list``identitytoolkit.tenants.get``identitytoolkit.tenants.getIamPolicy` +|`firebaseauth.configs.get` +`identitytoolkit.tenants.list` +`firebaseauth.users.get` +`identitytoolkit.tenants.list` +`identitytoolkit.tenants.get` +`identitytoolkit.tenants.getIamPolicy` |Every project that the service account can access @@ -504,14 +710,25 @@ Every project that the service account can access |`privateca.googleapis.com` |Enables you to simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA). |CA Service Auditor -|`privateca.caPools.getIamPolicy``privateca.caPools.list``privateca.certificateAuthorities.list``privateca.certificates.list``privateca.certificateRevocationLists.list``privateca.certificateRevocationLists.getIamPolicy``privateca.locations.list` +|`privateca.caPools.getIamPolicy` +`privateca.caPools.list` +`privateca.certificateAuthorities.list` +`privateca.certificates.list` +`privateca.certificateRevocationLists.list` +`privateca.certificateRevocationLists.getIamPolicy` +`privateca.locations.list` |Every project that the service account can access |Google Certificate Manager |`certificatemanager.googleapis.com` |Certificate Manager is fully managed service for the provisioning and administration of TLS/SSL certificates, targeting applications that do not necessitate intricate control over the certificate issuance process. |Project Viewer -|`certificatemanager.locations.list``certificatemanager.dnsauthorizations.list``certificatemanager.certissuanceconfigs.list``certificatemanager.certmaps.list``certificatemanager.locations.list``certificatemanager.certs.list` +|`certificatemanager.locations.list` +`certificatemanager.dnsauthorizations.list` +`certificatemanager.certissuanceconfigs.list` +`certificatemanager.certmaps.list` +`certificatemanager.locations.list` +`certificatemanager.certs.list` |Every project that the service account can access @@ -521,7 +738,11 @@ Every project that the service account can access |Project Viewer NOTE:You must manually add the permission or update the Terraform template to enable `deploymentmanager.deployments.getIamPolicy`. -|`deploymentmanager.deployments.list``deploymentmanager.deployments.getIamPolicy``deploymentmanager.deployments.list``deploymentmanager.manifests.list` + +|`deploymentmanager.deployments.list` +`deploymentmanager.deployments.getIamPolicy` +`deploymentmanager.deployments.list` +`deploymentmanager.manifests.list` |Every project that the service account can access @@ -530,63 +751,95 @@ NOTE:You must manually add the permission or update the Terraform template to en |`iap.googleapis.com` |Provides application-level access control model instead of relying on network-level firewalls by establishing a central authorization layer for applications. |Custom Role -|`clientauthconfig.brands.list``clientauthconfig.clients.listWithSecrets` +|`clientauthconfig.brands.list` +`clientauthconfig.clients.listWithSecrets` |Every project that the service account can access |Google Traffic Director |`networksecurity.googleapis.com` |Traffic Director is Google Cloud's fully managed application networking platform and service mesh. |Project Viewer -|`networksecurity.authorizationPolicies.list``networksecurity.authorizationPolicies.getIamPolicy``networksecurity.clientTlsPolicies.list``networksecurity.clientTlsPolicies.getIamPolicy``networksecurity.serverTlsPolicies.list``networksecurity.serverTlsPolicies.getIamPolicy``networkservices.locations.list``networkservices.gateways.list``networkservices.meshes.list``networkservices.meshes.getIamPolicy` +|`networksecurity.authorizationPolicies.list` +`networksecurity.authorizationPolicies.getIamPolicy` +`networksecurity.clientTlsPolicies.list` +`networksecurity.clientTlsPolicies.getIamPolicy` +`networksecurity.serverTlsPolicies.list` +`networksecurity.serverTlsPolicies.getIamPolicy` +`networkservices.locations.list` +`networkservices.gateways.list` +`networkservices.meshes.list` +`networkservices.meshes.getIamPolicy` |Project where you have created the service account |Google Traffic Director Network Service |`networkservices.googleapis.com` |Traffic Director is Google Cloud's fully managed application networking platform and service mesh. |Project Viewer -|`networkservices.httpRoutes.list``networkservices.grpcRoutes.list``networkservices.tcpRoutes.list``networkservices.tlsRoutes.list` +|`networkservices.httpRoutes.list` +`networkservices.grpcRoutes.list` +`networkservices.tcpRoutes.list` +`networkservices.tlsRoutes.list` |Every project that the service account can access |Google VPC |`compute.googleapis.com` |Enables you to create and enforce a consistent firewall policy across your organization.This lets organization-wide admins manage critical firewall rules in one place. |Project Viewer -|`compute.firewallPolicies.list``compute.regionfirewallPolicies.list` +|`compute.firewallPolicies.list` +`compute.regionfirewallPolicies.list` |Project where you have created the service account |Google Vertex AI |`notebooks.googleapis.com` |Vertex AI is an artificial intelligence platform with pre-trained and custom tooling to build, deploy, and scale ML models. |Project Viewer -|`notebooks.locations.list``notebooks.instances.list``notebooks.instances.checkUpgradability``notebooks.instances.getHealth``notebooks.instances.getIamPolicy``notebooks.runtimes.list``notebooks.schedules.list` +|`notebooks.locations.list` +`notebooks.instances.list` +`notebooks.instances.checkUpgradability` +`notebooks.instances.getHealth` +`notebooks.instances.getIamPolicy` +`notebooks.runtimes.list` +`notebooks.schedules.list` |Project where you have created the service account |Identity and Access Management (IAM) API |`iam.googleapis.com` |Manages identity and access control for GCP resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. |Project Viewer -|`iam.roles.get``iam.roles.list``iam.serviceAccountKeys.list``iam.serviceAccounts.list``iam.workloadIdentityPools.list``iam.workloadIdentityPoolProviders.list``iam.denypolicies.get``iam.denypolicies.list` +|`iam.roles.get` +`iam.roles.list` +`iam.serviceAccountKeys.list` +`iam.serviceAccounts.list` +`iam.workloadIdentityPools.list` +`iam.workloadIdentityPoolProviders.list` +`iam.denypolicies.get` +`iam.denypolicies.list` |Project where you have created the service account |Memorystore |`redis.googleapis.com` |Memorystore is a fully-managed database service that provides a managed version of two popular open source caching solutions: Redis and Memcached. |Project Viewer -|`redis.instances.get``redis.instances.list` +|`redis.instances.get` +`redis.instances.list` |Every project that the service account can access |Memorystore for Memcached |`memcache.googleapis.com` |Memorystore for Memcached is a fully managed Memcached service for Google Cloud, using which avoids the burden of managing complex Memcached deployments. |Project Viewer -|`memcache.locations.list``memcache.instances.list` +|`memcache.locations.list` +`memcache.instances.list` |Every project that the service account can access |Google Managed Microsoft AD |`managedidentities.googleapis.com` |Managed Service for Microsoft Active Directory offers high-availability, hardened Microsoft Active Directory domains hosted by Google Cloud. |Project Viewer -|`managedidentities.domains.list``managedidentities.domains.get``managedidentities.domains.getIamPolicy``managedidentities.sqlintegrations.list` +|`managedidentities.domains.list` +`managedidentities.domains.get` +`managedidentities.domains.getIamPolicy` +`managedidentities.sqlintegrations.list` |No specific requirement for Prisma Cloud. |Google Network Intelligence Center @@ -600,14 +853,18 @@ NOTE:You must manually add the permission or update the Terraform template to en |`container.googleapis.com` |Builds and manages container-based applications, powered by the open source Kubernetes technology. |Kubernetes Engine Cluster Viewer -|`container.clusters.get``container.clusters.list` -|Project where you have created the service account +|`container.clusters.get` +`container.clusters.list` +|Every project that the service account can access |Google Cloud Translation |`translate.googleapis.com` |Enables websites and applications to dynamically translate text programmatically using a Google pre-trained or a custom machine learning model. |Project Viewer -|`cloudtranslate.locations.list``cloudtranslate.glossaries.list``cloudtranslate.customModels.list``cloudtranslate.datasets.list` +|`cloudtranslate.locations.list` +`cloudtranslate.glossaries.list` +`cloudtranslate.customModels.list` +`cloudtranslate.datasets.list` |Project where you have created the service account @@ -624,7 +881,13 @@ NOTE:You must manually add the permission or update the Terraform template to en Helps to gain visibility into the performance, availability, and health of your applications and infrastructure. |Monitoring Viewer -|`monitoring.alertPolicies.list``monitoring.metricDescriptors.get``redis.instances.list``monitoring.notificationChannels.list``resourcemanager.folders.getIamPolicy``monitoring.groups.list``monitoring.snoozes.list` +|`monitoring.alertPolicies.list` +`monitoring.metricDescriptors.get` +`redis.instances.list` +`monitoring.notificationChannels.list` +`resourcemanager.folders.getIamPolicy` +`monitoring.groups.list` +`monitoring.snoozes.list` |Every project that the service account can access And @@ -635,7 +898,14 @@ Source project where the service account is created for enabling monitoring and |`logging.googleapis.com` |Writes log entries and manages your Logging configuration. |Logging Admin -|`logging.buckets.list``logging.logEntries.list``logging.logMetrics.get``logging.logMetrics.list``logging.sinks.get``logging.sinks.list``logging.exclusions.list``logging.cmekSettings.get` +|`logging.buckets.list` +`logging.logEntries.list` +`logging.logMetrics.get` +`logging.logMetrics.list` +`logging.sinks.get` +`logging.sinks.list` +`logging.exclusions.list` +`logging.cmekSettings.get` |Every project that the service account can access |Google Web Security Scanner API @@ -649,28 +919,36 @@ Source project where the service account is created for enabling monitoring and |`workflows.googleapis.com` |Workflows is a fully-managed orchestration platform to execute services in a defined order. |Project Viewer -|`workflows.locations.list``workflows.workflows.list` +|`workflows.locations.list` +`workflows.workflows.list` |Every project that the service account can access |Cloud Spanner backups |`spanner.googleapis.com` |A backup of a Cloud Spanner database. |Project Viewer -|`spanner.backups.list``spanner.backups.getIamPolicy` +|`spanner.backups.list` +`spanner.backups.getIamPolicy` |Source project and destination. |Google Service Directory |`servicedirectory.googleapis.com` |A managed service that enhances service inventory management at scale and reduces the complexity of management and operations by providing a single place to publish, discover, and connect services. |Project Viewer -|`servicedirectory.namespaces.list``servicedirectory.namespaces.getIamPolicy``servicedirectory.services.list``servicedirectory.services.getIamPolicy``servicedirectory.endpoints.list` +|`servicedirectory.namespaces.list` +`servicedirectory.namespaces.getIamPolicy` +`servicedirectory.services.list` +`servicedirectory.services.getIamPolicy` +`servicedirectory.endpoints.list` |Every project that the service account can access 3+|GCP Organization - Additional permissions required to onboard |Organization Role Viewer |The Organization Role Viewer is required for onboarding a GCP Organization. If you only provide the individual permissions listed below, the permissions set is not sufficient. -`resourcemanager.organizations.get``resourcemanager.projects.list``resourcemanager.organizations.getIamPolicy` +`resourcemanager.organizations.get` +`resourcemanager.projects.list` +`resourcemanager.organizations.getIamPolicy` |N/A |=== diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/update-onboarded-gcp-account.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/update-onboarded-gcp-account.adoc index 71a9098149..b20d897395 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/update-onboarded-gcp-account.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/update-onboarded-gcp-account.adoc @@ -7,7 +7,7 @@ You can update the security capabilities and permissions, change account groups [.procedure] . Log in to the Prisma Cloud administrative console. -. Select menu:Settings[Cloud Accounts] and navigate to the GCP account you want to update from the list of cloud accounts. +. Select *Setting > Cloud Accounts* and navigate to the GCP account you want to update from the list of cloud accounts. ** Select or deselect the *Security Capabilities and Permissions*. Make sure to *Download Terraform Script* again and update the *Service Account key (JSON) file* so that the updated permissions are applied. + diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/authorize-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/authorize-prisma-cloud.adoc index b0c38a5f76..d812847c81 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/authorize-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/authorize-prisma-cloud.adoc @@ -228,7 +228,7 @@ If your organization restricts the use of Terraform templates, you also have the + .. Log in to https://portal.azure.com[Azure portal]. -.. Select menu:Azure{sp}Active{sp}Directory[App registrations > + New registration]. +.. Select *Azure Active Directory > App registrations > + New registration*. .. Enter the application name. @@ -248,7 +248,7 @@ The authentication response of the app will be returned to this URI. + The client secret is a secret string that the application uses to prove its identity when requesting a token. + -.. Select menu:Certificates{sp}&{sp}secrets[+ New client secret]. +.. Select *Certificates & secrets > + New client secret*. .. Enter a client tt:[Description], select *Expires* to configure how long the client secret lasts, and *Add*. @@ -256,11 +256,11 @@ The client secret is a secret string that the application uses to prove its iden . Get the Object ID. + -.. Select menu:Azure{sp}Active{sp}Directory[Enterprise applications], and search for the app you previously created in the search box. +.. Select *Azure Active Directory > Enterprise applications*, and search for the app you previously created in the search box. + image::azure-enterprise-applications-object-id.png[scale=30] -.. Copy *Object ID* to a secure location on your computer. Make sure that you get the *Object ID* for the Prisma Cloud application from menu:Enterprise{sp}Applications[All applications] on the Azure portal—not from *App Registrations*. +.. Copy *Object ID* to a secure location on your computer. Make sure that you get the *Object ID* for the Prisma Cloud application from *Enterprise Applications > All applications* on the Azure portal—not from *App Registrations*. . Add roles to the root group. + @@ -298,8 +298,8 @@ image::azure-account-view-roles.png[scale=30] ... Confirm that all the newly created roles were added. . Add the Microsoft Graph APIs. -.. Navigate to the app you previously registered. Select menu:Azure{sp}Active{sp}Directory[App registrations], and select your app. -.. Navigate to Microsoft Graph. Select menu:API{sp}permissions[+ Add a permission > Microsoft Graph > Application permissions]. +.. Navigate to the app you previously registered. Select *Azure Active Directory > App registrations*, and select your app. +.. Navigate to Microsoft Graph. Select *API permissions > + Add a permission > Microsoft Graph > Application permissions*. .. Add the permissions. Enter the permission name in *Select permissions*, and select the name from *Permission*. Add the following permissions: * `User.Read.All` @@ -314,7 +314,7 @@ image::azure-account-view-roles.png[scale=30] If you have enabled additional functions like Agentless Scanning or Workload Protection additional permissions will be required. Review the *Roles and Permissions* list for the required permissions. . Grant admin consent for Default Directory. -.. Select menu:Grant{sp}admin{sp}consent{sp}for{sp}Default{sp}Directory[Yes]. +.. Select *Grant admin consent for Default Directory > Yes*. .. Verify that the permissions are granted. .. Confirm that you can see green check marks under the *Status* column. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-account.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-account.adoc index 664496f463..037ce835ba 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-account.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-account.adoc @@ -86,7 +86,7 @@ The following Azure resources need to have the *Get* and *List* permissions enab ** `azure-key-vault-certificate` + -Select menu:All{sp}services[Key vaults > (key vault name) > Access policies > + Add Access Policy]. For *Key permissions*, *Secret permissions*, and *Certificate permissions*, add the *Get* and *List* Key Management Operations. +Select *All services > Key vaults > (key vault name) > Access policies > + Add Access Policy*. For *Key permissions*, *Secret permissions*, and *Certificate permissions*, add the *Get* and *List* Key Management Operations. + image::add-access-policy-azure.png[scale=10] @@ -116,7 +116,7 @@ NSG flow logs, a feature of Network Watcher, allow you to view ingress and egres ... Select the `insights-logs-networksecuritygroupflowevent` container. ... In the container, navigate the folder hierarchy until you get to the `PT1H.json` flow logs file. //+ [commenting out per Madhu Jain - Novartis POC - 6/14 email thread] -//On the Azure Portal, include the source and the DR Prisma Cloud IP addresses for your Prisma Cloud instance. Select menu:Azure{sp}services[Storage accounts > (your storage account) > Networking > Selected networks]. +//On the Azure Portal, include the source and the DR Prisma Cloud IP addresses for your Prisma Cloud instance. Select *Azure services[Storage accounts > (your storage account) > Networking > Selected networks*. //+ //image::azure-selected-networks.png[scale=0] //+ @@ -130,9 +130,11 @@ NSG flow logs, a feature of Network Watcher, allow you to view ingress and egres === Required Roles and Permissions -To successfully connect your account to Prisma Cloud you will need to provide the required permissions for both Foundational and Advanced security capabilities. Reference the information below to make sure that you have assigned the appropriate permissions to Prisma Cloud. +To successfully connect your account to Prisma Cloud you will need to provide the required permissions for security capabilities. Reference the information below to make sure that you have assigned the appropriate permissions to Prisma Cloud. -* https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/azure-commercial-permissions-security-coverage.txt[Permissions for Foundational and Advanced Security Capabilities] +* xref:microsoft-azure-apis-ingested-by-prisma-cloud.adoc[Permissions for Security Capabilities] + +Reference Azure documentation to learn more about https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader[Reader], https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader-and-data-access[Reader and Data Access], https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor[Network Contributor] and https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor[Storage Account Contributor] roles. === Next: Onboard your Azure Account diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-active-directory.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-active-directory.adoc index c85aeeb3a9..a073c53a9a 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-active-directory.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-active-directory.adoc @@ -27,7 +27,7 @@ image::so-az-active-directory.gif[scale=50] [.procedure] . *Get Started* + -.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. .. Choose *Azure* as the *Cloud to Secure*. .. Select *Active Directory* under *Scope*. .. Select *Commercial* as the *Deployment Type*. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-subscription.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-subscription.adoc index 15396704ae..f36c47c475 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-subscription.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-subscription.adoc @@ -27,7 +27,7 @@ image::so-az-subscription.gif[scale=50] [.procedure] . *Get Started* + -.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. .. Choose *Azure* as the *Cloud to Secure*. .. Select *Subscription* under *Scope*. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-tenant.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-tenant.adoc index 6d251f63f7..c1d3c446c9 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-tenant.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-tenant.adoc @@ -27,7 +27,7 @@ image::so-az-tenant.gif[scale=50] [.procedure] . *Get Started* + -.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select menu:Settings[Cloud Accounts > Add Cloud Account]. +.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-prisma-cloud.html#id3d308e0b-921e-4cac-b8fd-f5a48521aa03[Access Prisma Cloud] and select *Settings > Cloud Accounts > Add Cloud Account*. .. Choose *Azure* as the *Cloud to Secure*. .. Select *Tenant* under *Scope*. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/troubleshoot-azure-account-onboarding.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/troubleshoot-azure-account-onboarding.adoc index 1e7e00241c..059f66614d 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/troubleshoot-azure-account-onboarding.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/troubleshoot-azure-account-onboarding.adoc @@ -129,7 +129,7 @@ This query allows you to list all network traffic from the Internet or from Susp The Network Watcher is required to generate flow logs on Azure. -.. Log in to the Azure portal and select menu:Network{sp}Watcher[Overview] and verify that the status is *Enabled*. +.. Log in to the Azure portal and select *Network Watcher > Overview* and verify that the status is *Enabled*. .. Log in to Prisma Cloud. @@ -141,7 +141,7 @@ config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-netw *Check that you have enabled flow logs on the NSGs*. -.. Log in to the Azure portal, and select menu:Network{sp}Watcher[NSG Flow Logs] and verify that the status is *Enabled*. +.. Log in to the Azure portal, and select *Network Watcher > NSG Flow Logs* and verify that the status is *Enabled*. .. Log in to Prisma Cloud. diff --git a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/update-azure-application-permissions.adoc b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/update-azure-application-permissions.adoc index 448643fa43..d470abdf6f 100644 --- a/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/update-azure-application-permissions.adoc +++ b/docs/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/update-azure-application-permissions.adoc @@ -1,6 +1,6 @@ == Update Azure Application Permissions -Even after you have completed onboarding, you have the option to add or remove Prisma Cloud Security Capabilities. Learn how you can add additional capabilities and the required associated permissions in your Azure subscriptions or tenants after onboarding. To verify if you have missing permissions authenticate into Prisma Cloud and select menu:Settings[Cloud Accounts], and view the *Status* column. +Even after you have completed onboarding, you have the option to add or remove Prisma Cloud Security Capabilities. Learn how you can add additional capabilities and the required associated permissions in your Azure subscriptions or tenants after onboarding. To verify if you have missing permissions authenticate into Prisma Cloud and select *Settings > Cloud Accounts*, and view the *Status* column. === Update Azure Custom Role Permissions @@ -58,8 +58,8 @@ Follow the steps below to assign graph API permissions at the tenant level. [.procedure] . Add the required permissions. -.. Navigate to the app you previously registered. Select menu:Azure{sp}Active{sp}Directory[App registrations], and select your app. -.. Navigate to Microsoft Graph. Select menu:API{sp}permissions[+ Add a permission > Microsoft Graph > Application permissions]. +.. Navigate to the app you previously registered. Select *Azure Active Directory > App registrations*, and select your app. +.. Navigate to Microsoft Graph. Select *API permissions > + Add a permission > Microsoft Graph > Application permissions*. .. Add the permissions. Enter the permission name in *Select permissions*, and select the name from *Permission*. Add the following permissions: * `User.Read.All` @@ -74,6 +74,6 @@ Follow the steps below to assign graph API permissions at the tenant level. If you have enabled additional functions like Agentless Scanning or Workload Protection additional permissions will be required. Review the *Roles and Permissions* list for the required permissions. . Grant admin consent for Default Directory. -.. Select menu:Grant{sp}admin{sp}consent{sp}for{sp}Default{sp}Directory[Yes]. +.. Select *Grant admin consent for Default Directory > Yes*. .. Verify that the permissions are granted. .. Confirm that you can see green check marks under the *Status* column. diff --git a/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id50a63347-4291-4210-99fa-f51de04106be.adoc b/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id50a63347-4291-4210-99fa-f51de04106be.adoc index 7d9869f97a..827e57322f 100644 --- a/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id50a63347-4291-4210-99fa-f51de04106be.adoc +++ b/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id50a63347-4291-4210-99fa-f51de04106be.adoc @@ -1,27 +1,21 @@ -. [[id50a63347-4291-4210-99fa-f51de04106be]] Set up *Forward Scan* to scan your cloud resources for data security issues. -+ -Make sure you have created a stack in your AWS account by following the steps listed above. +[[id50a63347-4291-4210-99fa-f51de04106be]]Make sure you have created a stack in your AWS account. -.. From your AWS account, copy and paste *Role ARN* and click *Next*. +. From your AWS account, copy and paste *Role ARN* and click *Next*. -.. *Configure Data Security* to scan all your resources or you can choose to customize what you want to scan. +. *Configure Data Security* to scan all your resources or you can choose to customize what you want to scan. + -* When you select Scan All, Prisma Cloud will Forward scan and Backward scan all eligible objects. The forward scan inspects any new or modified files, and the backward scan is retrospective, which means that it inspects files that exist in the storage bucket. The xref:../monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc[] of files that you want to scan within your storage bucket will determine how many Prisma Cloud credits are used for Data Security. +* When you select Scan All, Prisma Cloud will Forward scan and Backward scan all eligible objects. The forward scan inspects any new or modified files, and the backward scan is retrospective, which means that it inspects files that exist in the storage bucket. The xref:../prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc[type] of files that you want to scan within your storage bucket will determine how many Prisma Cloud credits are used for Data Security. -* When you select Custom Scan, Prisma Cloud will Forward scan and/or Backward scan eligible objects in selected resources.+ -+ -image::aws-pcds-configure.png[scale=50] +* When you select Custom Scan, Prisma Cloud will Forward scan and/or Backward scan eligible objects in selected resources. -.. You can choose to *Add New* or *Select existing* CloudTrail, SNS Topic, or Buckets for Log Files. The consumption of Prisma Cloud license credits depends on the file size in the selected objects and whether you enable forward and backward scans. +. You can choose to *Add New* or *Select existing* CloudTrail, SNS Topic, or Buckets for Log Files. The consumption of Prisma Cloud license credits depends on the file size in the selected objects and whether you enable forward and backward scans. + [NOTE] ==== CloudTrail buckets are not scanned. You can choose buckets with objects containing ELB access logs, S3 access logs, and VPC flow logs for scanning. ==== -+ -image::aws-pcds-define-fwd-scan-1.png[scale=50] -.. Follow the steps to *Configure Forward Scan*: +. Follow the steps to *Configure Forward Scan*: + * *Download Template* locally. The template is a .zip file that contains shell script, CFTs, and configuration files. @@ -32,13 +26,9 @@ sh pcds_forward_scan_setup.sh -f config.txt ---- * Wait for the CREATE_COMPLETE status. -+ -image::aws-onboard-new-4.png[scale=40] * Once the above command runs successfully in AWS, click *Validate Setup* on Prisma Cloud. -+ -image::aws-pcds-configure-fwd-scan.png[scale=50] -.. Irrespective of whether the script gets validated or not you can continue to onboard and configure data security for your AWS account. If validation fails, see xref:../troubleshoot-data-security-errors.adoc[] and set up AWS CloudTrail & SNS manually to resolve it. +. Irrespective of whether the script gets validated or not you can continue to onboard and configure data security for your AWS account. If validation fails, see xref:../prisma-cloud-data-security/troubleshoot-data-security-errors.adoc[troubleshoot data security errors] and set up AWS CloudTrail & SNS manually to resolve it. -.. Click *Next*. +. Click *Next*. diff --git a/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc b/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc index b20709a531..def3924ec6 100644 --- a/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc +++ b/docs/en/classic/cspm-admin-guide/fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc @@ -1,10 +1,8 @@ -. [[id82a563a3-ea83-444d-a6ab-f1f8b5e116d8]]Allow Prisma Cloud to access your bucket. -+ -If you have configured bucket policy to restrict access, make sure to complete the following tasks on the AWS Management Console: +[[id82a563a3-ea83-444d-a6ab-f1f8b5e116d8]]If you have configured bucket policy to restrict access, make sure to complete the following tasks on the AWS Management Console: -.. Copy the Prisma Cloud Role ARN that you added to enable Data Security on Prisma Cloud above. +. Copy the Prisma Cloud Role ARN that you added to enable Data Security on Prisma Cloud above. -.. Edit your bucket policy to include the Prisma Cloud Role ARN. +. Edit your bucket policy to include the Prisma Cloud Role ARN. + The following snippet is an example: Consider a bucket policy that denies access to userinput:[monitored-bucket] when requesting userinput:[s3:GetObject] API. + diff --git a/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/access-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/access-prisma-cloud.adoc index 907c23fcb0..643d2c55e5 100644 --- a/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/access-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/access-prisma-cloud.adoc @@ -62,7 +62,7 @@ image::change-tenants.png[scale=60] + [NOTE] ==== -If you see the serial number for your instance and want to change it to a descriptive label, navigate to the Settings page using menu:gear[Manage Apps] in the upper-right. Click directly on the serial number and rename it. This new name displays only on the hub and it does not automatically apply to your Prisma Cloud instance name. +If you see the serial number for your instance and want to change it to a descriptive label, navigate to the Settings page using *gear > Manage Apps* in the upper-right. Click directly on the serial number and rename it. This new name displays only on the hub and it does not automatically apply to your Prisma Cloud instance name. ==== diff --git a/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console.adoc b/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console.adoc index dc8b19c598..ca7127aedd 100644 --- a/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console.adoc +++ b/docs/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console.adoc @@ -683,8 +683,9 @@ api{asterisk}.{asterisk}.prismacloud.io. See https://pan.dev/prisma-cloud/api/cs You’re running Checkov within your pipeline, enable access for the machine running Checkov. + If you’re running the IDE extension on your local machine, enable access on the local machine. -+ + [cols="12%a,19%a,32%a,37%a"] + |=== |*Prisma Cloud URL is on* |*API Gateway* diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-a-resource-list-on-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-a-resource-list-on-prisma-cloud.adoc index f26f8c4e09..752d3066be 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-a-resource-list-on-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-a-resource-list-on-prisma-cloud.adoc @@ -17,9 +17,9 @@ A Resource List is a way to identify resources that are assigned with a specific A resource list for tags can reference tags that have been assigned to the resource as a part of a template deployment workflow or added manually. After you create the list to identify resources based on assigned tags, to use this list for scanning IaC templates using the Prisma Cloud plugins, you need to attach the resource list to a Prisma Cloud role and to an alert rule for build-time checks. [.procedure] -. Select menu:Settings[Resource Lists]. +. Select *Settings > Resource Lists*. -. menu:Add{sp}Resource{sp}List[Tag]. +. *Add Resource List > Tag*. . Enter a *Resource List Name*. + @@ -52,9 +52,9 @@ On Compute, this resource list is referred to as an assigned collection and is a [.procedure] -. Select menu:Settings[Resource Lists]. +. Select *Settings > Resource Lists*. -. menu:Add{sp}Resource{sp}List[Compute Access Group]. +. *Add Resource List > Compute Access Group*. . Enter a *Resource List Name*. + @@ -72,7 +72,7 @@ image::resource-list-cag.png[scale=30] . View this resource list on *Compute*. + -The resource list is automatically added to the list of Collections. Select menu:Manage[Collections And Tags > Collections] and find the resource list by name. Although the Resource List for Compute Access Group is included in the list of collections, you cannot edit it on the *Compute* tab or use it when you add or edit rules for enforcing security checks on your resources. +The resource list is automatically added to the list of Collections. Select *Manage > Collections And Tags > Collections* and find the resource list by name. Although the Resource List for Compute Access Group is included in the list of collections, you cannot edit it on the *Compute* tab or use it when you add or edit rules for enforcing security checks on your resources. . Attach the resource list. + @@ -94,11 +94,11 @@ The Azure Resource Group resource list enables you to specify roles on Prisma Cl Contact Prisma Cloud customer support to enable Azure Resource Group resource lists on your Prisma Cloud tenant. [.procedure] -. Select menu:Settings[Resource Lists]. +. Select *Settings > Resource Lists*. + Only System Admins can create Resource Groups. -. menu:Add{sp}Resource{sp}List[Azure Resource Group]. +. *Add Resource List > Azure Resource Group*. . Enter the resource list details. + @@ -118,14 +118,14 @@ This is currently only applicable to Azure resources. If you have access to AWS, .. Apply a filter on the Compliance dashboard. + -* Select menu:Compliance[Overview] and click the plus icon (image:filter-plus-icon.png[scale=45]) to view and add filter menu items. +* Select *Compliance > Overview* and click the plus icon (image:filter-plus-icon.png[scale=45]) to view and add filter menu items. * Select *Azure Resource Group* to view the resource list data associated with your role. + image::compliance-azure-resource-group-1.png[scale=30] . Apply a filter on the Asset inventory dashboard. + -* Select menu:Inventory[Assets] and click the plus icon to view and add filter menu items. +* Select *Inventory > Assets* and click the plus icon to view and add filter menu items. * Select *Azure Resource Group* to view the resource list data associated with your role. + image::asset-inventory-azure-resource-group-2.png[scale=30] diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-prisma-cloud-users.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-prisma-cloud-users.adoc index a35292a04e..6e88de6d87 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-prisma-cloud-users.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-prisma-cloud-users.adoc @@ -14,7 +14,7 @@ The following instructions are for manually adding a local user account on Prism [.procedure] -. Navigate to menu:Settings[Access Control > Users] and select menu:Add[User]. +. Navigate to *Settings > Access Control > Users* and select *Add > User*. + image::add-new-admin-1.png[scale=50] diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-service-account-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-service-account-prisma-cloud.adoc index d36db8eda6..a20cf0f11e 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-service-account-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-service-account-prisma-cloud.adoc @@ -10,7 +10,7 @@ Service Accounts can be created for automation use cases to enable a nonhuman en [.procedure] -. Navigate to menu:Settings[Access Control] and select menu:Add[Service Account]. +. Navigate to *Settings > Access Control* and select *Add > Service Account*. + You must have the System Administrator role on Prisma Cloud to add a service account; a maximum of 250 service accounts are supported. @@ -45,7 +45,7 @@ image::access-key-results-1.png[scale=40] . View the service accounts. + -To verify that the service accounts is created successfully, select menu:Settings[Users], and enter the name of the service account in the search box. +To verify that the service accounts is created successfully, select *Settings > Users*, and enter the name of the service account in the search box. + image::service-account-table-1.png[scale=40] + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys.adoc index 6d2fe30c1d..e968173462 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys.adoc @@ -9,10 +9,10 @@ Access Keys are a secure way to enable programmatic access to the Prisma Cloud A You can enable API access either when you xref:add-prisma-cloud-users.adoc#id2730a69c-eea8-4e00-a7f1-df3b046615bc[Add Administrative Users On Prisma Cloud], you can modify the user permissions to enable API access. If you have API access, you can create up to two access keys per role for most roles; some roles such the Build and Deploy Security role can generate one access key only. When you create an access key, the key is tied to the role with which you logged in and if you delete the role, the access key is automatically deleted. -Create an access key for a limited time period and regenerate your API keys periodically to minimize exposure and follow security best practices. On the menu:Settings[Audit Logs], you can view a record of all access key related activities such as an update to extend its validity, deletion, or a revocation. +Create an access key for a limited time period and regenerate your API keys periodically to minimize exposure and follow security best practices. On the *Settings > Audit Logs*, you can view a record of all access key related activities such as an update to extend its validity, deletion, or a revocation. [.procedure] -. Select menu:Settings[Access Control > Access Keys] and select menu:Add[Access Key]. +. Select *Settings > Access Control > Access Keys* and select *Add > Access Key*. + If you do not see the option to add a new key, it means that you do not have the permissions to create access keys. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-account-groups.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-account-groups.adoc index 0a71cd52b8..1ea46946ce 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-account-groups.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-account-groups.adoc @@ -75,7 +75,7 @@ You have the option of creating a new role or assigning the parent account group + .. Add a new role. + -Select menu:Settings[Roles > Add Role]. +Select *Settings > Roles > Add Role*. .. Enter the new role details. + @@ -83,7 +83,7 @@ Enter *Name*, tt:[Description], select *Permission Group* and click *Account Gro .. (tt:[Optional]) Assign the parent account group to an existing role. + -Select menu:Settings[Roles], and then select a role from the *Name* column. +Select *Settings > Roles*, and then select a role from the *Name* column. .. (tt:[Optional]) Select the *Account Group* dialog box and choose the parent account groups you want to add. @@ -91,7 +91,7 @@ Select menu:Settings[Roles], and then select a role from the *Name* column. + You can view your parent account group data from several places in the console such as the *Asset Inventory*, *Compliance* dashboards, and the *Investigate* page. + -To view the parent account groups in the *Asset Inventory* dashboard, Select menu:Inventory[Assets], and select the account groups to filter in the *Account Group* search field. +To view the parent account groups in the *Asset Inventory* dashboard, Select *Inventory > Assets*, and select the account groups to filter in the *Account Group* search field. + And on the *Investigate* page, enter the following query: + @@ -104,7 +104,7 @@ And on the *Investigate* page, enter the following query: When you onboard a cloud account such as an AWS Org or GCP Org, all child accounts associated with it are automatically included in the account group that you select in the onboarding workflow. If you now want to select or reassign the grouping of one or more cloud accounts to support your reporting or logical grouping needs, use this approach: [.procedure] -. Select menu:Settings[Account Groups]. +. Select *Settings > Account Groups*. . Select the account group you want to edit and click the edit icon. + @@ -131,7 +131,7 @@ image::manage-account-groups-by-parent-account-expand-child-accounts.png[] To view and manage account groups: [.procedure] -. Select menu:Settings[Account Groups]. +. Select *Settings > Account Groups*. . To edit the details of an Account Group, click the record, and change any details. + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-prisma-cloud-roles.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-prisma-cloud-roles.adoc index c4dd5bf605..ce8994e69f 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-prisma-cloud-roles.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-prisma-cloud-roles.adoc @@ -10,7 +10,7 @@ Roles on Prisma Cloud enable you to specify what permissions an administrator ha When you create a cloud account, you can assign one or more cloud account to account group(s) and then attach the account group to the role you create. This flow allows you to ensure the user/administrator who has the role can access the information related to only the cloud account(s) to which you have authorized access. [.procedure] -. Select menu:Settings[Access Control > Roles > Add > Role]. +. Select *Settings > Access Control > Roles > Add > Role*. . Enter a name and a description for the role. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings.adoc index 0c32de9c44..b3ab9b79b5 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings.adoc @@ -20,7 +20,7 @@ Set the enterprise level settings to build standard training models for anomaly Specify a timeout period after which an inactive administrative user will be automatically logged out of Prisma Cloud. An inactive user is one who does not interact with the UI using their keyboard and mouse within the specified time period. -. Select menu:Settings[Enterprise Settings]. +. Select *Settings > Enterprise Settings*. . *User Idle Timeout* + @@ -35,7 +35,7 @@ These settings apply to all Prisma Cloud policies. The *Critical* severity polic . *Auto enable new default policies of the type*. -.. Select menu:Settings[Enterprise Settings]. +.. Select *Settings > Enterprise Settings*. .. Granularly enable new *Default* policies of severity *Critical*, *High*, *Medium*, *Low* or *Informational*. @@ -82,7 +82,7 @@ The policies that support user attribution in alert payload are: Prisma Cloud generates health notifications called *Alarms* that notify you about system-level issues and errors. After you enable Alarms, Prisma Cloud automatically generates alarms related to external Integrations status and onboarded Cloud Accounts status. You can configure rules to receive email notifications for the generated alarms so that you do not need access to the Prisma Cloud console to know when an error or issue occurs. -. Select menu:Settings[Enterprise Settings]. +. Select *Settings > Enterprise Settings*. + [NOTE] ==== @@ -128,7 +128,7 @@ Prisma Cloud generates Audit logs to help prepare your organization for regular To minimize "noise" and log flooding, Prisma Cloud does not forward "Successful login" type audit log messages to external integrations. All other audit log types can be sent to any supported external integration such as Webhook or SQS. For example, the following audit log message will not be forwarded. `'xxx@paloaltonetworks.com'(with role 'System Admin':'System Admin') logged in via password` ==== -. Select menu:Settings[Enterprise Settings]. +. Select *Settings > Enterprise Settings*. + [NOTE] ==== @@ -149,7 +149,7 @@ image::audit-log-to-integration.png[scale=10] Prisma Cloud Chronicles is the weekly email update that summarizes your team’s Prisma Cloud usage, informs you of release updates, and provides recommendation on how you can improve your security posture with adopting Prisma Cloud. If you have more than one Prisma Cloud tenant and want to unsubscribe all your administrators from receiving the newsletter you can disable globally. -. Select menu:Settings[Enterprise Settings]. +. Select *Settings > Enterprise Settings*. . Select *Opt out of receiving the Prisma Cloud Chronicles newsletter for all Prisma Cloud System Administrators*. + An email is sent to all administrators notifying them that a System Administrator has opted them out. Each administrator can edit their profile settings on Prisma Cloud to opt in and receive the newsletter, if they want to stay informed of the latest updates. @@ -164,7 +164,7 @@ If you want to exclude one or more IP addresses or a CIDR block from generating . For UEBA policies: -.. Select menu:Settings[Anomaly Settings > Alerts and Thresholds]. +.. Select *Settings > Anomaly Settings > Alerts and Thresholds*. + image::anomaly-policies-ueba-settings-1.png[scale=20] @@ -236,7 +236,7 @@ When a Prisma Cloud administrator modifies the *Alert Disposition* or *Training + For anomalies policies that help you detect network incidents, such as unusual protocols or port used to access a server on your network, you can customize the following for each policy. + -.. Select menu:Settings[Anomaly Settings > Alerts and Thresholds]. +.. Select *Settings > Anomaly Settings > Alerts and Thresholds*. .. Select a policy. + @@ -273,7 +273,7 @@ For example, a Spambot policy that sees 1GB traffic to a resource, or a port swe + For anomalies policies that help you detect when a credential that has been assigned to a compute resource, such as an EC2 instance, is used from inside the cloud service provider. + -.. Select menu:Settings[Anomaly Settings > Alerts and Thresholds > Identity]. +.. Select *Settings > Anomaly Settings > Alerts and Thresholds > Identity*. .. Select a policy. + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/get-started-with-oidc-sso.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/get-started-with-oidc-sso.adoc index 34b705355d..87f23d3a23 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/get-started-with-oidc-sso.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/get-started-with-oidc-sso.adoc @@ -15,7 +15,7 @@ Complete the steps below on the Prisma Cloud console and your IdP to set up OIDC [.procedure] . Log in to Prisma Cloud using an account with System Administrator privileges to configure SSO and redirect login requests to the IdP’s login page. . Complete the following steps on your Prisma Cloud tenant: -.. Select menu:Settings[Access Control > SSO] and select *OIDC* as shown below. +.. Select *Settings > Access Control > SSO* and select *OIDC* as shown below. + image::oidc.png[] .. Copy the *Audience URI* value. This is a read-only field in the format that uniquely identifies your instance of Prisma Cloud. This value is required to configure OIDC on your IdP. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/get-started-with-saml-sso.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/get-started-with-saml-sso.adoc index 037e821ddc..87af88e1b5 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/get-started-with-saml-sso.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/get-started-with-saml-sso.adoc @@ -23,7 +23,7 @@ If you want to enable JIT provisioning for users, https://docs.paloaltonetworks. . Copy the Audience URI, for Prisma Cloud, which users need to access from the IdP. + -.. Log in to Prisma Cloud and select menu:Settings[Access Control > SSO]. +.. Log in to Prisma Cloud and select *Settings > Access Control > SSO*. .. Copy the *Audience URI (SP Entity ID)* value. This is a read-only field in the format: \https://app.prismacloud.io?customer= to uniquely identify your instance of Prisma Cloud. You require this value when you configure SAML on your IdP. + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/set-up-jit-on-okta.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/set-up-jit-on-okta.adoc index e62eba54da..3c96dd7f75 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/set-up-jit-on-okta.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/set-up-jit-on-okta.adoc @@ -16,7 +16,7 @@ If you have not already created the SAML app for Prisma Cloud on Okta, follow th + If you need to add custom mandatory fields, follow these steps. -.. Go to menu:Directory[Profile Editor > ]. +.. Go to *Directory > Profile Editor > *. + image::jit-okta-profile-editor.png[scale=40] + @@ -30,7 +30,7 @@ image::jit-okta-add-attribute.png[scale=40] + [NOTE] ==== -If you have multiple roles, select menu:data{sp}type[string array] so that you will have an array, or group of strings to represent your role names in Prisma Cloud. +If you have multiple roles, select *data type > string array* so that you will have an array, or group of strings to represent your role names in Prisma Cloud. ==== .. *Save* the new attribute. @@ -42,7 +42,7 @@ image::sso-okta-add-attribute.png[scale=50] . [[id766be9d2-fec0-4fae-9bb7-583c24c4ccd7]]Configure the *Attribute Statements* on the Prisma Cloud Okta app. + -Specify the user attributes in the SAML assertion or claim that Prisma Cloud can use to create the local user account... Select menu:Applications[Applications]. +Specify the user attributes in the SAML assertion or claim that Prisma Cloud can use to create the local user account... Select *Applications > Applications*. .. Select the Prisma Cloud **, *General* and click *Edit* under the *SAML Settings* heading to add the attribute statements.Replace ** with the name of the Prisma Cloud app you want to configure the attribute statements for. You must provide the *email*, *role*, *first*, and *last* name for each user. + @@ -50,12 +50,12 @@ image::jit-attributes-okta.png[scale=40] + [NOTE] ==== -The attribute statement names should map to the values that you have in menu:Settings[Access Control > SSO > > Just in Time (JIT) Provisioning]. +The attribute statement names should map to the values that you have in *Settings > Access Control > SSO > Just in Time (JIT) Provisioning*. ==== . Assign the Prisma Cloud role for each SSO user. + -Each SSO user who is granted access to Prisma Cloud, can have between one to five Prisma Cloud roles assigned. Each role determines the permissions and account groups that the user can access on Prisma Cloud... Select menu:Applications[Applications] +Each SSO user who is granted access to Prisma Cloud, can have between one to five Prisma Cloud roles assigned. Each role determines the permissions and account groups that the user can access on Prisma Cloud... Select *Applications > Applications* .. Select the Prisma Cloud app and Assignments. + @@ -63,7 +63,7 @@ For existing users, click the pencil icon to add the Prisma Cloud Role you want + image::jit-okta-users.png[scale=40] + -For new users, select menu:Assign[Assign to People], click *Assign* for the user you want to give access to Prisma Cloud and define the Prisma Cloud Role you want to give this user. +For new users, select *Assign > Assign to People*, click *Assign* for the user you want to give access to Prisma Cloud and define the Prisma Cloud Role you want to give this user. + image::jit-okta-edit-user-assignment.png[scale=40] diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc index b4b572f34e..71f6ea2072 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc @@ -19,7 +19,7 @@ If you want to enable JIT provisioning for users, xref:../create-prisma-cloud-ro . [[BHIIFCAAH0]]Copy the Audience URI, for Prisma Cloud, which users need to access from AD FS. + -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. Copy the *Audience URI (SP Entity ID)* value. This is a read-only field in the format: \https://app.prismacloud.io?customer= to uniquely identify your instance of Prisma Cloud. You require this value when you configure SAML on AD FS. + @@ -53,7 +53,7 @@ image::adfs-sso-setup-2.png[scale=40] . [[ide6555fcc-ae0c-4dac-b2e5-54f84861db96]]Configure AD FS on Prisma Cloud. + -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. *Enable SSO*. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-google.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-google.adoc index aa984157ae..3e8d2e83a6 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-google.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-google.adoc @@ -14,9 +14,9 @@ If you have not already created the SAML app for Prisma Cloud on Google, see xre . Create a custom role in Google that will be used as a Prisma Cloud role. For the Prisma Cloud role to be available to each user, this role attribute should be available to each registered user in the Google workspace. -.. Log in to Google as a Super Administrator and select menu:Directory[Users]. +.. Log in to Google as a Super Administrator and select *Directory > Users*. -.. Select menu:More[Manage Custom Attributes]. +.. Select *More > Manage Custom Attributes*. + image::sso-google-jit-6.png[scale=40] @@ -35,7 +35,7 @@ image::sso-google-jit-7.png[scale=40] . Map the JIT attributes. -.. Log in to Google as a Super Administrator and select menu:Apps[Web and mobile apps]. +.. Log in to Google as a Super Administrator and select *Apps > Web and mobile apps*. .. Click on the application for which you want to enable JIT provisioning. + @@ -51,7 +51,7 @@ image::sso-google-jit-10.png[scale=40] . Enable JIT. -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. Under Just in Time (JIT) Provisioning, *Enable JIT Provisioning*. @@ -67,4 +67,4 @@ image::sso-onelogin-jit-10.png[scale=40] .. Click *Prisma * (the SAML custom application that you had configured) to log directly in to the Prisma Cloud instance. -.. Log in to Prisma Cloud as an Administrator and select menu:Settings[Users] to validate that the above user is provisioned. +.. Log in to Prisma Cloud as an Administrator and select *Settings > Users* to validate that the above user is provisioned. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-onelogin.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-onelogin.adoc index 2ae9469cb0..5170f2080d 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-onelogin.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-onelogin.adoc @@ -18,7 +18,7 @@ If you have not already created the SAML app for Prisma Cloud on OneLogin, see x + .. Log in to OneLogin as an Administrator and select *Administration*. -.. Navigate to menu:Users[Roles]. +.. Navigate to *Users > Roles*. .. *New Role*. @@ -38,7 +38,7 @@ image::sso-onelogin-jit-2.png[scale=40] + .. In OneLogin, select *Administration*. -.. Navigate to menu:Users[Roles] and select the role to which you want to add the users. +.. Navigate to *Users > Roles* and select the role to which you want to add the users. .. Click *Users* and use automatic (filter-based) or manual-based option to add new users to the role. + @@ -72,7 +72,7 @@ image::sso-onelogin-jit-9.png[scale=40] . Enable JIT. + -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. Under Just in Time (JIT) Provisioning, *Enable JIT Provisioning*. @@ -90,7 +90,7 @@ image::sso-onelogin-jit-10.png[scale=40] .. Click *Prisma App* from the dashboard to log directly in to the Prisma Cloud instance. -.. Log in to Prisma Cloud as an Administrator and select menu:Settings[Users] to validate that the above user is provisioned. +.. Log in to Prisma Cloud as an Administrator and select *Settings > Users* to validate that the above user is provisioned. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc index 3c8bebcf76..88bb9e48e0 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc @@ -10,15 +10,15 @@ On Prisma Cloud, you can enable single sign-on (SSO) using Google. To enable SSO [.procedure] . Set up Google for SSO. -.. Before you begin to set up Google configuration, log in to your Prisma Cloud instance, select menu:Settings[SSO] and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. +.. Before you begin to set up Google configuration, log in to your Prisma Cloud instance, select *Settings > SSO* and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. .. Log in to https://admin.google.com/[Google Workspace] as a Super Administrator. + image::sso-google-2.png[scale=40] -.. From the left navigation menu, select menu:Apps[Web and mobile Apps]. +.. From the left navigation menu, select *Apps > Web and mobile Apps*. -.. Select menu:Add{sp}App[Add custom SAML App]. +.. Select *Add App > Add custom SAML App*. + image::sso-google-3.png[scale=40] @@ -51,7 +51,7 @@ image::sso-google-7.png[scale=40] . Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. *Enable SSO*. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc index a26dbb1092..50114aa32f 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc @@ -29,7 +29,7 @@ After you enable SSO, you must access Prisma Cloud from the Microsoft AAD portal .. Edit Basic SAML Configuration and enter previously copied Audience URI into *Identitifier (Entity ID)*. -.. Depending on the location of your tenant, which is displayed in the login URL, copy and past the Prisma Cloud console URL into *Reply URL* (Assertion Consumer Service URL) field by replacing ‘app’ with ‘api’, and appending /saml at the end. For example: https://api2.prismacloud.io/saml for https://app2.prismacloud.io/[https://app2.prismacloud.io/] +.. Depending on the location of your tenant, which is displayed in the login URL, copy and paste the Prisma Cloud console URL into *Reply URL* (Assertion Consumer Service URL) field by replacing ‘app’ with ‘api’, and appending /saml at the end. For example: https://api2.prismacloud.io/saml for https://app2.prismacloud.io/[https://app2.prismacloud.io/] .. Edit the User Attributes & Claims section. User Attributes captures information such as first and last name. Claims are key/value-pairs that relate to the user object, for instance a user's email address. Verify the following according to your environment. By default, claims should apply to any environment. + @@ -64,7 +64,7 @@ If the attribute has a namespace configured, the namespace and the name of the a . Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[Access Control > SSO]. +.. Log in to Prisma Cloud and select *Settings > Access Control > SSO*. .. *Enable SSO*. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc index b216bda133..2313834315 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc @@ -51,7 +51,7 @@ image::sso-okta-general-settings.png[scale=50] + The format for Sign On URL uses the URL for Prisma Cloud, but you must replace app with api and add saml at the end. For example, if you access Prisma Cloud at https://app2.prismacloud.io, your Sign On URL should be `\https://api2.prismacloud.io/saml` and if it is https://app.eu.prismacloud.io, it should be `\https://api.eu.prismacloud.io/saml` . -.. For *Audience URI* - Use the value displayed on Prisma Cloud menu:Settings[Access Control > SSO] that you copied in the first step. +.. For *Audience URI* - Use the value displayed on Prisma Cloud *Settings > Access Control > SSO* that you copied in the first step. .. Select *Name ID format* as *Persistent* and *Application username* as *Okta username*. + @@ -77,7 +77,7 @@ You have now successfully created an application for the SAML integration. This .. Assign users or groups of users who can use the Prisma Cloud SSO app to log in to Prisma Cloud. + -Select Assignments on the app and menu:Assign[Assign to People], to add individual users. +Select Assignments on the app and *Assign > Assign to People*, to add individual users. + image::sso-okta-assign-users.png[scale=30] + @@ -89,13 +89,13 @@ image::sso-okta-assign-groups.png[scale=50] . [[id3e639e18-3f16-4f90-b8e7-e3a4b35a743b]]Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[Access Control > SSO]. +.. Log in to Prisma Cloud and select *Settings > Access Control > SSO*. .. *Enable SSO*. .. Enter the value for your *Identity Provider Issuer*. + -This is the URL of a trusted provider such as Google, Salesforce, Okta, or Ping who act as your IdP in the authentication flow. On Okta, for example, you can find the Identity Provider issuer URL at menu:Applications[Sign On > View Setup Instructions]. +This is the URL of a trusted provider such as Google, Salesforce, Okta, or Ping who act as your IdP in the authentication flow. On Okta, for example, you can find the Identity Provider issuer URL at *Applications > Sign On > View Setup Instructions*. + image::sso-get-idp-for-prisma-cloud.png[scale=50] + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc index 0efecde6a4..0beb8ae509 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc @@ -10,13 +10,13 @@ If you have selected OneLogin as your Identity and Access Management provider, y [.procedure] . Set up OneLogin for SSO. -.. Before you begin to set up OneLogin configuration, log in to your Prisma Cloud instance, select menu:Settings[SSO] and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. +.. Before you begin to set up OneLogin configuration, log in to your Prisma Cloud instance, select *Settings > SSO* and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. + image::sso-onelogin-01.png[scale=40] .. Log in to OneLogin as an Administrator and click *Administration*. -.. Select menu:Applications[Add App]. +.. Select *Applications > Add App*. .. Enter *SAML* in the search bar and from the options displayed select *SAML Custom Connector (Advanced)* that is provided by OneLogin, Inc. + @@ -51,7 +51,7 @@ image::sso-onelogin-5.png[scale=40] . Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. *Enable SSO*. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-roles-in-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-roles-in-prisma-cloud.adoc index a2f14f8e5c..4ce8317419 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-roles-in-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-roles-in-prisma-cloud.adoc @@ -6,7 +6,7 @@ Use roles to define the permissions for a specific account group. [.procedure] -. To view roles, select menu:Settings[Access Control > Roles]. +. To view roles, select *Settings > Access Control > Roles*. . To edit the details of a role, click the record and change any details. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles.adoc index 8913ea34cd..8a37bfecd0 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles.adoc @@ -16,7 +16,7 @@ An account group administrator can only view resources deployed within the cloud * *Account and Cloud Provisioning Admin*—Combines the permissions for the *Account Group Admin* and the *Cloud Provisioning Admin* to enable an administrator who is responsible for a line of business. With this role, in addition to being able to onboard cloud accounts, the administrator can access the dashboard, manage the security policies, investigate issues, view alerts and compliance details for the designated accounts only. -* *Cloud Provisioning Admin*—Permissions to onboard and manage cloud accounts from Prisma Cloud and the APIs, and the ability to create and manage the account groups. With this role access is limited to menu:Settings[Cloud Accounts] and menu:Settings[Account Groups] on the admin console. +* *Cloud Provisioning Admin*—Permissions to onboard and manage cloud accounts from Prisma Cloud and the APIs, and the ability to create and manage the account groups. With this role access is limited *Settings > Cloud Accounts* and *Settings > Account Groups* on the admin console. * *Build and Deploy Security*—Restricted permissions to DevOps users who need access to a subset of *Compute* capabilities and/or API access to run IDE, SCM and CI/CD plugins for Infrastructure as Code and image vulnerabilities scans. For example, the Build and Deploy Security role enables read-only permissions to review vulnerability and compliance scan reports on *Compute* and to manage and download utilities such as Defender images, plugins and twistcli. + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/view-audit-logs.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/view-audit-logs.adoc index bfb4a22838..7b97207c06 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/view-audit-logs.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/view-audit-logs.adoc @@ -11,7 +11,7 @@ NOTE: Audit logs older than 120 days are deleted. [.procedure] -. Select menu:Settings[Audit Logs]. +. Select *Settings > Audit Logs*. . Select a *Time Range* to view the activity details by users in the system. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/alert-payload.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/alert-payload.adoc index 1b57e4705b..b553400c5a 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/alert-payload.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/alert-payload.adoc @@ -146,7 +146,7 @@ image::alert-payload-1.png[scale=50] [NOTE] ==== -For alert notifications to include user attribution data, you must *Populate User Attribution In Alerts Notifications* ( menu:Settings[Enterprise Settings]). Including user attribution data may delay alert notifications because the information may not be available from the cloud provider when Prisma Cloud is ready to generate the alert. +For alert notifications to include user attribution data, you must *Populate User Attribution In Alerts Notifications* ( *Settings > Enterprise Settings*). Including user attribution data may delay alert notifications because the information may not be available from the cloud provider when Prisma Cloud is ready to generate the alert. ==== diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts.adoc index eafccfda04..0e9b0514e1 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts.adoc @@ -23,7 +23,7 @@ If you want to use automated remediation using serverless functions for your clo [.procedure] . Verify that Prisma Cloud has the required privileges to remediate the policies you plan to configure for automated remediation. -.. To view remediable policies, select *Policies* and set the filter to menu:Remediable[True]. +.. To view remediable policies, select *Policies* and set the filter to *Remediable > True*. + [TIP] ==== diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/create-an-alert-rule.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/create-an-alert-rule.adoc index 29cb23333e..ae5f5d5771 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/create-an-alert-rule.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/create-an-alert-rule.adoc @@ -18,10 +18,10 @@ Prisma® Cloud monitors your cloud resources as soon as you onboard a cloud acco When you create an alert rule, you can xref:configure-prisma-cloud-to-automatically-remediate-alerts.adoc#id77ff61ca-a7ae-4830-9c47-516c79be3f9a[Configure Prisma Cloud to Automatically Remediate Alerts], which enables Prisma Cloud to automatically run the CLI command required to remediate the policy violation directly in your cloud environments. Automated remediation is only available for default policies (Config policies only) that are designated as Remediable (image:remediable-icon.png[scale=90]) on the *Policies* page. -In addition, if you xref:../configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud.adoc#id24911ff9-c9ec-4503-bb3a-6cfce792a70d[Configure External Integrations on Prisma Cloud] with third-party tools, defining granular alert rules enables you to send only the alerts you need to enhance your existing operational, ticketing, notification, and escalation workflows with the addition of Prisma Cloud alerts on policy violations in all your cloud environments. To see any existing integrations, go to menu:Settings[Integrations]. +In addition, if you xref:../configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud.adoc#id24911ff9-c9ec-4503-bb3a-6cfce792a70d[Configure External Integrations on Prisma Cloud] with third-party tools, defining granular alert rules enables you to send only the alerts you need to enhance your existing operational, ticketing, notification, and escalation workflows with the addition of Prisma Cloud alerts on policy violations in all your cloud environments. To see any existing integrations, go to *Settings > Integrations*. [.procedure] -. Select menu:Alerts[Alert Rules] and *Add Alert Rule*. +. Select *Alerts > Alert Rules* and *Add Alert Rule*. . In *Add Details*, enter a *Name* for the alert rule and, optionally, a *Description* to communicate the purpose of the rule. @@ -78,7 +78,7 @@ Add a Reason, Requestor, and Approver for the automatic dismissal and click *Nex . (tt:[Optional]) xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#idcda01586-a091-497d-87b5-03f514c70b08[Send Prisma Cloud Alert Notifications to Third-Party Tools]. + -By default, all alerts triggered by the alert rule display on the *Alerts* page. If you xref:../configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud.adoc#id24911ff9-c9ec-4503-bb3a-6cfce792a70d[Configure External Integrations on Prisma Cloud], you can also send Prisma Cloud alerts triggered by this alert rule to third-party tools. For example, you can xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#id84f16f30-a2d0-44b7-85b2-4beaaef2f5bc[] or xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#id728ba82c-c17b-4e3e-baf2-131e292ec074[]. For Prisma Cloud Data Security, see xref:../prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.adoc#ida32d859b-724d-416f-9000-74fa6de13688[]. In addition, you can configure the alert rule to xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#id14fc2c3e-ce2a-4ff2-acb5-af764e49a838[]. +By default, all alerts triggered by the alert rule display on the *Alerts* page. If you xref:../configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud.adoc#id24911ff9-c9ec-4503-bb3a-6cfce792a70d[Configure External Integrations on Prisma Cloud], you can also send Prisma Cloud alerts triggered by this alert rule to third-party tools. For example, you can xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#id84f16f30-a2d0-44b7-85b2-4beaaef2f5bc[Send Alert Notifications to Amazon SQS] or xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#id728ba82c-c17b-4e3e-baf2-131e292ec074[Send Alert Notifications to Jira]. For Prisma Cloud Data Security, see xref:../prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.adoc#ida32d859b-724d-416f-9000-74fa6de13688[Generate Alerts for Data Policies]. In addition, you can configure the alert rule to xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#id14fc2c3e-ce2a-4ff2-acb5-af764e49a838[Send Alert Notifications Through Email]. + If you want to delay the alert notifications for Config alerts, you can configure the Prisma Cloud to *Trigger notification for config alert only after the alert is open for* a specific number of minutes. + @@ -106,6 +106,6 @@ image::add-alert-rule-configure-notifications-1.png[scale=30] + image::add-alert-rule-summary-1.png[scale=30] -. To verify that the alert rule triggers the expected alerts, select menu:Alerts[Overview] and ensure that you see the alerts that you expect to see there. +. To verify that the alert rule triggers the expected alerts, select *Alerts > Overview* and ensure that you see the alerts that you expect to see there. + If you configured the rule to xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#idcda01586-a091-497d-87b5-03f514c70b08[Send Prisma Cloud Alert Notifications to Third-Party Tools], make sure you also see the alert notifications in those tools. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/generate-reports-on-prisma-cloud-alerts.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/generate-reports-on-prisma-cloud-alerts.adoc index c1047e3ce2..30397ad921 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/generate-reports-on-prisma-cloud-alerts.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/generate-reports-on-prisma-cloud-alerts.adoc @@ -14,7 +14,7 @@ The overview report lists cloud resources by account group and aggregates inform [.procedure] -. Select menu:Alerts[Reports > +Add Alert Report]. +. Select *Alerts > Reports > +Add Alert Report*. . Enter a *Name* and select a *Report Type*. + diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/prisma-cloud-alert-resolution-reasons.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/prisma-cloud-alert-resolution-reasons.adoc index f7e0c750d0..e0df3207e3 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/prisma-cloud-alert-resolution-reasons.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/prisma-cloud-alert-resolution-reasons.adoc @@ -2,7 +2,7 @@ == Prisma Cloud Alert Resolution Reasons Review the different reasons an alert is closed on Prisma Cloud -When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on menu:Alerts[Overview] when you select an resolved alert and review the alert details for the violating resource. +When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on *Alerts > Overview* when you select an resolved alert and review the alert details for the violating resource. The table below lists the reasons: diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/saved-views.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/saved-views.adoc index 0eda23e105..2f9b9a2179 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/saved-views.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/saved-views.adoc @@ -15,7 +15,7 @@ Default (*System*) views are initially the opinionated suggestion of what that v [.procedure] . *Add View*. -.. Select menu:Alerts[Overview] to see the default views. Each view includes preset filters that display the most relevant alerts for the category. +.. Select *Alerts > Overview* to see the default views. Each view includes preset filters that display the most relevant alerts for the category. + image::prisma-cloud-alerts-2.png[scale=30] diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc index 02b8d9fe73..871a3f119b 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc @@ -55,7 +55,7 @@ You can send Prisma Cloud alert notifications to an Azure Service Bus queue. [.procedure] . xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue.adoc#idb37367ae-f85a-4117-909d-8c9f6e70255a[Integrate Prisma Cloud with Azure Service Bus Queue]. -. Select menu:Alerts[Alert Rules] and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. . Navigate to "Configure Notifications > Azure Service Bus Queue". @@ -101,7 +101,7 @@ The preview on the right gives you an idea of how your content will look. + image::alert-rules-custom-email-review-status.png[scale=15] -. Select menu:Alerts[Alert Rules] and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. . Navigate to "Configure Notifications > Email". @@ -130,7 +130,7 @@ image::alerts-alert-rules-set-alert-notification.png[scale=40] . Verify the alert notification emails. + -The email alert notification specifies the alert rule, account name, cloud type, policies that were violated, the number of alerts each policy violated, and the affected resources. Click the ** of alerts to view the Prisma Cloud menu:Alerts[Overview] page. +The email alert notification specifies the alert rule, account name, cloud type, policies that were violated, the number of alerts each policy violated, and the affected resources. Click the ** of alerts to view the Prisma Cloud *Alerts > Overview* page. + image::alerts-email-notification.png[] @@ -217,7 +217,7 @@ You can send alert notifications to Google Cloud Security Command Center (SCC). [.procedure] . xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-google-cloud-security-command-center.adoc#id01b3074f-c0bf-4b25-ba8c-49ef0fec940c[Integrate Prisma Cloud with Google Cloud Security Command Center (SCC)]. -. Select menu:Alerts[Alert Rules] and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. . Navigate to "Configure Notifications > Google CSCC". @@ -239,7 +239,7 @@ You can send alert notifications to ServiceNow. [.procedure] . xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc#id7923e9e1-612f-4a18-a030-f3470aec2fce[Integrate Prisma Cloud with ServiceNow]. -. Select menu:Alerts[Alert Rules] and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. . Navigate to "Configure Notifications > Service Now". @@ -262,7 +262,7 @@ You can send alert notifications to Webhooks. [.procedure] . xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-webhooks.adoc#id5e933950-2d7f-4581-b3ea-2c7203d261c2[Integrate Prisma Cloud with Webhooks]. -. Select menu:Alerts[Alert Rules] and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. . Navigate to "Configure Notifications > Webhook". @@ -286,7 +286,7 @@ You can send alert notifications to PagerDuty. [.procedure] . xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-pagerduty.adoc#id5c459fe7-787b-42a9-a3d0-19ab049c5777[Integrate Prisma Cloud with PagerDuty]. -. Select menu:Alerts[Alert Rules] and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. . Navigate to "Configure Notifications > Pager Duty". diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/suppress-alerts-for-prisma-cloud-anomaly-policies.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/suppress-alerts-for-prisma-cloud-anomaly-policies.adoc index b009439ccb..7a45da3ac4 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/suppress-alerts-for-prisma-cloud-anomaly-policies.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/suppress-alerts-for-prisma-cloud-anomaly-policies.adoc @@ -15,7 +15,7 @@ Only users granted Policies Read permissions are able to view the Anomaly Truste ==== [.procedure] -. Select menu:Settings[Anomalies > Anomaly Trusted List]. +. Select *Settings > Anomalies > Anomaly Trusted List*. + You must have the correct role, such as the System Administrator role, on Prisma Cloud to view or edit the Anomaly Settings page. See xref:../manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.adoc#id6627ae5c-289c-4702-b2ec-b969eaf844b3[Prisma Cloud Administrator Permissions] for the roles that have access. diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.adoc index 7dbcb16d62..0b61c57564 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.adoc @@ -22,7 +22,7 @@ To add an IP address to the trusted list: [.procedure] . Add an Alert IP address. -.. Select menu:Settings[Trusted IP Addresses > Add Trusted Alert IP Addresses] +.. Select *Settings > Trusted IP Addresses > Add Trusted Alert IP Addresses* + You must have the System Administrator role on Prisma Cloud to view or edit the Trusted IP Addresses page. See xref:../manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.adoc#id6627ae5c-289c-4702-b2ec-b969eaf844b3[Prisma Cloud Administrator Permissions]. @@ -38,7 +38,7 @@ image::add-alert-trusted-ips-1.png[scale=30] . Add a Login IP address. -.. Select menu:Settings[Trusted IP Addresses > Trusted Login IP Addresses > Add Trusted Login IP Addresses]. +.. Select *Settings > Trusted IP Addresses > Trusted Login IP Addresses > Add Trusted Login IP Addresses*. + You must have the System Administrator role on Prisma Cloud to view or edit the Trusted IP Addresses page. See xref:../manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.adoc#id6627ae5c-289c-4702-b2ec-b969eaf844b3[Prisma Cloud Administrator Permissions]. @@ -63,7 +63,7 @@ For the System Administrator role by default, Prisma Cloud checks that you are l . Add an IP Address to the *Anomaly Trusted List*. -.. Select menu:Settings[Anomalies > Anomaly Trusted List]. +.. Select *Settings > Anomalies > Anomaly Trusted List*. + You must have the correct role, such as the System Administrator role on Prisma Cloud to view or edit the Anomaly Settings page. See xref:../manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.adoc[Prisma Cloud Administrator Permissions] for the roles that have access. @@ -71,7 +71,7 @@ You must have the correct role, such as the System Administrator role on Prisma + Make sure that you know the IP address that you are logged in from and the CIDR range to which your IP address belongs. -.. menu:Add{sp}Trusted{sp}List[IP Address]. +.. *Add Trusted List > IP Address*. + image::add-anomaly-trusted-ips-1.png[scale=30] @@ -104,11 +104,11 @@ Only the administrator who created the list can modify the name, description, Ac . Add one or more Domain Names to the *Anomaly Trusted List*. -.. Select menu:Settings[Anomalies > Anomaly Trusted List]. +.. Select *Settings > Anomalies > Anomaly Trusted List*. + You must have the correct role, such as the System Administrator role on Prisma Cloud to view or edit the Anomaly Settings page. See xref:../manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.adoc#id6627ae5c-289c-4702-b2ec-b969eaf844b3[Prisma Cloud Administrator Permissions] for the roles that have access. -.. menu:Add{sp}Trusted{sp}List[Domain]. +.. *Add Trusted List > Domain*. + image::add-trusted-list-dns-policies-1.png[scale=30] diff --git a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/view-respond-to-prisma-cloud-alerts.adoc b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/view-respond-to-prisma-cloud-alerts.adoc index 82cc183ca3..6740f85544 100644 --- a/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/view-respond-to-prisma-cloud-alerts.adoc +++ b/docs/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/view-respond-to-prisma-cloud-alerts.adoc @@ -47,7 +47,7 @@ image::filter-alerts-criteria-1.png[scale=50] ** As needed, *Download* (image:download-alerts.png[scale=45]) the filtered list of alert details to a CSV file. + -When you add a cloud account on Prisma Cloud and then delete it, you can no longer view alerts associated with that account on menu:Alerts[Overview], and the alert count does not include alerts for a deleted cloud account. If you add the account back on Prisma Cloud within a 24-hour period, the existing alerts will display again. After 24 hours, the alerts are resolved with the resolution reason *Account Deleted* and then permanently deleted. +When you add a cloud account on Prisma Cloud and then delete it, you can no longer view alerts associated with that account on *Alerts > Overview*, and the alert count does not include alerts for a deleted cloud account. If you add the account back on Prisma Cloud within a 24-hour period, the existing alerts will display again. After 24 hours, the alerts are resolved with the resolution reason *Account Deleted* and then permanently deleted. . *Address alerts.* + diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/add-a-new-compliance-report.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/add-a-new-compliance-report.adoc index 39030e111a..dbddd28ae1 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/add-a-new-compliance-report.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/add-a-new-compliance-report.adoc @@ -12,7 +12,7 @@ Monitor your single or multi-cloud environment for adherence to mandated complia . Create a new report. + -.. Select menu:Compliance[Overview] and select a standard from the standards list below the dashboard. +.. Select *Compliance > Overview* and select a standard from the standards list below the dashboard. .. On the compliance standard page, use the filters above to narrow your data set by date and cloud account type. Click *Create Report*. @@ -30,7 +30,7 @@ If you select *Recurring* specify how often and when you want the report to run. [#id0800bded-7633-40c6-836f-16d29fdf89a7] === View and Manage Reports -Compliance reports once generated, automatically run at the scheduled time. Select menu:Compliance{sp}>{sp}Reports[] to view a list of all available compliance reports. A graphical view of the report displays as shown below. The *Urgent Assets* section captures a snapshot view of alerts originating from assets that do not comply with the standard referenced in the report.*Compliance Trends* provides a a graphical view of the total number of assets and their compliance status (Pass/Fail). This information is also available as a corresponding donut chart visualization. +Compliance reports once generated, automatically run at the scheduled time. Select *Compliance > Reports* to view a list of all available compliance reports. A graphical view of the report displays as shown below. The *Urgent Assets* section captures a snapshot view of alerts originating from assets that do not comply with the standard referenced in the report.*Compliance Trends* provides a a graphical view of the total number of assets and their compliance status (Pass/Fail). This information is also available as a corresponding donut chart visualization. image::compliance-report-view.png[scale=20] diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/create-a-custom-compliance-standard.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/create-a-custom-compliance-standard.adoc index a4dc1b0e36..d5c3c4a1c9 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/create-a-custom-compliance-standard.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-compliance/create-a-custom-compliance-standard.adoc @@ -12,7 +12,7 @@ You can create an all new standard or clone an existing compliance standard and [.procedure] . Clone an existing compliance standard to customize. -.. On Prisma Cloud, select menu:Compliance[Standards]. +.. On Prisma Cloud, select *Compliance > Standards*. .. Hover over the standard you want to clone, and click *Clone*. + @@ -22,7 +22,7 @@ image::compliance-report-clone.png[] . Create a compliance standard from scratch. -.. On Prisma Cloud, select menu:Compliance[Standards > + Add New]. +.. On Prisma Cloud, select *Compliance > Standards > + Add New*. + image::add-new-compliance-standard.png[scale=60] @@ -46,7 +46,7 @@ image::add-new-section.png[scale=60] ... Enter a name for the *Section* a *Description* and click Save image:save-icon.png[scale="30"]. + -Although you have added the custom standard to Prisma Cloud, it is not listed on the Compliance Standards table on menu:Compliance[Overview] until you add at least one policy to it. +Although you have added the custom standard to Prisma Cloud, it is not listed on the Compliance Standards table on *Compliance > Overview* until you add at least one policy to it. .. Add policies to your custom compliance standard. + diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/disable-pcds-and-offboard-aws-account.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/disable-pcds-and-offboard-aws-account.adoc index c74af0d004..fbaea65f5d 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/disable-pcds-and-offboard-aws-account.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/disable-pcds-and-offboard-aws-account.adoc @@ -3,11 +3,11 @@ * *Disable Prisma Cloud Data Security* + -** On menu:Settings[Cloud Accounts], select the AWS account for which you want to disable Data Security, click *Edit*, and deselect the *Data Security* option. Prisma Cloud stops ingestion of data stored in S3 buckets for the account. The Data Security information from earlier scans are not deleted on Prisma Cloud, and you have access to the alerts that were generated during the period when Data Security was enabled. +** On *Settings > Cloud Accounts*, select the AWS account for which you want to disable Data Security, click *Edit*, and deselect the *Data Security* option. Prisma Cloud stops ingestion of data stored in S3 buckets for the account. The Data Security information from earlier scans are not deleted on Prisma Cloud, and you have access to the alerts that were generated during the period when Data Security was enabled. + If you do not plan to re-enable Data Security for this AWS account, you can delete the SNS topic to avoid the additional cost of that SNS topic sending messages to Prisma Cloud. You can also stop sending S3 events to the CloudTrail bucket, if you had set it up only for Prisma Cloud. -** You can easily re-enable Data Security on menu:Settings[Cloud Accounts]. Select the AWS account for which you want to enable Data Security, click *Edit*, and select the *Data Security* option. Prisma Cloud starts ingesting data again and your usage charge will resume. All the data (before you disabled Data Security) and new data (after you re-enabled Data Security) will be available for you. +** You can easily re-enable Data Security on *Settings > Cloud Accounts*. Select the AWS account for which you want to enable Data Security, click *Edit*, and select the *Data Security* option. Prisma Cloud starts ingesting data again and your usage charge will resume. All the data (before you disabled Data Security) and new data (after you re-enabled Data Security) will be available for you. * *Offboard and onboard an AWS account within 24 hours* + diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-aws-account.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-aws-account.adoc index 202893f551..06dfd9b6ab 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-aws-account.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-aws-account.adoc @@ -91,7 +91,7 @@ image::aws-edit-ds-3.png[scale=30] + Choose to scan all your resources or you can choose to customize what you want to scan. + -* When you select Scan All, Prisma Cloud will Forward scan and Backward scan all eligible objects. The forward scan inspects any new or modified files, and the backward scan is retrospective, which means that it inspects files that exist in the storage bucket. The xref:../monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc#supported-file-extensions[] of files that you want to scan within your storage bucket will determine how many Prisma Cloud credits are used for Data Security. +* When you select Scan All, Prisma Cloud will Forward scan and Backward scan all eligible objects. The forward scan inspects any new or modified files, and the backward scan is retrospective, which means that it inspects files that exist in the storage bucket. The xref:../monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc#supported-file-extensions[types] of files that you want to scan within your storage bucket will determine how many Prisma Cloud credits are used for Data Security. * When you select Custom Scan, Prisma Cloud will Forward scan and/or Backward scan eligible objects in selected resources. diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-azure-account-pcds.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-azure-account-pcds.adoc index 842e63428c..c38d7a915c 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-azure-account-pcds.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-azure-account-pcds.adoc @@ -59,7 +59,7 @@ Begin here if you want to add your Azure tenant on Prisma Cloud and start scanni . *Enable Data Security* to scan all your resources or custom resources in your Azure tenant. -.. Navigate to menu:Settings[Cloud Accounts > Azure]. +.. Navigate to *Settings > Cloud Accounts > Azure*. .. Click the *Eye* (View Cloud Account) icon next to the Azure tenant for which you want to enable Data Security. diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/edit-an-existing-aws-account.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/edit-an-existing-aws-account.adoc index cfe903f66c..53492755e6 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/edit-an-existing-aws-account.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/edit-an-existing-aws-account.adoc @@ -8,9 +8,9 @@ If you want to enable Data Security on an AWS account that you have previously o [.procedure] . Select the AWS Account and enable *Data Security*. -.. Select menu:Settings[Cloud Accounts]. +.. Select *Settings > Cloud Accounts*. -.. Click the Eye (View Cloud Account) icon next to the AWS account for which you want to enable Data Security. +.. Click the *Eye* (View Cloud Account) icon next to the AWS account for which you want to enable Data Security. .. Click *Configure* under Data Security. @@ -18,11 +18,11 @@ If you want to enable Data Security on an AWS account that you have previously o . [[id596f6d05-ab1c-4556-8274-9289f6ecdb1e]] Update your existing stack. -.. Download the CFT, login to the AWS Console and complete steps 1 - 8 as displayed on screen to update your stack. +.. Download the CFT, login to the AWS Console and complete steps 1-8 as displayed on screen to update your stack. + image::aws-pcds-edit-ac-configure.png[scale=50] -.. Go to menu:AWS{sp}Management{sp}Console[Stacks]. +.. *AWS Management Console > Stacks*. + * Select PrismaCloudApp Stack (if you have previously used the CFT to deploy PrismaCloudApp Stack) and *Update*. @@ -38,7 +38,7 @@ image::image35.png[scale=40] + image::image29.png[scale=50] -.. Copy the *Callback URL* from menu:Settings[Cloud Accounts > Configure Account] +.. Copy the *Callback URL* from *Settings > Cloud Accounts > Configure Account* .. In the Specify stack details page on the AWS Management Console, paste the *Callback URL* in the *SNSEndpoint* field. + @@ -54,23 +54,23 @@ image::image2.png[scale=40] + image::image59.png[scale=35] -.. On Prisma Cloud, paste Role ARN in the menu:Settings[Cloud Accounts > Configure Account], to replace the existing Role ARN. +.. On Prisma Cloud, paste Role ARN in the *Settings > Cloud Accounts > Configure Account*, to replace the existing Role ARN. .. Copy SNS ARN from the Outputs tab for the stack. + image::image9.png[scale=35] -.. Paste the *SNS Topic: ARN* in the menu:Settings[Cloud Accounts > Configure Account] and click *Next* to continue. +.. Paste the *SNS Topic: ARN* in *Settings > Cloud Accounts > Configure Account* and click *Next* to continue. -include::../../fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc[] +. xref:../../fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc[Allow] Prisma Cloud to access your bucket. -include::../../fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id50a63347-4291-4210-99fa-f51de04106be.adoc[] +. xref:../../fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f-id50a63347-4291-4210-99fa-f51de04106be.adoc[Set up Forward Scan] to scan your cloud resources for data security issues. . (tt:[Optional]) Follow this step only if the objects inside your S3 buckets are encrypted with Customer Managed Keys (CMK). + The step varies depending on whether the CMK is located within the same AWS account or a different one: + -* When the CMK is in the same AWS account that you’re onboarding, the Prisma Cloud role needs additional permissions to access the key. Add the following statement to the Prisma Cloud role and update the resources array with all the CMK ARNs: +* When the CMK is in the same AWS account that you are onboarding, the Prisma Cloud role needs additional permissions to access the key. Add the following statement to the Prisma Cloud role and update the resources array with all the CMK ARNs: + [userinput] ---- diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/enable-data-security-for-aws-org-account.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/enable-data-security-for-aws-org-account.adoc index c64cbc7544..1be2d10a2a 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/enable-data-security-for-aws-org-account.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/enable-data-security-for-aws-org-account.adoc @@ -8,7 +8,7 @@ Onboard AWS organization account and enable data security. After onboarding an AWS organization account, you can configure data security and start scanning your S3 buckets. Prisma Cloud creates two separate sets of AWS resources based on whether your onboarded account is an individual account or an organization account. You can onboard all the Organization Units (OUs) and Member Accounts under root or pick and choose the OUs and Member Accounts under root for selective onboarding. You must onboard the AWS organization first and you can then configure Prisma Cloud Data Security. [.procedure] -. After you successfully https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-your-aws-account/add-aws-organization-to-prisma-cloud.html#idafad1015-aa36-473e-8d6a-a526c16d2c4f[onboard] your AWS organization account, go to menu:Settings[Cloud Accounts > Account Overview] and select *Configure* to configure data security for your AWS organization account. +. After you successfully https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-your-aws-account/add-aws-organization-to-prisma-cloud.html#idafad1015-aa36-473e-8d6a-a526c16d2c4f[onboard] your AWS organization account, go to *Settings > Cloud Accounts > Account Overview* and select *Configure* to configure data security for your AWS organization account. + [NOTE] ==== @@ -50,7 +50,7 @@ image::aws-org-pcds-2-3.png[scale=40] + Complete the onscreen instructions to create the StackSet. -.. StackSet deployment will deploy the stack to all member accounts associated with the master account. On the AWS management console, select menu:Services[CloudFormation > StackSets > Create StackSet] for the member account. +.. StackSet deployment will deploy the stack to all member accounts associated with the master account. On the AWS management console, select *Services > CloudFormation > StackSets > Create StackSet* for the member account. + image::aws-org-4.png[scale=40] @@ -167,8 +167,8 @@ After you successfully enable the data security module for your AWS organization + image::aws-org-pcds-9.png[scale=40] + -If the *Data Security unsuccessfully configured* error displays, see xref:../troubleshoot-data-security-errors.adoc#troubleshoot-data-security-errors[] to resolve the issues. +If the *Data Security unsuccessfully configured* error displays, see xref:../troubleshoot-data-security-errors.adoc#troubleshoot-data-security-errors[Troubleshoot Data Security Errors] to resolve the issues. -. You can verify the configuration on the menu:Settings[Data > Scan Settings] page. +. You can verify the configuration on the *Settings > Data > Scan Settings* page. + image::aws-org-pcds-4-1.png[scale=40] diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/get-started.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/get-started.adoc index afcc0a8b68..08ef6d888a 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/get-started.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/get-started.adoc @@ -17,7 +17,7 @@ See xref:../../get-started-with-prisma-cloud/access-prisma-cloud.adoc#id3d308e0b + image::product-subscription.png[scale=40] -* Or select menu:Dashboard[Data] or menu:Inventory[Data] +* Or select *Dashboard > Data* or *Inventory > Data* + image::inventory-data.png[scale=40] diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-dashboard.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-dashboard.adoc index 8184e8dba3..2275e10472 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-dashboard.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-dashboard.adoc @@ -4,41 +4,51 @@ The Data Dashboard provides complete visibility into your S3 storage. The dashbo image::data-db-2.png[scale=40] -. Total Buckets +* Total Buckets + -This widget shows the total number of buckets (except empty buckets) discovered in your AWS Account. Buckets are categorized into Private and Public. +This widget shows the total number of buckets (except empty buckets) discovered in your AWS Account. Buckets are categorized as Private and Public. + ** Private buckets are internal and not publicly accessible. -** Public Buckets are accessible to everyone. See xref:exposure-evaluation.adoc#exposure-evaluation[] to learn how exposure is calculated. +** Public Buckets are accessible to everyone. See xref:exposure-evaluation.adoc#exposure-evaluation[exposure evaluation] to learn how exposure is calculated. + -You can click on either the Private or Public circle in the widget to view those buckets in the xref:data-inventory.adoc#data-inventory[]. +Click on either the Private or Public circle in the widget to view those buckets in the xref:data-inventory.adoc#data-inventory[data inventory] view. -. Total Objects +* Total Objects + This widget shows the total number of objects discovered in all your S3 storage buckets. Objects are categorized into Public, Sensitive and Malware. Public objects are accessible to everyone. Sensitive objects contain data such as Financial Information, Healthcare, PII and Intellectual Property. Malware objects contain malicious code. + -Click on either the Public, Sensitive of Malware circle in the widget to see those objects in the xref:data-inventory.adoc#data-inventory[] view. +Click on either the Public, Sensitive of Malware circle in the widget to see those objects in the xref:data-inventory.adoc#data-inventory[data inventory] view. -. Top Publicly Exposed Objects By Profile +* Top Publicly Exposed Objects By Profile + -.. This widget shows you top 5 publicly exposed objects with Data Profiles of Financial Information, Healthcare, PII and Intellectual Property. Click on any of the bars in the widget to view those objects in the xref:data-inventory.adoc#data-inventory[]. +This widget shows you top 5 publicly exposed objects with Data Profiles of Financial Information, Healthcare, PII and Intellectual Property. ++ +Click on any of the bars in the widget to view those objects in the xref:data-inventory.adoc#data-inventory[data inventory] view. -. Top Object Owners by Exposure +* Top Object Owners by Exposure ++ +This widget shows you top 5 objects owner with exposure (Public, Private or Conditional). + -This widget shows you top 5 objects owner with exposure (Public, Private or Conditional). You can click on any of the bars in the widget to view objects in the xref:data-inventory.adoc#data-inventory[]. +Click on any of the bars in the widget to view objects in the xref:data-inventory.adoc#data-inventory[data inventory] view. -. Data Alerts by Severity +* Data Alerts by Severity ++ +This widget shows you the breakdown of Data Alerts by Severity (High, Medium, Low). The data for this widget is based on the timestamp of when the alert was generated, while data on other widgets use the objects created/updated timestamp. + -This widget shows you the breakdown of Data Alerts by Severity (High, Medium, Low). You can click on any particular severity segment in the circle to see those Alerts in the Alerts view. The data for this widget is based on the timestamp of when the alert was generated, while data on other widgets use the objects created/updated timestamp. +Click on any particular severity segment in the circle to see those Alerts in the Alerts view. -. Top Data Policy Violations +* Top Data Policy Violations + -.. This widget shows you the top Data Policy violated by objects in your S3 buckets. The data for this widget is based on the timestamp of when the alert was generated, while data on other widgets use the objects created/updated timestamp.You can click on any bar in the widget to see those Alerts in the Alerts view. +This widget shows you the top Data Policy violated by objects in your S3 buckets. The data for this widget is based on the timestamp of when the alert was generated, while data on other widgets use the objects created/updated timestamp. ++ +Click on any bar in the widget to see those Alerts in the Alerts view. -. Object Profile by Region +* Object Profile by Region ++ +This chart shows object profiles such as Financial Information, Healthcare, PII and Intellectual Property across AWS Regions. + -.. This chart shows object profiles such as Financial Information, Healthcare, PII and Intellectual Property across AWS Regions. Click on any region in the widget to see those objects in the xref:data-inventory.adoc#data-inventory[] view. +Click on any region in the widget to see those objects in the xref:data-inventory.adoc#data-inventory[data inventory] view. + image::data-db-3.png[scale=30] diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-inventory.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-inventory.adoc index 6483b03f2b..ad8a1876e9 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-inventory.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-inventory.adoc @@ -1,10 +1,10 @@ [#data-inventory] == Data Inventory -The new Data Inventory ( menu:Inventory[Data]) provides information on the number of S3 storage buckets being monitored and summary data cards that provide status on how objects are exposed—public, sensitive, or malware, along with a detailed inventory view of objects across accounts, account groups, buckets and regions. It also provides a number of filters such as Time Range, Bucket Name, Bucket Exposure, Object Profile, Object Pattern to find the specific buckets or objects they are interested in. +The new Data Inventory (*Inventory > Data*) provides information on the number of S3 storage buckets being monitored and summary data cards that provide status on how objects are exposed—public, sensitive, or malware, along with a detailed inventory view of objects across accounts, account groups, buckets and regions. It also provides a number of filters such as Time Range, Bucket Name, Bucket Exposure, Object Profile, Object Pattern to find the specific buckets or objects they are interested in. image::data-inv-1.png[scale=30] -. The Data Inventory page displays 6 _data cards_: +* The Data Inventory page displays 6 _data cards_: + ** Total Buckets + @@ -64,7 +64,7 @@ Scanned content is classified under one of the following profiles: Financial Inf ** *Not Sensitive*—The object does not contain sensitive information for the data profiles and data patterns used to scan. -** *Not Supported*—File type is not supported for scanning. See xref:supported-file-extensions.adoc#supported-file-extensions[]. +** *Not Supported*—File type is not supported for scanning. See xref:supported-file-extensions.adoc#supported-file-extensions[supported file extensions]. ** *Too Large*—File size is greater than 20MB. @@ -98,7 +98,7 @@ For malware you can review the following information *** *Failed*—Object could not be submitted for scanning. -*** *Not Supported*—File type is not supported for scanning. See xref:supported-file-extensions.adoc#supported-file-extensions[]. +*** *Not Supported*—File type is not supported for scanning. See xref:supported-file-extensions.adoc#supported-file-extensions[supported file extensions]. *** *Too Large*—File size is greater than 20MB. @@ -124,7 +124,7 @@ For malware you can review the following information * Service Name + -** Name of cloud storage service (e.g. S3) +** Name of cloud storage service (for example, S3) * Last Modified + diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.adoc index 12e3404184..054750c858 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.adoc @@ -16,7 +16,7 @@ Prisma Cloud includes default data policies to help you start scanning. These da A Data Profile is a collection of Data Patterns in Prisma Cloud that you can use to scan for sensitive data in your cloud resources. Prisma Cloud provides you the ability to use any of the predefined Data Profiles, or the option to create a custom Data Profile. With a custom data profile, you can combine predefined and custom Data Patterns to meet your content scanning use cases. [.procedure] -. Select menu:Settings[Data > Data Profile]. +. Select *Settings > Data > Data Profile*. . *+ Add New* and enter a *Data Profile Name* and an optional *Data Profile Description*. + @@ -58,7 +58,7 @@ image::view-data-profile-in-table.png[scale=18] Data Patterns are the entities used to scan files or objects for any sensitive content. Prisma Cloud supports over 600 predefined Data Patterns such as API Credentials Client ID, Healthcare Provider, and Tax ID. A Data Pattern is used with a Data Profile to scan for risks and protect your data. You also have the ability to clone and edit custom patterns after you create them; predefined data patterns cannot be deleted or modified. [.procedure] -. Select menu:Settings[Data > Data Patterns]. +. Select *Settings > Data > Data Patterns*. . *+Add New* to create a new pattern. @@ -84,7 +84,7 @@ image::view-data-patterns-table.png[scale=18] You must first onboard an account and enable Data Security before you can create a custom data policy. [.procedure] -. Select menu:Policies[Add Policy > Data]. +. Select *Policies > Add Policy > Data*. + Enter a Policy Name, Description, Severity, and Labels for the new policy. @@ -94,7 +94,7 @@ You can select one of the predefined data profiles, such as Financial Informatio . Select the File Exposure. + -Exposure can be Private, Public, Conditional (AWS only), or External (Azure only). See xref:exposure-evaluation.adoc#exposure-evaluation[]. +Exposure can be Private, Public, Conditional (AWS only), or External (Azure only). See xref:exposure-evaluation.adoc#exposure-evaluation[exposure evaluation]. . Select the *File Extension* that you want to scan for sensitive information. + @@ -135,18 +135,18 @@ Prisma Cloud Data Security only supports—Amazon SQS, Splunk, and Webhook integ . View data policy alerts and scan results. -.. Select menu:Alerts[Overview]. +.. Select *Alerts > Overview*. ... Filter on Policy Type—Data, to view all alerts related to Data policies. ... Select an alert to view details. + -Click Bucket Name to see bucket information in the xref:data-inventory.adoc#data-inventory[]. +Click Bucket Name to see bucket information in the xref:data-inventory.adoc#data-inventory[data inventory]. + -Click Object Name to see object information in Data Inventory, xref:object-explorer.adoc#object-explorer[]. +Click Object Name to see object information in Data Inventory, xref:object-explorer.adoc#object-explorer[object explorer]. + Click on Alert Rule to see the Alert Rule that generates this particular instance -.. Select menu:Dashboard[Data.] +.. Select *Dashboard > Data*. + The *Top Publicly Exposed Objects by Data Profile* widget and the *Object Data Profile Region* map give you a view into how your content is exposed. diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-security-settings.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-security-settings.adoc index 13e6e75e04..f4f16431f1 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-security-settings.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-security-settings.adoc @@ -3,9 +3,9 @@ The scan settings for data security allows you to configure scans for additional resources (buckets), view the data profiles and the associated data patterns, and modify what you want to scan. -After you add the cloud accounts that you want to scan using Prisma Cloud, the data security configurations that define what profiles and patterns are used to scan your files stored in the storage bucket, how sensitive information is displayed when there is a pattern match, and any modifications to enable and disable scans for specific buckets are available on menu:Settings[Data]. +After you add the cloud accounts that you want to scan using Prisma Cloud, the data security configurations that define what profiles and patterns are used to scan your files stored in the storage bucket, how sensitive information is displayed when there is a pattern match, and any modifications to enable and disable scans for specific buckets are available on *Settings > Data*. -. Select menu:Settings[Data > Scan Settings]. +. Select *Settings > Data > Scan Settings*. + The table view displays a list of all storage resources across the cloud accounts that you have added to Prisma Cloud. Buckets that are deleted after onboarding are not removed from this page. + @@ -48,7 +48,7 @@ If Prisma Cloud finds sensitive data before reaching 10% or 1TB, it stops the sc * *Sensitive Data and Malware in Publicly Exposed Objects* scan detects which publicly exposed objects contain sensitive data and malware (5 credits for exposure scan on all objects and extra 25 credits for full scan on only publicly exposed objects). -* *Public Exposure, Sensitive Data and Malware in All Objects* scan detects public exposure, sensitive data, and malware on all objects (5 credits for exposure scan on all objects and extra 25 credits for full scan on all eligible objects based on https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/supported-file-extensions#supported-file-extensions[file types and sizes]. +* *Public Exposure, Sensitive Data and Malware in All Objects* scan detects public exposure, sensitive data, and malware on all objects (5 credits for exposure scan on all objects and extra 25 credits for full scan on all eligible objects) based on https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/supported-file-extensions#supported-file-extensions[file types and sizes]. + image::a-la-carte-scan-4.png[scale=40] @@ -68,13 +68,13 @@ image::data-inventory-1.png[scale=40] + By default, the predefined profiles—Financial Information, Healthcare, Intellectual Property, and PII—are enabled. To disable a data profile, toggle *Enabled* for one or more data profile. When disabled, the patterns associated with the profile are not used to discover sensitive content in your storage buckets. + -To create custom data profiles and patterns and generate alerts for data policy violations, see xref:data-policies.adoc#data-policies[]. +To create custom data profiles and patterns and generate alerts for data policy violations, see xref:data-policies.adoc#data-policies[data policies]. + image::data-profiles-1.png[scale=40] . Select a Data Profile to see all the Data Patterns included within the profile. + -To add a custom data profile, see xref:data-policies.adoc#data-policies[]. +To add a custom data profile, see xref:data-policies.adoc#data-policies[data policies]. + image::dlp-scan-settings-data-patterns-1.png[scale=40] @@ -82,12 +82,12 @@ image::dlp-scan-settings-data-patterns-1.png[scale=40] + image::data-patterns-1.png[scale=40] -. Select xref:mask-sensitive-data-on-prisma-cloud.adoc#id67d7e5c7-6f23-45f2-b7c3-79c5fde93d17[] to control the exposure of sensitive data. +. Select xref:mask-sensitive-data-on-prisma-cloud.adoc#id67d7e5c7-6f23-45f2-b7c3-79c5fde93d17[mask sensitive data on prisma cloud] to control the exposure of sensitive data. + image::pcds-snippet-masking.png[scale=50] . Learn how to request for an increase in Data Security scan quota.With Prisma Cloud Data Security, the _Freemium_ experience offers 3 credits per tenant, before you are charged for using the Data Security module. + -include::../../fragments/features-at-a-glance-id89f15e0e-2831-4680-b5f5-5cfeb8627296.adoc[] +The default scan quota for each tenant is 1500 credits; this quota allows you to control how much data is scanned so that you can align your organizational DLP budget with the amount of data that is scanned. This 1500 credits limit is adjustable and you can open a support ticket with Prisma Cloud Customer Success to increase it and balance your costs, while also ensuring that you're using Prisma Cloud Data Security to scan the file types that you want to secure. + image::data-security-scan-quota-1.png[scale=40] diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/exposure-evaluation.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/exposure-evaluation.adoc index 70ad1bc066..796d569527 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/exposure-evaluation.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/exposure-evaluation.adoc @@ -39,6 +39,7 @@ tt:[Azure only] |If the resource is Private, but can be accessed by external collaborators, then the resource can be accessed by external vendors also. |=== + *How is Exposure Evaluated?* This is dependent on each CSP, here we will look closer at AWS and S3 service. S3 access evaluation performs a least-privilege based evaluation. This means a default Deny, explicit Deny takes precedence over any Allow. @@ -50,43 +51,29 @@ image::prisma-cloud-data-security-bucket-evaluation-logic.png[scale=60] * Normalize all controls into a Policy Document (i.e. Bucket ACL, Bucket Policy) * Evaluate all policy documents normalized above following the steps outlined above in the diagram. The evaluation is checked against a known set of S3 specific API methods/Actions to check for allow and/or deny. -+ -Supported Resource Events are: -+ -[cols="100%a"] -|=== -|For AWS +[cols="40%a,60%a"] +|=== +|*Supported Resource Events* +|*Description* +|For AWS |DeleteBucket +CreateBucket -|CreateBucket - - -|DeleteBucketPolicy - - -|PutBucketAcl +DeleteBucketPolicy +PutBucketAcl -|PutBucketPolicy +PutBucketPolicy -|=== -+ -[cols="100%a"] -|=== |For Azure - - |Microsoft.Resources.ResourceDeleteSuccess +Microsoft.Resources.ResourceWriteSuccess -|Microsoft.Resources.ResourceWriteSuccess - - -|Microsoft.Resources.ResourceActionSuccess - +Microsoft.Resources.ResourceActionSuccess |=== @@ -100,63 +87,41 @@ Supported Resource Events are: *Object Exposure Evaluation* * The same steps are followed again as resource exposure influences object exposure. In addition to the normalized resource ACL and resource policy we also normalize the object ACL and factor it into the evaluation. -+ -Supported Object Events are: -+ -[cols="100%a"] -|=== -|For AWS - - -|DeleteObject (from CLI, limitation of AWS+++{Unhandled element xref}+++ -) - - -|PutObject +[cols="40%a,60%a"] +|=== +|*Supported Object Events* +|*Description* -|PutObjectAcl +|For AWS +|DeleteObject (from CLI, limitation of AWS) +PutObject -|PutObjectTagging +PutObjectAcl +PutObjectTagging -|DeleteObjectTagging +DeleteObjectTagging -|=== -[cols="100%a"] -+ -|=== |For Azure - - |Microsoft.Storage.DirectoryDeleted +Microsoft.Storage.DirectoryRenamed -|Microsoft.Storage.DirectoryRenamed +CreateFile +PutBlob -|CreateFile +PutBlockList +DeleteFile -|PutBlob +RenameFile - -|PutBlockList - - -|DeleteFile - - -|RenameFile - - -|DeleteBlob +DeleteBlob |=== -* All steps for resource policy evaluation are followed again to determine the eventual exposure verdict of the file or object. - - - +* All steps for resource policy evaluation are followed again to determine the eventual exposure verdict of the file or object. \ No newline at end of file diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/mask-sensitive-data-on-prisma-cloud.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/mask-sensitive-data-on-prisma-cloud.adoc index 6f86801a27..af715db727 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/mask-sensitive-data-on-prisma-cloud.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/mask-sensitive-data-on-prisma-cloud.adoc @@ -3,10 +3,10 @@ [#id67d7e5c7-6f23-45f2-b7c3-79c5fde93d17] == Mask Sensitive Data on Prisma Cloud -Prisma Cloud Data Security can now mask how data is stored in _snippets_. A snippet is a piece of data that matches the xref:data-policies.adoc#idd48115a7-0b21-41d1-aaeb-da15099564e9[] that you want to identify within your files. Snippet masking enables you to control how this sensitive data, such as credit card numbers or Social Security numbers, displays to administrators who can view the snippet within Prisma Cloud. +Prisma Cloud Data Security can now mask how data is stored in _snippets_. A snippet is a piece of data that matches the xref:data-policies.adoc#idd48115a7-0b21-41d1-aaeb-da15099564e9[data policies] that you want to identify within your files. Snippet masking enables you to control how this sensitive data, such as credit card numbers or Social Security numbers, displays to administrators who can view the snippet within Prisma Cloud. [.procedure] -. Select menu:Settings[Data > Snippet Masking.] +. Select *Settings > Data > Snippet Masking*. . Select your masking option. + @@ -18,7 +18,7 @@ image::use-snippet-masking.png[scale=20] + Before you can view a masked snippet, you will need to xref:../enable-data-security-module/get-started.adoc[enable data security], https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/enable-data-security-module/add-a-new-aws-account.html[add an AWS account and enable data security], and https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies.html#data-policies[use the data policies to scan]. + -.. Select menu:Inventory[Data > Total Resources] +.. Select *Inventory > Data > Total Resources*. .. In the *BUCKET NAME* column, click the bucket that you want to analyze. + @@ -30,6 +30,6 @@ image::snippet-masking-object-names.png[] .. View the masked snippet. + -The *Snippet Status* column displays the current xref:data-inventory.adoc#data-inventory[] of the scan. In order to view your masked data the *Snippets Status* must show a hyperlink with the anchor text of *Available*. Below is an example of the partial mask applied: +The *Snippet Status* column displays the current xref:data-inventory.adoc#data-inventory[data inventory] of the scan. In order to view your masked data the *Snippets Status* must show a hyperlink with the anchor text of *Available*. Below is an example of the partial mask applied: + image::snippet-masking-mask-applied.png[scale=25] diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/what-is-included-with-prisma-cloud-data-security.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/what-is-included-with-prisma-cloud-data-security.adoc index 4eada2b723..2800d0ef8e 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/what-is-included-with-prisma-cloud-data-security.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-data-security/what-is-included-with-prisma-cloud-data-security.adoc @@ -1,6 +1,6 @@ [#features-at-a-glance] == What is Included with Prisma Cloud Data Security? -* Azure Blob Storage and AWS S3 support for Prisma Cloud tenants in the Canada, EMEA, Singapore, and USA regions. +* Azure Blob Storage and AWS S3 support for Prisma Cloud tenants in the Canada, EMEA, and USA regions. + [NOTE] ==== @@ -8,7 +8,7 @@ If you are using the Prisma Cloud tenant in Canada, Prisma Cloud Data Security w ==== -* _Freemium_ experience that offers 3 credits per tenant, before you are charged for using the Prisma Cloud Data Security module. When your data exceeds the freemium threshold, you use credits from the Prisma Cloud Enterprise Edition license. You can apply the free 3 credits to 600GB of exposure scanning or 100GB of sensitive and malware scanning, after which the cost will be adjusted based on scan capability. For full scan, all selected data will be scanned at *5 credits/TB* for exposure, while only https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/supported-file-extensions.html[classifiable] data and malware will be charged at *30 credits/TB* for full scan (exposure, malware, and sensitivity analysis). +* _Freemium_ experience that offers 3 credits per tenant, before you are charged for using the Prisma Cloud Data Security module. When your data exceeds the freemium threshold, you use credits from the Prisma Cloud Enterprise Edition license. You can apply the free 3 credits to 600GB of exposure scanning or 100GB of sensitive and malware scanning, after which the cost will be adjusted based on scan capability. For full scan, all selected data will be scanned at *5 credits/TB* for exposure, while only xref:monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc#supported-file-extensions[classifiable] data and malware will be charged at *30 credits/TB* for full scan (exposure, malware, and sensitivity analysis). + [NOTE] ==== @@ -22,7 +22,7 @@ The default scan quota for each tenant is 1500 credits; this quota allows you to + [NOTE] ==== -Prisma Cloud Data Security needs to read objects stored on your AWS S3 buckets for scanning them. The encryption types supported are—Amazon S3 created and managed keys (SSE-S3), and AMS KMS keys that are AWS Managed or Customer Managed.If you use the AWS Key Management Service with Customer Managed Keys (CMK), when you assign the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/troubleshoot-data-security-errors[correct permissions] to the Prisma Cloud IAM role, Prisma Cloud can scan files in S3 buckets that are encrypted using customer managed encryption keys. +Prisma Cloud Data Security needs to read objects stored on your AWS S3 buckets for scanning them. The encryption types supported are—Amazon S3 created and managed keys (SSE-S3), and AMS KMS keys that are AWS Managed or Customer Managed.If you use the AWS Key Management Service with Customer Managed Keys (CMK), when you assign the xref:troubleshoot-data-security-errors.adoc[correct permissions] to the Prisma Cloud IAM role, Prisma Cloud can scan files in S3 buckets that are encrypted using customer managed encryption keys. ==== @@ -38,7 +38,7 @@ Prisma Cloud Data Security needs to read objects stored on your AWS S3 buckets f + *** The size of .avro, .csv, .json, .ORC, .parquet, and .txt files must be less than 2.5GB. -*** For all other xref:monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc#supported-file-extensions[] file types, the uncompressed file size must be less than 20MB. For example, if the file size is more than 20MB, but was compressed to under 20MB the file will not be successfully scanned. +*** For all other xref:monitor-data-security-scan-prisma-cloud/supported-file-extensions.adoc#supported-file-extensions[supported file] types, the uncompressed file size must be less than 20MB. For example, if the file size is more than 20MB, but was compressed to under 20MB the file will not be successfully scanned. ** For ML-based classification scanning, the file size must be less than 1MB. + @@ -54,7 +54,7 @@ Prisma Cloud Data Security uses Palo Alto Networks’ Enterprise DLP and WildFir ** For malware scanning, the file size must be less than 20MB. -** https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/exposure-evaluation[Exposure Evaluation] for all file types. +** xref:monitor-data-security-scan-prisma-cloud/exposure-evaluation.adoc[Exposure Evaluation] for all file types. + [NOTE] ==== diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/cloud-identity-inventory.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/cloud-identity-inventory.adoc index 782c33f0b6..6dd86e4c35 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/cloud-identity-inventory.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/cloud-identity-inventory.adoc @@ -43,7 +43,7 @@ Resource specific - Lists resources (users) directly attached to the policy and You also have the option to right-size permissions for AWS Groups and Roles. The *Suggest Least Privilege Access* wizard helps you remediate overly permissive access by helping you: * Create a new policy for a Group or Role that includes all the permissions required by its members. -* Repurpose existing policies that already contain the minnimum required permissions for any given Group or Role. +* Repurpose existing policies that already contain the minimum required permissions for any given Group or Role. Follow the steps below to use the *Suggest Least Privilege Access* wizard: diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/create-an-iam-policy.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/create-an-iam-policy.adoc index edbcdd0599..9acaf426e7 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/create-an-iam-policy.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/create-an-iam-policy.adoc @@ -8,7 +8,7 @@ Prisma Cloud provides the ability to create custom IAM policies to fulfill your organization’s IAM requirements. You can build a new IAM policy based on the `config from iam` RQL query and monitor the identities across your cloud environment. [.procedure] -. Select menu:Policies[Add Policy > IAM]. +. Select *Policies > Add Policy > IAM*. . Enter your policy details—*Policy Name* and *Severity*. + diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta.adoc index d197387d25..964e132364 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta.adoc @@ -29,7 +29,7 @@ image::okta-admin-panel.png[scale=30] . Add an administrator role. -.. From the top menu navigate to menu:Security[Administrators]. +.. From the top menu navigate to *Security > Administrators*. .. Click *Add Administrator*. + @@ -47,7 +47,7 @@ image::read-only-admin.png[scale=40] + API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data. -.. From the top menu navigate to menu:Security[API]. +.. From the top menu navigate to *Security > API*. .. Select *Tokens.* @@ -63,7 +63,7 @@ image::create-token-sucessfully.png[scale=50] + After you generate the API token, you can use it to connect your Prisma Cloud account to Okta. -.. In Prisma Cloud navigate to menu:Settings[Integrations]. +.. In Prisma Cloud navigate to *Settings > Integrations*. .. Click *+Add New*. diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/remediate-alerts-for-iam-security.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/remediate-alerts-for-iam-security.adoc index 64c312ca8c..060c81acbc 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/remediate-alerts-for-iam-security.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-iam-security/remediate-alerts-for-iam-security.adoc @@ -1,13 +1,13 @@ [#ide22ea409-a7e8-48a2-914b-17e56f7915ed] == Remediate Alerts for IAM Security -// Manually remediate your IAM security misconfigurations by running CLI commands or automatically remediate overly permissive users with a custom python script. +//Manually remediate your IAM security misconfigurations by running CLI commands or automatically remediate overly permissive users with a custom python script. The IAM security module provides two options for remediating alerts so that you can enforce the principle of least privilege across your AWS, Azure, and GCP environments. You can manually remediate the alerts by copying the AWS, Azure, or GCP CLI commands and then run them in your cloud environment or you can configure a custom python script to automate the remediation steps. [NOTE] ==== -IAM automatic remediation is different from Prisma Cloud automatic remediation. The IAM module does not support the option to enable automatic remediation. Instead, xref:../../alerts/create-an-alert-rule-cloud-infrastructure.adoc[Create an Alert Rule for Run-Time Checks], follow the instructions for configuring a custom python script or configure and run Azure IAM remediation script to manage automatic remediation for IAM alert rules using the messaging queuing service on the respective CSP. +IAM automatic remediation is different from Prisma Cloud automatic remediation. The IAM module does not support the option to enable automatic remediation. Instead, xref:../manage-prisma-cloud-alerts/create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks], follow the instructions for configuring a custom python script or configure and run Azure IAM remediation script to manage automatic remediation for IAM alert rules using the messaging queuing service on the respective CSP. ==== //xref:#id6591319e-c53c-4df5-826f-7fc1b09f0464[Configure and Run AWS IAM Remediation Script] xref:#idb32d1fc5-f705-438f-a798-e9d1a791d96e[Configure and Run Azure IAM Remediation Script] xref:#idddd91dfc-b4d5-43fe-96cf-4b3cc447451d xref:#id2cbf5c9b-62aa-4a95-9340-eeaaf6f07bc4, xref:#ide69e3eac-d058-4804-8d58-8e648893a030, xref:#id54a76b5a-cc02-4394-b2d8-c0a64b17bc3e @@ -36,66 +36,55 @@ The following steps shows how you can manually remediate alerts in AWS. You can [.procedure] . View the existing alerts. + -To view all of the policies that triggered an alert select menu:Alerts[Overview.] +To view all of the policies that triggered an alert select *Alerts > Overview*. -. Click *Add Filter* and select menu:Policy{sp}Type[IAM]. +. Click *Add Filter* and select *Policy Type > IAM*. + -image::administration/iam-security-policy-type.png[] +image::iam-security-policy-type.png[] . Select the violating policy that you want to remediate. + On Prisma Cloud, policies that you can remediate are indicated by the image:remediable-icon.png[] icon. + -image::administration/iam-security-policy-alert.png[] +image::iam-security-policy-alert.png[] . Investigate the policy violations. + In this example we see all the violating resources for this Okta user. Prisma Cloud provides us hints on why the alert was generated, which in this case was a result of an Okta user being able to create another IAM user—this could lead to a potential back door because even if the original Okta user is deleted, they can still log in through the second user. Prisma Cloud also provides recommended steps on how to resolve the policy violation. + -image::administration/iam-security-alert-violating-policy.png[] +image::iam-security-alert-violating-policy.png[] + After a policy violation is triggered, it is sent to the SQS queue. + -image::administration/send-and-receive-messages-1-alert.png[] +image::send-and-receive-messages-1-alert.png[] + In this example the SQS queue shows 1 message which is the alert that was triggered. . Get the remediation steps. + Under the *OPTIONS* column, click *Remediate*. -+ -image::administration/iam-security-remediate-button.png[] .. Copy the CLI commands. + After you click *Remediate* the CLI commands appears in a popup window. + -image::administration/iam-security-cli-commands.png[] +image::iam-security-cli-commands.png[] .. Run the CLI commands on your AWS account. In case of your GCP account, before you run the CLI command, set up remediation for GCP IAM alerts. + After you executed the CLI commands you will have completed the remediation process and the excess privileges will be revoked. The SQS queue will now show 0 messages. + -image::administration/send-and-receive-messages-2-remediation.png[] +image::send-and-receive-messages-2-remediation.png[] -[#id2cbf5c9b-62aa-4a95-9340-eeaaf6f07bc4] +//[#id2cbf5c9b-62aa-4a95-9340-eeaaf6f07bc4] === Set up Automatic Remediation for AWS IAM Alerts -Automate the remediation steps for your AWS IAM alerts with the help of a custom python script which receives an alert via the AWS SQS queue, extracts the alert ID and uses it to call the IAM remediation API, and runs the commands which are provided by the API response. - -* xref:#id2cecf98a-db8f-4a61-9eaf-12171397bd4f[Review Prerequisites for AWS Remediation Script] -* xref:#id6591319e-c53c-4df5-826f-7fc1b09f0464[Configure and Run AWS IAM Remediation Script] - - -[#id2cecf98a-db8f-4a61-9eaf-12171397bd4f] -==== Review Prerequisites for AWS Remediation Script - -Complete the following prerequisites so that you can set up everything you need to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. +Automate the remediation steps for your AWS IAM alerts with the help of a custom python script which receives an alert via the AWS SQS queue, extracts the alert ID and uses it to call the IAM remediation API, and runs the commands which are provided by the API response. Complete the following prerequisites to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. -* xref:../../administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs.adoc[Integrate Prisma Cloud with Amazon SQS]—This is an AWS service that allows you to send, store, and receive messages between AWS and Prisma Cloud. +* xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs.adoc[Integrate Prisma Cloud with Amazon SQS]—This is an AWS service that allows you to send, store, and receive messages between AWS and Prisma Cloud. -* Create xref:../..alerts/create-an-alert-rule-cloud-infrastructure.adoc[alert rules] and set up xref:../..alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc[alert notifications] to Amazon SQS. All alerts triggered for the IAM policy you selected will be sent to the SQS queue. +* Create xref:../manage-prisma-cloud-alerts/create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[alert rules] and set up xref:../manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc[alert notifications] to Amazon SQS. All alerts triggered for the IAM policy you selected will be sent to the SQS queue. [.task] @@ -184,9 +173,9 @@ for message in all_messages: . Install the third party libraries. + -This script uses a total of five python libraries. Three of the libraries: varname:[json], varname:[os], and varname:[subprocess] are part of the python core which allows you to import them into your programs after you install python. The other two libraries are varname:[boto3] and varname:[requests] which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called varname:[pip], which can install 3rd party libraries and frameworks via the command line. +This script uses a total of five python libraries. Three of the libraries:`json`, `os`, and `subprocess` are part of the python core which allows you to import them into your programs after you install python. The other two libraries are `boto3` and `requests` which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called `pip`, which can install 3rd party libraries and frameworks via the command line. -.. Install varname:[boto3]. +.. Install `boto3`. + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + @@ -197,7 +186,7 @@ pip install boto3 This is the AWS SDK for python that allows you to create, configure, and manage AWS services such as SQS. ==== -.. Install varname:[requests]. +.. Install `requests`. + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + @@ -212,30 +201,30 @@ Requests is a third party library for making simple HTTP requests. + You will need to specify these variables in the python script to customize settings and run the commands provided by the API response. Review the environment variables and their values below: + -* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, varname:[Queue2_Policy_UUID]. -* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the varname:[API_ENDPOINT] will be varname:[api]. -* tt:[varname:[DEBUG\]] - Displays the debug logs for your script which is enabled by default. -* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as varname:[123456789012], that uniquely identifies an AWS account. A user could have multiple account numbers. +* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, `Queue2_Policy_UUID`. +* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the `API_ENDPOINT` will be `api`. +* `DEBUG\`- Displays the debug logs for your script which is enabled by default. +* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as `123456789012`, that uniquely identifies an AWS account. A user could have multiple account numbers. * AUTH_KEY - Your JWT authentication token string (x-redlock-auth). See the https://pan.dev/prisma-cloud/api/cspm/[API reference] for more details. + These are mandatory variables to specify in the python script to run the commands provided by the API response and to customize the settings. + tt:[Optional (mac/linux only)]—Use the export command to set your environment variables. + -If you’re not familiar with python and don’t want to edit the script then you can use the varname:[export] command to set the environment variables. Here’s the syntax for doing so: +If you’re not familiar with python and don’t want to edit the script then you can use the `export` command to set the environment variables. Here’s the syntax for doing so: + -* screen:[% export API_ENDPOINT=api_tenant] -* screen:[% export YOUR_ACCOUNT_NUMBER=123456789] -* screen:[% export SQS_QUEUE_NAME=your_sqs_queue_name ] -* screen:[% export YOUR_ACCOUNT_NUMBER=123456789] -* screen:[% export AUTH_KEY=your_jwt_token] -* screen:[% python script.py] +* % export API_ENDPOINT=api_tenant +* % export YOUR_ACCOUNT_NUMBER=123456789 +* % export SQS_QUEUE_NAME=your_sqs_queue_name +* % export YOUR_ACCOUNT_NUMBER=123456789 +* % export AUTH_KEY=your_jwt_token +* % python script.py + The following instructions can be executed on any operating system that has python installed. For example, Windows, macOS, and Linux. + -.. tt:[Edit varname:[DEBUG\]]. +.. `[DEBUG\]`. + -varname:[DEBUG] is enabled or set to varname:[True] by default. To disable logs, update the code snippet as follow: +`DEBUG` is enabled or set to `True` by default. To disable logs, update the code snippet as follow: + ---- if os.environ['DEBUG'] = False: @@ -243,7 +232,7 @@ if os.environ['DEBUG'] = False: .. Edit YOUR_ACCOUNT_NUMBER. + -Replace varname:[YOUR_ACCOUNT_NUMBER] with the 12-digit account ID. The portion of the script to modify is: +Replace `YOUR_ACCOUNT_NUMBER` with the 12-digit account ID. The portion of the script to modify is: + ---- account_number_to_profile = { 'YOUR_ACCOUNT_NUMBER_1': 'YOUR_ACCOUNT_NAME_1', 'YOUR_ACCOUNT_NUMBER_2': 'YOUR_ACCOUNT_NAME_2'} @@ -257,15 +246,15 @@ account_number_to_profile = {'123456789123': 'default','512478725627': 'user1'} .. Edit API_ENDPOINT. + -Replace varname:[API_ENDPOINT] with the Prisma Cloud tenant sub domain that you’re using. The portion of the script to modify is: +Replace `API_ENDPOINT` with the Prisma Cloud tenant sub domain that you’re using. The portion of the script to modify is: + ---- url=f'{os.environ["API_ENDPOINT"]}/api/v1/permission/alert/remediation' ---- + -For example, replace varname:[API_ENDPOINT] with varname:[app,] varname:[app2], varname:[app3], or varname:[app.gov]. +For example, replace `API_ENDPOINT` with `app`, `app2`, `app3`, or `app.gov`. -.. Edit the varname:[SQS_QUEUE_NAME]. +.. Edit the `SQS_QUEUE_NAME`. + This stores the value of your queue name. The portion of the script to modify is: + @@ -273,7 +262,7 @@ This stores the value of your queue name. The portion of the script to modify is queue = sqs.get_queue_by_name(QueueName=os.environ['SQS_QUEUE_NAME']) ---- + -Replace varname:[SQS_QUEUE_NAME] with the name of your actual queue—for example, if varname:[Queue2_Policy_UUID] is the name of your queue, then the code snippet will be updated as follow: +Replace `SQS_QUEUE_NAME` with the name of your actual queue—for example, if `Queue2_Policy_UUID` is the name of your queue, then the code snippet will be updated as follow: + ---- queue = sqs.get_queue_by_name(QueueName=os.environ['Queue2_Policy_UUID']) @@ -281,13 +270,13 @@ queue = sqs.get_queue_by_name(QueueName=os.environ['Queue2_Policy_UUID']) .. Edit the AUTH_KEY. + -Generate a JWT token and replace the value in varname:[AUTH_KEY] of the python script. The portion of the script to modify is as follows: +Generate a JWT token and replace the value in `AUTH_KEY` of the python script. The portion of the script to modify is as follows: + ---- 'x-redlock-auth': os.environ['AUTH_KEY'] ---- + -Replace varname:[AUTH_KEY] with the JWT token that you generated. +Replace `AUTH_KEY` with the JWT token that you generated. . View the remediation results. + @@ -361,22 +350,13 @@ running the CLI commands Deleting message ---- + -The output shows that we’re processing an alert for a resource named varname:[test-resource] which should now be gone when we view *Alerts*. The CLI commands for executing the remediation steps are shown in the output; these commands are automatically executed on your behalf by the python script. A new policy will be created in AWS that removes the excess permissions of the user. +The output shows that we’re processing an alert for a resource named `test-resource` which should now be gone when we view *Alerts*. The CLI commands for executing the remediation steps are shown in the output; these commands are automatically executed on your behalf by the python script. A new policy will be created in AWS that removes the excess permissions of the user. -[#ide69e3eac-d058-4804-8d58-8e648893a030] +//[#ide69e3eac-d058-4804-8d58-8e648893a030] === Set up Automatic Remediation for Azure IAM Alerts -Automate the remediation steps for your IAM Azure alerts with the help of a custom python script—the script reads in the Azure Bus queue, collects alerts, and then goes into Azure and executes the CLI remediation steps. - -* xref:#id9d092285-2b15-4fb4-acba-0f6e3defdeb8[Review Prerequisites for Azure Remediation Script] -* xref:#idb32d1fc5-f705-438f-a798-e9d1a791d96e[Configure and Run Azure IAM Remediation Script] - - -[#id9d092285-2b15-4fb4-acba-0f6e3defdeb8] -==== Review Prerequisites for Azure Remediation Script - -Complete the following prerequisites so that you can set up everything you need to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. +Automate the remediation steps for your IAM Azure alerts with the help of a custom python script—the script reads in the Azure Bus queue, collects alerts, and then goes into Azure and executes the CLI remediation steps. Complete the following prerequisites to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. * Integrate Prisma Cloud with Azure Serve Bus—This is an Azure service that allows you to send, store, and receive messages between Azure and Prisma Cloud. Follow the steps to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue[Integrate Prisma Cloud with Azure Service Bus]. @@ -475,13 +455,13 @@ def get_messages_from_queue(): . Install the third party libraries. + -This script uses a total of five python libraries. Three of the libraries: varname:[subprocess], varname:[logging], and varname:[json] are part of the python core which allows you to import them into your programs after you install python. The other two libraries are varname:[requests] and varname:[azure.servicebus] which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called varname:[pip], which can install third party libraries and frameworks through the command line. +This script uses a total of five python libraries. Three of the libraries: `subprocess`, `logging`, and `json` are part of the python core which allows you to import them into your programs after you install python. The other two libraries are `requests` and `azure.servicebus` which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called `pip`, which can install third party libraries and frameworks through the command line. .. Install requests. + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + -userinput:[pip install requests] +`pip install requests` + [NOTE] ==== @@ -492,34 +472,34 @@ Requests is a third party library for making simple HTTP requests + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + -userinput:[pip install azure.servicebus] +`pip install azure.servicebus` + [NOTE] ==== -varname:[azure.servicebus] is a client library for python to communicate between applications and services and implement asynchronous messaging patterns. +`azure.servicebus` is a client library for python to communicate between applications and services and implement asynchronous messaging patterns. ==== . Edit the environment variables. + You will need to specify these variables in the python script to customize settings and run the commands provided by the API response. Review the environment variables and their values below: + -* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, varname:[Queue2_Policy_UUID]. -* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the varname:[API_ENDPOINT] will be varname:[api]. -* tt:[varname:[DEBUG\]] - Displays the debug logs for your script which is enabled by default. -* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as varname:[123456789012], that uniquely identifies an AWS account. A user could have multiple account numbers. +* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, `Queue2_Policy_UUID`. +* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the API_ENDPOINT will be `api`. +* DEBUG\ - Displays the debug logs for your script which is enabled by default. +* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as `123456789012`, that uniquely identifies an AWS account. A user could have multiple account numbers. * AUTH_KEY - Your JWT authentication token string (x-redlock-auth). See the https://pan.dev/prisma-cloud/api/cspm/[API reference] for more details. + These are mandatory variables to specify in the python script to run the commands provided by the API response and to customize the settings. + tt:[Optional (mac/linux only)]—Use the export command to set your environment variables. + -If you’re not familiar with python and don’t want to edit the script then you can use the varname:[export] command to set the environment variables. Here’s the syntax for doing so: +If you’re not familiar with python and don’t want to edit the script then you can use the `export` command to set the environment variables. Here’s the syntax for doing so: + -* screen:[% export SB_QUEUE_KEY=your_sb_queue_key] -* screen:[% export SB_QUEUE_KEY_NAME=your_sb_queue_key_name] -* screen:[% export SB_QUEUE_NAME_SPACE=your_sb_queue_name_space] -* screen:[% export API_ENDPOINT=api_tenant] -* screen:[% export AUTH_KEY=your_jwt_token] +* % export SB_QUEUE_KEY=your_sb_queue_key +* % export SB_QUEUE_KEY_NAME=your_sb_queue_key_name +* % export SB_QUEUE_NAME_SPACE=your_sb_queue_name_space +* % export API_ENDPOINT=api_tenant +* % export AUTH_KEY=your_jwt_token + The following instructions can be executed on any operating system that has python installed. For example, Windows, macOS, and Linux. + @@ -557,7 +537,7 @@ Prisma Cloud leverages the https://cloud.google.com/iam/docs/deny-overview[Deny ==== [.procedure] -. *Add Filter* and select menu:Policy{sp}Type[IAM] and menu:Cloud{sp}Type[GCP]. +. *Add Filter* and select *Policy Type > IAM* and *Cloud Type > GCP*. . Select the violating policy that you want to remediate. @@ -571,7 +551,7 @@ Under the *OPTIONS* column, click *Remediate*. + After you click *Remediate* the CLI commands appears in a popup window. + -image::administration/iam-security-gcp-remediate1.png[] +image::iam-security-gcp-remediate1.png[] .. Run the CLI commands on your GCP account. Before you run the CLI command, see https://cloud.google.com/iam/docs/deny-overview[Deny Policies]. + diff --git a/docs/en/classic/cspm-admin-guide/prisma-cloud-network-security/create-a-network-policy.adoc b/docs/en/classic/cspm-admin-guide/prisma-cloud-network-security/create-a-network-policy.adoc index 7e8b0fa4b2..a85e0b329c 100644 --- a/docs/en/classic/cspm-admin-guide/prisma-cloud-network-security/create-a-network-policy.adoc +++ b/docs/en/classic/cspm-admin-guide/prisma-cloud-network-security/create-a-network-policy.adoc @@ -8,7 +8,7 @@ You have the ability to create network exposure policies based on your organization’s requirements. You can build a new network exposure policy based on the `config from network where` RQL query to monitor the network exposure of an asset across your cloud environment. [.procedure] -. Select menu:Policies[Add Policy > Network]. +. Select *Policies > Add Policy > Network*. . Enter your policy details. diff --git a/docs/en/classic/rql-reference/rql-reference/config-query/config-query-attributes.adoc b/docs/en/classic/rql-reference/rql-reference/config-query/config-query-attributes.adoc index a7d489afb6..93f6e868b4 100644 --- a/docs/en/classic/rql-reference/rql-reference/config-query/config-query-attributes.adoc +++ b/docs/en/classic/rql-reference/rql-reference/config-query/config-query-attributes.adoc @@ -176,7 +176,7 @@ or, config from cloud.resource where api.name= 'azure-network-nsg-list' AND json.rule = securityRules[?any(access equals Allow and direction equals Inbound and sourceAddressPrefix equals Internet and (protocol equals Udp or protocol equals *) and destinationPortRange contains _Port.inRange(137,137) )] exists] ---- + -, or +or, + ---- config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissionsEgress[?any( toPort greater than 22 and ipv4Ranges[?any( cidrIp does not contain "0.0" )] exists )] exists ] @@ -207,7 +207,7 @@ When `resource.status` is not specified in the query, use the *Resource Explorer + Use the `tag` attribute to find all resources that have a specific tag name or value. The operators available with `config from cloud.resource where tag` include `('key') = 'value'` , `All` , `Any` , `tag('key') EXISTS` , `tag('key') in ('value1', 'value2', 'value3')` , and the negations !=, does not Exist, not in. + -After you define a `tag` in menu:Settings[Resource List], you can reference the tag value or key in a config query. The supported operators are `is member of` , `is not member of` , `intersects` , and `does not intersect` . Use curly braces to use them in a JSON rule: +After you define a `tag` in *Settings > Resource List*, you can reference the tag value or key in a config query. The supported operators are `is member of` , `is not member of` , `intersects` , and `does not intersect` . Use curly braces to use them in a JSON rule: + ---- config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*].key is member of {'Resource List'.keys} diff --git a/docs/en/classic/rql-reference/rql-reference/network-query/network-flow-log-query-attributes.adoc b/docs/en/classic/rql-reference/rql-reference/network-query/network-flow-log-query-attributes.adoc index c4ef22c848..045b986641 100644 --- a/docs/en/classic/rql-reference/rql-reference/network-query/network-flow-log-query-attributes.adoc +++ b/docs/en/classic/rql-reference/rql-reference/network-query/network-flow-log-query-attributes.adoc @@ -73,7 +73,7 @@ Use the `Source.publicnetwork` and `dest.publicnetwork` attributes to query for + [NOTE] ==== -You can also define your own network with a set of IP addresses/CIDRs to see traffic from/to your internal public [non-RFC1918] networks and use them in network RQL query. If you belong to the System Admin permission group, you can set it up in menu:Settings[Trusted IP Addresses], for details refer to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html[trusted IP addresses]. +You can also define your own network with a set of IP addresses/CIDRs to see traffic from/to your internal public [non-RFC1918] networks and use them in network RQL query. If you belong to the System Admin permission group, you can set it up in *Settings > Trusted IP Addresses*, for details refer to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html[trusted IP addresses]. ==== + For example, you can view traffic on the destination port 3389 and that are classified as internet IPs or suspicious IPs: diff --git a/docs/en/compute-edition/22-12/admin-guide/install/system-requirements.adoc b/docs/en/compute-edition/22-12/admin-guide/install/system-requirements.adoc index f0577e6000..687c28ee59 100644 --- a/docs/en/compute-edition/22-12/admin-guide/install/system-requirements.adoc +++ b/docs/en/compute-edition/22-12/admin-guide/install/system-requirements.adoc @@ -793,7 +793,7 @@ Prisma Cloud supports the latest versions of Chrome, Safari, and Edge. For Microsoft Edge, only the new Chromium-based version (80.0.361 and later) is supported. -[cortex-xdr] +[#cortex-xdr] === Cortex XDR Prisma Cloud Defenders can work alongside Cortex XDR agents. diff --git a/docs/en/compute-edition/30/admin-guide/install/system-requirements.adoc b/docs/en/compute-edition/30/admin-guide/install/system-requirements.adoc index dc156351aa..fcd47af1d5 100644 --- a/docs/en/compute-edition/30/admin-guide/install/system-requirements.adoc +++ b/docs/en/compute-edition/30/admin-guide/install/system-requirements.adoc @@ -335,7 +335,7 @@ Prisma Cloud supports the latest versions of Chrome, Safari, and Edge. For Microsoft Edge, only the new Chromium-based version (80.0.361 and later) is supported. -[cortex-xdr] +[#cortex-xdr] === Cortex XDR Prisma Cloud Defenders can work alongside Cortex XDR agents. diff --git a/docs/en/compute-edition/31/admin-guide/compliance/detect-secrets.adoc b/docs/en/compute-edition/31/admin-guide/compliance/detect-secrets.adoc index b3901ff14a..8ed2ed0ab7 100644 --- a/docs/en/compute-edition/31/admin-guide/compliance/detect-secrets.adoc +++ b/docs/en/compute-edition/31/admin-guide/compliance/detect-secrets.adoc @@ -67,14 +67,14 @@ Agentless scanning detects sensitive information inside files in your hosts and ==== Compliance Check ID 456 -This check detects secrets inside your hosts' filesystem. -By default, Prisma Cloud alerts you that a secret was detected in a host. +This check detects secrets inside your container images' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a container image. Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. ==== Compliance Check ID 457 -This check detects secrets inside your container images' filesystem. -By default, Prisma Cloud alerts you that a secret was detected in a container image. +This check detects secrets inside your hosts' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a host. Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. [#detected-secrets] diff --git a/docs/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc b/docs/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc index 4a66bb8011..7a154a5081 100644 --- a/docs/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc +++ b/docs/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc @@ -187,6 +187,11 @@ The available resources for scope are: . Click *Apply Defense*. + -NOTE: By default, the serverless auto-defend rules are evaluated every 24 hours. -+ -NOTE: When a rule is deleted, the new set of rules is evaluated and applied *immediately*. +[NOTE] +==== +Auto Defending a serverless function adds runtime protection to it, and the defended function is indicated by a green defended icon in the list view under *Monitor > Vulnerabilities > Functions*. Refer to xref:../../../vulnerability-management/scan-serverless-functions.adoc[Serverless Functions Scanning]. + +By default, the serverless auto-defend rules are evaluated every 24 hours. + +When a rule is deleted, the new set of rules is evaluated and applied *immediately*. +==== \ No newline at end of file diff --git a/docs/en/compute-edition/31/admin-guide/install/system-requirements.adoc b/docs/en/compute-edition/31/admin-guide/install/system-requirements.adoc index 67f9324a57..4856ad57cc 100644 --- a/docs/en/compute-edition/31/admin-guide/install/system-requirements.adoc +++ b/docs/en/compute-edition/31/admin-guide/install/system-requirements.adoc @@ -163,8 +163,7 @@ Refer to the the Linux capabilities https://man7.org/linux/man-pages/man7/capabi [NOTE] ==== -* The Prisma Cloud App-Embedded Defender requires CAP_SYS_PTRACE only. -* If you have enabled the CNNS capabilities and are on v4.15.x kernel you must upgrade the kernel version to v5.4.x or later. +The Prisma Cloud App-Embedded Defender requires CAP_SYS_PTRACE only. ==== When running on a Docker host, Prisma Cloud Defender uses the following files/folder on the host: @@ -336,7 +335,7 @@ Prisma Cloud supports the latest versions of Chrome, Safari, and Edge. For Microsoft Edge, only the new Chromium-based version (80.0.361 and later) is supported. -[cortex-xdr] +[#cortex-xdr] === Cortex XDR Prisma Cloud Defenders can work alongside Cortex XDR agents. diff --git a/docs/en/compute-edition/31/admin-guide/secrets/secrets-manager.adoc b/docs/en/compute-edition/31/admin-guide/secrets/secrets-manager.adoc index 33c4f59d73..0b4eaf8e6d 100644 --- a/docs/en/compute-edition/31/admin-guide/secrets/secrets-manager.adoc +++ b/docs/en/compute-edition/31/admin-guide/secrets/secrets-manager.adoc @@ -13,11 +13,10 @@ Utilizing the orchestrator’s built-in secrets management capabilities when you It undermines the principal benefit of a secrets store, which is managing all sensitive data in a single location. -=== Theory of operation +=== Theory of Operation When a user or orchestrator starts a container, Defender injects the secrets you specify into the container. -In order for secret injection to work, all Docker commands must be routed through Defender, so be sure to download your client certs and setup your environment variables under *Manage > Authentication > User Certificates*. - +In order for secret injection to work, all Docker commands must be routed through Defender. Refer to xref:inject-secrets.adoc[Inject Secrets into Containers]. There are several moving parts in the solution: image::secrets_manager_791688.png[width=400] diff --git a/docs/en/compute-edition/31/admin-guide/technology-overviews/radar.adoc b/docs/en/compute-edition/31/admin-guide/technology-overviews/radar.adoc index b0ab53875e..e321533274 100644 --- a/docs/en/compute-edition/31/admin-guide/technology-overviews/radar.adoc +++ b/docs/en/compute-edition/31/admin-guide/technology-overviews/radar.adoc @@ -39,6 +39,9 @@ The map tells you what services are running in which data centers, which service Select a marker on the map to see details about the services deployed in the account/region. You can directly secure both the registries and the serverless functions by selecting *Defend* next to them. +NOTE: *Radar > Cloud* shows the serverless functions as undefended until the functions are not scanned for vulnerabilities, regardless of auto defend status. +Add a *Defend > Vulnerabilities > Functions > Functions* rule to trigger a scan on the relevant functions and the Radar will then show the previously undefended functions as defended. + image::radar_cloud_pivot.png[scale=15] You can filter the data based on an entity to narrow down your search. diff --git a/docs/en/compute-edition/31/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc b/docs/en/compute-edition/31/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc index 219d5b3368..8ffab5ecf9 100644 --- a/docs/en/compute-edition/31/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc +++ b/docs/en/compute-edition/31/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc @@ -97,7 +97,7 @@ The type of applications supported in the IS are: * BusyBox * Consul * CRI-O -* Docker +* Docker Enterprise * GO * Istio * OMI diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/2020-12-02_08-26-01.jpg b/docs/en/compute-edition/32/admin-guide/_graphics/2020-12-02_08-26-01.jpg new file mode 100644 index 0000000000..d66f8138de Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/2020-12-02_08-26-01.jpg differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/CNAF-architecture.png b/docs/en/compute-edition/32/admin-guide/_graphics/CNAF-architecture.png new file mode 100644 index 0000000000..d2da68ab67 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/CNAF-architecture.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/IBM_Credential.png b/docs/en/compute-edition/32/admin-guide/_graphics/IBM_Credential.png new file mode 100644 index 0000000000..2d963f8944 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/IBM_Credential.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_1.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_1.png new file mode 100644 index 0000000000..8520f51110 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_10.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_10.png new file mode 100644 index 0000000000..6a4a9836b1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_10.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_11.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_11.png new file mode 100644 index 0000000000..d5bf42cb72 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_11.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_12.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_12.png new file mode 100644 index 0000000000..534e37979f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_12.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_13.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_13.png new file mode 100644 index 0000000000..cebef6be4e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_13.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_14.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_14.png new file mode 100644 index 0000000000..b0251a7022 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_14.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_15.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_15.png new file mode 100644 index 0000000000..f32a2ebb09 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_15.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_2.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_2.png new file mode 100644 index 0000000000..6dcef5eba9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_3.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_3.png new file mode 100644 index 0000000000..1b690704d0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_4.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_4.png new file mode 100644 index 0000000000..b873dc8fab Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_4.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_5.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_5.png new file mode 100644 index 0000000000..6308e12196 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_5.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_6.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_6.png new file mode 100644 index 0000000000..2c6510850c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_6.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_7.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_7.png new file mode 100644 index 0000000000..4e8e681259 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_7.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_8.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_8.png new file mode 100644 index 0000000000..1e040ac994 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_8.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_9.png b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_9.png new file mode 100644 index 0000000000..e95bcac768 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aad_saml_20210728_9.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/access_keys_list.png b/docs/en/compute-edition/32/admin-guide/_graphics/access_keys_list.png new file mode 100644 index 0000000000..362353f3b2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/access_keys_list.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/access_keys_path_to_console.png b/docs/en/compute-edition/32/admin-guide/_graphics/access_keys_path_to_console.png new file mode 100644 index 0000000000..766b753d11 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/access_keys_path_to_console.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/add-an-app-vpc-traffic-mirroring.png b/docs/en/compute-edition/32/admin-guide/_graphics/add-an-app-vpc-traffic-mirroring.png new file mode 100644 index 0000000000..3e81ef1402 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/add-an-app-vpc-traffic-mirroring.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/add-aws-sqs-integration.png b/docs/en/compute-edition/32/admin-guide/_graphics/add-aws-sqs-integration.png new file mode 100644 index 0000000000..1b5e62bb9f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/add-aws-sqs-integration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_1.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_1.png new file mode 100644 index 0000000000..b360ba03d3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_10.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_10.png new file mode 100644 index 0000000000..1604f8c25c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_10.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_11.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_11.png new file mode 100644 index 0000000000..ab00a069f5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_11.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_12.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_12.png new file mode 100644 index 0000000000..3e214aa015 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_12.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_13.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_13.png new file mode 100644 index 0000000000..3973cf4e82 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_13.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_2.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_2.png new file mode 100644 index 0000000000..91f11dbd17 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_3.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_3.png new file mode 100644 index 0000000000..a568d03ec6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_4.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_4.png new file mode 100644 index 0000000000..756e7e9684 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_4.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_5.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_5.png new file mode 100644 index 0000000000..3b7b09f894 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_5.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_6.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_6.png new file mode 100644 index 0000000000..6fac08e1cf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_6.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_7.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_7.png new file mode 100644 index 0000000000..fd1b24a688 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_7.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_8.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_8.png new file mode 100644 index 0000000000..9bbc536a6b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_8.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_9.png b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_9.png new file mode 100644 index 0000000000..221821aec0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/adfs_saml_9.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/admin_activity_audit_trail_diff.png b/docs/en/compute-edition/32/admin-guide/_graphics/admin_activity_audit_trail_diff.png new file mode 100644 index 0000000000..e9c8563c27 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/admin_activity_audit_trail_diff.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/admin_activity_audit_trail_diffs.png b/docs/en/compute-edition/32/admin-guide/_graphics/admin_activity_audit_trail_diffs.png new file mode 100644 index 0000000000..88a57c7c3d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/admin_activity_audit_trail_diffs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-add-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-add-account.png new file mode 100644 index 0000000000..6abfe7d92a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-add-account.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-aws-pcee-advanced-settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-advanced-settings.png similarity index 100% rename from docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-aws-pcee-advanced-settings.png rename to docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-advanced-settings.png diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-configure-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-configure-account.png new file mode 100644 index 0000000000..7592444e39 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-configure-account.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-get-started.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-get-started.png new file mode 100644 index 0000000000..1acb19a5e6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-aws-pcee-get-started.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-cloud-discovery.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-cloud-discovery.png new file mode 100644 index 0000000000..6c454f6b83 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-cloud-discovery.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-account-details.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-account-details.png new file mode 100644 index 0000000000..2b2663805b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-account-details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-add-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-add-account.png new file mode 100644 index 0000000000..3099425640 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-add-account.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-azure-pcee-configure-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-configure-account.png similarity index 100% rename from docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-azure-pcee-configure-account.png rename to docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-configure-account.png diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-get-started.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-get-started.png new file mode 100644 index 0000000000..524999567a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-pcee-get-started.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-scan-config-basic.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-scan-config-basic.png new file mode 100644 index 0000000000..41af27b9d6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-azure-scan-config-basic.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-cloud-providers.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-cloud-providers.png new file mode 100644 index 0000000000..331be27c10 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-cloud-providers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-aws.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-aws.png new file mode 100644 index 0000000000..6a9228b31b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-aws.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-azure.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-azure.png new file mode 100644 index 0000000000..aaa8fdd1d1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-azure.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-bulk.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-bulk.png new file mode 100644 index 0000000000..cfc6bbf427 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-bulk.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-gcp.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-gcp.png new file mode 100644 index 0000000000..d0977bf085 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-configuration-gcp.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-account-config.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-account-config.png new file mode 100644 index 0000000000..b9a283bfd7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-account-config.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-gcp-advanced-settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-advanced-settings.png similarity index 100% rename from docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-gcp-advanced-settings.png rename to docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-advanced-settings.png diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-more-menu.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-more-menu.png new file mode 100644 index 0000000000..6b41009140 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-more-menu.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-account-details.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-account-details.png new file mode 100644 index 0000000000..67e3bf0e55 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-account-details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-advanced-settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-advanced-settings.png new file mode 100644 index 0000000000..55bca672b7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-advanced-settings.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-configure-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-configure-account.png new file mode 100644 index 0000000000..c36b052293 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-configure-account.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-get-started.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-get-started.png new file mode 100644 index 0000000000..1da1b6908b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-gcp-pcee-get-started.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-interval.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-interval.png new file mode 100644 index 0000000000..af1ea40911 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-interval.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-manage-cloud-accounts-pcee.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-manage-cloud-accounts-pcee.png new file mode 100644 index 0000000000..580d2d51ae Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-manage-cloud-accounts-pcee.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-manage-cloud-accounts.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-manage-cloud-accounts.png new file mode 100644 index 0000000000..814a0ce438 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-manage-cloud-accounts.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-fingerprint.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-fingerprint.png new file mode 100644 index 0000000000..94d5b9c7b6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-fingerprint.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-name.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-name.png new file mode 100644 index 0000000000..05ccd551e6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-name.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-next.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-next.png new file mode 100644 index 0000000000..e676fc3cf9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-next.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-private-key.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-private-key.png new file mode 100644 index 0000000000..6be676d2b9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-private-key.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-tenancy.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-tenancy.png new file mode 100644 index 0000000000..5dc2e0937d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-tenancy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-user.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-user.png new file mode 100644 index 0000000000..94309b8a17 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration-user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration.png new file mode 100644 index 0000000000..7a44f178a3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-account-configuration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-account.png new file mode 100644 index 0000000000..0d2c7946f8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-account.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-api-key.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-api-key.png new file mode 100644 index 0000000000..331206a67e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-api-key.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-key-button.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-key-button.png new file mode 100644 index 0000000000..d353bfae45 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-add-key-button.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-oci-agentless-advanced-settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-advanced-settings.png similarity index 100% rename from docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-oci-agentless-advanced-settings.png rename to docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-advanced-settings.png diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-add-account.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-add-account.png new file mode 100644 index 0000000000..28f554027c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-add-account.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-compartment.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-compartment.png new file mode 100644 index 0000000000..3e3eb7c9cd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-compartment.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-download-template.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-download-template.png new file mode 100644 index 0000000000..2606aaa33c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-download-template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-url.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-url.png new file mode 100644 index 0000000000..9f4069e346 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-agentless-configuration-url.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-api-keys.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-api-keys.png new file mode 100644 index 0000000000..5699ed7400 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-api-keys.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-cloud-shell.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-cloud-shell.png new file mode 100644 index 0000000000..fae77f3b3e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-cloud-shell.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview-close.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview-close.png new file mode 100644 index 0000000000..00166bb347 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview-close.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview-fields.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview-fields.png new file mode 100644 index 0000000000..4e825fa44f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview-fields.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview.png new file mode 100644 index 0000000000..3f46b3deb3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-configuration-file-preview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-compartments-name.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-compartments-name.png new file mode 100644 index 0000000000..8529db26c3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-compartments-name.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-compartments.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-compartments.png new file mode 100644 index 0000000000..5462b3a6b5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-compartments.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user-button.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user-button.png new file mode 100644 index 0000000000..271fb5ad1c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user-button.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user-fields.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user-fields.png new file mode 100644 index 0000000000..fc98e6d0c2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user-fields.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user.png new file mode 100644 index 0000000000..ee8a09de71 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-create-user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-download-private-key.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-download-private-key.png new file mode 100644 index 0000000000..bd61cb9885 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-download-private-key.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-home.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-home.png new file mode 100644 index 0000000000..8a1c247242 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-home.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu-compartments.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu-compartments.png new file mode 100644 index 0000000000..cd382832d5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu-compartments.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu-users.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu-users.png new file mode 100644 index 0000000000..76049127a8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu-users.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu.png new file mode 100644 index 0000000000..6320f4cf2b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-id-menu.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-upload-file.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-upload-file.png new file mode 100644 index 0000000000..f70f26b32b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-upload-file.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-user.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-user.png new file mode 100644 index 0000000000..4e1b0c0781 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-oci-user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-pcee-assign-groups.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-pcee-assign-groups.png new file mode 100644 index 0000000000..7b35c0e6b1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-pcee-assign-groups.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-pcee-security-capabilities.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-pcee-security-capabilities.png new file mode 100644 index 0000000000..edbacc1073 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-pcee-security-capabilities.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-permission-templates.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-permission-templates.png new file mode 100644 index 0000000000..6083d650ac Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-permission-templates.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-hub-account-mode.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-hub-account-mode.png new file mode 100644 index 0000000000..6f7eb223f3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-hub-account-mode.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-max-number-of-scanners.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-max-number-of-scanners.png new file mode 100644 index 0000000000..217a90c5c8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-max-number-of-scanners.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-same-account-mode.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-same-account-mode.png new file mode 100644 index 0000000000..36dc72124a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-scanning-same-account-mode.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-start-scan-button.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-start-scan-button.png new file mode 100644 index 0000000000..21109b0dc1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-start-scan-button.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-start-scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-start-scan.png new file mode 100644 index 0000000000..2e3947da3f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-start-scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless-stop-scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-stop-scan.png new file mode 100644 index 0000000000..b0a5de3b3d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless-stop-scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_cloud.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_cloud.png new file mode 100644 index 0000000000..7aa05a2075 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_cloud.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_compex.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_compex.png new file mode 100644 index 0000000000..9cbd527858 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_compex.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_compliance.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_compliance.png new file mode 100644 index 0000000000..82d6aef653 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_compliance.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_pendingOS.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_pendingOS.png new file mode 100644 index 0000000000..275a16b6fb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_pendingOS.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_preflight.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_preflight.png new file mode 100644 index 0000000000..33f13a7e29 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_preflight.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_results.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_results.png new file mode 100644 index 0000000000..7326b30e20 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_results.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_scan_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_scan_config.png new file mode 100644 index 0000000000..924388afbb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_scan_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/agentless_scan_config2.png b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_scan_config2.png new file mode 100644 index 0000000000..c2507d943a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/agentless_scan_config2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aks_install_azure_disk.png b/docs/en/compute-edition/32/admin-guide/_graphics/aks_install_azure_disk.png new file mode 100644 index 0000000000..7a908c20e2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aks_install_azure_disk.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aks_install_azure_disk_results.png b/docs/en/compute-edition/32/admin-guide/_graphics/aks_install_azure_disk_results.png new file mode 100644 index 0000000000..c3dbbbd387 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aks_install_azure_disk_results.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert-message-awssqs-json-body.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert-message-awssqs-json-body.png new file mode 100644 index 0000000000..7f931a461e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert-message-awssqs-json-body.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert-message-in-aws-sqs.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert-message-in-aws-sqs.png new file mode 100644 index 0000000000..5935b86112 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert-message-in-aws-sqs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert-profile-aws-sqs.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert-profile-aws-sqs.png new file mode 100644 index 0000000000..f788ff32b5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert-profile-aws-sqs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert-trigger-profile.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert-trigger-profile.png new file mode 100644 index 0000000000..377cf93c03 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert-trigger-profile.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert_labels.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert_labels.png new file mode 100644 index 0000000000..eb20e5c8fa Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert_labels.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert_labels_audit.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert_labels_audit.png new file mode 100644 index 0000000000..2823370d0a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert_labels_audit.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert_profiles.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert_profiles.png new file mode 100644 index 0000000000..b9acb9b580 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert_profiles.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alert_providers.png b/docs/en/compute-edition/32/admin-guide/_graphics/alert_providers.png new file mode 100644 index 0000000000..344497d432 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alert_providers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_compliance_email.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_compliance_email.png new file mode 100644 index 0000000000..9795c9980b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_compliance_email.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_example_jira_issue.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_example_jira_issue.png new file mode 100644 index 0000000000..6d33fbfc63 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_example_jira_issue.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_api_key1.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_api_key1.png new file mode 100644 index 0000000000..ab4ee97f44 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_api_key1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_api_key2.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_api_key2.png new file mode 100644 index 0000000000..54266016ba Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_api_key2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_role.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_role.png new file mode 100644 index 0000000000..6436b66359 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_role.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_svc_account.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_svc_account.png new file mode 100644 index 0000000000..861267b45c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_gcss_svc_account.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_servicenow_base_api_path.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_servicenow_base_api_path.png new file mode 100644 index 0000000000..36ed4bc48f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_servicenow_base_api_path.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/alerts_servicenow_new_resource.png b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_servicenow_new_resource.png new file mode 100644 index 0000000000..1abf0ec905 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/alerts_servicenow_new_resource.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/altered_binary_compliance_check.png b/docs/en/compute-edition/32/admin-guide/_graphics/altered_binary_compliance_check.png new file mode 100644 index 0000000000..78c2765bbc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/altered_binary_compliance_check.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/altered_binary_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/altered_binary_incident.png new file mode 100644 index 0000000000..8228d28fb9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/altered_binary_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_issue_number.png b/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_issue_number.png new file mode 100644 index 0000000000..04bbd25e1d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_issue_number.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_issues.png b/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_issues.png new file mode 100644 index 0000000000..b0eba1494a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_issues.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_list.png b/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_list.png new file mode 100644 index 0000000000..d2718c6c94 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/api_def_scan_list.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/app-embedded-fs-monitoring-disabled.png b/docs/en/compute-edition/32/admin-guide/_graphics/app-embedded-fs-monitoring-disabled.png new file mode 100644 index 0000000000..3d8c58ba96 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/app-embedded-fs-monitoring-disabled.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/app_embedded_scanning_metadata.png b/docs/en/compute-edition/32/admin-guide/_graphics/app_embedded_scanning_metadata.png new file mode 100644 index 0000000000..8dd0bb6d25 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/app_embedded_scanning_metadata.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/app_embedded_scanning_observations.png b/docs/en/compute-edition/32/admin-guide/_graphics/app_embedded_scanning_observations.png new file mode 100644 index 0000000000..d4dce0674c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/app_embedded_scanning_observations.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-add1.png b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-add1.png new file mode 100644 index 0000000000..90066c00b2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-add1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-add2.png b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-add2.png new file mode 100644 index 0000000000..ab679875e0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-add2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-compliance-rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-compliance-rule.png new file mode 100644 index 0000000000..f8d6b01fe6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-compliance-rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-import.png b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-import.png new file mode 100644 index 0000000000..64b8ff4d3d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/application-host-control-import.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/assign_collections_to_user.png b/docs/en/compute-edition/32/admin-guide/_graphics/assign_collections_to_user.png new file mode 100644 index 0000000000..60f2549a15 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/assign_collections_to_user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/attack_dashboard.png b/docs/en/compute-edition/32/admin-guide/_graphics/attack_dashboard.png new file mode 100644 index 0000000000..6e771eded3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/attack_dashboard.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/attack_explore_card.png b/docs/en/compute-edition/32/admin-guide/_graphics/attack_explore_card.png new file mode 100644 index 0000000000..2db3b01e6f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/attack_explore_card.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/attack_filtered_dashboard.png b/docs/en/compute-edition/32/admin-guide/_graphics/attack_filtered_dashboard.png new file mode 100644 index 0000000000..e4bd151dc7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/attack_filtered_dashboard.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/attack_tactics_techniques.png b/docs/en/compute-edition/32/admin-guide/_graphics/attack_tactics_techniques.png new file mode 100644 index 0000000000..ffb7b57814 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/attack_tactics_techniques.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/attack_unfiltered_dashboard.png b/docs/en/compute-edition/32/admin-guide/_graphics/attack_unfiltered_dashboard.png new file mode 100644 index 0000000000..9731b46544 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/attack_unfiltered_dashboard.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_all_csp.png b/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_all_csp.png new file mode 100644 index 0000000000..794d989824 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_all_csp.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_collection_example.png b/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_collection_example.png new file mode 100644 index 0000000000..7c622dc7a6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_collection_example.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_host_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_host_rule.png new file mode 100644 index 0000000000..711d111ca6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/auto_defend_host_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/auto_upgrade_defenders.png b/docs/en/compute-edition/32/admin-guide/_graphics/auto_upgrade_defenders.png new file mode 100644 index 0000000000..027ce0a723 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/auto_upgrade_defenders.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/autodeploy_gcp_23124.png b/docs/en/compute-edition/32/admin-guide/_graphics/autodeploy_gcp_23124.png new file mode 100644 index 0000000000..25994416ec Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/autodeploy_gcp_23124.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/automated_deployment.png b/docs/en/compute-edition/32/admin-guide/_graphics/automated_deployment.png new file mode 100644 index 0000000000..3bec5c0eaa Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/automated_deployment.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-add-user.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-add-user.png new file mode 100644 index 0000000000..61de65735c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-add-user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-applied-permission.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-applied-permission.png new file mode 100644 index 0000000000..b91d99e005 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-applied-permission.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-cloudformation.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-cloudformation.png new file mode 100644 index 0000000000..e6587d8b42 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-cloudformation.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-console-url.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-console-url.png new file mode 100644 index 0000000000..ad90a3a473 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-console-url.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-create-stack.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-create-stack.png new file mode 100644 index 0000000000..62fda290ea Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-create-stack.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-hub-permission-template.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-hub-permission-template.png new file mode 100644 index 0000000000..e188992431 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-hub-permission-template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-security-group.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-security-group.png new file mode 100644 index 0000000000..3cdbe1b6f0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-security-group.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-set-permissions.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-set-permissions.png new file mode 100644 index 0000000000..3c30733b36 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-set-permissions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-stack-name.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-stack-name.png new file mode 100644 index 0000000000..a28bb03510 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-stack-name.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-target-permission-template.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-target-permission-template.png new file mode 100644 index 0000000000..a9b0473013 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-target-permission-template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-user-without-permissions.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-user-without-permissions.png new file mode 100644 index 0000000000..7eb19bb044 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws-agentless-user-without-permissions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws_agentless_permissions_stack.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws_agentless_permissions_stack.png new file mode 100644 index 0000000000..89d4163688 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws_agentless_permissions_stack.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws_agentless_setup_stack.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws_agentless_setup_stack.png new file mode 100644 index 0000000000..4034e54761 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws_agentless_setup_stack.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws_secrets_manager_secret_type.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws_secrets_manager_secret_type.png new file mode 100644 index 0000000000..30312370cf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws_secrets_manager_secret_type.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws_security_hub_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws_security_hub_config.png new file mode 100644 index 0000000000..cc8fd03040 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws_security_hub_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/aws_systems_manager_parameter_store_param_type.png b/docs/en/compute-edition/32/admin-guide/_graphics/aws_systems_manager_parameter_store_param_type.png new file mode 100644 index 0000000000..6fba0f7f3a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/aws_systems_manager_parameter_store_param_type.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/azure-managed-identity-auth.png b/docs/en/compute-edition/32/admin-guide/_graphics/azure-managed-identity-auth.png new file mode 100644 index 0000000000..95e6687816 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/azure-managed-identity-auth.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/azure-managed-identity-user-assigned.png b/docs/en/compute-edition/32/admin-guide/_graphics/azure-managed-identity-user-assigned.png new file mode 100644 index 0000000000..3c7002a618 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/azure-managed-identity-user-assigned.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/azure-portal-managed-identity-system-assigned.png b/docs/en/compute-edition/32/admin-guide/_graphics/azure-portal-managed-identity-system-assigned.png new file mode 100644 index 0000000000..64a335be64 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/azure-portal-managed-identity-system-assigned.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/backdoor_admin_access_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/backdoor_admin_access_incident.png new file mode 100644 index 0000000000..7453dde6b5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/backdoor_admin_access_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/backdoor_ssh_access_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/backdoor_ssh_access_incident.png new file mode 100644 index 0000000000..5380984bf9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/backdoor_ssh_access_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/base_images_add.png b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_add.png new file mode 100644 index 0000000000..0f7fd46a85 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_add.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/base_images_after_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_after_filter.png new file mode 100644 index 0000000000..bfd7eba5e6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_after_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/base_images_before_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_before_filter.png new file mode 100644 index 0000000000..6b07a69b55 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_before_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/base_images_layers_tab.png b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_layers_tab.png new file mode 100644 index 0000000000..5ba346bdca Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_layers_tab.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/base_images_view.png b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_view.png new file mode 100644 index 0000000000..a6c2d2a12c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_view.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/base_images_vulnerabilities_tab.png b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_vulnerabilities_tab.png new file mode 100644 index 0000000000..e39e7195f6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/base_images_vulnerabilities_tab.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/best_practices_dns_757328.png b/docs/en/compute-edition/32/admin-guide/_graphics/best_practices_dns_757328.png new file mode 100644 index 0000000000..f230589197 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/best_practices_dns_757328.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/best_practices_dns_766674.png b/docs/en/compute-edition/32/admin-guide/_graphics/best_practices_dns_766674.png new file mode 100644 index 0000000000..68925c2d82 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/best_practices_dns_766674.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/block_containers_audits.png b/docs/en/compute-edition/32/admin-guide/_graphics/block_containers_audits.png new file mode 100644 index 0000000000..68ce8d225a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/block_containers_audits.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/brute_force_cnaf_audits.png b/docs/en/compute-edition/32/admin-guide/_graphics/brute_force_cnaf_audits.png new file mode 100644 index 0000000000..24d2b5bd0e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/brute_force_cnaf_audits.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/brute_force_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/brute_force_incident.png new file mode 100644 index 0000000000..d17cb3c972 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/brute_force_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/bulk-actions.png b/docs/en/compute-edition/32/admin-guide/_graphics/bulk-actions.png new file mode 100644 index 0000000000..11e72b0f6d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/bulk-actions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cert_auth_to_console_765460.png b/docs/en/compute-edition/32/admin-guide/_graphics/cert_auth_to_console_765460.png new file mode 100644 index 0000000000..8c30934abf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cert_auth_to_console_765460.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_grades.png b/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_grades.png new file mode 100644 index 0000000000..cc8be3c756 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_grades.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_templates.png b/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_templates.png new file mode 100644 index 0000000000..e61b515079 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_templates.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_versions.png b/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_versions.png new file mode 100644 index 0000000000..a1a3df5a41 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cis_benchmarks_versions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/client-cert-editing.png b/docs/en/compute-edition/32/admin-guide/_graphics/client-cert-editing.png new file mode 100644 index 0000000000..4e0fb59d6f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/client-cert-editing.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_accounts_acr_scanning.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_accounts_acr_scanning.png new file mode 100644 index 0000000000..0803b24b06 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_accounts_acr_scanning.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_accounts_cred_usage.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_accounts_cred_usage.png new file mode 100644 index 0000000000..b9d3e99c53 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_accounts_cred_usage.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_details_saas.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_details_saas.png new file mode 100644 index 0000000000..a20bb0fd79 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_details_saas.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_details_selfhosted.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_details_selfhosted.png new file mode 100644 index 0000000000..34da038e84 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_details_selfhosted.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_radar_saas.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_radar_saas.png new file mode 100644 index 0000000000..0fc8e8b124 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_radar_saas.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_radar_selfhosted.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_radar_selfhosted.png new file mode 100644 index 0000000000..787445cd97 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_radar_selfhosted.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_saas.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_saas.png new file mode 100644 index 0000000000..4aa7eebf79 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloud_discovery_saas.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_cjoc_all.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_cjoc_all.png new file mode 100644 index 0000000000..624b399c61 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_cjoc_all.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_pod_setup_poster.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_pod_setup_poster.png new file mode 100644 index 0000000000..a85574d68a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_pod_setup_poster.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_pod_template.png b/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_pod_template.png new file mode 100644 index 0000000000..10579ec847 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cloudbees_core_pod_template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_791468.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_791468.png new file mode 100644 index 0000000000..4609d9ddda Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_791468.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_791990.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_791990.png new file mode 100644 index 0000000000..15bf29f795 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_791990.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793458.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793458.png new file mode 100644 index 0000000000..c18d6779d1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793458.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793458.png.1 b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793458.png.1 new file mode 100644 index 0000000000..c18d6779d1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793458.png.1 differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793462.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793462.png new file mode 100644 index 0000000000..fb80609a90 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_793462.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_add_endpoint.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_add_endpoint.png new file mode 100644 index 0000000000..41d7834e5c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_add_endpoint.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_add_parameter.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_add_parameter.png new file mode 100644 index 0000000000..0fe80492af Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_add_parameter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_allowed_methods.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_allowed_methods.png new file mode 100644 index 0000000000..2cc5aced38 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_allowed_methods.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection.png new file mode 100644 index 0000000000..987a8c8a2f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection_action.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection_action.png new file mode 100644 index 0000000000..d04339d684 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection_action.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection_select_method.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection_select_method.png new file mode 100644 index 0000000000..63a9c0b418 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_api_protection_select_method.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_arch.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_arch.png new file mode 100644 index 0000000000..86393abac3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_arch.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_container_rule_resources.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_container_rule_resources.png new file mode 100644 index 0000000000..c846505143 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_container_rule_resources.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_example.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_example.png new file mode 100644 index 0000000000..75622f75d5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_example.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types.png new file mode 100644 index 0000000000..f620eae74b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types_app_embedded.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types_app_embedded.png new file mode 100644 index 0000000000..e1bbea4a79 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types_app_embedded.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types_host.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types_host.png new file mode 100644 index 0000000000..839aa650f1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_deployment_types_host.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_endpoint_lineitem.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_endpoint_lineitem.png new file mode 100644 index 0000000000..68e1ee57f7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_endpoint_lineitem.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_endpoint_lineitem_app_embbded.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_endpoint_lineitem_app_embbded.png new file mode 100644 index 0000000000..6f85619b2d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_endpoint_lineitem_app_embbded.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_file_upload.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_file_upload.png new file mode 100644 index 0000000000..cb0111bd14 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_file_upload.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_firewall_protections.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_firewall_protections.png new file mode 100644 index 0000000000..d3d3c42e2e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_firewall_protections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_host_rule_resources.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_host_rule_resources.png new file mode 100644 index 0000000000..fbcf4e447b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_host_rule_resources.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_host_rule_resources_app_embedded.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_host_rule_resources_app_embedded.png new file mode 100644 index 0000000000..e442e2ef54 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_host_rule_resources_app_embedded.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_http_headers.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_http_headers.png new file mode 100644 index 0000000000..621510f2a3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_http_headers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_network_access.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_network_access.png new file mode 100644 index 0000000000..b951f2abb0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_network_access.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_network_lists.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_network_lists.png new file mode 100644 index 0000000000..a9b984ea86 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_network_lists.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_example.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_example.png new file mode 100644 index 0000000000..933803f245 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_example.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_overview.png new file mode 100644 index 0000000000..984b6b3a91 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_scope.png new file mode 100644 index 0000000000..536a2493b5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnaf_rule_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_arch.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_arch.png new file mode 100644 index 0000000000..35ae509c16 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_arch.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_scenario1.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_scenario1.png new file mode 100644 index 0000000000..fe66cad57e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_scenario1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_scenario5.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_scenario5.png new file mode 100644 index 0000000000..18f6f52cbe Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnnf_scenario5.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnns-alerts-profile.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-alerts-profile.png new file mode 100644 index 0000000000..80bbdbf7d2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-alerts-profile.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-events-details.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-events-details.png new file mode 100644 index 0000000000..c717120b82 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-events-details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-events.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-events.png new file mode 100644 index 0000000000..b831b38fba Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-events.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-radar.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-radar.png new file mode 100644 index 0000000000..b37e9b5c07 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-radar.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-rules.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-rules.png new file mode 100644 index 0000000000..e9491ec373 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-container-rules.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cnns-enable.png b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-enable.png new file mode 100644 index 0000000000..4a9fa927f4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cnns-enable.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_config_scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_config_scan.png new file mode 100644 index 0000000000..95a88e65d7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_config_scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_creds.png b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_creds.png new file mode 100644 index 0000000000..54bc78bbd9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_creds.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_results.png b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_results.png new file mode 100644 index 0000000000..8ce5bac3d6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_results.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_token.png b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_token.png new file mode 100644 index 0000000000..587ecaa703 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/code_repo_scanning_token.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collection-sidecar-view.png b/docs/en/compute-edition/32/admin-guide/_graphics/collection-sidecar-view.png new file mode 100644 index 0000000000..362b246309 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collection-sidecar-view.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_792004.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_792004.png new file mode 100644 index 0000000000..c851c6f925 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_792004.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_assigned_users.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_assigned_users.png new file mode 100644 index 0000000000..6297d0c742 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_assigned_users.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_dropdown_list.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_dropdown_list.png new file mode 100644 index 0000000000..9bee826e56 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_dropdown_list.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_policy_table_scopes.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_policy_table_scopes.png new file mode 100644 index 0000000000..1173250685 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_policy_table_scopes.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_rule_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_rule_scope.png new file mode 100644 index 0000000000..b073184f2f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_rule_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_specify_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_specify_filter.png new file mode 100644 index 0000000000..df4191617e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_specify_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/collections_usages.png b/docs/en/compute-edition/32/admin-guide/_graphics/collections_usages.png new file mode 100644 index 0000000000..eaefe284c0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/collections_usages.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/comp_function_details.png b/docs/en/compute-edition/32/admin-guide/_graphics/comp_function_details.png new file mode 100644 index 0000000000..b7218a33b6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/comp_function_details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/comp_layers_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/comp_layers_filter.png new file mode 100644 index 0000000000..add98bcc76 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/comp_layers_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/compliance-ci-policy.png b/docs/en/compute-edition/32/admin-guide/_graphics/compliance-ci-policy.png new file mode 100644 index 0000000000..fa557c6970 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/compliance-ci-policy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_filter.png new file mode 100644 index 0000000000..6cb192e74b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_overview.png new file mode 100644 index 0000000000..14403ed484 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_tabs.png b/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_tabs.png new file mode 100644 index 0000000000..cf41af1726 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/compliance_explorer_tabs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/config_app_embedded_fs_protection_deploy.png b/docs/en/compute-edition/32/admin-guide/_graphics/config_app_embedded_fs_protection_deploy.png new file mode 100644 index 0000000000..b7213b7a5e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/config_app_embedded_fs_protection_deploy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/config_app_embedded_fs_protection_global.png b/docs/en/compute-edition/32/admin-guide/_graphics/config_app_embedded_fs_protection_global.png new file mode 100644 index 0000000000..8c1ef50c34 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/config_app_embedded_fs_protection_global.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/configure_proxy_console.png b/docs/en/compute-edition/32/admin-guide/_graphics/configure_proxy_console.png new file mode 100644 index 0000000000..608ef29f07 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/configure_proxy_console.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/configure_proxy_defender.png b/docs/en/compute-edition/32/admin-guide/_graphics/configure_proxy_defender.png new file mode 100644 index 0000000000..1463965012 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/configure_proxy_defender.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/configure_scan_intervals_defender_details.png b/docs/en/compute-edition/32/admin-guide/_graphics/configure_scan_intervals_defender_details.png new file mode 100644 index 0000000000..e1d96a612a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/configure_scan_intervals_defender_details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/configure_scan_intervals_defender_list.png b/docs/en/compute-edition/32/admin-guide/_graphics/configure_scan_intervals_defender_list.png new file mode 100644 index 0000000000..099fd328a4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/configure_scan_intervals_defender_list.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/connected_app_embedded_defenders.png b/docs/en/compute-edition/32/admin-guide/_graphics/connected_app_embedded_defenders.png new file mode 100644 index 0000000000..9a49fe83c9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/connected_app_embedded_defenders.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/connected_fargate_defenders.png b/docs/en/compute-edition/32/admin-guide/_graphics/connected_fargate_defenders.png new file mode 100644 index 0000000000..dfaeb09501 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/connected_fargate_defenders.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/console_defender_connection_flows.png b/docs/en/compute-edition/32/admin-guide/_graphics/console_defender_connection_flows.png new file mode 100644 index 0000000000..67f554b620 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/console_defender_connection_flows.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/container-runtime-type-ui.png b/docs/en/compute-edition/32/admin-guide/_graphics/container-runtime-type-ui.png new file mode 100644 index 0000000000..0cd393b9eb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/container-runtime-type-ui.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/containerRuntimeRule-Networking.png b/docs/en/compute-edition/32/admin-guide/_graphics/containerRuntimeRule-Networking.png new file mode 100644 index 0000000000..828a918b36 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/containerRuntimeRule-Networking.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/containerRuntimeRule-Processes.png b/docs/en/compute-edition/32/admin-guide/_graphics/containerRuntimeRule-Processes.png new file mode 100644 index 0000000000..c1e3fbf754 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/containerRuntimeRule-Processes.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cortex-xdr-config-triggers.png b/docs/en/compute-edition/32/admin-guide/_graphics/cortex-xdr-config-triggers.png new file mode 100644 index 0000000000..c11d473bd0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cortex-xdr-config-triggers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cortex_xdr_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/cortex_xdr_config.png new file mode 100644 index 0000000000..1b51051d09 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cortex_xdr_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cortex_xsoar_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/cortex_xsoar_config.png new file mode 100644 index 0000000000..0c3c0d3971 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cortex_xsoar_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/create-vpc-configuration.png b/docs/en/compute-edition/32/admin-guide/_graphics/create-vpc-configuration.png new file mode 100644 index 0000000000..87748daeca Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/create-vpc-configuration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/create_collections.png b/docs/en/compute-edition/32/admin-guide/_graphics/create_collections.png new file mode 100644 index 0000000000..583e830019 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/create_collections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_arch.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_arch.png new file mode 100644 index 0000000000..e29145c861 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_arch.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_aws_access_key.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_aws_access_key.png new file mode 100644 index 0000000000..0b107ba0bf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_aws_access_key.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_aws_sts_relationships.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_aws_sts_relationships.png new file mode 100644 index 0000000000..c43de6a20c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_aws_sts_relationships.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_config_reg_scanning.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_config_reg_scanning.png new file mode 100644 index 0000000000..5e2e3751f9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_config_reg_scanning.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_default_iam_role.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_default_iam_role.png new file mode 100644 index 0000000000..10e42901b4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_default_iam_role.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_iam_role.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_iam_role.png new file mode 100644 index 0000000000..5db76a30e2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_iam_role.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_iam_user.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_iam_user.png new file mode 100644 index 0000000000..ca037c6c44 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_iam_user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_prisma_cloud_oboarding.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_prisma_cloud_oboarding.png new file mode 100644 index 0000000000..9686957fef Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_prisma_cloud_oboarding.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_scan_ecr_iam_role.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_scan_ecr_iam_role.png new file mode 100644 index 0000000000..a388c25cbf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_scan_ecr_iam_role.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_surface_prisma_cloud_cred.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_surface_prisma_cloud_cred.png new file mode 100644 index 0000000000..3682af587d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_surface_prisma_cloud_cred.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_usage.png b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_usage.png new file mode 100644 index 0000000000..fdc7054f2b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/credentials_store_usage.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_action.png b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_action.png new file mode 100644 index 0000000000..3bf359bb9d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_action.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_csv.png b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_csv.png new file mode 100644 index 0000000000..c151b8410e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_csv.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_image_report.png b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_image_report.png new file mode 100644 index 0000000000..485aa85c0b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_image_report.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_incident.png new file mode 100644 index 0000000000..844b7651c8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/crypto_miner_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565472.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565472.png new file mode 100644 index 0000000000..5bb102711f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565472.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565474.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565474.png new file mode 100644 index 0000000000..659c9f8dd4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565474.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565475.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565475.png new file mode 100644 index 0000000000..7291e8adee Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565475.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565476.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565476.png new file mode 100644 index 0000000000..52a1929b55 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_certs_console_access_565476.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_roles_create_role.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_roles_create_role.png new file mode 100644 index 0000000000..11271fce26 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_roles_create_role.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_roles_missing_permissions.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_roles_missing_permissions.png new file mode 100644 index 0000000000..722bb705f8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_roles_missing_permissions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_rules_effect.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_rules_effect.png new file mode 100644 index 0000000000..693db42112 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_rules_effect.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/custom_runtime_rules_log_as.png b/docs/en/compute-edition/32/admin-guide/_graphics/custom_runtime_rules_log_as.png new file mode 100644 index 0000000000..7a2704fb45 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/custom_runtime_rules_log_as.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/customers_1607356112345.csv b/docs/en/compute-edition/32/admin-guide/_graphics/customers_1607356112345.csv new file mode 100644 index 0000000000..3a470f0b9c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/_graphics/customers_1607356112345.csv @@ -0,0 +1,3167 @@ +CustomerID,Time,HostDefendersWorkloads,ContainerDefendersWorkloads,ServerlessWorkloads,ContainerNetworkFirewallPolicyRules,HostNetworkFirewallPolicyRules,ContainerAppFirewallPolicyRules,HostAppFirewallPolicyRules,AppEmbeddedAppFirewallPolicyRules,ServerlessAppFirewallPolicyRules,ContainerRuntimePolicyRules,HostRuntimePolicyRules,ServerlessRuntimePolicyRules,AppEmbeddedRuntimePolicyRules,CustomRuntimeRules,ContainerRuntimeAudits,HostRuntimeAudits,ServerlessRuntimeAudits,AppEmbeddedRuntimeAudits,ContainerIncidents,HostIncidents,FunctionIncidents,AppEmbeddedIncidents,RegistryConfigurations,ServerlessConfigurations,TasConfiguration,FileIntegrityEvents,StorageSizeAll,StorageSizeUsed,ClientsCount,CustomerName,HostDefenders,ContainerDefenders,AppEmbeddedDefenders,ServerlessInvocations,ScannedFunctions,ConsoleVersion,CustomerEmail,LicenseType,LicensedWorkloads,TotalDefenders,LicenseIssueDate,LicenseExpirationDate,ComputeEdition,ContractID,Ip,Country,Internal,LicensedHostDefenders,LicensedContainerDefenders,UniqueConsoleID +anz-3050045,2020-12-06 15:56:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,1st Group - 7936979177726255106,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286737,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,24/7 Customer - 9191152416003715176,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212240,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"2nd Watch, Inc. - 3318877163903997526",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258932,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,2nd Watch_2,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572405,2020-12-07 14:31:32.000,2,112,0.00,0,0,1,0,0,0,1,1,1,0,28,11,9,0,0,12,0,0,0,0,0,0,0,2046640128.00,551849984.00,0,605,2,16,0,0.00,0,20.04.177,,enterprise,1000000,18,2019-12-07 16:06:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545890,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,42,9,0,0,26,0,0,0,0,0,0,0,2046640128.00,542126080.00,0,7 Layers Srl - 5749900597979338989,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-26 14:38:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050983,2020-12-06 15:58:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,7-ELEVEN STORES PTY LTD - 7325550338455197467,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239118,2020-12-06 16:48:20.000,0,224,0.00,0,0,1,0,0,0,1,1,1,0,28,58,73,0,0,6,95,0,0,2,0,0,0,2046640128.00,738680832.00,0,84.51 Llc - 1249490047338077871,0,32,0,0.00,0,20.09.366,,enterprise,1000000,32,2020-05-07 15:16:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284782,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,84.51 Llc - 1311110989318276578,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +8451,2020-12-06 18:13:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,8451,0,0,0,0.00,0,20.04.163,null@8451.com,enterprise,400,0,2020-02-01 02:56:58.000,2023-01-31 02:56:58.000,true,00002738,67.96.18.168,US,false,0,0, +eu-2-143541957,2020-12-07 15:31:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,888 Holdings Public Limited Company - 1326726809057728236,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544991,2020-12-06 15:47:05.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,542982144.00,0,8K MILES SOFTWARE SERVICES LIMITED - 344927679870121044,0,3,0,0.00,0,,,enterprise,1000000,3,2020-09-23 10:20:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153346,2020-12-07 15:31:13.000,0,0,0.00,0,0,1,0,0,0,2,2,1,0,28,3,1,0,0,2,1,0,0,0,0,0,0,2046640128.00,417107968.00,0,A1 Digital International Gmbh - 7451942890602502614,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-24 09:36:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284785,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,536678400.00,0,A2 - 1213757100866570923,0,0,0,0.00,0,,,enterprise,1000000,0,2020-10-08 17:01:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244670,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AAA - 5828946573153264402,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257869,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AAA - MWG,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150436,2020-12-07 15:44:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AB Inbev,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545984,2020-12-06 15:52:54.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,12,9,0,0,0,0,0,0,2,0,0,0,2046640128.00,542019584.00,0,ABB Ltd - 2003614611751776940,0,5,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-11-10 14:38:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"ABC Financial Services, Inc.",2020-12-07 06:59:33.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ABC Financial Services, Inc.",0,5,0,0.00,0,20.09.345,chris.jowett@abcfinancial.com,enterprise,144,8,2020-02-18 15:14:05.000,2021-02-12 15:14:05.000,true,ae96cf44-0bb6-8049-abb4-09f0566e103a,35.162.133.161,US,false,0,18, +us-3-159241787,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ABC Supply Holding Corp. - 5974704682117638099,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ACL Services Ltd.,2020-12-07 05:59:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ACL Services Ltd.,0,0,0,0.00,0,19.03.321,ryan_wilms@acl.com,enterprise,1000,249,2020-09-21 02:43:29.000,2021-09-29 07:00:00.000,true,c7547ce2-a3f4-b5ee-8340-878e8242ea48,52.42.173.62,US,false,0,0, +eu-2-143544780,2020-12-06 15:52:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ACPL Systems Pvt Ltd - 1089301233205387474,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544990,2020-12-06 15:47:05.000,0,0,0.00,0,0,1,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,544301056.00,0,ACPL Systems Pvt Ltd - 1218796698015811365,0,0,0,0.00,0,20.09.345,,enterprise,1000000,0,2020-09-23 06:20:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545928,2020-12-07 15:35:50.000,1,0,0.00,0,0,2,1,0,0,3,2,1,0,28,5,1,0,0,0,0,0,0,3,0,0,449,2046640128.00,534810624.00,0,ACPL Systems Pvt Ltd - 212545480553130391,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-02 13:44:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544776,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,2,1,1,0,28,0,0,0,0,1,0,0,0,3,6,0,0,2046640128.00,539049984.00,0,ACPL Systems Pvt Ltd - 7029237936113677150,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-21 08:09:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096786,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ACPL Systems Pvt Ltd - 8405732619893927401,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285833,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ACW Distribution HK MACAU - 2451729719572256869,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096840,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ACW Distribution HK MACAU - 3133405371626805828,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"ADP, LLC",2020-12-07 12:09:50.000,0,364,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ADP, LLC",0,52,0,0.00,0,20.09.345,gerrard.lindsay@adp.com,enterprise,2700,52,2020-07-07 19:00:48.000,2021-03-12 19:00:48.000,true,0b53a6ce-c812-a4dc-dc08-d628f6c59b50,170.146.220.72,US,false,0,0, +us-3-159180469,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ADT Security Services, Inc. - 721096186343975596",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256730,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AECOM,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243957,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AES.COM,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213049,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AHA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262737,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"AHEAD, Inc. - 9023223829409902250",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255088,2020-12-07 14:31:31.000,0,770,0.00,0,0,0,0,0,1,1,1,2,0,28,575,144,0,0,66,0,0,0,29,3,0,0,2046640128.00,736690176.00,0,AIA,0,110,0,0.00,0,20.09.366,,enterprise,1000000,113,2019-12-08 17:40:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186075,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AIA FINANCIAL SERVICES NETWORK LIMITED - 2614670032981472855,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257971,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AIG,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159186289,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"AIG Technologies, Inc. - 7323417712585832319",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242747,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AKP-PrismaCloud,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ALDI International Services GmbH & Co. oHG,2020-12-07 13:16:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ALDI International Services GmbH & Co. oHG,0,0,0,0.00,0,20.04.177,yathursan.theva@aldi-sued.com,enterprise,400,24,2020-09-22 10:18:15.000,2021-09-20 22:00:00.000,true,cebd020a-fe48-9046-f7ea-5497c871911a,89.202.120.119,DE,false,0,0, +eu-2-143545769,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ALTAMIRA ASSET MANAGEMENT SA - 41778630037448698,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143546016,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ALUMINIUM DUNKERQUE - 8209023604294129698,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286578,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AME DIGITAL BRASIL LTDA- 8413443232441069302,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051753,2020-12-07 15:33:43.000,0,0,0.00,0,0,0,0,0,0,1,1,1,1,28,0,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,553779200.00,0,AMP - 653115202935090559,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-02-24 04:29:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159179569,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AQR Capital - 9073065975309200719,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215119,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AQR Capital - 93667170984417932,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545799,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ARAMEX International - 8378161940405713385,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ARCH Mortgage,2020-12-06 20:59:26.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ARCH Mortgage,0,5,0,0.00,0,20.09.365,mstoltzfus@archmi.com,evaluation,100,5,2020-11-13 14:30:29.000,2020-12-13 08:00:00.000,true,3d140de3-733c-ee17-f55c-8c0df3d99f13,199.254.67.144,US,false,0,0, +us-2-158285777,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,57,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,569356288.00,0,ARCH Mortgage - 5652755469401233525,0,0,0,0.00,0,,,enterprise,1000000,0,2020-11-02 14:11:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +AT&T Corp.,2020-12-07 11:15:20.000,0,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AT&T Corp.,0,19,0,0.00,0,20.09.345,jb5042@att.com,enterprise,240,19,2020-08-11 15:15:42.000,2021-07-26 15:15:42.000,true,8f71dce2-243e-aa27-66c4-e1057acc036e,3.214.28.136,US,false,0,30, +eu-2-143545865,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,2,12,0,0,0,0,0,0,0,0,0,0,2046640128.00,536289280.00,0,ATOS IT Solutions and Services GmbH - 3601713517867314221,0,0,0,0.00,0,,,enterprise,1000000,0,2020-10-22 14:53:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543939,2020-12-07 15:39:25.000,0,0,0.00,0,0,1,0,0,1,4,5,1,1,28,8,4,0,0,29,0,0,0,1,1,0,0,2046640128.00,545124352.00,0,ATOS SPAIN SA - 4510014222600238362,0,0,0,0.00,2,20.09.366,,enterprise,1000000,1,2020-07-28 11:17:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053680,2020-12-06 18:02:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AUTO & GENERAL INSURANCE COMPANY LIMITED - 8390892084185991113,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242059,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AWAC Services Company - 1824762751661844811,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283701,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AWS - 8276330014119836738,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284808,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AWS - 8300081140231989887,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216081,2020-12-06 16:48:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Abacus Insights, Inc. - 7666410246569763159",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214039,2020-12-07 15:29:29.000,27,3535,0.40,0,0,0,0,0,0,3,5,2,0,28,226,643,1,0,485,0,0,0,1,2,0,0,2046640128.00,769781760.00,0,"Abacus Insights, Inc. - 9031647010890587018",27,505,0,7418.00,56,20.09.366,,enterprise,1000000,548,2020-02-21 18:47:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186071,2020-12-07 15:29:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Abbott Labs - Dev,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287568,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Abbvie Inc. - 428217795921016011,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150463,2020-12-07 15:47:33.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537473024.00,0,Abbyy,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-07 22:09:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244662,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Abc Supply - 8420003416269540763,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238003,2020-12-06 16:22:53.000,0,105,0.00,0,0,0,0,0,0,1,1,1,0,28,17,122,0,0,123,9,0,0,0,0,0,0,10501771264.00,1468493824.00,0,Ablevets Llc - 2850861379650981332,0,15,0,0.00,0,20.09.366,,enterprise,1000000,15,2020-04-21 13:50:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Abn_amro,2020-12-07 14:41:07.000,0,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Abn_amro,0,7,0,0.00,0,20.09.365,null@nl.abnamro.com,enterprise,4500,7,2019-12-17 11:30:59.000,2020-12-31 11:30:59.000,true,00000545,104.45.67.45,NL,false,0,750, +eu-2-143545867,2020-12-07 15:35:35.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,3,0,0,0,0,0,0,0,1,0,0,2046640128.00,535683072.00,0,Accenture (uk) Limited - Partner Account - 5072334064001551618,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-10-26 07:46:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228550,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Accenture Federal Services Llc - 6223910317396194484,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182453,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Accenture Inc. - 2655162720811181616,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182451,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,1,1,2,0,28,0,1,0,0,0,1,0,0,0,1,0,0,2046640128.00,526970880.00,0,Accenture Inc. - 3790216496518810609,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-10 19:53:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159182452,2020-12-06 16:22:42.000,1,21,0.00,0,0,4,0,0,0,4,2,1,0,30,6,8,0,0,4,0,0,0,3,5,0,0,2046640128.00,558129152.00,0,Accenture Inc. - 5951011082960221012,1,3,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-12-10 19:54:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545028,2020-12-07 15:31:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Accenture India Pvt. Ltd. (reseller) - 1862022402457613282,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237972,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Accenture LLP (U.S. PRIMARY) - 6811570003226784372,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545985,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537702400.00,0,Access Uk Ltd - 452378819285251589,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-12 13:48:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545742,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Access Uk Ltd - 7790200331712282122,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209358,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Accident Fund Insurance - 7865235113913006077,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053774,2020-12-06 17:39:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Acer Incorporated - 6218085837664189407,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543881,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Acuity Knowledge Partners (uk) Limited - 5855216278910011868,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285589,2020-12-07 15:01:30.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,541532160.00,0,Addition Financial - 7511410365026196226,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-19 14:45:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242901,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Adgear Technologies Inc - 231011742314308428,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Aditinet.it_Eval3,2020-12-07 10:47:34.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aditinet.it_Eval3,0,5,0,0.00,0,20.09.365,federico.ciceri@aditinet.it,evaluation,100,5,2020-10-07 12:11:00.000,2021-01-05 12:11:00.000,true,Aditinet.it_Eval3,91.81.95.210,IT,false,0,0, +us-2-158287483,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aditya Birla Capital Limited - 563098552464378502,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143537337,2020-12-07 15:47:33.000,0,133,0.00,0,0,0,0,0,0,5,1,1,0,28,9,21,0,0,21456,0,0,0,3,1,0,0,2046640128.00,874602496.00,0,Admiral Group Plc - 4853551566644959303,0,19,0,0.00,0,20.09.366,,enterprise,1000000,19,2019-12-11 08:44:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545021,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Admiral Group Plc - 5573711016915108741,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143538303,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Admiral Group Plc - 8375769533697889047,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544900,2020-12-07 15:35:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Advens - 1228389865661531222,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544873,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Advens - 6216756369460397952,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544874,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Advens - 8322599962511688537,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241102,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aflac,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215121,2020-12-07 15:29:29.000,1,539,0.00,0,0,0,0,0,0,1,1,1,1,28,127,78,1,0,1,4,0,0,1,7,0,0,2046640128.00,641880064.00,0,Aflac Incorporated - 2156331344595043640,1,77,0,0.00,1,20.09.366,,enterprise,1000000,78,2020-03-13 02:51:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286584,2020-12-07 15:01:31.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,13,3,0,0,1,0,0,0,11,0,0,0,2046640128.00,542986240.00,0,Agility XaaS - 1952960464274263098,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-10 16:31:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245783,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Agility XaaS - 4110371666073501803,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284597,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Agility XaaS - 8822688028836327566,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053828,2020-12-06 17:42:47.000,0,35,0.00,0,0,1,1,0,0,1,1,2,0,28,5,6,0,0,0,0,0,0,0,0,0,0,2046640128.00,548315136.00,0,"Ahnlab, Inc. - 2750974105376755717",0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-09-16 08:23:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Ai Percipient Inc,2020-12-06 19:04:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ai Percipient Inc,0,0,0,0.00,0,19.03.321,anantha@percipient.ai,enterprise,10,23,2020-03-23 18:22:39.000,2021-04-10 07:00:00.000,true,44f7848f-df5f-b571-3eef-9b6fb3f43ac3,205.234.21.52,US,false,10,0, +Ai Percipient Inc ,2020-12-04 19:03:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ai Percipient Inc ,0,0,0,0.00,0,19.03.321,anantha@percipient.ai,enterprise,80,23,2020-04-09 21:38:33.000,2021-04-10 21:38:33.000,true,44f7848f-df5f-b571-3eef-9b6fb3f43ac3,205.234.21.52,US,false,0,10, +anz-3050824,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Aia Information Technology (guangzhou) Co., Ltd. - 4767601891502897822",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050919,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aia Insurance Lanka Plc - 5262704653311279100,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050921,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aia Shared Services (hong Kong) Limited - 1141777906770239538,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053864,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aia Shared Services (hong Kong) Limited - 2783262475893015256,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053893,2020-12-06 18:02:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aia Shared Services (hong Kong) Limited - 2957803571647674040,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052686,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aia Shared Services (hong Kong) Limited - 7062789805826072357,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052936,2020-12-06 15:56:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aia Shared Services (hong Kong) Limited - 7963255903263213355,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Air Force Material Command (AFMC),2020-12-07 11:14:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Air Force Material Command (AFMC),0,0,0,0.00,0,20.04.163,timothy.atkinson@fcnit.com,enterprise,100,1,2020-04-04 00:01:39.000,2021-04-02 07:00:00.000,true,60ffeeb9-73e0-3376-7535-ae286a4a97bf,52.181.177.125,US,false,0,0, +Air Force Material Command (AFMC),2020-12-06 22:55:23.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Air Force Material Command (AFMC),0,0,0,0.00,0,20.04.163,darlene.franco@solidstatescientific.com,enterprise,100,8,2020-08-21 22:13:00.000,2021-08-20 07:00:00.000,true,e7c673bb-aeba-1f2b-bfd7-64da255a8c4b,52.222.98.76,US,false,0,0, +Air Force Material Command (AFMC),2020-12-06 21:05:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Air Force Material Command (AFMC),0,0,0,0.00,0,20.04.169,matthew.huston@afwerx.af.mil,enterprise,400,14,2020-04-24 22:44:27.000,2021-04-23 07:00:00.000,true,33cf5213-5e7c-2cca-154e-0ce2b51367b2,15.200.142.95,US,false,0,0, +Air Force Material Command (AFMC),2020-12-07 13:49:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Air Force Material Command (AFMC),0,0,0,0.00,0,20.04.163,estrike@gitlab.com,enterprise,100,1,2020-11-09 14:15:21.000,2021-11-08 08:00:00.000,true,3693782a-25e2-5614-33f8-4677c0421a0c,35.209.210.194,US,false,0,0, +eu-2-143544906,2020-12-07 15:35:49.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,15,12,0,0,3,0,0,0,0,0,0,0,2046640128.00,541437952.00,0,Air Liquide S.A. - 6537326351416223167,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2020-09-11 17:51:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159179563,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Air Products And Chemicals, Inc. - 2208890100280930106",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103342,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Airliquide,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Ait Engineering Corp.,2020-12-07 13:10:33.000,0,161,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ait Engineering Corp.,0,23,0,0.00,0,20.09.365,tina.m.wooding.ctr@mail.mil,enterprise,200,23,2020-11-30 11:10:51.000,2021-11-27 08:00:00.000,true,561146c0-b058-0526-a520-ec2dee9e3333,140.32.24.151,US,false,0,0, +Alacriti Payments,2020-12-07 07:50:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alacriti Payments,0,0,0,0.00,0,20.04.177,kasi.sama@alacriti.com,enterprise,200,15,2020-07-08 20:44:06.000,2021-07-09 07:00:00.000,true,0ec80309-8127-197a-6329-667a7025b4cf,52.23.99.33,US,false,0,0, +Alcohol And Tobacco Tax And Trade Bureau,2020-12-07 14:38:49.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alcohol And Tobacco Tax And Trade Bureau,0,4,0,0.00,0,20.09.365,brian.mayers@ttb.gov,enterprise,100,4,2020-05-22 21:31:11.000,2023-05-21 07:00:00.000,true,bf0136c7-de20-2641-7fda-2fd2b4446822,166.123.211.103,US,false,0,0, +us-3-159242002,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alelo TLT - 1652422121839986247,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Alex,2020-12-07 13:43:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alex,0,0,0,0.00,0,20.01.110,alexs@twistlock.com,enterprise,0,0,2019-05-01 14:39:39.000,2024-10-21 14:39:39.000,true,dev,146.148.93.252,US,true,300,300, +us-2-158258775,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Allergan,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239024,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Allergan plc - 4934053069272955336,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Alliance Bernstein,2020-12-07 07:50:46.000,0,182,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alliance Bernstein,0,26,0,0.00,0,20.09.365,null@alliancebernstein.com,enterprise,500,36,2020-07-28 20:10:26.000,2023-07-21 20:10:26.000,true,0,206.218.206.153,US,false,0,0, +us-3-159243952,2020-12-06 16:33:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alliance Bernstein L.P. - 8078359961530152176,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573419,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alliance Data Card Services,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177577,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alliant Credit Union - 6461898196968737655,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545952,2020-12-06 15:48:58.000,0,28,0.00,0,0,0,0,0,0,2,1,1,0,28,937,19,0,0,190,0,0,0,6,0,0,0,10501771264.00,548900864.00,0,Allianz Deutschland AG - 8638548407520008445,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-11-03 11:43:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Allianz Group,2020-12-07 08:49:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Allianz Group,0,0,0,0.00,0,20.04.169,jean-francois.landreau@allianz.com,enterprise,300,0,2020-09-16 20:25:28.000,2021-09-15 07:00:00.000,true,e73cca60-580d-dffa-735f-004c46506db9,18.159.212.176,DE,false,0,0, +eu-2-143540128,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Allianz Group - 7113454190483992440,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215096,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Allied World Assurance Inc - 2240337433372618375,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545767,2020-12-06 15:47:06.000,1,0,0.00,0,0,0,0,0,0,1,2,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,543285248.00,0,Allot Communications Ltd. - 679752608107673999,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-12 21:45:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285553,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Almacenes Corona S A S - 8417096689996213498,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150345,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alpiq,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544933,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Alpiq Holding AG - 4244638153192966696,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158259826,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Altarum Institute - 7619261205135533971,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213170,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Altisource Business Solutiions Private Limited - 5195902487808091688,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545892,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Altius Consulting - 1216134813508052106,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544005,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amadeus S.A.S DTS - 4013325763931064378,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542081,2020-12-07 15:35:49.000,0,7,0.00,0,0,0,0,0,0,2,1,1,0,28,12,6,0,0,2986,13,0,0,0,3,0,0,2046640128.00,560832512.00,0,Amadeus S.A.S. - 7650068812450560192,0,0,7,0.00,0,20.09.366,,enterprise,1000000,8,2020-05-11 09:07:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096972,2020-12-07 14:56:16.000,1,21,0.00,0,0,0,0,0,0,3,1,1,0,28,7,7,0,0,2,0,0,0,1,0,0,0,2046640128.00,565661696.00,0,"Amar Bank, Pt - 6546351503391878097",1,3,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-10-27 04:11:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284689,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amazon - 4134076446201109197,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545800,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,1,1,1,2,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,533282816.00,0,Amazon Uk Services Ltd. - 3810019892280765947,0,0,0,0.00,5,20.09.351,,enterprise,1000000,0,2020-10-19 09:29:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096842,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Amazon.Com, Inc. - 212066575536356429",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239865,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Amazon.Com, Inc. - 6603050154344369340",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284749,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Amazon.Com, Inc. - 7634218866416489530",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287537,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ambivalent Security - 1655578990134400986,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544836,2020-12-06 15:48:57.000,0,35,0.00,0,0,0,0,0,0,3,2,1,0,28,4,6,0,0,0,0,0,0,14,0,0,10,10501771264.00,966934528.00,0,Amdocs (Israel) Ltd. - 1414720596777935850,0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-08-30 15:05:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285744,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ameren Corporation - 5490189632119334749,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286518,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,American Century Investments - 6209508882455739975,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284780,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,American Century Services Corporation - 7805442334477912499,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255084,2020-12-07 14:34:00.000,0,140,0.00,0,0,0,0,0,0,1,1,1,0,28,14,48,0,0,3,0,0,0,1,0,0,0,2046640128.00,591237120.00,0,American Eagle,0,20,0,0.00,0,20.09.366,,enterprise,1000000,20,2019-12-07 11:22:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159179507,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,American Express Company - 6793362484907344545,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242060,2020-12-06 15:52:51.000,0,1,0.00,0,0,0,0,0,1,1,1,1,1,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,541462528.00,0,American Family Mutual Insurance Company - 1455713497417971900,0,0,1,0.00,0,,,enterprise,1000000,1,2020-07-01 02:05:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244694,2020-12-07 15:32:51.000,1,0,0.00,0,0,0,0,0,0,2,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,530096128.00,0,"American Specialty Health, Inc - 5135549166778743309",1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-08-01 02:52:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +American Water Works,2020-12-07 09:39:38.000,0,175,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,American Water Works,0,25,0,0.00,0,20.09.365,nick.santillo@amwater.com,enterprise,280,25,2020-07-20 15:34:20.000,2021-06-14 15:34:20.000,true,5a4a34a0-7ec9-7b9d-81f3-fc9aaa6c0108,192.234.148.250,US,false,0,35, +us-2-158285619,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amerisourcebergen Corporation - 7121116430957706192,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283886,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amerisourcebergen Corporation - 7845250455198438679,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183288,2020-12-06 16:03:49.000,6,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,6,0,0,0,0,0,0,0,4,0,0,2046640128.00,538382336.00,0,Amex Global Business Travel - 7871062435354429571,6,0,0,0.00,0,20.09.366,,enterprise,1000000,6,2019-12-10 21:34:55.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525220,2020-12-07 14:39:19.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,3,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,538722304.00,0,Amgen,0,2,0,0.00,0,,,enterprise,1000000,2,2019-12-10 04:23:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053642,2020-12-06 17:55:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amorepacific - 7137032358084196379,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050944,2020-12-06 15:55:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amorepacific - 9015885356795004889,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052751,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amp Limited - 1939217287259952210,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052841,2020-12-06 17:55:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amp Limited - 4990534798412998825,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054636,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amp Limited - 987035946089536871,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238030,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amrock - 6855895788962530004,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215029,2020-12-06 16:04:30.000,0,77,0.00,0,0,0,0,0,0,1,1,1,0,28,22,13,0,0,3,0,0,0,2,0,0,0,2046640128.00,571781120.00,0,Amrock - 8335865810682283116,0,11,0,0.00,0,19.11.512,,enterprise,1000000,11,2020-03-09 19:33:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Amway (China) Co. Ltd.,2020-12-07 12:44:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Amway (China) Co. Ltd.,0,0,0,0.00,0,20.04.163,frankie.chen@amway.com,enterprise,400,90,2020-05-12 17:56:59.000,2023-05-11 07:00:00.000,true,9fe36b42-6fc2-9454-cb2f-690586731ec8,120.24.101.163,CN,false,0,0, +us-3-159180522,2020-12-06 15:52:50.000,0,126,0.00,0,0,0,0,1,0,1,1,2,0,28,14,17,0,0,2,0,0,0,9,1,0,0,10501771264.00,1095987200.00,0,Amway Corp. - 7790460890006099239,0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2019-12-10 12:56:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255952,2020-12-07 14:37:50.000,8,63,0.00,0,0,0,0,0,0,1,1,1,0,31,7,17,0,0,0,0,0,0,0,0,0,0,2046640128.00,538648576.00,0,Anaplan,8,9,0,0.00,0,20.09.366,,enterprise,1000000,17,2019-12-09 09:14:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210190,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Anheuser-Busch Inbev - 1083925948544270497,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Anthem, Inc.",2020-12-07 15:03:19.000,0,42,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Anthem, Inc.",0,6,0,0.00,0,20.09.345,cliff.luchtefeld@anthem.com,enterprise,10000,6,2020-04-30 16:14:17.000,2024-04-29 07:00:00.000,true,e0c46f26-8c98-1d67-492a-26bdcd3df972,162.95.148.249,US,false,0,0, +us-3-159181302,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Anthem, Inc. - 2278980583902625757",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238930,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Anthem, Inc. - 9208088809546515671",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283724,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Anuta Networks Inc. - 6997361503464809486,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283884,2020-12-07 14:46:33.000,0,77,0.00,0,0,0,0,0,0,1,1,1,0,28,24,43,0,0,0,0,0,0,0,0,0,0,2046640128.00,589799424.00,0,Aon - 2617105664182506425,0,11,0,0.00,0,,,enterprise,1000000,19,2020-09-25 19:00:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284811,2020-12-07 14:39:19.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532721664.00,0,"Apex Companies, Llc - 7752242665936928064",1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-09 01:51:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545774,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Apius Technologies S.A. - 8608485564236023509,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285775,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Apoleam - 2203033827542766584,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Appen Butler Hill Inc.,2020-12-07 13:06:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Appen Butler Hill Inc.,0,0,0,0.00,0,19.11.506,rbrunwin@appen.com,enterprise,100,0,2020-11-09 08:00:14.000,2021-11-08 00:00:00.000,true,635bd29b-72db-1712-ef8f-6f54567c3763,34.238.181.75,US,false,0,0, +eu-2-143566877,2020-12-07 15:31:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Appfluence - 2085069583037169186,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Apple Inc.,2020-11-30 22:34:59.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Apple Inc.,0,1,0,0.00,0,20.09.345,ricky_elias@apple.com,enterprise,8000,1,2020-04-03 18:34:55.000,2021-04-02 07:00:00.000,true,bb62fb1d-24d9-69ff-c90a-f7d13b478c4f,17.140.126.35,US,false,0,0, +us-3-159239152,2020-12-07 15:46:24.000,0,28,0.00,0,0,0,0,0,1,1,1,1,0,28,85,4,0,0,1,0,0,0,0,2,0,0,2046640128.00,635060224.00,0,Applied Materials - 7406926743995084759,0,4,0,0.00,1,20.09.366,,enterprise,1000000,4,2020-05-11 02:06:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243857,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Applied Materials - 759049047297149143,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Applied Predictive Technologies, Inc.",2020-12-07 11:33:59.000,0,140,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Applied Predictive Technologies, Inc.",0,20,0,0.00,0,20.09.345,jwhite@predictivetechnologies.com,enterprise,80,20,2020-06-02 19:27:40.000,2021-05-05 07:00:00.000,true,848b5029-0e7c-e01d-be6a-7643f607b723,8.39.163.30,US,false,80,0, +"Applied Predictive Technologies, Inc. ",2020-12-03 12:28:24.000,0,98,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Applied Predictive Technologies, Inc. ",0,14,0,0.00,0,20.09.345,jwhite@predictivetechnologies.com,enterprise,640,20,2020-06-02 19:37:34.000,2021-05-05 19:37:34.000,true,848b5029-0e7c-e01d-be6a-7643f607b723,8.39.163.30,US,false,0,80, +"Applied Research Associates, Inc.",2020-12-06 20:19:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Applied Research Associates, Inc.",0,0,0,0.00,0,20.09.345,cbray@ara.com,enterprise,100,0,2020-10-06 21:11:02.000,2021-10-05 07:00:00.000,true,a106331a-5230-0a86-ec07-02e4e4b8bc45,170.176.240.4,US,false,0,0, +eu-150525,2020-12-07 15:35:36.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,15,2,0,0,1,0,0,0,0,0,0,0,2046640128.00,546246656.00,0,Aptiv,0,10,0,0.00,0,20.09.366,,enterprise,1000000,10,2019-12-07 21:30:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153321,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Arab Bank Plc - 7929072956829540614,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284840,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Arcus Biosciences, Inc. - 3649343716278529420",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545052,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Areion - 5854108683172573750,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-4-161024471,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ariba,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243922,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aristocrat Duplicate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Arizona State University,2020-12-07 00:04:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Arizona State University,0,0,0,0.00,0,20.04.169,karen.milewski@asu.edu,enterprise,10,3,2020-06-26 23:41:41.000,2021-06-30 07:00:00.000,true,81974216-7605-0611-fbe0-11c4abe083ae,34.208.70.8,US,false,10,0, +Arizona State University ,2020-12-07 01:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Arizona State University ,0,0,0,0.00,0,20.04.169,karen.milewski@asu.edu,enterprise,80,8,2020-07-16 15:40:28.000,2021-06-30 15:40:28.000,true,81974216-7605-0611-fbe0-11c4abe083ae,34.208.70.8,US,false,0,10, +us-3-159244943,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Arkansas Children's Hospital - 5846148913317263275,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254061,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Armor,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257812,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Armor Assessment,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284847,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Armor Defense Inc. - 3279999059859393807,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261775,2020-12-07 15:00:29.000,0,35,0.00,0,0,4,0,0,0,1,1,1,0,28,13,17,0,0,333,0,0,0,1,0,0,0,10501771264.00,1640906752.00,0,Armus Corporation Inc - 4578238334963384041,0,5,0,0.00,0,20.04.177,,enterprise,1000000,5,2019-12-09 15:16:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244754,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Arrowstreet Capital Limited Partnership - 7408280041227136194,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284628,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Artisan Medical Solutions LLC - 5947215559843558646,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260850,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Artisan Partners Limited Partnership - 416625904950596490,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256979,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aspiration,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544871,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Assa Abloy Ab - 2253895199611638889,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544937,2020-12-07 15:31:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Assa Abloy Ab - 2362272489782968090,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053832,2020-12-06 17:42:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Assembly Payments - 1594784442435820720,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260634,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Asurint - 6936030079966053599,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256824,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,At Home,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287513,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Atomyze LLC - 6390591267911901687,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286514,2020-12-07 14:47:53.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,25,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538578944.00,0,Atomyze LLC - 7134762279034405866,0,4,0,0.00,0,,,enterprise,1000000,4,2020-11-05 14:31:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287539,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aujas Networks - 1036223664290395695,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287510,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aujas Networks Private Limited - 7859914357889641356,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054634,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AusNet Services - 4952333131029021322,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Australia And New Zealand Banking Group Limited,2020-12-07 12:38:35.000,0,462,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Australia And New Zealand Banking Group Limited,0,66,0,0.00,0,20.09.365,lycia.chia@anz.com,enterprise,2700,66,2020-10-26 05:22:27.000,2021-02-19 08:00:00.000,true,f4c2980d-5ce3-51d0-be15-438941eeb8b7,203.110.235.20,AU,false,0,0, +anz-3049772,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Australia And New Zealand Banking Group Limited - 5845441359381282621,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3001752,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Australian Broadcasting Corporation (ABC) - 8045774973393070540,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053735,2020-12-06 17:39:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Australian Energy Market Operator Limited - 2988810617073107022,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3001812,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Australian Stock Exchange - 4791481576129195214,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Australian Super Developments Pty Ltd,2020-12-06 14:55:49.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Australian Super Developments Pty Ltd,0,1,0,0.00,0,20.09.345,asachdev@australiansuper.com,evaluation,100,1,2020-11-18 08:00:24.000,2020-12-18 00:00:00.000,true,e9dbf2ea-c6df-f10d-c9bb-f473e53f33fd,104.209.73.147,AU,false,0,0, +AutoDesk WW HQ,2020-12-07 01:22:20.000,0,1274,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,AutoDesk WW HQ,0,182,0,0.00,0,20.09.365,ashley.masen@autodesk.com,enterprise,3200,189,2020-10-30 21:16:35.000,2021-10-29 07:00:00.000,true,e4f94e98-54b9-a407-567e-13ea47d76ca0,34.234.99.105,US,false,0,0, +us-3-159243825,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,535388160.00,0,AutoDesk WW HQ - 4469345352267266850,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-07-24 19:03:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159179504,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Autonation, Inc. - 7646056957351984858",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Availity, LLC",2020-12-07 10:38:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Availity, LLC",0,0,0,0.00,0,20.04.169,alan.lemaster@availity.com,enterprise,1000,12,2020-11-17 19:29:03.000,2021-11-14 08:00:00.000,true,359eb28d-895c-27c1-752f-d7a929b5d8c1,199.116.184.9,US,false,0,0, +us-2-158284626,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Availity, LLC - 1535639558244327325",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286767,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Availity, LLC - 9104584932428462716",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575404,2020-12-07 15:01:30.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,527749120.00,0,Avalara,0,4,0,0.00,0,20.09.351,,enterprise,1000000,4,2019-12-10 05:14:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Avaloq Evolution AG,2020-12-07 11:31:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Avaloq Evolution AG,0,0,0,0.00,0,20.04.163,mahdi.asadpour@avaloq.com,enterprise,1300,3,2020-07-27 21:03:02.000,2023-07-26 07:00:00.000,true,c27925cd-9033-92f6-12fc-f2fc3b49e45b,195.250.46.36,CH,false,0,0, +eu-2-143543815,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Avaloq Evolution AG - 3789588236004376347,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Avi_New_Workloads,2020-12-07 11:08:45.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Avi_New_Workloads,0,1,0,0.00,0,20.11.503,ashulman@paloaltonetworks.com,enterprise,1000,1,2020-10-28 09:50:42.000,2023-07-25 09:50:42.000,true,PM,35.202.112.186,US,true,0,0, +Avi_new,2020-12-07 09:53:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Avi_new,0,0,0,0.00,0,20.12.610,ashulman@paloaltonetworks.com,enterprise,800,1,2020-10-26 13:12:22.000,2021-10-26 13:12:22.000,true,PM,82.166.99.178,IL,true,100,100,U0VGTm1abFhWR0VF +Aviv Sasson,2020-12-05 15:35:41.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Aviv Sasson,0,1,0,0.00,0,20.12.522,asasson@paloaltonetworks.com,enterprise,900,1,2020-05-18 15:42:52.000,2022-01-08 15:42:52.000,true,0,73.158.250.179,US,true,100,100,Z290TDVDTGFVd2lQ +us-1-111525276,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Axfood,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286576,2020-12-07 14:31:31.000,0,0,0.00,0,0,1,1,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538152960.00,0,Axity - 368666876676548537,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-09 19:00:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Axon,2020-12-07 00:06:30.000,0,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Axon,0,19,0,0.00,0,20.09.345,mboremi@axon.com,enterprise,1400,19,2020-06-24 21:30:23.000,2021-06-10 07:00:00.000,true,ce329a75-e078-3955-2965-6372bf910969,3.94.28.13,US,false,0,0, +eu-153317,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Axonius - 4716378241252769611,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544965,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Axonius - 6448416029803630090,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286673,2020-12-07 14:51:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Axos Bank - 7838320709520883762,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262767,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Axtel, S.a.b. De C.v. - 2066771472276164177",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284659,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Axtria, Inc. - 8294972513099953872",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Axway Inc.,2020-12-07 10:06:50.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Axway Inc.,0,1,0,0.00,0,20.09.365,blevine@axway.com,enterprise,100,1,2020-06-29 21:10:28.000,2021-06-29 07:00:00.000,true,e915fb5d-d6bb-1c8b-f665-f2d55f8230e2,208.67.128.52,US,false,0,0, +us-2-158254902,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Azlo,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283664,2020-12-07 15:00:29.000,0,0,0.00,0,0,1,0,0,0,3,1,1,0,28,0,0,0,0,1119,0,0,0,0,0,0,0,2046640128.00,532885504.00,0,B&Data Technology Company Limited - 6012777333268199253,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-10 02:22:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159211186,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,B2W Companhia Digital. - 8513633223790872444,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284693,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,B89 - 389815613365866708,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240973,2020-12-06 16:22:43.000,0,126,0.00,0,0,0,0,0,0,2,1,1,0,28,91,0,0,0,1,0,0,0,0,0,0,0,2046640128.00,649826304.00,0,BAJAJ ALLIANZ LIFE INSURANCE COMPANY LIMITED - 3067453111230989484,0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2020-06-05 08:25:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3051814,2020-12-06 15:51:41.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,40,68,0,0,11,0,0,0,0,0,0,0,2046640128.00,547926016.00,0,BAJAJ FINANCE LIMITED - 2613092363920853689,0,12,0,0.00,0,20.04.177,,enterprise,1000000,12,2020-03-03 16:36:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285677,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BANCO PICHINCHA S A - 815725537472274753,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052866,2020-12-06 15:51:41.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,1919,34,0,0,132,0,0,0,4,0,0,0,2046640128.00,656805888.00,0,BANK OF NEW ZEALAND - 1058016361005398611,0,16,0,0.00,0,20.04.177,,enterprise,1000000,16,2020-06-18 06:54:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240881,2020-12-06 16:43:51.000,2,14,0.00,0,0,0,0,0,0,1,1,1,0,28,9,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,538669056.00,0,BCG - Omnia - 5358243523583260706,2,2,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-06-01 13:01:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243733,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BCG Omnia,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053677,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BENDIGO & ADELAIDE BANK LIMITED - 2504403037758149888,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283794,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BERNADETE DAS DORES MANCILHA SANTOS - 1655236399324936463,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-175345626,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BERNADETE DAS DORES MANCILHA SANTOS - 2264844721906937792,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545863,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BERNADETE DAS DORES MANCILHA SANTOS - 2816657483820229326,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285560,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BERNADETE DAS DORES MANCILHA SANTOS - 3236090005739399883,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284877,2020-12-07 14:36:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BERNADETE DAS DORES MANCILHA SANTOS - 6131371377714172322,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287508,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BERNADETE DAS DORES MANCILHA SANTOS - 7217356413386001449,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158253972,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BGC Partners,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243799,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BHFL-PRISMA CLOUD,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572552,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BKD,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543972,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BKM - 9052762844284617998,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262745,2020-12-07 14:44:06.000,0,56,0.00,0,0,0,0,0,0,2,1,1,0,29,87,1,0,0,37,0,0,0,1,0,0,0,2046640128.00,544882688.00,0,BM&F Bovespa S/A - 4384603060948988284,0,8,0,0.00,0,20.09.366,,enterprise,1000000,10,2020-09-03 15:06:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215832,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"BMC Software, Inc. - 358395384400329557",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243802,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BMS-PRISMA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544964,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BNC Business Network Communications AG - 7773756577447948195,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545739,2020-12-07 15:27:06.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538877952.00,0,BORUSAN HOLDING A S - 4485145468766294236,2,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-07 10:29:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543875,2020-12-07 15:47:33.000,0,91,0.00,0,0,0,0,0,0,1,1,1,0,28,37,15,0,0,0,0,0,0,6,0,0,0,2046640128.00,571224064.00,0,BREWIN DOLPHIN LIMITED - 7639554313639517635,0,13,0,0.00,0,20.09.366,,enterprise,1000000,13,2020-07-16 10:26:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143541955,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BT Global Services - Security - 8351913520494617024,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542888,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BT Spain HQ Madrid - 7693754708206695892,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051787,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BUPA AUSTRALIA HEALTH PTY LTD - 6611748162213246563,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285592,2020-12-07 15:01:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BV Leasing Arrendamento Mercantil S/A - 7640112810581393210,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241968,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BV Leasing Arrendamento Mercantil S/A - 8587350509147935291,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545836,2020-12-07 15:39:24.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,7,6,0,0,0,0,0,0,36,0,0,0,2046640128.00,704421888.00,0,Baillie Gifford - 2746567703388129477,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-10-21 14:47:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573272,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bain Capital,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262521,2020-12-07 14:37:49.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,10,104,0,0,42,0,0,0,0,0,0,0,2046640128.00,542142464.00,0,Balyasny Asset Management L P - 6026486280394316269,1,0,0,0.00,0,,,enterprise,1000000,1,2019-12-09 16:14:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543102,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Banco Bai Europa, S.a. - 4656512454357844089",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243765,2020-12-07 15:46:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Bolivariano C.a. - 2231677839203420149,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143566884,2020-12-07 15:31:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Banco Comercial Portugues, S.A. - 1062202481060097754",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286796,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Fibra S/a. - 252706269007634135,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207468,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Inter - 4954095381099047070,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211991,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Intermedium S/A. - 314036315413208712,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185147,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Neon - 6953854248378544917,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244887,2020-12-07 15:46:26.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,3,0,0,0,0,0,0,1,0,0,0,2046640128.00,663814144.00,0,Banco Pichincha C.A. - 3705285206835909448,0,1,0,0.00,0,20.04.177,,enterprise,1000000,1,2020-08-14 22:58:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245687,2020-12-06 15:52:49.000,0,49,0.00,0,0,1,0,0,0,1,1,1,0,28,20,7,0,0,4,0,0,0,0,0,0,0,2046640128.00,548450304.00,0,Banco Pichincha C.A. - 7575131096988162491,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-08-20 03:15:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241997,2020-12-07 15:39:27.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,83,8,0,0,106,0,0,0,0,0,0,0,2046640128.00,659320832.00,0,Banco Pichincha Peru,0,8,0,0.00,0,20.09.366,,enterprise,1000000,8,2020-06-26 17:59:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286735,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Ripley Peru S.a. - 1556538481583837759,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543910,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Banco Sabadell SA - 8044367390135353085,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209233,2020-12-06 16:10:25.000,0,406,0.00,0,0,0,0,0,0,2,1,1,0,29,103,176,0,0,348,0,0,0,1,0,0,0,10501771264.00,1124384768.00,0,Bancolombia S.A. - 5284670598966805964,0,58,0,0.00,0,20.09.366,,enterprise,1000000,63,2019-12-10 00:00:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Bank Of Ayudhya Public Company Limited,2020-12-07 09:32:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bank Of Ayudhya Public Company Limited,0,0,0,0.00,0,20.04.177,jirawat.siengphao@krungsri.com,enterprise,300,9,2020-09-01 10:16:14.000,2021-11-29 23:00:00.000,true,724e6a8f-067d-027b-76a3-f4dfe5e74079,52.77.131.174,SG,false,0,0, +anz-3048868,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,538931200.00,0,Bank Of Queensland Limited - 5774809425758385271,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-10 13:53:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052811,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bank Of Queensland Limited - 8880490510546722775,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183411,2020-12-06 16:22:42.000,0,294,0.00,0,0,0,0,0,0,2,1,1,0,28,71,50,0,0,3104,0,0,0,0,0,0,0,2046640128.00,610963456.00,0,Bank United - 2122747379307831953,0,42,0,0.00,0,20.09.366,,enterprise,1000000,42,2019-12-10 23:16:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143542982,2020-12-06 15:52:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Bankia, S.A.U. - 171108897876880268",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244822,2020-12-07 15:32:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Barcelona - 4178542040342934861,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Barclays PLC,2020-12-07 14:07:36.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Barclays PLC,0,3,0,0.00,0,20.09.365,dave.williams@barclays.com,enterprise,100,3,2020-06-17 06:57:29.000,2021-06-15 22:00:00.000,true,73bb8686-6117-e99b-a5eb-6935193d3fce,157.83.97.242,GB,false,0,0, +Barclays PLC,2020-12-07 14:38:12.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Barclays PLC,0,4,0,0.00,0,20.09.365,dave.williams@barclays.com,enterprise,10100,4,2020-12-01 08:00:58.000,2021-12-01 00:00:00.000,true,24d18c23-69d5-e557-165f-7b5dbdb398f8,157.83.97.242,GB,false,0,0, +eu-2-143540008,2020-12-07 15:35:36.000,1,7,0.00,0,0,0,0,0,0,1,5,1,0,28,4,4,0,0,0,0,0,0,15,1,0,0,2046640128.00,583065600.00,0,Barings Asset Management - 4740114783673251493,1,1,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-01-24 17:08:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143541211,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Barrett Steel Limited - 1719851971372043584,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541991,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Barrett Steel Limited - 6686945176833853100,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143546015,2020-12-07 15:35:49.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,6,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,468328448.00,0,Basefarm AS - 6601071718540831093,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-18 17:44:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158261567,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Battelle Memorial Institute - 2489356256347852923,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3179818,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bc Forward - 7485827674386767324,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545053,2020-12-06 15:52:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BeOpenIT - 2236396035831556790,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286521,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Beauty Counter Llc - 5775802259270177774,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545921,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538492928.00,0,BeepIndex - 3809418278020188727,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-29 12:07:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Beijing International Resort Co., Ltd.",2020-12-03 08:15:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Beijing International Resort Co., Ltd.",0,0,0,0.00,0,20.09.365,lika.zhao@universalbeijing.com,enterprise,200,1,2020-07-29 10:28:33.000,2023-07-27 22:00:00.000,true,16479b34-cfcf-f962-73d9-f34b6cdb8d09,223.71.51.104,CN,false,0,0, +us-3-159238964,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Belk, Inc. - 2269729747257769548",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244851,2020-12-07 15:38:45.000,0,21,0.00,0,0,1,0,0,0,1,1,1,0,28,4,3,0,0,0,0,0,0,1,0,0,0,2046640128.00,538841088.00,0,Bell Canada - 37548905031254556,0,3,0,0.00,0,20.09.351,,enterprise,1000000,3,2020-08-12 18:41:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050981,2020-12-06 15:49:28.000,0,427,0.00,0,0,0,0,0,0,1,1,1,0,28,115,348,0,0,8,0,0,0,0,0,0,0,2046640128.00,642658304.00,0,Bendigo Adelaide Bank - 1688275437608560243,0,61,0,0.00,0,20.09.366,,enterprise,1000000,331,2020-02-11 00:42:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243826,2020-12-06 15:52:51.000,192,14,0.00,0,0,0,20,0,0,2,7,1,0,33,1,182,0,0,1,60,0,0,1,1,0,100000,2046640128.00,719601664.00,0,"Benevity, Inc - 4808912862930013604",192,2,0,0.00,0,20.09.366,,enterprise,1000000,238,2020-07-24 21:51:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053799,2020-12-06 18:02:38.000,0,0,0.00,0,0,0,0,1,0,1,1,1,1,28,0,0,0,0,0,0,0,0,3,1,0,0,2046640128.00,530939904.00,0,"Bengo4.com, Inc. - 1227077609254234437",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-07 04:55:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286670,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537247744.00,0,Bertha Aunt - 3630126227884631088,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-16 17:06:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186105,2020-12-07 15:39:27.000,0,42,0.00,0,0,2,2,0,1,2,1,2,2,28,15,0,0,0,18,0,0,0,2,7,0,0,2046640128.00,563838976.00,0,Bespin Global - 5508409481950372782,0,6,0,0.00,27,20.09.351,,enterprise,1000000,7,2019-12-11 07:11:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053836,2020-12-06 17:42:46.000,4,35,0.00,0,0,1,1,0,0,2,2,1,0,28,3,5,0,0,1,0,0,0,0,0,0,0,2046640128.00,540356608.00,0,Bespin Global - 7060800162760440964,4,5,0,0.00,0,20.09.366,,enterprise,1000000,9,2020-09-29 10:43:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244944,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bessemer Trust Company - 6675186267798134078,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241903,2020-12-06 16:04:32.000,0,595,0.00,0,0,0,0,0,0,1,1,1,0,28,584,158,0,0,63,0,0,0,1,0,0,0,10501771264.00,1589833728.00,0,"Best Buy Co., Inc. - 6048618914825948501",0,85,0,0.00,0,20.09.366,,enterprise,1000000,85,2020-06-22 14:24:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544033,2020-12-06 15:52:54.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,6,2,0,0,9,1,0,0,0,0,0,0,2046640128.00,545226752.00,0,Bestx Ltd - 8391391171319587297,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2020-08-04 19:34:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257751,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Beth Israel Medical,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287514,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Better Mortgage - 618490875243229457,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180399,2020-12-06 16:04:31.000,1,112,0.00,0,0,1,0,0,0,1,1,1,0,28,23,40,0,0,26,0,0,0,2,0,0,0,2046640128.00,569192448.00,0,Big Fish Games - 4214693060513215154,1,16,0,0.00,0,20.09.366,,enterprise,1000000,17,2019-12-09 16:08:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3048838,2020-12-06 15:51:00.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,3,0,0,3,0,0,0,0,0,0,0,2046640128.00,550215680.00,0,Big Tree Entertainment Private Limited - 468563700550894262,1,0,0,0.00,0,19.11.480,,enterprise,1000000,1,2019-12-10 12:37:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +BiliBili,2020-12-02 10:04:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BiliBili,0,0,0,0.00,0,20.04.169,lixiao03@bilibili.com,evaluation,100,16,2020-11-17 14:26:08.000,2020-12-02 14:26:08.000,true,0,211.159.203.246,US,false,0,0, +us-2-158256757,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BillGo,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212242,2020-12-07 15:38:44.000,0,91,0.00,0,0,0,0,0,0,1,1,1,0,28,305,338,0,0,39,0,0,0,0,0,0,0,2046640128.00,669954048.00,0,Billtrust - 6821032898577115969,0,13,0,0.00,0,20.09.351,,enterprise,1000000,174,2020-02-01 01:34:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186110,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,1,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532209664.00,0,Bimbo Bakeries USA,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-12 09:03:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243924,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Biogen Inc. - 351853353080576356,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151522,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,BlaBlaCar - 5252589885854939657,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213203,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Blackbaud, Inc. - 2772939651096498322",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256015,2020-12-07 14:46:33.000,0,14,0.00,0,0,0,1,0,0,2,1,1,1,28,0,2,0,0,0,0,0,0,1,1,0,2,2046640128.00,548962304.00,0,Blackhawk Network,0,2,0,0.00,0,20.04.163,,enterprise,1000000,2,2019-12-10 17:22:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525378,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,573022208.00,0,Blackstone,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-10 01:53:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Blameless Inc,2020-12-06 18:34:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Blameless Inc,0,0,0,0.00,0,20.09.345,kevin@blameless.com,enterprise,3200,0,2020-03-10 16:59:44.000,2021-02-21 16:59:44.000,true,07ac893f-b7a8-ca13-dde0-e81c9375651c,34.122.157.91,US,false,0,400, +Blend,2020-12-06 22:21:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Blend,0,0,0,0.00,0,20.04.163,null@blend.com,enterprise,1800,0,2020-04-17 18:15:27.000,2021-03-17 18:15:27.000,true,4cea654f-c2cc-c882-1ae1-3900993bd729,52.7.206.82,US,false,0,225, +us-3-159242898,2020-12-06 16:33:35.000,0,287,0.00,0,0,0,0,0,0,1,1,1,0,28,40,116,0,0,6,0,0,0,0,0,0,0,2046640128.00,567275520.00,0,Blink Health Ltd. - 4011347182151712596,0,41,0,0.00,0,20.09.366,,enterprise,1000000,59,2020-07-13 19:41:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283669,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Blink Health Ltd. - 4152111677261511409,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185366,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Blue Cross Blue Shield of Kansas City (Kansas City, MO) - 949458109958745067",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243801,2020-12-07 15:46:26.000,0,91,0.00,0,0,0,0,0,0,1,1,1,0,28,3,30,0,0,0,0,0,0,2,0,0,0,2046640128.00,561213440.00,0,Blue Cross Blue Shield of Minnesota - 4278960251467105939,0,13,0,0.00,0,20.09.345,,enterprise,1000000,16,2020-07-24 15:12:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Blue Cross Blue Shield of North Carolina,2020-12-07 13:28:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Blue Cross Blue Shield of North Carolina,0,0,0,0.00,0,20.09.345,sean.lowder@bcbsnc.com,enterprise,500,0,2020-07-14 21:41:49.000,2021-07-10 07:00:00.000,true,3ecde29c-3536-4288-0f85-cf55d129501e,170.69.177.6,US,false,0,0, +gov-3228578,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,534077440.00,0,"Blue Origin, Llc - 7598044962610250804",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-23 19:02:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158262736,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Blue Shield of California - 2388697548304808723,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573423,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,530173952.00,0,BlueVoyant,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2019-12-10 03:33:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143810,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bmw Asia Pte Ltd - 887720627249730632,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285838,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Boa Vista Servicos S/A. - 3186852058953566395,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Board Intelligence Ltd,2020-12-07 11:21:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Board Intelligence Ltd,0,0,0,0.00,0,20.04.177,stephen.grant@boardintelligence.com,enterprise,400,40,2020-07-30 11:59:26.000,2023-07-29 07:00:00.000,true,364f56ea-52f1-eb6e-80f7-2138780d4c8a,81.29.70.66,GB,false,0,0, +us-3-159209261,2020-12-06 16:43:50.000,1,0,0.00,0,0,0,1,0,1,4,6,3,0,31,0,0,0,0,0,0,0,0,0,3,0,20,2046640128.00,546754560.00,0,Board Of Governors Of The Federal Reserve System - 6931142989408646492,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-10 23:16:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285645,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bok Financial Corporation - 7630329646164732968,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103372,2020-12-07 15:31:14.000,0,35,0.00,0,0,0,0,0,0,2,1,1,0,28,12,6,0,0,9,0,0,0,0,0,0,0,2046640128.00,555421696.00,0,Booking.com,0,5,0,0.00,0,20.09.366,,enterprise,1000000,6,2019-12-07 22:05:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543852,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Booking.com Ltd - 2039622907623572130,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181553,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Booz Allen Hamilton - 8512251289197053964,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Bosera Asset Management Co., Limited",2020-12-06 18:48:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Bosera Asset Management Co., Limited",0,0,0,0.00,0,19.11.512,zhoup@bosera.com,enterprise,100,12,2020-03-27 17:13:43.000,2021-03-26 07:00:00.000,true,e9870198-0994-b5fa-b139-fb6a1f6b10b0,121.34.252.81,CN,false,0,0, +us-3-159239053,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Boston Children's Hospital - 3320980396067888189,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239050,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Boston Children's Hospital - 7022666023477225856,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Boston Consulting Group,2020-12-07 12:46:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Boston Consulting Group,0,0,0,0.00,0,20.04.163,leonard.ian@bcg.com,enterprise,600,0,2020-06-16 19:59:52.000,2021-06-16 07:00:00.000,true,f770c73b-af70-4112-2c25-53ad0a6e32bf,3.126.154.253,DE,false,0,0, +us-3-159244756,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Boyd Gaming - 6288569544401322639,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239890,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Boyd Gaming - 8435900165056298534,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284723,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bright Stores Inc - 3280384886801361031,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283847,2020-12-07 14:36:18.000,2,133,0.00,0,0,4,0,0,0,2,1,1,0,28,25,34,0,0,12,0,0,0,3,0,0,0,2046640128.00,739844096.00,0,Bright Stores Inc - 6972018723168595008,2,19,0,0.00,0,20.09.366,,enterprise,1000000,24,2020-09-21 18:31:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"BrightInsight, Inc. U.S.",2020-12-07 14:45:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"BrightInsight, Inc. U.S.",0,0,0,0.00,0,19.03.317,null@brightinsight.com,enterprise,1400,0,2020-09-22 22:55:36.000,2021-10-22 22:55:36.000,true,049b79e1-c806-0e02-49bf-7cb569c46d98,35.227.30.100,US,false,0,200, +us-3-159210102,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Brinker Capital Securities, Inc - 8628480175918332871",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239148,2020-12-06 16:03:50.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,40,13,0,0,9,0,0,0,0,0,0,0,2046640128.00,560017408.00,0,Brk Ambiental Participacoes S/A - 2461791876471445008,0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2020-05-08 23:30:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215058,2020-12-06 16:33:36.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,53,0,0,0,2046640128.00,590651392.00,0,Broadcom Ltd. - 2390081780960025213,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-03-10 22:48:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238927,2020-12-07 15:29:29.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,13,18,0,0,4,0,0,0,2,0,0,0,2046640128.00,551321600.00,0,Broadcom Ltd. - 6288387451962746935,0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2020-04-30 17:45:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242035,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Broadcom Ltd. - 714384429771273472,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Brown Brothers Harriman Co., Inc.",2020-12-07 14:43:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Brown Brothers Harriman Co., Inc.",0,0,0,0.00,0,19.11.506,doreen.norako@bbh.com,enterprise,168,5,2020-10-19 23:01:51.000,2021-10-20 23:01:51.000,true,0fd4a03a-ed81-3e14-0d4c-1da5197f6ccd,192.200.8.41,US,false,0,24, +us-3-159241810,2020-12-06 16:10:24.000,0,497,0.00,0,0,0,0,0,0,4,2,1,0,28,27,16,0,0,252,0,0,0,0,0,0,361,2046640128.00,740958208.00,0,"Buoy Health, Inc - 1041688416932406944",0,71,0,0.00,0,20.09.366,,enterprise,1000000,201,2020-06-12 18:13:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Bureau Of Consumer Financial Protection,2020-12-07 11:51:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bureau Of Consumer Financial Protection,0,0,0,0.00,0,19.11.512,eric.spry@cfpb.gov,enterprise,50,22,2020-04-16 23:54:52.000,2021-04-17 07:00:00.000,true,415005b8-ef9e-487f-ec5a-51e6f6d51082,107.22.230.42,US,false,50,0, +Bureau of Consumer Financial Protection ,2020-12-07 02:25:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Bureau of Consumer Financial Protection ,0,0,0,0.00,0,19.11.512,eric.spry@cfpb.gov,enterprise,400,27,2020-04-17 18:57:39.000,2021-04-17 18:57:39.000,true,415005b8-ef9e-487f-ec5a-51e6f6d51082,65.127.125.243,US,false,0,50, +us-2-158285650,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CAREWISE HEALTH INC - 4889401275636379375,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574418,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CBOE,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"CBRE, Inc.",2020-12-07 13:14:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"CBRE, Inc.",0,0,0,0.00,0,19.07.363,steve.valaitis@cbre.com,enterprise,1050,0,2020-09-09 16:33:47.000,2021-07-30 16:33:47.000,true,f0ab734b-15c8-c444-51ce-2e6d2868ab89,208.68.247.150,US,false,0,150, +anz-3001872,2020-12-06 15:55:35.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,4,0,0,0,0,0,0,1,0,0,2046640128.00,537157632.00,0,CBUS Super - 5396073048753816617,1,0,0,0.00,0,19.11.512,,enterprise,1000000,5,2019-12-07 11:21:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186077,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CBUS Super - 6037423024028713868,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +CDPHP,2020-12-07 08:49:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CDPHP,0,0,0,0.00,0,19.07.363,kathleen.rosenbaum@cdphp.com,enterprise,80,1,2020-06-15 21:06:47.000,2021-06-13 21:06:47.000,true,1b843c7f-5948-8f40-7054-0a7b99b74c95,135.84.42.99,US,false,0,10, +CGI,2020-12-07 13:14:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CGI,0,0,0,0.00,0,20.04.177,angela.costagliola@cgi.com,enterprise,500,4,2020-08-07 14:51:18.000,2021-08-08 14:51:18.000,true,00000914,13.86.3.165,US,false,0,0, +us-3-159182231,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CHS Inc. - 1708512665266970807,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +CIMB THAI BANK PUBLIC COMPANY LIMITED,2020-12-07 08:03:41.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CIMB THAI BANK PUBLIC COMPANY LIMITED,0,1,0,0.00,0,20.09.365,nipon.t@cimbthai.com,enterprise,200,1,2020-03-13 16:19:53.000,2023-06-12 07:00:00.000,true,68fe0aba-326f-ef9e-639c-7f32e119127b,58.137.204.25,TH,false,0,0, +CIMB THAI BANK PUBLIC COMPANY LIMITED_LICENSE 1,2020-12-07 14:08:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CIMB THAI BANK PUBLIC COMPANY LIMITED_LICENSE 1,0,0,0,0.00,0,20.04.169,nipon.t@cimbthai.com,enterprise,100,2,2020-03-18 23:18:38.000,2023-06-12 23:18:38.000,true,68fe0aba-326f-ef9e-639c-7f32e119127b,58.137.204.25,TH,false,0,0, +CIMB THAI BANK PUBLIC COMPANY LIMITED_LICENSE 2,2020-12-06 17:44:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CIMB THAI BANK PUBLIC COMPANY LIMITED_LICENSE 2,0,0,0,0.00,0,20.04.169,nipon.t@cimbthai.com,enterprise,100,3,2020-03-18 23:19:58.000,2023-06-12 23:19:58.000,true,68fe0aba-326f-ef9e-639c-7f32e119127b,203.152.14.143,TH,false,0,0, +CLEAR,2020-12-06 21:54:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CLEAR,0,0,0,0.00,0,19.11.512,sebastian.rojas@clearme.com,enterprise,1900,0,2020-06-29 15:07:32.000,2021-06-25 07:00:00.000,true,3d8227a4-d51a-6256-0caf-b2051fa20ff0,3.86.156.175,US,false,0,0, +eu-2-143545027,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CLOUDHOUSE TECHNOLOGIES LTD - 167582073432106716,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257876,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CNA Financial,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545958,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CO-OPERATIVE BANKING GROUP LIMITED - 1653808226914716837,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213945,2020-12-06 15:55:31.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,544714752.00,0,CODAMETRIX - 2914961520046355964,0,0,0,0.00,0,,,enterprise,1000000,0,2020-02-18 17:53:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3001941,2020-12-06 15:56:41.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538030080.00,0,COLES SUPERMARKETS AUSTRALIA PTY LTD - 3535056579300055775,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-10 07:59:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287477,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CONTAQUANTO PAGAMENTOS LTDA - 8321024970637451808,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050734,2020-12-06 15:56:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CPA AUSTRALIA LTD - 4392974242242593070,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240821,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CSC - 3834603179780044430,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096939,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CTC TECHNOLOGY CORPORATION - 1074644232173504305,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285651,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CUNA Mutual Group - 4438565008458365767,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +CVS Health,2020-12-07 03:39:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CVS Health,0,0,0,0.00,0,20.04.177,lauren.hill@cvshealth.com,enterprise,4000,5,2020-06-25 14:44:27.000,2023-04-24 07:00:00.000,true,232f5d67-1454-92dd-bde3-3c32a3c655f2,206.213.209.28,US,false,0,0, +us-3-159182233,2020-12-06 16:48:21.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,1,0,0,0,0,0,0,1,1,0,0,2046640128.00,535764992.00,0,CVS Health - 8254142039120712818,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-10 17:14:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257782,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CableLabs,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257967,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Caesars,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152386,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Caixabank, S.A. - 4417030866922240829",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143538300,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Caixabank, S.A. - 7483420749732337907",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286641,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Caja Colombiana De Subsidio Familiar Colsubsidio - 5591264049432272467,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545828,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Calastone Limited - 4804921028129347872,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143546019,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Calastone Limited - 5291946347630296045,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143546020,2020-12-07 15:03:50.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,7,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,406880256.00,0,Calastone Limited - 5317562535449084286,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-11-24 15:18:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243767,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Caleres, Inc. - 2598138110188177458",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209324,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Caleres, Inc. - 6665234076876594738",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239949,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,California Employment Development Department - 6052671360439286159,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228521,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,California Employment Development Department - 8071670488129405799,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285585,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,540139520.00,0,California Health Benefit Exchange - 2685380288257444541,0,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-18 02:30:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286668,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"California Healthcare Eligibility, Enrollment and Retention System - 6891312022236422654",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244731,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,California Office of Statewide Health Planning and Development - 2237670732743033308,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574442,2020-12-07 14:40:00.000,0,497,0.00,0,0,0,0,0,0,3,2,1,0,28,128,18,0,0,115,0,0,0,2,0,0,0,10501771264.00,1272107008.00,0,Cambia,0,71,0,0.00,0,20.09.366,,enterprise,1000000,74,2020-03-04 20:30:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243949,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cambia Health Solutions, Inc - 6696025574326008238",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216111,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Canada Border Services Agency - 3711709605947423656,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157585,2020-12-07 09:48:16.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,5,0,0,2046640128.00,532258816.00,0,Canada Health Infoway - 6550590468954624900,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-07-15 19:52:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240946,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,4,0,0,2046640128.00,536416256.00,0,Canada Health Infoway - 8519115023574927648,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-06-04 12:24:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157653,2020-12-07 09:41:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Canadian Internet Registration Authority - 3517893132158329275,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157530,2020-12-07 09:43:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Canadian Pacific Railway Limited - 7219436350210211077,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240882,2020-12-06 16:48:21.000,0,0,0.00,0,0,1,1,0,0,2,2,1,0,28,5,4,0,0,0,0,0,0,1,1,0,0,2046640128.00,540061696.00,0,"Canadian Tire Corporation, Limited - 4682914137363805579",0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-06-01 14:51:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157618,2020-12-07 09:43:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Canadian Tire Corporation, Limited - 7590776904393733476",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Canopy Growth Corporation,2020-12-06 22:22:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Canopy Growth Corporation,0,0,0,0.00,0,20.04.177,andrew.jones@canopygrowth.com,enterprise,400,21,2020-07-02 14:09:09.000,2021-05-30 07:00:00.000,true,50b9aa96-e2e1-33f2-3ef1-22f17bc1a61d,34.247.78.134,IE,false,0,0, +us-3-159181266,2020-12-06 16:22:53.000,0,301,0.00,0,0,0,0,0,0,1,1,1,0,28,348,701,0,0,403,1,0,0,0,0,0,0,10501771264.00,2404020224.00,0,Capco Canada - 206940534597332351,0,43,0,0.00,0,20.04.177,,enterprise,1000000,44,2019-12-10 13:32:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053650,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Capcom Co., Ltd. - 7970596783079721431",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179375,2020-12-06 16:43:51.000,0,133,0.00,0,0,0,0,0,0,1,1,1,0,28,55,5,0,0,53,0,0,0,0,0,0,0,10501771264.00,615469056.00,0,Capella University - 3352696325635786323,0,19,0,0.00,0,20.04.177,,enterprise,1000000,19,2019-12-10 09:12:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143539972,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Capgemini Polska Sp. z o.o. - 8457488652287716054,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242034,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Capital One Financial Corporation - 9033151434146307370,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151360,2020-12-06 15:48:58.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,29,7,0,0,8,0,0,0,0,0,0,0,2046640128.00,556367872.00,0,CarNext,0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2019-12-09 18:08:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111572398,2020-12-07 15:00:27.000,0,77,0.00,0,0,0,0,0,0,1,1,1,0,28,141,16,0,0,231,0,0,0,5,0,0,0,10501771264.00,3535785984.00,0,Carbonite,0,11,0,0.00,0,20.09.351,,enterprise,1000000,12,2019-12-07 18:07:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159185301,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Carbonite, Inc. - 7902162978543564155",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286768,2020-12-07 14:44:06.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,480915456.00,0,"Cardflight, Inc. - 1501281741191254474",1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-23 14:30:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159184278,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cardinal Health, Inc. - 3664042411782344609",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180524,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cardinal Health, Inc. - 7793175208925778690",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285773,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CareSource Management Group - 2302777597457975234,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180371,2020-12-06 16:03:50.000,0,630,0.00,0,0,0,0,0,0,1,1,1,0,28,11,122,0,0,0,0,0,0,0,0,0,0,2046640128.00,559730688.00,0,CareSource Management Group - 411307542416006114,0,90,0,0.00,0,20.04.177,,enterprise,1000000,90,2019-12-09 16:26:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210322,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Careevolution Inc. - 1283054411104896621,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209166,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Careevolution Inc. - 2181410168045961388,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159186078,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CargoSmart Limited - 4939263045377302850,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254056,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Carlson Wagonlit,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185269,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Carlson Wagonlit Travel, Inc. - 1263415455727165289",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286645,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Carnival Corporation - 4523039729970355291,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150467,2020-12-07 15:44:29.000,0,791,0.00,0,0,0,0,0,0,1,1,1,0,28,64,136,0,0,143,0,0,0,0,0,0,0,2046640128.00,843358208.00,0,Carrefour SP,0,113,0,0.00,0,20.04.177,,enterprise,1000000,113,2019-12-09 23:22:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238989,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Carrier Corporation - 7949089156670563254,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184399,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Casey's General Stores, Inc. - 5144941741448493104",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207282,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Caseys Retail Company - 8902174763566113832,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541891,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cashflows Europe Limited - 1658886280974611484,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245808,2020-12-07 15:29:30.000,0,308,0.00,0,0,0,0,0,0,1,1,1,0,29,46,26,0,0,0,0,0,0,0,0,0,0,2046640128.00,914067456.00,0,Caterpillar Inc. - 3189010668532577221,0,44,0,0.00,0,20.09.366,,enterprise,1000000,44,2020-08-28 18:32:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212206,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Caterpillar Inc. - 3305746650252783510,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286643,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Caterpillar Inc. - 4853116668863941236,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183317,2020-12-06 16:33:36.000,0,35,0.00,0,0,0,0,0,1,1,2,2,0,32,0,25,0,0,37,1,0,0,18,2041,0,0,52777418752.00,4103827456.00,0,Caterpillar Inc. - 8545059304112159400,0,5,0,0.00,1,20.09.366,,enterprise,1000000,71,2019-12-10 23:10:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053892,2020-12-06 17:39:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cathay Pacific Airways Limited - 7547819548615045982,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241999,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cboe Global Markets, Inc. - 5452490292623970566",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545986,2020-12-06 15:52:53.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,527368192.00,0,Cdl Group Holdings Limited - 6767576962350583316,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-13 08:10:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Cdphp,2020-12-06 07:06:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cdphp,0,0,0,0.00,0,19.07.363,kathleen.rosenbaum@cdphp.com,enterprise,10,3,2020-06-11 22:36:40.000,2021-06-13 07:00:00.000,true,1b843c7f-5948-8f40-7054-0a7b99b74c95,135.84.42.99,US,false,10,0, +us-3-159210163,2020-12-06 15:55:31.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,543817728.00,0,Cedars-Sinai Medical Center - 4945387546575285470,0,0,0,0.00,0,19.11.512,,enterprise,1000000,0,2019-12-20 16:44:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544999,2020-12-07 15:31:13.000,1,84,0.00,0,0,0,0,0,0,1,1,1,0,28,62,6,0,0,1,0,0,0,0,0,0,0,2046640128.00,560214016.00,0,Celik Motor - 77624209506981232,1,12,0,0.00,0,20.09.366,,enterprise,1000000,14,2020-09-28 10:20:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254094,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cenovus Energy Inc,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286583,2020-12-07 14:51:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Centene Corporation - 1183032609955419146,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283880,2020-12-07 15:00:28.000,0,266,0.00,0,0,0,0,0,0,3,1,1,0,67,140,14,0,0,6694,0,0,0,2,0,0,0,2046640128.00,569573376.00,0,Centene Corporation - 3111838588232491089,0,38,0,0.00,0,20.09.366,,enterprise,1000000,38,2020-09-23 20:00:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286581,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Centene Corporation - 8525001166793482070,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Centers for Disease Control ,2020-12-07 02:20:40.000,0,112,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Centers for Disease Control ,0,16,0,0.00,0,20.04.177,pcb1@cdc.gov,enterprise,336,16,2020-03-30 18:34:46.000,2021-04-20 18:34:46.000,true,82d17bfe-50f4-bbf9-9524-00155041f343,198.246.103.125,US,false,0,42, +us-2-158255770,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cerner,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Cerner Corporation,2020-12-07 14:36:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cerner Corporation,0,0,0,0.00,0,19.07.363,ryan.miller2@cerner.com,enterprise,7000,3,2020-10-12 16:56:50.000,2022-01-30 16:56:50.000,true,ead6cc80-cf8a-91a6-9068-53673009903b,159.140.6.1,US,false,0,1000, +Ceska sporitelna a.s.,2020-12-06 20:08:04.000,0,350,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ceska sporitelna a.s.,0,50,0,0.00,0,20.09.365,msvab@csas.cz,enterprise,1000,50,2020-07-08 08:59:30.000,2023-07-06 22:00:00.000,true,bce53f71-888d-e7b5-3b3d-f32637092d0a,193.85.146.34,CZ,false,0,0, +us-2-158257809,2020-12-07 14:39:18.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,542371840.00,0,Chad's Prod,1,0,0,0.00,0,,,enterprise,1000000,1,2020-05-19 19:21:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545054,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Chainstep - 1358251250536580763,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143811,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Chanel Limited - 5327565268970959983,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544959,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Charis - 5750506262250375118,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Charter Communication,2020-12-07 01:19:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Charter Communication,0,0,0,0.00,0,20.04.177,avishek.gurung@charter.com,enterprise,4800,656,2020-05-01 14:41:12.000,2023-02-22 14:41:12.000,true,34bace7c-1d92-c9f4-19ba-df2da9ee159f,69.76.26.3,US,false,0,600, +Charter Communication,2020-12-06 16:31:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Charter Communication,0,0,0,0.00,0,20.04.177,avishek.gurung@charter.com,enterprise,5600,2,2020-05-01 06:50:28.000,2023-02-23 06:50:28.000,true,9fa2c5b3-d033-65ef-4ee0-cd665b407fd7,35.171.109.196,US,false,0,700, +Chatwork Inc,2020-12-07 10:13:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Chatwork Inc,0,0,0,0.00,0,20.09.365,ozaki@chatwork.co.jp,enterprise,200,16,2020-11-17 21:11:37.000,2021-10-28 07:00:00.000,true,3c22eb3b-b4e3-55ae-b832-d8fac114c766,52.69.22.8,JP,false,0,0, +eu-2-143544809,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Checkmarx Ltd - 8406928180414107893,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242032,2020-12-06 16:33:37.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,528437248.00,0,Chegg.com - 1953724971913584083,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-06-30 14:21:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159180555,2020-12-07 15:39:27.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,534925312.00,0,Chesapeake Energy Corporation - 7405250149162579109,0,1,0,0.00,0,20.04.177,,enterprise,1000000,1,2019-12-10 12:46:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111575380,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Chevron Phillips Chemical,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212244,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Childrens Hospital of Orange County - 4014062564442751265,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Chp Consulting Limited,2020-12-07 03:42:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Chp Consulting Limited,0,0,0,0.00,0,19.03.321,antony.moss@alfasystems.com,enterprise,100,1,2020-05-07 11:34:43.000,2021-05-07 07:00:00.000,true,69d72f64-3cf0-1428-40aa-282b8d4c1d44,193.222.61.13,GB,false,0,0, +us-1-111574258,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Chubb,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050915,2020-12-06 15:55:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Chuden CTI Co.,Ltd. - 6977673735011734577",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286669,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Churchill Downs - 1835703637606715177,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182297,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ci&t Software S/a - 3085759490611416341,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574327,2020-12-07 14:31:31.000,2,28,0.00,0,0,1,0,0,0,2,1,1,0,28,84,3,0,0,123,0,0,0,0,0,0,0,2046640128.00,724680704.00,0,Ciena,2,4,0,0.00,0,20.04.177,,enterprise,1000000,6,2019-12-10 03:30:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186111,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ciena Canada, Inc - 1591483189561131286",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287506,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cigna Corporation - 1877377429045637751,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245815,2020-12-06 16:38:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cigna Corporation - 2618625179974799659,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285714,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cigna Corporation - 8659130626749843814,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261596,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cimpress Usa Incorporated - 5987101814700803743,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245693,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cintra Software & Services Inc. - 3603042694003099727,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255947,2020-12-07 14:37:49.000,0,329,0.00,0,0,0,0,0,0,1,1,1,0,28,124,245,0,0,278,0,0,0,0,0,0,0,2046640128.00,661180416.00,0,Ciox Health,0,47,0,0.00,0,20.09.366,,enterprise,1000000,48,2019-12-08 08:16:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212952,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ciox Health - 9209777788984278793,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242895,2020-12-06 15:52:51.000,0,567,0.00,0,0,0,0,0,0,1,1,1,0,28,92,262,0,0,2135,0,0,0,0,0,0,0,2046640128.00,709091328.00,0,Circle CI - 8091270204197024190,0,81,0,0.00,0,20.09.366,,enterprise,1000000,81,2020-07-13 14:10:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245785,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cisco Systems de México, S.A. de C.V. - 8343441253232503312",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Cisco Systems, Inc.",2020-12-06 23:11:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cisco Systems, Inc.",0,0,0,0.00,0,19.07.363,vkonepal@cisco.com,enterprise,10,3,2020-05-21 18:21:15.000,2021-06-15 07:00:00.000,true,5f0ad00a-87d3-1d39-b951-e31aea11b1b1,18.206.175.252,US,false,10,0, +"Citco Technology Management, Inc.",2020-12-07 09:47:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Citco Technology Management, Inc.",0,0,0,0.00,0,19.03.311,gdifarnecio@citco.com,enterprise,200,2,2020-07-09 19:21:46.000,2021-06-25 07:00:00.000,true,498c5742-5f8d-3136-2d5b-f9f5e97930c4,34.248.117.182,IE,false,0,0, +anz-3053801,2020-12-06 18:02:40.000,0,392,0.00,0,0,0,0,0,0,2,2,1,0,28,6,230,0,0,0,1,0,0,0,0,0,0,2046640128.00,551956480.00,0,Citec - 2394963425192805372,0,56,0,0.00,0,20.09.366,,enterprise,1000000,97,2020-09-11 17:53:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3049768,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Citec - 9201947041744961184,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Citi,2020-12-07 15:08:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Citi,0,0,0,0.00,0,20.09.345,dan.chu@citi.com,enterprise,36000,9,2020-07-28 16:51:47.000,2023-05-31 16:51:47.000,true,00005626,199.67.140.41,US,false,0,4500, +us-3-159207188,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Citigroup, Inc. - 3499308116331206382",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254805,2020-12-07 14:26:16.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,42,3,0,0,0,0,0,0,4,2,0,0,2046640128.00,655028224.00,0,City National Bank,0,16,0,0.00,0,20.09.366,,enterprise,1000000,16,2019-12-09 04:41:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159183414,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,City of Atlanta - 4947258120445500092,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +City_of_Surrey,2020-12-06 22:05:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,City_of_Surrey,0,0,0,0.00,0,20.04.177,null@surrey.ca,enterprise,120,9,2019-12-10 18:20:56.000,2020-12-18 18:20:56.000,true,00000511,97.107.191.71,CA,false,0,20, +us-2-158286765,2020-12-07 14:33:58.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,528179200.00,0,Clari - 4161325905365379930,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-20 17:36:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158258746,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Clayco,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260637,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,529657856.00,0,Clayton Homes - 5681016825967319138,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-08 14:14:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158258896,2020-12-07 14:46:33.000,0,819,0.00,0,0,0,0,0,0,1,1,1,0,28,62,116,0,0,116,0,0,0,0,0,0,0,10501771264.00,1456599040.00,0,ClearMe,0,117,0,0.00,0,20.09.366,,enterprise,1000000,117,2019-12-09 21:47:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3181491,2020-12-06 16:04:30.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,1,28,0,0,0,0,0,0,0,0,0,0,2046640128.00,545509376.00,0,ClearMe (GovCloud),0,10,0,0.00,0,20.09.351,,enterprise,1000000,10,2019-12-11 15:02:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212239,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ClearMe - 688321430268826593,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ClearShark ,2020-12-06 21:07:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ClearShark ,0,0,0,0.00,0,20.04.169,jonathan@clearshark.com,evaluation,100,15,2020-02-20 15:11:55.000,2021-02-19 15:11:55.000,true,ClearShark,128.34.136.25,US,false,0,0, +us-3-159242926,2020-12-06 16:22:54.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,534609920.00,0,Clearshark - 7045334273123460889,1,0,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-07-14 15:30:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215118,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Click Networks Inc. - 6520704310944588731,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550156011,2020-12-07 09:50:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Click Networks Inc. - 6520704310944588731,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544898,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Clico Sp. Z.O.O. Disti - 939112186882591323,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Clinc, Inc.",2020-12-07 14:38:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Clinc, Inc.",0,0,0,0.00,0,19.11.512,ryan.struber@clinc.com,enterprise,100,3,2020-10-31 07:01:18.000,2021-10-30 00:00:00.000,true,65544222-29ab-5f42-8c4c-7d30bc51f12f,52.207.91.240,US,false,0,0, +anz-3050016,2020-12-06 15:55:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cloud Comrade - 7686482206270349833,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237940,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,532185088.00,0,Cloud Native Computing Foundation - 193813920945370844,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-04-16 22:28:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545924,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cloud Sec News - 3210409245730321821,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Cloudsimple,2020-12-07 14:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cloudsimple,0,0,0,0.00,0,19.03.321,ilya@cloudsimple.com,enterprise,10,6,2020-02-28 15:40:58.000,2021-03-11 08:00:00.000,true,2e0d61c7-2e5c-d302-92cb-16304088805d,51.107.235.49,CH,false,10,0, +us-2-158284662,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Clover Health - 4905179597181362340,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151425,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coats plc - 3701854198233637136,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287545,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cobalt Labs, Inc - 4836571292637373024",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153375,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coca Cola Turkey - 1619235223679554770,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158253964,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coca-Cola,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544904,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coca-Cola (Costa Coffee) - 4340871560956648204,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284691,2020-12-07 14:31:31.000,0,623,0.00,0,0,0,0,0,0,1,1,1,0,28,94,29,0,0,154,0,0,0,1,0,0,0,2046640128.00,622825472.00,0,Cogito - 3943258877827549426,0,89,0,0.00,0,20.09.366,,enterprise,1000000,105,2020-10-02 16:52:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242869,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognitive Scale Inc. - 8824394585154396200,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573421,2020-12-07 14:31:31.000,0,3556,0.00,0,0,0,0,0,0,1,1,1,0,28,50,10,0,0,27,0,0,0,5,0,0,0,2046640128.00,819683328.00,0,Cognizant Accelerator,0,508,0,0.00,0,20.09.366,,enterprise,1000000,917,2019-12-07 16:00:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573270,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Dev,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214192,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technologies Ltd - 128145218734658193,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213166,2020-12-06 16:04:32.000,93,35,0.00,0,0,0,0,0,0,1,5,1,0,28,15,40,2,0,2,17,0,0,0,1,0,100000,2046640128.00,581672960.00,0,Cognizant Technologies Ltd - 8737649816247933992,93,5,0,0.00,4,20.09.366,,enterprise,1000000,98,2020-02-10 21:53:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245778,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 1965947301061138345,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238185,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 221153813641973021,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284812,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 4168976051044343312,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239863,2020-12-06 15:45:49.000,0,63,0.00,0,0,0,0,0,0,1,1,1,0,28,85,9,0,0,203,0,0,0,3,0,0,0,2046640128.00,682131456.00,0,Cognizant Technology Solutions Corporation - 5979510197881862830,0,9,0,0.00,0,20.09.366,,enterprise,1000000,9,2020-05-12 15:10:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285558,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 6171262665864475868,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244915,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 6778649067078839397,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185265,2020-12-06 16:03:50.000,2,35,0.00,0,0,0,1,0,0,3,1,1,0,28,20,6,0,0,4,0,0,0,1,0,0,0,2046640128.00,566530048.00,0,Cognizant Technology Solutions Corporation - 729312619064321996,2,5,0,0.00,0,20.09.366,,enterprise,1000000,7,2019-12-11 05:10:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285745,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 7607031531520325703,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284622,2020-12-07 14:26:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cognizant Technology Solutions Corporation - 8109675380546946039,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257715,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coinbase,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574291,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coles,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256818,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Colgate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284625,2020-12-07 14:28:02.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,2,0,0,0,2046640128.00,536064000.00,0,Collibra Inc. - 563420692100248105,0,1,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-09-29 18:55:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242028,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CommonSpirit Health - 2780116525921065697,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255919,2020-12-07 14:36:19.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,543027200.00,0,Commonwealth Informatics,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-08 19:41:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052869,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Commonwealth Superannuation Corporation - 4579804811221967928,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545922,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Compagnie Des Alpes - 9112817323589901649,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213078,2020-12-06 16:43:50.000,15,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,88,0,0,0,2,0,0,0,0,0,0,2046640128.00,543641600.00,0,Companhia Brasileira De Solucoes E Servicos. - 6762680272484387008,15,0,0,0.00,0,20.09.366,,enterprise,1000000,21,2020-02-07 18:05:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242770,2020-12-07 15:32:50.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,1,5,0,0,0,0,0,0,0,0,0,0,2046640128.00,534953984.00,0,Compartamos Servicios SA de CV - 5795394055059989191,0,2,0,0.00,0,20.04.177,,enterprise,1000000,2,2020-07-03 21:31:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212111,2020-12-07 15:29:29.000,0,105,0.00,0,0,0,0,0,0,1,1,1,0,28,75,28,0,0,29,2,0,0,3,0,0,0,2046640128.00,598806528.00,0,"Computer Services, Inc. - 4476982125738096779",0,15,0,0.00,0,20.09.366,,enterprise,1000000,15,2020-01-28 17:08:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245784,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Compuware Ltd - 4577131313854742716,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545889,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Concore GmbH - 6809766357243008507,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286761,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Conductor - 1612836069123676050,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Confluent, Inc.",2020-12-07 06:03:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Confluent, Inc.",0,0,0,0.00,0,20.04.163,mcrocker@confluent.io,enterprise,100,1,2020-04-25 00:28:02.000,2021-04-24 07:00:00.000,true,ff85fabb-ca18-667d-b76a-422b0ca72c3d,52.11.225.83,US,false,0,0, +us-2-158253994,2020-12-07 15:01:32.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,7,6,0,0,0,0,0,0,0,0,0,0,2046640128.00,535056384.00,0,Connection,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2019-12-06 15:59:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240979,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Connection - 637169970047089320,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240883,2020-12-07 15:29:29.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,16,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,542932992.00,0,Connection Inc. - 1847049741033253907,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2020-06-01 19:43:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254897,2020-12-07 14:37:49.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,14,2,0,0,148,0,0,0,1,2,0,0,2046640128.00,544473088.00,0,ConocoPhillips,0,3,0,0.00,4,20.09.366,,enterprise,1000000,3,2019-12-07 12:01:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255858,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ConsensusCorp,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284845,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Contino - 1008716448180309498,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286545,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Contino - 2199186744877121269,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284661,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Contino - 5861652751271059923,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245786,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Contino - 6883660900949108089,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545897,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Controlware GmbH - 8644336376048634486,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237197,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Conversica LLC - 1334843153782879262,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185146,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Conviva Care Solutions, Llc - 7971192169617021476",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185234,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cooper Tire & Rubber Company - 2324931930992251616,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177550,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cooper Tire & Rubber Company - 2325908971209180356,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262776,2020-12-07 14:39:59.000,0,56,0.00,0,0,0,0,0,0,1,1,1,2,28,236,15,0,0,16,1,0,0,18,0,0,0,2046640128.00,569106432.00,0,Copa Airlines - 3679215927613745708,0,8,0,0.00,0,20.09.366,,enterprise,1000000,8,2020-09-04 17:41:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Corefour Inc,2020-12-07 07:40:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Corefour Inc,0,0,0,0.00,0,20.04.163,scott@edsby.com,enterprise,200,11,2020-07-16 13:19:02.000,2021-07-17 07:00:00.000,true,fae82ed4-35f0-20dd-8f8c-7304f04017a8,13.88.246.128,CA,false,0,0, +us-3-159183347,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Corning Incorporated - 9189577208842968941,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541214,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Correos - 696140634504594059,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243886,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Corus Entertainment Inc - 1358192582285060779,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286705,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cosmopolitan - 7729175150124554146,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240042,2020-12-06 16:05:41.000,0,1211,0.00,0,0,0,0,0,0,11,3,1,0,46,337,33,0,0,3722,0,0,0,1,0,0,0,10501771264.00,1582108672.00,0,Costar Group - 1984675001280479863,0,173,0,0.00,0,20.09.351,,enterprise,1000000,175,2020-05-20 16:03:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283662,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Costar Group - 8095965977527621992,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257001,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coupa Software,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Coupa Software Incorporated,2020-12-06 18:32:29.000,546,175,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coupa Software Incorporated,546,25,0,0.00,0,20.09.365,varun.prusty@coupa.com,enterprise,1000,573,2020-07-30 00:11:26.000,2020-12-29 08:00:00.000,true,7010c30a-b9d3-c99e-9c99-057eb97de942,52.23.225.100,US,false,0,0, +gov-3181363,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coupa Software Incorporated - 3195630098114769851,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Coupang,2020-12-06 21:11:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coupang,0,0,0,0.00,0,19.11.512,stevekim@coupang.com,enterprise,100,2,2020-04-29 14:45:07.000,2021-04-28 07:00:00.000,true,e79e412d-218a-040c-c743-0f404227759d,3.34.16.132,KR,false,0,0, +us-3-159178361,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coupons.com / Quotient Technologies - 718983575666971104,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543999,2020-12-07 15:27:19.000,0,182,0.00,0,0,0,0,0,0,1,1,1,0,28,65,17,0,0,5,1,0,0,1,0,0,0,2046640128.00,666456064.00,0,Covea Insurance - 8331596992404242304,0,26,0,0.00,0,20.09.366,,enterprise,1000000,27,2020-07-31 06:59:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +CoverMyMeds,2020-12-07 05:12:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CoverMyMeds,0,0,0,0.00,0,20.04.169,jthrowe@covermymeds.com,enterprise,1000,8,2020-04-22 22:35:42.000,2023-04-21 07:00:00.000,true,86357e07-6e00-1e8e-16c4-03d29bc4af07,74.199.93.199,US,false,0,0, +us-3-159182322,2020-12-06 16:33:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CoverMyMeds - 2545735672520194887,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238062,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CoverMyMeds - 6638236814398589671,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207217,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Coverys - 9204371666960263452,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183349,2020-12-06 15:45:49.000,0,1274,0.00,0,0,0,0,0,1,6,1,2,2,29,1130,202,1,0,88,0,0,0,24,1,0,0,10501771264.00,1287905280.00,0,"Cox Communications, Inc. - 3098759336024443220",0,182,0,0.00,14,20.09.366,,enterprise,1000000,183,2019-12-10 21:55:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283881,2020-12-07 15:00:28.000,0,203,0.00,0,0,0,0,0,0,1,1,1,0,28,71,90,0,0,135,0,0,0,1,0,0,0,2046640128.00,559206400.00,0,"Crane Payment Innovations, Inc. - 6287090018441182708",0,29,0,0.00,0,20.09.366,,enterprise,1000000,29,2020-09-23 21:19:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Credit Karma, Inc.",2020-12-07 15:09:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Credit Karma, Inc.",0,0,0,0.00,0,20.09.345,brad.richardson@creditkarma.com,enterprise,80,0,2020-03-17 15:41:28.000,2021-03-14 15:41:28.000,true,93fdd9d3-f978-1071-cf6a-5118a7b668ef,35.238.81.133,US,false,0,10, +Credit Suisse Group AG,2020-12-07 09:23:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Credit Suisse Group AG,0,0,0,0.00,0,20.09.345,akshay.dahagaonkar@credit-suisse.com,enterprise,200,4,2020-08-03 15:25:08.000,2021-05-24 15:25:08.000,true,e2fbc065-04a0-badf-4c09-0e3d2e185357,198.240.130.75,US,false,0,25, +eu-2-143544781,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Credit Suisse Group AG - 8407086504665294790,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575348,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Credo Mobile,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286797,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,462815232.00,0,Cresta - 7556324801170992833,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-25 21:19:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238000,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Critical Start, Inc. - 6432180763807823598",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211066,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Crowdstrike Inc. - 8662664406953006312,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245813,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Crowe LLP - 4087452775700619903,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241938,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Crown Castle International Corp. (PA) - 102463273136122455,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285808,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,544423936.00,0,Crum and Forster - 7489791049131584947,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-03 20:08:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143809,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CryptoGen Pvt Ltd - 4782406576035654640,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215092,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Csaa Insurance Exchange - 2188809398156712723,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Cuebiq,2020-12-07 12:57:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cuebiq,0,0,0,0.00,0,20.04.169,nmutti@cuebiq.com,enterprise,80,9,2020-07-30 17:27:24.000,2021-07-30 17:27:24.000,true,0000897,63.34.205.128,IE,false,0,10, +us-2-158287474,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cuebiq Inc. - 8363339132469540858,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544992,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cujo AI - 3328941581609260107,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573267,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cummins,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245810,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cummins Inc. - 7970295801914906947,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3002004,2020-12-06 16:00:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Customer Engineering,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179443,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Customer Engineering,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181426,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Customer Engineering,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153163,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Customer Engineering,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241068,2020-12-07 15:46:24.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,9,12,0,0,0,0,0,0,1,0,0,0,2046640128.00,560099328.00,1,Customer Expressions Corp - 3710850611144724738,0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2020-06-10 13:05:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254893,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CustomerSuccessTeam,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150344,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,CustomerSuccessTeamEU,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Cvent,2020-12-06 18:28:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cvent,0,0,0,0.00,0,20.04.177,jcomer@cvent.com,enterprise,100,4,2020-09-17 16:46:49.000,2021-09-24 07:00:00.000,true,2f5bc7ea-9ed6-e421-676a-860912c23aa8,34.205.195.6,US,false,0,0, +us-2-158285740,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cyber Defense Group, LLC (reseller) - 4555026883274315990",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212205,2020-12-06 16:22:54.000,0,133,0.00,0,0,0,0,0,0,1,1,1,0,28,80,6,0,0,15,0,0,0,0,0,0,0,10501771264.00,895778816.00,0,"Cyber Defense Group, Llc - 2723097044788740634",0,19,0,0.00,0,,,enterprise,1000000,19,2020-01-31 17:16:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545797,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,3,0,0,2046640128.00,545554432.00,0,"CyberArk Software, Ltd. - 6513765043783095790",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-16 12:42:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283700,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"CyberArk Software, Ltd. - 8997595339718503387",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212083,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cypress Consult, Inc. - 2114284723802512452",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287511,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cyrusone Inc. - 3770744067742025191,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287541,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cyrusone Inc. - 5450255773952310270,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283698,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cysiv - 471718072490261362,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284722,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Cysiv - 6955657337867956838,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Cyxtera Technologies, Inc.",2020-12-06 16:49:08.000,0,56,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Cyxtera Technologies, Inc.",0,8,0,0.00,0,20.09.365,christopher.caruso@cyxtera.com,enterprise,1200,8,2020-10-21 21:31:51.000,2021-10-01 07:00:00.000,true,5973fd67-89d2-c574-6965-49a5dbe9fc82,52.227.155.149,US,false,0,0, +aws-singapore-961096965,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DBS Bank Ltd - 3996639212153880331,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096941,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DBS Bank Ltd - 5545060396690952331,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143781,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DBS Bank Ltd - 6068410493214860095,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3000232,2020-12-06 15:58:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DGTest,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111525404,2020-12-07 14:40:00.000,0,0,0.00,0,0,1,0,0,1,2,1,1,1,28,0,0,0,0,2,0,0,0,4,7,0,0,2046640128.00,540823552.00,0,DHI Group,0,0,0,0.00,0,19.11.512,,enterprise,1000000,1,2019-12-09 06:15:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +DHS - CDM Dashboard - ECS Tech,2020-12-07 14:31:16.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DHS - CDM Dashboard - ECS Tech,0,1,0,0.00,0,20.09.345,Evan.Merritt@ecstech.com,evaluation,100,1,2020-11-10 22:22:56.000,2020-12-10 22:22:56.000,true,DHS - CDM Dashboard - ECS Tech,18.253.110.9,US,false,0,0, +us-2-158284784,2020-12-07 14:33:59.000,0,42,0.00,0,0,0,0,0,0,1,1,1,0,28,15,6,0,0,1,6,0,0,2,0,0,0,2046640128.00,544108544.00,0,DISH Mobile - 2597159746431486285,0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-10-08 15:54:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-150500,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,542945280.00,0,DLG,0,0,0,0.00,0,19.11.512,,enterprise,1000000,0,2019-12-10 03:17:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245748,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_2_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284686,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_2_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286674,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_3_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244914,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_5_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245747,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286798,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284685,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DLP_AUTOMATION_DND,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544775,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DOPS Digital - 5821553833792939081,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +DOnwukwe_Sandbox,2020-12-06 20:06:48.000,2,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DOnwukwe_Sandbox,2,2,2,0.00,0,20.09.365,donwukwe@paloaltonetworks.com,evaluation,100,6,2020-10-03 20:25:43.000,2021-10-03 20:25:43.000,true,0,34.68.127.79,US,true,0,0, +us-3-159209231,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,4,0,0,0,2046640128.00,538214400.00,0,DRW Trading - 1499642601480864928,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-09 20:16:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096904,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"DTAC TRINET CO., Ltd - 2569185229439217070",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153318,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DTS Systeme Gmbh - 9014679908135191563,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544804,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DXC Technology - 476828135129969232,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243955,2020-12-06 16:04:32.000,1,35,0.00,0,0,0,0,0,0,1,1,1,0,28,15,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,559321088.00,0,DXC Technology Company - 5749661124729429552,1,5,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-07-31 14:23:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283878,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DaVita Inc. - 2366116781427057692,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053802,2020-12-06 17:55:59.000,0,0,0.12,0,0,0,0,0,1,1,1,2,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,543096832.00,0,"Dah Sing Bank, Limited - 5896459840673251132",0,0,0,14988.00,1,20.04.177,,enterprise,1000000,0,2020-09-14 01:52:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159213045,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Daichi Sankyo,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Dailymotion,2020-12-07 08:27:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dailymotion,0,0,0,0.00,0,20.09.345,null@dailymotion.com,enterprise,105,0,2020-11-10 21:30:19.000,2021-03-25 21:30:19.000,true,af0aa9ae-d554-60c1-9499-5a58208fcf28,188.65.124.19,FR,false,0,15, +eu-2-143540065,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,4,0,0,0,0,0,0,1,1,0,0,2046640128.00,542072832.00,0,Daimler Ag - 434904447940984474,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-01-30 17:37:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544899,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Data Equipment AS - 1482672601150868412,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286708,2020-12-07 14:26:17.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,486678528.00,0,Data Stax - 8498507165839411208,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-18 14:40:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286544,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Datadog, Inc. - 12064091707190829",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214939,2020-12-06 16:48:20.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,1,0,0,0,1,1,0,0,2046640128.00,713510912.00,0,"Datarobot, Inc. - 2855663416879633797",0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-03-04 21:40:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237971,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Datarobot, Inc. - 4602045059376248213",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +David Kubicki,2020-12-06 18:58:32.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,David Kubicki,1,2,2,0.00,0,20.09.365,dkubicki@paloaltonetworks.com,enterprise,100,5,2020-02-11 16:06:26.000,2021-02-10 16:06:26.000,true,David Kubicki,34.68.127.79,US,true,0,0, +eu-2-143541184,2020-12-07 15:35:35.000,60,868,0.00,0,0,0,0,0,1,6,1,1,0,28,288,139,4,0,61,9,0,0,0,1,0,0,10501771264.00,1051574272.00,1,Decathlon - 4546416593733169257,60,124,0,0.00,6,20.09.366,,enterprise,1000000,192,2020-04-09 21:19:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544905,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Decathlon - 7359305523863903161,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244667,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Decathlon - 7896046599888400961,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285713,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DeepEnd Sec - 8433094304087104628,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215898,2020-12-06 16:06:19.000,2,231,0.00,0,0,0,0,2,1,1,1,1,3,28,28,10,0,0,14,1,0,0,5,1,0,0,2046640128.00,824606720.00,0,Deere & Company - 2885724501136824338,2,31,14,0.00,0,20.09.366,,enterprise,1000000,48,2020-03-20 17:47:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238899,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deere & Company - 45517605709988270,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Defence Science and Technology Agency,2020-12-03 06:45:23.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Defence Science and Technology Agency,0,1,0,0.00,0,20.09.365,nweiji2@dsta.gov.sg,evaluation,100,1,2020-12-02 14:14:14.000,2021-01-01 14:14:14.000,true,ef502777-f5e3-7926-3f1e-288c373fef46,52.77.15.239,SG,false,0,0, +Defense Information Systems Agency (DISA),2020-12-06 16:42:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Defense Information Systems Agency (DISA),0,0,0,0.00,0,20.08.338,pschmidt@tapestrytech.com,enterprise,300,0,2020-02-28 00:07:06.000,2021-02-26 08:00:00.000,true,2c31660f-bd90-55d7-8675-c639fc16be00,52.222.87.62,US,false,0,0, +us-3-159179532,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Defense Innovation Unit Experimental - 7232146333289169096,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181424,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Defense Innovation Unit Experimental - 8415660965748301134,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284870,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Delek US - 7996010684465781302,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Dell Inc. (Sell-to),2020-12-06 16:27:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dell Inc. (Sell-to),0,0,0,0.00,0,20.04.163,vaibhav.baliga@dell.com,enterprise,400,3,2020-04-29 19:24:57.000,2021-04-28 19:24:57.000,true,236efd9b-b6e3-6651-31a3-9dbe2c72a8ef,34.226.183.78,US,false,0,50, +Dell Inc. (Sell-to),2020-12-06 14:23:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dell Inc. (Sell-to),0,0,0,0.00,0,20.04.163,brett.buchheister@dell.com,enterprise,100,4,2020-09-29 19:15:06.000,2021-10-29 07:00:00.000,true,271f2b51-354d-6b1d-50aa-c7f7bb3ed213,128.221.224.204,US,false,0,0, +Dell Inc. (Sell-to),2020-12-07 08:31:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dell Inc. (Sell-to),0,0,0,0.00,0,20.04.177,balakrishna.deshamouni@dell.com,enterprise,20650,1,2020-10-06 19:29:17.000,2021-04-24 19:29:17.000,true,af6808cf-a7e1-f757-25e0-9fd6d3f87bc9,143.166.253.245,US,false,0,2950, +us-3-159243986,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dell Inc. (Sell-to) - 4105046404180913831,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Dell Inc. (Sell-to)_NonProd,2020-12-07 04:12:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dell Inc. (Sell-to)_NonProd,0,0,0,0.00,0,20.04.177,vaibhav.baliga@dell.com,enterprise,40,3,2020-07-13 15:43:19.000,2021-04-28 15:43:19.000,true,236efd9b-b6e3-6651-31a3-9dbe2c72a8ef,54.89.225.187,US,false,0,5, +Dell Inc. (Sell-to)_Prod,2020-12-07 13:50:52.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dell Inc. (Sell-to)_Prod,0,3,0,0.00,0,20.09.345,vaibhav.baliga@dell.com,enterprise,360,3,2020-07-13 15:42:18.000,2021-04-28 15:42:18.000,true,236efd9b-b6e3-6651-31a3-9dbe2c72a8ef,34.206.120.173,US,false,0,45, +us-1-111523703,2020-12-07 14:39:19.000,0,42,0.00,0,0,0,0,0,0,3,1,3,0,28,4,5,11,0,8,0,0,0,1,5,0,4,2046640128.00,620384256.00,0,Deloitte,0,6,0,0.00,42,20.04.177,,enterprise,1000000,16,2019-12-09 13:14:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096968,2020-12-07 15:02:54.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,1,0,0,2046640128.00,535191552.00,0,Deloitte & Touche Enterprise Risk Services Pte Ltd (RESELLER) - 7051795284105903218,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-23 00:22:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283661,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte - System Integrator - 2265705377937608953,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258861,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,2,2,1,3,0,29,1,3,0,0,8,0,0,0,1,8,0,0,2046640128.00,531304448.00,0,Deloitte Australia Cyber Assurance,0,0,0,0.00,1,20.09.366,,enterprise,1000000,1,2019-12-09 21:37:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283697,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte Consulting Llp - 1674360651419163006,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283791,2020-12-07 14:31:32.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,5,3,0,0,3,0,0,0,1,0,0,0,2046640128.00,557432832.00,0,Deloitte Consulting Llp - 2189672347997590868,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2020-09-17 13:58:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525341,2020-12-07 14:44:06.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,10,3,0,0,0,0,0,0,1,0,0,0,2046640128.00,780472320.00,0,Deloitte GTS AME,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2019-12-07 17:27:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573304,2020-12-07 14:26:17.000,1,0,0.00,0,0,0,0,0,0,3,2,1,0,28,0,2,0,0,2,0,0,0,1,0,0,0,2046640128.00,536821760.00,0,Deloitte GTS AME - DEV,1,0,0,0.00,0,20.04.163,,enterprise,1000000,1,2019-12-10 07:46:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3048836,2020-12-06 15:55:20.000,0,175,0.00,0,0,0,0,0,0,1,1,1,0,28,63,50,0,0,186,0,0,0,1,0,0,0,2046640128.00,576102400.00,0,Deloitte GTS APAC,0,25,0,0.00,0,20.09.366,,enterprise,1000000,25,2019-12-10 11:36:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3048964,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte GTS APAC - DEV,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153220,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte GTS EMEA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143537184,2020-12-07 15:31:26.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,9,13,0,0,0,0,0,0,0,0,0,0,2046640128.00,538296320.00,0,Deloitte GTS EMEA - DEV,0,2,0,0.00,0,20.04.177,,enterprise,1000000,2,2019-12-10 19:33:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283915,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,531050496.00,0,Deloitte LLP - 230770223173204928,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-25 19:00:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228457,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte LLP - 2955405486390434080,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238061,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,530657280.00,0,Deloitte LLP - 409212957412111131,0,0,0,0.00,0,19.11.512,,enterprise,1000000,1,2020-04-22 20:43:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159209326,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte LLP - 5763905211968490596,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215961,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte LLP - 6030044511564748947,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181587,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte LLP - 7960992517761854288,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143537308,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,1,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,3,0,0,2046640128.00,540577792.00,0,Deloitte Spain - 3413458699065351130,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-11 00:05:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210066,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Deloitte Tohmatsu Consulting Co.,Ltd.(DTC) - 7963565702351394678",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053796,2020-12-06 17:55:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte Touche Tohmatsu (AU) - 9142041572610453615,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184404,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deloitte Touche Tohmatsu LLC - 7064778983559312391,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572403,2020-12-07 15:01:30.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,2,0,0,0,2046640128.00,542605312.00,0,DeloitteOpenCloudDev,0,1,0,0.00,0,19.11.512,,enterprise,1000000,1,2019-12-10 07:45:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245753,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Delta Dental Of Washington - 1090875969409951960,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284747,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Delta Dental Plans Association - 8379322596692338477,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285680,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Delta Dental of California - 4933782083319802365,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213050,2020-12-06 16:04:29.000,52,0,0.00,0,0,0,0,0,0,1,4,1,0,28,0,22,0,0,0,0,0,0,0,0,0,0,2046640128.00,542564352.00,0,Deluxe,52,0,0,0.00,0,20.04.177,,enterprise,1000000,52,2020-02-07 02:13:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574474,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Demandbase,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Demisto,2020-12-07 09:50:15.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Demisto,0,2,0,0.00,0,20.09.365,glichtman@paloaltonetworks.com,evaluation,500,2,2020-10-12 19:54:17.000,2021-10-12 19:54:17.000,true,Demisto,52.215.34.191,IE,true,0,0, +us-2-158285809,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Denim Group, Ltd. - 6916656914321265611",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051908,2020-12-06 16:00:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Denso Corporation - 5563673130007767522,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Department of Defence (Centralised Processing),2020-12-06 16:18:27.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Department of Defence (Centralised Processing),0,5,0,0.00,0,20.09.365,brodie.j.downes@leidos.com,evaluation,100,5,2020-11-24 06:10:39.000,2020-12-25 16:00:00.000,true,18519bdc-542c-b17c-34a9-0f6220f0d63c,180.150.28.88,AU,false,0,0, +Department of Defense (DIA) ,2020-12-07 13:55:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Department of Defense (DIA) ,0,0,0,0.00,0,19.03.317,Jonathan.Abolins2@dodiis.mil,enterprise,2848,13,2020-06-24 20:23:01.000,2021-06-15 20:23:01.000,true,b07115d7-ae33-5408-3386-cff784fa11c9,54.88.137.150,US,false,0,356, +anz-3052899,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Department of Education - 1683677230446915054,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183409,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Department of The Premier and Cabinet South Australia - 2913918504792463369,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3049088,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Department of The Premier and Cabinet South Australia - 5118403488133069180,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Deque Systems Inc.,2020-12-06 21:10:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deque Systems Inc.,0,0,0,0.00,0,20.04.163,robert.huff@deque.com,enterprise,10,7,2020-03-24 17:04:00.000,2021-03-21 07:00:00.000,true,b7a4ba59-7cbe-12d6-9269-6dc8cf3e03ba,35.172.125.236,US,false,10,0, +Deque Systems Inc. ,2020-12-06 18:05:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deque Systems Inc. ,0,0,0,0.00,0,20.04.163,robert.huff@deque.com,enterprise,80,1,2020-03-31 18:41:16.000,2021-03-21 18:41:16.000,true,b7a4ba59-7cbe-12d6-9269-6dc8cf3e03ba,54.173.140.248,US,false,0,10, +us-2-158286800,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Derivco (pty) Ltd - 1433272400293629367,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542854,2020-12-07 15:35:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Derivco (pty) Ltd - 2394631274728271821,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543876,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,1,1,1,1,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,542478336.00,0,Deutsche Bank Securities Inc. - 7383207632579745003,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-07-16 12:17:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Deutsche Post AG (DHL),2020-12-07 14:25:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Deutsche Post AG (DHL),0,0,0,0.00,0,20.04.177,o.svoboda@dhl.com,enterprise,200,5,2020-10-23 03:19:34.000,2021-10-19 07:00:00.000,true,9bf6e503-7030-d5c2-2875-0664af2531ca,165.72.200.13,CZ,false,0,0, +us-2-158257872,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dev THD,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285556,2020-12-07 14:44:06.000,1,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,536023040.00,0,Dewey Cheatham and Howe - 1292743435276030499,1,3,0,0.00,0,,,enterprise,1000000,4,2020-10-14 22:21:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573424,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dicks Sporting Goods,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545796,2020-12-07 15:03:05.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,3,0,0,0,2,0,0,0,0,1,0,0,2046640128.00,545161216.00,0,Digi- Ja Vaestotietovirasto - 1259222792019277617,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-16 11:36:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159208145,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Digital Guardian - 8206616328983181532,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184248,2020-12-06 16:10:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"DigitalGlobe, Inc. - 3077957465459658331",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543968,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Digiturk,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543998,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Digiturk - 1778268170599780451,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544774,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dimension Data (Pty) Ltd - 8994259050302488791,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544897,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,1,1,1,1,1,1,28,0,0,31,0,0,0,0,0,0,1,0,0,2046640128.00,537194496.00,0,Direct Line Group - 3378959842710984650,0,0,0,0.00,37,20.09.366,,enterprise,1000000,30,2020-09-09 13:25:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143542950,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Direct Line Group - 554652508985022566,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540222,2020-12-07 15:20:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DiscountBank - 6147148822706585589,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181298,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Discover Financial Services - 5772194136930978096,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240852,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Discoverorg Data, Llc - 7955417655964944598",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243983,2020-12-06 16:38:04.000,0,14,0.00,0,0,0,0,0,0,2,1,1,0,28,1,0,0,0,4,0,0,0,1,0,0,0,2046640128.00,542773248.00,0,Discovery Prisma Cloud,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-07-31 19:11:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Dish Mobile - IBM Integrator,2020-12-02 16:26:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dish Mobile - IBM Integrator,0,0,0,0.00,0,20.04.177,Rey.Evangelista@ibm.com,evaluation,200,3,2020-10-22 15:17:25.000,2021-01-20 15:17:25.000,true,0,170.226.21.80,US,false,0,0, +us-1-111572365,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Disney,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Disney Asia Pacific Shared Business Services (Shanghai) Co., Ltd.",2020-12-07 09:52:56.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Disney Asia Pacific Shared Business Services (Shanghai) Co., Ltd.",0,0,0,0.00,0,19.07.363,brian.li@disney.com,enterprise,100,4,2020-04-30 13:18:10.000,2021-04-29 07:00:00.000,true,cf76bdba-d8b5-2c6d-9b55-1da6e6b01a1c,180.167.28.145,CN,false,0,0, +us-1-111573489,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Disney Sandbox,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Disney Streaming Services Llc,2020-12-07 13:58:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Disney Streaming Services Llc,0,0,0,0.00,0,20.09.345,null@disney.com,enterprise,28000,0,2020-08-11 20:29:04.000,2021-07-22 20:29:04.000,true,cb1d8dc1-726d-71ca-55df-7b0657c97017,52.53.70.111,US,false,0,3500, +us-3-159244696,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Disney Worldwide Services, Inc. - 3185352746117690086",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539011,2020-12-07 15:31:26.000,5,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,2,0,0,0,4,0,0,0,0,0,0,2046640128.00,537055232.00,0,Docebo - 6098689266863320580,5,0,0,0.00,0,20.04.177,,enterprise,1000000,5,2019-12-11 12:37:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143540061,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Docebo Spa - 7604127612215743139,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544868,2020-12-07 15:27:19.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,10,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,560562176.00,0,Doctolib - 5399288777630107984,0,4,0,0.00,0,,,enterprise,1000000,4,2020-09-03 16:09:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159181328,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Docusign, Inc. - 8290101304221980409",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228574,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Docusign, Inc. - 8899336142481722022",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152387,2020-12-07 15:44:30.000,0,126,0.00,0,0,1,0,0,0,1,1,1,0,28,41,9,0,0,20,0,0,0,1,0,0,0,2046640128.00,768188416.00,0,Dogus Teknoloji - 744391453244039206,0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2019-12-10 00:20:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283731,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dollar General Corporation - 5467202124041094943,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216050,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,10,4,0,0,0,0,0,0,1,0,0,0,10501771264.00,1346236416.00,0,"Domino Data Lab, Inc. - 550362818966633721",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-03-27 18:41:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544872,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Double Negative - 7931637632788483148,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216087,2020-12-06 16:38:04.000,454,203,0.00,0,0,0,0,0,0,3,5,1,0,30,51,32,0,0,16,0,0,0,2,0,0,100000,10501771264.00,1086369792.00,0,"Doximity, Inc. - 3680138752065348967",454,29,0,0.00,0,20.09.366,,enterprise,1000000,592,2020-03-30 18:56:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158262620,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Draftkings Inc. - 9188851448288704278,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283693,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Drb Systems, Llc - 4216138161155682826",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239176,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Drogarias Dpsp S/a - 2355712695475397159,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215899,2020-12-06 16:43:50.000,1,504,0.00,0,0,0,0,0,0,1,1,1,0,28,74,141,0,0,27,0,0,0,0,0,0,0,2046640128.00,661655552.00,0,Drogarias Dpsp S/a - 5240058366815552902,1,72,0,0.00,0,20.09.366,,enterprise,1000000,73,2020-03-20 19:17:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238129,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Drw Holdings, LLC - 1272017719798455300",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239954,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Drw Holdings, LLC - 6699531420441698708",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052649,2020-12-06 15:55:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,DtwoC Inc- InfraTeam,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284623,2020-12-07 14:33:59.000,1,21,0.00,0,0,0,0,0,0,1,2,1,0,28,6,5,0,0,0,0,0,0,0,2,0,0,2046640128.00,531755008.00,0,"Duke University Health System, Inc. - 5115527176043572389",1,3,0,0.00,0,20.09.351,,enterprise,1000000,4,2020-09-29 13:57:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3049028,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dulux Holdings Pty Ltd - 24871234865250060,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181394,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Dun & Bradstreet - 470661871819299925,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254993,2020-12-07 14:34:00.000,3,7,0.00,0,0,0,0,1,1,1,1,2,1,28,1,1,0,0,0,0,0,0,1,1,0,0,2046640128.00,533942272.00,0,Dun And Bradstreet,3,1,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-12-09 01:41:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285588,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,E-Talk - 6637963077110325586,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +E-Trade,2020-12-06 22:03:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,E-Trade,0,0,0,0.00,0,20.04.177,eric.owens@etrade.com,evaluation,30,2,2020-12-03 14:34:44.000,2021-01-02 14:34:44.000,true,0,3.213.159.93,US,false,0,0, +aws-singapore-961096816,2020-12-07 14:59:47.000,0,14,0.00,0,0,1,1,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,540061696.00,0,E1 Corporation - 7439024466502501171,0,2,0,0.00,0,20.04.177,,enterprise,1000000,2,2020-09-01 03:18:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545740,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EASTNETS FZ-LLC - 4434748792503035691,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096814,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,535937024.00,0,"ECCOM Network System Co., Ltd. - 2657161541599025341",0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-31 08:49:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544002,2020-12-07 15:03:06.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,536383488.00,0,"EDP - Energias de Portugal, S.A. - 3364150019737342773",2,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-07-31 09:41:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544811,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EMEA Channels - 330310259854039682,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151301,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,526725120.00,0,EMEA-CEUR-SE,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-09 16:54:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-103407,2020-12-07 15:03:50.000,0,14,0.00,0,0,1,0,0,0,1,1,2,0,28,3,0,0,0,7,0,0,0,0,2,0,0,2046640128.00,538505216.00,0,EMEA-WEUR-SE,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2019-12-09 16:47:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243860,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ESPERION THERAPEUTICS, INC. - 2414454011277036070",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242838,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ESPERION THERAPEUTICS, INC. - 2888332317590420267",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258745,2020-12-07 14:47:54.000,0,50,0.00,0,0,1,0,0,0,3,3,1,2,28,10,10,0,0,19,12,0,0,6,0,0,0,2046640128.00,731992064.00,0,ESRI,0,7,1,0.00,0,20.09.366,,enterprise,1000000,8,2019-12-09 21:40:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143540007,2020-12-07 15:44:30.000,0,140,0.00,0,0,0,0,0,0,1,1,1,0,28,138,15,0,0,30,0,0,0,1,0,0,0,10501771264.00,886038528.00,0,ESURE INSURANCE LTD - 8409023514862553943,0,20,0,0.00,0,20.09.366,,enterprise,1000000,29,2020-01-24 13:10:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157622,2020-12-07 09:58:17.000,0,0,0.00,0,0,0,0,0,0,1,1,1,1,28,0,0,0,0,0,0,0,0,7,8,0,0,2046640128.00,534970368.00,0,EVAL Equipment AMER - 3435890644442058272,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-09 17:40:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283882,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EVALUE SERVE COM PRIVATE LIMITED - 1129555235089170841,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545954,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EXASOL Vertriebsholding GmbH - 4429315056752997507,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Early Warning Services, LLC",2020-12-06 21:21:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Early Warning Services, LLC",0,0,0,0.00,0,20.04.177,roopesh.konda@earlywarning.com,enterprise,700,27,2020-10-27 23:48:03.000,2021-10-30 23:48:03.000,true,00012722,34.209.0.88,US,false,0,0, +us-3-159177641,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Early Warning Services, LLC - 2601723561249080841",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178570,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Early Warning Services, LLC - 6331417581370312767",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181332,2020-12-06 16:03:50.000,0,154,0.00,0,0,0,0,0,0,1,1,1,0,28,20,27,0,0,20,0,0,0,0,0,0,0,2046640128.00,539451392.00,0,Earnin - 5100205877053976576,0,22,0,0.00,0,20.09.366,,enterprise,1000000,22,2019-12-10 15:01:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257873,2020-12-07 14:51:47.000,1,14,0.00,0,0,0,0,0,0,1,1,1,1,28,2,2,0,0,0,0,0,0,1,0,0,0,2046640128.00,533467136.00,0,Eaton Vance,1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 08:22:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159211187,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EchoStar,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184398,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Echostar Corporation - 604114420869873703,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184118,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Edclub, Inc - 6212077726110296901",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150407,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Edeka,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573334,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Edelweiss,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052682,2020-12-06 16:00:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EdelweissPrismaCloudAWSMP,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542889,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,0,0,0,0,0,0,1,6,0,0,2046640128.00,549961728.00,0,Edf Energy Plc - 2986055806218774498,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-06-02 08:43:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Edgeverve_Public Cloud,2020-12-07 03:52:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Edgeverve_Public Cloud,0,0,0,0.00,0,20.04.177,ashok_ratnagiri@edgeverve.com,enterprise,100,1,2020-07-07 15:37:46.000,2021-06-29 15:37:46.000,true,10b3762c-e2dc-b16f-2ae5-661443693b4e,52.73.202.77,US,false,0,0, +Edward Jones,2020-12-07 12:02:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Edward Jones,0,0,0,0.00,0,19.07.363,null@edwardjones.com,enterprise,2191,26,2020-09-18 16:21:26.000,2020-12-26 16:21:26.000,true,52b7eadf-0cf8-d500-4deb-e3d11f155645,165.225.34.84,US,false,0,313, +us-2-158254096,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Edwards Lifesciences,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261627,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Edwards Lifesciences Corp - 457394071034048498,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243858,2020-12-06 16:43:51.000,2,0,0.00,0,0,0,0,0,0,3,3,1,0,28,6,4,0,0,0,0,0,0,0,1,0,16,2046640128.00,540385280.00,0,Edwards Lifesciences Corp - 6587410520843818333,2,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-07-27 21:06:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285802,2020-12-07 14:36:18.000,206,0,0.00,0,0,0,0,0,0,1,1,1,1,28,415,516,0,0,391,3,0,0,1,0,0,100000,2046640128.00,852774912.00,0,"Egnyte, Inc. - 7908635651378592857",206,0,0,0.00,0,20.09.366,,enterprise,1000000,206,2020-11-02 18:56:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285559,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Egon Zehnder International - 5464332163978974230,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238935,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ej2 Communications, Inc. - 4035406642199331255",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244663,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Elektra del Milenio, S.A. de C.V. - 2430898575317123360",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286606,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Elementia Servicios Administrativos, S.A. de C.V. - 7759839663698940826",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286766,2020-12-07 14:33:59.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,1,4,0,0,0,0,0,0,0,0,0,0,2046640128.00,563433472.00,0,Eli Lilly And Company - 3404071903380669723,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-11-20 19:22:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159185328,2020-12-07 15:30:12.000,0,7,0.00,0,0,0,0,0,1,1,1,1,1,28,0,0,49,0,0,0,0,0,1,1,0,0,2046640128.00,536965120.00,0,Eli Lilly And Company - 6570662164409039479,0,1,0,0.00,104,20.09.366,,enterprise,1000000,10,2019-12-11 05:39:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544007,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Elior - 997040673859289815,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238961,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ellie Mae, Inc. - 581122714216616790",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212142,2020-12-07 15:32:50.000,0,2772,0.00,0,0,1,0,0,0,2,1,1,0,28,161,568,0,0,44,2,0,0,4,0,0,0,10501771264.00,945242112.00,0,"Ellie Mae, Inc. - 8459320620788516558",0,396,0,0.00,0,20.09.366,,enterprise,1000000,763,2020-01-29 20:24:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254000,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,4,0,0,0,2046640128.00,602451968.00,0,Emerson,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-06 13:06:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159185206,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Emerson Electric Co. - 6453900516493233503,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545898,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Emirates Airlines - 3983092297973563657,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Emirates National Bank,2020-12-06 20:51:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Emirates National Bank,0,0,0,0.00,0,20.04.177,null@emiratesnbd.com,enterprise,100,10,2020-10-14 10:26:43.000,2021-10-11 10:26:43.000,true,55a15a4c-2ab4-910f-b362-a00a74cbb815,195.229.123.248,AE,false,0,0, +eu-2-143540070,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Emis Group Plc - 6618773650112379753,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256727,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Emptor,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152265,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Enagas - 2253648444478767372,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214004,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Endurance International Group Holdings, Inc. - 8456886345231250249",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211029,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Energir - 5311253611065828832,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238965,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Energir - 8152294281813916223,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153350,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Engie - 3727609242053592536,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284779,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EnhanceIT - 6027090181975055596,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542953,2020-12-07 15:20:50.000,1,0,0.00,0,0,0,0,0,0,1,2,1,0,28,12,28,0,0,5,0,0,0,0,0,0,0,2046640128.00,542154752.00,0,Eni S.p.A. - 6604956557414220587,1,0,0,0.00,0,20.09.366,,enterprise,1000000,12,2020-06-09 15:35:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545741,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,542892032.00,0,Ensono - 2868166861645228740,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-07 17:05:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545773,2020-12-07 15:27:06.000,0,14,0.00,0,0,0,0,0,0,2,1,1,0,28,1,1,0,0,1,0,0,0,1,0,0,0,2046640128.00,535699456.00,0,Ensono - 7222223664277726197,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-15 17:17:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243026,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Enterprise Holdings, Inc. - 5045623048872859209",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254127,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Entytle,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541925,2020-12-07 15:31:26.000,2,70,0.00,0,0,0,0,0,0,1,1,1,0,28,12,15,0,0,1,0,0,0,0,0,0,0,2046640128.00,545865728.00,0,Epipoli Spa - 829365545889707760,2,10,0,0.00,0,,,enterprise,1000000,12,2020-04-23 13:05:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Equifax,2020-12-07 07:16:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Equifax,0,0,0,0.00,0,20.04.169,null@equifax.com,enterprise,320000,10,2020-05-04 21:43:48.000,2023-04-26 21:43:48.000,true,09e9534b-5658-254e-5a02-2eb817a261af,104.196.15.211,US,false,0,40000, +canada-550157592,2020-12-07 09:50:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Equifax Canada Co. - 3186495940704796249,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254003,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Equinix,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243988,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Equinix Inc. - 3083419034559164438,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Equinix, Inc.",2020-12-07 14:17:59.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Equinix, Inc.",0,3,0,0.00,0,20.09.365,gcasady@equinix.com,enterprise,2400,3,2020-07-30 23:05:06.000,2023-07-29 07:00:00.000,true,2c783a3e-70cb-36d1-d3b0-b1603af5d5d2,216.221.232.129,US,false,0,0, +eu-153314,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,7,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,533712896.00,0,Ericsson AB - 6397903395999561748,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-10 12:21:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159183257,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Esquel Apparel, Inc - 4654960159525684171",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150404,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Esselunga,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180342,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Estácio - 4525280463185017827,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150343,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,EuroBIC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543969,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Eurodigital Hungary Kft - 1841879244544620197,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543879,2020-12-06 15:48:58.000,0,98,0.00,0,0,0,0,0,0,1,1,1,0,28,5,16,0,0,0,0,0,0,0,0,0,0,2046640128.00,535613440.00,0,European Central Bank (ECB) - 6890090256996200578,0,14,0,0.00,0,20.09.366,,enterprise,1000000,14,2020-07-17 12:08:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Evernote Corporation,2020-12-07 00:38:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Evernote Corporation,0,0,0,0.00,0,20.04.177,jlesperance@evernote.com,enterprise,200,0,2020-07-02 19:52:17.000,2023-07-16 07:00:00.000,true,a26017a8-208e-fba3-04ee-fddc19f6f3a4,35.227.137.193,US,false,200,0, +eu-2-143540931,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Eversholt Rail Holdings (uk) Limited - 6892935357191439790,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573453,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,524996608.00,0,EvidentCustomerSuccessTeam,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-10 07:43:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153313,2020-12-06 15:52:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Evolutio Cloud Enabler, S.A. - 3309442514474088959",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153344,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Evolutio Cloud Enabler, S.A. - 7880819480918183071",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545743,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Evolutio Cloud Enabler, S.A. - 8479809241365932741",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544931,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Exasol - 6069920462918921571,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545956,2020-12-06 15:48:57.000,5,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,535826432.00,0,Exasol - 8629876019974270509,5,0,0,0.00,0,,,enterprise,1000000,5,2020-11-05 14:59:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096911,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Exceture Inc. - 2558993166134000778,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544835,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,3,1,1,0,28,0,0,0,0,9,0,0,0,0,0,0,0,2046640128.00,541016064.00,0,Exclusive Networks (ASC) - EMEA - 3285359299678907872,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-29 15:22:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545735,2020-12-07 15:35:50.000,0,0,0.00,0,0,1,0,0,0,1,1,1,0,28,1,1,0,0,1,0,0,0,2,0,0,0,2046640128.00,537460736.00,0,Exclusive Networks (ASC) - EMEA - 6679242746694455564,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-05 07:11:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143546017,2020-12-06 15:48:57.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,3,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,414773248.00,0,Exclusive Networks (ASC) - EMEA - 8299355630110464436,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-11-23 12:34:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096877,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Exclusive Networks Asia Support Center (ASC) - ASEAN - 3918339043388861156,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096878,2020-12-07 14:54:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Exclusive Networks Asia Support Center (ASC) - ASEAN - 5573038497478867493,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544838,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Exclusive Networks Bilisim A.S. - 917958292962658086,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256882,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ExodusPoint,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287505,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Expanse - 1569886330691542306,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286639,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Experian plc - 4694364188882126374,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096906,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ExpireIgnoreTest - 2481633911115615700,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ExxonMobil Corporation,2020-12-07 08:24:43.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ExxonMobil Corporation,0,5,0,0.00,0,20.09.345,tim.thompson@ibm.com,enterprise,80,5,2020-06-14 20:31:44.000,2024-04-09 20:31:44.000,true,a2ce5132-d62a-876e-61a9-7946bab4c16b,169.63.108.244,US,false,0,10, +us-2-158285747,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,534052864.00,0,"F5 Networks, Inc. HQ (Seattle) - 5659648494745221078",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-30 11:01:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287482,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"F5 Networks, Inc. HQ (Seattle) - 6227043132052334572",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096969,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"F5 Networks, Inc. HQ (Seattle) - 6899704361983361124",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159186291,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"FANATICS, INC. - 194541184409533035",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185114,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,560476160.00,0,FOX Corp - 2098629944662710684,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-11 03:22:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186041,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FOX Corp - 4491014013510501822,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245690,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FOX Corp - 7530359334524728447,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541024,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FRAEDOM LTD - 8377373109490481481,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260665,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,9,0,0,2046640128.00,565063680.00,0,FRB - 3564982683829242621,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-07 11:20:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573234,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FRB's Prod,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215989,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,6,0,0,2046640128.00,535441408.00,0,FRBNY - 1507082007852762476,0,0,0,0.00,1,20.04.177,,enterprise,1000000,0,2020-03-25 18:09:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159181399,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FS-ISAC - 1820881640016324495,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178601,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FS-ISAC - 3325151020413237265,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245781,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FSN E-COMMERCE VENTURES PRIVATE LIMITED - 8014264112821036240,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545864,2020-12-07 15:27:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fabricom Sa - 5445578027921656081,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143566882,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fagbokforlaget Vigmostad & Bjorke AS - 4043561781898907195,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245750,2020-12-06 16:03:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fannie Mae - 6384217867248215529,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242000,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fannie Mae - 7255359015575293331,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Fast Retailing Co., Ltd.",2020-12-07 05:05:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fast Retailing Co., Ltd.",0,0,0,0.00,0,2.5.91,puthirakkalsaju.mathradan@fastretailing.com,enterprise,1600,0,2020-06-09 15:04:50.000,2022-05-07 07:00:00.000,true,3c00be55-eaf5-8c03-a340-eceb60547c85,54.250.151.94,JP,false,0,0, +anz-3051968,2020-12-06 15:55:19.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,1,0,0,0,2,1,0,0,10501771264.00,1907892224.00,0,Fat Zebra Pty Ltd - 7273566741920784087,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-04-13 16:55:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243985,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fattmerchant, Inc. - 817968073901214927",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Fed-D,2020-12-07 12:59:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fed-D,0,0,0,0.00,0,20.04.177,bernard_scott@bah.com,enterprise,100,1,2020-07-08 22:44:25.000,2021-07-07 07:00:00.000,true,0ea4af49-bd4d-a520-3156-6cf14926a6cc,52.21.211.174,US,false,0,0, +Federal Emergency Management Agency (FEMA),2020-12-07 15:20:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federal Emergency Management Agency (FEMA),0,0,0,0.00,0,20.09.365,frank.oporto@fema.dhs.gov,enterprise,600,9,2020-07-28 22:09:24.000,2021-08-29 07:00:00.000,true,98fe8685-724b-e6f7-5f63-c5f84e4c2c82,216.81.81.84,US,false,0,0, +us-3-159245817,2020-12-07 15:38:45.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,8,4,0,0,7,0,0,0,2,0,0,0,2046640128.00,560152576.00,0,Federal Emergency Management Agency (FEMA) - 8790524056206489628,0,1,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-08-31 18:58:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Federal Home Loan Bank of Chicago,2020-12-06 17:20:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federal Home Loan Bank of Chicago,0,0,0,0.00,0,19.07.358,ap@fhlbc.com,enterprise,200,23,2020-09-08 18:50:35.000,2021-08-27 07:00:00.000,true,e1be0431-d10d-4d87-069c-aaca7ab2644f,204.16.84.18,US,false,0,0, +gov-3181400,2020-12-06 15:55:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federal Reserve Bank of Boston - 7203563682392291098,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Federal Reserve Board,2020-12-02 04:23:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federal Reserve Board,0,0,0,0.00,0,19.07.358,seth.p.lepzelter@frb.gov,enterprise,100,4,2020-08-12 20:02:16.000,2021-08-18 07:00:00.000,true,5df49273-04b6-c07c-db04-9875450f7dc1,132.200.132.34,US,false,0,0, +Federal Tax Service ,2020-12-07 11:32:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federal Tax Service ,0,0,0,0.00,0,20.09.345,malkin@infracode.ru,evaluation,100,0,2020-11-12 13:00:21.000,2020-12-12 13:00:21.000,true,0,5.250.232.73,RU,false,0,0, +eu-2-143539140,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federation Internationale de Football Association (FIFA) - 3537736169231191279,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143537302,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Federation Internationale de Football Association (FIFA) - 7716128703610185775,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211151,2020-12-07 15:29:30.000,0,378,0.00,0,0,0,0,0,0,1,1,1,0,28,320,644,0,0,1701,0,0,0,1,0,0,0,2046640128.00,701079552.00,0,Fedex Corporation - 2336864204745826676,0,54,0,0.00,0,20.04.177,,enterprise,1000000,61,2020-01-13 16:23:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242995,2020-12-07 15:30:12.000,0,21,0.00,0,0,1,0,0,0,2,1,1,0,28,12,15,0,0,7,0,0,0,1,0,0,0,2046640128.00,545099776.00,0,Fedex Corporation - 71076016782877691,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2020-07-17 09:00:55.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543072,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ferrovial, S.A. - 7801342647557183007",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143538172,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fidelidade - Companhia De Seguros, S.a. - 8518333610321593851",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286640,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fidelity Financial Corporation - 2144480973919250387,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243919,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537608192.00,0,Fieldtex Products Inc. - 1190758550042325487,0,0,0,0.00,0,,,enterprise,1000000,0,2020-07-30 15:31:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186134,2020-12-06 16:33:35.000,0,8,0.00,0,0,0,0,0,0,1,1,1,2,28,0,0,0,0,0,0,0,0,93,0,0,0,2046640128.00,734490624.00,0,Fifth Third Bancorp - 6701572296369398752,0,1,1,0.00,0,20.09.366,,enterprise,1000000,2,2019-12-11 07:19:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254955,2020-12-07 15:01:31.000,0,105,0.00,0,0,0,0,0,0,1,1,1,0,28,35,27,0,0,16,0,0,0,0,0,0,0,10501771264.00,1237254144.00,0,Figure,0,15,0,0.00,0,20.09.366,,enterprise,1000000,15,2019-12-09 04:31:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159209167,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fiix Software - 3035282265593830603,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185143,2020-12-06 16:26:03.000,0,8,0.00,0,0,0,0,0,0,1,2,1,1,28,6,0,0,25,1,0,0,0,1,0,0,0,2046640128.00,560144384.00,0,Fiix Software - 5170670671003588113,0,1,1,0.00,0,20.09.367,,enterprise,1000000,2,2019-12-06 20:58:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158258834,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Financial Engines,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287509,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Finicity - 6362113861009514235,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159186323,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Finicity - 8273094427588318771,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574357,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,First American,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260789,2020-12-07 14:39:59.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,1,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,543223808.00,0,First Canadian Title Company Limited - 2979017029474095923,0,3,0,0.00,0,20.04.169,,enterprise,1000000,3,2019-12-07 11:16:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284752,2020-12-07 14:26:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,First Hawaiian Bank - 604163690402982025,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214971,2020-12-07 15:30:13.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,3,2,0,0,0,1,0,0,0,0,0,0,2046640128.00,546627584.00,0,First Tech Federal Credit Union - 108118480948266460,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-03-06 18:21:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158259860,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FirstBank,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Fiserv, Inc.",2020-12-07 13:11:46.000,0,84,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fiserv, Inc.",0,12,0,0.00,0,20.09.345,alexander.wood@fiserv.com,enterprise,100,12,2020-03-24 17:19:07.000,2021-03-23 07:00:00.000,true,33ef17fd-63f2-ca31-5769-c276119c9b98,12.179.188.5,US,false,0,0, +us-3-159244668,2020-12-07 15:39:28.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,4,6,0,0,0,0,0,0,2,0,0,0,2046640128.00,552095744.00,0,"Fiserv, Inc. - 3917204717828252015",0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-10-13 09:03:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256043,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,FishTech MSSP – Epiq,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213977,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fishtech - Bardavon,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245752,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fishtech Group, LLC - 2548752918017345940",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242958,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fishtech Group, LLC - 6077811423196953472",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541057,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Five Nines - 1054323892406317673,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255794,2020-12-07 14:44:08.000,0,602,0.00,0,0,0,0,0,0,5,1,1,0,28,114,95,0,0,272,0,0,0,1,0,0,0,2046640128.00,795652096.00,0,Five9,0,86,0,0.00,0,20.09.351,,enterprise,1000000,88,2019-12-07 12:02:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544782,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Five9s - 3110195937471281509,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207218,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Flir Systems, Inc. - 6653922724566757859",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239893,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Florida Department Of State - 2517858387003785419,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216048,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Flywire,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151429,2020-12-07 15:03:50.000,0,7,0.00,0,0,0,0,0,0,1,1,1,1,28,1,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532328448.00,0,Flywire Spain Sl. - 5276988434125848817,0,1,0,0.00,0,,,enterprise,1000000,1,2019-12-10 00:35:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544778,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Focus.bi - 6729590286581385293,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179593,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Foley & Lardner LLP - 1113728574075715285,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254809,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Follet Corp,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214972,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532168704.00,0,"Foot Locker, Inc. - 2441199894939469464",0,0,0,0.00,0,,,enterprise,1000000,0,2020-03-06 19:03:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-150460,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fora AB,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262775,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ford Motor Company - 3065441103874931196,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Foris Limited,2020-12-07 11:47:57.000,0,136,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Foris Limited,0,19,3,0.00,0,20.09.345,zedia@crypto.com,enterprise,1500,22,2020-07-28 19:18:22.000,2023-07-27 07:00:00.000,true,a333c877-e638-e61e-97f6-329b88446a1a,52.221.135.181,SG,false,0,0, +us-2-158257780,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Forrester,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215031,2020-12-06 16:04:30.000,0,56,0.00,0,0,0,0,0,0,2,1,1,0,28,3,3,0,0,0,0,0,0,2,0,0,0,2046640128.00,571248640.00,0,"Forte Labs, Inc. - 3607430267199504245",0,8,0,0.00,0,20.09.366,,enterprise,1000000,8,2020-03-09 21:56:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243827,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Foundation Medicine, Inc. - 2943709550369878990",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237936,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Foundation Medicine, Inc. - 4340607788165866546",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256910,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Four Seasons Hotels - 2416322015412841097,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286522,2020-12-07 14:46:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Four Seasons Hotels - 8187577265470947584,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Fozzy Group Limited Liability Company,2020-12-05 10:44:21.000,2,56,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fozzy Group Limited Liability Company,2,8,0,0.00,0,20.09.365,a.skorobogatko@fozzy.ua,evaluation,1000,10,2020-11-06 09:59:47.000,2020-12-06 09:59:47.000,true,EMEA/EEUR/Ukraine/TBD/AccordGroup/FozzyGroup/Twistlock,193.19.84.129,UA,false,0,0, +Fozzy Group Limited Liability Company-eval-2,2020-12-07 10:44:29.000,2,56,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Fozzy Group Limited Liability Company-eval-2,2,8,0,0.00,0,20.09.365,a.skorobogatko@fozzy.ua,evaluation,1000,10,2020-12-02 13:05:57.000,2021-01-05 13:05:57.000,true,EMEA/EEUR/Ukraine/TBD/AccordGroup/FozzyGroup/Twistlock,193.19.84.129,UA,false,0,0, +us-1-111574448,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,2,1,2,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,697921536.00,0,Freddie Mac,0,0,0,0.00,1,20.09.366,,enterprise,1000000,0,2019-12-10 03:59:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241100,2020-12-06 16:33:36.000,0,126,0.00,0,0,0,0,0,0,1,1,1,0,28,43,411,0,0,47,5,0,0,1,0,0,0,2046640128.00,724172800.00,0,Free Market Health LLC - 8930317193986142440,0,18,0,0.00,0,20.04.169,,enterprise,1000000,18,2020-06-10 17:15:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053773,2020-12-06 18:02:37.000,0,0,0.00,0,0,1,0,0,0,3,1,1,0,29,4,25,0,0,0,0,0,0,0,0,0,0,2046640128.00,559591424.00,0,Freee K.k. - 6551287215682284325,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-27 08:24:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Freeman Decorating Service,2020-12-07 07:55:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Freeman Decorating Service,0,0,0,0.00,0,20.04.169,eric.willman@freemanco.com,enterprise,456,7,2020-05-28 15:40:46.000,2021-05-31 15:40:46.000,true,d8e0d211-82b5-f0b5-93dd-bcded93f4f6f ,40.67.189.32,US,false,0,57, +us-2-158285801,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Friedkin Companies Inc. - 2855110512244285728,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3001786,2020-12-07 15:45:23.000,1,0,0.00,0,0,1,1,2,1,3,1,2,2,28,0,0,1,0,0,0,0,0,0,8,0,0,2046640128.00,528105472.00,0,Fujitsu Limited - 2117133627363809461,1,0,0,0.00,2,20.04.177,,enterprise,1000000,2,2019-12-09 13:36:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Fukuoka Financial Group, Inc.",2020-12-07 12:51:48.000,7,91,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fukuoka Financial Group, Inc.",7,13,0,0.00,0,20.09.365,m.kesuda@ibank.co.jp,enterprise,900,20,2020-04-29 20:39:00.000,2020-12-31 08:00:00.000,true,57229593-6302-462c-85db-48b66ed4dd63,34.97.76.6,US,false,0,0, +anz-3052715,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fukuoka Financial Group, Inc. - 2741392589524469509",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051697,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Fukuoka Financial Group, Inc. - 8951697854124761010",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244885,2020-12-07 15:39:27.000,6,588,0.00,0,0,0,0,0,0,7,1,1,0,28,111,176,2,0,117,0,0,0,4,4,0,0,2046640128.00,816074752.00,0,"Funding Circle Usa, Inc. - 5678415836051953139",6,84,0,0.00,0,20.09.366,,enterprise,1000000,91,2020-08-14 15:47:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238095,2020-12-06 16:06:19.000,40,56,0.00,0,0,0,0,0,0,3,1,1,0,28,27,19,0,0,140,1,0,0,0,0,0,0,2046640128.00,582950912.00,0,Funding Societies,40,8,0,0.00,0,20.09.366,,enterprise,1000000,48,2020-04-24 13:06:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054637,2020-12-06 18:02:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"G-Able Co., Ltd. - 8656640839602401560",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096966,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"G-Able Co., Ltd. - 8767261276500940614",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573388,2020-12-07 15:01:30.000,0,35,0.00,0,0,1,0,0,0,1,0,2,1,28,0,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,701788160.00,0,GE,0,5,0,0.00,0,20.09.351,,enterprise,1000000,5,2019-12-07 22:47:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3181401,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GE Aviation Systems LLC - 4771102105704574817,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254836,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GE Digital,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286731,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GE Energy-Power and Water - 6745645485649944404,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215901,2020-12-07 15:29:29.000,0,385,0.00,0,0,0,0,0,0,1,1,1,0,28,14,9,0,0,0,0,0,0,0,0,0,0,2046640128.00,558120960.00,0,GE Healthcare Inc. - 4743688569022359985,0,55,0,0.00,0,,,enterprise,1000000,55,2020-03-20 22:11:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255863,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GEO Holdings,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286734,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GM Financial - 1336981724243163261,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216026,2020-12-06 16:03:50.000,0,182,0.00,0,0,1,0,0,0,5,3,1,0,30,132,38,0,0,140,3,0,0,14,0,0,0,2046640128.00,628649984.00,0,GM Financial - 8566437135766473058,0,26,0,0.00,0,20.09.366,,enterprise,1000000,26,2020-03-27 14:02:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255056,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GNP,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-6651548457692744525,2020-12-06 17:39:09.000,2,336,0.00,0,0,0,0,0,0,8,4,1,0,28,245,58,0,0,588,0,0,0,6,0,0,0,2046640128.00,680706048.00,0,GREATER BANK - 6651548457692744525,2,48,0,0.00,0,20.09.366,,enterprise,1000000,54,2020-10-16 07:31:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3049922,2020-12-06 15:51:40.000,0,0,0.00,0,0,2,0,0,0,7,3,1,0,28,0,34,0,0,1758,0,0,0,6,0,0,0,2046640128.00,605855744.00,0,GREATER BANK - 6651548457692744525,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2019-12-11 08:28:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052839,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,1,1,0,28,0,0,0,0,2,0,0,0,2,0,0,0,2046640128.00,559673344.00,0,GREATER BANK - 7326434766417980169,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-06-12 13:00:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-7326434766417980169,2020-12-06 18:02:39.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,6,0,0,0,2046640128.00,564092928.00,0,GREATER BANK - 7326434766417980169,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-16 07:27:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545766,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GROUPM ASIA PACIFIC HOLDINGS PTE. LTD. - 1877126967598871713,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539171,2020-12-07 15:03:06.000,88,112,0.00,0,0,0,0,0,0,1,1,1,0,29,33,96,0,0,1,0,0,0,12,1,0,0,2046640128.00,612737024.00,0,GRUPO BUPA SANITAS SL - 809706950762214447,88,16,0,0.00,0,20.09.366,,enterprise,1000000,104,2019-12-23 14:09:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544805,2020-12-07 15:35:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GRUPO TECNOLOGICO E INDUSTRIAL GMV SA - 3617010139068288542,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243736,2020-12-06 16:03:50.000,13,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,540127232.00,0,GSM,13,0,0,0.00,0,20.04.177,,enterprise,1000000,13,2020-07-22 19:02:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Gal,2020-12-07 12:06:41.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gal,0,1,0,0.00,0,20.11.512,grevach@paloaltonetworks.com,enterprise,700,1,2019-09-04 06:58:58.000,2021-11-12 06:58:58.000,true,0,34.71.119.215,US,true,100,100,REc1VnNCUDkyWldD +Gal,2020-12-07 14:33:49.000,0,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gal,0,7,0,0.00,0,20.11.512,grevach@paloaltonetworks.com,enterprise,700,7,2019-09-04 06:58:58.000,2021-11-12 06:58:58.000,true,0,35.238.53.98,US,true,100,100,bjQ1TS9id0RZNXRD +Gal,2020-12-07 15:06:11.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gal,0,1,0,0.00,0,20.09.365,grevach@paloaltonetworks.com,enterprise,700,1,2019-09-04 06:58:58.000,2021-11-12 06:58:58.000,true,0,35.223.141.28,US,true,100,100, +Gal,2020-12-03 09:35:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gal,0,0,0,0.00,0,20.12.608,grevach@paloaltonetworks.com,enterprise,700,1,2019-09-04 06:58:58.000,2021-11-12 06:58:58.000,true,0,34.99.231.241,IL,true,100,100,ZDJUOTlRLzlNaWp4 +us-3-159184273,2020-12-07 15:32:51.000,22,133,0.00,0,0,0,0,0,0,2,2,1,0,28,6,13,0,0,5,0,0,0,1,1,0,0,2046640128.00,561090560.00,1,Gamestop Corp. - 1178998817483389330,22,19,0,0.00,0,20.09.366,,enterprise,1000000,48,2019-12-11 00:56:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159208176,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gamestop Corp. - 3162531872999761007,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143566880,2020-12-07 15:03:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GarantiBank International N.V. - 352886232560891482,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237939,2020-12-06 16:38:04.000,0,273,0.00,0,0,0,0,0,1,1,1,2,0,28,114,236,0,0,1016,0,0,0,0,27,0,0,2046640128.00,765698048.00,0,Gartner Production - 823499415021050416,0,39,0,0.00,0,20.09.366,,enterprise,1000000,107,2020-04-16 22:04:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159239052,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gartner Sandbox - 7457843166510826376,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541990,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gb Group Plc - 3192121790358734907,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540997,2020-12-07 15:20:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gb Group Plc - 7447148466772210292,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212951,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ge Digital - 4312203779915153054,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243025,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ge Renewables North America, Llc - 8636199672082536160",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283910,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Geico Corporation - 7750167959177352203,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212238,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Geller & Company - 592538210504265486,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +General Dynamics Canada Ltd,2020-12-06 23:08:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,General Dynamics Canada Ltd,0,0,0,0.00,0,19.07.353,jordan.mckenzie@gd-ms.ca,enterprise,10,5,2020-04-24 21:23:45.000,2021-01-28 08:00:00.000,true,f658d947-b658-9eca-0c8d-517e298b72bc,209.29.4.40,CA,false,10,0, +General Dynamics Mission Systems (GDMS),2020-12-07 00:59:26.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,General Dynamics Mission Systems (GDMS),0,2,0,0.00,0,20.09.345,brian.barnes@gd-ms.com,enterprise,300,2,2020-10-06 21:12:24.000,2021-10-03 07:00:00.000,true,4b6be08d-a75f-e33e-b228-761410d09c0c,137.100.137.30,US,false,0,0, +General Electric Company,2020-12-07 00:17:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,General Electric Company,0,0,0,0.00,0,20.04.169,matthew.a.clapham@ge.com,enterprise,80,1,2020-02-11 20:58:07.000,2021-02-02 20:58:07.000,true,34de04ab-008e-9a07-639e-31d0fa0404ff,34.199.34.141,US,false,0,10, +us-3-159239984,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"General Mills, Inc. - 4573167642372151964",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237221,2020-12-07 15:29:29.000,0,917,0.00,0,0,0,0,0,0,4,1,1,0,28,517,462,0,0,456,4,0,0,2,0,0,0,10501771264.00,2442895360.00,0,Genesys Telecommunications Laboratories Inc. - 4273712512413166539,0,131,0,0.00,0,20.09.366,,enterprise,1000000,132,2020-04-13 20:09:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525223,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Genpact,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242989,2020-12-06 16:38:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Genpact - 2144035345916586789,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159210229,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Genpact - 312939931272998985,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182386,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,538763264.00,0,"Genworth Financial, Inc. - 3664115709871975788",0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-10 19:16:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159216119,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Genworth Financial, Inc. - 4069430341770999252",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284846,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Georgia Department of Labor - 2172712417011891832,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212151,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Georgia Institute Of Technology - 7377697705311198435,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150465,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,10501771264.00,1053954048.00,0,Gett,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-07 14:47:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238933,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Getty Images, Inc. - 8364736192515580176",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545991,2020-12-07 15:41:25.000,0,0,0.00,0,0,1,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,522121216.00,0,Gft Financial Limited - 6511454034846494904,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-18 13:02:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-150462,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gitti Gidiyor,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Gitti Gidiyor Bilgi Teknolojileri Sanayi ve Ticaret A S,2020-12-07 11:37:09.000,0,2849,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gitti Gidiyor Bilgi Teknolojileri Sanayi ve Ticaret A S,0,407,0,0.00,0,20.09.345,aovat@ebay.com,enterprise,100,407,2020-03-30 14:44:27.000,2021-03-29 07:00:00.000,true,26a89c60-ae2d-5791-1d95-04e1c089d9c8,85.111.0.230,DZ,false,0,0, +us-3-159238960,2020-12-07 15:39:28.000,0,364,0.00,0,0,3,0,0,0,7,1,1,0,28,37,8,0,0,2,0,0,0,0,0,0,0,2046640128.00,562941952.00,0,Gladly - 8752114524898629726,0,52,0,0.00,0,20.09.366,,enterprise,1000000,52,2020-04-30 23:03:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286762,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GlaxoSmithKline Plc (GSK) - 5207846669935142174,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542856,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GlaxoSmithKline Plc (GSK) - 6116299128657160223,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544812,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Glen Dimplex Group - 7743002484650555973,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256944,2020-12-07 14:44:07.000,0,28,0.00,0,0,0,0,0,0,2,1,1,0,28,1,1,0,0,0,0,0,0,3,2,0,0,2046640128.00,545071104.00,0,Global Atlantic Financial Group,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-12-08 23:42:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Global ID Group, Inc.",2020-12-06 20:06:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Global ID Group, Inc.",0,0,0,0.00,0,20.04.177,mitja@globalid.net,enterprise,144,0,2020-03-02 15:16:56.000,2021-02-13 15:16:56.000,true,e43c7983-aacc-24c8-79cf-2c48c7f7c781,54.244.219.45,US,false,0,18, +"Global Id Group, Inc.",2020-12-07 15:14:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Global Id Group, Inc.",0,0,0,0.00,0,20.04.177,mitja@globalid.net,enterprise,18,4,2020-02-28 22:49:13.000,2021-02-13 08:00:00.000,true,e43c7983-aacc-24c8-79cf-2c48c7f7c781,52.45.188.7,US,false,18,0, +Global Payments,2020-12-06 19:49:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Global Payments,0,0,0,0.00,0,20.04.163,robert.romer@globalpay.com,enterprise,400,16,2020-11-04 17:00:30.000,2021-11-05 07:00:00.000,true,1c90e06c-7cda-761b-81ea-67a4ad6c0a98,35.196.243.252,US,false,0,0, +us-1-111573266,2020-12-07 14:39:59.000,1,56,0.00,0,0,0,0,0,0,1,1,1,0,28,5,12,0,0,0,10,0,0,0,0,0,0,2046640128.00,644874240.00,0,Global Payments,1,8,0,0.00,0,20.09.366,,enterprise,1000000,10,2019-12-10 03:36:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Global Payments,2020-12-07 13:37:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Global Payments,0,0,0,0.00,0,20.04.177,robert.romer@globalpay.com,enterprise,500,5,2020-11-04 17:09:49.000,2021-11-05 07:00:00.000,true,cb252fe3-033d-f7b4-051a-f4a8e7da9576,193.58.79.200,CZ,false,0,0, +Global Payments,2020-12-07 09:10:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Global Payments,0,0,0,0.00,0,19.11.512,jimmy.barber@cavan.com,enterprise,200,14,2020-06-15 23:03:48.000,2021-11-14 08:00:00.000,true,2bec5eff-0831-5893-d581-f1a28614c7f7,52.169.86.165,IE,false,0,0, +Global Payments,2020-12-07 09:28:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Global Payments,0,0,0,0.00,0,19.11.512,jbarber@cayan.com,enterprise,500,3,2020-05-01 00:37:32.000,2021-10-29 07:00:00.000,true,5cc5bab8-e36c-1d38-a23e-efd3b9854525,193.58.79.20,CZ,false,0,0, +us-2-158283916,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Global Payments - 1484819607238657413,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051969,2020-12-06 15:56:41.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,7,3,0,0,0,0,0,0,0,1,0,0,2046640128.00,542441472.00,0,Global Technology Integrator Limited - 7865232128900363402,0,2,0,0.00,0,20.04.163,,enterprise,1000000,2,2020-04-14 14:11:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285835,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Globaltelecom Co., Ltd. - 4165565341254520506",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285587,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Globaltelecom Co., Ltd. - 8565063187426784817",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053681,2020-12-06 18:02:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Globe Telecom - 2303857400057156057,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050922,2020-12-06 15:58:39.000,0,311,0.00,0,0,0,0,0,0,3,1,2,2,28,61,44,0,82633,6,0,0,0,1,0,0,0,2046640128.00,572563456.00,0,Globe Telecom - 4046065486732769149,0,44,3,0.00,0,20.09.366,,enterprise,1000000,47,2020-01-31 15:27:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254964,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,568827904.00,0,GoDaddy,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-08 20:20:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159211988,2020-12-06 16:48:20.000,92,413,0.00,0,0,0,0,0,0,1,1,1,0,28,119,973,0,0,4900,890,0,0,23,1,0,0,10501771264.00,763457536.00,0,GoGuardian - 69982638749086448,92,59,0,0.00,0,20.09.366,,enterprise,1000000,179,2020-01-22 16:58:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159236977,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GoGuardian - 9165612142521265530,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545058,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gocardless Ltd - 2480925757613498373,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544840,2020-12-07 15:31:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gocardless Ltd - 4737522222515613779,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285742,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Google Inc. - 5015609295598932798,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285738,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Google Inc. - 5428975281526063598,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159236974,2020-12-06 16:22:42.000,0,119,0.00,0,0,0,0,0,0,1,1,1,0,28,18,17,0,0,0,1,0,0,3,0,0,0,10501771264.00,570433536.00,0,Google Inc. - 6564119312895832526,0,17,0,0.00,0,20.09.366,,enterprise,1000000,17,2020-03-31 17:34:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237196,2020-12-06 16:04:31.000,0,42,0.00,0,0,0,0,0,0,1,3,1,0,28,8,4,0,0,0,0,0,0,0,0,0,100000,2046640128.00,554569728.00,0,"Google, LLC - 3109709525001574629",0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-04-13 14:43:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157619,2020-12-07 09:50:36.000,0,126,0.00,0,0,0,0,0,0,1,1,1,0,28,28,10,0,0,0,0,0,0,1,0,0,0,2046640128.00,568918016.00,0,Gore Mutual Insurance Company - 8832811214455340987,0,18,0,0.00,0,20.09.351,,enterprise,1000000,18,2020-10-06 17:18:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3049027,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gosoft (Thailand) Company Limited - 8073343968026619563,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Government Technology Agency,2020-12-07 03:50:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Government Technology Agency,0,0,0,0.00,0,19.07.363,Cheng_SHI_from.NSEARCH@tech.gov.sg,evaluation,100,2,2020-11-20 09:47:38.000,2020-12-20 09:47:38.000,true,0,160.96.202.33,SG,false,0,0, +Government Technology Agency,2020-12-07 07:36:30.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Government Technology Agency,0,3,0,0.00,0,20.09.365,koh_keng_hun@tech.gov.sg,enterprise,100,3,2020-10-23 03:18:24.000,2021-10-13 07:00:00.000,true,194dbbe5-04d1-857f-607e-64c8f4434ade,18.139.238.157,SG,false,0,0, +aws-singapore-961096809,2020-12-07 14:54:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Government Technology Agency - 3138877227404421452,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182482,2020-12-06 15:45:49.000,0,1,0.00,0,0,1,1,1,1,1,1,1,2,28,0,0,25,0,0,0,0,0,0,3,0,0,2046640128.00,531283968.00,0,Governor's Office of Information Technology (OIT) - State of Colorado - 7044113999424898471,0,0,1,0.00,74,20.09.366,,enterprise,1000000,6,2019-12-10 20:10:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3181427,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Governor's Office of Information Technology (OIT) - State of Colorado - 7738855828441773876,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053647,2020-12-06 18:02:39.000,0,77,0.00,0,0,0,0,0,0,1,1,1,0,28,20,14,0,0,0,0,0,0,0,0,0,0,2046640128.00,543211520.00,0,"Graffer, Inc. - 8972583850760847241",0,11,0,0.00,0,20.04.177,,enterprise,1000000,11,2020-07-27 14:25:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159239891,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Grameen Phone Ltd - 2107983346015584428,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Grand City Center 2010 Ltd.,2020-12-07 13:47:52.000,9,70,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Grand City Center 2010 Ltd.,9,10,0,0.00,0,20.09.365,aharon.gindi@grandcityproperty.de,enterprise,200,19,2020-12-01 14:13:48.000,2021-12-30 08:00:00.000,true,58559dc5-8089-062e-09ad-c37626109e64,168.61.98.27,IE,false,0,0, +us-3-159237195,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,4,0,0,2046640128.00,536002560.00,0,Grange Insurance - 6968672587679133083,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-04-13 13:40:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573454,2020-12-07 14:28:02.000,0,196,0.00,0,0,0,0,0,0,1,1,1,0,28,8,0,0,0,5,0,0,0,0,1,0,0,2046640128.00,614248448.00,0,Granular,0,28,0,0.00,0,20.09.351,,enterprise,1000000,55,2019-12-10 03:23:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215125,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Graton Resort & Casino - 4557219077522099410,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212237,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Great American Insurance Group - 8704281261955627995,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050916,2020-12-07 15:33:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Greater Bank Ltd,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Greenhouse Software, Inc.",2020-12-07 04:09:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Greenhouse Software, Inc.",0,0,0,0.00,0,19.07.363,ron.gutierrez@greenhouse.io,enterprise,2800,247,2020-08-14 17:22:20.000,2021-09-16 07:00:00.000,true,48b000c1-c5c8-6692-1b3a-9cabc89e3039,52.20.64.141,US,false,0,0, +us-3-159179446,2020-12-06 16:43:51.000,0,224,0.00,0,0,0,0,0,0,1,1,1,0,28,31,2,0,0,0,0,0,0,2,1,0,0,2046640128.00,587640832.00,0,"Greensky Trade Credit, LLC - 7356725676671064805",0,32,0,0.00,0,20.09.366,,enterprise,1000000,32,2019-12-10 11:07:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +GregWilkerson_SE-eval,2020-12-06 15:57:01.000,1,15,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,GregWilkerson_SE-eval,1,2,1,0.00,0,20.09.345,gwilkerson@paloaltonetworks.com,evaluation,250,4,2020-10-16 17:58:55.000,2021-10-16 17:58:55.000,true,0,34.68.127.79,US,true,0,0, +Gridspace,2020-12-07 00:29:29.000,5,1428,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gridspace,5,204,0,0.00,0,20.09.345,winston@gridspace.com,enterprise,4000,248,2020-09-14 15:05:59.000,2021-09-05 15:05:59.000,true,4489e65f-70d5-a028-0c34-7ec33ace8d66,34.71.232.197,US,false,0,0, +us-3-159243769,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gridspace,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545988,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Group 42 Holding Ltd. - 992046536121239504,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285648,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Grupo Bimbo, S.A.B. de C.V. - 308855181792271022",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286642,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,1,0,0,0,2,0,0,1,0,0,0,2046640128.00,512331776.00,0,"Grupo Financiero Santander Mexico, S.A.B. De C.V. - 8046063878486509977",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-13 21:43:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242959,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Grupo Microsistemas Colombia Sas - 8830284694903195569,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283850,2020-12-07 14:28:02.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,533827584.00,0,"Grupo Pochteca, S.A.B. de C.V. - 876395191907498484",1,0,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-09-22 15:27:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284715,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Grupo Smartekh SA de CV - 8172313831538502821,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256010,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,535699456.00,0,Guardian,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-10 00:04:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159211310,2020-12-06 16:04:32.000,0,7,0.00,0,0,0,0,0,0,3,1,1,0,28,5,3,0,0,0,0,0,0,1,0,0,0,2046640128.00,540958720.00,0,Guidepoint Security Llc - 3089866106792691671,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-01-21 15:20:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525438,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Guidewire,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283630,2020-12-07 14:51:47.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,17,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,544088064.00,0,"Gulf States Financial Services, Inc. - 6224357990598219988",0,16,0,0.00,0,20.09.366,,enterprise,1000000,16,2020-09-04 19:33:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Gva Tech K.k.,2020-12-07 01:22:23.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Gva Tech K.k.,0,0,0,0.00,0,20.04.177,k.honda@gvatech.co.jp,enterprise,100,72,2020-10-29 07:00:19.000,2021-10-28 00:00:00.000,true,b5b0b477-afd5-1d68-6b73-a3db51cacac2,3.112.94.212,JP,false,0,0, +H&M Hennes & Mauritz AB,2020-12-07 11:53:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,H&M Hennes & Mauritz AB,0,0,0,0.00,0,19.11.512,anders.ohlsson@hm.com,enterprise,2000,0,2020-04-29 18:29:50.000,2021-04-28 07:00:00.000,true,c3744e98-cdd1-7b3d-838f-073f63d9ce86,52.137.31.247,NL,false,0,0, +us-2-158257686,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,H2O,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539200,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HAREL INSURANCE COMPANY LTD - 2322034063414366108,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143538238,2020-12-07 15:47:33.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,75,50,0,0,5753,0,0,0,2,0,0,0,2046640128.00,759353344.00,0,HAREL INSURANCE COMPANY LTD - 6559234040475075038,0,16,0,0.00,0,20.09.366,,enterprise,1000000,37,2019-12-11 09:11:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543971,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HAREL INSURANCE COMPANY LTD - 9073839569977270681,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258803,2020-12-07 14:36:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HCSC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051010,2020-12-06 15:51:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HDFC ASSET MANAGEMENT COMPANY LIMITED - 1118706540796573157,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572341,2020-12-07 14:31:31.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,71,3,0,0,0,0,0,0,1,2,0,0,2046640128.00,721547264.00,0,HDFC standard life,0,10,0,0.00,0,20.09.366,,enterprise,1000000,10,2019-12-09 06:24:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159207342,2020-12-07 15:32:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HG Data - 2145685074253013656,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184156,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HG Insights,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051970,2020-12-06 15:56:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HKT Limited (Customer) - 1729998863403519240,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +HM Land Registry,2020-12-07 06:45:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HM Land Registry,0,0,0,0.00,0,20.04.169,andrew.moore@landregistry.gov.uk,enterprise,300,27,2020-07-24 08:54:21.000,2021-07-28 22:00:00.000,true,7d0a457b-7b59-9ab6-1a0b-f135168b3d4e,35.176.155.56,GB,false,0,0, +us-2-158284600,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HTC Sec - 6221811216786596775,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573296,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hagerty,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285614,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Halliburton Company - 8531556976708207965,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096879,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hanhwalife - 2361569981700690378,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096940,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hanhwalife - 8171655569067412389,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053614,2020-12-06 15:58:39.000,0,0,0.00,0,0,1,0,0,1,1,1,2,0,28,0,0,0,0,0,0,0,0,1,1,0,0,2046640128.00,531857408.00,0,Hanhwalife - 8660476584471130709,0,0,0,0.00,1,20.04.177,,enterprise,1000000,0,2020-07-14 09:46:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Hanhwalife-E214810,2020-12-03 06:51:41.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hanhwalife-E214810,0,4,0,0.00,0,20.09.365,jskim90@hanwha.com,evaluation,100,4,2020-11-05 09:30:38.000,2020-12-05 09:30:38.000,true,E197605,3.35.183.54,KR,false,0,0, +us-2-158284630,2020-12-07 15:01:31.000,1,14,0.00,0,0,0,0,0,0,1,1,1,0,28,5,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,540430336.00,0,Harness - 1280753612051227239,1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-09-30 06:48:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286608,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Harness Inc - 4980236136658606525,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262714,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Harris Corporation - 3343142547624163677,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Harris IT Services Corporation,2020-12-06 22:08:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Harris IT Services Corporation,0,0,0,0.00,0,19.11.512,joseph.cheung@l3harris.com,enterprise,5,0,2020-05-22 19:41:08.000,2021-04-25 07:00:00.000,true,51a559db-c77b-89a5-9b6a-d95e9371a9be,128.170.61.41,US,false,5,0, +us-2-158283757,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,592080896.00,0,"Hashicorp, Inc. - 7239227959108943417",0,0,0,0.00,0,,,enterprise,1000000,0,2020-09-16 00:23:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243923,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Haven,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243953,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Haven Healthcare - 7490599783556636015,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238190,2020-12-06 16:10:25.000,2,0,0.00,0,0,0,0,0,0,2,1,1,0,28,0,0,0,0,0,0,0,0,0,3,0,0,2046640128.00,532889600.00,0,Hawaiian Airlines - 870726355279792297,2,0,0,0.00,0,20.04.177,,enterprise,1000000,2,2020-04-28 15:51:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543976,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hay London - 2446088793779098192,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544930,2020-12-07 15:41:25.000,0,105,0.00,0,0,0,0,0,0,1,1,1,0,28,44,69,0,0,6,0,0,0,0,0,0,0,2046640128.00,581685248.00,0,Hay London - 4465969676622799065,0,15,0,0.00,0,20.09.366,,enterprise,1000000,19,2020-09-14 13:36:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159207253,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hdfc Housing Develpment Finance Corporation Limited - 1468511955072726276,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256948,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Health First,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283790,2020-12-07 14:36:18.000,0,42,0.00,0,0,0,0,0,0,2,1,1,0,29,4,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,544256000.00,0,"Health Net, Inc. - 3937435015838097473",0,6,0,0.00,0,20.09.351,,enterprise,1000000,6,2020-09-17 13:32:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257871,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HealthNow,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"HealthNow New York, Inc.",2020-12-06 18:20:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"HealthNow New York, Inc.",0,0,0,0.00,0,19.07.363,kibby.charles@healthnow.org,enterprise,200,3,2020-08-28 23:52:20.000,2021-08-29 07:00:00.000,true,4e0c6d3f-4037-5011-75ce-dee4335e40a2,34.233.29.112,US,false,0,0, +us-3-159183159,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"HealthNow New York, Inc. - 7166979332929183131",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238902,2020-12-06 16:38:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"HealthPartners, Inc. - 1044502502757825547",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214197,2020-12-07 15:28:35.000,0,1176,0.00,0,0,0,0,0,0,3,1,1,0,29,292,165,0,0,293,0,0,0,3,0,0,0,10501771264.00,1661153280.00,0,"HealthPartners, Inc. - 1380847488443015470",0,168,0,0.00,0,20.09.366,,enterprise,1000000,168,2020-02-29 00:15:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573484,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,525680640.00,0,HealthStream,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-10 01:57:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285620,2020-12-07 14:37:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Healthjoy - 673147483554807034,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262744,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Heartland Payment Systems - 1948886348616351670,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545734,2020-12-07 15:35:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Heise - 2835801424327954900,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541954,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Help AG Middle East - 4654108109136051875,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544068,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Helvetia Versicherungen - 1381493274653974194,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539134,2020-12-07 15:31:14.000,1,6,0.00,0,0,0,0,1,0,1,3,1,5,28,0,17,0,85,0,1,0,0,0,0,0,0,2046640128.00,550338560.00,0,Helvetia Versicherungen - 6747934060908934011,1,0,6,0.00,0,20.09.366,,enterprise,1000000,7,2019-12-16 21:43:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545926,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hermes International - 6357684709675718141,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543105,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hermes International - 8046559727824277919,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207251,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Highmark, Inc. - 8530723123835261860",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158259892,2020-12-07 14:44:07.000,3,35,0.00,0,0,0,0,0,0,1,1,1,0,30,8,6,0,0,78,0,0,0,1,0,0,138,2046640128.00,553627648.00,0,Hike,3,5,0,0.00,0,20.09.366,,enterprise,1000000,8,2019-12-10 04:58:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238156,2020-12-07 15:38:44.000,8,35,0.00,0,0,0,0,0,0,1,1,1,0,28,26,9,0,0,343,1,0,0,4,4,0,12432,2046640128.00,553897984.00,0,Hitachi Ltd,8,5,0,0.00,0,20.09.366,,enterprise,1000000,13,2020-04-26 08:26:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050730,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,538861568.00,0,"Hitachi Solutions, Ltd. - 3288475922284177983",0,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-13 02:14:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053743,2020-12-06 18:02:39.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,544686080.00,0,"Hitachi Solutions, Ltd. - 8904095636163310385",0,1,0,0.00,0,,,enterprise,1000000,2,2020-08-21 01:20:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228487,2020-12-06 16:10:23.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hitachi Vantara,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543071,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hivebrite,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285684,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,530018304.00,0,Home Instead - 6247475154617176157,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-27 19:57:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143537274,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Home Trust Company - 7614274728973111844,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255924,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,HomeAway,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Honeywell International Inc.,2020-12-07 13:43:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Honeywell International Inc.,0,0,0,0.00,0,20.09.365,ashok.yannam@honeywell.com,enterprise,700,0,2020-06-22 16:24:33.000,2021-06-25 07:00:00.000,true,e98b25e6-b507-1c59-a82b-81f9ffd78d8b,40.90.248.146,US,false,0,0, +Housecanary Inc.,2020-12-07 04:32:08.000,22,105,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Housecanary Inc.,22,15,0,0.00,0,20.09.345,mpoindexter@housecanary.com,enterprise,188,37,2020-05-28 20:28:52.000,2021-06-06 20:28:52.000,true,a7142637-3868-1747-5e88-8a815ec32c40,50.112.219.185,US,false,60,16, +Huco_eval_2,2020-12-07 08:34:27.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Huco_eval_2,0,3,0,0.00,0,20.09.345,rponnappa@huco.co,evaluation,100,3,2020-11-10 05:21:21.000,2020-12-10 05:21:21.000,true,0,91.201.4.45,AE,false,0,0, +eu-2-143542984,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Huk Coburg - 5235259224984253443,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256760,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hulu,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Humana Inc.,2020-12-07 15:01:25.000,0,189,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Humana Inc.,0,27,0,0.00,0,20.09.365,pchakraborty1@humana.com,enterprise,3900,32,2020-07-31 17:29:14.000,2023-10-10 07:00:00.000,true,e58858a1-334e-de3a-edce-eccbcf591f7f,52.138.123.147,US,false,0,0, +Humana\Deloitte Eval 2,2020-12-07 14:47:02.000,1,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Humana\Deloitte Eval 2,1,1,0,0.00,0,20.09.345,hkurande@deloitte.com,evaluation,100,2,2020-10-19 20:05:57.000,2021-01-17 20:05:57.000,true,0,148.251.79.232,DE,false,0,0, +eu-2-143541122,2020-12-07 15:03:50.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,96,1,0,0,2046640128.00,629014528.00,0,Husqvarna Ab - 3757453652349085962,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-04-06 07:24:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285774,2020-12-07 14:46:33.000,0,182,0.00,0,0,0,0,0,0,5,5,1,0,28,125,10,0,0,260,0,0,0,0,0,0,0,2046640128.00,546123776.00,0,Hyland Software - 7961556659672466716,0,26,0,0.00,0,20.09.366,,enterprise,1000000,26,2020-10-31 01:13:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283762,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Hypr Corp. - 7208227426621483600,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543107,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,I-Tracing - 6285065011869785304,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153378,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,I-tracing Group - 1428464458360240962,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545833,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,I-tracing Group - 2561156159310956765,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153374,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IAV GmbH Ingenieurgesellschaft Auto und Verkehr - 4728946859777109428,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539255,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBERCAJA SA - 6928784550043626443,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157654,2020-12-07 09:58:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM - 1602287796271792574,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +IBM - Office of CIO,2020-12-07 14:58:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM - Office of CIO,0,0,0,0.00,0,20.09.345,twbauer@us.ibm.com,enterprise,100,0,2020-09-21 18:16:50.000,2021-09-20 07:00:00.000,true,4e70a43b-a799-3cf7-bae9-8830842989ec,129.41.86.0,US,false,0,0, +IBM - Office of CIO,2020-12-07 14:58:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM - Office of CIO,0,0,0,0.00,0,20.09.345,twbauer@us.ibm.com,enterprise,100,0,2020-09-21 18:16:50.000,2021-09-20 07:00:00.000,true,4e70a43b-a799-3cf7-bae9-8830842989ec,129.41.86.0,US,false,0,0, +us-3-159216118,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM India - 7908427848059122783,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"IBM Japan, Ltd.",2020-12-07 08:19:48.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"IBM Japan, Ltd.",0,2,0,0.00,0,20.09.365,amiyazak@jp.ibm.com,evaluation,100,2,2020-10-26 01:28:02.000,2020-12-14 08:00:00.000,true,097f008f-e35a-4b92-cdda-fdbca4aa0988,165.192.133.253,US,false,0,0, +IBM Security Services (Sell-To),2020-12-06 22:20:55.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM Security Services (Sell-To),0,4,0,0.00,0,20.09.345,deleon@us.ibm.com,enterprise,100,4,2020-03-20 01:38:41.000,2022-03-18 07:00:00.000,true,1169d26d-cc95-b357-dcb4-df78f92601a9,169.60.201.166,MX,false,0,0, +eu-2-143545832,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM UK - International Business Machines - 3619280661872442142,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +IBM_Security_Services_eval,2020-12-07 12:54:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IBM_Security_Services_eval,0,0,0,0.00,0,20.04.177,lcastros@cr.ibm.com,evaluation,100,3,2020-09-11 18:25:49.000,2020-12-10 18:25:49.000,true,0,52.116.133.58,US,false,0,0, +us-1-111525408,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ICUMedical,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257935,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IDExperts,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284815,2020-12-07 14:36:19.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,3,3,0,0,0,0,0,0,2,0,0,0,2046640128.00,549945344.00,0,IGS Energy - 6232289790205137788,0,3,0,0.00,0,20.09.351,,enterprise,1000000,3,2020-10-09 15:48:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159211028,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IGXGlobal - 2273130184000182979,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544994,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IKEA AB - 6486996915281003686,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542949,2020-12-06 15:48:57.000,0,140,0.00,0,0,0,0,0,0,1,2,1,1,28,71,48,0,0,6,0,0,0,8,0,0,0,10501771264.00,986308608.00,0,IKEA AB - 75467060971898259,0,20,0,0.00,0,20.09.366,,enterprise,1000000,20,2020-06-08 11:17:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283825,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,INFOSYS BPO LIMITED - 3890873955034751022,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ING Tech Poland,2020-12-07 12:37:52.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ING Tech Poland,0,1,0,0.00,0,20.09.345,krzysztof.kozak@ing.com,enterprise,400,1,2020-08-24 22:52:52.000,2021-08-20 07:00:00.000,true,eb296554-3205-4119-6d03-653b08bed65b,156.114.128.51,NL,false,0,0, +us-2-158283856,2020-12-07 14:47:53.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,3,0,0,0,0,0,0,0,1,0,0,2046640128.00,545513472.00,0,"INOVALON, INC - 6167009898806161416",2,0,0,0.00,0,20.09.351,,enterprise,1000000,2,2020-09-23 18:08:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053676,2020-12-06 17:55:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,INTERPARK - 8769212643164071185,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159208304,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IQVIA - 2530621942104182659,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +IRISH LIFE ASSURANCE PLC,2020-12-07 12:31:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IRISH LIFE ASSURANCE PLC,0,0,0,0.00,0,20.04.177,brendan.lambe@canadalife.ie,enterprise,200,8,2020-11-30 11:25:07.000,2021-11-12 08:00:00.000,true,6d71f73c-96ce-06bb-4b4f-92d7e6ed4fb3,52.155.238.166,IE,false,0,0, +aws-singapore-961096935,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IRPC Public Company Limited - 7926627017120251455,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054572,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITA - 747545897041309384,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096875,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU TECHNO-SOLUTIONS CORPORATION - 3241762126801745562,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054639,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 2002961364759992654,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285681,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 4698254601438255897,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096810,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 5953795093186375798,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096813,2020-12-07 15:02:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 6790544685088158234,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096849,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 7386832703784577345,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096937,2020-12-07 14:54:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 7541936867815531687,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096938,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ITOCHU Techno-Solutions Corporation (CTC) HQ - 7691155226115356126,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096964,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IWentDown - 3894172266493591854,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542139,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IaC_PaloAltoNetworks,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545804,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Iarnrod Eireann - Irish Rail - 8441546989593132038,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261589,2020-12-07 15:01:32.000,0,1610,0.00,0,0,0,0,0,0,2,1,1,0,28,91,59,0,0,60,0,0,0,1,0,0,0,2046640128.00,730869760.00,0,"Ibotta, Inc. - 3863885101603840078",0,230,0,0.00,0,20.09.366,,enterprise,1000000,320,2019-12-09 12:58:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3048805,2020-12-06 15:55:19.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,539947008.00,0,Icici Lombard General Insurance Company Limited - 6535329018973075384,2,0,0,0.00,0,20.04.169,,enterprise,1000000,2,2019-12-10 09:26:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286732,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Idaptive - 8515906182471651298,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575312,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Imagine Learning,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185358,2020-12-06 16:38:04.000,0,1680,0.00,0,0,0,0,0,0,1,1,1,0,28,143,280,0,0,245,2,0,0,1,0,0,0,2046640128.00,708960256.00,0,Imperva - 3752781176036351953,0,240,0,0.00,0,20.09.366,,enterprise,1000000,240,2019-12-11 06:47:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257907,2020-12-07 14:39:18.000,1,21,0.00,0,0,1,3,0,0,3,2,1,0,28,12,6,0,0,2,0,0,0,3,0,0,0,2046640128.00,560979968.00,1,Imtiaz's Prod,1,3,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-11-13 09:58:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544961,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Inditex - 4444159323673047222,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111525369,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Informatica,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228576,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Informatica Corporation - 1526269242463996893,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228575,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Informatica Corporation - 6250411922974225965,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545835,2020-12-07 15:03:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Information & eGovernment Authority - 6041867103965474515,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Information Management Services, Inc.",2020-12-07 11:12:14.000,0,168,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Information Management Services, Inc.",0,24,0,0.00,0,20.09.365,stormonts@imsweb.com,enterprise,200,24,2020-05-30 00:52:47.000,2021-06-07 07:00:00.000,true,8b37182f-ae35-e861-c2b4-d68de1ba9f8a,144.202.234.163,US,false,0,0, +anz-3051820,2020-12-06 15:58:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosec Corporation - 1120982247994731569,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244727,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Infoselective, S.a. De C.v. - 5270636434158577736",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Infosys,2020-12-07 09:22:23.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosys,0,0,0,0.00,0,20.04.177,sushma_v@infosys.com,enterprise,216,9,2020-08-19 22:47:11.000,2021-08-17 22:47:11.000,true,bbfd1d53-d520-d980-8400-4b9fc47206c9,52.183.92.19,US,false,0,27, +us-3-159243892,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosys Limited - 1062386591416735405,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285647,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,544047104.00,0,Infosys Limited - 4073265939003992358,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-22 06:24:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240104,2020-12-07 15:46:25.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,30,4,0,0,10,0,0,0,0,0,0,0,2046640128.00,550506496.00,0,Infosys Limited - 4280679200862841995,0,7,0,0.00,0,20.04.177,,enterprise,1000000,7,2020-05-25 12:21:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244789,2020-12-06 16:06:19.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,533327872.00,0,Infosys Limited - 4790183572122811355,0,10,0,0.00,0,20.04.177,,enterprise,1000000,10,2020-08-07 18:36:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244918,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosys Limited - 5285403002172543666,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285591,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosys Limited - 6750009340743544205,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284755,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosys Limited - 7785545124107327038,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284688,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infosys Limited - 7842906658668256548,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051905,2020-12-06 15:58:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infotimes,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050796,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Infotimes - 3336411673339149777,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143805,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ingram Micro Hong Kong (holding) Limited - 3990819339564888441,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284786,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ingredion Incorporated - 4151325724646259674,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283852,2020-12-07 14:26:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ingredion Incorporated - 5064600207680880357,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545805,2020-12-06 15:47:06.000,0,140,0.00,0,0,2,0,0,0,1,1,1,0,28,12,3,0,0,1,0,0,0,0,0,0,0,2046640128.00,541401088.00,0,Inhealthcare Limited - 8503430392349304058,0,20,0,0.00,0,20.09.366,,enterprise,1000000,20,2020-10-19 19:34:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Inland Revenue Authority of Singapore,2020-12-07 08:43:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Inland Revenue Authority of Singapore,0,0,0,0.00,0,20.04.169,gerald.h.tan@accenture.com,enterprise,600,27,2020-03-27 17:04:39.000,2022-09-26 07:00:00.000,true,7ebfc9ed-2b11-e94e-d98d-74bdb95b0b85,20.44.201.148,SG,false,0,0, +us-2-158285617,2020-12-07 14:28:01.000,22,70,0.00,0,0,0,0,0,0,2,1,1,0,28,19,28,0,0,0,0,0,0,1,0,0,0,2046640128.00,724164608.00,2,Inmobi - 2474818427198151471,22,10,0,0.00,0,20.09.366,,enterprise,1000000,32,2020-10-20 05:53:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Insitu,2020-12-07 03:03:30.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Insitu,0,2,0,0.00,0,20.09.345,thomas.dorsey@insitu.com,enterprise,100,2,2020-07-23 17:49:23.000,2021-07-28 07:00:00.000,true,74ef5907-dc98-e833-dcac-0baeed30fafa,54.191.107.76,US,false,0,0, +eu-103251,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Instinct Studios,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207252,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Intacct Corporation - 4298796887127073540,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Intact,2020-12-07 06:08:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Intact,0,0,0,0.00,0,19.11.512,alberto.chiang@intact.net,enterprise,200,1,2020-09-23 20:09:48.000,2021-09-28 07:00:00.000,true,5122822a-ebae-d33e-328e-9ad87a198569,142.216.101.5,CA,false,0,0, +canada-550157648,2020-12-07 09:50:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Intact - 6251910587658378550,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157647,2020-12-07 09:41:29.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,216,66,0,0,0,11,0,0,4,1,0,0,10501771264.00,1010397184.00,0,Intact - 6669041128022063442,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-28 17:23:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Intellect Design Arena Limited,2020-12-07 08:17:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Intellect Design Arena Limited,0,0,0,0.00,0,19.11.512,sarat.dara@intellectdesign.com,enterprise,200,5,2020-04-24 00:35:15.000,2021-04-10 07:00:00.000,true,7e02273f-5f35-66cc-ab5f-ea7ca31435ee,3.130.71.199,US,false,0,0, +eu-2-143544806,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Intelliflo - 8031539969743903452,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157589,2020-12-07 09:48:16.000,0,203,0.00,0,0,0,0,0,0,1,1,1,0,28,15,19,0,0,1,0,0,0,0,0,0,0,2046640128.00,560558080.00,0,Interac Corp - 1109648206667525688,0,29,0,0.00,0,20.09.366,,enterprise,1000000,29,2020-08-17 18:15:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257720,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Intercontinental Exchange,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212025,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Interlan - 4145723615138622732,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Intermedia.net, Inc.",2020-12-06 16:28:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Intermedia.net, Inc.",0,0,0,0.00,0,20.04.169,rkusler@intermedia.net,enterprise,1200,3,2020-06-30 18:37:13.000,2021-06-29 07:00:00.000,true,a6e5a391-c9e3-c384-aee3-2b9916c438bd,64.28.126.154,US,false,0,0, +Internal Revenue Service,2020-12-06 20:14:00.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Internal Revenue Service,0,3,0,0.00,0,20.09.365,anila.mukaj@accenturefederal.com,enterprise,100,3,2020-04-30 23:11:22.000,2021-04-29 07:00:00.000,true,419538ae-c493-b2f0-b83a-c7370a404a24,67.134.209.14,US,false,0,0, +us-2-158258804,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Internal-NFR-Presidio,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181236,2020-12-06 16:03:50.000,0,0,0.00,0,0,1,0,0,0,2,1,1,0,28,18,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,585465856.00,0,International Business Machines Corporation - 3594585374256330370,0,0,0,0.00,0,20.09.366,,enterprise,1000000,5,2019-12-10 12:04:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +International Financial Data Services (Canada) Ltd. (IFDS),2020-12-06 19:52:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,International Financial Data Services (Canada) Ltd. (IFDS),0,0,0,0.00,0,20.04.163,kpollard@ifdsgroup.com,enterprise,200,0,2020-03-23 17:05:41.000,2021-03-21 17:05:41.000,true,491b2a05-e3fd-292b-c381-9b93971b94c9,208.76.75.7,CA,false,0,25, +us-2-158283760,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Internet Initiative Japan Inc. (Partner) - 7135191368140619416,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285739,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Internet Initiative Japan Inc. (Partner) - 92709620518179687,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545802,2020-12-07 15:27:58.000,0,42,0.00,0,0,1,0,0,0,1,1,1,0,28,24,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,546168832.00,0,Intesa Sanpaolo Spa - 543053254173409369,0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-10-19 13:08:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284655,2020-12-07 14:33:59.000,0,42,0.00,0,0,0,0,0,0,1,1,1,1,28,44,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,547061760.00,0,"Invesco, Ltd. (US) - 1217003689457980334",0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-09-30 19:27:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241902,2020-12-06 16:06:19.000,0,294,0.00,0,0,0,0,0,0,1,1,1,0,29,180,8,0,0,1,0,0,0,6,0,0,0,2046640128.00,753811456.00,0,"Invesco, Ltd. (US) - 8409628189236948418",0,42,0,0.00,0,20.09.366,,enterprise,1000000,42,2020-06-22 13:04:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Investec,2020-12-07 08:51:54.000,0,616,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Investec,0,88,0,0.00,0,20.09.365,mark.backes@investec.co.za,enterprise,800,88,2020-05-29 18:32:05.000,2021-05-27 22:00:00.000,true,2c86ae7c-d3a7-b9a4-7a3f-da3fa5ea89db,196.4.0.2,ZA,false,0,0, +eu-2-143539974,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,1,1,2,0,28,0,3,0,0,0,0,0,0,1,1,0,0,2046640128.00,549851136.00,0,Investec Bank,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-01-21 11:03:08.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257005,2020-12-07 14:46:43.000,0,203,0.00,0,0,0,0,0,0,4,1,1,0,33,86,343,0,0,1751271,4,0,0,2,0,0,20849,52777418752.00,1952665600.00,0,Invitae,0,29,0,0.00,0,20.09.366,,enterprise,1000000,29,2019-12-10 13:50:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228551,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Invitae Corp - 4518793230145077763,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053772,2020-12-06 18:02:38.000,3,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,533676032.00,0,Iret Inc. - 476356958390629077,3,0,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-08-26 08:27:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256847,2020-12-07 15:00:29.000,3,546,0.00,0,0,0,0,0,0,1,1,1,0,28,49,637,0,0,123,0,0,0,1,0,0,0,2046640128.00,699928576.00,0,Iron Mountain,3,78,0,0.00,0,20.09.366,,enterprise,1000000,84,2019-11-22 05:29:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +IronNet CyberSecurity,2020-12-06 21:19:54.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IronNet CyberSecurity,0,1,0,0.00,0,20.09.365,eric.kibisingo@ironnetcyber.com,enterprise,100,1,2020-04-02 16:02:46.000,2021-04-01 07:00:00.000,true,7f6b61d4-e5d4-35f8-8738-07be287248bd,18.253.220.78,US,false,0,0, +us-3-159210255,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IronNet CyberSecurity - 1543410943587718638,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228482,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IronNet CyberSecurity - 4495605075436345163,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185331,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,IronNet CyberSecurity - 6135648112569720548,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283638,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Isa Intercolombia S A E S P - 2433642556985422056,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542976,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,532615168.00,0,Itv Plc - 5276396455732657743,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-06-10 08:47:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +JAIC,2020-12-07 11:01:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JAIC,0,0,0,0.00,0,20.04.177,deepak.seth.civ@mail.mil,enterprise,800,6,2020-07-29 16:52:20.000,2021-07-28 07:00:00.000,true,306bded3-b954-6cf3-b260-ddff8bf9cab3,18.252.12.141,US,false,0,0, +us-2-158284594,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JAIC - 1463621929989507897,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053898,2020-12-06 17:42:46.000,0,7,0.00,0,0,1,1,0,0,2,1,1,0,28,9,1,0,0,7,0,0,0,1,0,0,1,2046640128.00,548118528.00,0,JBCC CORPORATION - 1713432691185256340,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-30 02:39:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054575,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JBCC CORPORATION(Partner) - 40669206906270955,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054576,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JBCC CORPORATION(Partner) - 8309184310744501316,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051939,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JBCC CORPORATION(Partner) - 8902818514005436795,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051815,2020-12-06 15:56:41.000,1,14,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,541216768.00,0,JBCC CORPORATION(Partner) - 921359424831884692,1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-03-03 18:02:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053865,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"JCB CO.,LTD. - 1158937492877261101",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052777,2020-12-06 15:56:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"JCB CO.,LTD. - 2763374909271074529",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053798,2020-12-06 17:55:57.000,0,84,0.00,0,0,0,0,0,0,0,1,1,0,28,19,14,0,0,0,0,0,0,0,0,0,0,2046640128.00,560508928.00,0,"JCB CO.,LTD. - 5348812898918602268",0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2020-09-07 03:33:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +JD,2020-12-07 07:26:25.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JD,0,1,0,0.00,0,20.09.365,duhang9@jd.com,evaluation,100,1,2020-11-21 09:51:40.000,2020-12-21 09:51:40.000,true,0,180.169.175.194,CN,false,0,0, +anz-3052681,2020-12-06 16:00:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JIBUN BANK CORPORATION - 4288687455232100430,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243984,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Jabil Circuit, Inc. - 5002204641338002711",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178635,2020-12-06 15:52:50.000,0,98,0.00,0,0,0,0,0,0,1,1,1,0,28,25,28,0,0,0,0,0,0,0,0,0,0,2046640128.00,547946496.00,0,Jacobs Engineering Group Inc. - 6146012295111824279,0,14,0,0.00,0,20.09.366,,enterprise,1000000,14,2019-12-10 08:35:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053891,2020-12-06 17:55:57.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,538324992.00,0,Japan Broadcasting Corporation - 6668831041241801504,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-19 08:33:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053835,2020-12-06 17:39:07.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,524652544.00,0,Japan Broadcasting Corporation - 7472849121131497722,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-09-29 02:30:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158258739,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,2,23,0,0,2046640128.00,542203904.00,0,Jefferies,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-09 12:36:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153319,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Jet Infosystems (Russia) - 6055782765060800442,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238218,2020-12-06 16:38:05.000,1,1253,0.00,0,0,0,0,0,0,4,1,1,0,28,118,562,0,0,6550,3,0,0,198,0,0,0,10501771264.00,1483771904.00,0,JetBlue Airways Corporation - 119166062036843524,1,179,0,0.00,0,20.09.366,,enterprise,1000000,201,2020-04-29 15:16:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241905,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,JetBlue Airways Corporation - 3660006282436106681,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284839,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,528285696.00,0,"Jfrog, Inc. - 7330705059187047130",0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-09 20:12:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544870,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Johannes Sautter it.solutions - 5792480139670198760,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Johns Hopkins University Applied Physics Laboratory LLC,2020-12-06 16:38:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Johns Hopkins University Applied Physics Laboratory LLC,0,0,0,0.00,0,20.04.177,john.ritter@jhuapl.edu,enterprise,10,1,2020-04-22 23:17:41.000,2021-04-11 07:00:00.000,true,95e39fcd-1414-afc6-e9f4-bdd56b8549d7,128.244.11.15,US,false,10,0, +Johns Hopkins University Applied Physics Laboratory LLC ,2020-12-05 16:38:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Johns Hopkins University Applied Physics Laboratory LLC ,0,0,0,0.00,0,20.04.177,john.ritter@jhuapl.com,enterprise,80,1,2020-05-11 21:15:34.000,2021-04-11 21:15:34.000,true,95e39fcd-1414-afc6-e9f4-bdd56b8549d7,128.244.11.15,US,false,0,10, +us-3-159245754,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Johns Hopkins University Applied Physics Laboratory LLC - 1449995960920315099,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Joint Improvised Threat Defeat Organization - JIDO,2020-12-07 14:45:42.000,0,91,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Joint Improvised Threat Defeat Organization - JIDO,0,13,0,0.00,0,20.09.345,james.k.briden.ctr@mail.mil,enterprise,200,13,2020-03-04 15:46:53.000,2021-02-26 08:00:00.000,true,6d3221d5-97e8-edf4-1eda-52d2d4106a2a,214.16.248.2,US,false,0,0, +Joint Strike Fighter (JSF),2020-12-06 23:14:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Joint Strike Fighter (JSF),0,0,0,0.00,0,20.04.163,brian.berger@jsf.mil,enterprise,100,0,2020-06-17 22:18:30.000,2021-06-16 07:00:00.000,true,c01c312c-ba46-711f-109a-5151736c3dbe,15.200.71.40,US,false,0,0, +us-2-158254803,2020-12-07 14:44:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Jump Trading,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544995,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,3,0,0,0,0,0,0,3,0,0,0,2046640128.00,563638272.00,0,Junta de Castilla la Mancha (Consejeria de Industria) - 7710044146862296841,0,0,0,0.00,0,20.09.345,,enterprise,1000000,0,2020-09-23 17:12:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574264,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Juul Labs,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539012,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,KHA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545989,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,KHIPU Networks (PTY) Ltd - 4532141255123548715,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +KKB_Eval1,2020-12-06 18:36:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,KKB_Eval1,0,0,0,0.00,0,20.09.345,kutluhanaktas@kkb.com.tr,evaluation,100,0,2020-12-02 13:18:16.000,2021-01-02 13:18:16.000,true,KKB_Eval1,213.144.115.170,TR,false,0,0, +anz-3053895,2020-12-06 17:55:58.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,1,20,0,0,0,0,0,0,0,0,0,0,2046640128.00,536014848.00,0,KMART AUSTRALIA LIMITED - 8990284090154319914,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-10-27 06:33:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143566878,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,KOALA Malta Limited - 5181640181904988939,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545896,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,KOALA Money Ltd. - 2580364018065530475,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159186106,2020-12-07 15:30:13.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532992000.00,0,KPMG INDIA PRIVATE LIMITED - 9092398819035023927,1,0,0,0.00,0,,,enterprise,1000000,1,2019-12-11 07:10:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143540064,2020-12-07 15:44:30.000,0,161,0.00,0,0,0,0,0,0,1,1,1,0,28,51,38,0,0,48,0,0,0,1,0,0,0,2046640128.00,575655936.00,0,KPMG LLP (UK) - 1587053655665050065,0,23,0,0.00,0,20.09.366,,enterprise,1000000,23,2020-01-30 15:59:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285552,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"KPMG, LLP - 1838051725062568726",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284878,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"KPMG, LLP - 9163476445285554247",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544962,2020-12-07 15:27:57.000,2,308,0.00,0,0,1,0,0,0,1,1,1,0,28,65,905,0,0,0,0,0,0,0,0,0,0,2046640128.00,574414848.00,0,Kahoot! As - 5409889046381306283,2,44,0,0.00,0,20.09.366,,enterprise,1000000,47,2020-09-17 16:11:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053897,2020-12-06 18:02:39.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,11,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,532377600.00,0,Kajima Corporation - 7991483467278664338,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-28 06:44:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143808,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kakao Corp. - 2072020179330144869,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050947,2020-12-06 15:55:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Kasa Korea Co., Ltd. - 4565575046753567777",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286738,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,4,1,1,1,28,7,2,0,12,8,2,0,0,1,0,0,0,2046640128.00,531193856.00,0,"Kaspersky Lab, Inc. - 3693112827938683042",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-19 17:11:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283787,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Kaspersky Lab, Inc. - 4093365070793365584",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285654,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,4,2,1,1,28,6,0,0,0,3,0,0,0,1,0,0,3,2046640128.00,544595968.00,0,"Kaspersky Lab, Inc. - 646818248339527346",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-26 10:04:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257962,2020-12-07 14:34:00.000,4,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,528568320.00,0,KeHE,4,0,0,0.00,0,,,enterprise,1000000,4,2019-12-09 18:59:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257002,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kellogg,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240136,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kensci Inc. - 4266938899199980418,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283792,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kepler Group LLC - 6503860133176426005,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051941,2020-12-07 15:33:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kerry Logistics (Hong Kong) Limited - 7584543693361994834,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283879,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Keurig Dr. Pepper - 2162411377709650924,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239146,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Keurig Dr.Pepper Inc. - 1380557290572237324,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238122,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,KeyBank,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257874,2020-12-07 14:34:00.000,2,28,0.00,0,0,0,0,0,0,2,4,1,0,29,3,5,0,0,1,0,0,0,1,0,0,0,2046640128.00,557207552.00,1,KeyBank,2,4,0,0.00,0,20.09.366,,enterprise,1000000,6,2019-12-09 07:12:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543843,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kiabi - 663498374088373201,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152382,2020-12-07 15:22:37.000,9,182,0.00,0,0,0,0,0,0,2,4,1,0,33,69,95,0,0,1172,148,0,0,0,0,0,0,2046640128.00,613822464.00,0,King Games Studio Sl. - 6864469810936393134,9,26,0,0.00,0,20.09.366,,enterprise,1000000,59,2019-11-23 17:03:19.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143541091,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,King.com Ltd,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545055,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,King.com Ltd - 4325868625521403873,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243917,2020-12-06 16:06:19.000,0,448,0.00,0,0,2,0,0,0,3,1,1,0,32,34,110,0,0,110,0,0,0,30,0,0,0,2046640128.00,586391552.00,0,Kit United - 4191821531741793904,0,64,0,0.00,0,20.09.366,,enterprise,1000000,64,2020-07-30 12:01:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143542107,2020-12-07 15:31:14.000,0,217,0.00,0,0,2,0,0,0,3,1,1,1,32,18,76,0,0,69,0,0,0,16,0,0,0,10501771264.00,592904192.00,0,Kit United - 6658273775130931371,0,31,0,0.00,0,20.09.366,,enterprise,1000000,32,2020-05-13 12:13:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544928,2020-12-07 15:35:21.000,0,651,0.00,0,0,2,0,0,0,3,1,1,0,32,57,239,0,0,250,0,0,0,30,0,0,0,2046640128.00,587853824.00,0,Kit United - 8284358508941865528,0,93,0,0.00,0,20.09.366,,enterprise,1000000,96,2020-09-11 17:52:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544966,2020-12-07 15:41:25.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,1,13,0,0,0,0,0,0,0,0,0,0,2046640128.00,538435584.00,0,Koch Media GmbH - 2254229435532691820,0,3,0,0.00,0,,,enterprise,1000000,3,2020-09-21 15:21:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545893,2020-12-07 15:31:26.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,5,6,0,0,0,0,0,0,0,0,0,0,2046640128.00,539324416.00,0,Koch Media GmbH - 5227008372663850271,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-10-27 16:08:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158260819,2020-12-07 14:39:59.000,0,210,0.00,0,0,0,0,0,0,1,1,1,0,28,5,115,0,0,1,0,0,0,12,5,0,0,105621938176.00,10582437888.00,0,Kohl's Corporation - 1231694377299827104,0,30,0,0.00,0,20.09.366,,enterprise,1000000,30,2019-12-08 21:42:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283817,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,531755008.00,0,Kohlberg Kravis Roberts & Co. L.P. (KKR) - 935782104265136923,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-17 21:20:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143542857,2020-12-07 15:35:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kopenczei Ltd - 9152179013549292815,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285683,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kore.ai Software India Private Limited - 1055559295384675755,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286801,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kore.ai Software India Private Limited - 8346422107789548086,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Kosta,2020-12-07 10:15:03.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kosta,0,2,0,0.00,0,20.11.507,kosta@twistlock.com,enterprise,0,2,2019-05-28 10:59:08.000,2024-11-17 10:59:08.000,true,dev,146.148.93.252,US,true,1000,1000, +us-2-158285716,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kotak Mahindra Bank Limited - 1127552982548200036,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241873,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kotak Mahindra Bank Limited - 4985479848827182955,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286613,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kotak Mahindra Life Insurance Company Limited - 5101143910931793877,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214102,2020-12-06 16:22:53.000,0,329,0.00,0,0,1,0,0,0,1,1,1,0,28,51,87,0,0,1,0,0,0,0,0,0,0,2046640128.00,608665600.00,0,Kount Inc. - 4476665001684445990,0,47,0,0.00,0,20.09.366,,enterprise,1000000,47,2020-02-25 17:53:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237162,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kount Inc. - 6777353075522619358,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284783,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kowmudi - 3116886385048358988,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285649,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kpmg MSFS - 3357250091931095407,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545866,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Kpmg MSFS - 5291102593973805124,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153351,2020-12-07 15:35:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,L'Oreal - 2209644837037209439,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286517,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,L'Oreal - 4554086245798720313,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +L3 Harris PCC (Twistlock) Eval,2020-12-07 14:24:37.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,L3 Harris PCC (Twistlock) Eval,0,1,0,0.00,0,20.09.365,waldemar.pabon@l3harris.com,evaluation,100,1,2020-11-12 20:55:42.000,2020-12-12 20:55:42.000,true,L3 Harris PCC (Twistlock) Eval,68.202.227.186,US,false,0,0, +aws-singapore-961096908,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"LAC Co., Ltd. - 7869404584625065961",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054571,2020-12-06 17:39:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LEIDOS PTY LTD - 2165204067169919220,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053896,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LEIDOS PTY LTD - 3199862766735960687,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096755,2020-12-07 14:56:15.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,13,5,0,0,93,0,0,0,0,0,0,0,2046640128.00,539983872.00,0,LG CNS - 2267467751112294233,0,5,0,0.00,0,20.04.177,,enterprise,1000000,5,2020-08-10 04:57:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096934,2020-12-07 14:54:37.000,3,238,0.00,0,0,2,0,0,0,1,1,1,0,28,27,92,0,0,1,0,0,0,1,0,0,0,2046640128.00,561524736.00,0,LG Electronics - 1440621665787758779,3,34,0,0.00,0,20.09.366,,enterprise,1000000,66,2020-10-09 06:27:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3049092,2020-12-06 15:56:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LG Electronics - 6879914411814034008,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544875,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LIBERTY GROUP LTD - 6377025785009909207,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574445,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LPL Financial,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544996,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Labs - 4449813280635105361,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284750,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Labworld - 2299722800869629100,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286611,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Landry's Restaurants - 1691336752159592909,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286607,2020-12-07 15:01:32.000,1,42,0.00,0,0,0,0,0,0,1,1,1,0,28,2,18,0,0,0,0,0,0,0,0,0,0,2046640128.00,547631104.00,0,Latam Airlines Group S.a. - 6632546472854302043,1,6,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-11-10 17:33:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525247,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Laureate Education,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286763,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Laureate Education Mexico S. De R.l. De C.v. - 2470597973536650594,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Lawrence Livermore National Laboratory (LLNL),2020-12-07 08:04:13.000,1,98,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Lawrence Livermore National Laboratory (LLNL),1,14,0,0.00,0,20.04.177,verschuur1@llnl.gov,enterprise,1000,15,2020-07-17 23:58:08.000,2021-07-16 07:00:00.000,true,279d9e76-456f-42c4-2a8e-8912dbaa8c10,134.9.145.202,US,false,0,0, +us-3-159243768,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Lawrence Livermore National Laboratory (LLNL) - 966484446832208012,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238124,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Legal & General America Inc. - 2201383042858479725,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214907,2020-12-07 15:46:25.000,0,42,0.00,0,0,0,0,0,0,1,1,1,0,28,19,5,0,0,0,0,0,0,1,0,0,0,2046640128.00,559386624.00,0,Legal & General America Inc. - 3346480737808331753,0,6,0,0.00,0,20.04.177,,enterprise,1000000,6,2020-03-03 17:58:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111572278,2020-12-07 14:51:46.000,0,70,0.00,0,0,0,0,0,1,1,1,1,0,28,45,23,0,0,0,4,0,0,9,12,0,0,2046640128.00,573341696.00,0,Leggmason,0,10,0,0.00,0,20.09.366,,enterprise,1000000,10,2019-12-06 17:47:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257010,2020-12-07 14:51:47.000,0,2681,0.00,0,0,1,0,0,0,1,1,1,0,28,47,783,0,0,0,0,0,0,1,0,0,0,2046640128.00,627818496.00,0,Levi’s,0,383,0,0.00,0,20.09.366,,enterprise,1000000,383,2019-12-07 15:23:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +LexisNexis,2020-12-07 13:57:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LexisNexis,0,0,0,0.00,0,20.04.177,matthew.mckeever@lexisnexis.com,enterprise,10000,63,2020-08-05 05:31:18.000,2021-06-21 05:31:18.000,true,ed6cde9f-7cdd-80a3-f07b-ef7fec989b0e,3.213.141.213,US,false,0,1250, +Libretto.io,2020-12-06 19:06:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Libretto.io,0,0,0,0.00,0,20.09.345,cameron@libretto.io,enterprise,80,0,2020-05-28 20:07:46.000,2021-07-24 20:07:46.000,true,9ef002bd-043d-fcf8-87e2-10a1a58d7a35,35.222.147.123,US,false,0,10, +us-3-159243734,2020-12-07 15:28:35.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,16,352,0,0,0,0,0,0,0,0,0,0,2046640128.00,577622016.00,0,Life Miles Corporation - 6844027380263055649,0,16,0,0.00,0,20.09.366,,enterprise,1000000,16,2020-07-22 17:27:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143780,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Lina Life - 7953326197695821592,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256726,2020-12-07 14:36:19.000,0,574,0.00,0,0,0,0,0,0,1,1,4,0,28,157,45,9,0,8,18,0,0,1,1,0,0,2046640128.00,790687744.00,0,Lincoln Financial Group,0,82,0,0.00,0,20.09.366,,enterprise,1000000,88,2020-02-03 19:24:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096787,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Line Plus Corporation - 253270002320524388,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111525439,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LiveLike,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103309,2020-12-07 15:39:25.000,0,5026,0.00,0,0,0,0,0,0,1,1,1,0,28,177,644,0,0,381,2,0,0,0,0,0,0,10501771264.00,1613078528.00,1,Liveperson,0,717,7,0.00,0,20.09.366,,enterprise,1000000,726,2019-11-23 17:03:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212021,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Livongo - 5225703945312582409,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Loblaw Companies Limited,2020-12-07 03:12:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Loblaw Companies Limited,0,0,0,0.00,0,20.04.163,mark.zuzarte@loblaw.ca,enterprise,416,102,2020-05-28 19:16:24.000,2021-06-05 19:16:24.000,true,6b932280-ce38-e878-a3d4-f9f1af911bbb,34.74.164.102,US,false,0,52, +us-3-159238931,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Loblaw Duplicate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255951,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Loblaws,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053830,2020-12-06 17:39:08.000,1,0,0.00,0,0,0,0,0,0,1,2,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,533778432.00,0,Locatium Solutions FZ-LLC - 3101552907591816803,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-09-17 09:32:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245720,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Logical It Servicos De Informatica Ltda - 7773447259017454256,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255082,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Los Angeles Capital Management,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212212,2020-12-06 16:03:50.000,0,210,0.00,0,0,1,0,0,0,2,2,2,1,28,27,82,0,0,1057,0,0,0,8,0,0,0,2046640128.00,564838400.00,0,Los Angeles Rams - 4161483247049154196,0,30,0,0.00,0,20.09.366,,enterprise,1000000,30,2020-01-31 21:22:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Lowe's Companies, Inc.",2020-12-06 19:11:35.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Lowe's Companies, Inc.",0,4,0,0.00,0,20.09.365,dane.jones@lowes.com,enterprise,14000,4,2020-10-05 20:34:10.000,2021-06-01 20:34:10.000,true,9c8eaa4a-d418-07fd-b948-d3133a48eb38,34.68.52.149,US,false,0,2000, +us-2-158261527,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Lowe's Companies, Inc. - 3768392560503907301",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240910,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Lowe's Companies, Inc. - 7082113414721699524",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151458,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Lowell Group - 8768164307707181363,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182360,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,LoyaltyOne - 2107839170996200645,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283821,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,1,0,0,2046640128.00,531558400.00,0,"Lsq Funding Group, L.c. - 1206841079427175809",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-18 15:33:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Luma Financial Technologies,2020-12-06 20:31:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Luma Financial Technologies,0,0,0,0.00,0,20.04.163,chall@lumafintech.com,enterprise,100,8,2020-05-05 22:39:19.000,2021-05-05 07:00:00.000,true,e23efbb9-6e62-1f3b-db3a-85bcc1c151b7,34.233.50.125,US,false,0,0, +us-2-158259885,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Lumiata,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544967,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,M&G plc - 1705727328339848533,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241101,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,M&T Bank Corporation - 2265724517520742916,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054606,2020-12-06 18:02:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"M3, Inc. - 4416953449547813541",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238957,2020-12-06 16:22:43.000,0,42,0.00,0,0,0,0,0,1,1,1,2,1,28,18,119,0,0,237,0,0,0,0,68,0,0,2046640128.00,736071680.00,0,MARKETAXESS HOLDINGS INC. - 7416095972367215149,0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-04-30 21:57:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158262768,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,1,2,1,0,28,2,3,0,0,0,0,0,0,1,0,0,0,2046640128.00,530567168.00,0,MARS HQ - 1139107723611926614,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-09-03 16:56:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +MASHREQ BANK PSC,2020-12-07 11:23:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MASHREQ BANK PSC,0,0,0,0.00,0,20.04.163,binoyp@mashreq.com,enterprise,200,29,2020-04-08 16:03:07.000,2021-04-07 07:00:00.000,true,5fda60e6-13bb-d49b-4c60-f30be3a7cb98,20.46.154.6,AE,false,0,0, +anz-3054574,2020-12-06 17:42:45.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,536809472.00,0,"MC Data Plus, Inc. - 8957190776355462649",1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-09 00:58:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +MCCOG PCC,2020-12-06 15:14:19.000,1,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MCCOG PCC,1,1,0,0.00,0,20.09.365,Dennis.Hawkins@geocent.com,evaluation,100,2,2020-11-06 21:59:02.000,2020-12-06 21:59:02.000,true,MCCOG PCC,52.61.72.245,US,false,0,0, +us-3-159239981,2020-12-06 15:52:51.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,2,3,0,0,0,0,0,0,0,2,0,0,2046640128.00,542937088.00,0,"MELALEUCA, INC. - 4308659376503365343",0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-05-18 17:01:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143540966,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MERCADONA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544997,2020-12-07 15:41:24.000,0,14,0.00,0,0,0,0,0,0,2,1,1,0,28,7,4,0,0,3,0,0,0,1,0,0,0,2046640128.00,541089792.00,0,META Finanz-Informationssysteme GmbH - 8064854043085886247,0,2,0,0.00,0,20.09.351,,enterprise,1000000,2,2020-09-25 10:44:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159179409,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"MGM Studios, Inc. - 4954743886479906356",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245816,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"MIB, Inc - 1300816306720512145",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243766,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"MIB, Inc - 6954245170079797467",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143783,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"MINISTRY OF FOREIGN AFFAIRS, SINGAPORE - 2375894953440036844",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284629,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MOAA Consultin - 7370729722090699790,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540038,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MOPrismaCloud,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545923,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MOTC-GN - 2588265573505376059,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +MSCI Inc.,2020-12-06 11:19:08.000,0,63,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MSCI Inc.,0,9,0,0.00,0,20.09.345,gabor.kiss@msci.com,enterprise,134,9,2020-10-30 16:31:03.000,2021-09-12 16:31:03.000,true,4cc540bb-1f7d-072e-1bf5-65daf68ae190,20.54.43.46,US,false,134,0, +MSCI Inc. ,2020-12-07 11:19:09.000,0,63,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MSCI Inc. ,0,9,0,0.00,0,20.09.345,gabor.kiss@msci.com,enterprise,938,9,2020-11-04 14:44:24.000,2021-09-13 14:44:24.000,true,4cc540bb-1f7d-072e-1bf5-65daf68ae190,20.54.43.46,US,false,0,134, +us-2-158258899,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MTD Products,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212241,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MTD Products Inc - 467127555940145701,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153190,2020-12-07 15:35:36.000,1,21,0.00,0,0,0,0,0,0,1,1,1,0,28,4,0,0,0,21,0,0,0,36,0,0,0,2046640128.00,873472000.00,0,MUREX SAS - 8621010948574705382,1,3,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-12-10 11:27:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"MacDonald, Dettwiler and Associates Ltd.",2020-12-06 17:36:26.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"MacDonald, Dettwiler and Associates Ltd.",0,2,0,0.00,0,20.09.365,francois.lapierre@mdacorporation.com,enterprise,100,2,2020-04-22 14:09:32.000,2021-04-21 07:00:00.000,true,8cca299a-d2fd-655f-fbda-7caf2ca7b333,142.73.153.45,CA,false,0,0, +Macnica Solutions Corp.,2020-12-07 09:43:20.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Macnica Solutions Corp.,0,3,0,0.00,0,20.09.365,nohara-m@macnica.net,enterprise,100,3,2020-02-13 17:46:08.000,2021-02-12 08:00:00.000,true,37ade7e9-166a-5296-74ce-8a8954087066,34.70.53.178,US,false,0,0, +aws-singapore-961096844,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Macnica Solutions Corp. - 1814373351986477320,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051008,2020-12-06 16:00:49.000,0,42,0.00,0,0,8,0,1,1,12,2,1,1,30,13,11,0,0,3098,0,0,0,9,7,0,1366,2046640128.00,570425344.00,0,Macnica Solutions Corp. - 7457777465237376606,0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-02-13 17:48:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143538241,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Macquarie Group Limited - 1044560718152399769,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3049956,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Macquarie Group Limited - 8957252771989836821,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096971,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mad Head Limited - 2047513163708829107,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150527,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Maersk Drilling,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574260,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Magellan Health,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215928,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Magic Leap, Inc. - 2220316391415963204",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211188,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Magic Leap, Inc. - 8787898149698999291",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287507,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mailchimp Com - 3046371347261356031,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262743,2020-12-07 14:39:18.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537366528.00,0,Mailchimp Com - 971960088851052685,1,0,0,0.00,0,,,enterprise,1000000,1,2020-09-02 19:02:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287536,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Makeke SAS - 2112331075785775461,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284778,2020-12-07 14:36:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Mantech Electronics Interoperability Services, Inc - 2702033007316790283",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242991,2020-12-06 16:03:50.000,0,189,0.00,0,0,0,0,0,0,1,1,1,0,28,299,74,0,0,24,0,0,0,0,0,0,0,2046640128.00,617472000.00,0,Mantl - 2070392419946425785,0,27,0,0.00,0,20.04.177,,enterprise,1000000,27,2020-07-16 16:17:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3001747,2020-12-06 15:56:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ManualAcceptanceQA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150305,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ManualAcceptanceQA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157623,2020-12-07 09:58:17.000,0,0,0.00,0,0,0,0,0,0,2,2,1,0,28,0,8,0,0,170,0,0,0,0,0,0,0,2046640128.00,534663168.00,0,Manulife Financial Corporation - 4928552465869777419,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-13 18:17:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Manulife-Sinochem (China),2020-12-07 14:36:14.000,0,70,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Manulife-Sinochem (China),0,10,0,0.00,0,20.09.365,jenny_yh_jin@manulife-sinochem.com,enterprise,100,10,2020-07-30 11:30:20.000,2021-10-28 22:00:00.000,true,8a4bd1c3-060e-5aab-a715-f387be3cc298,40.73.98.148,CN,false,0,0, +eu-2-143542948,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Maple Networks - 678081496810326268,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244793,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Marathon Petroleum Corporation - 2684146780441717460,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159210253,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Marathon Petroleum Corporation - 4978236518885164311,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209168,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Marathon Petroleum Corporation - 8567592455574829216,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255017,2020-12-07 14:47:53.000,0,14,0.00,0,0,1,0,0,0,1,1,1,0,28,1,5,0,0,0,0,0,0,0,1,0,0,2046640128.00,533737472.00,0,Marc's Prod,0,2,0,0.00,0,20.09.351,,enterprise,1000000,2,2019-12-09 17:57:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157616,2020-12-07 09:41:29.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,540405760.00,0,Mark Anthony Group Inc - 5802217622763605434,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-09-21 16:42:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543845,2020-12-07 15:22:38.000,0,560,0.00,0,0,0,0,0,0,2,2,1,0,28,211,205,0,0,68,6,0,0,1,0,0,0,2046640128.00,791728128.00,0,Marks and Spencer Group Plc - 1290406802487527481,0,80,0,0.00,0,20.09.366,,enterprise,1000000,80,2020-07-14 08:55:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543914,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Marks and Spencer Group Plc - 8818024362635526070,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287512,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Marriott International, Inc. - 2428561205000728391",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254866,2020-12-07 14:39:18.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,11,0,0,0,0,1,0,0,2046640128.00,542949376.00,0,Mass Mutual,0,1,0,0.00,0,20.04.177,,enterprise,1000000,1,2019-11-27 10:03:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212985,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MassMutual Financial Group - 3551720653724754253,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050950,2020-12-06 15:58:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MassMutual Financial Group - 8126992425079978226,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243738,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Massachusetts Financial Services Company - 7492906417610162453,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237999,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Massachusetts Financial Services Company - 9155805223383883337,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244757,2020-12-07 15:32:51.000,0,224,0.00,0,0,0,0,0,0,2,2,1,0,28,6,4,2,0,9,0,0,0,1,6,0,0,2046640128.00,544165888.00,0,MasterControl Inc. - 6679698579488983438,0,32,0,0.00,0,20.09.366,,enterprise,1000000,32,2020-08-07 19:08:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242058,2020-12-07 15:39:28.000,640,42,0.00,0,0,0,0,0,0,1,5,1,0,28,9,1693,0,0,0,0,0,0,0,0,0,1057,2046640128.00,620609536.00,0,Mastercard Incorporated - 7993057007302518356,640,6,0,0.00,0,20.09.366,,enterprise,1000000,728,2020-06-30 21:48:19.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574262,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,4,0,0,0,0,0,0,26,0,0,2046640128.00,641691648.00,0,Mathematica,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-10 03:56:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243706,2020-12-06 16:06:18.000,0,714,0.00,0,0,1,0,0,0,1,1,1,0,28,157,559,0,0,894,0,0,0,0,0,0,0,2046640128.00,682627072.00,0,Matt Hillary,0,102,0,0.00,0,20.09.366,,enterprise,1000000,102,2020-07-21 22:29:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158261622,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Mattel, Inc. - 2486126749825756737",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111525373,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mattress Firm,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Maxar Technologies,2020-12-07 14:11:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Maxar Technologies,0,0,0,0.00,0,19.03.317,Steve.Parker@maxar.com,enterprise,80,2,2020-05-12 15:21:12.000,2021-05-02 15:21:12.000,true,77ad2992-667c-11db-7b63-fec334e56f7b,173.242.16.222,US,false,0,10, +gov-3228392,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Maxar Technologies Ltd. - 2833599654035926708,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143807,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Maxims Catering - 8956182766910150791,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Mayo Clinic,2020-12-07 07:48:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mayo Clinic,0,0,0,0.00,0,20.04.177,boettcher.chad@mayo.edu,enterprise,160,19,2020-08-26 16:13:59.000,2021-02-12 16:13:59.000,true,4466fe8f-1de5-ffe4-501e-a636de48d8d8,104.208.26.188,US,false,0,20, +us-2-158284719,2020-12-07 14:26:17.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,535330816.00,0,Mayo Clinic - 5199013648270082645,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-05 14:50:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287544,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mayo Clinic - 7634230280804420785,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257908,2020-12-07 14:47:54.000,0,385,0.00,0,0,2,0,0,0,1,1,1,0,28,141,141,0,0,31,36,0,0,32,0,0,0,2046640128.00,789241856.00,1,McKesson,0,55,0,0.00,0,20.09.366,,enterprise,1000000,58,2019-12-09 20:35:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210165,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,5,0,0,0,0,0,0,1,0,0,2046640128.00,536866816.00,0,Mcdonald's - 4946586033016328950,0,0,0,0.00,1,20.09.366,,enterprise,1000000,0,2019-12-20 17:34:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143546018,2020-12-07 15:44:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mediamonks Multimedia Holding B.v. - 2569371307595259314,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284716,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Medicom Technologies, Inc. - 1706584720023844943",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238123,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Medidata Solutions Worldwide - 2432664833072324775,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256723,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Medidata_new,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237007,2020-12-07 15:32:50.000,0,210,0.00,0,0,0,0,0,0,6,1,1,0,28,48,47,0,0,139,0,0,0,2,0,0,0,2046640128.00,688484352.00,3,"Medline Industries, Inc. - 233973305401877779",0,30,0,0.00,0,20.09.366,,enterprise,1000000,30,2020-04-02 13:13:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244664,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Medline Industries, Inc. - 7504180611279683408",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Medtronic, Inc.",2020-12-07 15:09:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Medtronic, Inc.",0,0,0,0.00,0,20.04.169,glen.bechtold@medtronic.com,enterprise,800,12,2020-10-06 18:11:13.000,2021-09-24 07:00:00.000,true,d79c05ab-7a84-e143-e414-0df65753c9dd,144.15.255.227,US,false,0,0, +us-3-159180404,2020-12-06 16:33:35.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,33,4,0,0,0,1,0,0,0,0,0,0,2046640128.00,548065280.00,0,"Meijer, Inc. - 5166194134424902041",0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2019-12-09 16:29:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159185359,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Melco Resorts & Entertainment Limited - 4276588541117925053,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184247,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Memorial Sloan-Kettering Cancer Center - 140997590557047498,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254089,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MentorGraphics,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152383,2020-12-07 15:31:26.000,0,385,0.00,0,0,0,0,0,0,1,1,1,0,28,115,169,0,0,41,0,0,0,1,0,0,0,2046640128.00,607420416.00,0,Mercadona - 5120007605526848521,0,55,0,0.00,0,20.09.366,,enterprise,1000000,55,2019-12-10 00:18:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255801,2020-12-07 14:40:00.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,9,3,0,0,0,0,0,0,3,0,0,0,2046640128.00,549007360.00,1,Merck,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-02 21:34:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244791,2020-12-07 15:38:45.000,0,56,0.00,0,0,1,0,0,0,1,1,1,0,28,12,17,0,0,0,0,0,0,1,0,0,0,2046640128.00,551542784.00,0,"Merck & Co., Inc. - 7167829741814566470",0,8,0,0.00,0,20.09.366,,enterprise,1000000,8,2020-08-07 18:36:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Messagepoint,2020-12-06 21:04:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Messagepoint,0,0,0,0.00,0,20.09.345,samuel.chantaraud@messagepoint.com,enterprise,200,0,2020-10-05 22:03:14.000,2021-09-02 07:00:00.000,true,83d9d04c-ed4e-49ae-9d56-3be826acbc5b,99.79.17.29,CA,false,0,0, +us-3-159238097,2020-12-06 16:10:24.000,0,154,0.00,0,0,0,0,0,0,13,2,1,0,32,212,28,0,0,99,0,0,0,4,0,0,0,2046640128.00,600551424.00,0,Metrolinx - 4232564375589394185,0,22,0,0.00,0,20.09.366,,enterprise,1000000,22,2020-04-24 16:24:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215155,2020-12-06 16:33:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Metropolitan Transportation Authority (MTA) - 8518153582036212307,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096905,2020-12-07 14:54:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Metropolitan Waterworks Authority (MWA) - 2684492586099814679,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573514,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MiTek,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Mib Holdings Inc,2020-12-06 18:41:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mib Holdings Inc,0,0,0,0.00,0,20.04.177,hluu@mib.com,enterprise,80,2,2020-06-09 18:01:38.000,2021-05-06 18:01:38.000,true,00d0f09d-c0c2-cb1a-0bb1-5f2f6e84f8f8,107.23.78.14,US,false,0,10, +us-2-158286549,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Microchip Technology Incorporated - 4084114485619885904,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283917,2020-12-07 14:44:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Microchip Technology Incorporated - 9110479924608241942,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Midwest Independent Transmission System Operator, Inc. ",2020-12-06 19:42:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Midwest Independent Transmission System Operator, Inc. ",0,0,0,0.00,0,20.09.345,cbonham@misoenergy.org,enterprise,350,0,2020-10-02 16:52:43.000,2021-10-22 16:52:43.000,true,20bb90d4-9029-79a5-5344-75bcfb86764f ,12.109.71.133,US,false,0,50, +Migros,2020-12-07 08:23:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Migros,0,0,0,0.00,0,20.04.177,lutfuk@migros.com.tr,enterprise,300,12,2020-05-28 11:07:07.000,2023-07-26 22:00:00.000,true,e4339372-0044-0c00-d3f4-721511b952a1,31.145.140.5,TR,false,0,0, +eu-150434,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Migros,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284748,2020-12-07 14:36:19.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,18,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,546619392.00,0,"Milliman, Inc. - 6398881100289078547",0,2,0,0.00,0,20.09.351,,enterprise,1000000,2,2020-10-06 10:22:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3051911,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MindTree Limited - 1175121378409082493,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209361,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,MindTree Limited - 7988362261706687593,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285715,2020-12-07 14:22:11.000,0,161,0.00,0,0,0,0,0,0,7,1,1,0,28,18,0,0,0,0,0,0,0,5,0,0,0,2046640128.00,668262400.00,0,"Mindbody, Inc. - 153891825817923485",0,23,0,0.00,0,20.09.369,,enterprise,1000000,23,2020-10-28 18:09:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210131,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Minera Exar S.a. - 7346573109389534085,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143546022,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ministry of Justice - 2240232037162140843,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544935,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ministry of Justice - 4528342637908057542,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260691,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Minneapolis Public Schools - 3883853688045027283,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213109,2020-12-07 15:46:25.000,0,469,0.00,0,0,0,0,0,0,1,1,1,0,28,24,33,0,0,30,0,0,0,1,0,0,0,2046640128.00,581705728.00,0,"Minted, LLC - 6229146157241224018",0,67,0,0.00,0,20.04.177,,enterprise,1000000,67,2020-02-08 01:11:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186135,2020-12-06 15:55:31.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,7,0,0,0,3,0,0,0,5,18,0,0,2046640128.00,613158912.00,0,Miovision Technologies Incorporated - 4509027482928644873,0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2019-12-11 07:20:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237223,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mission Lane,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214902,2020-12-06 16:38:04.000,0,119,0.00,0,0,0,0,0,0,1,1,1,0,28,35,51,0,0,27,0,0,0,1,0,0,0,2046640128.00,570081280.00,0,Mission Lane - 2911699592970552782,0,17,0,0.00,0,20.09.366,,enterprise,1000000,17,2020-03-03 06:20:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3001810,2020-12-06 15:49:28.000,4,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,535564288.00,0,"Mitsubishi Chemical Systems, Inc. - 7411494711306147980",4,0,0,0.00,0,20.04.163,,enterprise,1000000,4,2019-12-10 11:24:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053894,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,539009024.00,0,Mitsubishi Corporation - 5644853604044794590,0,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-26 02:33:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050914,2020-12-06 15:55:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Mitsui Chemicals, Inc. - 1098050305641803935",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177522,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mizuho Bank - 7493601309464036501,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051875,2020-12-06 15:51:40.000,5,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,2,0,0,0,0,0,0,0,1,0,0,2046640128.00,545034240.00,0,"Mizuho Financial Group, Inc. - 7172414175094005257",5,0,0,0.00,0,20.04.177,,enterprise,1000000,5,2020-03-16 13:52:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Modern Healthcare, Inc.",2020-12-06 16:45:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Modern Healthcare, Inc.",0,0,0,0.00,0,19.11.512,null@joinmodernhealth.com,enterprise,100,10,2020-05-21 18:17:09.000,2021-05-30 18:17:09.000,true,033c49fe-a3d3-b066-1e67-ab56eb669496,13.57.17.208,US,false,0,0, +us-3-159244917,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Mondelez International, Inc. - 308651287452400913",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054607,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Monex, Inc. - 7677831988231784493",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213108,2020-12-06 16:04:29.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,17,13,0,0,59,0,0,0,1,0,0,0,2046640128.00,561184768.00,0,"Moneygram Payment Systems, Inc. - 2168986858771021122",0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-02-08 01:06:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574476,2020-12-07 15:00:28.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,4,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,542937088.00,1,Moodys,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 10:50:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158259668,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Moore Capital,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285590,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,530857984.00,0,Moses Cone Health Systems - 3449713386461141904,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-19 14:41:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Motability Operations Limited,2020-12-07 15:03:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Motability Operations Limited,0,0,0,0.00,0,20.04.177,seretate@motabilityoperations.co.uk,enterprise,500,75,2020-06-12 10:43:53.000,2021-07-26 07:00:00.000,true,6de8e6f1-7a36-1ebd-bd31-a0bc010515a0,52.56.151.243,GB,false,0,0, +us-3-159245812,2020-12-06 16:22:42.000,3,7,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,0,0,0,0,0,0,1,3,0,0,2046640128.00,531025920.00,0,Motional,3,1,0,0.00,5,20.09.366,,enterprise,1000000,4,2020-08-28 20:20:19.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245749,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Motional - Disabled,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Motorola Solutions, Inc.(Global HQ) ",2020-12-07 10:02:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Motorola Solutions, Inc.(Global HQ) ",0,0,0,0.00,0,19.11.512,scott.moser@motorolasolutions.com,enterprise,3600,558,2020-08-06 15:28:34.000,2021-01-16 15:28:34.000,true,15c9e32c-adb1-eb6d-aed9-d23e101a29f0 ,40.121.3.61,US,false,0,450, +us-3-159239089,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Mphasis,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258869,2020-12-07 14:39:18.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,10,34,0,0,2,1,0,0,1,0,0,0,2046640128.00,545456128.00,1,Mphasis,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-12-12 08:28:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159214190,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Mueller Water Products, Inc. - 474041233899524380",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543883,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Multichoice - 6027494090439255949,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Multiscale Health Networks,2020-12-06 23:06:11.000,4,119,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Multiscale Health Networks,4,17,0,0.00,0,20.09.365,duncan.bowring@multiscale.io,enterprise,200,22,2020-11-20 20:52:52.000,2021-11-19 08:00:00.000,true,cdceecf6-d1d8-2c93-8d3b-8b243ca73362,35.222.96.253,US,false,0,0, +Municipal Property Assessment Corporation,2020-12-07 02:19:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Municipal Property Assessment Corporation,0,0,0,0.00,0,20.04.177,tamara.solsona@mpac.ca,enterprise,200,33,2020-03-30 16:17:12.000,2021-04-23 16:17:12.000,true,72baf818-5fd6-57c3-8a12-a19fab02804a,35.182.153.33,CA,false,0,25, +us-3-159186138,2020-12-07 15:38:45.000,1,0,0.00,0,0,0,2,1,1,1,1,1,0,28,0,0,1,0,0,0,0,0,1,2,0,0,2046640128.00,545214464.00,0,Mutual of Omaha Insurance Company - 4455445185749660191,1,0,0,0.00,1,20.09.366,,enterprise,1000000,1,2019-12-11 07:23:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255823,2020-12-07 14:44:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Myers Media Group,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243981,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Myokardia, Inc. - 6935950708138500479",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228577,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NA - 4263227339180544175,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284873,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NA - 6906213212558264524,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +NASA Johnson Space Center,2020-12-07 00:06:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NASA Johnson Space Center,0,0,0,0.00,0,19.03.311,bebe.a.watkins@nasa.gov,enterprise,100,1,2020-11-24 18:54:36.000,2021-11-23 08:00:00.000,true,8e977d62-1cfc-0b66-1ab5-dff6f8a50aa1,139.169.93.114,US,false,0,0, +us-3-159211216,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NATIONAL RURAL ELECTRIC COOPERATIVE ASSOCIATION - 3602592219093832850,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +NAVAIR St. Inigoes,2020-12-06 21:50:19.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NAVAIR St. Inigoes,0,1,0,0.00,0,20.04.177,jan.mahoney@navy.mil,enterprise,100,1,2020-08-12 18:14:48.000,2021-08-18 07:00:00.000,true,056c3b6b-6b12-1a2c-175d-f545638dc9df,24.19.141.217,US,false,0,0, +NAVSEA - SEA04Z,2020-12-07 15:19:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NAVSEA - SEA04Z,0,0,0,0.00,0,20.04.177,joseph.osborne@navy.mil,enterprise,10,1,2020-05-12 14:12:32.000,2021-05-21 07:00:00.000,true,21c987f5-c206-b8e1-1e41-bad95f6342c2,69.140.119.246,US,false,10,0, +us-2-158254026,2020-12-07 15:01:31.000,8,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,536190976.00,0,NBA,8,3,0,0.00,0,19.11.512,,enterprise,1000000,11,2019-12-06 14:13:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254960,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NBC Universal,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +NBCUniversal,2020-12-07 12:32:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NBCUniversal,0,0,0,0.00,0,19.11.512,tony.cetera@nbcuni.com,enterprise,55800,0,2020-07-28 16:04:29.000,2022-09-25 16:04:29.000,true,00000871,52.42.255.54,US,false,0,0, +eu-2-143545803,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NCC Group - 102009542500365002,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096876,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NCS Pte Ltd - 4470887787902431981,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183313,2020-12-06 15:45:50.000,9,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,534478848.00,0,NDTV Convergence - 2136225977878477427,9,0,0,0.00,0,,,enterprise,1000000,9,2019-12-10 21:38:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210130,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NDTV Convergence - 6928584189961300369,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3001998,2020-12-06 15:49:28.000,0,49,0.00,0,0,3,0,0,0,3,2,1,0,28,2,6,0,0,1,0,0,0,0,2,0,0,2046640128.00,546562048.00,0,"NET ONE SYSTEMS CO., LTD. - 8047095842391564777",0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2019-12-10 11:09:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286553,2020-12-07 15:01:30.000,0,0,0.00,0,0,1,1,0,0,1,1,1,0,28,4,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,534241280.00,0,NETDATA COLOMBIA SAS - 6092543729526427878,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-09 19:26:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574350,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NHL,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544808,2020-12-07 15:44:29.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,20,134,0,0,1,1,0,0,0,0,0,0,2046640128.00,553492480.00,0,NHS Digital - 2215972194408574392,0,12,0,0.00,0,20.09.366,,enterprise,1000000,14,2020-08-26 12:36:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +NIH,2020-12-07 10:34:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NIH,0,0,0,0.00,0,20.04.177,gloria.chong@nih.gov,enterprise,100,5,2020-08-06 19:52:23.000,2021-08-09 07:00:00.000,true,324f6df6-a1b7-b804-2011-1cb61e3c579a,34.226.111.205,US,false,0,0, +NIH,2020-12-07 11:05:38.000,0,63,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NIH,0,9,0,0.00,0,20.04.177,silverdg@mail.nih.gov,enterprise,160,10,2020-08-06 15:53:00.000,2021-08-01 15:53:00.000,true,827bccbd-4149-608a-614d-fc7b7326e67c,156.40.216.1,US,false,0,20, +us-3-159179444,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NIH - 7652142888694172293,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573490,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NIO,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051691,2020-12-06 15:49:29.000,0,0,0.00,0,0,0,0,0,3,1,1,4,0,30,0,0,3,0,0,0,0,0,0,1,0,0,2046640128.00,537673728.00,0,NIPPON TELEGRAPH AND TELEPHONE CORPORATION - 4567630961300249328,0,0,0,0.00,4,20.09.366,,enterprise,1000000,3,2020-02-18 17:52:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +NRECA,2020-12-07 13:12:52.000,0,70,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NRECA,0,10,0,0.00,0,20.09.365,null@nreca.com,enterprise,140,10,2020-11-30 23:32:19.000,2021-03-19 23:32:19.000,true,c722eea8-0f53-4a40-2e2d-7cf407703309,74.127.88.11,US,false,0,20, +us-3-159215902,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NRECA - 437860197566810762,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096848,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"NRI SecureTechnologies, Ltd. - 3120181266461296377",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241908,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"NRI SecureTechnologies, Ltd. - 6662295552471861269",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284754,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NSSD - 5667157053990068559,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545860,2020-12-07 15:20:49.000,0,28,0.00,0,0,0,0,0,0,3,1,1,0,28,16,4,0,0,36,0,0,0,0,0,0,0,2046640128.00,540590080.00,0,NTS Netzwerk Telekom Service AG - 8202949390807436061,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-10-22 08:05:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143539008,2020-12-07 15:03:06.000,0,21,0.00,0,0,2,0,0,0,16,4,1,0,29,15,3,0,0,942,0,0,0,2,0,0,0,2046640128.00,540082176.00,0,NTT DATA Deutschland GmbH - 2601781404807808330,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-11 12:18:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052656,2020-12-06 16:00:49.000,0,20,0.00,0,0,0,0,2,1,1,1,1,5,28,0,0,4,1805,0,0,0,0,0,3,0,0,2046640128.00,597176320.00,0,"NTT DOCOMO, INC. - 4394172931748642395",0,0,20,0.00,15,20.04.177,,enterprise,1000000,279,2020-04-24 14:52:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053742,2020-12-06 17:21:00.000,0,1,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,534282240.00,0,"NTT DOCOMO, INC. - 4396168158883549543",0,0,1,0.00,0,20.09.366,,enterprise,1000000,1,2020-08-20 01:51:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054577,2020-12-06 17:20:59.000,0,21,0.00,0,0,0,0,0,0,3,1,1,0,31,3,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,517267456.00,0,"NTT DOCOMO, INC. - 5099148327469661210",0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-13 09:33:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054608,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"NTT DOCOMO, INC. - 9020234366933427569",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053890,2020-12-06 17:42:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NTT FINANCE CORPORATION - 241852330117550653,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238091,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NTT Security (US) Inc - 8136230111290808131,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237005,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NTT Singapore Solutions Pte Ltd - 7923816191080355365,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +NTT TechnoCross Corporation,2020-12-04 08:12:41.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NTT TechnoCross Corporation,0,1,0,0.00,0,20.09.365,watanabe.takumi@ntt-tx.co.jp,evaluation,100,1,2020-11-05 08:00:14.000,2020-12-05 00:00:00.000,true,b8182e45-bfa8-0d4e-9631-829655a4caa3,153.156.235.26,JP,false,0,0, +anz-3050019,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NTTデータ先端技術株式会社 - 2584884963499942200,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256940,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NTUC FairPrice,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240947,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NYC Cyber Duplicate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286546,2020-12-07 14:34:00.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,60,36,0,0,0,0,0,0,0,45,0,0,2046640128.00,573722624.00,0,Naranja Digital Compañia Financiera S.A.U. - 3053254422083027319,0,12,0,0.00,0,20.09.366,,enterprise,1000000,14,2020-11-06 20:45:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Nasreen,2020-12-07 15:05:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nasreen,0,0,0,0.00,0,20.11.605,nabufanni@paloaltonetworks.com,enterprise,1000,1,2020-11-01 10:40:06.000,2023-11-01 10:40:06.000,true,dev,82.166.99.178,IL,true,0,0,a05aWkdvYm8ySFVO +eu-103281,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NatWest Markets,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +National Aeronautics And Space Administration,2020-12-07 04:03:20.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Aeronautics And Space Administration,0,1,0,0.00,0,20.09.365,timothy.a.meader@nasa.gov,enterprise,100,1,2020-09-25 16:52:13.000,2021-09-11 07:00:00.000,true,349d7494-df18-09d8-7ca8-1f2fdb671826,3.227.194.175,US,false,0,0, +National Australia Bank Limited,2020-12-07 13:09:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Australia Bank Limited,0,0,0,0.00,0,20.04.163,elliot.tilley@nab.com.au,enterprise,8000,1,2020-07-21 23:11:44.000,2021-07-09 07:00:00.000,true,c0266be7-04c0-70ea-44ce-07c4f66ff1f1,52.63.141.121,AU,false,0,0, +anz-3051910,2020-12-06 16:00:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Australia Bank Limited - 6664491363744478298,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +National Center for High-Performance Computing,2020-12-07 07:35:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Center for High-Performance Computing,0,0,0,0.00,0,20.04.177,hung.zhou@nchc.org.tw,enterprise,300,2,2020-07-24 02:29:41.000,2023-07-22 22:00:00.000,true,e86c87e4-1973-3578-e6d2-8175b23da8c3,140.110.156.1,TW,false,0,0, +us-3-159207312,2020-12-07 15:46:26.000,0,84,0.00,0,0,0,0,0,0,2,1,1,0,28,41,4,0,0,142884,0,0,0,1,1,0,0,2046640128.00,677060608.00,0,National Geographic Society Inc - 6693239683553072152,0,12,0,0.00,0,19.11.512,,enterprise,1000000,12,2019-12-11 10:38:18.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +National Oceanic and Atmospheric Administration (DOC-NOAA) HQ,2020-12-06 20:07:46.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Oceanic and Atmospheric Administration (DOC-NOAA) HQ,0,4,0,0.00,0,20.09.345,randy.barnett@noaa.gov,enterprise,100,4,2020-08-18 14:29:07.000,2021-07-09 07:00:00.000,true,c1eef2c8-d965-f1a4-9226-404c77ffe580,137.75.164.101,US,false,0,0, +National Science Foundation,2020-12-06 19:38:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Science Foundation,0,0,0,0.00,0,20.04.177,tboger@nsf.gov,enterprise,100,15,2020-10-02 22:13:07.000,2021-09-01 07:00:00.000,true,3c185d55-9963-33c4-e29e-66d065ce07ed,128.150.225.100,US,false,0,0, +National Science Foundation,2020-12-07 04:41:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Science Foundation,0,0,0,0.00,0,19.03.311,tboger@nsf.gov,enterprise,10,1,2020-07-10 20:04:58.000,2021-07-09 07:00:00.000,true,4d02bcd2-e1b2-666b-31e8-b63091649588,128.150.225.100,US,false,10,0, +aws-singapore-961096812,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National University of Singapore - 3943685897531400440,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245721,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,National Western Life Insurance Company - 5381564378215597351,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573521,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nationwide,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543045,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nationwide Building Society - 7940426297692822209,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153348,2020-12-07 15:44:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Natixis - 7840621286414788857,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284777,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Natura Cosmeticos S.A. - 1785839143853194652,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158259795,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Natura Cosmeticos S.A. - 7276828829526021612,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540162,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Natwest Markets Limited - 5820224070782298970,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Nav Inc,2020-12-07 14:37:56.000,0,147,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nav Inc,0,21,0,0.00,0,20.09.365,chopkins@nav.com,enterprise,200,21,2020-12-07 08:00:30.000,2021-12-06 00:00:00.000,true,ff1c7589-a2ea-cf26-02c4-43f5f0d98085,52.15.60.52,US,false,0,0, +Naval Air Warfare Center Aircraft Division (NAWCAD),2020-12-07 07:08:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Naval Air Warfare Center Aircraft Division (NAWCAD),0,0,0,0.00,0,19.11.480,brad.searle@navy.mil,enterprise,300,15,2020-08-13 19:13:52.000,2021-08-12 07:00:00.000,true,a64fd5f9-4996-e2bd-59ed-7b0e8d48b061,205.85.22.161,US,false,0,0, +us-2-158258678,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Navient,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238127,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Navient Solutions, Inc. - 2555933994652376690",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181460,2020-12-07 15:28:36.000,0,0,0.00,0,0,1,0,0,0,1,1,1,1,28,0,0,0,0,0,0,0,0,3,0,0,0,2046640128.00,743383040.00,0,Navy Federal Credit Union - 6879950943110133513,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-10 16:15:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159213941,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nbc Universal - 3848136759389875873,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053674,2020-12-06 17:39:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nec Corporation - 6829413604362125999,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540069,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nedbank Group Limited - 4793009671019345132,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152476,2020-12-07 15:20:50.000,0,161,0.00,0,0,0,0,0,0,1,1,1,0,28,69,19,0,0,275,0,0,0,0,0,0,0,2046640128.00,555753472.00,0,Nedbank Group Limited - 8369872947004540309,0,23,0,0.00,0,20.09.366,,enterprise,1000000,23,2019-12-10 11:41:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244725,2020-12-06 15:55:31.000,0,0,0.00,0,0,0,0,0,0,0,1,3,0,28,0,0,1,0,0,0,0,0,0,3,0,0,2046640128.00,543109120.00,0,Nelnet Bank - 6981432538437167867,0,0,0,0.00,8,20.09.351,,enterprise,1000000,2,2020-08-04 17:14:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Nelnet, Inc.",2020-12-07 01:44:22.000,0,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nelnet, Inc.",0,7,0,0.00,0,20.09.345,marshall.blick@nelnet.net,enterprise,200,8,2020-02-19 21:07:46.000,2021-02-18 08:00:00.000,true,7261b11f-68b9-6c0d-d6e9-e037902cae70,52.33.2.242,US,false,0,0, +us-3-159244695,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nelnet, Inc. - 4250520729752515383",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185336,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Neon Pagamentos S/a - 4119774072385305676,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286577,2020-12-07 14:46:32.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,7,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,545808384.00,0,Neosecure Chile S.A. - 2288453172599871232,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-11-09 19:26:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284816,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Neosecure Chile S.A. - 428723695932592936,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539167,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nestle Operational Services Worldwide SA. - 3259141064556766576,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143537365,2020-12-07 15:31:26.000,0,665,0.00,0,0,0,0,0,0,1,1,1,0,28,342,344,0,0,13,0,0,0,29,1,0,0,2046640128.00,692477952.00,0,Nestle S.A. - 7111382211920934896,0,95,0,0.00,0,20.09.366,,enterprise,1000000,144,2019-12-11 01:48:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3048812,2020-12-06 15:54:25.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,539848704.00,0,Net One Partners - 264680426156445920,0,3,0,0.00,0,19.11.480,,enterprise,1000000,3,2019-12-10 11:32:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054611,2020-12-06 17:42:47.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,10,3,0,0,7,0,0,0,0,0,0,0,2046640128.00,407547904.00,0,Net One Systems (Reseller) - 1098858002050057535,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-27 01:45:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3048809,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Net One Systems (Reseller) - 1343541912572781455,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052804,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Net One Systems (Reseller) - 6655248824695301540,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053889,2020-12-06 17:42:45.000,0,0,0.00,0,0,0,0,0,1,1,1,2,0,28,0,0,1,0,0,0,0,0,0,0,0,0,2046640128.00,535756800.00,0,Net One Systems (Reseller) - 8918032885958167803,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-09 09:08:18.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050913,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Net One Systems (Reseller) - 895233264224188891,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Netapp, Inc.",2020-12-07 04:28:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Netapp, Inc.",0,0,0,0.00,0,20.09.365,damon.love@netapp.com,enterprise,600,0,2020-07-14 16:56:05.000,2021-07-16 07:00:00.000,true,50c13b9d-e2d9-9623-acb2-aeeb199f2f8a,216.240.30.23,US,false,0,0, +us-2-158287543,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Netapp, Inc. - 219864765200869189",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212116,2020-12-06 16:48:20.000,0,772,0.00,0,0,0,0,0,0,3,2,1,1,28,17,25,0,0,0,0,0,0,2,1,0,0,2046640128.00,715948032.00,0,"Netapp, Inc. - 7206226061212385083",0,109,9,0.00,0,20.09.366,,enterprise,1000000,118,2020-01-28 22:35:19.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096936,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Netmarble Games Corp. - 3355526651656885293,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545030,2020-12-07 15:20:49.000,0,168,0.00,0,0,0,0,0,0,1,1,1,0,28,52,4,0,0,0,0,0,0,0,0,0,0,2046640128.00,552706048.00,0,Nets Norway AS - 7225622418065718803,0,24,0,0.00,0,20.09.366,,enterprise,1000000,24,2020-09-30 09:55:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153376,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Netsecurity AS - 2474599362542950551,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053618,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Netsolutions Pty Ltd - 3318366278110083369,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545987,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Network International Llc - 2694363358223193796,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545990,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Network International Llc - 7104990530071844609,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179377,2020-12-06 16:22:54.000,0,147,0.00,0,0,0,0,0,0,1,1,1,0,28,36,18,0,0,5,0,0,0,0,0,0,0,2046640128.00,561070080.00,0,New York City Information Technology & Telecommunications (NYC DoITT) - 7206345135007051895,0,21,0,0.00,0,20.09.366,,enterprise,1000000,21,2019-12-10 09:09:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212049,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,New York City Information Technology & Telecommunications (NYC DoITT) - 7799983856663751206,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096811,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Newen Networks - 7754230716557607730,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543942,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Newlode Group - 2153332275012758193,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212150,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nexeo Plastics - 2733609028882184915,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214877,2020-12-07 15:32:50.000,0,210,0.00,0,0,0,0,0,0,2,1,1,0,28,45,30,0,0,513,0,0,0,1,0,0,0,2046640128.00,703991808.00,0,Nexsys - 5961926785888200271,0,30,0,0.00,0,20.04.169,,enterprise,1000000,30,2020-03-02 19:21:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544036,2020-12-06 15:52:55.000,0,98,0.00,0,0,0,0,0,0,1,3,1,0,28,26,29,0,0,9,0,0,0,1,0,0,0,2046640128.00,645787648.00,0,Next Insurance - 1522062739938918600,0,14,0,0.00,0,20.09.351,,enterprise,1000000,51,2020-08-05 11:54:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228552,2020-12-07 15:46:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Next Phase Solutions And Services, Inc. - 5215336189791178953",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539259,2020-12-07 15:47:33.000,0,826,0.00,0,0,0,0,0,0,2,1,1,0,28,485,114,0,0,10,0,0,0,12,1,0,0,10501771264.00,1528766464.00,1,Next Plc - 7534578413290949092,0,118,0,0.00,0,20.09.366,,enterprise,1000000,118,2020-01-13 10:40:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096967,2020-12-07 14:54:36.000,1,28,0.00,0,0,0,0,0,0,3,1,1,0,28,5,1,0,0,1,0,0,0,0,0,0,0,2046640128.00,540332032.00,0,Ngern Tid Lor Company Limited - 5084436381549001082,1,4,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-10-22 07:00:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111572435,2020-12-07 14:44:06.000,0,623,0.00,0,0,0,0,0,0,2,4,1,0,28,224,1859,0,0,411,1,0,0,2,1,0,0,10501771264.00,794939392.00,0,Nielsen,0,89,0,0.00,0,20.09.366,,enterprise,1000000,100,2019-11-12 05:57:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3051880,2020-12-06 15:55:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nihon Unisys, Ltd. - 2632544554889556070",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054635,2020-12-06 17:55:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nihon Unisys, Ltd. - 4879755677361644968",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283758,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nihon Unisys, Ltd. - 8673376332663152620",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Nike, Inc HQ",2020-12-06 22:13:48.000,0,1764,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nike, Inc HQ",0,252,0,0.00,0,20.09.365,bill.clifford@nike.com,enterprise,4000,317,2020-07-27 14:16:18.000,2020-12-26 08:00:00.000,true,2ff3fea4-11ca-f3da-1d4b-3d5e2c0da584,34.216.25.199,US,false,0,0, +us-2-158262740,2020-12-07 14:26:18.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,536268800.00,0,"Nike, Inc HQ - 1696656971466627865",0,3,0,0.00,0,,,enterprise,1000000,3,2020-09-02 01:10:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153316,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ninety One - 3921357591306359396,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241939,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nintendo of America Inc. - 5212412801124736614,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283696,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nintendo of America Inc. - 5307880659321457354,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258868,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Niranjan dryrun,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285678,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nisa Investment Advisors, Llc - 1307783309657174826",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212236,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nisource Inc. - 4104001648001386572,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286764,2020-12-07 14:37:49.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,517087232.00,0,"Nomi Health, Inc. - 3270837049539600876",0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-11-20 16:15:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255799,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nomura,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054604,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Nomura Research Institute,Ltd. - 4147815217904576837",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216086,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nomura UK - 4509725553011764346,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545056,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,None - 6553447290217303847,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283820,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,North Carolina State University - 3796834036173773937,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283639,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,North Carolina State University - 4398709379078882180,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284872,2020-12-07 15:01:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,North Dakota University Systems - 3994249192480205346,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283726,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Northrop Grumman Corporation - 745812718866844258,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539197,2020-12-07 15:39:25.000,0,301,0.00,0,0,0,0,0,0,7,27,1,0,28,78,49,0,0,207,2,0,0,0,0,0,0,2046640128.00,605884416.00,0,"Nos Technology - Concepção, Construção E Gestão De Redes De Comunicações, S.a. - 1268062337909790045",0,43,0,0.00,0,20.09.351,,enterprise,1000000,43,2019-12-31 15:59:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573366,2020-12-07 14:44:06.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,3,0,0,2046640128.00,529444864.00,0,Novo Nordisk,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2019-11-22 05:29:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143539165,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Novo Nordisk A/S - 8411138646282779016,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575341,2020-12-07 14:28:02.000,0,553,0.00,0,0,0,0,0,0,1,1,1,0,28,200,96,0,0,321,17,0,0,2,0,0,0,10501771264.00,1538265088.00,0,NovuHealth,0,79,0,0.00,0,20.09.366,,enterprise,1000000,96,2019-12-10 04:14:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237934,2020-12-07 15:29:29.000,0,63,0.00,0,0,0,0,0,0,1,1,1,0,28,33,5,0,0,301,7,0,0,2,1,0,0,2046640128.00,597352448.00,0,"Nrg Energy, Inc. - 8563713861025801963",0,9,0,0.00,0,20.09.366,,enterprise,1000000,19,2020-04-15 23:10:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053649,2020-12-06 17:39:09.000,0,0,0.00,0,0,3,0,0,0,4,1,1,0,28,5,0,0,0,6,0,0,0,0,0,0,0,2046640128.00,533180416.00,0,"Nri Secure Technologies, Ltd. - 8108392358267681592",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-07-28 15:39:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243951,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ns8 - 169959229704613786,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243732,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,1,0,0,0,2,1,0,0,2046640128.00,554401792.00,0,Ns8 - 5555048393375362762,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-07-22 16:04:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050976,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ntt Data Intellilink Corporation - 9049073482177998689,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215065,2020-12-06 16:33:35.000,1,0,0.00,0,0,0,0,0,0,2,1,2,0,28,0,0,0,0,0,0,0,0,1,1,0,0,2046640128.00,546410496.00,0,"Nu Skin Enterprises, Inc. - 3319174154882017140",1,0,0,0.00,1,20.09.366,,enterprise,1000000,1,2020-03-11 16:09:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186137,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NuGeneration Technologies - 5586926142096739410,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260786,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,NuGeneration Technologies - 7325902974874044186,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254031,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nutrien,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180282,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Nyc Office Of The Mayor - 5147685810861478288,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283912,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,O Boticario Franchising Ltda. - 1494345265629794879,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254058,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,OGE Energy,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242027,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,OIT State of NJ - 469617043620290374,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262555,2020-12-07 14:28:01.000,0,21,0.00,0,0,3,1,0,1,3,2,1,0,28,18,0,0,0,29,0,0,0,0,3,0,0,2046640128.00,542937088.00,0,ON2IT Netherlands - 2962940854098424954,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 16:03:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573364,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,OPIS,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260599,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ORNL Federal Credit Union,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238154,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,8,0,0,0,0,0,0,4,0,0,2046640128.00,533987328.00,0,OTC MARKETS GROUP INC. - 4533371478620068636,0,0,0,0.00,72,20.09.366,,enterprise,1000000,9,2020-04-26 02:12:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238904,2020-12-06 15:52:51.000,0,16,0.00,0,0,0,1,1,0,1,1,1,1,28,0,0,0,0,0,0,0,0,2,1,0,0,2046640128.00,536657920.00,0,Oak Hill Advisors - 7881264567946777484,0,0,16,0.00,8,20.09.351,,enterprise,1000000,16,2020-04-30 16:57:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228580,2020-12-07 15:28:36.000,1,0,0.00,0,0,0,1,0,0,1,2,1,0,28,0,1,0,0,0,0,0,0,0,0,0,55639,2046640128.00,530948096.00,0,Oakland County - 3259779706025617588,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-10-26 23:57:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284848,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Oakland County - 7274063796855015452,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285583,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ocrolus, Inc. - 7678944594180061638",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103223,2020-12-07 15:20:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Octopus Labs,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Office Depot, Inc",2020-12-07 02:14:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Office Depot, Inc",0,0,0,0.00,0,20.04.177,tim.brown@officedepot.com,enterprise,800,0,2020-02-18 03:44:55.000,2021-02-25 08:00:00.000,true,607ecfb2-8468-6fc9-0a8e-b38c90ed2ed2,34.233.234.207,US,false,0,0, +Office Of The Government Chief Information Officer,2020-12-07 11:13:18.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Office Of The Government Chief Information Officer,0,3,0,0.00,0,20.09.365,ksklam@ogcio.gov.hk,enterprise,200,3,2020-10-07 09:34:27.000,2024-01-05 23:00:00.000,true,d0ed1f4e-e7db-3d4b-4f75-7a8976688e57,116.92.198.98,HK,false,0,0, +Office Of The Government Chief Information Officer,2020-12-07 13:18:01.000,1,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Office Of The Government Chief Information Officer,1,3,0,0.00,0,20.09.345,ckyiu@ogcio.gov.hk,enterprise,100,4,2020-07-31 09:23:43.000,2021-11-28 23:00:00.000,true,db5159c9-60c7-4387-41e4-9327edfb7db7,218.253.212.156,HK,false,0,0, +us-3-159237011,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ohiohealth Corporation - 6835295729437343612,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053770,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Okamura Corporation - 209625173069895535,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Okta, Inc.",2020-12-07 08:49:18.000,0,196,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Okta, Inc.",0,28,0,0.00,0,20.09.365,chaim.sanders@okta.com,enterprise,100,28,2020-02-19 16:21:49.000,2021-02-18 08:00:00.000,true,4542106c-d5c2-0491-c8b3-f82ea9a7a4a2,54.243.204.252,US,false,0,0, +us-2-158286770,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Olam Information Services Private Limited - 455972234833899365,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"On-line Strategies, Inc.",2020-12-07 05:31:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"On-line Strategies, Inc.",0,0,0,0.00,0,20.04.177,matthew.frick@olspayments.com,enterprise,64,64,2020-09-18 20:32:05.000,2021-08-29 07:00:00.000,true,caa57c5a-0cf1-30a6-03fc-cdc9b01dcb0e,199.244.252.217,US,false,64,0, +anz-3053862,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,One 97 Communications Private Limited - 236486378734831391,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053641,2020-12-06 17:55:58.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,8,10,0,0,2,0,0,0,0,0,0,0,2046640128.00,544997376.00,0,One 97 Communications Private Limited - 2867067241187957845,0,5,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-07-20 15:06:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053859,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,One 97 Communications Private Limited - 3404132774738313607,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053858,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,One 97 Communications Private Limited - 5472052050706562854,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053834,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,One 97 Communications Private Limited - 5588511132686997378,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053860,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,One 97 Communications Private Limited - 6433828728189691764,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053861,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,One 97 Communications Private Limited - 647378936566239460,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180398,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Onehealthport, Inc. - 2366054096883975191",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286637,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Onix Networking Corp. - 5438859038247900475,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283887,2020-12-07 14:51:46.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,10,13,0,0,8,0,0,0,2,0,0,0,2046640128.00,559714304.00,1,Online Computer Library Center - 7885142156791599636,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-09-24 18:07:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287480,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Online Computer Library Center - 9036572511742121867,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245839,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Onpath Technologies - 1465302520917797348,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286733,2020-12-07 15:01:32.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,19,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,477941760.00,0,"Ontario Systems, LLC - 1967094028861995425",0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-18 23:28:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143542886,2020-12-07 15:03:06.000,0,7,0.00,0,0,0,0,0,0,2,1,1,1,28,1,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,596086784.00,0,Op-palvelut Oy - 6554070058417894793,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-05-29 16:01:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157621,2020-12-07 09:58:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Open Text Corporation - 531750968563388160,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283786,2020-12-07 15:01:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Oplon.net - 2990441394656526439,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151491,2020-12-07 15:27:19.000,60,49,0.00,0,0,0,0,0,0,1,1,1,0,28,1,48,0,0,0,0,0,0,0,0,0,0,2046640128.00,553570304.00,0,Optimal Plus Ltd - 5585506565472561189,60,7,0,0.00,0,20.09.366,,enterprise,1000000,67,2019-12-09 23:15:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256941,2020-12-07 14:47:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Optimizely,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215834,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Optiv Security - 143512272156374906,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285557,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,11,0,0,0,9,0,0,0,0,0,0,0,2046640128.00,536551424.00,0,Optiv Security Inc. (U.S. DIRECT RESELLER) - 3119849697953918715,0,0,0,0.00,0,,,enterprise,1000000,0,2020-10-15 16:18:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285653,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Optiv Security Inc. (U.S. DIRECT RESELLER) - 418607122328580460,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214999,2020-12-07 15:39:28.000,3,14,0.00,0,0,2,1,0,0,3,6,1,0,29,1,2,0,0,1,1,0,0,2,0,0,83799,2046640128.00,571342848.00,0,Optiv Security Inc. (U.S. DIRECT RESELLER) - 9017607515329568886,3,2,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-03-07 01:19:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3051851,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Optus,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545831,2020-12-07 15:35:49.000,2,0,0.00,0,0,0,1,0,0,1,1,1,1,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,528445440.00,0,Orange Cyber Defence UK - 1700433656193860473,2,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-20 14:46:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153320,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Orange Cyber Defense Denmark - 6999215046270391320,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539261,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,11,0,0,2046640128.00,528363520.00,0,Orange Cyberdefense MSSP Authorized Support Center - 1547216175087836856,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-01-13 16:14:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544844,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Orange Cyberdefense UK - 1597114391628501042,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3048870,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Orient Overseas Container Line (OOCL) - 2130431712993144396,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237069,2020-12-06 16:43:51.000,2,7,0.00,0,0,0,1,0,0,2,1,1,0,28,1,1,0,0,0,0,0,0,0,2,0,0,2046640128.00,545054720.00,0,Origami Risk Llc - 4428694729698022424,2,1,0,0.00,0,20.09.351,,enterprise,1000000,3,2020-04-07 01:45:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3228582,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Origami Risk Llc - 8092445067919739785,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242930,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Origami Risk Llc - 8718543523959624466,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Osaretin_Eval,2020-12-01 17:30:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Osaretin_Eval,0,0,0,0.00,0,20.04.177,oosemwenkha@paloaltonetworks.com,evaluation,100,0,2020-06-29 18:58:31.000,2020-12-26 18:58:31.000,true,0,34.123.36.59,US,true,0,0, +us-3-159183289,2020-12-06 16:22:43.000,220,3997,0.00,0,0,0,0,0,0,3,1,1,0,28,297,4012,0,0,32319,0,0,0,8,21,0,0,10501771264.00,871976960.00,0,Outreach Corporation - 415851845264028975,220,571,0,0.00,0,20.09.366,,enterprise,1000000,820,2019-12-10 21:33:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215963,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Outreach Corporation - 5589927717348274729,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Overstock.com,2020-12-06 21:27:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Overstock.com,0,0,0,0.00,0,20.04.163,stidwell@overstock.com,enterprise,100,0,2020-09-28 20:32:31.000,2021-09-28 07:00:00.000,true,ba065b3d-6edc-1c8a-d0a2-607f62c45d5a,65.116.116.6,US,false,0,0, +eu-2-143544091,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Oy Samlink Ab - 4369820940294311310,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542108,2020-12-07 15:31:26.000,1,21,0.00,0,0,0,0,0,0,4,1,1,0,28,3,10,0,0,4,0,0,0,1,0,0,0,2046640128.00,551002112.00,0,Oy Samlink Ab - 6490048611166959886,1,3,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-05-14 08:10:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158259765,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PACCAR,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054605,2020-12-06 18:02:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PAL System - 2338096146114063869,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111525433,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PAN,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +PAN IT First Customer,2020-12-07 00:25:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PAN IT First Customer,0,0,0,0.00,0,20.04.177,mkwong@paloaltonetworks.com,evaluation,100,3,2020-11-12 01:49:44.000,2021-11-12 01:49:44.000,true,0,35.192.9.213,US,true,0,0, +us-3-159209206,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PANW - 551753149741503971,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +PANW-IL,2020-12-07 14:17:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PANW-IL,0,0,0,0.00,0,20.04.177,lzadka@paloaltonetworks.com,enterprise,2100,3,2019-08-21 17:01:30.000,2022-08-20 17:01:30.000,true,PANW-IL,104.198.229.3,US,true,300,300, +app3panwqa-1234,2020-12-07 15:38:45.000,1,14,0.00,0,0,0,0,0,0,2,1,1,0,28,1,0,0,0,0,0,0,0,1,3,0,0,2046640128.00,536522752.00,0,PANW-QA,1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-11-11 11:31:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +app4panwdev-1234,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,2,0,0,1,4,0,0,2046640128.00,540020736.00,0,PANW-dev,0,0,0,0.00,29,20.09.366,,enterprise,1000000,0,2019-11-11 11:32:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-111523728,2020-12-07 14:46:33.000,0,0,0.00,0,0,1,0,0,0,2,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,543793152.00,1,PANW-dev,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-03-04 23:51:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111523697,2020-12-07 14:36:18.000,0,14,0.00,0,0,0,0,0,0,2,1,1,0,28,2,0,0,0,5,0,0,0,1,4,0,0,2046640128.00,552849408.00,0,PANW-dev,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2019-11-15 14:28:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +app0panwdev-1234,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,535355392.00,0,PANW-dev,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-04-28 05:08:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +appcapanwdev-1234,2020-12-07 09:50:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PANW-dev,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +app2eupanwdev-1234,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,2,3,0,0,2046640128.00,537505792.00,0,PANW-dev,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-11-11 11:32:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3000230,2020-12-07 15:45:23.000,1,7,0.00,0,0,0,1,0,0,3,1,1,0,28,1,1,7,0,0,4,0,0,0,1,0,0,2046640128.00,538951680.00,0,PANW-dev,1,1,0,0.00,5,20.09.366,,enterprise,1000000,5,2019-11-14 05:28:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-101699,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PANW-dev,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +panwsg-1234,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PANW-dev,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-113031107,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,3,0,0,2046640128.00,529850368.00,0,PANWQA,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-11-13 09:28:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +PANW_ INTERNAL_SE_EVAL_90_DAY,2020-12-07 15:17:17.000,1,15,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PANW_ INTERNAL_SE_EVAL_90_DAY,1,2,1,0.00,0,20.09.345,fmeek@paloalotnetworks.com,evaluation,250,4,2020-10-05 23:43:32.000,2021-01-03 23:43:32.000,true,0,34.68.127.79,US,true,0,0, +us-2-158283851,2020-12-07 15:01:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PAREX RESOURCES COLOMBIA LTD SUCURSAL - 2322584227376849688,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207375,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PC Connection Services - 7824613506733416957,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096752,2020-12-07 15:02:53.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,531959808.00,0,PChome Online - 491097466905058894,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-08-06 07:51:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574323,2020-12-07 14:26:17.000,57,553,0.00,0,0,0,1,0,0,1,2,1,1,35,29,35,76,0,8,1,0,0,92,123,0,0,10501771264.00,1319260160.00,0,PG&E,57,79,0,0.00,3,20.09.366,,enterprise,1000000,184,2019-11-22 05:29:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153347,2020-12-07 15:20:49.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,0,8,0,0,0,0,0,0,0,0,0,0,2046640128.00,412958720.00,0,PKO BP S.A. - 4184328337841740181,0,8,0,0.00,0,20.09.366,,enterprise,1000000,8,2020-11-24 13:28:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052900,2020-12-06 15:55:20.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532750336.00,0,PROPERTY EXCHANGE AUSTRALIA LIMITED - 1849154343480531681,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-06-26 23:33:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254030,2020-12-07 14:31:31.000,1,14,0.00,0,0,1,0,0,0,2,2,3,2,28,1,5,2,0,5,0,0,0,2,2,0,0,2046640128.00,539570176.00,0,PSOLab,1,2,0,0.00,10,20.09.366,,enterprise,1000000,8,2020-03-04 20:29:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111575316,2020-12-07 14:36:17.000,1,7,0.00,0,0,0,0,0,0,1,1,1,0,28,7,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,530063360.00,0,PTC,1,1,0,0.00,0,,,enterprise,1000000,2,2019-12-08 05:32:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286579,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PUBLICACIONES SEMANA S A - 2874510700024135518,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572524,2020-12-07 15:01:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PWC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157649,2020-12-07 09:48:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pacific Blue Cross - 4582498041204180437,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +PagerDuty,2020-12-07 03:08:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PagerDuty,0,0,0,0.00,0,20.04.163,kevin@pagerduty.com,enterprise,3200,468,2020-03-19 15:41:05.000,2021-03-14 15:41:05.000,true,00000562,18.237.52.222,US,false,0,400, +us-3-159212026,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286769,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 1082029978123694666,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237134,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 2779797391578162636,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214196,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 3597928052288182002,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283853,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 4501637514988602559,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228419,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 5079145191209180255,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286582,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 5867202257547488072,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214195,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 5877302662400579560,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541121,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 6439822867623301468,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212115,2020-12-06 16:03:50.000,0,21,0.00,0,0,2,0,0,0,1,1,1,0,28,1,7,0,0,0,0,0,0,2,2,0,0,2046640128.00,550039552.00,0,Palo Alto Networks (TEST ACCT) - 7907678726403151297,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-01-28 22:01:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237136,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks (TEST ACCT) - 9131595035487953767,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544968,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 1010084610985663793,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054609,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 1259014485995606465,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545862,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 141621516293927748,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245780,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 145379642034063268,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286793,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 2269440754585816838,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212270,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 254227973615499101,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214132,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 3514355220151433119,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545861,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 3710816445177232702,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053829,2020-12-06 17:55:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 5782192717681935199,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237068,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537526272.00,0,Palo Alto Networks - 6163408513659757380,0,0,0,0.00,0,,,enterprise,1000000,0,2020-04-07 00:31:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284717,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 6964607865580465534,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286580,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 7516446027951559147,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177616,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 7772685684018728567,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544777,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 792032791141946093,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544779,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 8044373769185300811,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184400,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - 8528052276342769935,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153165,2020-12-07 15:44:29.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,3,0,0,0,2046640128.00,541822976.00,0,Palo Alto Networks - 9207660099144332939,1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-10 12:02:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153287,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - EMEA - SE - 2087161815000175483,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096970,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks - InfoSec - Synack Testing - 2712987518910631292,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286638,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 1759728910106884374,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285776,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 1783264122823851738,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544902,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 1866479390308453697,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544813,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 2391135472666061983,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096815,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 2489074387461387436,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096902,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 261763987292533187,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096903,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 3301403735810473606,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544837,2020-12-07 15:27:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 370983664139581798,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285685,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 3955038936877611702,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285676,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 4683621675493615381,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544843,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 6796963232827355448,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285805,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 726049759479981055,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245689,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 8344585954201065680,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283883,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 9020095589019510336,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544960,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks IT Department - 9181083449034597831,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239121,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 275793685982350761,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209198,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 3173697382239104866,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283728,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 3184211899832366342,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284753,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 661614294571262986,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244825,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 7226431280757452154,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244820,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 7604979129730325054,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283854,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 839016486061330719,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245688,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 8707237697285227261,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285712,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Inc. - 989216933754478342,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241098,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Palo Alto Networks Training Lab,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-010101,2020-12-07 14:44:07.000,0,581,0.00,0,0,1,0,0,0,1,1,1,0,28,76,94,0,0,9,0,0,0,0,0,0,0,2046640128.00,585101312.00,0,Palo Alto Networks-245 - 4629335848163805985,0,83,0,0.00,0,20.09.366,,enterprise,1000000,83,2020-10-14 12:23:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-545454,2020-12-07 15:00:28.000,0,6566,0.00,0,0,0,0,0,0,1,1,1,0,28,236,1804,0,0,4792,0,0,0,0,0,0,0,10501771264.00,814641152.00,0,Palo Alto Networks-245 - 8249394116491179188,0,938,0,0.00,0,20.09.366,,enterprise,1000000,951,2020-09-02 06:59:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256789,2020-12-07 14:31:31.000,0,364,0.00,0,0,0,0,0,0,1,1,1,0,28,9,39,0,0,0,0,0,0,5,0,0,0,2046640128.00,592666624.00,0,Panera,0,52,0,0.00,0,20.09.366,,enterprise,1000000,52,2019-12-08 04:11:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243740,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Panera Duplicate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3000231,2020-12-06 15:58:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PanwQA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284746,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,1,0,1,0,28,10,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,545558528.00,0,Parametric Technology Corporation (PTC) - 1342663121191001062,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-06 02:36:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286672,2020-12-07 14:26:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ParkJockey USA - 2148363174697979852,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540127,2020-12-07 15:03:50.000,0,154,0.00,0,0,0,0,0,0,1,1,1,0,28,31,76,0,0,52,0,0,0,4,0,0,0,2046640128.00,609656832.00,0,PassFort,0,22,0,0.00,0,19.11.512,,enterprise,1000000,22,2020-02-06 14:40:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-150495,2020-12-07 15:22:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Paul_Sandbox,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212089,2020-12-07 15:46:25.000,0,420,0.00,0,0,0,0,0,0,1,1,1,0,28,304,19,0,0,613,0,0,0,0,0,0,0,2046640128.00,625164288.00,0,PayIt - 3449404847788990214,0,60,0,0.00,0,20.04.177,,enterprise,1000000,60,2020-01-28 15:38:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"PayPal, Inc.",2020-12-07 09:38:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"PayPal, Inc.",0,0,0,0.00,0,20.04.163,askeren@paypal.com,enterprise,400,1,2020-10-30 17:54:32.000,2021-10-29 07:00:00.000,true,f80a5cf5-53f0-7e87-96d5-86456d056196,223.70.199.97,CN,false,0,0, +us-3-159240942,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"PayPal, Inc. - 7971394293818978854",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543913,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Paybox Payment Solutions Ltd - 8502484588766542955,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Paycom Payroll,2020-12-06 22:07:58.000,0,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Paycom Payroll,0,19,0,0.00,0,20.09.345,don.blair@paycomonline.com,enterprise,200,19,2020-04-30 23:55:53.000,2021-04-29 07:00:00.000,true,da84a272-8429-5dd1-b508-a94606987655,67.200.201.137,US,false,0,0, +us-2-158283631,2020-12-07 14:26:17.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,536920064.00,0,"Paymentspring, Llc - 1450467396929761732",2,0,0,0.00,0,,,enterprise,1000000,2,2020-09-04 20:04:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210254,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Paypal Data Services, Inc. - 5284972983816877697",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096845,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Paytm Payments Bank Limited - 6246519704962533046,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053867,2020-12-06 17:55:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Paytm Payments Bank Limited - 6464833503915740383,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143566881,2020-12-07 15:47:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pearson plc - 2433098896614182802,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237256,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pechanga Resort And Casino - 1720291953451970107,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287475,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pediatrix Medical Group - 4091980588169378746,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245779,2020-12-06 15:52:51.000,0,84,0.00,0,0,0,0,0,0,1,2,1,0,28,12,5,0,0,456,0,0,0,1,0,0,0,2046640128.00,627294208.00,0,"Peerspace, Inc. - 211443295359638580",0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2020-08-26 23:01:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111572281,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pennymac,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096817,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pentalink - 8966413903952425985,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Pentalink Inc,2020-12-07 01:39:33.000,0,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pentalink Inc,0,7,0,0.00,0,20.09.345,null@pentalink.co.kr,enterprise,100,7,2020-10-15 01:22:07.000,2021-10-05 01:22:07.000,true,00022227,210.108.181.202,KR,false,0,0, +anz-3053827,2020-12-06 17:55:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pentalink Inc. - 2778325205632846614,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Penumbra, Inc.",2020-12-06 18:19:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Penumbra, Inc.",0,0,0,0.00,0,20.04.177,kahern@penumbrainc.com,enterprise,100,1,2020-12-01 01:39:55.000,2023-11-19 08:00:00.000,true,721ec3ed-2c9d-a66d-9354-123c6405d3d6,168.61.18.244,US,false,0,0, +eu-2-143545953,2020-12-07 15:35:21.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,7,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,559550464.00,0,Pepsi Cola Servis Ve Dagitim Limited Sirketi - 7991917592461563981,0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-11-03 16:29:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238966,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Pepsico, Inc. - 7944625952313154587",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212180,2020-12-07 15:32:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Personal Capital Corporation - 8117807729364119737,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543817,2020-12-07 15:22:37.000,3,560,0.00,0,0,0,0,0,0,2,1,1,0,29,2189,217,0,0,169,1,0,0,0,0,0,0,10501771264.00,815288320.00,0,Personio,3,80,0,0.00,0,20.09.366,,enterprise,1000000,348,2020-07-10 11:42:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153315,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Personio - 4576562078644744016,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286547,2020-12-07 14:28:01.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,11,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,546607104.00,0,Phillips 66 Company - 2723827829099484311,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-06 20:48:18.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Phimm Internal,2020-12-07 13:46:18.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Phimm Internal,1,2,2,0.00,0,20.09.365,pphonpaseuth@paloaltonetworks.com,evaluation,500,5,2020-02-11 18:32:42.000,2021-02-10 18:32:42.000,true,0,34.68.127.79,US,true,0,0, +us-3-159244850,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,67,8,0,0,2,0,0,0,0,0,0,0,2046640128.00,538460160.00,0,Physicians Mutual - 6785475646287316590,0,0,0,0.00,0,,,enterprise,1000000,0,2020-08-12 15:34:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Pieces Technologies, Inc.",2020-12-06 22:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Pieces Technologies, Inc.",0,0,0,0.00,0,19.11.512,stephen.remusat@piecestech.com,enterprise,96,3,2020-07-28 22:05:49.000,2021-05-09 22:05:49.000,true,fb0ef48d-e83d-8e18-f10a-f99ca60949f6,52.201.205.72,US,false,0,12, +us-3-159177429,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PierianDX,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153352,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PinkRoccade Healthcare - 7456671092046947071,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254806,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Pinpt, Inc",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177453,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,533446656.00,0,Pix R Fun - 1230213622033086462,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-07 18:48:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3181332,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pix R Fun - 1908341046320642817,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261533,2020-12-07 14:39:18.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,2,0,0,0,0,0,0,2,2,0,0,2046640128.00,547573760.00,0,Pix R Fun - 4267039088823750187,1,0,0,0.00,0,20.04.177,,enterprise,1000000,1,2020-03-04 20:26:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3001848,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pix R Fun - 5419074563880054541,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545929,2020-12-06 15:52:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Pizza Restaurantlari Anonim Sirketi - 1765005105061799160,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Planet Fitness,2020-12-07 12:51:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Planet Fitness,0,0,0,0.00,0,19.07.363,stephan.dalgar@pfhq.com,enterprise,300,7,2020-02-27 23:16:49.000,2021-02-27 08:00:00.000,true,54b1d179-b3cb-1772-bca7-6dc29606e61a,3.81.43.131,US,false,0,0, +us-3-159215930,2020-12-06 16:38:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Planned Parenthood Federation of America, Inc. - 3529436026963693985",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211119,2020-12-06 16:43:50.000,2,189,0.00,0,0,0,0,0,0,2,3,1,0,31,60,31,0,0,8,0,0,0,1,0,0,17,10501771264.00,652185600.00,0,Playtika - 8290399847818513008,2,27,0,0.00,0,20.04.177,,enterprise,1000000,29,2020-01-10 15:03:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158255950,2020-12-07 14:46:33.000,0,350,0.00,0,0,0,0,0,0,8,3,1,0,28,36,5,0,0,20,0,0,0,1,0,0,6,10501771264.00,840519680.00,0,Plex,0,50,0,0.00,0,20.09.366,,enterprise,1000000,50,2019-12-09 09:09:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212243,2020-12-06 16:10:24.000,0,182,0.00,0,0,0,0,0,0,2,1,1,0,28,26,141,0,0,269,0,0,0,0,0,0,0,2046640128.00,660008960.00,0,"Plexus Worldwide, Inc. - 3813583041231201506",0,26,0,0.00,0,20.09.366,,enterprise,1000000,26,2020-02-01 02:35:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284627,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PointClickCare - 6278482793438396623,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157590,2020-12-07 09:58:17.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,2,1,0,0,2046640128.00,573521920.00,0,PointClickCare - 8364552356339124344,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-08-18 14:21:27.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286610,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Polaris Industries Inc. - 5374418336331415961,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545770,2020-12-07 15:27:06.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,4,0,0,2046640128.00,539664384.00,0,Porsche AG - 7573097379458294306,1,0,0,0.00,1,20.09.366,,enterprise,1000000,1,2020-10-14 11:17:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544003,2020-12-07 15:27:19.000,0,659,0.00,0,0,1,0,2,0,10,6,8,5,29,37,9,0,0,54,1,0,0,29,30,0,0,2046640128.00,583639040.00,2,Portbase B.v. - 5426298017744367886,0,73,148,0.00,0,20.09.366,,enterprise,1000000,950,2020-07-31 11:02:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159177679,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Portfolio Recovery Associates, Inc. - 3649898715405679136",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286516,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Porto Seguro Seguro Saude S/A - 2971708339477077866,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545772,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Porto Seguro Seguro Saude S/A - 3878427964832403635,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545955,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Porto Seguro Seguro Saude S/A - 7070669541610869074,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238001,2020-12-06 16:38:04.000,0,392,0.00,0,0,0,0,0,0,1,1,1,0,28,136,195,0,0,1423,31,0,0,3,0,0,0,10501771264.00,995655680.00,0,Premera Blue Cross - 3591744552252773380,0,56,0,0.00,0,20.09.366,,enterprise,1000000,56,2020-04-20 23:16:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159214166,2020-12-07 15:32:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Premier, Inc. - 5231072851439661626",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209237,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Premier, Inc. - 8310468176015873",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545894,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Premium Credit Limited - 4510264063630007214,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283789,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Presidio, Inc. - 3971152945677489587",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286736,2020-12-07 15:01:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Price Waterhouse Coopers Services Private Limited - 7265600863580098875,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157624,2020-12-07 09:43:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PricewaterhouseCoopers LLP (Canada Reseller) - 3435284233548404222,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143537149,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PricewaterhouseCoopers LLP (PwC) (NY) - 3383756438509339629,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096785,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PricewaterhouseCoopers LLP (PwC) (NY) - 3449202019981215346,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180434,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PricewaterhouseCoopers LLP (PwC) (NY) - 3739398779989130214,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3048960,2020-12-07 15:33:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PricewaterhouseCoopers LLP (PwC) (NY) - 7934323795996912150,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053804,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,3,1,1,0,28,4,1,0,0,2,0,0,0,1,0,0,0,2046640128.00,535154688.00,0,PricewaterhouseCoopers Limited - 712820031183699217,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-14 08:10:19.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241103,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Princeton University - 5522348390662261809,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184149,2020-12-07 15:39:27.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,540041216.00,0,"Principal Financial Group, Inc. - 2861125783985669600",2,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2019-12-10 23:44:29.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215931,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Prisma Health - 4172368716668706852,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182321,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Prisma Health-Upstate - 4914321422010384840,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573360,2020-12-07 14:47:52.000,1,63,0.00,0,0,4,1,1,1,2,4,4,2,32,5,11,0,0,17,0,0,0,7,6,0,148,2046640128.00,592662528.00,1,PrismaCloud1,1,9,0,0.00,13,20.09.366,,enterprise,1000000,10,2019-11-21 16:59:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +pandemoapp2-1234,2020-12-07 14:37:50.000,1,42,0.00,0,0,1,0,0,0,2,1,1,1,30,8,8,0,0,15,0,0,0,4,2,0,0,2046640128.00,558714880.00,2,PrismaCloud2,1,6,0,0.00,6,20.09.366,,enterprise,1000000,7,2019-11-22 17:18:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143538055,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PrismaCloudEMEA1,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Priv8Pay, Inc.",2020-12-07 05:59:51.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Priv8Pay, Inc.",0,5,0,0.00,0,20.09.365,john.georgiadis@priv8pay.com,enterprise,200,5,2020-10-06 17:20:53.000,2021-09-25 07:00:00.000,true,dbc06c31-4049-d7ed-4111-99b53a893634,35.239.122.64,US,false,0,0, +us-2-158285621,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,630972416.00,0,Privacera - 1375573741588183992,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-20 22:34:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256947,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ProQuest,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573451,2020-12-07 14:47:52.000,0,448,0.00,0,0,0,0,0,0,1,1,1,0,28,277,782,0,0,886,21,0,0,1,0,0,0,2046640128.00,606097408.00,0,Proctor and Gamble,0,64,0,0.00,0,20.09.366,,enterprise,1000000,64,2019-12-10 13:48:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256909,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Progressive,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572466,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Prologis,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242931,2020-12-06 16:43:50.000,0,364,0.00,0,0,0,0,0,0,1,1,1,0,28,164,95,0,0,330,0,0,0,0,0,0,0,2046640128.00,795803648.00,0,Proquire (Accenture) - 2285526966842817397,0,52,0,0.00,0,20.09.366,,enterprise,1000000,52,2020-07-31 18:29:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286609,2020-12-07 15:01:31.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,63,20,0,0,3,0,0,0,1,0,0,0,2046640128.00,547840000.00,1,Proquire (Accenture) - 3199000928771223880,0,16,0,0.00,0,20.09.366,,enterprise,1000000,16,2020-11-10 19:25:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245814,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Proquire (Accenture) - 4095563901759470550,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241008,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Proquire (Accenture) - 7334927969930079384,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285622,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Proquire (Accenture) - 9185454923840787729,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286794,2020-12-07 14:44:07.000,0,77,0.00,0,0,0,0,0,0,1,1,1,0,28,13,22,0,0,0,0,0,0,0,0,0,0,2046640128.00,498233344.00,0,Proquire Llc - 6464233253874868476,0,11,0,0.00,0,20.09.366,,enterprise,1000000,11,2020-11-24 19:41:19.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545025,2020-12-07 15:47:32.000,0,0,0.00,0,0,0,0,0,0,2,2,1,0,28,32,2,0,0,23,12,0,0,0,0,0,0,2046640128.00,547340288.00,0,Prosodie - 2650512170225097530,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-29 08:29:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238897,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Protective Life Corporation - 8750621299042394364,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209113,2020-12-06 16:33:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Protective Life Insurance Company - 6008979677758764708,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286792,2020-12-07 14:51:47.000,0,126,0.00,0,0,0,0,0,0,1,1,1,0,28,15,18,0,0,2,0,0,0,0,0,0,0,2046640128.00,545468416.00,0,Providence Saint Joseph Health - 6843947474352502326,0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2020-11-24 18:17:55.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244886,2020-12-07 15:30:13.000,0,567,0.00,0,0,1,0,0,0,1,1,1,0,29,93,69,0,0,25,0,0,0,1,0,0,0,2046640128.00,588972032.00,0,Providence Saint Joseph Health - 8692515897991085725,0,81,0,0.00,0,20.09.366,,enterprise,1000000,81,2020-08-14 17:42:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052773,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Prudential Corporation Asia (UK) - 2209088544571048917,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103441,2020-12-07 15:44:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Prudential PLC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3002001,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Prudential plc - 5956959088622889284,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241035,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PsyInnovations Inc - 2829607586419143891,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159208301,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Public Utilities Board, Singapore - 3585559361242798654",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575379,2020-12-07 14:36:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Pulse Secure, LLC - 6570903768018753881",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177648,2020-12-06 15:52:50.000,0,84,0.00,0,0,0,0,0,0,2,1,1,0,28,19,15,0,0,34,0,0,0,0,0,0,0,2046640128.00,558956544.00,0,"Putnam Investments, LLC - 733702268052129677",0,12,0,0.00,0,20.09.366,,enterprise,1000000,12,2019-12-10 05:20:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286799,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PwC AC India - 3184679879913272254,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287476,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PwC AC India - 7172586768297680954,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283855,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,0,0,2,0,0,0,0,0,0,2,0,0,2046640128.00,546217984.00,0,PwC AC India - 7608233591165054138,0,0,0,0.00,0,20.09.351,,enterprise,1000000,2,2020-09-23 04:18:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545057,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,PwC IT Services Europe GmbH - 1814346358064746702,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240855,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,QTS - 7759792585701879426,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283725,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,QUIPUX. S.A.S. - 5962127824224328926,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545738,2020-12-07 15:41:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Qatar Rail - 3599108668771702333,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540099,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Quantexa Ltd - 7357054001079180228,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539072,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Quantexa Ltd - 7795553836980009762,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284843,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Quantiphi, Inc - 2732185522894639041",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286646,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,504856576.00,0,"Quantiphi, Inc - 7679483012603673536",0,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-11-16 06:11:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Qudosoft Gmbh & Co. Kg,2020-12-07 03:05:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Qudosoft Gmbh & Co. Kg,0,0,0,0.00,0,20.09.365,alexander.buchholtz@qudosoft.de,enterprise,1100,174,2020-04-30 16:06:12.000,2022-08-29 07:00:00.000,true,866c5e22-b206-2325-eb67-89555250b061,18.184.237.178,DE,false,0,0, +anz-3052776,2020-12-07 15:45:23.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Queensland University of Technology (QUT) - 5486115208272137170,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211030,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Quickbase, Inc. - 4360429425566322671",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261591,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Quicken Loans, Inc. - 4299710114016024509",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159208147,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,536387584.00,0,"Quicken Loans, Inc. - 4870293071025805646",0,0,0,0.00,0,19.11.512,,enterprise,1000000,0,2019-12-11 11:47:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241782,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Quiktrip Corporation - 6238048783643742439,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +R+V_Versicherung,2020-12-07 15:04:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,R+V_Versicherung,0,0,0,0.00,0,19.11.512,null@ruv.de,enterprise,80,0,2020-02-14 13:43:11.000,2021-02-17 13:43:11.000,true,00002922,91.235.236.101,DE,false,0,10, +us-1-111574226,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RBC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153290,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 1439696257449934046,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096942,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 3144728401721313253,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285778,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 4652828354696612766,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228583,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 4718978991129373434,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285836,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 4940742973979143890,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143776,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 6241305953280103684,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545982,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RD - 7604879204149934061,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143538205,2020-12-07 15:35:35.000,0,98,0.00,0,0,0,0,0,0,1,1,2,0,28,468,75,115,0,338,0,0,0,3,30,0,0,2046640128.00,639647744.00,0,REGISTERS OF SCOTLAND - 367372699042476977,0,14,0,0.00,1384,20.09.366,,enterprise,1000000,104,2019-12-11 08:29:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573335,2020-12-07 14:39:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RFA MSSP POC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284658,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"RGA Reinsurance Group of America, Incorporated - 8433369856908460835",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +RIGHTMOVE GROUP LTD,2020-12-07 13:20:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RIGHTMOVE GROUP LTD,0,0,0,0.00,0,20.04.169,tim.harding@rightmove.co.uk,enterprise,400,30,2020-08-21 12:27:10.000,2021-07-28 22:00:00.000,true,44f227e9-000f-35c7-8d1b-5ef5111fbd96,185.220.161.245,GB,false,0,0, +us-3-159245718,2020-12-06 15:45:50.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,3,0,0,0,2046640128.00,813797376.00,0,"Rackspace Us, Inc. - 2730609750339085762",0,3,0,0.00,0,20.09.351,,enterprise,1000000,3,2020-08-21 19:02:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284810,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rackspace Us, Inc. - 5072814890753764427",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179564,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Radiology Partners Holdings, Llc - 896121931832013330",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053648,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raffles Instituition - 2233001065834135113,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096847,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raffles Instituition - 8515268866551921512,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285770,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,2,4,0,0,0,0,0,0,0,0,0,0,2046640128.00,548110336.00,0,Rahi Systems Inc - 6634862588692510262,0,0,0,0.00,0,,,enterprise,1000000,0,2020-10-30 19:57:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Raiffeisen Bank,2020-12-06 17:51:34.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raiffeisen Bank,0,4,0,0.00,0,20.09.365,david.uehlinger@raiffeisen.ch,enterprise,600,4,2020-07-28 16:27:17.000,2023-07-27 07:00:00.000,true,402d7f63-f18d-4b3d-3ec5-ebf8dfa241ec,194.11.223.135,CH,false,0,0, +eu-2-143542023,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raiffeisen Bank - 4094837005984246341,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543941,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raiffeisen Bank - 5848300074018864467,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Rakuten Card Co., Ltd.",2020-12-07 04:13:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rakuten Card Co., Ltd.",0,0,0,0.00,0,20.04.169,ameen.arshal@rakuten.com,enterprise,100,9,2020-02-28 16:39:46.000,2021-02-27 08:00:00.000,true,e90104ea-3948-6709-4b3f-f2138b2f6310,210.252.23.123,JP,false,0,0, +anz-3049061,2020-12-06 15:56:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rakuten Securities, Inc. - 6422970049116979292",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216116,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rakuten Usa, Inc. - 5681937228735238845",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213947,2020-12-06 16:38:05.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,535928832.00,0,Rakuten.com - 447783690644928617,1,0,0,0.00,0,,,enterprise,1000000,1,2020-02-18 22:07:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +canada-550157591,2020-12-07 09:41:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raleys - 1166853071148198383,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240980,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Raleys - 2726459141566306697,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244693,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ralph Lauren Corporation - 5221498933703992784,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238184,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ramana Alladi,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Real Protect,2020-11-30 07:21:03.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Real Protect,0,1,0,0.00,0,20.09.345,baraujo@realprotect.net,evaluation,100,1,2020-10-02 14:33:31.000,2020-12-01 14:33:31.000,true,0,213.99.102.87,ES,false,0,0, +anz-3053831,2020-12-06 18:02:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RealCloud Sistemas Ltda - 2963725127351618033,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157615,2020-12-07 09:48:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RealCloud Sistemas Ltda - 3366076412681813067,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572494,2020-12-07 14:36:17.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,531980288.00,0,Rean Cloud,2,0,0,0.00,0,20.04.177,,enterprise,1000000,2,2019-12-10 07:44:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254807,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Recurly,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543014,2020-12-07 15:22:37.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,40,5,0,0,2068,1,0,0,0,0,0,0,2046640128.00,553406464.00,0,Red Bull GmbH - 6000377290616549652,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-06-22 07:07:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242739,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,529367040.00,0,Red Hat - 4814154665772827709,0,0,0,0.00,0,,,enterprise,1000000,0,2020-07-01 20:06:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215158,2020-12-06 15:55:31.000,0,0,0.00,0,0,0,0,0,0,2,2,1,0,29,0,0,0,0,967,0,0,0,0,0,0,59,2046640128.00,562188288.00,0,Red8 Llc - 8964102915122396528,0,0,0,0.00,0,19.11.512,,enterprise,1000000,0,2020-03-17 21:45:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573235,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532832256.00,0,RedLock Fred,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-10 05:39:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254063,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RedLock competitive lab,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-150314,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RedLock hackathon lab,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-101700,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,3,0,0,2046640128.00,536330240.00,0,RedLockQA,0,0,0,0.00,0,19.11.471,,enterprise,1000000,0,2019-11-14 04:58:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240076,2020-12-06 16:38:03.000,0,59,0.00,0,0,0,0,0,0,1,1,1,1,28,32,8,0,7,7,1,0,0,0,0,0,0,2046640128.00,558219264.00,0,Rede Internacional De Universidades Laureate Ltda. - 4988164266279316113,0,8,3,0.00,0,20.09.366,,enterprise,1000000,11,2020-05-22 22:38:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525407,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,3,0,0,2046640128.00,529383424.00,0,RedlockQA,0,0,0,0.00,0,19.11.512,,enterprise,1000000,0,2019-11-12 05:57:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052653,2020-12-07 15:33:43.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,52777418752.00,5187891200.00,0,Reece Plumbing Supplies - 4559072702669453859,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-04-23 02:50:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573512,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Refinitiv,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Refinitiv Limited,2020-12-07 12:13:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Refinitiv Limited,0,0,0,0.00,0,20.04.177,nick.luckcuck@refinitiv.com,enterprise,5000,0,2020-10-21 14:31:39.000,2021-10-20 07:00:00.000,true,34081514-60c2-118d-5e74-43fa0b412320,34.251.88.0,IE,false,0,0, +us-3-159245691,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Refinitiv Limited - 7477857242413411250,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286519,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Reged, Inc. - 8865587695882357460",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244849,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,1,1,1,1,0,28,4,7,0,0,0,0,0,0,9,11,0,0,2046640128.00,610242560.00,0,"Reinsurance Company of Missouri, Incorporated - 3318744703565182604",0,0,0,0.00,2,20.09.366,,enterprise,1000000,0,2020-08-11 13:49:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Relativity Inc,2020-12-07 07:27:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Relativity Inc,0,0,0,0.00,0,20.04.177,bob.chojnacki@relativity.com,enterprise,5000,390,2020-04-30 23:43:40.000,2023-04-29 07:00:00.000,true,84cebec4-368b-795c-99a2-0850be9fee63,40.71.235.187,US,false,0,0, +us-3-159238896,2020-12-06 16:48:20.000,5,385,0.00,0,0,0,0,0,0,3,1,1,0,32,90,2314,0,0,865,0,0,0,1,0,0,0,2046640128.00,610705408.00,0,"Reliaquest, Llc - 4792665146897384847",5,55,0,0.00,0,20.09.366,,enterprise,1000000,244,2020-04-29 19:07:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254901,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Rentpath,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214188,2020-12-06 16:38:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RepairPal,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257903,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,10501771264.00,1127108608.00,0,Repairpal Inc,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-09 19:18:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544001,2020-12-06 15:48:57.000,0,420,0.00,0,0,0,0,0,0,1,1,1,0,28,280,90,0,0,60,0,0,0,17,0,0,0,2046640128.00,611995648.00,0,Repsol Sa. - 8141002564423864536,0,60,0,0.00,0,20.09.366,,enterprise,1000000,61,2020-07-31 08:26:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Resideo,2020-12-07 13:16:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Resideo,0,0,0,0.00,0,20.04.177,radovan.chytracek@resideo.com,enterprise,1000,15,2020-10-25 07:00:17.000,2021-12-24 00:00:00.000,true,04a5f657-3865-5cde-705b-611972b56f2f,52.184.211.154,US,false,0,0, +eu-152198,2020-12-07 15:31:26.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,14,6,0,0,0,0,0,0,0,0,0,0,2046640128.00,542306304.00,0,Resmed Inc. - 3515971556843723428,0,5,0,0.00,0,20.04.177,,enterprise,1000000,5,2019-12-09 13:02:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240044,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RestorePoint (Reseller) - 5674138087853302382,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209295,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RestorePoint (Reseller) - 6269725562471377095,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283695,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rexnord Industries, LLC - 376386193531083604",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283668,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rexnord Industries, LLC - 4153955111939264886",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255763,2020-12-07 14:37:49.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,112,29,0,0,5,0,0,0,1,1,0,0,2046640128.00,617345024.00,0,Riachuelo,0,10,0,0.00,0,20.09.366,,enterprise,1000000,22,2019-12-08 16:17:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159186079,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Richard Fleischman & Associates Inc. - 4246188679996361381,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543936,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Richemont,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245662,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ricoh Americas Corporation - 7063129714492349258,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543877,2020-12-07 15:22:37.000,15,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,535302144.00,0,Ride-On - 4598504626806563386,15,0,0,0.00,0,20.09.366,,enterprise,1000000,15,2020-07-16 12:56:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237137,2020-12-06 16:10:24.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,2,4,0,0,69,0,0,0,0,0,0,0,2046640128.00,533131264.00,0,"Rightline Equipment, Inc. - 3958709267869530512",0,1,0,0.00,0,19.11.512,,enterprise,1000000,1,2020-04-09 23:52:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544932,2020-12-07 15:27:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Riksrevisjonen - 5987318796009964077,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050856,2020-12-07 15:45:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Riley - 5018828838221831096,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +RingCentral,2020-12-07 12:34:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RingCentral,0,0,0,0.00,0,19.11.512,hoan.le@ringcentral.com,enterprise,160,3,2020-06-24 21:10:42.000,2021-06-21 21:10:42.000,true,00000780,185.23.251.69,CH,false,0,20, +us-2-158258744,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,RingCentral,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574415,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ripcord,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Riyad Bank,2020-12-07 09:21:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Riyad Bank,0,0,0,0.00,0,19.07.363,nisha@starlinkme.net,enterprise,400,12,2020-07-15 17:44:48.000,2021-08-14 07:00:00.000,true,2892d590-9d68-4a82-7663-5e835d746291,212.12.188.215,SA,false,0,0, +us-1-111525370,2020-12-07 14:37:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Robert Half,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185079,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Robustwealth, Inc. - 7357309247704362303",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258650,2020-12-07 14:26:16.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,69,0,0,0,0,0,0,0,0,0,0,2046640128.00,539631616.00,0,Rocket Lawyer,2,0,0,0.00,0,20.04.177,,enterprise,1000000,2,2019-12-09 19:14:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242003,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Rocket Lawyer Duplicate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238151,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rockwell Automation, Incorporated - 295653630491011618",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Roku Inc.,2020-12-07 09:41:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Roku Inc.,0,0,0,0.00,0,20.04.163,cunderwood@roku.com,enterprise,100,2,2020-11-15 08:00:28.000,2021-11-14 00:00:00.000,true,fd14730b-3130-f30c-4c5a-013c659172f9,35.168.13.112,US,false,0,0, +Rolex,2020-12-07 09:34:39.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Rolex,0,3,0,0.00,0,20.09.365,mickael.mortier@rolex.com,evaluation,100,3,2020-11-17 16:20:47.000,2021-01-01 16:20:47.000,true,Mickael Mortier,193.8.18.2,CH,false,0,0, +eu-153349,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Rolex SA - 8914144537437630354,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544903,2020-12-06 15:52:54.000,0,42,0.00,0,0,0,0,0,0,2,1,1,0,28,10,7,0,0,2,0,0,0,1,0,0,0,2046640128.00,536600576.00,0,Rolls-Royce Group Plc - 3402675498777092114,0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-09-11 14:20:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545959,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Rothesay Life Plc - 8526063453552128412,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053863,2020-12-06 17:42:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Roughscale Ltd - 2601926406146479935,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545859,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Roughscale Ltd - 918543318785281901,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284596,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"RoundTower Technologies, Inc. - 8152557129999141699",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256914,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Royal Bank of Canada,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207190,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Royal Bank of Canada (RBC) - 5097632239550802080,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Royal Bank of Scotland,2020-12-07 10:13:38.000,0,147,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Royal Bank of Scotland,0,21,0,0.00,0,20.09.345,joe.pepper@rbs.co.uk,enterprise,600,21,2020-03-27 17:33:10.000,2021-03-26 07:00:00.000,true,c106803a-d01a-7822-88c3-91505e8fcc53,155.136.158.42,GB,false,0,0, +canada-550157651,2020-12-07 09:48:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Royal Canadian Mounted Police - 3923964229763356288,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157650,2020-12-07 09:50:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Royal Canadian Mounted Police - 7189823854039935763,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285803,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rs Holdco, Inc. - 656074777712643909",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228426,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rubrik, Inc. - 8253071881541941232",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158259890,2020-12-07 14:44:07.000,0,28,0.00,0,0,1,1,0,0,1,1,1,0,28,22,125,0,0,6,0,0,0,0,0,0,0,2046640128.00,548343808.00,0,Rubrik_PoV,0,4,0,0.00,0,19.11.512,,enterprise,1000000,6,2019-12-09 20:39:21.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Runbeck Election Services, Inc.",2020-12-06 23:18:35.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Runbeck Election Services, Inc.",0,3,0,0.00,0,20.09.345,null@runbeck.net,enterprise,48,3,2020-05-14 17:13:31.000,2021-03-24 17:13:31.000,true,3fa03f59-43ea-8d1f-7dca-5725c73ebbe4,52.137.80.107,US,false,0,6, +us-2-158262621,2020-12-07 15:00:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Rush University Medical Center - 5435789657590459728,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212209,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Rutgers, The State University of New Jersey - 6533825838523410539",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286513,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ryder System, Inc. - 6387148434997954185",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050765,2020-12-06 15:49:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ryohin Keikaku - 2141730984212156754,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3049090,2020-12-06 15:55:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Ryohin Keikaku Co.,Ltd. - 4468325613173190720",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +S&P - Ratings 4,2020-12-03 20:37:15.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,S&P - Ratings 4,0,3,0,0.00,0,20.09.345,mithun.rajoor@spglobal.com,evaluation,400,4,2020-11-13 15:05:59.000,2020-12-05 15:05:59.000,true,0,54.208.150.52,US,false,0,0, +S&P - Ratings 5,2020-12-06 20:37:38.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,S&P - Ratings 5,0,3,0,0.00,0,20.09.345,mithun.rajoor@spglobal.com,evaluation,400,4,2020-12-04 16:43:01.000,2021-01-31 16:43:01.000,true,0,54.208.150.52,US,false,0,0, +S&P Global,2020-12-07 15:04:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,S&P Global,0,0,0,0.00,0,20.04.177,mark.wang@spglobal.com,enterprise,600,45,2020-10-09 23:15:36.000,2021-10-08 07:00:00.000,true,9b7df2e8-6b00-2068-1000-db13aaeb95fd,52.54.69.0,US,false,0,0, +us-3-159208365,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SA Power Networks - 339427737989954290,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143538201,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"SABA APARCAMIENTOS, SA - 8144070404863204199",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-4-161024467,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SAP,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573456,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SAP,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181522,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SAP SE - 43531224052296543,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-4-161024468,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SAP Test,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053833,2020-12-06 17:55:58.000,0,28,0.00,0,0,0,0,0,1,1,1,1,1,28,8,1,0,0,27,0,0,0,2,1,0,0,2046640128.00,531046400.00,0,SB C&S Corp. - 8706473923874537274,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-09-25 14:28:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158259612,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SCAN Health Plan,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575156,2020-12-07 14:28:02.000,0,21,0.00,0,0,2,0,0,0,1,1,1,1,28,3,3,0,0,1,0,0,0,0,0,0,0,2046640128.00,536616960.00,0,SCSK,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-10 05:23:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054578,2020-12-06 18:02:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SCSK HOKKAIDO CORPORATION - 3359101370139070954,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287567,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SEA Servicios Especializados en Asistencia S. R.L - 355024805322905128,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544000,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"SEAT, S.A. - 2489987111758653395",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541027,2020-12-07 15:39:25.000,6,455,0.00,0,0,0,0,0,0,3,1,1,0,28,68,46,0,0,65,43,0,0,0,0,0,0,2046640128.00,642940928.00,0,"SEAT, S.A. - 2986285272548853452",6,65,0,0.00,0,20.09.366,,enterprise,1000000,71,2020-03-20 16:06:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111573457,2020-12-07 14:47:53.000,2,42,0.00,0,0,4,4,1,0,7,4,1,4,34,57,29,0,81,17,1,0,0,2,2,0,0,2046640128.00,560640000.00,0,SESandBox,2,6,0,0.00,1,20.09.366,,enterprise,1000000,12,2019-11-12 05:57:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574194,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SETraining,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103340,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SIAM COMMERCIAL BANK,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545983,2020-12-06 15:52:55.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,12,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,547164160.00,0,SICK AG - 6092408141489452719,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-11-09 12:15:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +SICPA SA,2020-12-07 15:17:27.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SICPA SA,0,3,0,0.00,0,20.09.365,patrick.horrigan@sicpa.com,enterprise,100,3,2020-06-10 13:56:25.000,2023-06-09 07:00:00.000,true,584f0d05-d147-2571-7b57-a9f41da3d046,52.154.67.97,US,false,0,0, +us-3-159241072,2020-12-06 16:48:20.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,2,13,0,0,424,0,0,0,0,0,0,0,2046640128.00,554012672.00,0,SIE - Kamaji,0,16,0,0.00,0,20.04.177,,enterprise,1000000,18,2020-06-10 14:48:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241071,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SIE - Navigator,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241097,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SIE - Platform - Other,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241074,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SIE - Roadster,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241070,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SIE - SecEng,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159208271,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SIIGO SA - 4379988403268891549,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096871,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SINGAPORE UNIVERSITY OF TECHNOLOGY AND DESIGN - 4456315220517746128,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096843,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"SK infosec Co., Ltd. - 2416186142807432346",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256855,2020-12-07 14:28:01.000,1,0,0.00,0,0,0,0,0,0,1,1,1,1,28,0,0,0,0,0,0,0,0,2,0,0,0,2046640128.00,538370048.00,0,SKF,1,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-03-04 20:28:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159213946,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SKF USA Inc. - 3222363055543942198,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096779,2020-12-07 15:02:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SKT - 1605606055130071204,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143782,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SKT - 2376425470364413235,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143812,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SKT - 8474673482610801552,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053675,2020-12-06 17:20:58.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,534384640.00,0,SKT - 8965018342806107705,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-07-30 10:57:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050945,2020-12-06 15:55:20.000,9,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,9,0,0,0,34,0,0,0,0,0,0,2046640128.00,545488896.00,0,SM Investments - 3279043627649521141,9,0,0,0.00,0,,,enterprise,1000000,9,2020-01-31 18:37:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +SOCOM J6X,2020-12-07 02:06:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SOCOM J6X,0,0,0,0.00,0,20.04.177,George.Gastelum@spathesystems.com,enterprise,360,13,2020-04-07 15:10:58.000,2021-04-11 15:10:58.000,true,f3febe3c-85c4-8f57-5899-ed041814ca90,100.25.150.174,US,false,0,45, +us-3-159178389,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SOLOMON MANAGEMENT LLC - 3116310946155019992,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052685,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SONY CORPORATION - 6146645989042913169,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051721,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SONY CORPORATION - 8778295659887769734,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052933,2020-12-06 16:00:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SONY GLOBAL SOLUTIONS INC. - 5156570441338427609,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053803,2020-12-06 17:55:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"SONY LIFE INSURANCE CO.,LTD. - 8568272147339452936",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543974,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SOPRA STERIA GROUPE - 1873009889596380237,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +SPAWAR RDT&E,2020-12-07 13:27:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SPAWAR RDT&E,0,0,0,0.00,0,20.04.177,null@navy.mil,enterprise,240,0,2020-06-26 15:10:28.000,2021-07-11 15:10:28.000,true,79aa94e8-aece-0d75-e71f-734be79e699a,54.88.137.150,US,false,0,30, +SSullivan_Sandbox,2020-12-06 19:19:00.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SSullivan_Sandbox,0,2,0,0.00,0,20.09.343,ssullivan@paloaltonetworks.com,evaluation,100,2,2020-09-15 19:01:55.000,2021-09-15 19:01:55.000,true,0,34.68.127.79,US,true,0,0, +eu-2-143543847,2020-12-07 15:31:26.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,2,0,0,0,30,0,0,0,3,1,0,0,2046640128.00,849747968.00,1,ST. JAMES'S PLACE UK PLC - 2698453021104474311,0,1,0,0.00,1,20.09.366,,enterprise,1000000,7,2020-07-14 11:51:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545059,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,STET - 5243088651883165112,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542116,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,STMicroelectronics - 4350432049633712651,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541896,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,STMicroelectronics - 8959139380740722062,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543074,2020-12-06 15:52:54.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,551145472.00,0,SVA System Vertrieb Alexander GmbH - 7431327263872835317,0,2,0,0.00,0,20.04.177,,enterprise,1000000,2,2020-07-01 12:02:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159181360,2020-12-07 15:39:27.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,537513984.00,0,SWA - 7035185737037689525,0,2,0,0.00,0,19.11.480,,enterprise,1000000,2,2019-12-10 15:20:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287542,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SaberAstroPAYG - 6183121099747701509,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182384,2020-12-06 16:04:33.000,0,119,0.00,0,0,0,0,0,0,1,1,1,0,29,566,94,0,0,32012,0,0,0,0,0,0,0,10501771264.00,787607552.00,0,Sabre Holdings Corporation - 3032324799567882627,0,17,0,0.00,0,20.09.366,,enterprise,1000000,22,2019-12-10 19:15:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545927,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Safaricom Limited - 1164839671184042849,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544032,2020-12-07 15:35:50.000,0,42,0.00,0,0,0,0,0,0,1,1,1,0,28,37,26,0,0,4,0,0,0,0,0,0,0,2046640128.00,557051904.00,0,Safaricom Limited - 5270976825891947725,0,6,0,0.00,0,20.09.366,,enterprise,1000000,6,2020-08-04 12:46:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143542170,2020-12-06 15:48:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sage Global Services Limited - 1654932856997695679,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542169,2020-12-07 15:20:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sage Global Services Limited - 519763866249767039,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209357,2020-12-07 15:39:28.000,0,224,0.00,0,0,0,0,0,0,4,2,1,0,28,41,46,0,0,285,0,0,0,1,0,0,0,10501771264.00,1132179456.00,0,"Sage Software, Inc. - 5882812088492355197",0,32,0,0.00,0,20.09.366,,enterprise,1000000,34,2019-12-16 18:07:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159177487,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Sailpoint Technologies, Inc. - 236328846127373109",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286671,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,487084032.00,0,"Sailpoint Technologies, Inc. - 4733668034933453374",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-16 18:33:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243027,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Saint Louis University - 7212601359757861458,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Salesforce.Com, Inc.",2020-12-07 00:16:28.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Salesforce.Com, Inc.",0,1,0,0.00,0,20.09.345,lohit.mehta@salesforce.com,evaluation,300,1,2020-11-11 00:24:37.000,2020-12-15 08:00:00.000,true,50c939fb-6a1c-7347-90c9-b3c7a88017b8,54.245.155.93,US,false,0,0, +us-3-159238059,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Salesforce.Com, Inc. - 2426552583838383647",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228485,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Salesforce.Com, Inc. - 6803707554972299851",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Sallie Mae Corporation HQ,2020-12-07 03:40:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sallie Mae Corporation HQ,0,0,0,0.00,0,19.07.363,ron.ogle@salliemae.com,enterprise,100,1,2020-03-10 20:22:19.000,2021-03-19 07:00:00.000,true,bf12a1b3-026f-5e95-ec97-ebc9aa7e462c,34.226.129.28,US,false,0,0, +us-3-159214040,2020-12-06 16:03:50.000,2,224,0.00,0,0,0,0,0,0,1,2,1,0,31,167,36,0,0,248,0,0,0,1,0,0,6153,52777418752.00,3161628672.00,0,Samsung Electronics Canada - 1017110770584625075,2,32,0,0.00,0,20.09.366,,enterprise,1000000,34,2020-02-21 18:48:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143806,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Samsung SDS - 2970568765639890529,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096933,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Samsung SDS - 3723253706040437162,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574195,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Samsung SRA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243829,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,San Francisco International Airport - 6324042633054751255,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238898,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,San Mateo County Community College District Financing Corporation - 3435548980077434386,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545829,2020-12-07 15:03:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sanofi S.A - 4161297967978585655,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287569,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sanofi S.A - 833278848763491517,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050758,2020-12-06 15:49:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Santen Pharmaceutical Co., Ltd. - 1209597686019968439",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051936,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Santen Pharmaceutical Co., Ltd. - 2442101171449965227",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Sas Institute Inc.,2020-12-07 02:19:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sas Institute Inc.,0,0,0,0.00,0,20.04.163,shaun.lamb@sas.com,enterprise,600,20,2020-02-21 21:16:13.000,2021-02-27 08:00:00.000,true,f25fec7b-3adc-bfd7-a295-8d401b2f39ae,149.173.8.37,US,false,0,0, +us-3-159242863,2020-12-06 16:33:35.000,0,966,0.00,0,0,0,0,0,0,1,1,1,0,28,536,93,0,0,8553,0,0,0,0,0,0,0,2046640128.00,879566848.00,0,Sas Institute Inc. - 1687831983888608685,0,138,0,0.00,0,20.09.366,,enterprise,1000000,138,2020-07-08 19:31:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158287481,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sas Institute Inc. - 2019383071741877457,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545858,2020-12-06 15:52:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Satisnet - 2364297398569255563,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284844,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Saudi Binladin Group (SBG) - 3573878829904806650,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Schlumberger Technology Corporation,2020-12-07 14:53:27.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Schlumberger Technology Corporation,0,2,0,0.00,0,20.09.345,jlbevierre@slb.com,enterprise,100,2,2020-07-29 21:48:00.000,2021-07-28 07:00:00.000,true,4efd1ba8-79d0-e5e6-6966-fba186725a5b,35.205.100.48,BE,false,0,0, +eu-2-143545920,2020-12-07 15:27:19.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,4,6,0,0,0,0,0,0,4,5,0,0,2046640128.00,569741312.00,0,Schneider Electric SA - 4772888167946717604,0,8,0,0.00,0,20.09.366,,enterprise,1000000,10,2020-10-28 19:47:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153345,2020-12-07 15:27:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Schneider Electric SA - 5005087289918613743,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545830,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Schneider Electric SA - 5167686199788798490,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540002,2020-12-07 15:03:50.000,0,21,0.00,0,0,0,0,0,0,1,1,1,1,28,6,3,0,0,29,4,0,0,5,1,0,0,10501771264.00,622432256.00,0,Schroders - 5173375794424884905,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-01-23 10:46:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543945,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,11,0,0,0,0,0,0,1,0,0,0,2046640128.00,530411520.00,0,Schwarz IT KG - 3190707151009672225,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-07-29 08:12:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153312,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Schwarz IT KG - 4068488910942404164,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573427,2020-12-07 14:40:00.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,6,134,0,0,4,0,0,0,0,0,0,0,2046640128.00,569368576.00,0,Scotts,0,10,0,0.00,0,19.11.512,,enterprise,1000000,105,2019-12-10 13:47:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284598,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Scripps NP Operating, LLC - 5525993541963990228",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254987,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Seagate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284875,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Secfluid.com - 4013467821605983447,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544841,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Secure Cloud Finland Oy - 5323961530403712398,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284879,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Secure Working - 9041113050779624136,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540186,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SecureLink Belgium NV - 1655301275580989084,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539135,2020-12-06 15:47:05.000,0,7,0.00,0,0,1,0,0,0,1,1,1,0,28,4,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,537116672.00,0,SecureLink Germany GmbH - 7277035372989595155,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-17 10:02:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283822,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SecureSoft Corporation S.A.C. - 7433513721644427774,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Securekey Technologies,2020-12-07 07:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Securekey Technologies,0,0,0,0.00,0,20.04.169,frank.felhoffer@securekey.com,enterprise,200,8,2020-09-29 22:57:23.000,2021-10-03 07:00:00.000,true,187c8869-0535-436f-3114-b54df44afa13,67.210.209.184,US,false,0,0, +us-3-159183436,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Securian Financial Group, Inc. - 5161171016949324961",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182447,2020-12-06 15:52:50.000,1,42,0.00,0,0,0,0,0,0,2,1,1,0,32,17,15,0,0,2,0,0,0,0,0,0,0,2046640128.00,653168640.00,0,"Securian Financial Group, Inc. - 6413979914674736241",1,6,0,0.00,0,20.09.366,,enterprise,1000000,10,2019-12-10 19:43:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543013,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Security,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260722,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Select Staffing - 7528182379272945486,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284692,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Self - 1426042174320716954,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283909,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Self - 2088506959832566925,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285586,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Self - 5798404164492305946,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284592,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Self - 5941945264646178012,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Sema, 4",2020-12-06 19:16:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Sema, 4",0,0,0,0.00,0,19.07.363,michael.distefano@sema4.com,enterprise,80,15,2020-02-26 17:22:46.000,2021-02-24 17:22:46.000,true,a3bf86a4-934d-5533-a9d0-5c547c28e7c0,3.229.34.210,US,false,0,10, +us-3-159244794,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Seminole Gaming-Enterprise Development Authority - 2740798795005695993,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157555,2020-12-07 09:43:17.000,53,0,0.00,0,0,0,2,0,0,1,2,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,544362496.00,0,Sensibill Inc. - 4861626013656757432,53,0,0,0.00,0,20.09.366,,enterprise,1000000,54,2020-06-24 21:26:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159240888,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sensibill Inc. - 6286606361354999974,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159186043,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sequoia Consulting Group - 5442494085490490331,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182415,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sequoia Consulting Group - 6265724809033025462,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050860,2020-12-07 15:45:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Servian Pty Ltd - 7849802508173964079,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211126,2020-12-06 16:06:18.000,1,14,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,3,0,0,0,2046640128.00,541171712.00,0,Service Master,1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-01-11 22:00:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158256013,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ServiceNow,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184372,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ServiceNow - 3179023538534073146,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240075,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ServiceNow, Inc (Corp IT) - 1383881184525048551",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215833,2020-12-06 16:06:18.000,0,126,0.00,0,0,0,0,0,0,2,1,1,0,28,84,36,0,0,0,0,0,0,0,0,0,0,2046640128.00,538955776.00,0,"ServiceNow, Inc (Corp IT) - 446540885060582925",0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2020-03-17 22:37:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159213111,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"ServiceNow, Inc. - 4164744984464550401",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540131,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ServiceNow-RegMkt-FR,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215992,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ServiceNow-RegMkt-IFSDev-US,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050977,2020-12-06 15:55:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ServiceNow-RegMkt-IRAP-AUS,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284842,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Servicenow - 2887950522567416915,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237941,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Servicenow, Inc. - 3715463047005324897",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054633,2020-12-06 17:42:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Seven & I Holdings Co., Ltd. - 1462845385422090624",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545834,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sfeir - 4390267567382931586,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211058,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Shanghai Digitalchina Co., Ltd. - 6448736333642381898",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284871,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shearman & Sterling LLP - 9154676945336077883,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241844,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Shipcom Wireless, Inc. - 6891105869201218232",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256047,2020-12-07 15:00:29.000,0,4452,0.00,0,0,0,0,0,0,1,1,1,0,28,211,34,0,0,1373,1,0,0,1,0,0,0,10501771264.00,875520000.00,0,Shipt,0,636,0,0.00,0,20.09.366,,enterprise,1000000,641,2019-12-09 07:04:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Shiran Alvoer,2020-12-07 10:39:27.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,1,0,0.00,0,20.12.518,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,3.239.51.175,US,true,0,0,Q25UbmIzK2k5V0ZO +Shiran Alvoer,2020-12-07 12:35:29.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,1,0,0.00,0,20.11.512,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,35.170.62.157,US,true,0,0,SVhnbmIrdDJ1RTli +Shiran Alvoer,2020-12-07 12:02:03.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,1,0,0.00,0,20.12.518,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,18.209.230.135,US,true,0,0,ZXNxTVZyNkx5UkND +Shiran Alvoer,2020-12-07 12:35:23.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,1,0,0.00,0,20.11.512,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,3.234.224.180,US,true,0,0,SEdaRmF5YWhvNDla +Shiran Alvoer,2020-12-07 13:42:49.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,1,0,0.00,0,20.11.500,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,3.236.137.113,US,true,0,0, +Shiran Alvoer,2020-12-02 10:16:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,0,0,0.00,0,20.12.518,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,18.209.237.43,US,true,0,0,dXhLUENoOGpSdEZt +Shiran Alvoer,2020-12-01 11:43:28.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Shiran Alvoer,0,1,0,0.00,0,20.12.515,salvoer@paloaltonetworks.com,enterprise,1000,1,2020-05-03 11:14:04.000,2023-04-18 11:14:04.000,true,Shiran Alvoer,104.198.77.5,US,true,0,0,Q1VxY1M4Qnhkemk2 +us-2-158285837,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Siemplify - 3541196983678904633,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158253999,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Signal Sciences,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184403,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Signal Sciences Corp. - 3228277229024765693,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151331,2020-12-07 15:44:30.000,1,0,0.00,0,0,1,1,1,2,2,3,2,0,30,0,0,0,0,0,0,0,0,3,8,0,0,2046640128.00,544161792.00,0,Siltech,1,0,0,0.00,3,20.09.366,,enterprise,1000000,1,2019-12-07 14:07:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286614,2020-12-07 14:31:31.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,3,2,0,0,0,0,0,0,1,1,0,0,2046640128.00,531025920.00,0,Siltech - 7575871394543392040,0,4,0,0.00,1,20.09.366,,enterprise,1000000,4,2020-11-12 09:54:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052901,2020-12-06 15:51:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Singapore Institute of Technology - 4413669475275337254,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096872,2020-12-07 14:54:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Singapore Institute of Technology - 6887985594465306426,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143775,2020-12-07 14:54:36.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,2,4,0,0,0,0,0,0,0,0,0,0,2046640128.00,541278208.00,0,Singapore Press Holdings Limited - 5815052449595411904,0,8,0,0.00,0,20.09.366,,enterprise,1000000,8,2020-11-05 23:20:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +SingaporePower,2020-12-07 08:11:38.000,0,91,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SingaporePower,0,13,0,0.00,0,20.09.345,sreenivasuluryc@spgroup.com,evaluation,100,27,2020-12-02 14:10:18.000,2021-01-01 14:10:18.000,true,0MI4u000000CdJDGA0,52.148.112.134,SG,false,0,0, +us-2-158284657,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sirius Computer Solutions - 7534167837928244307,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255980,2020-12-07 14:31:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Skechers USA,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284653,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Skillsoft Corporation - 3559146539326876416,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215030,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,11,0,0,0,2046640128.00,537919488.00,0,Skillsoft Corporation - 708550525916138887,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-03-09 21:08:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-103285,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207189,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky - 251659298748273631,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238988,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky Brasil Servicos Ltda. - 6927614851194986697,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575249,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Sky Co.,Ltd.",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Sky Group UK,2020-12-07 14:37:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky Group UK,0,0,0,0.00,0,19.11.512,null@sky.co.uk,enterprise,80000,9,2020-07-15 13:15:14.000,2021-07-31 13:15:14.000,true,00000858,90.216.134.195,GB,false,0,10000, +eu-2-143544029,2020-12-07 15:03:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky Group plc - 1353868492180834189,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143539196,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky Group plc - 6866979228330159973,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053644,2020-12-06 17:55:58.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,3,10,0,0,1,0,0,0,0,0,0,0,2046640128.00,636379136.00,0,Sky Network Television - 3625958269979711950,0,0,0,0.00,0,,,enterprise,1000000,0,2020-07-23 01:01:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054573,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sky Network Television - 5454846725437581569,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Slack,2020-12-07 07:34:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Slack,0,0,0,0.00,0,20.09.365,null@slack.com,enterprise,4800,585,2020-07-30 19:14:15.000,2021-01-28 19:14:15.000,true,00019659,35.175.110.157,US,false,0,0, +us-2-158284687,2020-12-07 14:51:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Slalom, LLC - 2333682032154171195",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283723,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Slalom, LLC - 4472953895274347307",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284624,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Slalom, LLC - 5598212420713946601",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284654,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Slalom, LLC - 6646602741307973481",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283914,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Slalom, LLC - 756984325680098548",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +SmithRX,2020-12-07 04:06:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SmithRX,0,0,0,0.00,0,20.04.177,david.moran@smithrx.com,enterprise,80,44,2020-06-04 15:24:05.000,2021-06-04 15:24:05.000,true,00000781,34.216.98.212,US,false,0,10, +eu-2-143543042,2020-12-07 15:20:50.000,1,0,0.00,0,0,1,1,0,0,1,1,1,0,28,0,0,0,0,988,0,0,0,0,0,0,0,2046640128.00,541954048.00,0,SmyleBeyond,1,0,0,0.00,0,20.04.177,,enterprise,1000000,1,2020-06-24 11:54:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159239989,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Snapdocs, Inc. - 1940586135916584712",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216023,2020-12-07 15:30:12.000,3,1078,0.00,0,0,0,0,0,0,2,1,1,0,28,470,1046,0,0,169,0,0,0,13,0,0,790,10501771264.00,1534754816.00,0,"Snapdocs, Inc. - 7295533379168281918",3,154,0,0.00,0,20.09.366,,enterprise,1000000,168,2020-03-26 20:12:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Societe Generale,2020-12-07 14:23:44.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Societe Generale,0,5,0,0.00,0,20.09.345,caroline.ducrocq@socgen.com,enterprise,1050,5,2020-10-08 07:47:37.000,2021-08-04 07:47:37.000,true,5db203c1-1534-2694-d356-e587ca7f0a3f,207.45.252.134,FR,false,0,150, +us-2-158285679,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sodexo Pass Do Brasil Servicos E Comercio S/A - 3305648353950659566,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053765,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,2,1,1,0,28,0,0,0,0,3,0,0,0,1,0,0,0,2046640128.00,528375808.00,0,SoftBank Corp (RESELLER) - 3381864913619020818,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-21 10:45:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-152416,2020-12-06 15:48:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SoftServe,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051784,2020-12-06 15:49:29.000,0,49,0.00,0,0,0,0,0,0,21,2,1,0,30,3,0,0,0,10,0,0,0,10,0,0,0,2046640128.00,640417792.00,0,Softbank Corp. - 74120907072703599,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-02-27 10:36:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053643,2020-12-06 17:42:46.000,0,63,0.00,0,0,0,0,0,0,12,3,1,0,28,17,11,0,0,1,0,0,0,1,0,0,0,2046640128.00,563441664.00,0,Softbank Corp. - 822667060805179872,0,9,0,0.00,0,20.09.366,,enterprise,1000000,9,2020-07-22 13:36:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143539968,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Softserve, Inc. - 396124233777399819",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153343,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Softserve, Inc. - 7223778082474886294",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286575,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Softweb Asesores S.A.S. (B-Secure) - 4450132467733442756,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151243,2020-12-07 15:03:50.000,0,14,0.00,0,0,0,0,1,2,3,2,2,2,28,0,0,0,0,1,0,0,0,0,9,0,0,2046640128.00,545878016.00,0,Solal testing,0,2,0,0.00,8,20.09.366,,enterprise,1000000,2,2019-12-09 16:53:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Solvinity,2020-12-07 06:03:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Solvinity,0,0,0,0.00,0,20.04.177,marten.renes@solvinity.com,enterprise,200,12,2020-06-22 09:56:13.000,2021-06-23 22:00:00.000,true,faed9aa7-a4df-9eb0-9615-5457125686ca,62.112.243.195,NL,false,0,0, +Somos Inc.,2020-12-07 01:11:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Somos Inc.,0,0,0,0.00,0,20.04.177,gmckay@somos.com,enterprise,100,38,2020-04-17 23:47:04.000,2021-04-16 07:00:00.000,true,2b8f3f10-00f8-c5dc-43de-acac1c1ffb03,54.209.231.214,US,false,0,0, +us-3-159244884,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sompo Risk Maganement Inc.(Partner) - 3902266514612750652,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285615,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sompo Systems Inc. - 6545183768840988747,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287540,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sonder Usa Inc. - 7597655087981862091,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Sony,2020-12-07 00:59:52.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sony,0,1,0,0.00,0,20.09.345,null@sony.com,enterprise,2000,1,2020-08-10 22:20:21.000,2023-03-18 22:20:21.000,true,0,54.190.90.103,US,false,0,0, +us-1-111573481,2020-12-07 14:47:52.000,0,14,0.00,0,0,0,0,1,1,1,1,1,1,28,1,2,0,0,0,0,0,0,2,9,0,574,10501771264.00,569516032.00,0,Sony,0,2,0,0.00,0,20.09.366,,enterprise,1000000,2,2019-12-07 20:47:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159185330,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sony Corporation of America (New York) - 449040093640320486,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254092,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sony DADC NMS,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054579,2020-12-06 17:39:08.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,4,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,473124864.00,0,Sony India Software Center Pvt Ltd - 6760967498306965327,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-16 20:10:42.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096880,2020-12-07 14:56:16.000,0,0,0.00,0,0,2,0,0,0,2,1,1,0,28,3,2,0,0,9659,0,0,0,1,0,0,0,2046640128.00,543813632.00,0,Sony India Software Centre Private Limited - 5442185884947339614,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-09-25 09:24:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054602,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sony India Software Centre Private Limited - 8779897504884766794,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255917,2020-12-07 14:46:43.000,0,0,0.00,0,0,0,0,0,0,2,4,2,1,28,0,2,0,0,1,0,0,0,3,0,0,100000,2046640128.00,571588608.00,0,Sony Interactive Entertainment,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-11 03:20:44.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215868,2020-12-06 16:04:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sony Interactive Entertainment America Llc - 7373695479630262577,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181268,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,551030784.00,0,Sony Music Entertainment Inc. (NYC) - 5563269315349672934,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-10 13:42:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215154,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Sony Pictures Entertainment, Inc. - 6282144473948081958",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283848,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Sony Pictures Entertainment,Inc. - 6327452435081694608",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111574385,2020-12-07 14:31:31.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,531042304.00,0,Sony_Music,0,1,0,0.00,0,,,enterprise,1000000,1,2019-12-09 05:52:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143774,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sourced Group - 2498509297728200432,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096973,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sourced Group Pty Limited - 4965169596188989903,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240018,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,1,2,1,0,29,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,536997888.00,0,South Carolina Department of Health and Human Services - 4359041205609605433,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-05-20 13:27:05.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158260818,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Southern Company IT Services - 3745674292681075413,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285708,2020-12-07 14:44:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Southwest Airlines Co. - 1736627347765005610,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185367,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Southwest Airlines Co. - 3565782331674500706,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Sp Digital Pte. Ltd.,2020-12-02 11:17:04.000,0,112,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sp Digital Pte. Ltd.,0,16,0,0.00,0,20.09.345,sreenivasuluryc@spgroup.com.sg,evaluation,100,16,2020-11-04 01:08:06.000,2020-12-03 08:00:00.000,true,63e50621-e6b4-29ec-2ee5-e90751dde1f8,52.148.112.134,SG,false,0,0, +us-2-158285806,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Spark Technology Solutions - 3936727804182597556,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-151332,2020-12-07 15:47:33.000,0,301,0.00,0,0,0,0,0,0,1,1,1,0,28,117,33,0,0,277,3,0,0,2,0,0,0,2046640128.00,619294720.00,0,SparkWare,0,43,0,0.00,0,20.09.366,,enterprise,1000000,43,2019-12-09 18:12:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143537122,2020-12-07 15:44:29.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,35,14,0,0,0,0,0,0,0,1,0,0,10501771264.00,1016172544.00,0,Spaxs Spa - 5672431767093610307,0,10,0,0.00,0,20.09.366,,enterprise,1000000,10,2019-12-10 23:58:01.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111575224,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Speedway,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240078,2020-12-07 15:28:36.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,4,5,0,0,0,0,0,0,1,0,0,0,2046640128.00,546672640.00,0,Spiral Financial - 2223863505461042918,0,5,0,0.00,0,20.04.169,,enterprise,1000000,5,2020-05-24 07:07:32.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Spireon, Inc.",2020-12-06 18:48:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Spireon, Inc.",0,0,0,0.00,0,19.11.512,grizo@spireon.com,enterprise,520,150,2020-07-15 14:08:23.000,2021-07-08 14:08:23.000,true,d14829de-c9a9-e271-934e-4aee77d63003,34.192.11.35,US,false,0,65, +us-3-159185362,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Spirit Aerosystems Holdings, Inc. - 5818849787700946735",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228458,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Spirit Aerosystems Holdings, Inc. - 7580237090959104665",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543850,2020-12-07 15:03:50.000,0,182,0.00,0,0,0,0,0,0,2,1,1,0,28,185,71,0,0,2,0,0,0,0,0,0,0,2046640128.00,683749376.00,1,Splyt Technologies Ltd - 8579589673079268316,0,26,0,0.00,0,20.09.366,,enterprise,1000000,26,2020-07-15 18:01:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143538202,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sport Lisboa E Benfica - 4712876001759432930,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543851,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,SpotIT BVBA - 6260808365190920055,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215925,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Spycloud, Inc. - 4714481096668609688",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Sse Plc,2020-12-07 00:18:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Sse Plc,0,0,0,0.00,0,20.04.169,sanjayarjun.patil@sse.com,enterprise,300,12,2020-10-29 12:25:20.000,2021-10-20 07:00:00.000,true,4fb7e9b9-3273-b873-fea8-51f6a58a36d9,51.143.143.249,GB,false,0,0, +St. Louis FRB,2020-12-06 20:36:41.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,St. Louis FRB,0,1,0,0.00,0,20.09.365,tracy.l.koch@stls.frb.org,enterprise,100,1,2020-07-01 00:46:23.000,2021-06-14 07:00:00.000,true,3cda5ca3-18ce-ccf5-8074-1f5905157250,199.169.200.6,US,false,0,0, +gov-3228549,2020-12-06 16:38:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,St. Louis FRB - 3217551038809428620,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541030,2020-12-07 15:47:33.000,0,70,0.00,0,0,0,0,0,0,1,1,1,0,28,122,9,0,0,42,0,0,0,3,0,0,0,2046640128.00,783249408.00,0,Standard Bank Group Limited - 2022280360031541238,0,10,0,0.00,0,20.09.366,,enterprise,1000000,10,2020-03-23 16:45:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545024,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Standav Corp - 2319558649236031526,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284690,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Standav Corp - 608796139930236401,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545022,2020-12-06 15:47:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Standav Corp - 7282956035187046654,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545023,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Standav Corp - 951081285116220697,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284813,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Stanley Black & Decker, Inc. - 7269714068458535338",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542945,2020-12-07 15:22:37.000,0,259,0.00,0,0,0,0,0,0,1,1,1,0,29,72,33,0,0,57,0,0,0,1,0,0,0,2046640128.00,832569344.00,0,Star Lizard Consulting Limited - 3968642747779190656,0,37,0,0.00,0,20.09.366,,enterprise,1000000,37,2020-06-05 13:55:55.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544842,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Star Lizard Consulting Limited - 8578180016369628708,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575378,2020-12-07 14:39:19.000,0,84,0.00,0,0,0,0,0,0,1,1,1,0,28,57,13,0,0,0,8,0,0,0,0,0,0,2046640128.00,542904320.00,0,Starbucks,0,12,0,0.00,0,20.04.163,,enterprise,1000000,12,2019-12-10 04:29:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Starbucks China,2020-12-07 04:03:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Starbucks China,0,0,0,0.00,0,19.11.506,mac.tang@starbucks.cn,enterprise,800,15,2020-06-30 13:34:12.000,2021-06-28 22:00:00.000,true,89438686-d566-35f7-2dba-effacc51b8b4,120.136.132.0,CN,false,0,0, +Starbucks Corporation,2020-12-07 09:06:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Starbucks Corporation,0,0,0,0.00,0,19.11.512,jonrodri@starbucks.com,enterprise,1600,44,2020-04-01 01:27:53.000,2021-04-16 01:27:53.000,true,TL000048,13.64.112.100,US,false,0,200, +us-2-158254961,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Starz,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180496,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,State Farm Mutual Automobile Insurance Company - 7194738250610945176,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +State of California - ENS Demo w/ RedHat,2020-12-05 19:19:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,State of California - ENS Demo w/ RedHat,0,0,0,0.00,0,20.09.365,tselden@redhat.com,evaluation,100,2,2020-12-02 21:54:06.000,2021-01-01 21:54:06.000,true,0,54.91.254.184,US,false,0,0, +gov-3181489,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,State of North Dakota - 1084264084714739342,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179376,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,State of North Dakota - 5817761531503361667,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212082,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,State of Utah - 5518140671833380404,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285807,2020-12-07 14:33:59.000,0,21,0.00,0,0,1,0,0,0,3,1,1,0,28,17,3,0,0,0,6,0,0,1,0,0,0,2046640128.00,567181312.00,0,State of Wisconsin Department of Corrections - 330515045244087864,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-03 17:50:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Stater,2020-12-07 10:43:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Stater,0,0,0,0.00,0,20.04.169,lukas.van.eeden@stater.nl,enterprise,200,12,2020-04-30 13:51:07.000,2021-04-29 07:00:00.000,true,1ac626a4-3b39-1e43-e5cc-91ce6716ecca,185.177.101.4,NL,false,0,0, +canada-550157620,2020-12-07 09:43:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Statistics Canada - 6145557857321917928,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Statistics Canada 1,2020-12-07 01:49:20.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Statistics Canada 1,0,4,0,0.00,0,20.09.365,william.hearn@canada.ca,evaluation,100,4,2020-12-03 21:05:38.000,2021-01-02 21:05:38.000,true,0,52.228.106.185,CA,false,0,0, +eu-2-143545960,2020-12-07 15:47:33.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,11,2,0,0,0,0,0,0,1,0,0,0,2046640128.00,550285312.00,0,Stena Metall AB - 6382679969129927972,0,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-05 18:30:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243950,2020-12-06 15:52:50.000,7,2457,0.00,0,0,1,0,0,0,5,3,1,0,28,107,10,0,0,3,0,0,0,3,0,0,0,10501771264.00,865689600.00,0,"Stitch Fix, Inc. - 7392499412731662210",7,351,0,0.00,0,20.09.366,,enterprise,1000000,363,2020-07-31 02:03:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283918,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Streamline LLC - 5931624126222375844,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283635,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,37,0,0,0,2046640128.00,546299904.00,0,Student - 273188416549903875,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-09-08 17:15:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283636,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Student - 3681215367491987735,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284876,2020-12-07 14:47:53.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,5,1,0,0,1,0,0,0,40,0,0,0,2046640128.00,547069952.00,0,Student - 504084831573620529,0,1,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-10-14 14:59:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053771,2020-12-06 17:20:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Sumitomo Rubber Industries, Ltd. - 4926301375342965552",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245777,2020-12-06 16:48:20.000,0,154,0.00,0,0,0,0,0,0,1,1,1,0,28,29,94,0,0,0,1,0,0,0,0,0,0,2046640128.00,550682624.00,0,"Sunbelt Rentals, Inc. - 8120948384889642785",0,22,0,0.00,0,,,enterprise,1000000,22,2020-08-26 19:53:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159208306,2020-12-07 15:46:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Suncoast Credit Union - 864426830349211132,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184152,2020-12-07 15:30:13.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,535121920.00,0,Suncoast Credit Union - 8675423113889425543,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 18:57:37.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286730,2020-12-07 14:33:59.000,1,7,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,524267520.00,0,Suntec Business Solutions Private Limited - 6746518150624736986,1,1,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-11-18 15:51:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545891,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,525586432.00,0,Suomen Terveystalo Oy - 7923411486579516698,0,0,0,0.00,0,,,enterprise,1000000,0,2020-10-27 09:45:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159209299,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Superior Teaching Society Estacio De Sa Ltda. - 8944280552680082308,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285800,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Symetra Financial Corporation - 5981999468692756776,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3048811,2020-12-06 15:58:40.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,3,232,0,0,563,0,0,0,5,1,0,0,2046640128.00,738074624.00,0,Sympli - 3496543803060076639,0,1,0,0.00,5,20.09.366,,enterprise,1000000,1,2019-12-09 16:30:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257006,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synchronoss,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255979,2020-12-07 14:34:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synchrony Financial,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572307,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Syneos Health,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159216110,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Syngenta Biotechnology, Inc. - 3721877917397251147",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240137,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Syngenta Biotechnology, Inc. - 9217680955627248216",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Synopsys,2020-12-07 02:13:56.000,37,399,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys,37,57,0,0.00,0,20.09.365,kruan@synopsys.com,enterprise,2900,823,2020-02-28 20:51:09.000,2021-02-27 08:00:00.000,true,676d8522-6e38-bbad-97ad-daaeb79f6480,35.245.115.214,US,false,0,0, +us-1-111574380,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283849,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys - 1681019924050261528,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238994,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys - 5307125603433893663,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211125,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys - 6446111787067616536,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244758,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys - 8940099955068315205,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243771,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Synopsys Duplicate,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3001846,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,T&D INFORMATION SYSTEM LTD. - 2367219895297049514,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285834,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,T&D INFORMATION SYSTEM LTD. - 5039793511526738437,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541921,2020-12-07 15:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,T-Systems International GmbH - 6277874304705120977,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544867,2020-12-07 15:27:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TCS E-SERVE INTERNATIONAL LIMITED - 2673748019460378167,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257937,2020-12-07 15:01:31.000,1,14,0.00,0,0,0,0,0,0,1,1,1,0,28,6,3,0,0,2,0,0,0,2,2,0,918,2046640128.00,539729920.00,0,TD Ameritrade,1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 20:50:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +TEB_Eval_Verify2,2020-12-07 14:41:46.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TEB_Eval_Verify2,0,5,0,0.00,0,20.09.365,serdar.oluc@teb.com.tr,evaluation,100,6,2020-11-12 13:51:43.000,2020-12-12 13:51:43.000,true,TEB_Eval_Verify2,213.148.65.37,TR,false,0,0, +us-2-158261597,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,2,0,0,3,6,1,0,39,0,2,0,0,130,0,0,0,5,8,0,100000,2046640128.00,562241536.00,0,TELEFONICA - 1172351618598251165,0,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-09 12:57:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243703,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,THE E W SCRIPPS COMPANY - 2143228280888404667,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +THE PHOENIX INSURANCE COMPANY LTD,2020-12-06 21:28:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,THE PHOENIX INSURANCE COMPANY LTD,0,0,0,0.00,0,20.04.177,yuvaln@fnx.co.il,enterprise,200,20,2020-10-22 14:50:07.000,2021-09-26 07:00:00.000,true,d3418247-5e90-5ca8-909d-8f810bf73bef,192.118.36.53,IL,false,0,0, +us-2-158284718,2020-12-07 14:26:17.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,4,2,0,0,0,0,0,0,1,1,0,0,2046640128.00,542654464.00,0,THE RATNAKAR BANK LIMITED - 3360895574236859953,0,8,0,0.00,0,20.09.351,,enterprise,1000000,9,2020-10-05 11:40:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158254871,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TIAA - 2156307125631531552,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243770,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TIAA - 4921365181799265317,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159210225,2020-12-06 15:55:32.000,0,56,0.00,0,0,0,0,0,0,2,1,1,0,28,15,34,0,0,4,0,0,0,0,0,0,0,2046640128.00,544997376.00,0,TISCO FINANCIAL GROUP PUBLIC COMPANY LIMITED - 1335247087609452096,0,8,0,0.00,0,20.04.177,,enterprise,1000000,8,2019-12-26 15:01:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111575195,2020-12-07 15:00:28.000,0,147,0.00,0,0,0,0,0,0,1,1,1,0,28,34,4,0,0,206,0,0,0,0,0,0,0,2046640128.00,567496704.00,0,TJX,0,21,0,0.00,0,20.09.366,,enterprise,1000000,21,2019-11-23 17:03:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159239862,2020-12-07 15:30:11.000,5,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,6,0,0,0,0,0,0,0,1,0,0,2046640128.00,536453120.00,0,TMX Group Inc. - 963051519042896518,5,0,0,0.00,0,20.04.177,,enterprise,1000000,5,2020-05-12 13:09:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053619,2020-12-07 15:45:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TOYOTA Connected Corporation - 553453177458631799,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207222,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TRI-AD - 8201577143419615561,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +TURKIYE CUMHURIYETI MERKEZ BANKASI A S,2020-11-30 10:37:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TURKIYE CUMHURIYETI MERKEZ BANKASI A S,0,0,0,0.00,0,20.09.345,bgu-netsec@tcmb.gov.tr,enterprise,100,9,2020-06-26 12:10:19.000,2023-08-24 22:00:00.000,true,242a3772-1a8b-6acc-3e90-efd6f5477c1e,185.98.252.240,TR,false,0,0, +us-2-158260694,2020-12-07 14:36:19.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,7,0,0,0,0,0,0,0,2046640128.00,537034752.00,0,TVG Network/Betfair (Colorado) - 729232394063214064,2,0,0,0.00,0,20.09.366,,enterprise,1000000,2,2019-12-09 09:29:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545765,2020-12-06 15:46:10.000,0,7,0.00,0,0,1,0,0,0,2,2,1,0,28,0,1,0,0,11,0,0,0,2,0,0,0,2046640128.00,543625216.00,0,TVN S A - 8810693294084206879,0,1,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-10-09 14:53:25.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Tableau Software, Inc.",2020-12-07 01:00:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Tableau Software, Inc.",0,0,0,0.00,0,20.04.177,bcheezum@tableau.com,enterprise,100,3,2020-06-12 23:38:11.000,2021-07-24 07:00:00.000,true,cc45f9c5-4f33-fcc4-78c9-9595e4d48507,192.195.4.34,US,false,0,0, +anz-3053740,2020-12-06 17:39:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Taiwan Mobile Co., Ltd. - 7608661231031791014",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961143779,2020-12-07 14:54:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Taiwan Semiconductor Manufacturing Company Limited - 6380233472256057608,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211065,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Take Two Interactive Software, Inc. - 5704479895667282490",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573329,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Take-Two Interactive Software, Inc",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258831,2020-12-07 14:46:33.000,0,21,0.00,0,0,0,0,1,0,1,1,1,0,28,26,2,0,0,0,0,0,0,3,2,0,0,2046640128.00,551030784.00,0,Takeda Prod,0,3,0,0.00,0,20.04.177,,enterprise,1000000,3,2019-12-10 23:01:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284595,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,3,0,0,0,2046640128.00,566833152.00,0,Tanium Inc. - 7932020870451510871,0,0,0,0.00,0,20.09.351,,enterprise,1000000,1,2020-09-28 19:17:14.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Target Corporation,2020-12-07 13:57:12.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Target Corporation,0,1,0,0.00,0,20.04.169,null@target.com,enterprise,1200,1,2020-07-29 14:55:32.000,2021-07-21 14:55:32.000,true,6dbbc2df-d574-067d-d046-b130280ec44e ,161.225.96.52,US,false,0,150, +us-3-159208239,2020-12-07 15:29:29.000,0,133,0.00,0,0,0,0,0,0,4,6,1,0,28,30,147,0,0,20,0,0,0,0,3,0,0,2046640128.00,557473792.00,0,Tarjeta Naranja S.a. - 7115763461654124218,0,19,0,0.00,0,20.09.351,,enterprise,1000000,19,2019-12-11 12:25:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Tasktop Technologies Incorporated,2020-12-07 13:50:21.000,0,63,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tasktop Technologies Incorporated,0,9,0,0.00,0,20.09.365,amiran.alavidze@tasktop.com,enterprise,200,9,2020-09-11 16:48:47.000,2021-09-18 07:00:00.000,true,2a713a4a-9989-1747-bbd7-81bc0990d03b,54.69.241.189,US,false,0,0, +anz-3051907,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tata Consultancy Services Limited - 1526009642386171469,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050764,2020-12-06 15:55:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tata Consultancy Services Limited - 3025388833675079704,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284781,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tata Consultancy Services Limited - 3228880227094778466,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3050732,2020-12-06 15:58:40.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,27,4,0,0,19,1,0,0,0,0,0,0,2046640128.00,541265920.00,0,Tata Consultancy Services Limited - 6934047322899182995,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2019-12-31 22:33:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544993,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tata Consulting Services (UK) - 2941634709302431535,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286706,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tata Steel Limited - 6242171526214519768,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052780,2020-12-06 15:55:36.000,0,21,0.00,0,0,1,0,0,1,2,1,1,0,28,3,2,0,0,11,0,0,0,1,3,0,0,2046640128.00,559726592.00,0,Techmatrix Corporation - 6686858208059673370,0,3,0,0.00,9,20.09.351,,enterprise,1000000,3,2020-06-02 14:32:20.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961096846,2020-12-07 14:59:47.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,545828864.00,0,Techmatrix Corporation - 722350156423439454,0,0,0,0.00,0,,,enterprise,1000000,0,2020-09-09 03:07:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238096,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Technosprout Systems Pvt Ltd. - 8708448704860770568,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254032,2020-12-07 14:51:47.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,19,9,0,0,0,0,0,0,1,0,0,0,2046640128.00,540827648.00,0,Teck Resources,0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-03-04 19:09:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-153191,2020-12-07 15:27:19.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,13,3,0,0,1,0,0,0,1,0,0,0,2046640128.00,546275328.00,0,"Telefonica Digital, Inc. - 7744962222660772475",0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2019-12-10 12:01:00.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242031,2020-12-07 15:30:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telefonica Mexico (Reseller) - 6041293546729555815,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544096,2020-12-06 15:52:54.000,4,0,0.00,0,0,0,0,0,0,1,1,1,0,29,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,533475328.00,0,Telefonica Soluciones - 5589634444104297958,4,0,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-08-18 12:41:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544901,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Telefonica, S.A. - 4294539381948191827",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544097,2020-12-07 15:31:26.000,1,0,0.00,0,0,4,0,0,0,2,2,1,0,28,4,2,0,0,3,0,0,0,2,3,0,4,2046640128.00,536457216.00,0,"Telefonica, S.A. - 8442415511031988296",1,0,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-08-18 14:05:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545060,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telenor Real Estate AS - 4768839775052609852,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Telenor_EVal2,2020-12-07 08:42:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telenor_EVal2,0,0,0,0.00,0,20.04.177,dreshytnik@paloaltonetworks.com,evaluation,300,9,2020-11-04 15:13:20.000,2021-02-02 15:13:20.000,true,0,193.156.89.150,NO,false,0,0, +us-3-159211995,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Teleperformance global Services Ltd - 3775012963022777739,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159211124,2020-12-07 15:30:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telesign Corporation - 2050007272100465879,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178510,2020-12-06 16:03:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telos,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3000233,2020-12-07 15:45:23.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,6,17,0,0,0,0,0,0,0,0,0,0,2046640128.00,545902592.00,0,Telstra Corporation Limited (Sell-To) - 2058448339116511501,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2019-12-09 10:52:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3053767,2020-12-06 18:02:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telstra Corporation Limited (Sell-To) - 987920597394586617,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157652,2020-12-07 09:50:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telus Corporation - 5547023743153211340,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159208302,2020-12-07 15:32:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telus Corporation - 8006533265331836508,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Telus_AWS,2020-12-06 20:49:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telus_AWS,0,0,0,0.00,0,20.04.163,kevin.ho@telus.com,enterprise,126,10,2020-10-27 21:53:29.000,2022-04-19 21:53:29.000,true,59dae833-6117-bb74-2022-762982754110,35.183.202.39,CA,false,0,18, +Telus_OCP_Nonprod,2020-12-06 17:40:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Telus_OCP_Nonprod,0,0,0,0.00,0,19.07.358,Vijay.Premnath@telus.com,enterprise,84,12,2020-10-27 22:20:14.000,2021-12-31 22:20:14.000,true,TL000041,209.29.147.30,CA,false,0,12, +Temasek Capital Management Pte. Ltd.,2020-12-07 13:57:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Temasek Capital Management Pte. Ltd.,0,0,0,0.00,0,19.07.358,marklim@temasek.com.sg,enterprise,100,5,2020-02-27 14:25:11.000,2021-02-14 08:00:00.000,true,f9de875a-fd3f-6b87-ae5f-5204b7047342,3.1.122.158,SG,false,0,0, +anz-3052713,2020-12-06 15:54:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Temasek Capital Management Pte. Ltd. - 3502123435626193472,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157646,2020-12-07 09:43:17.000,0,0,0.00,0,0,1,0,1,0,1,1,1,0,28,60,3,0,0,11,0,0,0,0,0,0,0,2046640128.00,555814912.00,0,Teranet Inc - 6655071263203230297,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-10-19 16:40:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143543135,2020-12-07 15:35:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tesco Plc - 4270439945206987855,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545061,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Test - 6708193063914352372,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286644,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Test Account Hierarchy 2 - 3374863710027080033,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544064,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Test Networks - 5692479065160344171,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053797,2020-12-06 17:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,TestPCC - 7398040082985656920,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183255,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Texas Children's Hospital - 2576419863825126491,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544869,2020-12-07 15:35:50.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,10,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,552640512.00,0,Thales - 8519028993445130880,0,2,0,0.00,0,,,enterprise,1000000,2,2020-09-03 16:05:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Thales Canada, Inc.",2020-12-06 17:49:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Thales Canada, Inc.",0,0,0,0.00,0,20.04.163,patrick.gleason@thalesgroup.com,enterprise,1200,80,2020-10-30 17:53:12.000,2021-10-16 07:00:00.000,true,b4c36cc7-d493-94ae-f47f-1d12257b49d6,35.203.63.230,US,false,0,0, +us-2-158286795,2020-12-07 14:44:07.000,0,126,0.00,0,0,0,0,0,0,1,1,1,0,28,143,9,0,0,0,0,0,0,0,0,0,0,2046640128.00,595247104.00,0,Thales India Private Limited - 8621219537610070104,0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2020-11-25 00:32:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212119,2020-12-06 16:03:49.000,0,23,0.00,0,0,0,0,0,1,1,1,2,2,28,0,0,9,0,0,0,0,0,1,2,0,0,2046640128.00,589590528.00,0,The Cadillac Fairview Corporation Limited - 3989766523732439169,0,1,16,0.00,5,20.09.366,,enterprise,1000000,34,2020-01-29 16:34:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +The Canada Life Assurance Company,2020-12-06 16:40:47.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Canada Life Assurance Company,0,1,0,0.00,0,20.09.365,scott.haines@canadalife.com,enterprise,120,1,2020-05-11 19:49:55.000,2021-05-21 19:49:55.000,true,e571ef01-fb79-4b33-daee-e340fdd3a2d1,52.228.113.100,CA,false,0,15, +The Canada Life Assurance Company,2020-11-30 22:22:48.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Canada Life Assurance Company,0,1,0,0.00,0,20.09.365,scott.haines@canadalife.com,enterprise,15,1,2020-05-22 19:19:51.000,2021-05-12 07:00:00.000,true,22fb9dc2-63fc-3941-96db-dca80e504a7f,52.228.113.100,CA,false,15,0, +us-3-159243980,2020-12-06 16:06:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Charles Schwab Corporation - 2933360004777700878,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283754,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Charles Schwab Corporation - 6946118244525692805,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245755,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Chicago School - 7174733095756259716,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238959,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Coca-Cola Company - 1995394074589355727,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542882,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Coca-Cola Company - 3502406712294838250,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241843,2020-12-06 16:43:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"The Finish Line, Inc. -",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158259799,2020-12-07 14:47:53.000,0,399,0.00,0,0,0,0,0,0,3,1,1,0,28,17,56,0,0,0,0,0,0,0,0,0,0,2046640128.00,633094144.00,0,"The Finish Line, Inc. - 323013226045264910",0,57,0,0.00,0,20.09.366,,enterprise,1000000,57,2019-12-09 06:12:52.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285804,2020-12-07 14:51:46.000,0,21,0.00,0,0,0,0,0,0,1,1,1,0,28,6,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,538640384.00,0,The Gap Inc - 7995780113066523226,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-11-03 00:32:12.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158286704,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Gap Inc - 962989679554027291,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243024,2020-12-07 15:28:35.000,1,15,0.00,0,0,0,0,0,1,10,9,3,1,33,3,4,0,0,0,0,0,0,2,1,0,11434,2046640128.00,553025536.00,0,"The Goldman Sachs Group, Inc. - 8469770516976583040",1,2,1,0.00,0,20.09.366,,enterprise,1000000,190,2020-07-20 16:16:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285561,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Hershey Company - 761340155795789069,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158260730,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"The Home Depot, Inc. - 2594262382251219803",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285741,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The New York Times - 3545550703954597261,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238067,2020-12-07 15:28:36.000,0,35,0.00,0,0,0,0,0,0,2,1,1,0,28,802,11,0,0,62,0,0,0,0,0,0,0,10501771264.00,1509818368.00,0,The Nielsen Company - 3634007513809289053,0,5,0,0.00,0,20.09.366,,enterprise,1000000,9,2020-04-23 13:58:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242057,2020-12-07 15:30:12.000,0,4067,0.00,0,0,0,0,0,0,1,1,1,0,28,1027,1449,0,0,3648,0,0,0,0,212,0,0,10501771264.00,1820270592.00,0,The Northwestern Mutual Life Insurance Company Inc - 1973551256534618237,0,581,0,0.00,5,20.09.366,,enterprise,1000000,896,2020-06-30 20:57:11.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158262493,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"The Orchard Enterprises, Inc. - 1587295372150442946",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182234,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"The Orchard Enterprises, Inc. - 8396246367597161778",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159180401,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Pokemon Company International,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +The Progressive Corporation ,2020-12-07 15:14:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Progressive Corporation ,0,0,0,0.00,0,19.11.512,anthony_v_costanzo@progressive.com,enterprise,880,11,2020-07-17 18:53:21.000,2021-07-23 18:53:21.000,true,149f0b59-10cb-f2be-f5e8-9fd7798fe989,170.218.219.22,US,false,0,110, +us-2-158284660,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Progressive Corporation - 1474968467948316532,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +The Sage Group Plc.,2020-12-07 13:29:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Sage Group Plc.,0,0,0,0.00,0,20.04.177,mark.taylor@sage.com,enterprise,100,4,2020-09-25 16:12:02.000,2021-09-26 07:00:00.000,true,6b594c08-ae73-e73a-7222-1594b3f79ee5,34.246.137.140,IE,false,0,0, +us-3-159183348,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Scotts Miracle-Gro Company - 3959730084019800665,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053679,2020-12-06 17:42:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Star Entertainment Group Limited - 4394944775979899348,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +The Travelers Indemnity Company,2020-12-07 13:59:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Travelers Indemnity Company,0,0,0,0.00,0,20.04.169,avdemich@travelers.com,enterprise,800,21,2020-07-27 22:49:34.000,2021-07-21 07:00:00.000,true,b91ba139-4b4a-245b-b739-80b672ff15f0,18.214.161.58,US,false,0,0, +us-3-159238120,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Travelers Indemnity Company - 6437912866742062428,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284684,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The University of Connecticut Cooperative Corporation - 7328533812652335350,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053645,2020-12-06 17:55:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The University of Queensland - 3647717322460982735,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159209172,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Walt Disney Company - 5404965758754761582,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545951,2020-12-07 15:44:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,The Workshop - 7215065570850591339,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ThinkReservations,2020-12-07 14:37:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ThinkReservations,0,0,0,0.00,0,19.07.353,alfred.aday@thinkreservations.com,enterprise,100,17,2020-07-14 22:50:24.000,2021-07-29 07:00:00.000,true,85f43f9e-ab0b-8776-c82e-34b12c7add8e,35.165.191.27,US,false,0,0, +us-3-159213974,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Thomson Reuters Corporation - 1515383995272940305,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207399,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Thomson Reuters Corporation - 5037638574452964316,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159207400,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Thomson Reuters Corporation - 8413778650976932099,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287478,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Thousand Eyes, Inc. - 4639208620192010103",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Tibco_For_MercedesAMGF1_Eval,2020-12-07 14:21:50.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tibco_For_MercedesAMGF1_Eval,0,2,0,0.00,0,20.09.365,rlongdon@mercedesamgf1.com,evaluation,100,2,2020-11-23 08:54:42.000,2020-12-08 08:54:42.000,true,Tibco_For_MercedesAMGF1_Eval,80.231.231.133,GB,false,0,0, +Times Internet Limited,2020-12-07 06:18:59.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Times Internet Limited,0,1,0,0.00,0,20.09.365,tusnin.das@timesinternet.in,enterprise,100,1,2020-10-09 19:47:21.000,2021-10-08 07:00:00.000,true,09c18f87-1ffe-0a12-19c3-88d5120dd923,103.18.141.30,IN,false,0,0, +"Toast, Inc.",2020-12-07 03:39:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Toast, Inc.",0,0,0,0.00,0,20.04.182,kc.laxton@toasttab.com,enterprise,400,190,2020-04-15 15:47:08.000,2021-04-14 07:00:00.000,true,c7444a50-5772-7018-7e40-f18a5eb894cc,52.4.163.102,US,false,0,0, +Tomer Spivak,2020-12-07 11:18:24.000,1,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tomer Spivak,1,2,0,0.00,0,20.12.520,tspivak@paloaltonetworks.com,enterprise,900,3,2020-02-27 08:26:35.000,2021-10-19 08:26:35.000,true,0,35.223.69.252,US,true,100,100,QkdidW9qdWJGQ3dw +Tomer Spivak,2020-12-07 15:19:35.000,1,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tomer Spivak,1,3,0,0.00,0,20.09.345,tspivak@paloaltonetworks.com,enterprise,900,4,2020-02-27 08:26:35.000,2021-10-19 08:26:35.000,true,0,34.71.166.156,US,true,100,100, +Tomer Spivak,2020-12-02 08:46:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tomer Spivak,0,0,0,0.00,0,20.12.520,tspivak@paloaltonetworks.com,enterprise,900,3,2020-02-27 08:26:35.000,2021-10-19 08:26:35.000,true,0,35.223.69.252,US,true,100,100,WmJob3lqN2Zkd2dq +eu-2-143538049,2020-12-07 15:47:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Total S.A - 264439209023575370,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573422,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Towne Bank,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Toyota,2020-12-07 13:39:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Toyota,0,0,0,0.00,0,19.07.363,null@toyota.com,enterprise,240,3,2020-07-14 00:11:57.000,2021-07-16 00:11:57.000,true,00000853,35.172.173.113,US,false,0,30, +us-2-158262706,2020-12-07 14:26:16.000,0,0,0.11,0,0,0,0,0,1,1,1,1,0,28,0,0,0,0,0,0,0,0,1,1,0,0,2046640128.00,539840512.00,0,Toyota Canada Inc - 1851278999724046236,0,0,0,33142.00,0,20.04.163,,enterprise,1000000,0,2020-05-01 10:24:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238963,2020-12-06 16:48:21.000,0,2023,0.00,0,0,0,0,0,0,1,1,1,0,28,359,407,0,0,31,1,0,0,1,0,0,0,10501771264.00,1583636480.00,0,"Toyota Connected North America, Inc. - 1133955073358936261",0,289,0,0.00,0,20.09.366,,enterprise,1000000,308,2020-05-01 00:02:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212173,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Toyota Motor Credit Corporation - 2403662348880719659,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159177516,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,3,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,532758528.00,0,Toyota Motor Credit Corporation - 4374816315490707060,0,0,0,0.00,0,19.11.512,,enterprise,1000000,0,2019-12-09 20:47:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242805,2020-12-06 16:04:33.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,9,7,0,0,89,0,0,0,0,0,0,0,2046640128.00,555036672.00,0,Toyota Motor North America - 2330695460304193808,0,8,0,0.00,0,,,enterprise,1000000,8,2020-07-07 14:32:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285771,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Toyota Motor North America - 8306205813101920532,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051821,2020-12-07 15:45:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Toyota Research Institute Advanced Development - 5032555996775355025,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544998,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Trace One Sa - 1947285430637994597,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543940,2020-12-07 15:35:49.000,2,21,0.00,0,0,0,0,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538824704.00,0,Trace One Sa - 5715469816306134378,2,3,0,0.00,0,20.04.177,,enterprise,1000000,5,2020-07-28 15:31:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285618,2020-12-07 15:01:31.000,0,245,0.00,0,0,0,0,0,0,1,1,1,0,28,37,0,0,0,41,0,0,0,0,0,0,0,2046640128.00,556818432.00,0,Tractor Supply Company - 8179919126528913900,0,35,0,0.00,0,20.09.366,,enterprise,1000000,35,2020-10-20 13:28:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159178632,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tradestation Technologies Inc - 6479201592217002732,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159210282,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tradeweb - 893822251158188748,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215962,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tradeweb Markets LLC - 178245137163127393,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283637,2020-12-07 14:33:59.000,0,35,0.00,0,0,1,0,0,0,5,1,1,0,28,9,4,0,0,4,0,0,0,2,0,0,0,2046640128.00,581574656.00,0,Trading Point Holdings Limited - 1483824053472056732,0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-09-08 21:16:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544866,2020-12-07 15:41:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Trafford IT Sp. z.o.o. Sp. K. - 5784484301969888274,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143566879,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Trafford IT Sp. z.o.o. Sp. K. - 6582703462038172660,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575343,2020-12-07 14:46:32.000,0,0,0.00,0,0,1,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,1,0,0,2046640128.00,528203776.00,0,Training and Education,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2019-11-12 05:57:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3052930,2020-12-06 15:55:20.000,0,28,0.00,0,0,2,0,0,1,8,2,2,1,36,32,14,2,0,1065,0,0,0,2,3,0,0,2046640128.00,557502464.00,0,"Transition Systems and Networks (Thailand) Co., Ltd. - 5820904297411309598",0,4,0,0.00,1,20.09.366,,enterprise,1000000,9,2020-07-09 23:37:30.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545827,2020-12-07 15:35:22.000,0,35,0.00,0,0,0,0,0,0,1,1,1,0,28,5,2,0,0,1,0,0,0,1,0,0,0,2046640128.00,583487488.00,0,Transmit Security Ltd - 2543791979629349208,0,5,0,0.00,0,20.09.366,,enterprise,1000000,5,2020-10-19 19:35:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3050795,2020-12-06 15:56:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Transport For NSW - 7169299730424946120,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159185272,2020-12-06 16:48:20.000,0,280,0.00,0,0,0,0,0,0,1,1,1,0,28,57,22,0,0,20,0,0,0,2,0,0,0,10501771264.00,1333731328.00,0,Travelport - 1533299281105136486,0,40,0,0.00,0,20.09.366,,enterprise,1000000,40,2019-12-11 05:24:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-151337,2020-12-07 15:47:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Trendyol,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543821,2020-12-06 15:47:06.000,0,63,0.00,0,0,0,0,0,0,1,1,1,0,28,3,3058,0,0,0,0,0,0,0,0,0,0,2046640128.00,601743360.00,0,Trigo - 3810562305596128273,0,9,0,0.00,0,,,enterprise,1000000,75,2020-07-13 12:11:17.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159244726,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,551366656.00,0,Trillion Erp Venturetech LLC - 7545858213052951539,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-04 18:46:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285772,2020-12-07 14:37:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Tripactions, Inc. - 5929761369672694124",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283823,2020-12-07 14:47:52.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,534622208.00,0,"Trueblue, Inc. - 2612267482985293449",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-09-18 17:48:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Truelayer Limited,2020-12-07 09:13:16.000,0,140,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Truelayer Limited,0,20,0,0.00,0,20.04.177,jonathan.binns@truelayer.com,enterprise,800,153,2020-08-21 14:41:58.000,2021-08-19 22:00:00.000,true,ed2a3082-df2e-87df-e296-7c7779b1f202,54.170.4.98,IE,false,0,0, +anz-3053769,2020-12-06 17:42:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Trustbank, Inc. - 962062800762493019",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237037,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Trustwave Holdings, Inc. - 8761021399541203655",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542172,2020-12-07 15:31:14.000,27,427,0.00,0,0,0,0,0,1,1,1,1,0,28,247,36,9,0,1897,28,0,0,0,1,0,0,2046640128.00,652644352.00,1,Tsb Bank Plc - 4972718565193652891,27,61,0,0.00,10,20.09.366,,enterprise,1000000,94,2020-05-20 10:14:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544929,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tufin Software Technologies Ltd. - 1218381436935035496,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Turkye Is Bankasi,2020-12-07 07:00:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Turkye Is Bankasi,0,0,0,0.00,0,20.04.169,null@isbank.com,enterprise,500,28,2020-05-20 08:23:38.000,2021-07-13 08:23:38.000,true,00004155,88.255.123.50,TR,false,0,0, +us-3-159245840,2020-12-07 15:28:36.000,0,175,0.00,0,0,0,0,0,0,2,1,1,0,30,35,0,0,0,79,0,0,0,1,0,0,0,2046640128.00,671604736.00,0,Twist Bioscience Corporation - 7878698205335238347,0,25,0,0.00,0,20.09.366,,enterprise,1000000,25,2020-08-31 18:30:43.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159209235,2020-12-07 15:29:29.000,1,22,0.00,0,0,0,0,1,2,7,3,3,0,29,8,8,1,0,6,0,0,0,4,3,0,2873,2046640128.00,553738240.00,0,Twistlock Demo - 2212360594900215180,1,3,1,0.00,2,20.09.366,,enterprise,1000000,5,2019-12-10 09:37:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212982,2020-12-06 16:22:53.000,0,0,0.00,0,0,1,0,0,1,1,1,2,0,28,1,3,0,0,0,0,0,0,0,1,0,0,2046640128.00,563376128.00,0,"Twistlock, Inc. - 934632968214790174",0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-02-04 16:08:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237260,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Tyson,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +U.S Army Cerdec Intelligence and Information Warfare (I2WD),2020-12-06 18:28:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,U.S Army Cerdec Intelligence and Information Warfare (I2WD),0,0,0,0.00,0,20.04.177,phillips_joshua@bah.com,enterprise,100,1,2020-09-17 14:48:35.000,2021-09-16 07:00:00.000,true,2b27aac5-c8dd-087d-7d2d-ce6765c2120e,128.229.67.14,US,false,0,0, +us-3-159245719,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,U.S. Bank National Association - 2786797879595916396,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228483,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,U.S. Department of State - 756214701240249276,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +U.S. General Services Administration (GSA),2020-12-07 03:38:04.000,0,406,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,U.S. General Services Administration (GSA),0,58,0,0.00,0,20.09.345,null@gsa.gov,enterprise,1400,58,2020-12-02 20:26:17.000,2021-03-23 20:26:17.000,true,e2d55baa-589c-f2b9-5e70-abc3e18233eb,18.213.100.122,US,false,0,0, +gov-3228581,2020-12-06 16:04:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,U.S. General Services Administration (GSA) - 1272777553552566501,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244759,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,U.S. General Services Administration (GSA) - 1799734892916543104,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111575188,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UCSF,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254929,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,3,0,0,0,0,0,0,0,0,0,0,2046640128.00,536317952.00,0,UMG,0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-09 05:02:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158262741,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,1,0,0,1,0,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,535482368.00,0,UNIVERSIDAD EAFIT - 5167336214752393403,0,0,0,0.00,0,,,enterprise,1000000,0,2020-09-02 13:20:03.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159238183,2020-12-06 16:10:24.000,0,126,0.00,0,0,0,0,0,0,1,1,1,0,28,48,62,0,0,11,0,0,0,0,0,0,0,2046640128.00,602087424.00,0,UPMC Enterprises - 1154219383575950657,0,18,0,0.00,0,20.09.366,,enterprise,1000000,18,2020-04-27 17:17:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +US Army NETCOM and US Army Cyber Command,2020-12-06 16:15:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Army NETCOM and US Army Cyber Command,0,0,0,0.00,0,19.07.363,renee.shimizu@teledyne.com,enterprise,100,1,2020-11-05 22:13:58.000,2021-11-04 07:00:00.000,true,a5998d29-cc57-209e-1d4f-35f815009f21,192.88.94.1,US,false,0,0, +US Bank,2020-12-07 07:14:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Bank,0,0,0,0.00,0,19.07.358,mark.sam@usbank.com,enterprise,6300,84,2020-10-26 19:16:24.000,2021-10-24 07:00:00.000,true,24fcfa17-68dd-fe66-7fc6-a6b968df8cf9,170.135.241.45,US,false,0,0, +us-3-159237224,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Department of Health and Human Services (HHS) - 2650771952129280526,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +US Department of Veterans Affairs (VA),2020-12-07 13:21:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Department of Veterans Affairs (VA),0,0,0,0.00,0,20.09.345,andrew.zimmerman@ablevets.com,enterprise,400,0,2020-07-30 22:15:40.000,2021-09-23 07:00:00.000,true,d70e797b-4342-b42a-e59f-3a407a2db600,152.133.18.45,US,false,0,0, +us-3-159183412,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Department of Veterans Affairs (VA) - 992665983651697982,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159182228,2020-12-06 15:45:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Library of Congress - 5188060542316300778,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +US Navy,2020-12-07 04:38:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Navy,0,0,0,0.00,0,20.04.169,mrowan@asrcfederal.com,enterprise,100,4,2020-04-21 21:45:42.000,2021-04-20 07:00:00.000,true,379c3a57-52dd-a0c1-d99c-7f1eb461d43c,192.148.195.254,US,false,0,0, +US Navy,2020-12-07 05:00:33.000,0,42,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,US Navy,0,6,0,0.00,0,20.09.365,alex.hudson@navy.mil,enterprise,100,6,2020-09-16 22:08:49.000,2021-09-15 07:00:00.000,true,609414ab-81bd-9915-928b-7065cde41c0f,164.190.103.104,US,false,0,0, +us-1-111572311,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,531337216.00,0,USAA,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2019-12-10 01:16:40.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245716,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,USAF ACD Support - 8349833943503211221,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +USCIS,2020-12-07 13:51:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,USCIS,0,0,0,0.00,0,19.11.512,null@uscis.dhs.gov,enterprise,700,30,2020-09-15 20:22:44.000,2021-09-18 20:22:44.000,true,6974f897-deb9-b730-c4bc-b94061f0d700,216.81.94.68,US,false,0,100, +us-3-159180464,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UTAH TRANSIT AUTHORITY (UTA) - 1213095057484324358,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181548,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UTAH TRANSIT AUTHORITY (UTA) - 482683364712743908,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-103467,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UTD-Redlock,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572309,2020-12-07 14:39:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UTS,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096754,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,1,3,1,0,28,0,1,0,0,0,0,0,0,0,0,0,25,2046640128.00,537677824.00,0,Ubersystems - 8892501358435507048,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-08-07 05:38:45.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574389,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Udemy,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158257716,2020-12-07 14:37:50.000,3,0,0.00,0,0,0,0,0,0,1,0,1,0,28,7,0,0,0,9734,0,0,0,0,0,0,0,2046640128.00,544178176.00,0,Ulta,3,0,0,0.00,0,20.04.177,,enterprise,1000000,3,2019-12-08 12:17:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210251,2020-12-06 16:04:30.000,0,140,0.00,0,0,0,0,0,0,1,1,1,0,28,10,33,0,0,8356,0,0,0,0,0,0,0,10501771264.00,568262656.00,0,"Under Armour, Inc. - 8801420278458897494",0,20,0,0.00,0,20.09.366,,enterprise,1000000,20,2019-12-30 16:48:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284599,2020-12-07 14:51:46.000,0,7,0.00,0,0,0,0,0,0,6,2,1,0,28,10,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,574664704.00,0,Unee Group Finance - 8580345035148321347,0,1,0,0.00,0,20.09.366,,enterprise,1000000,1,2020-09-29 12:30:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158261714,2020-12-07 14:46:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"UniGroup, Inc. - 4888639797019483949",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284874,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Unified IT Services - 5069130390510070227,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Unimarket Holdings Limited,2020-12-07 10:18:50.000,19,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Unimarket Holdings Limited,19,19,0,0.00,0,20.09.365,damien.hollis@unimarket.com,enterprise,400,62,2020-04-28 16:26:07.000,2021-04-27 07:00:00.000,true,2ed26af3-2da9-4fe0-cf45-6487ff370eb0,35.244.112.113,US,false,0,0, +us-3-159186139,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Unimed - Belo Horizonte Cooperativa De Trabalho Medico. - 74041140773731825,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143540190,2020-12-07 15:03:06.000,11,7,0.00,0,0,0,0,0,0,1,7,1,0,30,1,8,0,0,0,0,0,0,3,6,0,0,2046640128.00,555298816.00,1,Union of European Football Associations (UEFA) - 4542627580259144038,11,1,0,0.00,0,20.09.366,,enterprise,1000000,15,2020-02-19 21:00:31.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158257717,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538116096.00,0,United Health Group,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-07 12:41:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143540929,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United Health Group - 2732585808907783955,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178449,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United Services Automobile Association - 3288276506269148025,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285646,2020-12-07 14:46:33.000,0,21,0.00,0,0,0,0,0,0,1,2,1,0,28,43,1,0,0,0,0,0,0,2,0,0,152,2046640128.00,552878080.00,0,United States Cellular Corporation - 99083109827218860,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-10-22 01:05:34.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +United States Department of Agriculture (USDA OCIO),2020-12-07 04:32:07.000,0,168,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United States Department of Agriculture (USDA OCIO),0,24,0,0.00,0,20.09.345,brandon.hodges@usda.gov,enterprise,800,24,2020-06-29 19:20:00.000,2021-06-18 07:00:00.000,true,e5585492-a35a-4396-099f-f69342591c24,216.81.94.71,US,false,0,0, +United States Department of Defense (DoD),2020-12-07 10:10:18.000,0,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United States Department of Defense (DoD),0,7,0,0.00,0,20.09.345,james.c.monroe22.ctr@mail.mil,enterprise,200,7,2020-03-04 19:39:54.000,2021-03-03 08:00:00.000,true,b0e2fb5a-cc7c-e8ba-a6f3-57744b87fb17,214.23.34.11,US,false,0,0, +United States Department of Homeland Security (DHS),2020-12-07 01:40:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United States Department of Homeland Security (DHS),0,0,0,0.00,0,20.04.163,jordan.guffain@ngc.com,enterprise,100,12,2020-04-03 13:37:20.000,2021-04-02 07:00:00.000,true,5b6052a5-07bb-ae33-7fff-d3ed142d8421,216.81.81.80,US,false,0,0, +United States Department of Homeland Security (DHS) - NCPS,2020-12-06 19:32:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United States Department of Homeland Security (DHS) - NCPS,0,0,0,0.00,0,19.07.363,kristen.n.gaskins@raytheon.com,enterprise,1120,57,2020-03-24 21:44:08.000,2021-03-21 21:44:08.000,true,e34aedaa-c3ea-62d7-6359-99f6888ab22f,18.252.0.194,US,false,0,140, +us-3-159184249,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United States Pharmacopeia,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284809,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United States Steel Corporation - 6151602006287577715,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262738,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,538222592.00,0,United States Strategic Command (USSTRATCOM) - 7863985914205242451,0,0,0,0.00,0,,,enterprise,1000000,0,2020-09-01 23:05:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159211155,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,1,1,0,0,0,0,0,0,3,0,0,0,2046640128.00,551673856.00,0,United Technologies Corporation - 2730678808093736142,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-01-13 19:10:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +gov-3181583,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United Technologies Corporation - 3324895684630832074,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181490,2020-12-06 15:45:49.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,539820032.00,0,United Technologies Corporation - 6792597675021530610,0,2,0,0.00,0,20.09.351,,enterprise,1000000,2,2019-12-11 15:04:33.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159182263,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United Therapeutics Corporation - 1738519642867299125,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159208238,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,United Therapeutics Corporation - 4741946042367974511,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111573393,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UnitedHealth Group,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +UnitedHealth Group,2020-12-07 06:04:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UnitedHealth Group,0,0,0,0.00,0,20.04.163,null@optum.com,enterprise,4024,2,2020-03-02 23:10:59.000,2021-02-26 23:10:59.000,true,40606a31-698c-4ffb-2769-a42449170c6e,198.203.175.175,US,false,0,503, +UnitedHealth Group,2020-12-07 15:08:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UnitedHealth Group,0,0,0,0.00,0,20.04.177,quinton.niska@optum.com,enterprise,1042,858,2020-04-24 21:07:26.000,2021-04-23 07:00:00.000,true,073fe5e7-6cf2-e2e7-fc44-dd8338162f90,198.203.175.175,US,false,1042,0, +us-3-159245809,2020-12-06 16:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UnitedHealth Group - 5229221859829085333,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544936,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UnitedHealth Group - 5651435267611700774,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245717,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,UnitedHealth Group - 996560529754681378,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052898,2020-12-07 15:33:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Unitingcare Queensland - 4582703272760490615,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158284751,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Universal Technical Institute - 748547709917988647,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544934,2020-12-07 15:27:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Universidad Carlos III (UC3M) - 2869627259135807939,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543975,2020-12-07 15:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Universita' degli Studi di Milano - 1132011486833578502,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214009,2020-12-06 15:55:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,University of Pittsburgh School of Medicine (UPMC) - 3694184292122600669,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286520,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,4,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,534773760.00,0,University of Pittsburgh School of Medicine (UPMC) - 920875833089366952,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2020-11-06 16:45:48.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Upgrade, Inc.",2020-12-07 12:41:19.000,0,77,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Upgrade, Inc.",0,11,0,0.00,0,20.04.177,lmokin@upgrade.com,enterprise,200,11,2020-09-24 22:33:17.000,2021-10-02 07:00:00.000,true,706b4e4d-269e-0ef5-7d92-d214b0704b07,35.164.44.121,US,false,0,0, +anz-3051845,2020-12-06 15:58:40.000,42,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,537522176.00,0,Upl Limited - 94295660540659189,42,0,0,0.00,0,,,enterprise,1000000,42,2020-03-11 13:02:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +"Urban Airship, Inc.",2020-12-06 23:04:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Urban Airship, Inc.",0,0,0,0.00,0,19.11.480,robert@urbanairship.com,enterprise,300,1230,2020-10-31 07:01:19.000,2021-10-30 00:00:00.000,true,38ad3639-e7e3-ddb1-dd5d-b932c8b62e79,34.74.251.16,US,false,0,0, +aws-singapore-961096910,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VIETTEL GROUP - 6367889948569553489,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096907,2020-12-07 15:02:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VSQUARE SYSTEMS PRIVATE LIMITED - 6609724551351414950,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572523,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VUMC,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244692,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Valley National Bank - 493809110931882413,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243887,2020-12-07 15:28:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Valley National Bank - 8409618652364469147,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153379,2020-12-07 15:22:37.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,327634944.00,1,Vallourec S.A. - 8934645531978556345,0,4,0,0.00,0,20.09.366,,enterprise,1000000,4,2020-12-07 11:53:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Varian Medical Systems,2020-12-07 12:18:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Varian Medical Systems,0,0,0,0.00,0,19.11.506,Michael.Clark@varian.com,enterprise,80,9,2020-04-03 16:08:30.000,2021-03-30 16:08:30.000,true,00000553,52.247.237.7,US,false,0,10, +eu-151428,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Varner Gruppen - 5146530631895831200,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544839,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Varonis Systems Ltd - 1504730276811994834,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545798,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,523489280.00,0,Vencomatic Group - 3529756147750563367,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-16 15:05:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159215059,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Veracode, Inc. - 5200313568197187562",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256016,2020-12-07 14:47:53.000,0,91,0.00,0,0,0,0,0,0,1,1,1,0,28,24,12,0,0,0,0,0,0,2,27,0,0,2046640128.00,572637184.00,0,Veradigm Health,0,13,0,0.00,0,20.09.366,,enterprise,1000000,13,2019-12-08 13:34:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Verafin Inc,2020-12-06 21:46:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verafin Inc,0,0,0,0.00,0,20.04.169,beau.leboutillier@verafin.com,enterprise,2000,207,2020-07-29 22:47:41.000,2021-10-29 22:47:41.000,true,e18d2a6f-f30c-1b8a-4446-14213ecda3f5 ,34.205.167.243,US,false,0,250, +us-1-111574446,2020-12-07 14:36:17.000,27,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,541900800.00,0,Verana Health,27,0,0,0.00,0,20.04.177,,enterprise,1000000,27,2019-12-10 03:19:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245692,2020-12-06 16:33:35.000,6,0,0.00,0,0,0,0,0,0,2,1,1,0,31,10,1,0,0,23,0,0,0,0,0,0,0,2046640128.00,544043008.00,0,Verisys Corporation - 9078318017391420127,6,0,0,0.00,0,20.04.177,,enterprise,1000000,6,2020-08-20 21:48:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Verizon,2020-12-06 19:23:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon,0,0,0,0.00,0,19.07.353,mayank.mehrotra@verizon.com,enterprise,100,1,2020-11-07 23:45:07.000,2021-11-04 07:00:00.000,true,34714080-eec2-373d-2fae-770633d2d0ca,132.197.246.66,US,false,0,0, +us-2-158255983,2020-12-07 14:51:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon CSIS,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Verizon Communications Inc,2020-12-07 09:56:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon Communications Inc,0,0,0,0.00,0,19.11.506,anita.kemmerer@verizon.com,enterprise,800,48,2020-03-18 17:51:14.000,2021-03-31 17:51:14.000,true,e828bd79-e939-dc55-229e-e053b4588117,54.197.62.209,US,false,0,100, +Verizon Communications Inc.,2020-12-07 00:52:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon Communications Inc.,0,0,0,0.00,0,20.04.163,sandipkumar.shah@verizon.com,enterprise,300,1,2020-04-28 20:02:19.000,2021-04-27 07:00:00.000,true,11751f43-2445-2165-3c84-24f5b4818785,44.226.192.242,US,false,0,0, +Verizon Communications Inc.,2020-12-06 21:00:46.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon Communications Inc.,0,1,0,0.00,0,20.09.365,amit.mahajan@verizonwireless.com,enterprise,100,1,2020-12-03 19:04:02.000,2021-12-02 08:00:00.000,true,4fdda863-f21c-512c-7a1a-d70d87c950ce,137.188.108.18,US,false,0,0, +Verizon Communications Inc.,2020-12-07 14:07:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon Communications Inc.,0,0,0,0.00,0,19.07.363,fiona.ocoonor@ie.verizon.com,enterprise,900,6,2020-11-10 19:00:54.000,2021-11-12 19:00:54.000,true,00001575,54.160.111.182,US,false,0,0, +Verizon IT/Comm/Data Services,2020-12-07 13:55:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon IT/Comm/Data Services,0,0,0,0.00,0,20.04.177,don.williams@verizonwireless.com,enterprise,10000,0,2020-08-12 18:21:46.000,2021-08-18 18:21:46.000,true,00000913,137.188.108.18,US,false,0,0, +gov-3181550,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Verizon Wireless - 1555208790940115860,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542015,2020-12-07 15:44:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vermeg - 4445612895842557299,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-152229,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vermeg Solution - 8062334420675615409,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285682,2020-12-07 14:36:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Versa Networks - 2027641173134238791,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3228579,2020-12-06 16:04:33.000,2,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,537444352.00,0,Versaterm Inc - 9192202435800321899,2,0,0,0.00,0,,,enterprise,1000000,2,2020-10-26 17:55:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Vertex Pharmaceuticals,2020-12-06 19:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vertex Pharmaceuticals,0,0,0,0.00,0,20.04.177,simon_tran@vrtx.com,enterprise,48,6,2020-02-25 21:00:25.000,2021-02-24 21:00:25.000,true,c8d45c29-c1b9-48db-3589-c1780c470716,192.80.70.51,US,false,0,6, +Vertex Pharmaceuticals Incorporated,2020-12-06 18:14:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vertex Pharmaceuticals Incorporated,0,0,0,0.00,0,20.04.177,simon_tran@vrtx.com,enterprise,147,6,2020-11-02 19:46:48.000,2021-02-24 19:46:48.000,true,c8d45c29-c1b9-48db-3589-c1780c470716,192.80.70.51,US,false,0,21, +us-3-159213076,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vertex Pharmaceuticals Incorporated - 2240001629419871960,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244817,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vertex Pharmaceuticals Incorporated - 6581584132894758521,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159213110,2020-12-07 15:28:36.000,66,322,0.00,0,0,0,0,0,0,1,1,1,0,28,53,74,0,0,45,1,0,0,1,0,0,0,2046640128.00,728891392.00,0,Vesta - 6911542139109057940,66,46,0,0.00,0,20.04.163,,enterprise,1000000,113,2020-02-08 01:49:36.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3051914,2020-12-07 15:45:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Viacom 18 Media Private Limited - 3712862018725627273,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159184405,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Viacom 18 Media Private Limited - 5664895222076204918,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241784,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Viacom Inc. - 4740446850877262704,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Viasat,2020-12-07 04:04:18.000,0,609,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Viasat,0,87,0,0.00,0,20.09.345,ivan.camero@viasat.com,enterprise,2600,87,2020-03-09 17:27:49.000,2021-03-11 17:27:49.000,true,9e463b66-c39a-a971-9645-b8fb349e936e,72.173.29.60,US,false,0,325, +us-2-158258681,2020-12-07 14:34:00.000,0,1162,0.00,0,0,0,0,0,0,1,1,1,0,28,1370,300,0,0,1988,24,0,0,0,0,0,0,52777418752.00,11009662976.00,0,Vibrent Health,0,166,0,0.00,0,20.09.366,,enterprise,1000000,201,2019-12-09 21:44:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158259855,2020-12-07 14:37:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vijay's Prod,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178544,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Viking Global Investors - 2866483369840253780,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543970,2020-12-06 15:52:54.000,0,0,0.00,0,0,0,0,0,0,7,1,1,0,28,0,0,0,0,55,0,0,0,1,1,0,0,2046640128.00,606158848.00,0,Vimond Media Solutions As - 4846117240428708914,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-07-29 11:30:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143545026,2020-12-07 15:47:32.000,0,357,0.00,0,0,0,0,0,0,37,1,1,0,28,139,113,0,0,12,0,0,0,1,5,0,0,2046640128.00,692756480.00,0,Vimond Media Solutions As - 5283084341856292351,0,51,0,0.00,0,20.09.366,,enterprise,1000000,51,2020-09-29 08:55:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Vineet_Persad_SE_Demo,2020-12-06 19:29:59.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vineet_Persad_SE_Demo,1,2,2,0.00,0,20.09.365,vpersad@paloaltonetworks.com,evaluation,100,5,2020-02-12 19:15:58.000,2021-02-11 19:15:58.000,true,0,34.68.127.79,US,false,0,0, +us-2-158255922,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,180,0,0,0,1,1,0,0,2046640128.00,543117312.00,0,Vistra Energy,0,0,0,0.00,0,20.09.366,,enterprise,1000000,0,2019-12-09 21:25:57.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Vistra Energy Corp.,2020-12-06 21:55:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vistra Energy Corp.,0,0,0,0.00,0,20.04.177,null@vistraenergy.com,enterprise,240,8,2020-08-13 20:02:27.000,2021-07-23 20:02:27.000,true,c38e4b93-3493-aa98-0aca-78a9935d6545 ,206.227.136.100,US,false,0,30, +us-2-158286739,2020-12-07 15:01:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Vizient, Inc. - 8923417625995638869",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Vmware, Inc.",2020-12-07 09:29:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Vmware, Inc.",0,0,0,0.00,0,20.04.177,vsrivatsavr@vmware.com,enterprise,3150,29,2020-09-28 18:01:05.000,2022-10-23 18:01:05.000,true,8099bce3-7bd6-b67c-05d6-0b326d111789,96.127.85.32,US,false,0,450, +us-2-158285840,2020-12-07 14:39:20.000,0,112,0.00,0,0,0,0,0,0,1,1,1,0,28,153,16,0,0,0,0,0,0,0,0,0,0,2046640128.00,661749760.00,0,"Vmware, Inc. - 5333785747132029548",0,16,0,0.00,0,20.09.366,,enterprise,1000000,17,2020-11-04 22:13:13.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +VocaLink Limited,2020-12-04 13:15:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VocaLink Limited,0,0,0,0.00,0,19.11.512,john.halstead@vocalink.com,enterprise,1000,228,2020-08-27 10:18:10.000,2020-12-04 23:00:00.000,true,217dc6fe-ebf7-78de-5ba6-6bd0ed427942,62.254.172.140,GB,false,0,0, +eu-2-143546021,2020-12-07 15:35:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VocaLink Limited - 2925997399731826508,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545029,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vodacom - 2074872523551783477,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Vodafone Espana, S.A.U.",2020-12-07 08:24:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Vodafone Espana, S.A.U.",0,0,0,0.00,0,20.04.163,francisco.gazopo@vodafone.com,enterprise,300,11,2020-04-08 20:42:24.000,2021-06-07 07:00:00.000,true,440231a9-76ae-aea6-6154-90db800ff446,3.127.15.248,DE,false,0,0, +anz-3052684,2020-12-06 15:51:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Volkswagen Finance Private Limited - 5743179963823669922,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096873,2020-12-07 14:56:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Votem Corp - 308818156888134977,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159178507,2020-12-06 16:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Vox Media, Inc. - 5566212971689225873",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Vp Bank Ag,2020-12-06 16:40:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Vp Bank Ag,0,0,0,0.00,0,19.07.353,null@vpbank.com,enterprise,100,1,2020-11-09 15:36:04.000,2021-09-26 15:36:04.000,true,02b67b38-35f8-51ee-50ef-a2171b565295,80.241.114.40,LI,false,0,0, +us-2-158285623,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Vw Credit, Inc. - 3797435018498717592",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159240856,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VyStar Credit Union - 467145101476494850,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159238221,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,VyStar Credit Union - 8574825891825456963,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159239085,2020-12-06 16:03:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"W. L. Gore & Associates, Inc. - 6311794049008038844",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543132,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,WEIZMANN INSTITUTE OF SCIENCE - 2452421055589358389,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544807,2020-12-07 15:27:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,WIPRO TRAVEL SERVICES LIMITED - 6668779489137010055,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258892,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,WU,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158255800,2020-12-07 14:36:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,WWT,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545771,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wallix - 5695736341023614773,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254057,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Walt Disney Parks,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096909,2020-12-07 14:54:36.000,4,21,0.00,0,0,0,0,0,0,1,1,1,0,28,1,10,0,0,0,4,0,0,0,0,0,0,2046640128.00,539672576.00,0,"Wanin International Co., Ltd. - 1994219545145812962",4,3,0,0.00,0,20.09.351,,enterprise,1000000,7,2020-10-07 03:16:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158285743,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Ware2go Inc. - 347084340915630020,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159212211,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Warner Media, LLC - 3226508811678382541",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159243793,2020-12-07 15:38:45.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,2,0,0,2046640128.00,594661376.00,0,"Waste Management, Inc. HQ - 7150709683197159906",0,0,0,0.00,0,20.09.345,,enterprise,1000000,0,2020-07-23 20:53:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242742,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wave Financial Inc. - 6678309281625784769,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +"Wawa, Inc.",2020-12-06 20:13:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Wawa, Inc.",0,0,0,0.00,0,20.04.177,dean.turturici@wawa.com,enterprise,400,6,2020-07-21 23:00:25.000,2021-07-29 07:00:00.000,true,e5521079-87da-8de3-1b1b-32d3866ef32f,23.22.131.108,US,false,0,0, +us-2-158283699,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Weicloud Technology Co., Ltd - 250787724410327209",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3049089,2020-12-06 15:55:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Welab Digital Limited - 5041707921666913902,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159183439,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Welab Digital Limited - 6943683660061414258,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572397,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wellframe,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Wellframe Inc.,2020-12-07 02:57:55.000,0,70,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wellframe Inc.,0,10,0,0.00,0,20.09.345,jhatem@wellframe.com,enterprise,200,10,2020-05-15 21:09:49.000,2021-05-16 07:00:00.000,true,b1ae9939-4298-1278-f916-52f401ed7304,34.121.63.65,US,false,0,0, +us-3-159212113,2020-12-07 15:29:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wells Fargo & Company - 3301052661555645151,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3052775,2020-12-06 15:51:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wemo Co.,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3051938,2020-12-06 15:51:00.000,78,413,0.00,0,0,0,0,0,0,3,3,1,0,28,95,180,0,0,103,1,0,0,1,0,0,0,2046640128.00,736313344.00,0,Wemo Co. Ltd. - 2350414464436512571,78,59,0,0.00,0,20.09.366,,enterprise,1000000,138,2020-04-06 05:31:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +anz-3054610,2020-12-06 17:42:47.000,0,49,0.00,0,0,0,0,0,0,1,1,1,0,28,5,5,0,0,0,0,0,0,1,1,0,0,2046640128.00,417312768.00,0,Wesfarmers Bunnings Limited - 255091963627330170,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-11-26 05:34:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +West Edge Tech Services Inc.,2020-12-07 10:01:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,West Edge Tech Services Inc.,0,0,0,0.00,0,20.04.177,emmanuel@88tech.net,evaluation,100,3,2020-11-10 01:25:00.000,2020-12-09 08:00:00.000,true,4b62bf99-7f5a-58a9-0720-c288dd926944,115.146.182.130,PH,false,0,0, +us-2-158260630,2020-12-07 14:34:00.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,533286912.00,0,WestJet Airlines - 3485213239487726208,1,0,0,0.00,0,20.04.177,,enterprise,1000000,1,2019-12-06 15:27:35.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544773,2020-12-07 15:44:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Westcon Group European Operations Ltd (Netherlands) - 3869631274143329188,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544810,2020-12-06 15:47:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Westcon Middle East Ltd. - 2197409915243665021,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545736,2020-12-06 15:46:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Westcon Middle East Ltd. - 752678953523581266,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111525284,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Western Asset Management,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242777,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,1,1,1,1,2,28,0,0,4,0,0,0,0,0,0,1,0,0,2046640128.00,540033024.00,0,Western Governors University - 2239715683877945665,0,0,0,0.00,5,20.09.366,,enterprise,1000000,0,2020-07-06 17:14:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284817,2020-12-07 14:44:06.000,0,429,0.00,0,0,0,0,0,0,2,1,1,1,28,1,0,0,5,0,0,0,0,1,2,0,0,2046640128.00,687583232.00,0,Western Governors University - 4842942276123247441,0,2,415,0.00,0,20.09.366,,enterprise,1000000,1426,2020-10-09 19:49:15.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159245841,2020-12-06 16:48:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Western National Life Insurance Company - 1212943481828621325,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053866,2020-12-06 17:21:00.000,1,7,0.00,0,0,0,0,0,0,1,1,1,0,28,2,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,543608832.00,0,Western Power - 7085136865572585886,1,1,0,0.00,0,20.09.366,,enterprise,1000000,2,2020-10-08 02:47:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159210348,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Westinghouse Electric Company Llc - 3697419618978786461,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143544067,2020-12-07 15:35:22.000,0,56,0.00,0,0,0,0,0,0,1,1,1,0,28,14,8,0,0,6896,0,0,0,1,0,0,0,2046640128.00,609157120.00,0,Wetrade Innovation DAC - 4843705216445661778,0,8,0,0.00,0,20.04.177,,enterprise,1000000,8,2020-08-12 10:04:16.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-103255,2020-12-07 15:27:19.000,0,679,0.00,0,0,0,0,0,0,1,1,1,0,28,31,30,0,0,4,0,0,0,0,0,0,0,2046640128.00,605843456.00,0,Whitbread,0,97,0,0.00,0,20.09.366,,enterprise,1000000,100,2019-12-09 11:49:10.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158283633,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wide Open West - 8866757420371881919,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3001938,2020-12-07 15:45:22.000,0,14,0.00,0,0,1,0,0,0,2,4,2,0,30,0,0,0,0,11,0,0,0,1,1,0,5,2046640128.00,550522880.00,0,Wipro Limited (India) - 6438268967708564903,0,2,0,0.00,2,20.09.366,,enterprise,1000000,2,2019-12-10 00:29:53.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243764,2020-12-06 16:06:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wipro Limited - 2509375121924775809,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159215894,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wipro Limited - 2574839228256625979,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286615,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wix.com Ltd - 5393517725993278323,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Wix_Eval3,2020-12-07 10:37:46.000,0,490,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wix_Eval3,0,70,0,0.00,0,20.09.345,royh@wix.com,evaluation,1000,139,2020-11-08 13:47:51.000,2020-12-08 13:47:51.000,true,Wix_Eval3,3.220.109.194,US,false,0,0, +eu-2-143544093,2020-12-07 15:35:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wood PLC - 7956004817840826304,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545737,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,525893632.00,0,Wootcloud Inc - 2392359292071704077,0,0,0,0.00,0,20.09.351,,enterprise,1000000,0,2020-10-05 17:12:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +eu-2-143544963,2020-12-06 15:52:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wootcloud Inc - 9140475294845558135,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111523698,2020-12-07 14:28:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Workday,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Workday,2020-12-07 15:03:32.000,0,959,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Workday,0,137,0,0.00,0,20.09.345,damian.mcgrath@workday.com,enterprise,12000,137,2020-05-22 22:38:12.000,2023-04-21 07:00:00.000,true,0392016c-256c-0fd7-bf3e-58c4723da42b,52.12.48.140,US,false,0,0, +us-3-159209229,2020-12-06 16:03:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Workfront - 2220546759847749282,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Workiva LLC,2020-12-07 14:36:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Workiva LLC,0,0,0,0.00,0,20.04.177,matthew.sullivan@workiva.com,enterprise,4000,1925,2020-04-15 20:53:52.000,2021-03-12 08:00:00.000,true,d939a46b-34ef-e2ed-5ab5-c069aa686f11,34.203.4.66,US,false,0,0, +eu-2-143545925,2020-12-07 15:03:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,World Duty Free Group Sociedad Anonima. - 1893401580756125684,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159242063,2020-12-06 16:22:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,World Wide Technology - 2151427263335605402,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543905,2020-12-07 15:47:33.000,0,217,0.00,0,0,0,0,0,0,1,1,1,0,28,82,1,0,0,0,0,0,0,1,0,0,0,2046640128.00,632557568.00,0,Worldremit Ltd. - 3356335872998403884,0,31,0,0.00,0,20.09.366,,enterprise,1000000,31,2020-07-21 10:08:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241996,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wu,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158254091,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Wyndham Destinations,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158258838,2020-12-07 14:37:49.000,0,0,0.01,0,0,0,0,0,0,1,1,1,0,28,0,0,20,0,0,0,0,0,0,2,0,0,2046640128.00,546254848.00,0,Wyndham Hotels and Resorts,0,0,0,576.00,172,20.09.366,,enterprise,1000000,34,2019-12-09 19:45:46.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159179353,2020-12-06 16:22:53.000,0,602,0.00,0,0,0,0,0,0,2,2,1,0,31,152,753,0,0,144,2,0,0,11,0,0,0,10501771264.00,1186627584.00,0,XP Investimentos - 6922605921304409623,0,86,0,0.00,0,20.09.366,,enterprise,1000000,99,2019-12-10 09:33:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159242993,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"XPO LOGISTICS, LLC - 7010749618892942483",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158261751,2020-12-07 14:46:32.000,0,462,0.00,0,0,0,0,0,0,1,1,1,0,28,197,302,0,0,26,0,0,0,5,0,0,4286,10501771264.00,1515872256.00,0,"XPO LOGISTICS, LLC - 8028330518218622342",0,66,0,0.00,0,20.09.366,,enterprise,1000000,67,2019-12-09 15:21:54.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +Xapo (Gibraltar) Limited,2020-12-07 09:37:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Xapo (Gibraltar) Limited,0,0,0,0.00,0,20.04.169,jesus.irausquin@xapo.com,enterprise,100,5,2020-09-30 17:55:14.000,2021-09-29 07:00:00.000,true,d0b9f5ad-091c-6c2c-ee75-230dae9f0581,18.224.241.123,US,false,0,0, +us-3-159241011,2020-12-06 15:52:50.000,0,595,0.00,0,0,0,0,0,0,1,1,1,0,28,38,1,0,0,32,0,0,0,0,0,0,0,2046640128.00,737558528.00,0,Xapo (Gibraltar) Limited - 8528493384086292467,0,85,0,0.00,0,20.09.366,,enterprise,1000000,85,2020-06-08 19:00:51.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159212020,2020-12-07 15:30:13.000,0,84,0.00,0,0,0,0,0,0,4,1,4,0,28,16,14,0,0,0,0,0,0,2,18,0,0,2046640128.00,551014400.00,0,Xcel Energy Inc. - 4653355808172222070,0,12,0,0.00,3,20.09.366,,enterprise,1000000,12,2020-01-23 21:27:24.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159237098,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Xcel Energy Inc. - 6573676267462665795,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545768,2020-12-07 15:35:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Xm Cyber Ltd - 6806251410049869886,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gov-3181432,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Xometry, Inc. - 4773282668656193199",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283727,2020-12-07 14:47:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Xometry, Inc. - 5319225516032991359",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +YKB_Eval7,2020-12-07 12:30:48.000,0,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,YKB_Eval7,0,19,0,0.00,0,20.09.345,ihsan.cakmakli@yapikredi.com.tr,evaluation,200,19,2020-11-10 14:02:38.000,2021-01-19 14:02:38.000,true,YKB_Eval7,193.254.228.201,TR,false,0,0, +eu-2-143546013,2020-12-07 15:27:57.000,0,49,0.00,0,0,1,0,0,0,1,1,1,0,28,22,13,0,0,0,7,0,0,0,0,0,0,2046640128.00,495878144.00,0,YKM Turizm - 8079811139508936526,0,7,0,0.00,0,20.09.366,,enterprise,1000000,7,2020-11-18 15:51:22.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aws-singapore-961143778,2020-12-07 14:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Yanolja - 3585717885841117502,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143543070,2020-12-07 15:20:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Yoigo - 5195828550969631302,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143541215,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Yoigo - 5470527751397414694,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +canada-550157617,2020-12-07 09:58:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,York University - 3077468814837785801,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Yseop,2020-12-07 09:03:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Yseop,0,0,0,0.00,0,20.04.163,cchahbazian@yseop.com,enterprise,100,1,2020-02-27 14:50:33.000,2021-02-26 08:00:00.000,true,2a11de15-a417-f40f-393b-bb8bba9618d7,195.154.87.197,FR,false,0,0, +ZS Associates,2020-12-06 18:28:50.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ZS Associates,0,2,0,0.00,0,20.09.365,bharath.sundararaj@zs.com,evaluation,100,2,2020-11-21 00:14:55.000,2021-01-04 06:00:00.000,true,033950a3-77dc-6fcb-69d2-3c3e68e6ab64,50.16.90.94,US,false,0,0, +us-2-158285769,2020-12-07 14:44:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ZS Associates - 6643236128682097524,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181237,2020-12-06 16:03:50.000,0,196,0.00,0,0,0,0,0,0,1,1,1,0,30,44,30,0,0,3538,0,0,0,0,0,0,0,2046640128.00,644988928.00,0,Zam Network Llc - 3396886801410490617,0,28,0,0.00,0,20.09.366,,enterprise,1000000,110,2019-12-10 12:05:09.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159182383,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Zam Network Llc - 615243790967617144,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214996,2020-12-06 16:03:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ZeroPW - 6593924934396430564,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159241009,2020-12-06 16:22:53.000,9,9,0.00,0,0,0,0,0,0,1,1,1,1,28,2,0,0,9126842,0,0,0,0,1,0,0,0,10501771264.00,1765343232.00,0,"Zeroed-In Technologies, LLC - 2546849121047772682",9,0,9,0.00,0,20.09.366,,enterprise,1000000,18,2020-06-08 16:56:47.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159243893,2020-12-06 16:10:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Zeroed-In Technologies, LLC - 8289152161273221061",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159214936,2020-12-06 16:03:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Zerto - 1286300436539552691,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053805,2020-12-06 17:39:08.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,16,1,0,0,0,0,0,0,0,0,0,0,2046640128.00,542543872.00,0,Zetaris Pty Ltd - 3767914965328948854,0,1,0,0.00,0,,,enterprise,1000000,1,2020-09-15 04:29:02.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111525285,2020-12-07 14:28:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Zipongo,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +Zocdoc,2020-12-06 19:42:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Zocdoc,0,0,0,0.00,0,2.5.121,bach.hoang@zocdoc.com,enterprise,160,0,2020-08-10 15:51:29.000,2021-08-08 15:51:29.000,true,00000911,18.213.149.109,US,false,0,20, +us-1-111572465,2020-12-07 14:26:17.000,1,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532549632.00,0,Zoetis,1,0,0,0.00,0,,,enterprise,1000000,1,2019-12-08 06:10:49.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159241910,2020-12-06 16:38:05.000,1,112,0.00,0,0,0,0,0,0,1,1,1,0,28,1,16,0,0,84,12,0,0,0,0,0,0,2046640128.00,573841408.00,0,"Zoom Video Communications, Inc. - 3092465749497764099",1,16,0,0.00,0,,,enterprise,1000000,17,2020-06-24 00:20:59.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159185360,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"Zoro Tools, Inc. - 7262784507225584906",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159181305,2020-12-06 16:04:31.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,1,0,0,0,0,0,0,0,2046640128.00,707514368.00,0,"Zoro Tools, Inc. - 8378694657021298193",0,0,0,0.00,0,,,enterprise,1000000,0,2019-12-10 15:19:26.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-3-159180523,2020-12-06 16:43:51.000,0,91,0.00,0,0,0,0,0,0,1,1,1,0,28,87,6,0,0,22,0,0,0,1,1,0,0,2046640128.00,552038400.00,0,Zurich Insurance Company Ltd. - 9085840798849202240,0,13,0,0.00,0,20.09.366,,enterprise,1000000,13,2019-12-10 13:16:04.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111574289,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,Zynga,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3053800,2020-12-06 17:42:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,abc - 487599377518854783,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aborel@paloaltonetworks.com,2020-12-07 14:07:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aborel@paloaltonetworks.com,0,0,0,0.00,0,20.04.182,aborel@paloaltonetworks.com,enterprise,90,1,2020-06-12 19:01:04.000,2021-06-12 19:01:04.000,true,0,35.188.16.97,US,true,10,10, +aclark_se_eval_3,2020-12-06 15:51:18.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aclark_se_eval_3,1,2,2,0.00,0,20.09.345,aclark@paloaltonetworks.com,evaluation,300,5,2020-09-23 17:09:26.000,2021-09-23 17:09:26.000,true,0,34.68.127.79,US,true,0,0, +us-2-158283730,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,acloudsecure.com - 1525999029151046377,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285746,2020-12-07 14:37:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,acloudsecure.com - 56834231604172132,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +adib,2020-12-07 14:53:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,adib,0,0,0,0.00,0,20.04.163,null@adib.ae,enterprise,500,15,2019-12-20 16:57:14.000,2021-12-19 16:57:14.000,true,00002057,217.165.31.16,AE,false,0,0, +admiral,2020-12-06 18:09:53.000,0,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admiral,0,19,0,0.00,0,20.09.366,null@admiralgroup.co.uk,evaluation,100,27,2020-10-13 08:41:10.000,2020-12-12 08:41:10.000,true,0,51.11.21.154,GB,false,0,0, +admitry,2020-12-07 11:13:56.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,0,0,0.00,0,20.12.527,admitry@paloaltonetworks.com,enterprise,1000,7,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,UGMzMXNRanV1ME5I +admitry,2020-12-06 22:27:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,0,0,0.00,0,20.12.525,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,Nlg0VWRiL1A0Q1d4 +admitry,2020-12-07 12:03:11.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.520,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,ZXJEd3N5cm00Y2ZD +admitry,2020-12-06 13:37:17.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.521,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,bFZCS2U0VW9KNlh5 +admitry,2020-12-06 16:23:45.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,QnVrM3lhckswVHdt +admitry,2020-12-07 14:02:09.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.607,admitry@paloaltonetworks.com,enterprise,1000,2,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,enhoeHFGZlZ1U1ZP +admitry,2020-12-04 22:10:14.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.609,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,MnZ3anpoOHZIa2xu +admitry,2020-12-07 06:52:27.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.610,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,V1lRQXhYMjVOYlJU +admitry,2020-12-07 06:46:41.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0, +admitry,2020-12-05 14:08:37.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.522,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,VXE4ZWlNTEVpSzdm +admitry,2020-12-05 22:10:55.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.610,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,aUpZRnVuNi9ZZ0h1 +admitry,2020-12-05 22:17:52.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.610,admitry@paloaltonetworks.com,enterprise,1000,471,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,WFN4bWhNMDFTeHdR +admitry,2020-12-05 22:27:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,0,0,0.00,0,20.12.610,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,cGw5TXBnK2thdTlz +admitry,2020-12-02 22:16:40.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.607,admitry@paloaltonetworks.com,enterprise,1000,478,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,bjQyRmdFMFg3NzhX +admitry,2020-11-30 19:07:26.000,0,91,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,13,0,0.00,0,20.11.510,admitry@paloaltonetworks.com,enterprise,1000,13,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,OERDeTJnbWNRSkRL +admitry,2020-12-02 16:06:28.000,0,42,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,6,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,15,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,TE1teHJoVUl1QTVB +admitry,2020-11-30 07:00:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,0,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,TWtRWlJ0TnBxUGlW +admitry,2020-11-29 22:26:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,0,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,7,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,cTVMVk1nMTNUWE9J +admitry,2020-11-29 22:09:15.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.518,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,a3U3Q1BsclVoYzBt +admitry,2020-12-01 22:10:36.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,QnZIT1diQ2xXQ2cy +admitry,2020-11-29 22:11:36.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.518,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,cVFYWUdqRW5WV1Bu +admitry,2020-12-01 13:13:42.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.518,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,UjNDSUp3MTkvQ1B2 +admitry,2020-11-30 22:09:34.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,136,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,dU9XQUxKUUdtbVd0 +admitry,2020-12-02 07:08:55.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,1,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,U1dKRStEbWhOMGJt +admitry,2020-11-30 22:10:17.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,4,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,Yi9uaXRLeGR4bzFq +admitry,2020-12-01 08:19:27.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,2,0,0.00,0,20.12.519,admitry@paloaltonetworks.com,enterprise,1000,2,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,VXYzaURzWmpQTmFm +admitry,2020-12-03 22:16:40.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,admitry,0,1,0,0.00,0,20.12.608,admitry@paloaltonetworks.com,enterprise,1000,472,2020-02-02 09:49:53.000,2023-01-17 09:49:53.000,true,admitry,104.198.77.5,US,true,0,0,d2ViOHZCSnNWTCtS +aegon_400,2020-12-07 11:33:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aegon_400,0,0,0,0.00,0,20.04.177,null@transamerica.com,enterprise,3200,1,2020-07-30 17:25:35.000,2021-06-14 17:25:35.000,true,00000722,52.3.143.236,US,false,0,400, +aig_2yr,2020-12-06 23:02:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aig_2yr,0,0,0,0.00,0,20.04.163,null@aig.com,enterprise,600,1,2019-12-31 18:06:38.000,2021-12-05 18:06:38.000,true,00001828,165.225.48.70,PL,false,0,100, +airbnb,2020-12-06 20:56:17.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,airbnb,0,1,0,0.00,0,20.09.345,null@airbnb.com,enterprise,400,1,2020-01-29 16:57:25.000,2021-01-01 16:57:25.000,true,00006522,34.198.170.138,US,false,0,0, +airforce_rrb,2020-12-07 14:50:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,airforce_rrb,0,0,0,0.00,0,19.11.512,null@us.af.mil,enterprise,60,4,2020-01-24 21:54:18.000,2021-01-10 21:54:18.000,true,00002564,63.151.31.58,US,false,0,10, +albertsons,2020-12-07 07:40:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,albertsons,0,0,0,0.00,0,20.04.169,null@albertsons.com,enterprise,240,12,2020-01-22 21:42:41.000,2021-01-16 21:42:41.000,true,00002525,13.83.244.28,US,false,0,40, +us-2-158285839,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,alerts_ns_tenant,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +alexh,2020-12-07 12:45:49.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,alexh,0,1,0,0.00,0,20.12.520,ahaytovich@paloaltonetworks.com,enterprise,2000,1,2019-11-03 11:09:28.000,2023-02-15 11:09:28.000,true,dev2,104.198.77.5,US,true,0,0,UzJEdTYwdjR6dFFw +alexh,2020-12-03 10:22:46.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,alexh,0,1,0,0.00,0,20.12.520,ahaytovich@paloaltonetworks.com,enterprise,2000,1,2019-11-03 11:09:28.000,2023-02-15 11:09:28.000,true,dev2,104.198.77.5,US,true,0,0,aXBaTTBLZ2JZd1JO +allegiant,2020-12-07 07:16:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,allegiant,0,0,0,0.00,0,20.04.177,null@allegiantair.com,enterprise,2500,22,2020-05-29 15:23:37.000,2021-01-16 15:23:37.000,true,00001256,18.237.88.231,US,false,0,0, +allstate,2020-12-07 15:17:20.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,allstate,0,3,0,0.00,0,20.09.365,null@allstate.com,enterprise,2400,3,2019-12-26 17:51:22.000,2021-09-23 17:51:22.000,true,TL000011,3.223.130.112,US,false,0,400, +alon,2020-12-07 08:30:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,alon,0,0,0,0.00,0,20.12.518,aadler@paloaltonetworks.com,enterprise,1000,1,2020-01-08 16:16:52.000,2023-01-07 16:16:52.000,true,dev,82.166.99.178,IL,true,0,0,bW8ySERRdkZnbkti +alonh,2020-12-06 16:39:39.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,alonh,0,1,0,0.00,0,20.04.177,acarmel@paloaltonetworks.com,enterprise,1000,1,2020-11-05 12:28:15.000,2023-11-05 12:28:15.000,true,dev,100.25.140.90,US,true,0,0, +alonh,2020-12-07 13:31:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,alonh,0,0,0,0.00,0,20.11.511,acarmel@paloaltonetworks.com,enterprise,1000,0,2020-11-05 12:28:15.000,2023-11-05 12:28:15.000,true,dev,82.166.99.178,IL,true,0,0,QktKNk0yVU0zbUJR +american_express,2020-12-07 14:59:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,american_express,0,0,0,0.00,0,19.11.512,null@aexp.com,enterprise,30000,924,2019-07-30 17:30:31.000,2022-07-29 17:30:31.000,true,00000891,148.173.97.161,US,false,0,5000, +american_institute_research,2020-12-07 15:05:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,american_institute_research,0,0,0,0.00,0,20.04.177,null@air.org,enterprise,60,1,2019-12-31 18:12:54.000,2020-12-19 18:12:54.000,true,00002063,52.147.220.237,US,false,0,10, +ami,2020-12-07 13:14:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ami,0,0,0,0.00,0,20.12.608,abizamcher@paloaltonetworks.com,enterprise,1000,1,2020-07-26 08:52:29.000,2023-07-26 08:52:29.000,true,dev,82.166.99.178,IL,true,0,0,K1BUV2kzNStKcjVB +ami,2020-12-07 09:14:43.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ami,0,1,0,0.00,0,20.11.507,abizamcher@paloaltonetworks.com,enterprise,1000,3,2020-07-26 08:52:29.000,2023-07-26 08:52:29.000,true,dev,3.236.141.82,US,true,0,0, +angaratech_eval4_sberbanklab,2020-12-07 10:11:45.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,angaratech_eval4_sberbanklab,0,2,0,0.00,0,20.09.365,kosarim@angaratech.ru,evaluation,100,2,2020-10-14 13:18:38.000,2020-12-13 13:18:38.000,true,0,89.207.88.76,RU,false,0,0, +anz-3051784,2020-12-02 16:34:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,anz-3051784,0,0,0,0.00,0,20.11.601,,enterprise,1000000,7,2020-02-27 10:36:14.000,2038-01-19 03:14:07.000,true,,82.166.99.178,IL,false,0,0,YzlITldmQWVqUWZN +aoins_245Host,2020-12-07 06:17:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aoins_245Host,0,0,0,0.00,0,20.04.177,null@aoins.com,enterprise,1470,64,2019-11-01 14:25:05.000,2022-01-15 14:25:05.000,true,00000582,205.207.141.100,US,false,0,245, +aporeto-team,2020-12-07 12:19:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aporeto-team,0,0,0,0.00,0,19.11.506,jmorello@paloaltonetworks.com,evaluation,1000,0,2019-12-04 01:02:20.000,2022-08-30 01:02:20.000,true,0,34.68.9.235,US,true,0,0, +aqsa,2020-12-07 05:01:19.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aqsa,0,1,0,0.00,0,20.12.609,aqtaylor@paloaltonetworks.com,enterprise,900,1,2020-07-28 08:20:19.000,2021-07-28 08:20:19.000,true,0,104.198.194.35,US,true,100,100,UGxZWWZMUGhaQXl2 +aqsa_workload,2020-12-06 17:26:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aqsa_workload,0,0,0,0.00,0,20.04.177,aqtaylor@paloaltonetworks.com,enterprise,10000,1,2020-09-02 02:44:43.000,2021-09-03 02:44:43.000,true,0,35.222.213.94,US,true,0,0, +ari,2020-11-30 11:07:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ari,0,0,0,0.00,0,20.11.605,awalzer@paloaltonetworks.com,enterprise,1000,0,2020-04-20 00:42:41.000,2023-04-20 00:42:41.000,true,dev,82.166.99.178,IL,true,0,0,elI3bC9NSExFNzAz +arm,2020-12-07 09:49:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,arm,0,0,0,0.00,0,19.11.512,null@arm.com,enterprise,395,12,2020-01-24 12:58:03.000,2021-05-22 12:58:03.000,true,00002536,51.140.118.189,GB,false,11,64, +us-3-159241964,2020-12-07 15:38:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,armus,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +arnold_clark,2020-12-07 07:35:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,arnold_clark,0,0,0,0.00,0,20.04.177,null@arnoldclark.com,enterprise,200,4,2019-10-04 10:47:38.000,2022-10-01 10:47:38.000,true,TL000019,51.11.48.185,GB,false,0,0, +articulate ,2020-12-07 02:52:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,articulate ,0,0,0,0.00,0,20.04.169,null@articulate.com,enterprise,1320,47,2019-12-09 23:42:40.000,2020-12-07 23:42:40.000,true,00000463,52.72.70.252,US,false,0,220, +asb,2020-12-07 14:17:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,asb,0,0,0,0.00,0,20.04.169,null@asb.co.nz,enterprise,300,4,2020-02-17 09:18:12.000,2021-02-06 09:18:12.000,true,00002847,20.193.38.148,AU,false,0,0, +asecus_eval4,2020-12-07 07:49:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,asecus_eval4,0,0,0,0.00,0,20.04.177,roger.blum@asecus.ch,evaluation,100,2,2020-09-21 06:20:40.000,2020-12-20 06:20:40.000,true,0,46.14.179.194,CH,false,0,0, +ashley2,2020-12-07 13:36:01.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ashley2,1,2,2,0.00,0,20.09.345,award@paloaltonetworks.com,evaluation,200,5,2019-09-24 17:58:02.000,2021-08-24 17:58:02.000,true,0,34.68.127.79,US,true,0,0, +assembly_payments,2020-12-07 08:08:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,assembly_payments,0,0,0,0.00,0,20.04.163,null@assemblypayments.com,enterprise,100,18,2020-01-31 08:55:59.000,2021-01-30 08:55:59.000,true,00002655,13.238.237.45,AU,false,0,0, +assembly_payments ,2020-12-07 00:02:47.000,5,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,assembly_payments ,5,19,0,0.00,0,20.09.345,null@assemblypayments.com,enterprise,100,24,2020-02-27 14:57:34.000,2021-01-23 14:57:34.000,true,00003214,3.104.148.66,AU,false,0,0, +us-3-159238058,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,asurint,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245751,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ateeta services inc - 4991796728523452045,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262581,2020-12-07 14:36:19.000,0,1687,0.00,0,0,0,0,0,0,2,1,1,0,28,123,1903,0,0,101,4,0,0,0,16,0,0,2046640128.00,732033024.00,0,"athenahealth, Inc. - 8034037448990306819",0,241,0,0.00,0,20.09.366,,enterprise,1000000,270,2019-11-13 09:58:18.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +aurea,2020-12-06 17:56:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,aurea,0,0,0,0.00,0,19.03.321,null@aurea.com,enterprise,48,6,2020-01-29 17:03:18.000,2021-02-05 17:03:18.000,true,00006516,18.235.29.119,US,false,0,8, +auspost,2020-12-07 04:14:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,auspost,0,0,0,0.00,0,19.03.311,null@auspost.com.au,enterprise,0,5,2019-02-15 01:32:17.000,2021-02-14 01:32:17.000,true,00000602,13.211.51.30,AU,false,0,0, +automation-license,2020-12-07 10:51:37.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.513,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,VUVnMXBKSnora1B4 +automation-license,2020-12-06 22:10:21.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,135,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,L05DRWpXTG5pekNT +automation-license,2020-12-06 22:17:11.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,470,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,UXk0bzZndEsvbEEr +automation-license,2020-12-06 22:10:53.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,bnFQZkloWVErK0Jz +automation-license,2020-12-06 22:10:50.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,6,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,ZVRCVE9GRkhuTVE3 +automation-license,2020-12-06 22:22:35.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,OTV5eUM0TndIb1dJ +automation-license,2020-12-06 19:23:28.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,ZDZINytDOVUvUk5Q +automation-license,2020-12-04 22:10:48.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.609,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,M3Bxb0RPcUltMVN1 +automation-license,2020-12-04 22:17:58.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.609,automation-license@paloaltonetworks.com,enterprise,1000,472,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,MEtVVjR2Q2NRS0Uz +automation-license,2020-12-07 08:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,0,0,0.00,0,20.12.527,automation-license@paloaltonetworks.com,enterprise,1000,7,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,TE1rMjFZUDdxVDVJ +automation-license,2020-12-07 09:09:01.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.525,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,YUNIVDF3ZUQrbTRp +automation-license,2020-12-07 09:26:55.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,LzIvTy9BSDBqQ05O +automation-license,2020-12-07 10:15:51.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.09.365,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0, +automation-license,2020-12-05 22:10:46.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,TTdCcE1NZ2ttcFJ6 +automation-license,2020-12-05 22:21:09.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,RHVUM1VuSlkweGlT +automation-license,2020-12-05 22:11:15.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.610,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,L1VwVVBlcXhWeUVM +automation-license,2020-12-06 13:14:47.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.520,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,UzhCd0FDV2ozTk5h +automation-license,2020-12-02 22:09:55.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.607,automation-license@paloaltonetworks.com,enterprise,1000,134,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,bmgxcjZpTEdCSTMw +automation-license,2020-11-30 20:08:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,0,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,RGNwVmlaY3BIcE96 +automation-license,2020-11-30 22:27:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,0,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,6,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,bFhCV29RTkk2clpa +automation-license,2020-11-30 22:08:46.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,TlpRRTMvSmNVcmF0 +automation-license,2020-11-30 08:39:14.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.11.508,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,dTJOQXA5QzRraTNT +automation-license,2020-11-30 14:09:46.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.11.510,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,ZXRVb0dGUmVrNndj +automation-license,2020-11-30 22:09:33.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,dHk1Q244dW8vQ3Fq +automation-license,2020-11-30 08:40:06.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.11.508,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,OU1DdCtzbjdSUm5n +automation-license,2020-11-29 22:10:52.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.518,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,elJxYUVwMlhJdUNk +automation-license,2020-12-03 10:03:52.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.607,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,ZUlUMGpiQmU4VU5B +automation-license,2020-12-03 10:37:22.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.607,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,UitidUQrbWpSQ1Qw +automation-license,2020-12-03 07:20:01.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.607,automation-license@paloaltonetworks.com,enterprise,1000,1,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,Zkd0RzM4VUhOdGQw +automation-license,2020-12-01 14:23:37.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,3,0,0.00,0,20.12.519,automation-license@paloaltonetworks.com,enterprise,1000,5,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,NWs5MHVWNzNFb2tm +automation-license,2020-12-03 22:10:24.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.608,automation-license@paloaltonetworks.com,enterprise,1000,131,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,Z2wrNk5oOXp5Zk8w +automation-license,2020-12-03 22:10:47.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,automation-license,0,1,0,0.00,0,20.12.608,automation-license@paloaltonetworks.com,enterprise,1000,4,2020-02-19 06:41:14.000,2023-02-03 06:41:14.000,true,automation-license,104.198.77.5,US,true,0,0,b0ljNndhVllUNENU +avi_aws_se,2020-12-07 10:15:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,avi_aws_se,0,0,0,0.00,0,19.11.512,ashulman@paloaltonetworks.com,enterprise,1000,1,2020-03-16 05:37:03.000,2023-03-16 05:37:03.000,true,external,54.208.61.96,US,true,0,0, +avishulman,2020-12-07 12:43:50.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,avishulman,0,1,0,0.00,0,20.09.345,ashulman@paloaltonetworks.com,enterprise,1000,4,2019-10-28 09:11:29.000,2022-08-17 09:11:29.000,true,pm,54.173.78.130,US,true,0,0, +awilke@paloaltonetworks.com_eval,2020-12-01 13:57:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,awilke@paloaltonetworks.com_eval,0,0,0,0.00,0,20.04.163,awilke@paloaltonetworks.com,evaluation,100,5,2020-09-02 12:50:44.000,2021-09-02 12:50:44.000,true,0,34.68.127.79,US,false,0,0, +axis,2020-12-07 14:37:32.000,0,112,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,axis,0,16,0,0.00,0,20.09.365,null@axisbank.com,enterprise,1400,16,2020-12-01 15:08:14.000,2020-12-31 15:08:14.000,true,TL000042,115.112.84.25,IN,false,0,200, +baillie_gifford,2020-12-06 18:07:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,baillie_gifford,0,0,0,0.00,0,20.04.177,null@bailliegifford.com,enterprise,160,72,2020-01-31 15:05:23.000,2021-02-10 15:05:23.000,true,00002660,213.48.68.145,GB,false,0,0, +bayer_ag,2020-12-07 12:32:32.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,bayer_ag,0,4,0,0.00,0,20.09.365,null@bayer.com,enterprise,210,9,2019-11-21 14:01:07.000,2022-11-20 14:01:07.000,true,00001643,54.157.218.181,US,false,0,35, +bbva,2020-12-06 15:45:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,bbva,0,0,0,0.00,0,19.07.353,null@bbva,enterprise,100,3,2020-11-12 19:58:49.000,2021-11-15 19:58:49.000,true,00000470,34.246.81.33,IE,false,0,0, +bdausses@paloaltonetworks.com,2020-12-06 18:53:10.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,bdausses@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,bdausses@paloaltonetworks.com,enterprise,200,5,2020-05-13 15:38:42.000,2021-01-28 15:38:42.000,true,0,34.68.127.79,US,true,0,0, +benny,2020-12-07 11:53:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,benny,0,0,0,0.00,0,19.07.358,bnissimiv@paloaltonetworks.com,enterprise,1000,0,2019-07-29 18:54:00.000,2025-01-18 18:54:00.000,true,dev,54.71.165.248,US,true,0,0, +us-3-159244881,2020-12-06 15:45:50.000,0,0,0.00,0,0,0,0,0,0,1,1,1,0,28,0,0,0,0,0,0,0,0,0,0,0,0,2046640128.00,532332544.00,0,bir - 6094222395822757685,0,0,0,0.00,0,,,enterprise,1000000,0,2020-08-13 22:06:55.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +blackbaud,2020-12-06 20:40:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,blackbaud,0,0,0,0.00,0,19.11.512,null@blackbaud.com,enterprise,2400,0,2020-02-13 16:29:24.000,2021-02-21 16:29:24.000,true,00002874,40.70.17.243,US,false,0,0, +bnp_paribas,2020-12-07 12:27:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,bnp_paribas,0,0,0,0.00,0,20.04.169,null@consorsbank.de,enterprise,100,2,2020-01-02 10:25:28.000,2020-12-25 10:25:28.000,true,00002149,194.150.83.38,DE,false,0,0, +bnp_paribas_fortis,2020-12-07 12:01:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,bnp_paribas_fortis,0,0,0,0.00,0,20.04.163,null@bnpparibasfortis.com,enterprise,80,1,2020-03-23 12:26:02.000,2021-07-27 12:26:02.000,true,00003498,193.58.1.131,BE,false,0,10, +boaz,2020-12-03 15:51:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,boaz,0,0,0,0.00,0,20.12.608,boaz@twistlock.com,enterprise,0,1,2019-05-28 09:26:41.000,2022-02-21 09:26:41.000,true,boaz,82.166.99.178,IL,true,100,100,NGFscHllVWM1Yjhn +boots,2020-12-07 12:38:56.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,boots,0,0,0,0.00,0,20.09.345,null@boots.co.uk,enterprise,660,0,2019-12-03 20:06:59.000,2020-12-20 20:06:59.000,true,00000767,52.156.255.163,IE,false,0,110, +us-2-158285555,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,botsmith.com - 714118028278176355,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +brfavara@paloaltonetworks.com,2020-12-07 01:42:38.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,brfavara@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,brfavara@paloaltonetworks.com,enterprise,100,5,2020-10-22 19:44:05.000,2021-10-22 19:44:05.000,true,0,34.68.127.79,US,true,0,0, +brian_buquoi_demo,2020-12-06 20:41:23.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,brian_buquoi_demo,1,2,2,0.00,0,20.09.345,bbuquoi@paloaltonetworks.com,enterprise,800,5,2020-09-23 16:09:00.000,2021-09-23 16:09:00.000,true,0,35.202.18.244,US,false,100,100, +bridgewater,2020-12-07 15:04:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,bridgewater,0,0,0,0.00,0,19.11.512,null@bwater.com,enterprise,360,12,2019-11-18 14:48:26.000,2020-12-18 14:48:26.000,true,00000537,34.199.2.202,US,false,0,60, +cambiahealth,2020-12-07 09:09:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cambiahealth,0,0,0,0.00,0,19.11.512,null@cambiahealth.com,enterprise,1750,1,2020-11-23 21:28:48.000,2021-01-02 21:28:48.000,true,00000818,52.33.199.196,US,false,0,0, +capital_group,2020-12-07 11:56:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,capital_group,0,0,0,0.00,0,19.07.363,null@capitalgroup.com,enterprise,600,4,2019-09-24 19:52:20.000,2022-09-23 19:52:20.000,true,TL000012,148.107.12.20,US,false,0,100, +us-1-111572272,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cardinalhealth,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +carnival,2020-12-07 09:29:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,carnival,0,0,0,0.00,0,2.3.98,null@carnival.com,enterprise,4000,0,2020-02-03 23:39:49.000,2021-03-31 23:39:49.000,true,00006687,34.232.108.48,US,false,0,0, +carrollmoon@cloudfitsoftware.com,2020-12-06 16:09:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,carrollmoon@cloudfitsoftware.com,0,0,0,0.00,0,20.04.177,carrollmoon@cloudfitsoftware.com,evaluation,100,5,2020-08-07 21:04:30.000,2021-08-07 21:04:30.000,true,0,52.142.29.179,US,false,0,0, +cchandler@paloaltonetworks.com,2020-12-06 22:26:50.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cchandler@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,cchandler@paloaltonetworks.com,evaluation,9000,5,2020-02-09 23:31:59.000,2021-02-08 23:31:59.000,true,0,34.68.127.79,US,true,1000,1000, +celonis,2020-12-07 11:02:38.000,0,732,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,celonis,0,102,18,0.00,0,20.09.365,null@celonis.com,enterprise,1000,127,2019-11-28 16:19:09.000,2022-11-27 16:19:09.000,true,00001683,18.184.169.225,DE,false,0,0, +centene,2020-12-07 00:44:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,centene,0,0,0,0.00,0,20.04.163,null@centene.com,enterprise,1020,1,2019-12-27 05:18:07.000,2021-01-03 05:18:07.000,true,00000727,204.145.114.6,US,false,0,170, +ch_robinson,2020-12-06 18:19:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ch_robinson,0,0,0,0.00,0,20.04.177,null@chrobinson.com,enterprise,400,131,2019-10-18 20:42:56.000,2022-10-17 20:42:56.000,true,00001287,52.228.224.218,US,false,0,0, +chatwork,2020-11-30 17:35:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,chatwork,0,0,0,0.00,0,20.04.177,null@chatwork.co.jp,evaluation,200,318,2020-10-28 22:55:16.000,2020-11-30 22:55:16.000,true,0,13.112.102.228,JP,false,0,0, +chubb,2020-12-07 15:08:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,chubb,0,0,0,0.00,0,20.04.177,null@chubb.com,enterprise,2500,175,2020-07-30 15:45:56.000,2022-10-28 15:45:56.000,true,00001086,20.49.49.48,US,false,0,0, +us-3-159208395,2020-12-07 15:32:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ciandt-global,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ciscosystems,2020-12-06 23:12:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ciscosystems,0,0,0,0.00,0,20.04.163,null@cisco.com,enterprise,80,1,2020-04-09 17:50:12.000,2021-04-10 17:50:12.000,true,00003943,128.107.241.174,US,false,0,10, +us-1-111572490,2020-12-07 14:37:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,citigroup,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +clarence@twistlock.com ,2020-12-06 20:30:53.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,clarence@twistlock.com ,0,2,0,0.00,0,20.09.345,cpitre@paloaltonetworks.com,enterprise,70,2,2020-01-03 16:22:04.000,2021-01-02 16:22:04.000,true,0,35.202.18.244,US,true,10,10, +cleardata,2020-12-07 14:55:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cleardata,0,0,0,0.00,0,,null@cleardata.com,enterprise,0,0,2018-11-06 16:59:14.000,2021-11-08 16:59:14.000,true,00000486,34.123.44.122,US,false,0,0, +us-2-158283732,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cloudadvisortest - 3014051687063631832,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +code42,2020-12-06 21:52:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,code42,0,0,0,0.00,0,20.04.177,null@code42.com,enterprise,100,3,2020-11-17 17:06:48.000,2021-11-19 17:06:48.000,true,00000498,18.209.2.77,US,false,0,0, +codefresh_eval2020,2020-12-07 14:01:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,codefresh_eval2020,0,0,0,0.00,0,20.04.177,dustin@codefresh.io,evaluation,10,3,2020-03-12 18:30:53.000,2021-03-12 18:30:53.000,true,0,35.227.146.198,US,false,0,0, +cohesity,2020-12-07 11:27:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cohesity,0,0,0,0.00,0,20.04.167,null@cohesity.com,enterprise,180,0,2020-01-27 20:45:14.000,2020-12-28 20:45:14.000,true,00002573,35.226.59.136,US,false,0,30, +cornershop,2020-12-07 14:18:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cornershop,0,0,0,0.00,0,20.04.177,null@cornershopapp.com,enterprise,350,57,2020-10-06 19:56:59.000,2021-07-25 19:56:59.000,true,00000882,3.83.222.12,US,false,0,50, +cornerstone_ondemand,2020-12-07 04:46:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cornerstone_ondemand,0,0,0,0.00,0,20.04.163,null@csod.com,enterprise,5200,1,2019-12-31 22:02:17.000,2022-12-30 22:02:17.000,true,00002259,54.241.220.231,US,false,0,0, +coursehero,2020-12-06 19:16:53.000,0,189,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,coursehero,0,27,0,0.00,0,20.09.345,null@coursehero.com,enterprise,150,31,2020-01-28 17:09:30.000,2021-01-30 17:09:30.000,true,00006506,18.206.106.151,US,false,0,25, +cruiseautomation,2020-12-02 17:51:43.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cruiseautomation,0,0,0,0.00,0,18.11.128,null@getcruise.com,enterprise,2560,1458,2020-07-22 21:02:38.000,2021-06-17 21:02:38.000,true,00000746,34.214.220.250,US,false,0,320, +cunamutual,2020-12-07 12:41:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,cunamutual,0,0,0,0.00,0,20.04.163,null@cunamutual.com,enterprise,720,225,2020-01-29 18:17:57.000,2021-01-08 18:17:57.000,true,00002605,52.179.170.195,US,false,0,120, +eu-2-143543101,2020-12-07 15:39:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,d-teknoloji.com.tr,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +daimler,2020-12-07 14:23:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,daimler,0,0,0,0.00,0,20.09.365,null@daimler.com,enterprise,35000,0,2020-10-13 14:36:10.000,2023-01-30 14:36:10.000,true,00002625,141.113.11.22,DE,false,0,5000, +daimler1,2020-12-07 15:05:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,daimler1,0,0,0,0.00,0,19.03.317,null@daimler.com,enterprise,400,1,2020-03-16 13:53:09.000,2023-01-30 13:53:09.000,true,00002625,13.81.218.126,NL,false,0,50, +daimler2,2020-12-07 13:42:51.000,0,77,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,daimler2,0,11,0,0.00,0,20.09.345,null@daimler.com,enterprise,800,11,2020-03-16 13:53:55.000,2023-01-30 13:53:55.000,true,00002625,213.95.171.232,DE,false,0,100, +daimler5,2020-12-07 13:53:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,daimler5,0,0,0,0.00,0,20.09.345,null@daimler.com,enterprise,2400,102,2020-07-28 14:25:02.000,2023-01-30 14:25:02.000,true,00002625,52.59.94.164,DE,false,0,300, +daimler_ag,2020-12-02 05:56:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,daimler_ag,0,0,0,0.00,0,,null@daimler.com,enterprise,110400,0,2020-07-28 14:23:04.000,2023-01-30 14:23:04.000,true,00002625,141.113.11.24,DE,false,0,13800, +danielw,2020-12-07 08:27:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,danielw,0,0,0,0.00,0,20.04.172,danielw@twistlock.com,enterprise,0,0,2018-09-05 09:22:20.000,2021-06-01 09:22:20.000,true,dev,35.156.197.5,DE,true,0,0, +danske_bank,2020-12-07 09:49:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,danske_bank,0,0,0,0.00,0,20.04.177,null@danskebank.ee,enterprise,500,37,2020-09-07 17:42:35.000,2021-08-27 17:42:35.000,true,00009893,212.93.55.115,DK,false,0,0, +databricks,2020-12-07 15:07:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,databricks,0,0,0,0.00,0,20.04.177,null@databricks.com,enterprise,80,0,2020-07-07 19:32:06.000,2021-07-01 19:32:06.000,true,3bf40b05-5a25-e1ec-3448-5f70a749694a,34.222.17.153,US,false,0,10, +datadog_partner,2020-12-07 13:48:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,datadog_partner,0,0,0,0.00,0,18.11.128,ilan@datadoghq.com,evaluation,700,1,2019-09-03 16:27:15.000,2022-05-30 16:27:15.000,true,0,52.7.196.110,US,false,100,100, +dbs,2020-12-07 12:47:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dbs,0,0,0,0.00,0,19.07.363,null@dbs.com,enterprise,84,0,2020-12-04 23:41:25.000,2020-12-31 23:41:25.000,true,00002661,13.228.247.90,SG,false,0,12, +eu-2-143542178,2020-12-07 15:22:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dcms,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +defense_security_cooperation_agency,2020-12-06 23:44:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,defense_security_cooperation_agency,0,0,0,0.00,0,19.11.512,null@mannakeegroup.com,enterprise,700,60,2020-11-03 22:08:28.000,2021-11-07 22:08:28.000,true,00001520,140.17.105.23,US,false,0,0, +deloitte,2020-12-07 11:04:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,deloitte,0,0,0,0.00,0,19.07.363,null@deloitte.com,enterprise,300,9,2020-01-08 21:05:47.000,2020-12-11 21:05:47.000,true,00000521,104.46.122.126,US,false,0,50, +demo_bmcclellan,2020-12-06 21:50:01.000,1,15,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,demo_bmcclellan,1,2,1,0.00,0,20.09.365,bmcclellan@paloaltonetworks.com,enterprise,500,4,2020-10-16 14:15:39.000,2030-10-14 14:15:39.000,true,0,34.68.127.79,US,true,0,0, +demo_license_pierre,2020-12-06 23:56:12.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,demo_license_pierre,1,2,2,0.00,0,20.09.345,pgagnon@paloaltonetworks.com,enterprise,200,5,2020-10-02 18:25:23.000,2021-10-02 18:25:23.000,true,0,34.68.127.79,US,true,0,0, +demo_license_solal,2020-12-07 07:52:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,demo_license_solal,0,0,0,0.00,0,20.04.177,srohatyn@paloaltonetworks.com,enterprise,100,1,2020-05-11 09:04:26.000,2021-05-11 09:04:26.000,true,0,13.85.22.81,US,false,0,0, +denevy.eu_eval,2020-12-07 08:03:26.000,6,42,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,denevy.eu_eval,6,6,0,0.00,0,20.09.365,ahyben@denevy.eu,evaluation,100,12,2020-11-26 11:10:13.000,2020-12-26 11:10:13.000,true,0,92.240.254.22,AT,false,0,0, +denim_group_eval4,2020-12-07 05:10:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,denim_group_eval4,0,0,0,0.00,0,19.11.512,dan@denimgroup.com,evaluation,100,2,2020-11-05 13:56:36.000,2021-02-03 13:56:36.000,true,0,18.223.58.172,US,false,0,0, +department_veterans_affairs,2020-12-07 14:22:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,department_veterans_affairs,0,0,0,0.00,0,19.11.512,null@va.gov,enterprise,1800,12,2020-02-01 02:27:21.000,2024-01-31 02:27:21.000,true,00002735,152.133.18.45,US,false,0,0, +dexcom,2020-12-06 22:00:25.000,0,91,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dexcom,0,13,0,0.00,0,20.09.345,null@dexcom.com,enterprise,500,13,2020-11-18 19:36:55.000,2021-11-18 19:36:55.000,true,00001616,35.235.92.150,US,false,0,0, +dhl,2020-12-07 02:19:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dhl,0,0,0,0.00,0,20.04.177,null@dpdhl.com,enterprise,60,2,2019-12-24 11:00:28.000,2020-12-23 11:00:28.000,true,00002058,165.72.200.13,CZ,false,0,10, +discount_bank,2020-12-07 10:37:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,discount_bank,0,0,0,0.00,0,20.04.163,null@dbank.co.il,enterprise,180,9,2019-07-10 16:15:07.000,2022-07-09 16:15:07.000,true,00000841,194.90.148.94,IL,false,0,30, +dishnetworks_secteam_eval,2020-12-06 20:39:33.000,0,42,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dishnetworks_secteam_eval,0,6,0,0.00,0,20.09.345,jim.winchell@dish.com,evaluation,200,6,2020-09-21 16:40:20.000,2021-01-29 16:40:20.000,true,0,66.170.240.125,US,false,0,0, +disney,2020-12-07 15:12:55.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,disney,0,3,0,0.00,0,20.09.365,null@disney.com,enterprise,21000,3,2019-09-25 21:48:12.000,2021-09-24 21:48:12.000,true,TL000013,44.231.220.95,US,false,0,3500, +us-3-159244946,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_01,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244948,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_03,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244949,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_04,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245622,2020-12-06 16:48:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_05,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245623,2020-12-06 15:52:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_06,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245624,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_07,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245625,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_08,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245631,2020-12-06 16:10:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_09,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245629,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_10,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245653,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_11,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245654,2020-12-07 15:46:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_12,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245655,2020-12-06 16:33:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_13,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245656,2020-12-07 15:46:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_14,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245657,2020-12-06 16:03:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_15,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245658,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug18_trial_16,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245661,2020-12-06 16:22:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug19_trial_16_22918,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245722,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_aug24_demo_1,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245715,2020-12-07 15:30:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_edu,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285616,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_existing_tenant_scenario,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-153377,2020-12-07 15:31:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_freemium_01,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245723,2020-12-07 15:32:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_ga_demo_01,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245724,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_ga_demo_02,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159245746,2020-12-07 15:29:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_ga_demo_03,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244947,2020-12-07 15:39:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_harish_forwardscan,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286612,2020-12-07 14:51:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_new_tenant_nov10,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158287479,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_test_aMphas_freemium,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262771,2020-12-07 14:36:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_test_beta4_01,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244909,2020-12-06 15:55:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_trial_aug14_app2,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159244913,2020-12-07 15:39:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dlp_trial_aug16_app1,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +dregev,2020-12-07 11:43:01.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,WE9sb2xrMFJGLzgv +dregev,2020-12-07 10:39:42.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.607,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,YkZlWHloWk9tUlJu +dregev,2020-12-07 11:37:04.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.520,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,djVBS1hiTmVVNE5D +dregev,2020-12-07 11:37:01.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.520,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,R0dPT09oT3B4UDJV +dregev,2020-12-04 22:10:05.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.609,dregev@paloaltonetworks.com,enterprise,1000,134,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,enBadUltVjRYRXB0 +dregev,2020-12-04 08:39:08.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,3,0,0.00,0,20.12.608,dregev@paloaltonetworks.com,enterprise,1000,6,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,ZE5ERFRrT3lNYW1G +dregev,2020-12-07 08:44:10.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.11.508,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,cnFNd2d2Z3ZybUFh +dregev,2020-12-07 07:40:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,0,0,0.00,0,20.12.525,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,WkFvaFJjTzh2QXFX +dregev,2020-12-07 07:44:37.000,9,133,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,9,19,0,0.00,0,20.12.520,dregev@paloaltonetworks.com,enterprise,1000,28,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,ajRjSUxWd0JycWRn +dregev,2020-12-07 09:27:45.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,0,0,0.00,0,20.12.527,dregev@paloaltonetworks.com,enterprise,1000,7,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,TVRKMHNFQS9OSFFa +dregev,2020-12-07 09:35:28.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.11.507,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0, +dregev,2020-12-05 07:01:39.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.609,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,RVIwQStPakVQK0sy +dregev,2020-12-05 22:10:30.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.610,dregev@paloaltonetworks.com,enterprise,1000,134,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,d1Q0dmtJL09xaGtV +dregev,2020-12-02 22:10:50.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.607,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,U2xwalBKNGJCTmJu +dregev,2020-12-02 22:27:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,0,0,0.00,0,20.12.608,dregev@paloaltonetworks.com,enterprise,1000,6,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,NkRmbHZ6dXdaa0Q3 +dregev,2020-12-02 22:10:06.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.607,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,VVV2a2dSYzg3RWNI +dregev,2020-12-02 22:21:39.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.607,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,Si84T3FZZjhhR0lv +dregev,2020-11-30 09:17:39.000,0,84,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,12,0,0.00,0,20.11.510,dregev@paloaltonetworks.com,enterprise,1000,12,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,ZVhZVlNhMkRCZ2lX +dregev,2020-11-30 14:31:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,0,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,5,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,MWlGbGpjajdwK1FK +dregev,2020-12-01 09:26:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,0,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,UW9yYUdMVWtvVnU1 +dregev,2020-12-01 22:09:50.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,QnVDVXhKcjZQYkVq +dregev,2020-11-30 22:16:37.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,478,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,blVObnkrcmdQMTJx +dregev,2020-12-02 07:22:48.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,6,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,bHN4MTRuSXhwS2gx +dregev,2020-11-30 13:57:33.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.514,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,M0tXc0hWekdmdDZ3 +dregev,2020-11-30 06:09:25.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.518,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,bjcyMmI2THpwdkwr +dregev,2020-11-30 07:40:24.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.514,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,cXRzRkIzVlpBYUZa +dregev,2020-12-01 08:45:45.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.11.508,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,bkVyTDhZVm82aEtT +dregev,2020-11-29 22:10:40.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.518,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,dWhzZ1FwQzk1d2M2 +dregev,2020-12-01 22:22:15.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,dVNFMXY3SnJUYnRT +dregev,2020-12-01 16:58:39.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.513,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,ZFZkd3hXeXRvVzVt +dregev,2020-12-01 22:16:55.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,478,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,cVJGUHRNSVN1eHh5 +dregev,2020-11-30 09:51:28.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.11.510,dregev@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,b3hwRDJoRFRGbHhs +dregev,2020-12-01 22:10:24.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,a1Y4NXFEclJxdEpY +dregev,2020-11-29 22:10:23.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.518,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,ZUxTaXRDbjBIUFhU +dregev,2020-12-01 22:09:49.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.519,dregev@paloaltonetworks.com,enterprise,1000,136,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,a25JOVNKekh6NDR3 +dregev,2020-11-30 08:40:50.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,3,0,0.00,0,20.11.510,dregev@paloaltonetworks.com,enterprise,1000,3,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,dzUrdzljZDF2Qld2 +dregev,2020-12-03 07:44:49.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,3,0,0.00,0,20.12.520,dregev@paloaltonetworks.com,enterprise,1000,6,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,a2JKVERJQlA2LzdO +dregev,2020-11-30 22:36:27.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,4,0,0.00,0,20.11.510,dregev@paloaltonetworks.com,enterprise,1000,6,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,cHd3VkFsT1RPZmNG +dregev,2020-12-03 13:29:01.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.607,dregev@paloaltonetworks.com,enterprise,1000,470,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,SFIzRk9ldyt5ZDdE +dregev,2020-12-03 22:10:39.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dregev,0,1,0,0.00,0,20.12.608,dregev@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:18:20.000,2023-02-21 09:18:20.000,true,dregev,104.198.77.5,US,true,0,0,UkxBTjNRamJFWlNw +dukehealth,2020-12-07 14:29:56.000,0,224,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dukehealth,0,32,0,0.00,0,20.09.365,null@duke.edu,enterprise,336,32,2019-12-06 05:27:00.000,2022-11-15 05:27:00.000,true,00000634,152.16.191.122,US,false,0,56, +dyergovich_se_eval,2020-12-06 21:26:44.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,dyergovich_se_eval,1,2,2,0.00,0,20.09.345,dyergovich@paloaltonetworks.com,evaluation,250,5,2019-12-27 00:19:23.000,2020-12-26 00:19:23.000,true,0,34.68.127.79,US,true,0,0, +eHealth Inc.,2020-12-07 11:15:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,eHealth Inc.,0,0,0,0.00,0,20.04.177,lucas.wang@ehealth.com,enterprise,200,18,2020-04-14 23:01:55.000,2021-04-13 07:00:00.000,true,ef62af6c-04c3-4b7f-ba61-306ee6a19bee,54.218.199.188,US,false,0,0, +us-3-159185118,2020-12-06 16:43:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"eSentire, Inc - 4981482829255466151",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159179568,2020-12-07 15:28:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,"eSentire, Inc - 7292686975170769415",0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143542014,2020-12-06 15:47:05.000,0,819,0.00,0,0,0,0,0,0,1,1,1,0,28,274,218,0,0,6,0,0,0,0,0,0,0,2046640128.00,675221504.00,0,eToro Israel LTD - 8280935299273559325,0,117,0,0.00,0,20.09.366,,enterprise,1000000,127,2020-04-30 20:43:58.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284814,2020-12-07 14:39:59.000,0,7,0.00,0,0,0,0,0,0,1,1,1,0,28,1,0,0,0,0,0,0,0,1,0,0,0,2046640128.00,537587712.00,0,"eVisit, Inc. - 6969079613120649461",0,1,0,0.00,0,20.09.351,,enterprise,1000000,2,2020-10-09 15:47:41.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +ebeuerlein@paloaltonetworks.com,2020-12-06 22:23:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ebeuerlein@paloaltonetworks.com,0,0,0,0.00,0,20.04.177,ebeuerlein@paloaltonetworks.com,enterprise,900,5,2020-04-17 20:38:14.000,2021-04-17 20:38:14.000,true,0,35.202.18.244,US,true,0,0, +ed@kennasecurity.com_eval6,2020-12-07 00:11:27.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ed@kennasecurity.com_eval6,0,2,0,0.00,0,20.09.365,john.flood@kennasecurity.com,evaluation,100,2,2020-11-20 03:04:12.000,2021-02-18 03:04:12.000,true,0,34.239.156.64,US,false,0,0, +egabay,2020-12-06 22:11:19.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.610,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,bUZCNlpGSjlaSUxL +egabay,2020-12-06 21:24:37.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,b0tIMW90Tk5Jb0t3 +egabay,2020-12-06 15:25:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,0,0,0.00,0,20.12.525,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,cWF5bC9Wall4YzU3 +egabay,2020-12-07 14:26:18.000,1,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,1,1,0,0.00,0,20.11.508,egabay@paloaltonetworks.com,enterprise,1000,2,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0, +egabay,2020-12-04 22:10:51.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.609,egabay@paloaltonetworks.com,enterprise,1000,3,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,dHcxbjNZQnJWZ05O +egabay,2020-12-04 22:09:09.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.609,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,Wit4L0EvUzQ4TDZE +egabay,2020-12-04 22:28:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,0,0,0.00,0,20.12.610,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,RTI3Ui81bWQrMXc4 +egabay,2020-12-04 07:07:37.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.608,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,NGdvVDlVZVo5ZTY4 +egabay,2020-12-07 07:53:16.000,12,106,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,12,15,1,0.00,0,20.12.515,egabay@paloaltonetworks.com,enterprise,1000,28,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,NWQ4N0VERGwwb2tF +egabay,2020-12-07 08:29:22.000,0,8,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,1,0.00,0,20.12.515,egabay@paloaltonetworks.com,enterprise,1000,2,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,U3BUTUZqeFRKYmU5 +egabay,2020-12-07 08:28:34.000,0,36,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,5,1,0.00,0,20.12.515,egabay@paloaltonetworks.com,enterprise,1000,6,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,UHd3SHBSdllUNk1s +egabay,2020-12-07 09:22:32.000,0,70,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,10,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,10,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,V05LdW54b2xvbXln +egabay,2020-12-07 10:09:55.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.525,egabay@paloaltonetworks.com,enterprise,1000,8,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,MGNNY0ZYaVFtVHFP +egabay,2020-12-05 08:04:19.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,bkVrRk1xYVFmR3FB +egabay,2020-12-06 06:56:54.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.610,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,Zy85ZEMvNFp6OFVu +egabay,2020-12-02 22:10:24.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.607,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,L05La01tV3IxdGt2 +egabay,2020-11-30 14:05:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,0,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,7,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,OHdYM1kraFlRUVFv +egabay,2020-11-30 14:35:24.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,0,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,eHRPNXJqdjUvbnIv +egabay,2020-12-01 16:06:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,0,0,0.00,0,20.11.602,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,eTc0S21rb2YvRkpN +egabay,2020-11-29 22:14:22.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.518,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,eXR5T0M1aTlzc3JJ +egabay,2020-11-30 08:57:08.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.518,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,OUx5RHo5ZEtLVnl6 +egabay,2020-11-29 22:16:53.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.518,egabay@paloaltonetworks.com,enterprise,1000,477,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,REpPREs3TFJnTXY3 +egabay,2020-11-30 09:17:46.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.518,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,WXpPeHFOVmp0ZDBP +egabay,2020-12-01 18:58:35.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,Uk1tb1FNNnN5Qy9I +egabay,2020-11-30 18:16:27.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.11.508,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,QzFuQ0wvaGhGZ0RM +egabay,2020-11-30 22:10:04.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.519,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,K1lIblBLdXFFTHll +egabay,2020-11-29 22:10:00.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.518,egabay@paloaltonetworks.com,enterprise,1000,135,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,YjVOTlhLMnFocmlj +egabay,2020-11-30 12:48:26.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.11.511,egabay@paloaltonetworks.com,enterprise,1000,1,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,MytFbXVMbWJsZUdI +egabay,2020-12-03 22:10:08.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.608,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,NEVqMFZvNHBTTDRT +egabay,2020-12-03 22:20:24.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,1,0,0.00,0,20.12.608,egabay@paloaltonetworks.com,enterprise,1000,4,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,ekhvQ3Nodnc4QVNX +egabay,2020-12-03 22:27:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,egabay,0,0,0,0.00,0,20.12.609,egabay@paloaltonetworks.com,enterprise,1000,5,2020-03-08 09:11:53.000,2023-02-21 09:11:53.000,true,egabay,104.198.77.5,US,true,0,0,ZVg1eFoxL2I4bVBr +eladh,2020-12-07 06:26:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,eladh,0,0,0,0.00,0,19.10.457,ehazan@paloaltonetworks.com,enterprise,1000,0,2019-08-01 19:14:33.000,2027-10-18 19:14:33.000,true,dev,34.217.26.159,US,true,0,0, +elias,2020-12-06 16:40:25.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,elias,0,1,0,0.00,0,20.10.499,ehanna@paloaltonetworks.com,enterprise,1000,1,2020-03-23 09:52:52.000,2023-03-23 09:52:52.000,true,dev,18.222.212.47,US,true,0,0, +elias,2020-12-07 15:16:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,elias,0,0,0,0.00,0,20.12.610,ehanna@paloaltonetworks.com,enterprise,1000,1,2020-03-23 09:52:52.000,2023-03-23 09:52:52.000,true,dev,82.166.99.178,IL,true,0,0,c3ZKM3VFdmF4SnY3 +elsevier_relx,2020-12-07 15:08:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,elsevier_relx,0,0,0,0.00,0,19.07.363,null@elsevier.com,enterprise,10000,4,2020-08-04 11:56:10.000,2021-06-20 11:56:10.000,true,00009041,34.239.75.66,US,false,0,1250, +us-1-111572555,2020-12-07 14:46:32.000,0,294,0.00,0,0,0,0,0,0,1,1,1,0,28,13,10,0,0,1,0,0,0,6,0,0,0,2046640128.00,678055936.00,0,endurance,0,42,0,0.00,0,20.09.351,,enterprise,1000000,43,2019-12-10 13:49:28.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +entergy,2020-12-07 08:31:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,entergy,0,0,0,0.00,0,19.03.321,null@entergy.com,enterprise,100,5,2019-12-02 22:24:19.000,2020-12-10 22:24:19.000,true,00000723,198.8.7.70,US,false,0,0, +eric_doezie,2020-12-07 15:20:31.000,1,15,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,eric_doezie,1,2,1,0.00,0,20.09.365,edoezie@paloaltonetworks.com,enterprise,100,4,2020-08-25 13:00:07.000,2021-08-25 13:00:07.000,true,0,35.202.18.244,US,true,0,0, +evernote,2020-12-06 23:32:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,evernote,0,0,0,0.00,0,19.11.512,null@evernote.com,enterprise,1600,220,2020-07-24 23:42:40.000,2023-07-16 23:42:40.000,true,a26017a8-208e-fba3-04ee-fddc19f6f3a4,35.230.42.11,US,false,0,200, +evry,2020-12-04 21:00:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,evry,0,0,0,0.00,0,19.11.512,null@evry.com,enterprise,100,10,2019-10-21 16:21:25.000,2020-12-05 16:21:25.000,true,00002933,51.120.49.27,NO,false,0,0, +expedia,2020-12-07 14:13:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,expedia,0,0,0,0.00,0,,aspector@vrbo.com,enterprise,80000,618,2020-07-24 20:35:22.000,2023-07-16 20:35:22.000,true,00019496,35.160.1.113,US,false,0,10000, +exxonmobil,2020-12-07 14:11:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,exxonmobil,0,0,0,0.00,0,20.04.177,null@exxonmobil.com,enterprise,30000,44,2019-12-04 18:57:27.000,2020-12-13 18:57:27.000,true,00000522,13.64.169.84,US,false,0,5000, +exxonmobil_iot,2020-12-06 22:33:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,exxonmobil_iot,0,0,0,0.00,0,20.04.177,null1@exxonmobil.com,enterprise,500,3,2019-12-17 23:16:09.000,2020-12-16 23:16:09.000,true,TL000047,4.35.204.165,US,false,0,0, +us-3-159211244,2020-12-06 15:52:50.000,0,637,0.00,0,0,0,0,0,0,6,1,1,0,28,94,91,0,0,50,0,0,0,0,0,0,0,10501771264.00,855400448.00,0,ezCater - 2712109200679786776,0,91,0,0.00,0,20.04.177,,enterprise,1000000,91,2020-01-16 18:01:50.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-1-111572343,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,factset,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +falgout.joshua@yahoo.com,2020-12-07 13:20:03.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,falgout.joshua@yahoo.com,1,2,2,0.00,0,20.09.365,falgout.joshua@yahoo.com,enterprise,1,5,2020-08-24 21:55:17.000,2021-08-24 21:55:17.000,true,0,35.202.18.244,US,true,0,0, +falgout.joshua@yahoo.com,2020-12-03 21:12:18.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,falgout.joshua@yahoo.com,0,1,0,0.00,0,20.11.605,falgout.joshua@yahoo.com,enterprise,1,1,2020-08-24 21:55:17.000,2021-08-24 21:55:17.000,true,0,104.197.180.156,US,true,0,0,bWt0c3dOVVpyMlZL +fannie_mae_migration_extension,2020-12-07 15:20:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,fannie_mae_migration_extension,0,0,0,0.00,0,20.04.163,null@fanniemae.com,evaluation,960,334,2020-08-04 16:59:24.000,2021-02-14 16:59:24.000,true,0,104.129.194.155,US,false,0,120, +fguillaume_eval,2020-12-06 22:40:26.000,2,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,fguillaume_eval,2,2,2,0.00,0,20.09.345,fguillaume@paloaltonetworks.com,evaluation,200,6,2020-01-31 03:57:21.000,2021-01-30 03:57:21.000,true,0,34.68.127.79,US,true,0,0, +finicity,2020-12-07 12:05:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,finicity,0,0,0,0.00,0,19.07.363,null@finicity.com,enterprise,400,1,2020-01-14 22:34:56.000,2021-03-06 22:34:56.000,true,00001518,35.166.212.16,US,false,0,0, +first_american,2020-12-07 10:07:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,first_american,0,0,0,0.00,0,20.04.177,null@firstam.com,enterprise,200,2,2020-01-23 18:59:47.000,2021-01-22 18:59:47.000,true,00002560,52.149.52.86,US,false,0,0, +fiserv,2020-12-07 06:45:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,fiserv,0,0,0,0.00,0,19.03.321,null@fiserv.com,enterprise,100,40,2020-11-30 20:42:43.000,2021-10-23 20:42:43.000,true,00000472,34.213.72.72,US,false,0,0, +flatiron_health,2020-12-06 18:57:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,flatiron_health,0,0,0,0.00,0,19.11.506,null@flatiron.com,enterprise,700,95,2019-11-28 00:16:55.000,2022-11-27 00:16:55.000,true,00001681,52.200.94.203,US,false,0,0, +friday.de,2020-12-06 19:46:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,friday.de,0,0,0,0.00,0,20.04.177,null@friday.de,enterprise,105,9,2020-12-03 01:33:55.000,2020-12-15 01:33:55.000,true,TL000045,3.250.114.208,IE,false,0,15, +gamestop,2020-12-06 21:27:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gamestop,0,0,0,0.00,0,19.07.363,null@gamestop.com,evaluation,200,12,2020-11-17 17:37:35.000,2020-12-17 17:37:35.000,true,00001608,104.251.4.3,US,false,0,0, +garanti_bankasi,2020-12-07 14:30:21.000,0,77,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,garanti_bankasi,0,11,0,0.00,0,20.09.365,null@garantibbva.com.tr,enterprise,500,11,2020-01-31 16:45:02.000,2021-01-30 16:45:02.000,true,00002674,194.29.214.244,TR,false,0,0, +gdit,2020-12-07 01:54:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gdit,0,0,0,0.00,0,20.04.177,null@gdit.com,enterprise,100,15,2020-02-04 22:21:43.000,2021-02-03 22:21:43.000,true,00002780,35.171.68.125,US,false,0,0, +gesundheitscloud,2020-12-07 09:38:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gesundheitscloud,0,0,0,0.00,0,19.11.512,null@gesundheitscloud.de,enterprise,96,7,2020-02-24 11:40:30.000,2021-03-07 11:40:30.000,true,00003135,194.246.32.142,DE,false,0,12, +gic,2020-12-07 08:31:32.000,0,77,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gic,0,11,0,0.00,0,20.09.345,null@gic.com.sg,enterprise,100,12,2020-01-08 10:09:05.000,2021-01-14 10:09:05.000,true,00002147,52.77.155.146,SG,false,0,0, +gil,2020-12-07 14:40:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gil,0,0,0,0.00,0,20.11.605,ghaim@paloaltonetworks.com,enterprise,1000,1,2020-05-04 10:25:46.000,2023-05-04 10:25:46.000,true,dev,82.166.99.178,IL,true,0,0,UXdXM1dyQ1RVVDY1 +gil,2020-12-07 10:04:42.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gil,0,1,0,0.00,0,,ghaim@paloaltonetworks.com,enterprise,1000,1,2020-05-04 10:25:46.000,2023-05-04 10:25:46.000,true,dev,146.148.93.252,US,true,0,0, +us-2-158284656,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,girl with curves - 3317245552371688128,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +gregory,2020-12-07 14:49:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gregory,0,0,0,0.00,0,20.11.500,gregory@twistlock.com,enterprise,0,1,2019-02-24 13:43:06.000,2021-11-20 13:43:06.000,true,dev_new,3.215.134.148,US,true,300,300, +gsk-poc-3,2020-12-03 14:43:09.000,0,350,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gsk-poc-3,0,50,0,0.00,0,20.09.345,william.wood@gsk.com,evaluation,300,50,2020-11-20 10:52:50.000,2020-12-04 10:52:50.000,true,0,152.51.48.1,US,false,0,0, +guidewire,2020-12-06 23:42:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,guidewire,0,0,0,0.00,0,20.04.177,null@guidewire.com,enterprise,630,275,2019-12-31 18:11:53.000,2020-12-16 18:11:53.000,true,00001989,54.242.62.134,US,false,0,105, +gulf_states_toyota,2020-12-06 19:42:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,gulf_states_toyota,0,0,0,0.00,0,20.04.169,null@gstoyota.com,enterprise,100,9,2020-01-22 21:35:30.000,2021-01-21 21:35:30.000,true,00002548,205.196.182.70,US,false,0,0, +harmonic,2020-12-07 04:52:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,harmonic,0,0,0,0.00,0,20.04.181,null@harmonicinc.com,enterprise,3600,201,2019-10-30 21:55:28.000,2022-10-29 21:55:28.000,true,TL000038,35.167.179.13,US,false,0,600, +hca,2020-12-07 13:41:24.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,hca,0,3,0,0.00,0,20.09.345,null@hcahealthcare.com,enterprise,144,3,2019-12-13 17:06:42.000,2020-12-19 17:06:42.000,true,00000794,165.214.11.90,US,false,0,24, +healthfidelity,2020-12-07 13:09:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,healthfidelity,0,0,0,0.00,0,20.09.345,null@healthfidelity.com,enterprise,180,18,2019-11-20 21:12:38.000,2020-12-31 21:12:38.000,true,00000510,52.52.141.176,US,false,0,30, +eu-151241,2020-12-07 15:22:37.000,0,14,0.00,0,0,0,0,0,0,1,1,1,0,28,1,2,0,0,0,0,0,0,0,0,0,0,2046640128.00,546414592.00,0,hepsiburada,0,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 18:05:07.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +us-2-158284631,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,herospark - 462089365894033389,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-3-159237997,2020-12-06 16:33:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,hike,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +hk_enablement_eval11,2020-12-07 07:48:59.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,hk_enablement_eval11,0,1,0,0.00,0,20.09.345,mwan@paloaltonetworks.com,evaluation,100,1,2020-11-09 18:04:31.000,2020-12-09 18:04:31.000,true,0,183.178.37.33,HK,false,0,0, +us-3-159208267,2020-12-07 15:46:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,hollywoodpark.cloud,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +home_depot,2020-12-07 14:44:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,home_depot,0,0,0,0.00,0,20.09.365,null@homedepot.com,enterprise,75600,0,2020-01-31 21:44:23.000,2025-01-30 21:44:23.000,true,00002702,35.223.43.174,US,false,0,0, +homeaway,2020-12-07 11:38:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,homeaway,0,0,0,0.00,0,19.07.363,null@homeaway.com,enterprise,15000,67,2019-10-30 17:14:32.000,2021-01-01 17:14:32.000,true,00000555,199.247.94.251,US,false,0,2500, +iHerb_200,2020-12-07 08:17:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,iHerb_200,0,0,0,0.00,0,20.04.163,null@iherb.com,enterprise,1200,453,2020-01-17 20:52:35.000,2021-01-09 20:52:35.000,true,00000518,34.72.67.205,US,false,0,200, +iahmed@paloaltonetworks.com,2020-12-06 18:53:05.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,iahmed@paloaltonetworks.com,1,2,2,0.00,0,20.09.345,iahmed@paloaltonetworks.com,enterprise,200,5,2020-02-03 17:02:47.000,2021-02-02 17:02:47.000,true,0,34.68.127.79,US,true,0,0, +idstacks,2020-12-06 17:44:28.000,0,98,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,idstacks,0,14,0,0.00,0,20.09.365,null@idstacks.io,enterprise,200,14,2020-01-09 20:31:57.000,2020-12-30 20:31:57.000,true,00000541,34.235.197.5,US,false,0,0, +ijunius@paloaltonetworks.com,2020-12-07 13:47:46.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ijunius@paloaltonetworks.com,1,2,2,0.00,0,20.09.345,ijunius@paloaltonetworks.com,enterprise,80,5,2020-11-12 15:53:28.000,2021-11-12 15:53:28.000,true,0,35.202.18.244,US,true,10,10, +ilana,2020-12-06 14:16:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ilana,0,0,0,0.00,0,20.12.607,ilana@twistlock.com,enterprise,0,0,2018-07-05 10:22:18.000,2021-03-31 10:22:18.000,true,dev,82.166.99.178,IL,true,0,0,dUVwRGIyWEFzTHdr +illumina,2020-12-07 07:55:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,illumina,0,0,0,0.00,0,19.07.363,null@illumina.com,enterprise,480,1,2020-05-07 21:51:22.000,2021-05-09 21:51:22.000,true,00000730,52.2.88.47,US,false,0,60, +infosys,2020-12-07 02:56:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,infosys,0,0,0,0.00,0,19.11.480,null@infosys.com,enterprise,200,0,2019-12-10 08:36:04.000,2022-12-04 08:36:04.000,true,00001819,52.29.240.185,DE,false,0,0, +ing_belgium,2020-12-07 06:25:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ing_belgium,0,0,0,0.00,0,20.09.345,null@ing.com,enterprise,60,0,2020-01-21 16:47:01.000,2021-01-20 16:47:01.000,true,00002520,20.73.119.73,US,false,0,10, +interstates_pg,2020-12-07 05:09:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,interstates_pg,0,0,0,0.00,0,19.11.506,null@interstates.com,enterprise,0,29,2019-03-20 21:13:13.000,2022-03-19 21:13:13.000,true,00000646,143.16.178.62,US,false,0,84, +intuit,2020-12-07 14:21:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,intuit,0,0,0,0.00,0,20.04.177,null@intuit.com,enterprise,144,3,2020-06-02 19:09:29.000,2021-05-30 19:09:29.000,true,a1f6cece-525e-c8ec-fccd-af91bf349b4d,54.71.186.70,US,false,0,18, +investec,2020-12-07 11:46:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,investec,0,0,0,0.00,0,20.04.163,null@investec.co.uk,enterprise,240,20,2020-04-02 16:44:26.000,2021-03-20 16:44:26.000,true,00003724,80.231.216.11,GB,false,0,30, +irish_life_assurance,2020-12-02 07:33:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,irish_life_assurance,0,0,0,0.00,0,20.04.177,null@gwle.com,evaluation,200,9,2020-11-24 15:57:35.000,2020-12-04 15:57:35.000,true,0,52.155.238.166,IE,false,0,0, +isaac,2020-12-07 10:29:51.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,isaac,0,3,0,0.00,0,20.09.365,isaac@twistlock.com,enterprise,0,3,2019-02-17 10:42:35.000,2024-08-09 10:42:35.000,true,dev,104.197.105.15,US,true,0,0, +itay,2020-12-07 14:36:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,itay,0,0,0,0.00,0,20.12.608,iabramowsky@paloaltonetworks.com,enterprise,1000,0,2020-07-06 12:19:39.000,2023-04-02 12:19:39.000,true,dev,82.166.99.178,IL,true,0,0,T1dGekdCSmdPUkdB +jalston_sandbox,2020-12-07 12:00:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jalston_sandbox,0,0,0,0.00,0,20.04.163,alstonjim21@gmail.com,enterprise,100,0,2020-10-18 20:44:13.000,2021-10-18 20:44:13.000,true,0,3.129.195.163,US,false,0,0, +jalston_se,2020-12-06 19:02:36.000,1,23,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jalston_se,1,3,2,0.00,0,20.09.345,jalston@paloaltonetworks.com,enterprise,100,6,2020-05-01 21:58:30.000,2021-04-30 21:58:30.000,true,0,34.68.127.79,US,true,0,0, +james.santos@accenture.com,2020-12-06 20:46:00.000,1,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,james.santos@accenture.com,1,7,0,0.00,0,20.09.365,james.santos@accenture.com,evaluation,180,8,2020-07-09 19:25:42.000,2021-01-05 19:25:42.000,true,0,18.191.234.25,US,false,20,20, +jbrown,2020-12-06 23:03:38.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jbrown,1,2,2,0.00,0,20.09.345,jobrown@paloaltonetworks.com,enterprise,90,5,2020-02-12 16:40:13.000,2021-02-11 16:40:13.000,true,0,35.202.18.244,US,false,10,10, +jbuhr@paloaltonetworks.com-2,2020-12-07 13:01:50.000,3,49,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jbuhr@paloaltonetworks.com-2,3,7,0,0.00,0,20.09.365,jbuhr@paloaltonetworks.com,enterprise,250,13,2020-07-22 16:39:23.000,2021-07-22 16:39:23.000,true,0,24.178.240.50,US,true,0,0, +jet_Eval8,2020-12-07 14:58:18.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jet_Eval8,0,3,0,0.00,0,20.09.365,do.klyuchnikov@jet.su,evaluation,100,3,2020-10-14 10:55:23.000,2021-01-12 10:55:23.000,true,0,193.203.100.237,RU,false,0,0, +john,2020-12-06 17:56:59.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,john,0,1,0,0.00,0,20.09.365,john@twistlock.com,enterprise,0,1,2019-05-24 00:26:00.000,2022-02-17 00:26:00.000,true,0,34.68.206.166,US,true,1000,1000, +jonathan,2020-12-06 10:31:56.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jonathan,0,0,0,0.00,0,20.11.508,jlipman@paloaltonetworks.com,enterprise,1000,1,2020-10-18 07:43:33.000,2023-10-18 07:43:33.000,true,dev,82.166.99.178,IL,true,0,0,d3ovcmNhK1VTbUJX +jonathan_dong,2020-12-07 13:43:56.000,1,44,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,jonathan_dong,1,6,2,0.00,0,20.09.345,jdong@paloaltonetworks.com,enterprise,100,9,2020-01-23 17:33:56.000,2021-01-22 17:33:56.000,true,0,35.202.18.244,US,true,0,0, +joshua_millsap,2020-12-06 20:58:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,joshua_millsap,0,0,0,0.00,0,19.07.363,jmillsap@paloaltonetworks.com,enterprise,700,1,2020-02-05 21:05:00.000,2021-02-04 21:05:00.000,true,0,68.251.62.92,US,false,100,100, +julia,2020-12-07 14:03:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,julia,0,0,0,0.00,0,19.10.457,jmeged@paloaltonetworks.com,enterprise,1000,0,2019-08-01 19:15:15.000,2027-10-18 19:15:15.000,true,dev,34.217.59.174,US,true,0,0, +kaiser,2020-12-06 17:39:01.000,0,252,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,kaiser,0,36,0,0.00,0,20.09.345,null@kp.org,enterprise,606,36,2019-10-11 20:38:11.000,2021-02-14 20:38:11.000,true,00000585,51.143.116.186,US,false,0,101, +kakintade@paloaltonetworks.com,2020-12-07 02:58:36.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,kakintade@paloaltonetworks.com,0,0,0,0.00,0,20.04.169,kakintade@paloaltonetworks.com,enterprise,500,1,2020-05-07 21:42:39.000,2021-05-07 21:42:39.000,true,0,13.56.227.146,US,true,0,0, +kasa_korea,2020-12-07 10:59:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,kasa_korea,0,0,0,0.00,0,20.04.169,null@kasacorp.com,enterprise,100,23,2020-05-07 09:46:41.000,2021-04-30 09:46:41.000,true,00006697,15.165.218.97,KR,false,0,0, +kensci,2020-12-06 20:23:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,kensci,0,0,0,0.00,0,19.03.317,null@kensci.com,enterprise,70,3,2020-09-30 19:19:47.000,2021-09-16 19:19:47.000,true,00000432,40.85.145.11,US,false,0,10, +kwalsh@paloaltonetworks.com ,2020-12-07 01:03:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,kwalsh@paloaltonetworks.com ,0,0,0,0.00,0,20.04.169,kwalsh@paloaltonetworks.com,evaluation,800,11,2020-08-21 21:50:51.000,2021-02-17 21:50:51.000,true,0,165.117.254.250,US,false,0,100, +kyates_3,2020-12-06 15:53:17.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,kyates_3,1,2,2,0.00,0,20.09.365,kyates@paloaltonetworks.com,evaluation,100,5,2020-11-23 22:13:26.000,2021-05-22 22:13:26.000,true,0,34.68.127.79,US,true,0,0, +us-2-158284841,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lanelofte - 8634810437493807575,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +lchovan@paloaltonetworks.com_eval,2020-12-01 18:00:46.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lchovan@paloaltonetworks.com_eval,0,0,0,0.00,0,20.09.345,lchovan@paloaltonetworks.com,evaluation,100,1,2020-10-02 10:55:10.000,2021-03-31 10:55:10.000,true,0,109.74.144.185,SK,false,0,0, +leafgroup ,2020-12-07 04:33:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,leafgroup ,0,0,0,0.00,0,19.11.512,null@leafgroup.com,enterprise,1008,28,2020-01-09 22:14:52.000,2020-12-31 22:14:52.000,true,00002392,13.52.117.237,US,false,0,168, +lidor,2020-12-07 07:55:40.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lidor,0,1,0,0.00,0,20.11.507,lotmazgin@paloaltonetworks.com,enterprise,1000,1,2020-10-25 11:30:12.000,2023-07-21 11:30:12.000,true,dev,146.148.93.252,US,true,0,0, +lidor,2020-12-07 07:28:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lidor,0,0,0,0.00,0,20.12.610,lotmazgin@paloaltonetworks.com,enterprise,1000,1,2020-10-25 11:30:12.000,2023-07-21 11:30:12.000,true,dev,82.166.99.178,IL,true,0,0,NzBYckFDSnZISEg4 +liel,2020-12-07 12:09:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,liel,0,0,0,0.00,0,20.11.507,lreuveni@paloaltonetworks.com,enterprise,1000,0,2020-01-08 11:49:26.000,2023-01-07 11:49:26.000,true,dev,146.148.93.252,US,true,0,0, +liel,2020-12-07 14:17:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,liel,0,0,0,0.00,0,20.12.608,lreuveni@paloaltonetworks.com,enterprise,1000,1,2020-01-08 11:49:26.000,2023-01-07 11:49:26.000,true,dev,82.166.99.178,IL,true,0,0,RTZlckZ0QjIwa05F +liron,2020-12-06 18:45:19.000,1,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,liron,1,0,0,0.00,0,20.11.507,llevin@paloaltonetworks.com,enterprise,100,1,2020-07-27 05:19:50.000,2023-04-23 05:19:50.000,true,liron,146.148.93.252,US,true,0,0, +liza,2020-12-07 10:25:19.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,liza,0,1,0,0.00,0,20.09.345,liza@twistlock.com,enterprise,0,1,2019-02-24 13:38:49.000,2021-11-20 13:38:49.000,true,dev_new,104.198.77.5,US,true,300,300, +llbean_100,2020-12-07 12:32:22.000,0,56,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,llbean_100,0,8,0,0.00,0,20.09.345,null@llbean.com,enterprise,600,8,2019-12-26 15:44:55.000,2020-12-17 15:44:55.000,true,00000524,34.74.101.128,US,false,0,100, +loblaw_pcfinancial,2020-12-06 16:03:10.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,loblaw_pcfinancial,0,0,0,0.00,0,20.04.169,null@loblaw.ca,enterprise,126,7,2020-01-08 18:49:12.000,2021-01-26 18:49:12.000,true,00001680,20.151.29.146,CA,false,0,21, +logmein,2020-12-07 10:07:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,logmein,0,0,0,0.00,0,20.04.163,null@logmein.com,enterprise,80,1,2020-02-17 15:51:10.000,2021-01-21 15:51:10.000,true,00002925,52.35.162.84,US,false,0,10, +lsmith_se_eval,2020-12-06 19:46:49.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lsmith_se_eval,1,2,2,0.00,0,20.09.365,lsmith@paloaltonetworks.com,evaluation,250,5,2020-01-03 01:13:37.000,2021-01-02 01:13:37.000,true,0,34.68.127.79,US,true,0,0, +lufthansa_extension,2020-12-07 15:19:51.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lufthansa_extension,0,4,0,0.00,0,20.09.365,null@lhsystems.com,evaluation,600,4,2020-11-26 10:58:09.000,2020-12-31 10:58:09.000,true,0,51.136.80.114,NL,false,0,0, +us-3-159238958,2020-12-06 16:22:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,lumiata,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +maersk,2020-12-07 14:19:50.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,maersk,0,1,0,0.00,0,20.09.345,null@maersk.com,enterprise,800,1,2020-03-04 10:47:18.000,2021-04-04 10:47:18.000,true,00003277,40.114.244.243,NL,false,0,100, +markv,2020-12-06 15:48:14.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,markv,0,1,0,0.00,0,20.11.500,markv@twistlock.com,enterprise,0,1,2019-04-29 16:59:34.000,2024-10-19 16:59:34.000,true,dev,146.148.93.252,US,true,300,300, +markv,2020-12-06 10:23:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,markv,0,0,0,0.00,0,20.12.610,markv@twistlock.com,enterprise,0,0,2019-04-29 16:59:34.000,2024-10-19 16:59:34.000,true,dev,31.154.166.148,IL,true,300,300,bmNGWXM4S2U5a3hq +matt_demo_2021,2020-12-06 16:53:05.000,1,30,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,matt_demo_2021,1,4,2,0.00,0,20.09.365,mbarker@paloaltonetworks.com,evaluation,500,7,2020-01-12 16:49:29.000,2021-01-11 16:49:29.000,true,0,34.68.127.79,US,false,0,0, +matthew_chadder_2021,2020-12-07 02:51:09.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,matthew_chadder_2021,0,2,0,0.00,0,20.09.345,mchadder@paloaltonetworks.com,evaluation,200,2,2020-04-01 16:29:40.000,2021-04-01 16:29:40.000,true,0,68.147.236.166,CA,false,0,0, +maya,2020-12-07 11:05:53.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,maya,0,4,0,0.00,0,20.11.604,maya@twistlock.com,enterprise,0,4,2018-11-13 20:07:41.000,2021-08-09 20:07:41.000,true,0,34.71.80.220,US,true,0,0,dVc1ZmZqc1VnWEZ0 +maya,2020-12-07 11:13:17.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,maya,0,1,0,0.00,0,20.09.345,maya@twistlock.com,enterprise,0,1,2018-11-13 20:07:41.000,2021-08-09 20:07:41.000,true,0,35.232.164.7,US,true,0,0, +mbank_eval3,2020-12-07 10:57:42.000,0,336,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,mbank_eval3,0,48,0,0.00,0,20.09.365,zorian.kruzynski@mbank.pl,evaluation,500,48,2020-11-25 13:03:16.000,2020-12-25 13:03:16.000,true,0,195.42.249.78,PL,false,0,0, +medallia,2020-12-07 00:21:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,medallia,0,0,0,0.00,0,19.11.512,null@medallia.com,enterprise,60,1,2020-01-24 22:12:17.000,2021-01-30 22:12:17.000,true,00002565,54.151.37.95,US,false,0,10, +us-2-158284721,2020-12-07 14:26:18.000,0,28,0.00,0,0,0,0,0,0,1,1,1,0,28,5,27,0,0,0,0,0,0,0,0,0,0,2046640128.00,543547392.00,0,meldCX - 2389578920097227373,0,4,0,0.00,0,,,enterprise,1000000,4,2020-10-05 20:46:23.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +menora,2020-12-06 18:47:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,menora,0,0,0,0.00,0,20.04.169,null@menora.co.il,enterprise,54,3,2020-01-23 12:02:49.000,2021-01-07 12:02:49.000,true,00002350,192.116.232.69,IL,false,0,9, +michaelve,2020-12-06 22:28:08.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,michaelve,0,1,0,0.00,0,20.12.522,mvelbaum@paloaltonetworks.com,enterprise,500,1,2020-03-08 07:26:55.000,2022-12-03 07:26:55.000,true,dev,84.207.227.14,NL,true,0,0,dFYxbHFhOFNnSnlD +misha,2020-12-06 12:33:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,misha,0,0,0,0.00,0,20.12.610,mkletselman@paloaltonetworks.com,enterprise,1000,1,2019-12-22 11:54:57.000,2024-01-30 11:54:57.000,true,dev,82.166.99.178,IL,true,0,0,TTVsTGFOMW5Qc0NV +eu-150431,2020-12-07 15:35:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,mitsui chemicals,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +mkhammash_demo_build,2020-12-07 08:27:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,mkhammash_demo_build,0,0,0,0.00,0,20.04.177,mkhammash@paloaltonetworks.com,evaluation,100,3,2020-07-28 07:50:56.000,2021-07-23 07:50:56.000,true,0,34.68.127.79,US,false,0,0, +mlambert@paloaltonetworks.com,2020-12-07 12:32:05.000,1,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,mlambert@paloaltonetworks.com,1,2,0,0.00,0,20.09.365,mlambert@paloaltonetworks.com,evaluation,5000,3,2020-05-03 16:29:03.000,2022-04-23 16:29:03.000,true,0,35.202.18.244,US,true,0,0, +us-2-158286550,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,mo - 6398299163307351043,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-1-111572310,2020-12-07 14:33:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,morganstanley,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +motorolasolutions,2020-12-06 16:49:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,motorolasolutions,0,0,0,0.00,0,19.07.358,null@motorolasolutions.com,enterprise,1134,0,2019-10-17 14:34:20.000,2021-01-15 14:34:20.000,true,00000529,140.101.95.242,US,false,0,189, +anz-3053678,2020-12-06 18:02:38.000,1,14,0.00,0,0,2,0,0,0,0,1,1,0,28,0,2,0,0,12,0,0,0,0,0,0,0,2046640128.00,538824704.00,0,"nForce Secure Co., Ltd. - 6561385320464264910",1,2,0,0.00,0,20.09.366,,enterprise,1000000,3,2020-07-31 07:17:06.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +nasi,2020-12-07 06:36:57.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nasi,0,4,0,0.00,0,20.09.345,null@nasi.com,enterprise,100,4,2020-01-07 23:08:01.000,2021-01-06 23:08:01.000,true,00002312,34.216.165.237,US,false,0,0, +nationwide,2020-12-07 14:25:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nationwide,0,0,0,0.00,0,19.07.363,null@nationwide.co.uk,enterprise,13000,90,2020-06-12 08:22:05.000,2022-11-12 08:22:05.000,true,00003228,35.176.185.127,GB,false,0,0, +nationwide,2020-12-07 06:45:40.000,0,1169,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nationwide,0,167,0,0.00,0,20.09.345,null@nationwide.com,enterprise,4000,173,2020-07-30 14:42:07.000,2021-07-18 14:42:07.000,true,00000865,18.213.201.143,US,false,0,500, +nav_inc,2020-12-06 14:37:50.000,0,147,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nav_inc,0,21,0,0.00,0,20.09.365,null@nav.com,enterprise,282,21,2019-12-03 17:25:46.000,2020-12-06 17:25:46.000,true,00000453,52.15.60.52,US,false,0,47, +us-3-159243956,2020-12-06 16:04:30.000,1,0,0.00,0,0,0,0,0,1,1,1,2,0,28,0,0,0,0,0,0,0,0,0,1,0,0,2046640128.00,536387584.00,0,nelnet-edp,1,0,0,0.00,1,20.04.177,,enterprise,1000000,1,2020-07-31 15:25:56.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +nerya,2020-12-03 09:13:56.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nerya,0,0,0,0.00,0,20.12.607,nagam@paloaltonetworks.com,enterprise,3000,1,2019-08-28 10:09:33.000,2022-12-10 10:09:33.000,true,dev2,82.166.99.178,IL,true,0,0,dWNVSm84WUh0U1ZL +us-1-111572275,2020-12-07 14:31:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,netjets,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +netwell_eval7,2020-12-06 19:43:38.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,netwell_eval7,0,5,0,0.00,0,20.09.345,ag@netwell.ru,evaluation,100,5,2020-12-02 14:24:42.000,2021-01-31 14:24:42.000,true,0,77.246.228.74,RU,false,0,0, +new_york_times,2020-12-06 20:56:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,new_york_times,0,0,0,0.00,0,20.04.163,null@nytimes.com,enterprise,8000,3,2020-08-24 17:09:48.000,2021-07-21 17:09:48.000,true,00000868,34.225.165.92,US,false,0,1000, +nexxbiz,2020-12-07 13:15:38.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nexxbiz,0,0,0,0.00,0,20.04.177,null@nexxbiz.io,enterprise,100,43,2019-09-25 16:39:20.000,2020-12-31 16:39:20.000,true,00000446,51.137.13.94,NL,false,0,0, +ngc_enterprise,2020-12-07 00:15:29.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ngc_enterprise,0,0,0,0.00,0,20.04.177,null@ngc.com,enterprise,96,7,2020-03-19 19:22:24.000,2021-02-24 19:22:24.000,true,00003339,15.200.19.110,US,false,0,12, +nielsen_pcce_extension,2020-11-30 15:08:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nielsen_pcce_extension,0,0,0,0.00,0,19.07.363,null@nielsen.com,evaluation,1400,19,2020-09-22 17:34:47.000,2020-11-30 17:34:47.000,true,0,34.197.85.15,US,false,0,200, +nike,2020-12-06 22:09:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nike,0,0,0,0.00,0,19.11.506,null@nike.com,enterprise,3000,0,2019-10-15 20:38:23.000,2020-12-18 20:38:23.000,true,00000536,34.216.25.199,US,false,0,500, +nimrod,2020-12-06 23:19:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nimrod,0,0,0,0.00,0,20.11.511,nimrod@twistlock.com,enterprise,0,1,2018-05-28 10:11:57.000,2021-02-21 10:11:57.000,true,dev,82.166.99.178,IL,true,0,0,SjdmUnRHbmFvaXVR +niperez@paloaltonetworks.com,2020-12-06 20:30:47.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,niperez@paloaltonetworks.com,0,1,0,0.00,0,20.08.338,niperez@paloaltonetworks.com,enterprise,900,1,2020-05-04 19:50:51.000,2021-05-04 19:50:51.000,true,0,104.198.204.193,US,true,100,100, +us-3-159215929,2020-12-06 16:38:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,none - 8975981364380984561,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +noy,2020-12-02 19:51:34.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,noy,0,1,0,0.00,0,20.11.600,ngreenstein@paloaltonetworks.com,enterprise,1000,1,2020-04-01 17:23:19.000,2023-04-01 17:23:19.000,true,dev,82.166.99.178,IL,true,0,0,Sk5BMGsyU0dHZk1q +noyy,2020-12-02 17:36:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,noyy,0,0,0,0.00,0,20.12.607,nyizchaki@paloaltonetworks.com,enterprise,1000,1,2019-11-05 14:26:47.000,2023-02-17 14:26:47.000,true,dev2,34.99.231.241,IL,true,0,0,ZDJUOTlRLzlNaWp4 +nreca,2020-12-01 13:11:19.000,0,70,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,nreca,0,10,0,0.00,0,20.09.365,null@nreca.com,enterprise,120,10,2019-11-21 00:47:27.000,2020-12-20 00:47:27.000,true,00000540,74.127.88.11,US,false,0,20, +oleg,2020-12-07 10:25:03.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,oleg,0,1,0,0.00,0,20.09.365,odvorkin@paloaltonetworks.com,enterprise,1000,1,2019-08-12 17:56:53.000,2023-09-20 17:56:53.000,true,test3,104.198.77.5,US,true,0,0, +oleg,2020-12-07 13:17:08.000,1,42,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,oleg,1,6,0,0.00,0,20.12.521,odvorkin@paloaltonetworks.com,enterprise,1000,16,2019-08-12 17:56:53.000,2023-09-20 17:56:53.000,true,test3,104.198.77.5,US,true,0,0,VmxHdmcvUVYrYWs1 +oleg,2020-12-02 09:59:47.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,oleg,0,5,0,0.00,0,20.12.519,odvorkin@paloaltonetworks.com,enterprise,1000,10,2019-08-12 17:56:53.000,2023-09-20 17:56:53.000,true,test3,104.198.77.5,US,true,0,0,ZU5nYmNlUTRnbElK +omric,2020-12-07 13:37:10.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,omric,0,1,0,0.00,0,20.10.485,omrcohen@paloaltonetworks.com,enterprise,1000,1,2020-09-29 10:53:54.000,2023-09-29 10:53:54.000,true,dev,146.148.93.252,US,true,0,0, +omric,2020-12-02 13:42:23.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,omric,0,0,0,0.00,0,20.12.521,omrcohen@paloaltonetworks.com,enterprise,1000,0,2020-09-29 10:53:54.000,2023-09-29 10:53:54.000,true,dev,82.166.99.178,IL,true,0,0,Q1RiaTJVVU1ZQXVX +omrim,2020-12-06 14:04:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,omrim,0,0,0,0.00,0,20.11.606,omyers@paloaltonetworks.com,enterprise,1000,1,2020-01-02 14:30:27.000,2023-01-01 14:30:27.000,true,dev,82.166.99.178,IL,true,0,0,aGxpaS8xdTEvUGgz +onespan,2020-12-07 10:25:49.000,0,399,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,onespan,0,57,0,0.00,0,20.09.345,null@onespan.com,enterprise,400,57,2020-01-31 20:33:55.000,2021-01-23 20:33:55.000,true,00002695,185.84.24.3,BE,false,0,0, +or,2020-12-07 11:42:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,or,0,0,0,0.00,0,20.09.345,or@twistlock.com,enterprise,0,0,2018-12-09 14:17:23.000,2021-09-04 14:17:23.000,true,0,18.218.247.34,US,true,0,0, +or,2020-12-06 16:36:55.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,or,0,0,0,0.00,0,20.11.511,or@twistlock.com,enterprise,0,201,2018-12-09 14:17:23.000,2021-09-04 14:17:23.000,true,0,34.99.231.241,IL,true,0,0,L2VObDhhVUJjTm1k +orcohen,2020-12-07 12:31:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,orcohen,0,0,0,0.00,0,19.10.457,orrcohen@paloaltonetworks.com,enterprise,1000,0,2019-08-01 19:16:54.000,2027-10-18 19:16:54.000,true,dev,54.149.49.45,US,true,0,0, +oren,2020-12-07 12:51:13.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,oren,0,1,0,0.00,0,20.11.507,oren@twistlock.com,enterprise,0,1,2018-09-05 09:22:00.000,2021-06-01 09:22:00.000,true,dev,146.148.93.252,US,true,0,0, +oren,2020-12-06 09:17:21.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,oren,0,1,0,0.00,0,20.11.605,oren@twistlock.com,enterprise,0,1,2018-09-05 09:22:00.000,2021-06-01 09:22:00.000,true,dev,82.166.99.178,IL,true,0,0,K1VqNGtkMEZPTzd2 +outreach,2020-12-06 22:12:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,outreach,0,0,0,0.00,0,19.11.506,null@outreach.io,enterprise,20000,0,2019-09-26 22:12:02.000,2021-09-25 22:12:02.000,true,TL000014,54.69.47.25,US,false,0,0, +us-1-111574356,2020-12-07 14:40:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,owens corning,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285711,2020-12-07 14:39:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,panw - 3787041629095291674,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +eu-2-143545895,2020-12-06 15:46:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,panw - 5798549383173231077,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158256885,2020-12-07 14:47:54.000,0,21,0.00,0,0,1,0,0,0,1,1,1,0,28,0,8,0,0,0,0,0,0,0,1,0,0,2046640128.00,534654976.00,0,partnerdemo,0,3,0,0.00,0,20.09.366,,enterprise,1000000,3,2019-12-09 23:33:38.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +paul@twistlock.com,2020-12-06 19:20:24.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,paul@twistlock.com,1,2,2,0.00,0,20.09.365,paul@twistlock.com,evaluation,0,5,2019-03-19 13:30:54.000,2021-12-13 13:30:54.000,true,0,35.202.18.244,US,true,10,10, +paulko,2020-12-06 16:32:34.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,paulko,0,1,0,0.00,0,20.11.600,paulko@twistlock.com,enterprise,0,1,2018-10-10 09:59:21.000,2021-07-06 09:59:21.000,true,dev,3.235.30.221,US,true,0,0,NldJVE5TVGF0VVd6 +paulko,2020-12-07 13:29:02.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,paulko,0,0,0,0.00,0,20.11.507,paulko@twistlock.com,enterprise,0,0,2018-10-10 09:59:21.000,2021-07-06 09:59:21.000,true,dev,18.192.14.24,DE,true,0,0, +pavel,2020-12-06 14:09:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pavel,0,0,0,0.00,0,20.12.525,pavel@twistlock.com,enterprise,0,1,2019-02-24 08:53:30.000,2021-11-20 08:53:30.000,true,dev,31.154.166.148,IL,true,100,100,ZngyY2F1S3lyLzdm +pavel,2020-12-03 08:09:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pavel,0,0,0,0.00,0,20.11.600,pavel@twistlock.com,enterprise,0,0,2019-02-24 08:53:30.000,2021-11-20 08:53:30.000,true,dev,31.154.166.148,IL,true,100,100,T0d1VDlqTEcxVTA5 +payvision,2020-12-07 12:41:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,payvision,0,0,0,0.00,0,20.04.177,null@payvision.com,enterprise,136,17,2020-07-03 11:55:32.000,2021-10-08 11:55:32.000,true,00007579,78.152.33.162,NL,false,0,17, +pbaumbach,2020-12-06 22:02:30.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pbaumbach,1,2,2,0.00,0,20.09.365,pbaumbach@paloaltonetworks.com,enterprise,800,5,2020-09-17 13:51:51.000,2021-09-17 13:51:51.000,true,0,34.68.127.79,US,true,100,100, +pbowden@paloaltonetworks.com,2020-12-06 20:50:08.000,1,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pbowden@paloaltonetworks.com,1,2,0,0.00,0,20.09.365,pbowden@paloaltonetworks.com,evaluation,5000,3,2020-05-04 15:12:48.000,2022-04-24 15:12:48.000,true,0,35.202.18.244,US,true,0,0, +us-3-159242900,2020-12-06 16:04:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pcsprisma,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +pdhamenia@paloaltonetworks.com,2020-12-07 14:50:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pdhamenia@paloaltonetworks.com,0,0,0,0.00,0,20.09.345,pdhamenia@paloaltonetworks.com,enterprise,100,0,2020-03-11 14:28:00.000,2021-03-11 14:28:00.000,true,pdhamenia,35.244.97.228,US,true,0,0, +pearson,2020-12-05 14:09:05.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pearson,0,0,0,0.00,0,20.04.169,null@pearson.com,enterprise,600,95,2019-10-31 17:35:41.000,2020-12-05 17:35:41.000,true,00000501,18.200.40.78,IE,false,0,100, +peloton,2020-12-06 15:32:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,peloton,0,0,0,0.00,0,20.04.177,null@onepeloton.com,enterprise,17000,1678,2020-10-12 20:48:45.000,2021-09-29 20:48:45.000,true,00003777,18.215.90.113,US,false,0,0, +us1-81232,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pentest1,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us1-59095,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pentest2,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +people_association,2020-12-07 09:47:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,people_association,0,0,0,0.00,0,19.07.363,null@mom.gov.sg,enterprise,100,82,2019-11-15 16:19:52.000,2024-10-17 16:19:52.000,true,00001258,13.251.61.236,SG,false,0,0, +us-2-158287538,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,person - 5604251030446477534,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +personal_capital,2020-12-07 11:25:23.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,personal_capital,0,1,0,0.00,0,20.09.365,null@personalcapital.com,enterprise,900,1,2020-01-31 02:38:04.000,2023-02-28 02:38:04.000,true,00002650,52.38.252.83,US,false,0,0, +phimm_canadase,2020-12-07 09:37:48.000,1,15,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,phimm_canadase,1,2,1,0.00,0,20.09.345,pphonpaseuth@paloaltonetworks.com,evaluation,100,4,2020-10-17 08:40:32.000,2021-10-17 08:40:32.000,true,0,34.68.127.79,US,true,0,0, +pleio,2020-12-07 08:11:00.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pleio,0,0,0,0.00,0,20.04.163,null@pleio.nl,enterprise,64,2,2020-04-14 09:00:23.000,2021-04-17 09:00:23.000,true,00002557,18.185.139.202,DE,false,0,8, +us-2-158262769,2020-12-07 14:39:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pos - 1218500909367021148,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +postcode_lottery,2020-12-06 16:13:08.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,postcode_lottery,0,0,0,0.00,0,20.04.177,null@postcodelottery.co.uk,enterprise,240,1,2020-03-04 08:53:15.000,2021-04-29 08:53:15.000,true,00003219,52.215.238.14,IE,false,0,30, +prisma_product,2020-12-07 04:14:21.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,prisma_product,0,1,0,0.00,0,20.09.365,jmorello@paloaltonetworks.com,enterprise,10000,1,2019-07-22 21:44:06.000,2022-04-17 21:44:06.000,true,0,54.209.238.209,US,true,0,0, +prisma_product,2020-12-07 07:02:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,prisma_product,0,0,0,0.00,0,20.12.522,jmorello@paloaltonetworks.com,enterprise,10000,1,2019-07-22 21:44:06.000,2022-04-17 21:44:06.000,true,0,34.68.105.204,US,true,0,0,c0NMRzI3RURMVUdY +proximus,2020-12-07 14:13:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,proximus,0,0,0,0.00,0,20.04.177,null@proximus.com,enterprise,8000,18,2020-04-22 14:44:46.000,2022-07-11 14:44:46.000,true,00004568,195.238.25.37,BE,false,0,1000, +prudential,2020-12-07 14:04:33.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,prudential,0,0,0,0.00,0,18.11.128,null@prudential.co.uk,enterprise,330,6,2019-10-31 17:53:45.000,2022-10-22 17:53:45.000,true,00000476,13.81.218.79,NL,false,0,55, +prudential,2020-12-07 15:09:42.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,prudential,0,3,0,0.00,0,20.09.345,null@prudential.co.uk,enterprise,570,3,2020-01-29 18:04:03.000,2022-10-22 18:04:03.000,true,00002598,20.54.163.5,US,false,0,95, +pwc,2020-12-07 15:11:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pwc,0,0,0,0.00,0,20.04.169,null@pwc.com,enterprise,4000,2,2020-07-07 19:32:38.000,2021-07-31 19:32:38.000,true,00000902,40.90.246.252,US,false,0,500, +pwc_eval,2020-12-07 02:41:51.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,pwc_eval,0,0,0,0.00,0,20.04.169,victor.ca.cheung@pwc.com,evaluation,175,4,2020-10-08 16:51:03.000,2021-01-06 16:51:03.000,true,pwceval1,168.63.214.9,HK,false,0,25, +q2ebanking,2020-12-07 00:11:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,q2ebanking,0,0,0,0.00,0,19.07.363,null@q2ebanking.com,enterprise,120,7,2020-02-03 17:55:00.000,2021-02-15 17:55:00.000,true,00006636,192.0.53.21,US,false,0,20, +qlik,2020-12-07 08:29:48.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,qlik,0,0,0,0.00,0,20.04.177,null@qlik.com,enterprise,1200,7,2019-12-27 19:27:07.000,2021-01-21 19:27:07.000,true,00000573,52.18.191.232,IE,false,0,200, +rafis_internal,2020-12-07 09:09:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rafis_internal,0,0,0,0.00,0,20.04.177,rtalipov@paloaltonetworks.com,evaluation,85,5,2020-02-14 12:02:51.000,2021-02-13 12:02:51.000,true,0,35.202.18.244,US,false,5,10, +us-2-158285831,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,raghu_dlp_nov03,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285832,2020-12-07 14:26:17.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,raghu_dlp_nov03_02,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286515,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,raghu_nov05_01,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158286707,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,raghu_nov17,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +ramon_demo_build,2020-12-03 08:33:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ramon_demo_build,0,0,0,0.00,0,20.04.163,rdeboer@paloaltonetworks.com,evaluation,100,1,2020-03-04 15:28:56.000,2021-02-27 15:28:56.000,true,0,52.169.252.230,IE,false,0,0, +us-2-158283663,2020-12-07 14:36:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 1184089866067625763,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283665,2020-12-07 14:26:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 1275035466155774911,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262774,2020-12-07 15:01:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 1486548813858187212,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262770,2020-12-07 14:26:16.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 1964539964612902265,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283670,2020-12-07 14:39:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 3383041753023184417,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283667,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 4390056971843997760,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158283666,2020-12-07 14:46:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 7081865382009456423,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262773,2020-12-07 14:44:06.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 892736492577151018,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262713,2020-12-07 14:37:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rao - 9026093946752891264,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +rbenavente_demo_env,2020-12-06 22:49:01.000,1,30,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rbenavente_demo_env,1,4,2,0.00,0,20.09.365,rbenavente@paloaltonetworks.com,evaluation,100,7,2020-11-17 18:40:43.000,2021-01-16 18:40:43.000,true,0,34.68.127.79,US,true,0,0, +rchauvin@paloaltonetworks.com,2020-12-06 16:22:35.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rchauvin@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,rchauvin@paloaltonetworks.com,enterprise,900,5,2020-04-06 06:15:05.000,2021-04-06 06:15:05.000,true,0,35.202.18.244,US,true,100,100, +reut kravchook,2020-12-01 11:11:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,reut kravchook,0,0,0,0.00,0,20.12.519,rkravchook@paloaltonetworks.com,enterprise,1000,1,2020-11-16 09:43:53.000,2023-08-12 09:43:53.000,true,dev,82.166.99.178,IL,true,0,0,a0pQcVYvWEsxTFZF +rev19,2020-12-07 03:12:40.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rev19,0,0,0,0.00,0,19.11.506,null@rev19.net,enterprise,100,3,2020-01-08 15:29:22.000,2021-01-07 15:29:22.000,true,00002345,13.89.139.237,US,false,0,0, +rhollis@paloaltonetworks.com,2020-12-06 18:48:41.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rhollis@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,rhollis@paloaltonetworks.com,enterprise,70,5,2020-01-31 23:12:15.000,2021-01-30 23:12:15.000,true,0,35.202.18.244,US,true,10,10, +riskified,2020-12-07 11:44:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,riskified,0,0,0,0.00,0,20.04.163,null@riskified.com,enterprise,5400,204,2020-01-31 17:07:39.000,2020-12-31 17:07:39.000,true,00002634,35.171.107.88,US,false,0,900, +riyaz.hussain@sifycorp.com,2020-12-04 05:27:42.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,riyaz.hussain@sifycorp.com,0,3,0,0.00,0,20.09.345,riyaz.hussain@sifycorp.com,evaluation,100,4,2020-11-05 05:20:14.000,2020-12-05 05:20:14.000,true,0,1.6.36.4,IN,false,0,0, +rosbank,2020-12-07 12:40:23.000,0,28,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rosbank,0,4,0,0.00,0,20.09.365,null@dialognauka.ru,enterprise,60,4,2020-01-02 10:31:01.000,2022-12-29 10:31:01.000,true,00002221,194.8.224.1,RU,false,0,10, +rostelecom_eval2,2020-12-05 07:47:11.000,0,154,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,rostelecom_eval2,0,22,0,0.00,0,20.09.365,egor.derov@rt.ru,evaluation,100,22,2020-11-05 07:49:38.000,2020-12-05 07:49:38.000,true,0,213.59.242.220,RU,false,0,0, +ruby,2020-12-07 11:11:37.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ruby,0,3,0,0.00,0,20.12.521,reuven@twistlock.com,enterprise,0,5,2019-02-24 13:39:10.000,2021-11-20 13:39:10.000,true,dev_new,34.76.21.51,BE,true,2000,2000,eEErM1RYZ0xIdE5Q +ruby,2020-12-07 13:20:02.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ruby,0,1,0,0.00,0,20.11.507,reuven@twistlock.com,enterprise,0,1,2019-02-24 13:39:10.000,2021-11-20 13:39:10.000,true,dev_new,104.198.77.5,US,true,2000,2000, +ruby,2020-12-07 14:33:04.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ruby,0,0,0,0.00,0,20.12.527,reuven@twistlock.com,enterprise,0,3,2019-02-24 13:39:10.000,2021-11-20 13:39:10.000,true,dev_new,104.198.77.5,US,true,2000,2000,WGplMVMxUE9mRXdM +ruby,2020-12-07 14:37:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ruby,0,0,0,0.00,0,20.12.608,reuven@twistlock.com,enterprise,0,9991,2019-02-24 13:39:10.000,2021-11-20 13:39:10.000,true,dev_new,82.166.99.178,IL,true,2000,2000,T1dGekdCSmdPUkdB +ruby,2020-12-01 23:25:40.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ruby,0,2,0,0.00,0,20.12.515,reuven@twistlock.com,enterprise,0,2,2019-02-24 13:39:10.000,2021-11-20 13:39:10.000,true,dev_new,104.198.77.5,US,true,2000,2000,VWxBV1pqQVJEQ0Nl +sandia_consolidated,2020-12-07 03:47:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sandia_consolidated,0,0,0,0.00,0,20.04.177,null@sandia.gov,evaluation,400,28,2020-08-27 17:46:17.000,2021-07-30 17:46:17.000,true,0,198.102.155.111,US,false,0,0, +us-3-159239926,2020-12-06 16:22:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,scotts test tenant,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158285584,2020-12-07 14:33:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,secure cloud guru - 1152569035680455355,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +selad@paloaltonetworks.com,2020-12-07 12:36:44.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,selad@paloaltonetworks.com,0,1,0,0.00,0,20.12.512,selad@paloaltonetworks.com,enterprise,1000,1,2020-04-02 19:47:04.000,2022-12-28 19:47:04.000,true,0,35.232.34.224,US,true,0,0,c2ZLbDhMVHZhZlV2 +selad@paloaltonetworks.com,2020-12-07 14:58:19.000,0,35,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,selad@paloaltonetworks.com,0,5,0,0.00,0,20.09.345,selad@paloaltonetworks.com,enterprise,1000,5,2020-04-02 19:47:04.000,2022-12-28 19:47:04.000,true,0,104.198.157.56,US,true,0,0, +semafone,2020-12-07 13:22:04.000,0,147,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,semafone,0,21,0,0.00,0,20.09.365,null@semafone.com,enterprise,300,21,2020-01-31 12:41:16.000,2021-02-05 12:41:16.000,true,00002656,63.32.29.237,IE,false,0,0, +setthapong_eval,2020-12-07 09:37:46.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,setthapong_eval,0,3,0,0.00,0,20.09.345,smangkalopak@paloaltonetworks.com,evaluation,100,3,2020-11-16 06:50:42.000,2021-05-15 06:50:42.000,true,0,52.152.168.225,US,false,0,0, +sgnanarajah@paloaltonetworks.com,2020-12-07 05:54:52.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgnanarajah@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,sgnanarajah@paloaltonetworks.com,enterprise,100,5,2020-10-26 12:58:40.000,2021-10-26 12:58:40.000,true,0,34.68.127.79,US,true,0,0, +sgordon@paloaltonetworks.com,2020-12-06 23:01:20.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,1,2,2,0.00,0,20.12.525,sgordon@paloaltonetworks.com,enterprise,1000,5,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,djlQemJzc3ZaVW5l +sgordon@paloaltonetworks.com,2020-12-06 16:53:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.515,sgordon@paloaltonetworks.com,enterprise,1000,0,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,3.19.122.247,US,true,0,0,U1d0S21SWnp4L3Bh +sgordon@paloaltonetworks.com,2020-12-07 14:31:27.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,sgordon@paloaltonetworks.com,enterprise,1000,5,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0, +sgordon@paloaltonetworks.com,2020-12-07 13:52:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.527,sgordon@paloaltonetworks.com,enterprise,1000,1,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,35.208.224.52,US,true,0,0,QUt6bFp6WERYQm1N +sgordon@paloaltonetworks.com,2020-12-07 14:45:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.527,sgordon@paloaltonetworks.com,enterprise,1000,5,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,Y2p6VXVrRHJhWUps +sgordon@paloaltonetworks.com,2020-12-04 02:00:03.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.524,sgordon@paloaltonetworks.com,enterprise,1000,5,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,bmd1eGlUc04yT0V6 +sgordon@paloaltonetworks.com,2020-12-02 21:56:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.522,sgordon@paloaltonetworks.com,enterprise,1000,3,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,bkVWSDJmNC9mMVls +sgordon@paloaltonetworks.com,2020-12-03 02:33:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.522,sgordon@paloaltonetworks.com,enterprise,1000,5,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,aUNBcy8wS3F3YkdB +sgordon@paloaltonetworks.com,2020-11-30 15:42:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.519,sgordon@paloaltonetworks.com,enterprise,1000,3,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,MVpWR3ZDc1NtL0dE +sgordon@paloaltonetworks.com,2020-12-03 16:25:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.522,sgordon@paloaltonetworks.com,enterprise,1000,8,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,WE1vM0MvOXp6Yi9q +sgordon@paloaltonetworks.com,2020-12-03 21:06:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sgordon@paloaltonetworks.com,0,0,0,0.00,0,20.12.523,sgordon@paloaltonetworks.com,enterprise,1000,8,2020-02-06 15:00:55.000,2021-02-05 15:00:55.000,true,sgordon,34.68.127.79,US,true,0,0,UlJuNERNSGljY0o0 +shawnnunley,2020-12-06 20:21:57.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,shawnnunley,1,2,2,0.00,0,20.09.345,snunley@paloaltonetworks.com,enterprise,350,5,2020-07-28 15:45:24.000,2021-07-28 15:45:24.000,true,0,34.68.127.79,US,true,0,0, +shmuel,2020-12-07 12:42:02.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,shmuel,0,3,0,0.00,0,20.11.507,sgoldklang@paloaltonetworks.com,enterprise,1000,3,2019-12-01 15:07:07.000,2025-05-23 15:07:07.000,true,dev2,146.148.93.252,US,true,0,0, +shmuel,2020-12-06 16:03:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,shmuel,0,0,0,0.00,0,20.11.508,sgoldklang@paloaltonetworks.com,enterprise,1000,0,2019-12-01 15:07:07.000,2025-05-23 15:07:07.000,true,dev2,82.166.99.178,IL,true,0,0,MmZhWHp4UG93a05m +simplefinance,2020-12-06 20:42:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,simplefinance,0,0,0,0.00,0,20.04.163,null@simple.com,enterprise,120,8,2019-11-27 17:19:42.000,2020-12-18 17:19:42.000,true,00000458,13.56.199.2,US,false,0,20, +sitecore,2020-12-07 11:37:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sitecore,0,0,0,0.00,0,20.04.177,null@sitecore.com,enterprise,100,1,2020-01-31 09:12:17.000,2021-02-27 09:12:17.000,true,00002632,195.184.101.130,DK,false,0,0, +sivan,2020-12-02 14:07:26.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sivan,0,0,0,0.00,0,20.11.605,stzur@paloaltonetworks.com,enterprise,1000,0,2020-02-19 08:07:38.000,2022-11-15 08:07:38.000,true,dev,82.166.99.178,IL,true,0,0,U0VGTm1abFhWR0VF +skuffer@nucleussec.com,2020-12-07 02:13:52.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,skuffer@nucleussec.com,0,0,0,0.00,0,20.04.177,skuffer@nucleussec.com,evaluation,100,1,2020-11-10 00:46:17.000,2021-02-08 00:46:17.000,true,0,206.81.8.14,US,false,0,0, +slack,2020-12-06 13:34:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,slack,0,0,0,0.00,0,20.09.365,null@slack.com,enterprise,4800,581,2020-08-01 06:31:20.000,2021-07-29 06:31:20.000,true,00019659,3.81.57.219,US,false,0,0, +smcandrew_lab,2020-12-07 12:54:47.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,smcandrew_lab,1,2,2,0.00,0,20.09.345,smcandrew@paloaltonetworks.com,enterprise,100,5,2020-08-05 09:31:18.000,2021-08-05 09:31:18.000,true,0,34.68.127.79,US,true,0,0, +smcandrew_waas_lab,2020-12-07 10:58:46.000,1,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,smcandrew_waas_lab,1,2,0,0.00,0,20.09.470,smcandrew@paloaltonetworks.com,enterprise,100,3,2020-09-15 08:21:42.000,2021-09-15 08:21:42.000,true,0,34.68.127.79,US,true,0,0, +srbhaskar_se_evla,2020-12-06 16:47:54.000,1,23,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,srbhaskar_se_evla,1,3,2,0.00,0,20.09.345,srbhaskar@paloaltonetworks.com,evaluation,250,6,2019-12-30 23:20:21.000,2020-12-29 23:20:21.000,true,0,34.68.127.79,US,true,0,0, +suki,2020-12-07 09:03:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,suki,0,0,0,0.00,0,19.03.321,null@suki.ai,enterprise,0,22,2019-03-22 21:37:27.000,2020-12-21 21:37:27.000,true,00000652,34.67.152.232,US,false,0,25, +sunbit,2020-12-07 14:18:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,sunbit,0,0,0,0.00,0,20.04.163,null@sunbit.com,enterprise,80,11,2020-08-17 15:38:23.000,2021-09-04 15:38:23.000,true,261d4420-5530-53a6-c63c-aba40ea5b9a8,52.24.88.34,US,false,0,10, +suncor,2020-12-06 15:29:14.000,0,98,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,suncor,0,14,0,0.00,0,20.09.345,null@suncor.com,enterprise,100,14,2019-11-13 20:25:01.000,2022-11-12 20:25:01.000,true,TL000044,169.48.2.203,CA,false,0,0, +supplyon,2020-12-07 10:36:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,supplyon,0,0,0,0.00,0,20.04.169,null@supplyon.com,enterprise,144,10,2020-03-02 14:10:58.000,2021-03-13 14:10:58.000,true,00003215,51.145.155.100,NL,false,0,18, +eu-103286,2020-12-07 15:47:34.000,0,21,0.00,0,0,0,0,1,1,1,1,1,1,28,7,5,0,0,0,0,0,0,1,1,0,0,2046640128.00,552759296.00,0,swdemoapp,0,3,0,0.00,0,20.09.351,,enterprise,1000000,3,2019-12-09 16:58:39.000,2038-01-19 03:14:07.000,false,,,,false,0,0, +syapse,2020-12-07 01:25:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,syapse,0,0,0,0.00,0,19.11.512,null@syapse.com,enterprise,222,17,2020-05-14 20:28:29.000,2021-05-06 20:28:29.000,true,454ffdbb-908e-5aae-4f59-bccbbcb5c86a,34.214.167.14,US,false,6,27, +tburby_se_eval_1,2020-12-07 00:26:08.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tburby_se_eval_1,1,2,2,0.00,0,20.09.345,tburby@paloaltonetworks.com,evaluation,300,5,2020-05-20 21:12:14.000,2021-05-20 21:12:14.000,true,0,34.68.127.79,US,true,0,0, +tcarter,2020-12-07 13:54:51.000,1,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tcarter,1,2,0,0.00,0,20.09.345,tcarter@paloaltonetworks.com,enterprise,80,3,2020-09-30 17:36:08.000,2021-09-30 17:36:08.000,true,0,35.202.18.244,US,true,10,10, +telus,2020-12-07 15:06:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,telus,0,0,0,0.00,0,20.04.177,null@telus.com,enterprise,0,10,2019-05-30 21:28:17.000,2021-08-28 21:28:17.000,true,00000766,209.91.88.131,CA,false,0,39, +telus_health,2020-12-06 15:26:44.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,telus_health,0,0,0,0.00,0,19.03.321,null1@telus.com,enterprise,72,24,2019-07-10 16:36:38.000,2021-01-09 16:36:38.000,true,00000822,209.29.147.30,CA,false,0,12, +tenx_pte,2020-12-06 17:36:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tenx_pte,0,0,0,0.00,0,19.11.512,null@tenx.tech,enterprise,100,9,2020-01-28 10:56:43.000,2021-01-23 10:56:43.000,true,00002566,35.240.158.67,SG,false,0,0, +us-2-158284593,2020-12-07 14:40:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,test - 1612118113340072766,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +anz-3054580,2020-12-06 17:39:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,test - 7551169873933543273,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +us-2-158262772,2020-12-07 14:31:32.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,test - 818860160792922804,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +aws-singapore-961096841,2020-12-07 14:54:37.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,test - 9203650330255600008,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +thehartford,2020-12-07 12:18:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,thehartford,0,0,0,0.00,0,19.07.363,null@thehartford.com,enterprise,450,18,2019-11-25 19:54:15.000,2020-12-20 19:54:15.000,true,00000544,162.136.192.1,US,false,0,75, +thetaRay,2020-12-06 07:35:15.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,thetaRay,0,0,0,0.00,0,19.11.480,null@thetaray.com,enterprise,40,1,2020-02-26 17:35:39.000,2021-02-24 17:35:39.000,true,00003146,35.196.38.73,US,false,0,5, +thousand_eyes,2020-12-07 13:15:20.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,thousand_eyes,0,0,0,0.00,0,20.04.177,null@thousandeyes.com,enterprise,320,1,2020-06-09 21:09:41.000,2021-06-29 21:09:41.000,true,17705e4b-2ccf-db70-462a-e257d943f7cb,3.129.62.34,US,false,0,40, +tiaa,2020-12-07 13:12:07.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tiaa,0,3,0,0.00,0,20.09.345,null@tiaa.org,enterprise,6000,3,2019-10-23 18:51:09.000,2022-10-22 18:51:09.000,true,TL000031,34.231.215.208,US,false,0,1000, +tiaabank,2020-12-06 20:32:31.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tiaabank,0,0,0,0.00,0,20.04.177,null@tiaabank.com,enterprise,120,3,2019-12-20 17:20:59.000,2020-12-27 17:20:59.000,true,00000548,162.218.214.1,US,false,0,20, +tkishel@paloaltonetworks.com,2020-12-06 17:33:30.000,1,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tkishel@paloaltonetworks.com,1,2,2,0.00,0,20.09.365,tkishel@paloaltonetworks.com,evaluation,500,5,2020-06-03 18:42:01.000,2021-06-03 18:42:01.000,true,0,34.68.127.79,US,false,0,0, +tlinkin@paloaltonetworks.com,2020-12-06 17:08:21.000,3,16,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tlinkin@paloaltonetworks.com,3,2,2,0.00,0,20.09.345,tlinkin@paloaltonetworks.com,enterprise,100,7,2020-10-09 15:36:23.000,2021-10-09 15:36:23.000,true,0,34.68.127.79,US,true,0,0, +tomert,2020-12-07 11:42:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tomert,0,0,0,0.00,0,20.11.604,ttuchner@paloaltonetworks.com,enterprise,1000,1,2019-10-22 18:47:37.000,2023-02-03 18:47:37.000,true,dev2,82.166.99.178,IL,true,0,0,TFhvekFYdG8wbmg4 +towalker@paloaltonetworks.com,2020-12-06 21:42:13.000,1,15,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,towalker@paloaltonetworks.com,1,2,1,0.00,0,20.09.365,towalker@paloaltonetworks.com,evaluation,200,4,2020-10-28 17:09:22.000,2021-10-27 17:09:22.000,true,0,34.68.127.79,US,true,0,0, +tower_nz,2020-12-07 06:25:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tower_nz,0,0,0,0.00,0,20.04.169,null@tower.co.nz,enterprise,300,41,2020-01-31 15:32:08.000,2021-01-30 15:32:08.000,true,00002662,20.40.124.9,AU,false,0,0, +trane_panw,2020-12-07 03:08:09.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,trane_panw,0,0,0,0.00,0,19.11.512,trane@paloaltonetworks.com,enterprise,10000,2,2020-03-23 17:54:02.000,2021-03-23 17:54:02.000,true,0,44.231.45.174,US,true,0,0, +tristar_health_system,2020-12-02 08:20:11.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tristar_health_system,0,0,0,0.00,0,,null@invivolink.com,enterprise,120,3,2019-12-31 18:19:48.000,2020-12-22 18:19:48.000,true,00002082,52.154.245.29,US,false,0,20, +ttvardzik@paloaltonetworks.com_eval,2020-12-07 10:28:18.000,0,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ttvardzik@paloaltonetworks.com_eval,0,1,0,0.00,0,20.09.345,ttvardzik@paloaltonetworks.com,evaluation,100,1,2020-05-19 10:25:12.000,2021-05-19 10:25:12.000,true,0,144.91.122.39,DE,false,0,0, +us-2-158256878,2020-12-07 15:00:28.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,turner,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +tzero,2020-12-07 08:51:01.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzero,0,0,0,0.00,0,19.03.321,null@tzero.com,enterprise,360,36,2019-10-30 21:45:18.000,2021-04-25 21:45:18.000,true,00000704,35.233.161.56,US,false,0,60, +tzvika,2020-12-07 09:30:51.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzvika,0,2,0,0.00,0,20.11.508,tvitebsky@paloaltonetworks.com,enterprise,1000,2,2019-08-12 17:57:38.000,2023-09-20 17:57:38.000,true,test3,104.198.77.5,US,true,0,0, +tzvika,2020-12-01 13:15:35.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzvika,0,0,0,0.00,0,20.12.518,tvitebsky@paloaltonetworks.com,enterprise,1000,1,2019-08-12 17:57:38.000,2023-09-20 17:57:38.000,true,test3,104.198.77.5,US,true,0,0,bkJHU2VJWFY4clZD +tzvika,2020-12-02 07:53:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzvika,0,0,0,0.00,0,20.12.519,tvitebsky@paloaltonetworks.com,enterprise,1000,3,2019-08-12 17:57:38.000,2023-09-20 17:57:38.000,true,test3,104.198.77.5,US,true,0,0,SXc4ZWV4L2NvZE1E +tzvika,2020-11-30 15:43:21.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzvika,0,0,0,0.00,0,20.12.518,tvitebsky@paloaltonetworks.com,enterprise,1000,2,2019-08-12 17:57:38.000,2023-09-20 17:57:38.000,true,test3,104.198.77.5,US,true,0,0,WXlwQzZZNjlnOHln +tzvika,2020-12-01 15:54:49.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzvika,0,0,0,0.00,0,20.12.518,tvitebsky@paloaltonetworks.com,enterprise,1000,1,2019-08-12 17:57:38.000,2023-09-20 17:57:38.000,true,test3,104.198.77.5,US,true,0,0,YXNXUlJpaU9hN081 +tzvika,2020-11-30 12:49:51.000,0,14,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,tzvika,0,2,0,0.00,0,20.12.518,tvitebsky@paloaltonetworks.com,enterprise,1000,2,2019-08-12 17:57:38.000,2023-09-20 17:57:38.000,true,test3,104.198.77.5,US,true,0,0,cDQrSFk1YXQ2MFlT +us-1-111572402,2020-12-07 15:00:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,unifilabs,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +uninett,2020-12-06 16:08:59.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,uninett,0,0,0,0.00,0,19.11.512,null@uninett.no,enterprise,150,25,2019-09-25 15:51:58.000,2022-09-27 15:51:58.000,true,0,193.156.11.28,NO,false,0,25, +unity3d,2020-12-07 14:24:18.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,unity3d,0,0,0,0.00,0,19.03.321,null@unity3d.com,enterprise,2000,178,2020-07-21 16:21:49.000,2021-06-19 16:21:49.000,true,5eb15cab-d17f-cd26-84c7-eec363fa6d0d,35.192.193.18,US,false,0,250, +universityoflausanne,2020-12-07 13:33:53.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,universityoflausanne,0,0,0,0.00,0,19.07.358,null@unil.ch,enterprise,0,12,2019-06-03 20:04:42.000,2022-07-30 20:04:42.000,true,00000773,130.223.10.118,CH,false,0,36, +us-3-159243830,2020-12-06 15:52:50.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,upl-prismacloud-aws-recreated,0,0,0,0.00,0,,,,0,0,,,false,,,,false,0,0, +upmc,2020-12-07 13:25:19.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,upmc,0,0,0,0.00,0,20.04.177,null@upmc.edu,enterprise,600,7,2020-01-31 21:49:15.000,2021-02-28 21:49:15.000,true,00002697,128.147.28.77,US,false,0,100, +us-3-159211992,2020-12-06 20:28:58.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,us-3-159211992,0,0,0,0.00,0,20.04.177,,enterprise,1000000,0,2020-01-23 00:07:33.000,2038-01-19 03:14:07.000,true,,35.239.6.95,US,false,0,0, +usaa,2020-12-07 14:31:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,usaa,0,0,0,0.00,0,19.07.358,null@usaa.com,enterprise,3600,126,2019-11-01 00:26:40.000,2021-01-07 00:26:40.000,true,00000239,167.24.243.3,US,false,0,600, +via,2020-12-07 12:26:22.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,via,0,0,0,0.00,0,20.04.177,null@ridewithvia.com,enterprise,3150,1789,2020-12-03 19:07:40.000,2020-12-16 19:07:40.000,true,00001823,54.82.53.60,US,false,0,450, +viacom,2020-12-07 05:36:54.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,viacom,0,0,0,0.00,0,19.07.363,null@viacom.com,evaluation,2400,0,2020-11-12 18:02:26.000,2020-12-18 18:02:26.000,true,0,100.25.56.60,US,false,0,0, +vlaamse,2020-12-07 10:57:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,vlaamse,0,0,0,0.00,0,19.11.506,null@wse.vlaanderen.be,enterprise,100,7,2019-12-20 08:39:33.000,2020-12-19 08:39:33.000,true,00002042,52.214.90.239,IE,false,0,0, +vulcan_partner,2020-12-07 10:45:42.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,vulcan_partner,0,0,0,0.00,0,20.04.177,guybo@vulcan.io,evaluation,100,2,2020-06-22 20:23:42.000,2023-03-19 20:23:42.000,true,0,3.129.161.43,US,false,0,0, +walt_disney,2020-12-06 19:09:07.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,walt_disney,0,0,0,0.00,0,2.5.140,null@disney.com,enterprise,6000,0,2019-11-04 22:26:19.000,2020-12-29 22:26:19.000,true,00000504,34.71.164.230,US,false,0,1000, +welab,2020-12-07 03:20:13.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,welab,0,0,0,0.00,0,20.04.177,null@welab.co,enterprise,800,12,2020-09-16 15:16:51.000,2022-09-29 15:16:51.000,true,00001103,18.163.30.240,HK,false,0,0, +wells_fargo,2020-12-07 05:02:30.000,0,154,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,wells_fargo,0,22,0,0.00,0,20.09.345,null@wellsfargo.com,enterprise,25060,22,2020-09-22 21:11:05.000,2021-09-29 21:11:05.000,true,TL000022,159.45.71.21,US,false,0,3580, +western_governors_university,2020-12-01 00:20:34.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,western_governors_university,0,0,0,0.00,0,19.11.512,null@wgu.edu,enterprise,1200,12,2020-11-10 23:49:09.000,2020-12-01 23:49:09.000,true,00001455,54.71.143.175,US,false,0,0, +westernunion,2020-12-07 15:20:39.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,westernunion,0,0,0,0.00,0,19.03.321,null@westernunion.com,enterprise,360,1,2020-01-21 17:08:27.000,2021-01-14 17:08:27.000,true,00000563,3.217.201.105,US,false,0,60, +wolters_kluwer,2020-12-07 13:58:29.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,wolters_kluwer,0,3,0,0.00,0,20.09.345,null@wolterskluwer.com,enterprise,1392,3,2020-01-21 23:36:10.000,2021-01-26 23:36:10.000,true,00002542,51.105.201.188,NL,false,0,232, +wsib,2020-12-07 11:55:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,wsib,0,0,0,0.00,0,19.11.480,null@wsib.on.ca,enterprise,60,5,2019-12-31 18:27:00.000,2020-12-17 18:27:00.000,true,00000534,40.85.214.111,CA,false,0,10, +wyatt_gill,2020-12-07 13:33:57.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,wyatt_gill,0,0,0,0.00,0,20.04.177,wgill@paloaltonetworks.com,enterprise,600,1,2020-01-06 19:43:33.000,2021-01-05 19:43:33.000,true,0,34.67.32.254,US,false,0,100, +yaniv,2020-11-30 14:12:25.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,yaniv,0,0,0,0.00,0,20.11.602,ytzur@paloaltonetworks.com,enterprise,1000,1,2020-10-01 12:16:53.000,2023-10-01 12:16:53.000,true,dev,31.154.166.148,IL,true,0,0,SnZGM24zZkNJRVBp +yossim,2020-12-07 11:45:12.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,yossim,0,0,0,0.00,0,20.04.169,yossim@twistlock.com,enterprise,1000,1,2020-05-15 07:00:48.000,2023-05-20 07:00:48.000,true,yossim,34.68.218.28,US,true,0,0, +yuri,2020-12-07 11:40:47.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,yuri,0,0,0,0.00,0,20.04.177,yshtern@paloaltonetworks.com,enterprise,1000,1,2019-08-12 17:58:20.000,2023-09-20 17:58:20.000,true,test3,35.195.219.166,US,true,0,0, +yuri,2020-12-07 13:06:37.000,1,7,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,yuri,1,1,0,0.00,0,20.11.508,yshtern@paloaltonetworks.com,enterprise,1000,3,2019-08-12 17:58:20.000,2023-09-20 17:58:20.000,true,test3,104.198.77.5,US,true,0,0,TWlJSFlSQnAzaU1n +yuri,2020-12-02 07:59:41.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,yuri,0,0,0,0.00,0,20.12.513,yshtern@paloaltonetworks.com,enterprise,1000,2,2019-08-12 17:58:20.000,2023-09-20 17:58:20.000,true,test3,35.195.219.166,US,true,0,0,cExsd2VlOHpZblo5 +zero_financial,2020-12-07 12:54:30.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,zero_financial,0,0,0,0.00,0,20.04.177,null@zerofinancial.com,enterprise,144,3,2020-07-28 14:27:07.000,2021-07-09 14:27:07.000,true,5da38a90-c37f-6585-29ae-c56762efd679,35.233.202.206,US,false,0,18, +zeronorth,2020-12-07 15:11:27.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,zeronorth,0,0,0,0.00,0,19.07.353,aaron@zeronorth.io,evaluation,10000,1,2020-11-23 17:38:53.000,2021-03-23 17:38:53.000,true,0,34.221.255.7,US,true,0,0, +zopa,2020-12-07 10:49:02.000,0,21,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,zopa,0,3,0,0.00,0,20.09.365,null@zopa.com,enterprise,450,3,2020-01-30 12:42:25.000,2023-01-31 12:42:25.000,true,00002579,34.251.70.38,IE,false,0,75, +ztisolutions,2020-12-07 05:04:14.000,0,0,0.00,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0.00,0.00,0,ztisolutions,0,0,0,0.00,0,20.04.163,null@ztisolutions.com,enterprise,132,16,2020-01-31 00:30:18.000,2021-01-05 00:30:18.000,true,00006556,149.97.119.244,US,false,0,22, diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cve-fix-status.png b/docs/en/compute-edition/32/admin-guide/_graphics/cve-fix-status.png new file mode 100644 index 0000000000..7ee5fc0d7b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cve-fix-status.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42473-add-app-policy.png b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42473-add-app-policy.png new file mode 100644 index 0000000000..5d484abf48 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42473-add-app-policy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42473-add-app-waas-port-windows.png b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42473-add-app-waas-port-windows.png new file mode 100644 index 0000000000..791da5c64f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42473-add-app-waas-port-windows.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42645-waas-sensitive-data-new-rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42645-waas-sensitive-data-new-rule.png new file mode 100644 index 0000000000..083742eaa6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-42645-waas-sensitive-data-new-rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/cwp-44743-app-embedded-add-exception.png b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-44743-app-embedded-add-exception.png new file mode 100644 index 0000000000..0a40d6d697 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/cwp-44743-app-embedded-add-exception.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/data_exfiltration_audits.png b/docs/en/compute-edition/32/admin-guide/_graphics/data_exfiltration_audits.png new file mode 100644 index 0000000000..be5aa7dd89 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/data_exfiltration_audits.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/data_exfiltration_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/data_exfiltration_incident.png new file mode 100644 index 0000000000..de3287ef2d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/data_exfiltration_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/dcos-arch-tw.png b/docs/en/compute-edition/32/admin-guide/_graphics/dcos-arch-tw.png new file mode 100644 index 0000000000..0186e9bfe2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/dcos-arch-tw.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defender-decision-tree.png b/docs/en/compute-edition/32/admin-guide/_graphics/defender-decision-tree.png new file mode 100644 index 0000000000..f1e1a32d18 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defender-decision-tree.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defender_listening_modes_791687.png b/docs/en/compute-edition/32/admin-guide/_graphics/defender_listening_modes_791687.png new file mode 100644 index 0000000000..ba84e3ed69 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defender_listening_modes_791687.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defender_runc.png b/docs/en/compute-edition/32/admin-guide/_graphics/defender_runc.png new file mode 100644 index 0000000000..d44641311f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defender_runc.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defender_syslog_event_with_custom_string.png b/docs/en/compute-edition/32/admin-guide/_graphics/defender_syslog_event_with_custom_string.png new file mode 100644 index 0000000000..bf6538f505 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defender_syslog_event_with_custom_string.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defender_types_decision_tree.png b/docs/en/compute-edition/32/admin-guide/_graphics/defender_types_decision_tree.png new file mode 100644 index 0000000000..4c8b9b3482 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defender_types_decision_tree.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defenders_certs_top_banner.png b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_certs_top_banner.png new file mode 100644 index 0000000000..a71bda2109 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_certs_top_banner.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defenders_connected_diff_versions.png b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_connected_diff_versions.png new file mode 100644 index 0000000000..84a7e64add Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_connected_diff_versions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defenders_diconnected.png b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_diconnected.png new file mode 100644 index 0000000000..1644932381 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_diconnected.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defenders_using_old_certs.png b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_using_old_certs.png new file mode 100644 index 0000000000..2a9524c39e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_using_old_certs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/defenders_using_old_certs_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_using_old_certs_filter.png new file mode 100644 index 0000000000..c780cddc09 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/defenders_using_old_certs_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/demisto_add_integration.png b/docs/en/compute-edition/32/admin-guide/_graphics/demisto_add_integration.png new file mode 100644 index 0000000000..714470f9e9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/demisto_add_integration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/demisto_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/demisto_config.png new file mode 100644 index 0000000000..b969d3e644 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/demisto_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/deploy-app-embedded-defender-aci.gif b/docs/en/compute-edition/32/admin-guide/_graphics/deploy-app-embedded-defender-aci.gif new file mode 100644 index 0000000000..fb6afcf3f0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/deploy-app-embedded-defender-aci.gif differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/detailed_scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/detailed_scan.png new file mode 100644 index 0000000000..4a2d57d195 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/detailed_scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/disable_automatic_learning_copy_into_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/disable_automatic_learning_copy_into_rule.png new file mode 100644 index 0000000000..70cccc506c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/disable_automatic_learning_copy_into_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/disable_automatic_learning_export.png b/docs/en/compute-edition/32/admin-guide/_graphics/disable_automatic_learning_export.png new file mode 100644 index 0000000000..e740aeb820 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/disable_automatic_learning_export.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/docker_cri.png b/docs/en/compute-edition/32/admin-guide/_graphics/docker_cri.png new file mode 100644 index 0000000000..8c1f3b0316 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/docker_cri.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/docker_enterprise_disa_stig_container_template.png b/docs/en/compute-edition/32/admin-guide/_graphics/docker_enterprise_disa_stig_container_template.png new file mode 100644 index 0000000000..b537553f59 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/docker_enterprise_disa_stig_container_template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/docker_enterprise_disa_stig_host_template.png b/docs/en/compute-edition/32/admin-guide/_graphics/docker_enterprise_disa_stig_host_template.png new file mode 100644 index 0000000000..d46f4db8af Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/docker_enterprise_disa_stig_host_template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/edit-vpc-configuration.png b/docs/en/compute-edition/32/admin-guide/_graphics/edit-vpc-configuration.png new file mode 100644 index 0000000000..6a920bd8a1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/edit-vpc-configuration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/email-alert-failed-handshake.png b/docs/en/compute-edition/32/admin-guide/_graphics/email-alert-failed-handshake.png new file mode 100644 index 0000000000..0724ad1689 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/email-alert-failed-handshake.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/email-config-1.png b/docs/en/compute-edition/32/admin-guide/_graphics/email-config-1.png new file mode 100644 index 0000000000..6142345b6c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/email-config-1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/email-config-2.png b/docs/en/compute-edition/32/admin-guide/_graphics/email-config-2.png new file mode 100644 index 0000000000..41fa426f74 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/email-config-2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/err1-failed-to-setup-vpc.png b/docs/en/compute-edition/32/admin-guide/_graphics/err1-failed-to-setup-vpc.png new file mode 100644 index 0000000000..49336c38d5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/err1-failed-to-setup-vpc.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/err2-not-authorized.png b/docs/en/compute-edition/32/admin-guide/_graphics/err2-not-authorized.png new file mode 100644 index 0000000000..e390ce5018 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/err2-not-authorized.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/err3-session-already-in-use.png b/docs/en/compute-edition/32/admin-guide/_graphics/err3-session-already-in-use.png new file mode 100644 index 0000000000..114b2575ea Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/err3-session-already-in-use.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/err4-failedcondition-received.png b/docs/en/compute-edition/32/admin-guide/_graphics/err4-failedcondition-received.png new file mode 100644 index 0000000000..172c491bcc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/err4-failedcondition-received.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/err5-failed-to-find-vms.png b/docs/en/compute-edition/32/admin-guide/_graphics/err5-failed-to-find-vms.png new file mode 100644 index 0000000000..c0bc6ce757 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/err5-failed-to-find-vms.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/exclude-base-image-vulnerabilities.png b/docs/en/compute-edition/32/admin-guide/_graphics/exclude-base-image-vulnerabilities.png new file mode 100644 index 0000000000..4eefbfb38e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/exclude-base-image-vulnerabilities.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/execution_flow_hijack_attempt_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/execution_flow_hijack_attempt_incident.png new file mode 100644 index 0000000000..6d83c8df76 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/execution_flow_hijack_attempt_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/export-api-specifications.png b/docs/en/compute-edition/32/admin-guide/_graphics/export-api-specifications.png new file mode 100644 index 0000000000..1427971be1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/export-api-specifications.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ext-link-icon-small.png b/docs/en/compute-edition/32/admin-guide/_graphics/ext-link-icon-small.png new file mode 100644 index 0000000000..e92b69e6a8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ext-link-icon-small.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_ds.png b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_ds.png new file mode 100644 index 0000000000..79f62633da Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_ds.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_router.png b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_router.png new file mode 100644 index 0000000000..d0b3b40aa4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_router.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_san.png b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_san.png new file mode 100644 index 0000000000..593e9df0da Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_san.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_windows.png b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_windows.png new file mode 100644 index 0000000000..6bd8641e1c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_windows.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_windowsnode.png b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_windowsnode.png new file mode 100644 index 0000000000..51cfdb83fc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/external_defender_openshift_windowsnode.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/failed-to-create-docker-client.png b/docs/en/compute-edition/32/admin-guide/_graphics/failed-to-create-docker-client.png new file mode 100644 index 0000000000..82bd4ca3c0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/failed-to-create-docker-client.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_cnaf_audit.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_cnaf_audit.png new file mode 100644 index 0000000000..b811daf62b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_cnaf_audit.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_cnaf_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_cnaf_rule.png new file mode 100644 index 0000000000..5fc3fd0640 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_cnaf_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_collection_image.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_collection_image.png new file mode 100644 index 0000000000..b3077a23f5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_collection_image.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_image_comp_scan_result.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_image_comp_scan_result.png new file mode 100644 index 0000000000..b61ed7fb9b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_image_comp_scan_result.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_image_scan_result.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_image_scan_result.png new file mode 100644 index 0000000000..41d6f74442 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_image_scan_result.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_archive.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_archive.png new file mode 100644 index 0000000000..18a4afd13e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_archive.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_repo.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_repo.png new file mode 100644 index 0000000000..89200e3c3e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_repo.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_stage.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_stage.png new file mode 100644 index 0000000000..58dbbd74ed Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_jenkins_stage.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_running_task.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_running_task.png new file mode 100644 index 0000000000..712abd0e97 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_running_task.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_runtime_audits.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_runtime_audits.png new file mode 100644 index 0000000000..87528362fb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_runtime_audits.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_select_filter_comp.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_select_filter_comp.png new file mode 100644 index 0000000000..7fb97046c7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_select_filter_comp.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_select_filter_vul.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_select_filter_vul.png new file mode 100644 index 0000000000..a62cf950b6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_select_filter_vul.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/fargate_task_ipaddr.png b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_task_ipaddr.png new file mode 100644 index 0000000000..ca8f47c762 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/fargate_task_ipaddr.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/forensics_container_timeline.png b/docs/en/compute-edition/32/admin-guide/_graphics/forensics_container_timeline.png new file mode 100644 index 0000000000..50819cb43c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/forensics_container_timeline.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_jira_triggers.png b/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_jira_triggers.png new file mode 100644 index 0000000000..4c8125439a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_jira_triggers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_servicenow_vr_triggers.png b/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_servicenow_vr_triggers.png new file mode 100644 index 0000000000..7fcff5b37b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_servicenow_vr_triggers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_triggers.png b/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_triggers.png new file mode 100644 index 0000000000..f044b74e79 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/frag_config_triggers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/function_scan_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/function_scan_scope.png new file mode 100644 index 0000000000..fd32db4800 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/function_scan_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/function_vuls_layers_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/function_vuls_layers_filter.png new file mode 100644 index 0000000000..ccb4cd0b5b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/function_vuls_layers_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp1.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp1.png new file mode 100644 index 0000000000..fe2b9a384c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp10.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp10.png new file mode 100644 index 0000000000..ecd31d1fff Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp10.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp11.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp11.png new file mode 100644 index 0000000000..e2dd8481b1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp11.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp2.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp2.png new file mode 100644 index 0000000000..a30e51bc2f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp3.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp3.png new file mode 100644 index 0000000000..4f1d57f2a1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp4.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp4.png new file mode 100644 index 0000000000..3b4ec9f835 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp4.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp5.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp5.png new file mode 100644 index 0000000000..18202410b4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp5.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp6.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp6.png new file mode 100644 index 0000000000..dceffb32f4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp6.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp7.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp7.png new file mode 100644 index 0000000000..98d21b1ff0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp7.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp8.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp8.png new file mode 100644 index 0000000000..114f21880a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp8.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcp9.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcp9.png new file mode 100644 index 0000000000..382999c51d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcp9.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcr_add_registry.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcr_add_registry.png new file mode 100644 index 0000000000..7089e34a72 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcr_add_registry.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gcr_create_new_credential.png b/docs/en/compute-edition/32/admin-guide/_graphics/gcr_create_new_credential.png new file mode 100644 index 0000000000..8a3ac2d17e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gcr_create_new_credential.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/getting-started-resource-classes.png b/docs/en/compute-edition/32/admin-guide/_graphics/getting-started-resource-classes.png new file mode 100644 index 0000000000..430273f1c5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/getting-started-resource-classes.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/gitlab-container-registry.png b/docs/en/compute-edition/32/admin-guide/_graphics/gitlab-container-registry.png new file mode 100644 index 0000000000..575b50e353 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/gitlab-container-registry.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/google_cloud_pub_sub_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/google_cloud_pub_sub_config.png new file mode 100644 index 0000000000..85ba12cbe5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/google_cloud_pub_sub_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/google_cloud_scc_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/google_cloud_scc_config.png new file mode 100644 index 0000000000..0294cfeea2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/google_cloud_scc_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/grace-period-disabled-with-risk-factors.png b/docs/en/compute-edition/32/admin-guide/_graphics/grace-period-disabled-with-risk-factors.png new file mode 100644 index 0000000000..16d4046c3a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/grace-period-disabled-with-risk-factors.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ha_dr_flow_chart.png b/docs/en/compute-edition/32/admin-guide/_graphics/ha_dr_flow_chart.png new file mode 100644 index 0000000000..84381c00d6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ha_dr_flow_chart.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host-vulnerabilites-scan-result.png b/docs/en/compute-edition/32/admin-guide/_graphics/host-vulnerabilites-scan-result.png new file mode 100644 index 0000000000..e31b1a52bf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host-vulnerabilites-scan-result.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host_defender_architecture.png b/docs/en/compute-edition/32/admin-guide/_graphics/host_defender_architecture.png new file mode 100644 index 0000000000..da06660829 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host_defender_architecture.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_apps.png b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_apps.png new file mode 100644 index 0000000000..efdc7f667d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_apps.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_rule.png new file mode 100644 index 0000000000..b8ee4831b6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_ssh_history.png b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_ssh_history.png new file mode 100644 index 0000000000..8cc89a4783 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_ssh_history.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_update_compliance_check.png b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_update_compliance_check.png new file mode 100644 index 0000000000..7295284ea4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host_runtime_update_compliance_check.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/host_scanning_report.png b/docs/en/compute-edition/32/admin-guide/_graphics/host_scanning_report.png new file mode 100644 index 0000000000..9b28f8d1e4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/host_scanning_report.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/https-proxy.png b/docs/en/compute-edition/32/admin-guide/_graphics/https-proxy.png new file mode 100644 index 0000000000..73ed2d0572 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/https-proxy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ibm_cloud_security_advisor_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/ibm_cloud_security_advisor_config.png new file mode 100644 index 0000000000..36b443e6df Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ibm_cloud_security_advisor_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image-scan-reports.png b/docs/en/compute-edition/32/admin-guide/_graphics/image-scan-reports.png new file mode 100644 index 0000000000..c5e838609b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image-scan-reports.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_dialog.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_dialog.png new file mode 100644 index 0000000000..cdd401a840 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_dialog.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_main_page.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_main_page.png new file mode 100644 index 0000000000..bf1d3e721a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_main_page.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_networking.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_networking.png new file mode 100644 index 0000000000..dd6a2e991d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_networking.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_results_a.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_results_a.png new file mode 100644 index 0000000000..7d72b0dd8e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_results_a.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_results_b.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_results_b.png new file mode 100644 index 0000000000..0d928b0997 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_sandbox_results_b.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_761336.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_761336.png new file mode 100644 index 0000000000..f9399308af Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_761336.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_docker_history_normal.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_docker_history_normal.png new file mode 100644 index 0000000000..3c5c9a66a7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_docker_history_normal.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_docker_history_rhel.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_docker_history_rhel.png new file mode 100644 index 0000000000..9cc764ccc1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_docker_history_rhel.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_layers_tool.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_layers_tool.png new file mode 100644 index 0000000000..1a2cf7e3ea Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_layers_tool.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_rhel_image.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_rhel_image.png new file mode 100644 index 0000000000..1ad513e98e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_rhel_image.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_summary_with_multiple_tags.png b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_summary_with_multiple_tags.png new file mode 100644 index 0000000000..2a09a0743a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/image_scan_reports_summary_with_multiple_tags.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/immediate-alert-registry-images.png b/docs/en/compute-edition/32/admin-guide/_graphics/immediate-alert-registry-images.png new file mode 100644 index 0000000000..4a191fc1e2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/immediate-alert-registry-images.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer.png new file mode 100644 index 0000000000..889a7666dd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_app-embedded_forensics.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_app-embedded_forensics.png new file mode 100644 index 0000000000..854697e4fc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_app-embedded_forensics.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_container_forensics.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_container_forensics.png new file mode 100644 index 0000000000..7e87b5c579 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_container_forensics.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_data.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_data.png new file mode 100644 index 0000000000..b0450c2493 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_data.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_forensics.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_forensics.png new file mode 100644 index 0000000000..fd2c1d8430 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_forensics.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_host_forensics.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_host_forensics.png new file mode 100644 index 0000000000..f36162c087 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_explorer_host_forensics.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/incident_malware.png b/docs/en/compute-edition/32/admin-guide/_graphics/incident_malware.png new file mode 100644 index 0000000000..69e50c98bf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/incident_malware.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install-defender-deploy-page.png b/docs/en/compute-edition/32/admin-guide/_graphics/install-defender-deploy-page.png new file mode 100644 index 0000000000..6796b54e85 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install-defender-deploy-page.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install-openshift-tl-defenders.png b/docs/en/compute-edition/32/admin-guide/_graphics/install-openshift-tl-defenders.png new file mode 100644 index 0000000000..011164ad40 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install-openshift-tl-defenders.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id1.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id1.png new file mode 100644 index 0000000000..2743d5f9e4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id2.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id2.png new file mode 100644 index 0000000000..e228299d78 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id3.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id3.png new file mode 100644 index 0000000000..3dbdfae7f1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_app_id3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_fargate_runtime_rule_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_fargate_runtime_rule_scope.png new file mode 100644 index 0000000000..4070cdc9d8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_fargate_runtime_rule_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_fargate_waas_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_fargate_waas_scope.png new file mode 100644 index 0000000000..1efa196a05 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_fargate_waas_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_scope_app_id.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_scope_app_id.png new file mode 100644 index 0000000000..4d4f3bad99 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_app_embedded_defender_scope_app_id.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_manage.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_manage.png new file mode 100644 index 0000000000..23e4471af4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_manage.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern1.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern1.png new file mode 100644 index 0000000000..5c03b0f841 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern2.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern2.png new file mode 100644 index 0000000000..c121e3109a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern3.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern3.png new file mode 100644 index 0000000000..22eef67a72 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_defender_pattern3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_defenders.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_defenders.png new file mode 100644 index 0000000000..7429d61361 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_defenders.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_defenders.png.1 b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_defenders.png.1 new file mode 100644 index 0000000000..7429d61361 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_defenders.png.1 differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_ose_defenders.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_ose_defenders.png new file mode 100644 index 0000000000..d5381f9c69 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_ose_defenders.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_san.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_san.png new file mode 100644 index 0000000000..82b0770fce Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_openshift_san.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_serverless_defender_upload_zip.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_serverless_defender_upload_zip.png new file mode 100644 index 0000000000..bad8457037 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_serverless_defender_upload_zip.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_swarm_network.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_swarm_network.png new file mode 100644 index 0000000000..89ab00ec12 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_swarm_network.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/install_tas_defender_prevent.png b/docs/en/compute-edition/32/admin-guide/_graphics/install_tas_defender_prevent.png new file mode 100644 index 0000000000..24b392fd1f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/install_tas_defender_prevent.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791235.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791235.png new file mode 100644 index 0000000000..2a363b297d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791235.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791236.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791236.png new file mode 100644 index 0000000000..03caac8e54 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791236.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791240.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791240.png new file mode 100644 index 0000000000..6498cd743e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791240.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791241.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791241.png new file mode 100644 index 0000000000..37d8c60e5d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791241.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791242.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791242.png new file mode 100644 index 0000000000..7d65c05f35 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791242.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791271.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791271.png new file mode 100644 index 0000000000..83b93b1a86 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_g_suite_791271.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610130.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610130.png new file mode 100644 index 0000000000..2a57f672de Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610130.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610131.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610131.png new file mode 100644 index 0000000000..e0df6baf54 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610131.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610135.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610135.png new file mode 100644 index 0000000000..02bcee4402 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610135.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610136.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610136.png new file mode 100644 index 0000000000..f4a76553ec Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610136.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610140.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610140.png new file mode 100644 index 0000000000..7d01123277 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610140.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610146.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610146.png new file mode 100644 index 0000000000..44288bd93d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610146.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610150.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610150.png new file mode 100644 index 0000000000..c94254708c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610150.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610156.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610156.png new file mode 100644 index 0000000000..0ba4c53bc7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610156.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610160.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610160.png new file mode 100644 index 0000000000..04b2651613 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610160.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610163.png b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610163.png new file mode 100644 index 0000000000..b2f6c5762d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/integrate_saml_610163.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins-scan-result-files.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins-scan-result-files.png new file mode 100644 index 0000000000..d7d19b89e2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins-scan-result-files.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_create_pipeline_project.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_create_pipeline_project.png new file mode 100644 index 0000000000..8cb1942ae8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_create_pipeline_project.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_dashboard_scan_results.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_dashboard_scan_results.png new file mode 100644 index 0000000000..007bb4f166 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_dashboard_scan_results.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_maven_project_770273.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_maven_project_770273.png new file mode 100644 index 0000000000..95cd70fab7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_maven_project_770273.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_maven_project_770276.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_maven_project_770276.png new file mode 100644 index 0000000000..acb61a6506 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_maven_project_770276.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_k8s_pod_template.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_k8s_pod_template.png new file mode 100644 index 0000000000..ac10d365d1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_k8s_pod_template.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_k8s_start_slave_pod.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_k8s_start_slave_pod.png new file mode 100644 index 0000000000..d38407e8af Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_k8s_start_slave_pod.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_pipeline_syntax.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_pipeline_syntax.png new file mode 100644 index 0000000000..d84c3987a5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_pipeline_syntax.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_snippet_generator_function_scanner.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_snippet_generator_function_scanner.png new file mode 100644 index 0000000000..044bb64283 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_snippet_generator_function_scanner.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_stage_logs.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_stage_logs.png new file mode 100644 index 0000000000..ba36ba62c1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_stage_logs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_stage_view.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_stage_view.png new file mode 100644 index 0000000000..d562cfecef Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_project_stage_view.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_step_logs.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_step_logs.png new file mode 100644 index 0000000000..d3f9505fbd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_step_logs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_syntax.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_syntax.png new file mode 100644 index 0000000000..4472689832 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_pipeline_syntax.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_plug_in_fips.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_plug_in_fips.png new file mode 100644 index 0000000000..ba0473197c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_plug_in_fips.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_plugin_scan_functions_build_step.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_plugin_scan_functions_build_step.png new file mode 100644 index 0000000000..84aec64b4d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_plugin_scan_functions_build_step.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_project_scan_results.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_project_scan_results.png new file mode 100644 index 0000000000..9c53656f06 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_project_scan_results.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_proxy_23722.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_proxy_23722.png new file mode 100644 index 0000000000..25d8c4892f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_proxy_23722.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_scan_prisma_cloud_functions.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_scan_prisma_cloud_functions.png new file mode 100644 index 0000000000..3e1ff23489 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_scan_prisma_cloud_functions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_scan_prisma_cloud_images.png b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_scan_prisma_cloud_images.png new file mode 100644 index 0000000000..fb968e14df Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jenkins_scan_prisma_cloud_images.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jfrogArtifactory-ca.png b/docs/en/compute-edition/32/admin-guide/_graphics/jfrogArtifactory-ca.png new file mode 100644 index 0000000000..18fde9e78f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jfrogArtifactory-ca.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jfrog_registry_scanning_repo_types.png b/docs/en/compute-edition/32/admin-guide/_graphics/jfrog_registry_scanning_repo_types.png new file mode 100644 index 0000000000..ee01eed954 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jfrog_registry_scanning_repo_types.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/jira_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/jira_config.png new file mode 100644 index 0000000000..f1a84dfe83 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/jira_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_aks_diagram_audit.png b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_aks_diagram_audit.png new file mode 100644 index 0000000000..5ed660ba1b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_aks_diagram_audit.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_attack_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_attack_incident.png new file mode 100644 index 0000000000..5c14112fbc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_attack_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_auditing.png b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_auditing.png new file mode 100644 index 0000000000..102b825293 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_auditing.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_eks_diagram_audit.png b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_eks_diagram_audit.png new file mode 100644 index 0000000000..491f564ac5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/kubernetes_eks_diagram_audit.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/lambda_env_variables.png b/docs/en/compute-edition/32/admin-guide/_graphics/lambda_env_variables.png new file mode 100644 index 0000000000..e7f62758ff Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/lambda_env_variables.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/lambda_handler.png b/docs/en/compute-edition/32/admin-guide/_graphics/lambda_handler.png new file mode 100644 index 0000000000..c4f94b05f7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/lambda_handler.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/lateral_movement_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/lateral_movement_incident.png new file mode 100644 index 0000000000..aaafaaa94b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/lateral_movement_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ldap_group.png b/docs/en/compute-edition/32/admin-guide/_graphics/ldap_group.png new file mode 100644 index 0000000000..63d3bd5718 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ldap_group.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/login.png b/docs/en/compute-edition/32/admin-guide/_graphics/login.png new file mode 100644 index 0000000000..932c6dfd10 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/login.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/login_flow.png b/docs/en/compute-edition/32/admin-guide/_graphics/login_flow.png new file mode 100644 index 0000000000..ca8d8709ae Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/login_flow.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/logout.png b/docs/en/compute-edition/32/admin-guide/_graphics/logout.png new file mode 100644 index 0000000000..09795e2c02 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/logout.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/malware_detected.png b/docs/en/compute-edition/32/admin-guide/_graphics/malware_detected.png new file mode 100644 index 0000000000..61dc9a82f9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/malware_detected.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/manage-cloud-accounts.png b/docs/en/compute-edition/32/admin-guide/_graphics/manage-cloud-accounts.png new file mode 100644 index 0000000000..7aff09ed15 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/manage-cloud-accounts.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/manage_compliance_dropdown.png b/docs/en/compute-edition/32/admin-guide/_graphics/manage_compliance_dropdown.png new file mode 100644 index 0000000000..1751122119 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/manage_compliance_dropdown.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/manage_compliance_pass_fail.png b/docs/en/compute-edition/32/admin-guide/_graphics/manage_compliance_pass_fail.png new file mode 100644 index 0000000000..bc60935e08 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/manage_compliance_pass_fail.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/managed-identity-system-assigned.png b/docs/en/compute-edition/32/admin-guide/_graphics/managed-identity-system-assigned.png new file mode 100644 index 0000000000..496b7e0697 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/managed-identity-system-assigned.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/managed-identity-user-assigned.png b/docs/en/compute-edition/32/admin-guide/_graphics/managed-identity-user-assigned.png new file mode 100644 index 0000000000..8c49217228 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/managed-identity-user-assigned.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/marketplace_images_765448.png b/docs/en/compute-edition/32/admin-guide/_graphics/marketplace_images_765448.png new file mode 100644 index 0000000000..6162c467e1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/marketplace_images_765448.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/marketplace_images_765452.png b/docs/en/compute-edition/32/admin-guide/_graphics/marketplace_images_765452.png new file mode 100644 index 0000000000..15d9e4c876 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/marketplace_images_765452.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/multi_az_ha_efs.png b/docs/en/compute-edition/32/admin-guide/_graphics/multi_az_ha_efs.png new file mode 100644 index 0000000000..5a2dd3a901 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/multi_az_ha_efs.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/multi_az_ha_regions.png b/docs/en/compute-edition/32/admin-guide/_graphics/multi_az_ha_regions.png new file mode 100644 index 0000000000..51626d48dd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/multi_az_ha_regions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/networking-infrastructure.png b/docs/en/compute-edition/32/admin-guide/_graphics/networking-infrastructure.png new file mode 100644 index 0000000000..553c7a86f2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/networking-infrastructure.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/new-registry-add-and-scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/new-registry-add-and-scan.png new file mode 100644 index 0000000000..33b91adc22 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/new-registry-add-and-scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/nexus-repo-connector.png b/docs/en/compute-edition/32/admin-guide/_graphics/nexus-repo-connector.png new file mode 100644 index 0000000000..bfc218c36d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/nexus-repo-connector.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_github_authorization.png b/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_github_authorization.png new file mode 100644 index 0000000000..5e1fb19d33 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_github_authorization.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_github_oauth_app.png b/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_github_oauth_app.png new file mode 100644 index 0000000000..d3fb590ecd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_github_oauth_app.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_login.png b/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_login.png new file mode 100644 index 0000000000..0fc55a6b1a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oauth2_login.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oauth_openshift_flow.png b/docs/en/compute-edition/32/admin-guide/_graphics/oauth_openshift_flow.png new file mode 100644 index 0000000000..36945a8651 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oauth_openshift_flow.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oidc_api_permission.png b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_api_permission.png new file mode 100644 index 0000000000..919f3021b0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_api_permission.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oidc_client_id.png b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_client_id.png new file mode 100644 index 0000000000..7c235d77ff Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_client_id.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oidc_identity_provider_configuration.png b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_identity_provider_configuration.png new file mode 100644 index 0000000000..fbeae26d3b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_identity_provider_configuration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oidc_login.png b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_login.png new file mode 100644 index 0000000000..22daddd69e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_login.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/oidc_optional_claim.png b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_optional_claim.png new file mode 100644 index 0000000000..eb3b32d819 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/oidc_optional_claim.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_build.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_build.png new file mode 100644 index 0000000000..d18e8d91d7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_build.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_twistcli_scans.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_twistcli_scans.png new file mode 100644 index 0000000000..ba6ca58b02 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_twistcli_scans.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_twistcli_scans1.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_twistcli_scans1.png new file mode 100644 index 0000000000..dc3369c7a7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_ose_twistcli_scans1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_postCommit.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_postCommit.png new file mode 100644 index 0000000000..a4d0676c5d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_postCommit.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan1.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan1.png new file mode 100644 index 0000000000..c060a1a32a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan2.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan2.png new file mode 100644 index 0000000000..2c2806a057 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan3.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan3.png new file mode 100644 index 0000000000..556ed6fab2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_scan3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_secrets.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_secrets.png new file mode 100644 index 0000000000..cdc4ea590f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_build_twistcli_secrets.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_error.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_error.png new file mode 100644 index 0000000000..b2ce684d53 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_error.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_provisioned.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_provisioned.png new file mode 100644 index 0000000000..84d9f66e84 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_provisioned.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_san.png b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_san.png new file mode 100644 index 0000000000..2251e6aa35 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/openshift_provision_tenant_projects_san.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/package-type-specific-severity.png b/docs/en/compute-edition/32/admin-guide/_graphics/package-type-specific-severity.png new file mode 100644 index 0000000000..7e5d3fe703 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/package-type-specific-severity.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_add_service.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_add_service.png new file mode 100644 index 0000000000..02b2be14aa Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_add_service.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_add_service_form.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_add_service_form.png new file mode 100644 index 0000000000..ba030c928a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_add_service_form.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_config.png new file mode 100644 index 0000000000..491b398cff Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_create_new_service.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_create_new_service.png new file mode 100644 index 0000000000..86c25adebf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_create_new_service.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_integration_key.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_integration_key.png new file mode 100644 index 0000000000..311ee29d4f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_integration_key.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_review_test_alert.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_review_test_alert.png new file mode 100644 index 0000000000..eefbf1a4e0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_review_test_alert.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_send_test_alert.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_send_test_alert.png new file mode 100644 index 0000000000..2813af5ca3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_send_test_alert.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_tw_console.png b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_tw_console.png new file mode 100644 index 0000000000..0587d6b512 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pagerduty_tw_console.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/pcee_vs_pcce_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/pcee_vs_pcce_overview.png new file mode 100644 index 0000000000..854bd89340 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/pcee_vs_pcce_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step10.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step10.png new file mode 100644 index 0000000000..f7fbb074af Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step10.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step11.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step11.png new file mode 100644 index 0000000000..433a30543a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step11.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step12.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step12.png new file mode 100644 index 0000000000..61f7de52da Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step12.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step13.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step13.png new file mode 100644 index 0000000000..b250d92e09 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step13.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step2.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step2.png new file mode 100644 index 0000000000..ba5f5bbf66 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step3.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step3.png new file mode 100644 index 0000000000..ec07eaca76 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step5.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step5.png new file mode 100644 index 0000000000..0dc3c736dc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step5.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step6.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step6.png new file mode 100644 index 0000000000..a265691ab4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step6.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step7.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step7.png new file mode 100644 index 0000000000..e208bf028b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step7.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step8.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step8.png new file mode 100644 index 0000000000..7c850c405f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step8.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step9.png b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step9.png new file mode 100644 index 0000000000..ebd214db1d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/ping_saml_step9.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/port_scanning_forensics.png b/docs/en/compute-edition/32/admin-guide/_graphics/port_scanning_forensics.png new file mode 100644 index 0000000000..8f4759afa0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/port_scanning_forensics.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/port_scanning_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/port_scanning_incident.png new file mode 100644 index 0000000000..bac6c641d9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/port_scanning_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma-cloud-console-pcee.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma-cloud-console-pcee.png new file mode 100644 index 0000000000..9c4f101576 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma-cloud-console-pcee.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma-cloud-nexus-registry-error.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma-cloud-nexus-registry-error.png new file mode 100644 index 0000000000..87c2268210 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma-cloud-nexus-registry-error.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_arch1.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_arch1.png new file mode 100644 index 0000000000..1d61f9d3e8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_arch1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_arch2.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_arch2.png new file mode 100644 index 0000000000..cf9648c3db Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_arch2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_mgmt_interfaces.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_mgmt_interfaces.png new file mode 100644 index 0000000000..c9128b227b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_mgmt_interfaces.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_plugin_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_plugin_config.png new file mode 100644 index 0000000000..e253da5a40 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_plugin_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_role_mapping.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_role_mapping.png new file mode 100644 index 0000000000..0adaadc5f7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_cloud_role_mapping.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_id_assignment_flow.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_id_assignment_flow.png new file mode 100644 index 0000000000..00032dfeef Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_id_assignment_flow.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prisma_id_cve_assignment_flow.png b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_id_cve_assignment_flow.png new file mode 100644 index 0000000000..f9a9c04eff Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prisma_id_cve_assignment_flow.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_arch.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_arch.png new file mode 100644 index 0000000000..37c015843b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_arch.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate1.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate1.png new file mode 100644 index 0000000000..a373921bf3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate2.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate2.png new file mode 100644 index 0000000000..5679648012 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate3.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate3.png new file mode 100644 index 0000000000..8f80dfb106 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_migrate3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow1.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow1.png new file mode 100644 index 0000000000..d8701521f7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow2.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow2.png new file mode 100644 index 0000000000..0d661229b4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow3.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow3.png new file mode 100644 index 0000000000..7766f0f9dd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow4.png b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow4.png new file mode 100644 index 0000000000..08ba96d491 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/projects_setup_flow4.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prometheus_simple_graph.png b/docs/en/compute-edition/32/admin-guide/_graphics/prometheus_simple_graph.png new file mode 100644 index 0000000000..7ff1f50b3c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prometheus_simple_graph.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/prometheus_target_up.png b/docs/en/compute-edition/32/admin-guide/_graphics/prometheus_target_up.png new file mode 100644 index 0000000000..80e1dbf93c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/prometheus_target_up.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_cloud_pivot.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_cloud_pivot.png new file mode 100644 index 0000000000..88b076224e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_cloud_pivot.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_clusters_pivot.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_clusters_pivot.png new file mode 100644 index 0000000000..c1ee4c6317 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_clusters_pivot.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_connections.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_connections.png new file mode 100644 index 0000000000..7b206fb29f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_connections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_general.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_general.png new file mode 100644 index 0000000000..18f7ae7c8d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_general.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_host_pivot.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_host_pivot.png new file mode 100644 index 0000000000..072127b309 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_host_pivot.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_k8s_service_account.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_k8s_service_account.png new file mode 100644 index 0000000000..deff7ee8c0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_k8s_service_account.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_k8s_service_account_details.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_k8s_service_account_details.png new file mode 100644 index 0000000000..6b5c4a7465 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_k8s_service_account_details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_map_istio.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_map_istio.png new file mode 100644 index 0000000000..567e504562 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_map_istio.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_overlay.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_overlay.png new file mode 100644 index 0000000000..57e2ca8c4a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_overlay.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_zoomed_in.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_zoomed_in.png new file mode 100644 index 0000000000..b0c8f5e420 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_zoomed_in.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/radar_zoomed_out.png b/docs/en/compute-edition/32/admin-guide/_graphics/radar_zoomed_out.png new file mode 100644 index 0000000000..b771f9f5f6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/radar_zoomed_out.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/releases_csp.png b/docs/en/compute-edition/32/admin-guide/_graphics/releases_csp.png new file mode 100644 index 0000000000..79caa99d3a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/releases_csp.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/releases_direct_link.png b/docs/en/compute-edition/32/admin-guide/_graphics/releases_direct_link.png new file mode 100644 index 0000000000..4760de2386 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/releases_direct_link.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/releases_pdf.png b/docs/en/compute-edition/32/admin-guide/_graphics/releases_pdf.png new file mode 100644 index 0000000000..7f4f37d628 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/releases_pdf.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/reverse_shell.png b/docs/en/compute-edition/32/admin-guide/_graphics/reverse_shell.png new file mode 100644 index 0000000000..62a10c5ac8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/reverse_shell.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/risk-factors.png b/docs/en/compute-edition/32/admin-guide/_graphics/risk-factors.png new file mode 100644 index 0000000000..cde343a817 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/risk-factors.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rotate_console_cert.png b/docs/en/compute-edition/32/admin-guide/_graphics/rotate_console_cert.png new file mode 100644 index 0000000000..a8427bc9a5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rotate_console_cert.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763992.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763992.png new file mode 100644 index 0000000000..0f8491792f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763992.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763994.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763994.png new file mode 100644 index 0000000000..4889255426 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763994.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763995.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763995.png new file mode 100644 index 0000000000..daa5310175 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763995.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763996.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763996.png new file mode 100644 index 0000000000..09827c8d4c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763996.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763997.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763997.png new file mode 100644 index 0000000000..cf32f0f701 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_763997.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_764008.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_764008.png new file mode 100644 index 0000000000..81a08322c2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_764008.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_disable_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_disable_rule.png new file mode 100644 index 0000000000..474303fa6e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_disable_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_drag_and_drop.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_drag_and_drop.png new file mode 100644 index 0000000000..29dacadaa6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_drag_and_drop.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_two_rules.png b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_two_rules.png new file mode 100644 index 0000000000..45d1ad724f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/rule_ordering_two_rules.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_734302.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_734302.png new file mode 100644 index 0000000000..eae078a2e8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_734302.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_792723.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_792723.png new file mode 100644 index 0000000000..fa8517e60c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_792723.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_aggregation.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_aggregation.png new file mode 100644 index 0000000000..c372eaafc3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_aggregation.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_custom_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_custom_rule.png new file mode 100644 index 0000000000..fd54c6fd8c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_custom_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_fs_mon_enabled.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_fs_mon_enabled.png new file mode 100644 index 0000000000..71c564af73 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_fs_mon_enabled.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_obvervations_metadata.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_obvervations_metadata.png new file mode 100644 index 0000000000..1ae9e922fb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_app_embedded_obvervations_metadata.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_fim_test_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_fim_test_rule.png new file mode 100644 index 0000000000..5b4877f99d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_fim_test_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_fs_584208.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_fs_584208.png new file mode 100644 index 0000000000..6e5fe72606 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_fs_584208.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_hosts_fim_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_hosts_fim_rule.png new file mode 100644 index 0000000000..dae3bff299 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_hosts_fim_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_overview_container_model_capabilities.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_overview_container_model_capabilities.png new file mode 100644 index 0000000000..e4724b81e5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_overview_container_model_capabilities.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_overview_model.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_overview_model.png new file mode 100644 index 0000000000..90b7150804 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_overview_model.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_process_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_process_rule.png new file mode 100644 index 0000000000..4cd327749e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_process_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_rule_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_rule_scope.png new file mode 100644 index 0000000000..92e026c482 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_defense_rule_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/runtime_log_scrubbing.png b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_log_scrubbing.png new file mode 100644 index 0000000000..349d739956 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/runtime_log_scrubbing.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_accountgroup.png b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_accountgroup.png new file mode 100644 index 0000000000..06355c09bf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_accountgroup.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_resourcelist.png b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_resourcelist.png new file mode 100644 index 0000000000..393ceac912 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_resourcelist.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_role.png b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_role.png new file mode 100644 index 0000000000..f6316e00e5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_role.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_user.png b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_user.png new file mode 100644 index 0000000000..23f06cd9cf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/saas_assign_roles_user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/save-agentless-configuration.png b/docs/en/compute-edition/32/admin-guide/_graphics/save-agentless-configuration.png new file mode 100644 index 0000000000..0202788b37 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/save-agentless-configuration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/save_button.png b/docs/en/compute-edition/32/admin-guide/_graphics/save_button.png new file mode 100644 index 0000000000..ebc2c85481 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/save_button.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan-multiple-registries.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan-multiple-registries.png new file mode 100644 index 0000000000..542c3d2b33 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan-multiple-registries.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_alibaba_create_user.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_alibaba_create_user.png new file mode 100644 index 0000000000..ddc5a15388 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_alibaba_create_user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_alibaba_set_perms.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_alibaba_set_perms.png new file mode 100644 index 0000000000..ad71bf32de Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_alibaba_set_perms.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_artifactory_subdomain_all.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_artifactory_subdomain_all.png new file mode 100644 index 0000000000..70961cb0cf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_artifactory_subdomain_all.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_artifactory_subdomain_single.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_artifactory_subdomain_single.png new file mode 100644 index 0000000000..e33aa7e850 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_artifactory_subdomain_single.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_add_tag.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_add_tag.png new file mode 100644 index 0000000000..7151eca0f9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_add_tag.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_csv_packages.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_csv_packages.png new file mode 100644 index 0000000000..fddb482436 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_csv_packages.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_host_apps.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_host_apps.png new file mode 100644 index 0000000000..3e788c7eeb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_host_apps.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_packages_in_use.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_packages_in_use.png new file mode 100644 index 0000000000..a170a59935 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_packages_in_use.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_process_info.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_process_info.png new file mode 100644 index 0000000000..65be517d5e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_process_info.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tag_comment.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tag_comment.png new file mode 100644 index 0000000000..2675f8b890 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tag_comment.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tag_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tag_scope.png new file mode 100644 index 0000000000..f25d27dd8a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tag_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tags_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tags_filter.png new file mode 100644 index 0000000000..51b7631ebc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_tags_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_timestamped_findings.png b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_timestamped_findings.png new file mode 100644 index 0000000000..65004592c9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scan_reports_timestamped_findings.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scanning-flow-chart-defender.png b/docs/en/compute-edition/32/admin-guide/_graphics/scanning-flow-chart-defender.png new file mode 100644 index 0000000000..3b79d63606 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scanning-flow-chart-defender.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/scanning-flow-chart-twistcli.png b/docs/en/compute-edition/32/admin-guide/_graphics/scanning-flow-chart-twistcli.png new file mode 100644 index 0000000000..9b482d9d33 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/scanning-flow-chart-twistcli.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/search_cves_results.png b/docs/en/compute-edition/32/admin-guide/_graphics/search_cves_results.png new file mode 100644 index 0000000000..660efafd0d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/search_cves_results.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_790254.png b/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_790254.png new file mode 100644 index 0000000000..b243c45de5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_790254.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_790256.png b/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_790256.png new file mode 100644 index 0000000000..5eecaa2e7e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_790256.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_791688.png b/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_791688.png new file mode 100644 index 0000000000..a888375cf9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/secrets_manager_791688.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless-scan-process.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless-scan-process.png new file mode 100644 index 0000000000..d9294cac4a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless-scan-process.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_cloudwatch_1.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_cloudwatch_1.png new file mode 100644 index 0000000000..7392543506 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_cloudwatch_1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_cloudwatch_2.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_cloudwatch_2.png new file mode 100644 index 0000000000..208da70d46 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_cloudwatch_2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_config_api_gateway.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_config_api_gateway.png new file mode 100644 index 0000000000..13c5d3a7c8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_config_api_gateway.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_console_audits.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_console_audits.png new file mode 100644 index 0000000000..0bccf80cd4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_console_audits.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_http_endpoint.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_http_endpoint.png new file mode 100644 index 0000000000..d6256fdec4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_http_endpoint.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_add_a_layer.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_add_a_layer.png new file mode 100644 index 0000000000..7537c0a593 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_add_a_layer.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_add_a_layer2.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_add_a_layer2.png new file mode 100644 index 0000000000..0b198a57c6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_add_a_layer2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_copy_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_copy_rule.png new file mode 100644 index 0000000000..143d5abf43 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_copy_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_create.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_create.png new file mode 100644 index 0000000000..edef636bd7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_create.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_download.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_download.png new file mode 100644 index 0000000000..67f35c2c11 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_download.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_execution_result.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_execution_result.png new file mode 100644 index 0000000000..7803f0a6b4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_execution_result.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_execution_result2.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_execution_result2.png new file mode 100644 index 0000000000..ca4d15f0be Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_execution_result2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers.png new file mode 100644 index 0000000000..4a643672f3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers2.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers2.png new file mode 100644 index 0000000000..db20f745e0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers3.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers3.png new file mode 100644 index 0000000000..ddf24edbc3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_function_designer_layers3.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_layers.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_layers.png new file mode 100644 index 0000000000..a71d0ad7ed Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_layers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_run_test.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_run_test.png new file mode 100644 index 0000000000..d9a577a7bd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_run_test.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_test_event.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_test_event.png new file mode 100644 index 0000000000..2fdb61b7e1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_test_event.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_test_event2.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_test_event2.png new file mode 100644 index 0000000000..fdb2ce45e2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_layer_test_event2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_alias.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_alias.png new file mode 100644 index 0000000000..a36a093013 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_alias.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_alias_detail.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_alias_detail.png new file mode 100644 index 0000000000..d58b77e232 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_alias_detail.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_clean.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_clean.png new file mode 100644 index 0000000000..1246d2fb35 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_clean.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure.png new file mode 100644 index 0000000000..5bda818750 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure_scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure_scan.png new file mode 100644 index 0000000000..9db83361bf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure_scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure_scan2.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure_scan2.png new file mode 100644 index 0000000000..b96a3e1d90 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_configure_scan2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_critical.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_critical.png new file mode 100644 index 0000000000..25eda6ef61 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_critical.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore.png new file mode 100644 index 0000000000..75da27b7aa Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore_compliance.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore_compliance.png new file mode 100644 index 0000000000..5c1e293963 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore_compliance.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore_permissions.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore_permissions.png new file mode 100644 index 0000000000..fddd450f62 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_explore_permissions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_flow.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_flow.png new file mode 100644 index 0000000000..c02bd9e050 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_flow.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_high.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_high.png new file mode 100644 index 0000000000..69c2a4f129 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_high.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_medium.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_medium.png new file mode 100644 index 0000000000..6ded797002 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_medium.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_permission_boundary.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_permission_boundary.png new file mode 100644 index 0000000000..4466d9f49c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_radar_permission_boundary.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_save.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_save.png new file mode 100644 index 0000000000..f36489a16f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_save.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/serverless_upload_zip.png b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_upload_zip.png new file mode 100644 index 0000000000..bad8457037 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/serverless_upload_zip.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_sir_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_sir_config.png new file mode 100644 index 0000000000..b243f203a1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_sir_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_config.png b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_config.png new file mode 100644 index 0000000000..254127b9b5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_config.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_fix_script.png b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_fix_script.png new file mode 100644 index 0000000000..8c8ee4beae Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_fix_script.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_identification_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_identification_rule.png new file mode 100644 index 0000000000..cf0fb97660 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/servicenow_vr_identification_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/set-credentials.png b/docs/en/compute-edition/32/admin-guide/_graphics/set-credentials.png new file mode 100644 index 0000000000..1b4cf18860 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/set-credentials.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/simple_scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/simple_scan.png new file mode 100644 index 0000000000..c8dc62169e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/simple_scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/slack-config-1.png b/docs/en/compute-edition/32/admin-guide/_graphics/slack-config-1.png new file mode 100644 index 0000000000..83e101a789 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/slack-config-1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/slack-config-2.png b/docs/en/compute-edition/32/admin-guide/_graphics/slack-config-2.png new file mode 100644 index 0000000000..da13039961 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/slack-config-2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/splunk-alert-profile.png b/docs/en/compute-edition/32/admin-guide/_graphics/splunk-alert-profile.png new file mode 100644 index 0000000000..020a7795b6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/splunk-alert-profile.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/splunk-saas-alert-profile.png b/docs/en/compute-edition/32/admin-guide/_graphics/splunk-saas-alert-profile.png new file mode 100644 index 0000000000..5f49bd990b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/splunk-saas-alert-profile.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/suspicious_binary_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/suspicious_binary_incident.png new file mode 100644 index 0000000000..b645d37e4e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/suspicious_binary_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/suspicious_binary_incident2.png b/docs/en/compute-edition/32/admin-guide/_graphics/suspicious_binary_incident2.png new file mode 100644 index 0000000000..f8dc22c3cb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/suspicious_binary_incident2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/syslog_integration_554971.png b/docs/en/compute-edition/32/admin-guide/_graphics/syslog_integration_554971.png new file mode 100644 index 0000000000..f6d9e7fc1e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/syslog_integration_554971.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags-scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags-scope.png new file mode 100644 index 0000000000..f7de430832 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags-scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_add_tag_assignment.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_add_tag_assignment.png new file mode 100644 index 0000000000..7913ac8f29 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_add_tag_assignment.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_assigned_from_scan_reports.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_assigned_from_scan_reports.png new file mode 100644 index 0000000000..7e8b504264 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_assigned_from_scan_reports.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_define_tag.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_define_tag.png new file mode 100644 index 0000000000..3b5d2fa319 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_define_tag.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_edit_tag_assignment.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_edit_tag_assignment.png new file mode 100644 index 0000000000..e43a7e10c1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_edit_tag_assignment.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_filters_a.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_filters_a.png new file mode 100644 index 0000000000..9c130943d8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_filters_a.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_filters_b.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_filters_b.png new file mode 100644 index 0000000000..26766a5991 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_filters_b.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_images_with_wildcard.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_images_with_wildcard.png new file mode 100644 index 0000000000..cc3cad8ca0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_images_with_wildcard.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tags_specific_images.png b/docs/en/compute-edition/32/admin-guide/_graphics/tags_specific_images.png new file mode 100644 index 0000000000..33b3bf7893 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tags_specific_images.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tas_defenders_deployed.png b/docs/en/compute-edition/32/admin-guide/_graphics/tas_defenders_deployed.png new file mode 100644 index 0000000000..8073b8c75a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tas_defenders_deployed.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tatp_765357.png b/docs/en/compute-edition/32/admin-guide/_graphics/tatp_765357.png new file mode 100644 index 0000000000..9ec98e07e8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tatp_765357.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/timeline_supported_versions.png b/docs/en/compute-edition/32/admin-guide/_graphics/timeline_supported_versions.png new file mode 100644 index 0000000000..380d4f7c55 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/timeline_supported_versions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/timeline_unsupported_version.png b/docs/en/compute-edition/32/admin-guide/_graphics/timeline_unsupported_version.png new file mode 100644 index 0000000000..c660a65ef7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/timeline_unsupported_version.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trigger-scan.png b/docs/en/compute-edition/32/admin-guide/_graphics/trigger-scan.png new file mode 100644 index 0000000000..88cd969929 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trigger-scan.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webhooks_docker_hub.png b/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webhooks_docker_hub.png new file mode 100644 index 0000000000..7745c8a79e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webhooks_docker_hub.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webhooks_nexus.png b/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webhooks_nexus.png new file mode 100644 index 0000000000..4d6a823886 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webhooks_nexus.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webooks_706509.png b/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webooks_706509.png new file mode 100644 index 0000000000..4ac4a98e40 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trigger_registry_scan_webooks_706509.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_connected.png b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_connected.png new file mode 100644 index 0000000000..89bfa64384 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_connected.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_cve_viewer.png b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_cve_viewer.png new file mode 100644 index 0000000000..f8dbb850b9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_cve_viewer.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_unactionable_vulns.png b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_unactionable_vulns.png new file mode 100644 index 0000000000..68adda3dee Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_unactionable_vulns.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_vendor_fixes.png b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_vendor_fixes.png new file mode 100644 index 0000000000..6d12f5ad3c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/troubleshooting_scan_reports_vendor_fixes.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_not_trusted_badge.png b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_not_trusted_badge.png new file mode 100644 index 0000000000..db0f926751 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_not_trusted_badge.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_badge.png b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_badge.png new file mode 100644 index 0000000000..4d4b0533a5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_badge.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_group_filters.png b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_group_filters.png new file mode 100644 index 0000000000..a023fed6d3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_group_filters.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_group_manual.png b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_group_manual.png new file mode 100644 index 0000000000..9fd6279e18 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/trusted_images_trust_group_manual.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/tw_ha_706614.png b/docs/en/compute-edition/32/admin-guide/_graphics/tw_ha_706614.png new file mode 100644 index 0000000000..f62e9f03c5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/tw_ha_706614.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/twistcli-download.png b/docs/en/compute-edition/32/admin-guide/_graphics/twistcli-download.png new file mode 100644 index 0000000000..c497fe57eb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/twistcli-download.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/unpackaged-sw-app-vulns.png b/docs/en/compute-edition/32/admin-guide/_graphics/unpackaged-sw-app-vulns.png new file mode 100644 index 0000000000..90369c529e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/unpackaged-sw-app-vulns.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/update_bell.png b/docs/en/compute-edition/32/admin-guide/_graphics/update_bell.png new file mode 100644 index 0000000000..8336fabc94 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/update_bell.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/update_saas_console.png b/docs/en/compute-edition/32/admin-guide/_graphics/update_saas_console.png new file mode 100644 index 0000000000..7df1869175 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/update_saas_console.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_compute_version.png b/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_compute_version.png new file mode 100644 index 0000000000..2edf3ebec8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_compute_version.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_defender_version.png b/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_defender_version.png new file mode 100644 index 0000000000..4dfb016f46 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_defender_version.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_tw_http_proxy_744232.png b/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_tw_http_proxy_744232.png new file mode 100644 index 0000000000..85c87a133c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/upgrade_tw_http_proxy_744232.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/use_collections_in_rules.png b/docs/en/compute-edition/32/admin-guide/_graphics/use_collections_in_rules.png new file mode 100644 index 0000000000..eb1bbc8cdc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/use_collections_in_rules.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_793632.png b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_793632.png new file mode 100644 index 0000000000..0231e4a1c5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_793632.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_795121.png b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_795121.png new file mode 100644 index 0000000000..464574b774 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_795121.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_795123.png b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_795123.png new file mode 100644 index 0000000000..ca7e5a5a16 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_795123.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_banner.png b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_banner.png new file mode 100644 index 0000000000..52a1929b55 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/use_custom_certs_auth_banner.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/user_roles_admin.png b/docs/en/compute-edition/32/admin-guide/_graphics/user_roles_admin.png new file mode 100644 index 0000000000..df367fa9bc Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/user_roles_admin.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/user_roles_user.png b/docs/en/compute-edition/32/admin-guide/_graphics/user_roles_user.png new file mode 100644 index 0000000000..5503bc36c0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/user_roles_user.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vm_image_scanning_report.png b/docs/en/compute-edition/32/admin-guide/_graphics/vm_image_scanning_report.png new file mode 100644 index 0000000000..58b4b05ae3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vm_image_scanning_report.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vpc-configuration.png b/docs/en/compute-edition/32/admin-guide/_graphics/vpc-configuration.png new file mode 100644 index 0000000000..2ef262ac0b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vpc-configuration.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vul_function_details.png b/docs/en/compute-edition/32/admin-guide/_graphics/vul_function_details.png new file mode 100644 index 0000000000..a736985934 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vul_function_details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln-rule-per-package-severity.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln-rule-per-package-severity.png new file mode 100644 index 0000000000..4e3b085ddd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln-rule-per-package-severity.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_791544.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_791544.png new file mode 100644 index 0000000000..959d244cfe Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_791544.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_CVE_dialog.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_CVE_dialog.png new file mode 100644 index 0000000000..99f60158a2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_CVE_dialog.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_filter_by_risk_factors.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_filter_by_risk_factors.png new file mode 100644 index 0000000000..f05c7c070e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_filter_by_risk_factors.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_image_details.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_image_details.png new file mode 100644 index 0000000000..8631e7a1f6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_image_details.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_risk_factors.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_risk_factors.png new file mode 100644 index 0000000000..056c06fc9a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_explorer_risk_factors.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_blacklists.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_blacklists.png new file mode 100644 index 0000000000..0afbfe1098 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_blacklists.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_block_audit.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_block_audit.png new file mode 100644 index 0000000000..78a4bccf11 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_block_audit.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_exceptions.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_exceptions.png new file mode 100644 index 0000000000..eed63de280 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_exceptions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_filters.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_filters.png new file mode 100644 index 0000000000..b073184f2f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_filters.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period.png new file mode 100644 index 0000000000..b0900e6add Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_by_severity.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_by_severity.png new file mode 100644 index 0000000000..ceb66d2ba7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_by_severity.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_csv_scan_report.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_csv_scan_report.png new file mode 100644 index 0000000000..eb05022ab8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_csv_scan_report.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_remaining_time.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_remaining_time.png new file mode 100644 index 0000000000..51d915dd4c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_grace_period_remaining_time.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_scan_report.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_scan_report.png new file mode 100644 index 0000000000..8b4e84fb58 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_scan_report.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_thresholds.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_thresholds.png new file mode 100644 index 0000000000..11724fdbf5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuln_management_rules_thresholds.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerabilities-ci-policy-functions.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerabilities-ci-policy-functions.png new file mode 100644 index 0000000000..0b1db058f4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerabilities-ci-policy-functions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerabilities-ci-policy-image.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerabilities-ci-policy-image.png new file mode 100644 index 0000000000..c3388cd364 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerabilities-ci-policy-image.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-blocked-severitiy-risk-factor.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-blocked-severitiy-risk-factor.png new file mode 100644 index 0000000000..d305d3dc9b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-blocked-severitiy-risk-factor.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-filters.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-filters.png new file mode 100644 index 0000000000..0ce0924e01 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-filters.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-scanned-by-agentless.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-scanned-by-agentless.png new file mode 100644 index 0000000000..145154f403 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-scanned-by-agentless.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-scanned-by.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-scanned-by.png new file mode 100644 index 0000000000..708ed5c8f7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-results-scanned-by.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-scan-reports.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-scan-reports.png new file mode 100644 index 0000000000..0413d3eead Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnerability-scan-reports.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_results_filtered.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_results_filtered.png new file mode 100644 index 0000000000..eb5fecc5f2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_results_filtered.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_results_top_10.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_results_top_10.png new file mode 100644 index 0000000000..dcff726e13 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_results_top_10.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_risk_factors.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_risk_factors.png new file mode 100644 index 0000000000..813f165fe6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_risk_factors.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_risk_tree.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_risk_tree.png new file mode 100644 index 0000000000..50ee936ad3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_risk_tree.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_top_10.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_top_10.png new file mode 100644 index 0000000000..75e5847306 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_top_10.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_top_ten_detail.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_top_ten_detail.png new file mode 100644 index 0000000000..d311f31056 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_top_ten_detail.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_trend_by_resources.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_trend_by_resources.png new file mode 100644 index 0000000000..cb61a2d112 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_trend_by_resources.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_trend_by_vulns.png b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_trend_by_vulns.png new file mode 100644 index 0000000000..9d476d4f82 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vulnex_trend_by_vulns.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/vuls_functions_layers_info.png b/docs/en/compute-edition/32/admin-guide/_graphics/vuls_functions_layers_info.png new file mode 100644 index 0000000000..fa6e8a8d92 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/vuls_functions_layers_info.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-access-control-exception.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-access-control-exception.png new file mode 100644 index 0000000000..ac7271edbb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-access-control-exception.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-agentless-rules.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-agentless-rules.png new file mode 100644 index 0000000000..a5d113ee1a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-agentless-rules.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-api-change-history.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-api-change-history.png new file mode 100644 index 0000000000..d99088c356 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-api-change-history.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-sidecar1.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-sidecar1.png new file mode 100644 index 0000000000..4c22db2762 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-sidecar1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-sidecar2.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-sidecar2.png new file mode 100644 index 0000000000..d6505a9325 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery-sidecar2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery.png new file mode 100644 index 0000000000..b579771535 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-api-discovery.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-custom-rules-jwt-functions.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-custom-rules-jwt-functions.png new file mode 100644 index 0000000000..783b5de4b8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-custom-rules-jwt-functions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-events-email-redacted.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-events-email-redacted.png new file mode 100644 index 0000000000..a760d8b97f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-events-email-redacted.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-events-jwt.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-events-jwt.png new file mode 100644 index 0000000000..0916c3b181 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-events-jwt.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-inline-app-embedded-tls.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-inline-app-embedded-tls.png new file mode 100644 index 0000000000..439369b080 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-inline-app-embedded-tls.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-oob-endpoint.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-oob-endpoint.png new file mode 100644 index 0000000000..edb03c5595 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-oob-endpoint.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-oob-tls.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-oob-tls.png new file mode 100644 index 0000000000..fe39b20192 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-oob-tls.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-protecting-policy.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-protecting-policy.png new file mode 100644 index 0000000000..de08a1a63e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-protecting-policy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas-sensitive-data.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas-sensitive-data.png new file mode 100644 index 0000000000..5576fe3cf9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas-sensitive-data.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_active_bot_detections.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_active_bot_detections.png new file mode 100644 index 0000000000..bc5edcb88f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_active_bot_detections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_column.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_column.png new file mode 100644 index 0000000000..29e4d9f23d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_column.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_exception.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_exception.png new file mode 100644 index 0000000000..cf371b15a0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_exception.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_new_exception.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_new_exception.png new file mode 100644 index 0000000000..2dc248ec30 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_new_exception.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_user_bot.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_user_bot.png new file mode 100644 index 0000000000..dd14ece35a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_add_user_bot.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_advanced_settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_advanced_settings.png new file mode 100644 index 0000000000..2fcae52539 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_advanced_settings.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics.png new file mode 100644 index 0000000000..aa37864cca Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_add_exception.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_add_exception.png new file mode 100644 index 0000000000..efbfe6c060 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_add_exception.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_aggregated_view.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_aggregated_view.png new file mode 100644 index 0000000000..41a11aa376 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_aggregated_view.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_cycle.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_cycle.png new file mode 100644 index 0000000000..0c257bab71 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_cycle.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_filters.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_filters.png new file mode 100644 index 0000000000..5cfbdad195 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_filters.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_raw_demo.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_raw_demo.png new file mode 100644 index 0000000000..b41dd1cd03 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_raw_demo.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_sample_view.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_sample_view.png new file mode 100644 index 0000000000..2153699125 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_analytics_sample_view.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_observation_actions.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_observation_actions.png new file mode 100644 index 0000000000..a07d45224a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_observation_actions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_action.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_action.png new file mode 100644 index 0000000000..9dbd94dbef Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_action.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_config_actions.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_config_actions.png new file mode 100644 index 0000000000..1b2a101444 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_config_actions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_path_methods.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_path_methods.png new file mode 100644 index 0000000000..29c65cfb80 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_path_methods.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_tab.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_tab.png new file mode 100644 index 0000000000..49fe9f79df Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_tab.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_tab_empty.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_tab_empty.png new file mode 100644 index 0000000000..686f7f8ae8 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_api_protection_tab_empty.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_app_definition.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_app_definition.png new file mode 100644 index 0000000000..2c094c0dac Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_app_definition.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_ban_settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_ban_settings.png new file mode 100644 index 0000000000..11bb18d9cd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_ban_settings.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_body_inspection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_body_inspection.png new file mode 100644 index 0000000000..00c08e2b1b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_body_inspection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_flowchart.drawio b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_flowchart.drawio new file mode 100644 index 0000000000..58ee0077b7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_flowchart.drawio @@ -0,0 +1 @@ +7VzbcuI4EP2aVO0+JOW7zSOQy2aSTWUnm8nkaUsxAjQxlkcWAebrR8IyvsgQB2xs2DwFtYVsd5/T3Wp1ONH7k/kVAcH4bzyA3ommDOYn+vmJpmmKZbE/XLKIJKqqK5FkRNBAyBLBA/oFhTCeNkUDGGYmUow9ioKs0MW+D12akQFC8Cw7bYi97F0DMIKS4MEFnix9QgM6jqSOZifyvyAajeM7q1YnujIB8WTxJuEYDPAsJdIvTvQ+wZhGnybzPvS49mK9PF0vnrzbV+vqyz/hT/DYu/n37ttptNjlR76yegUCfbr10qPAde7uZtYjufdvDP+X8/3WPTUM8W50ESsMDpj+xBATOsYj7APvIpH2CJ76A8iXVdgomXOLccCEKhP+gJQuBBjAlGImGtOJJ67COaLf+dfPTDF6Tl05n4uVl4OFGJTUgdBViKfEhZvmaQKLgIwg3aAh3YkmcrWkECV0fAXxBFKyYBMI9ABFb1nYAYHe0WpeYiH2QRjpI1gQz/0GvKm41bX/gxNHU659CklIEUWAr3PPmZG3bmI7ru7ZGFH4EIClqmbMA2TtNMQ+FUZk99V7Iw+EobBHSAl+XVGKz17x4+PmeoOEwvlG9YqruiPYKPyRYYnxLCG3GjN2nCK2oexukUKAOJJB7nATpNqeIIWvFfvq9/hhN0WPwqcxFckazyz6NOnjUh4u8XfFPo4P7iFBTBeQxDKf6SXlLPnwOX0tWWo52t1f7gQHrSQcBJ1PlbOOKmJQaYSI1e4x8mlqCh4OQ/ZseQitbro9qlQJVI8hM5CmnMMh8hlKNMtjSum9MJk14p96PCm4lHCXdZpaFjHMfwZ83mQ+4rnY2dDDM3cMCD0bQBeFCPtrPHZdvla1s75WNQp8rVHga626fG2ce7Y/XUlomyFtwuE1tF2O8j6gYi6XTX20yn17jrkxzqwczhRFy64RPar4WvX8lnOqbhB4/M36YxxCn33oupQT8OjSqazmO2bT2ZRmHQzDC4J1xUQ1SxJVbVcOJrGp7yG4JPxX+HMKQ1pVXAyZZuh/65hXW1jsZElTtANR9hkVVXkL8pn0VsE/u76kd7eUVyyU2ws7ea+8JmzuM3W2JWje+HjGAunlo/8afcrnzi+YP5rLgyMaIg7HY0ukV2H3vUTari2RllOeZqoWLY28napT5BT1tY6zG/vrZ61utS2iqDtGlKbwUTY07Cc160hmvSconADmesGEe0D/JeR/HmDI3SSzuHLhgxfvGJ2wXraaUZsT1uRi5WE74W3Ttn0UPcrmcp2qCVucurFdxJmZwaNh2NlFolfakL2tX8rJLVVz/cTSP0OD5PLfRZrVrtgQP3dBcFBEPDjhHiufrvcxfkWQa2apv0MPE7oUJrSYXe+Wvc26TCPvop663YdlQSUMWJyWz3m3VDpjxQT5gGLS9FmDojZ+2CBrvSg8+4Mub1Nho2jL6rYrtu7Bu21sVHjXu6XsaxaYN5btGG/1XNHOVnKwKRttDSNX/TPLFV2qirWG3raksbJa38dOyioGdtznUx2wP4ZY5kTAIjUh4AAKNwDazOLQFNFnHW7z8w1HycEzeoJqwdqeOkKLtyZF0CtWp9mqjFGXzx3kjDFbWNiQPhLoQvbIR1BpyKeQZuPlXqMtTWpNHxDtg85G2WPbLYrHjmqpu+VD9RePTbldqunjyOPIvUsDy6i8iLWb95E7Ar6ANxC6BAVUjgjnTPOi2yZ/KV2MzgeWowoZVuPFabNzMIxtcywoe1BkGu2irHxS9HXK639p4io9EPLmV2XF2FCm7B/dcOG7Y4J9PA3/lDB18A10uR4Mu2wHXb5sUB1xD6eDLiaumqFtK3pkzbJV/OqbZHezvlzF/9/0suao2HwzqylXkA88E66aZUbZ8Fh50W0nw8ZnDp/76X244rIg2WI/bXWc9u+nDQls/N+LpExrsMzCjrGA5jReQLNkGxx4Q1ybk6+4M6KW9ksrXr3e8xlby2JYtzefz+Tnq4qx4YBmn/7Hkg9xDrtNrSm0Wu06vomfe+uGH/ZFdATRxsyd6Leh48eyD4ZgW8aRqklYtjbetp2EXBtPuPeNEwxEm3XlEiBvSo7vFz3MfGNCjb/owYbJ7/VE8TH52SP94jc= \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_flowchart.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_flowchart.png new file mode 100644 index 0000000000..1aec1c8d41 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_flowchart.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_protection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_protection.png new file mode 100644 index 0000000000..8d36ec4b2b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_protection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_protection_tab.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_protection_tab.png new file mode 100644 index 0000000000..e5db911bd2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_bot_protection_tab.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_captcha_action.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_captcha_action.png new file mode 100644 index 0000000000..d1f7f97e94 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_captcha_action.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_captcha_page.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_captcha_page.png new file mode 100644 index 0000000000..a8ec981b81 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_captcha_page.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_change_columns.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_change_columns.png new file mode 100644 index 0000000000..e6c82e7ad4 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_change_columns.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_create_new_rule.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_create_new_rule.png new file mode 100644 index 0000000000..f44d4acdea Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_create_new_rule.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_response.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_response.png new file mode 100644 index 0000000000..f07d73d8bf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_response.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_rule_regex_match_group.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_rule_regex_match_group.png new file mode 100644 index 0000000000..4707223298 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_rule_regex_match_group.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_rules_min_defender.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_rules_min_defender.png new file mode 100644 index 0000000000..8220eaefd9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_custom_rules_min_defender.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_app_embedded_collection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_app_embedded_collection.png new file mode 100644 index 0000000000..b851ce5aa5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_app_embedded_collection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_collection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_collection.png new file mode 100644 index 0000000000..32e0366fca Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_collection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_collection_oob_hosts.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_collection_oob_hosts.png new file mode 100644 index 0000000000..347c61cbe6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_collection_oob_hosts.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_host_collection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_host_collection.png new file mode 100644 index 0000000000..0f44160040 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_define_host_collection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types.png new file mode 100644 index 0000000000..76391eddb2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types_app_embedded.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types_app_embedded.png new file mode 100644 index 0000000000..a77484ec90 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types_app_embedded.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types_serverless.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types_serverless.png new file mode 100644 index 0000000000..e54316d2d6 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_deployment_types_serverless.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_action.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_action.png new file mode 100644 index 0000000000..6b0a3c0455 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_action.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_add_match_conditions.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_add_match_conditions.png new file mode 100644 index 0000000000..715777cf49 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_add_match_conditions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_excluded.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_excluded.png new file mode 100644 index 0000000000..83e7f2223a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_excluded.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_multi.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_multi.png new file mode 100644 index 0000000000..d02bbaa5e1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_multi.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_new_condition.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_new_condition.png new file mode 100644 index 0000000000..a1e2f5b847 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_new_condition.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_protection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_protection.png new file mode 100644 index 0000000000..088004304f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_protection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_protection_toggle.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_protection_toggle.png new file mode 100644 index 0000000000..42a850ab63 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_dos_protection_toggle.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_endpoint_lineitem_app_embbded.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_endpoint_lineitem_app_embbded.png new file mode 100644 index 0000000000..e7fb7347d7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_endpoint_lineitem_app_embbded.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_endpoint_setup_tab.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_endpoint_setup_tab.png new file mode 100644 index 0000000000..a1dc99bc21 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_endpoint_setup_tab.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_eventid_filter.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_eventid_filter.png new file mode 100644 index 0000000000..3584c8cba5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_eventid_filter.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_eventid_response.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_eventid_response.png new file mode 100644 index 0000000000..a6a6cba23d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_eventid_response.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_activity_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_activity_overview.png new file mode 100644 index 0000000000..87d557eae5 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_activity_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_insights.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_insights.png new file mode 100644 index 0000000000..804c40e9eb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_insights.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_overview.png new file mode 100644 index 0000000000..4b0a126b2d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_traffic_sources.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_traffic_sources.png new file mode 100644 index 0000000000..929b0f883e Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_explorer_traffic_sources.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_firewall_protections.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_firewall_protections.png new file mode 100644 index 0000000000..2df5906aa3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_firewall_protections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_firewall_protections_with_banner.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_firewall_protections_with_banner.png new file mode 100644 index 0000000000..0329cfcab9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_firewall_protections_with_banner.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_forward_example.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_forward_example.png new file mode 100644 index 0000000000..c6a09b3131 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_forward_example.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_import_api.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_import_api.png new file mode 100644 index 0000000000..6270dd5579 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_import_api.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_known_bots.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_known_bots.png new file mode 100644 index 0000000000..d7c96db174 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_known_bots.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_new_rule_dialog_location.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_new_rule_dialog_location.png new file mode 100644 index 0000000000..c37c88dfe9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_new_rule_dialog_location.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_new_rule_name.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_new_rule_name.png new file mode 100644 index 0000000000..a52cde2edb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_new_rule_name.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_scrubbed_event.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_scrubbed_event.png new file mode 100644 index 0000000000..db608387ad Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_scrubbed_event.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_scrubbed_payload.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_scrubbed_payload.png new file mode 100644 index 0000000000..9c0841f703 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_log_scrubbing_scrubbed_payload.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_manage_exceptions.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_manage_exceptions.png new file mode 100644 index 0000000000..5b197a903d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_manage_exceptions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_monitor_refresh_button.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_monitor_refresh_button.png new file mode 100644 index 0000000000..71f70ac02c Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_monitor_refresh_button.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_monitor_reset_button.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_monitor_reset_button.png new file mode 100644 index 0000000000..37aab05b50 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_monitor_reset_button.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_controls.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_controls.png new file mode 100644 index 0000000000..1a63713303 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_controls.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_lists.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_lists.png new file mode 100644 index 0000000000..95c90c4c6d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_lists.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_management.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_management.png new file mode 100644 index 0000000000..a7a4b63d3f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_network_management.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_nginx_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_nginx_scope.png new file mode 100644 index 0000000000..9bfd8ffccd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_nginx_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_advanced_settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_advanced_settings.png new file mode 100644 index 0000000000..d90bdb6e1b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_advanced_settings.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_app_firewall.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_app_firewall.png new file mode 100644 index 0000000000..26e481e5f0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_app_firewall.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_bot_protection.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_bot_protection.png new file mode 100644 index 0000000000..85d8ce2d7d Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_bot_protection.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_rule_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_rule_overview.png new file mode 100644 index 0000000000..76d2c34bdf Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_out_of_band_rule_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_preview_HTML.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_preview_HTML.png new file mode 100644 index 0000000000..359f8a392b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_preview_HTML.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_prisma_sessions.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_prisma_sessions.png new file mode 100644 index 0000000000..93438a9f97 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_prisma_sessions.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_radar_monitor.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_radar_monitor.png new file mode 100644 index 0000000000..1b7bec594b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_radar_monitor.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_recaptcha_options.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_recaptcha_options.png new file mode 100644 index 0000000000..a96f183acb Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_recaptcha_options.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_remote_proxy.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_remote_proxy.png new file mode 100644 index 0000000000..789e10152b Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_remote_proxy.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_remote_proxy_example.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_remote_proxy_example.png new file mode 100644 index 0000000000..9236382558 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_remote_proxy_example.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_request_anomalies.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_request_anomalies.png new file mode 100644 index 0000000000..b8e6b0fb06 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_request_anomalies.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_response_custome_rule_type.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_response_custome_rule_type.png new file mode 100644 index 0000000000..8caca528dd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_response_custome_rule_type.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_response_headers.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_response_headers.png new file mode 100644 index 0000000000..688968e2e7 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_response_headers.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_example.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_example.png new file mode 100644 index 0000000000..e3f48293a1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_example.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_overview.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_overview.png new file mode 100644 index 0000000000..df748b8916 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_overview.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_scope.png new file mode 100644 index 0000000000..ffbd885f52 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_rule_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_select_methods.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_select_methods.png new file mode 100644 index 0000000000..5bc0514097 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_select_methods.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_select_scope.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_select_scope.png new file mode 100644 index 0000000000..cf791aae25 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_select_scope.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_collections.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_collections.png new file mode 100644 index 0000000000..401c196cfd Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_collections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_protections.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_protections.png new file mode 100644 index 0000000000..053e0e3f18 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_protections.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_protections_view.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_protections_view.png new file mode 100644 index 0000000000..f0b05531e0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_serverless_protections_view.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_timeline.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_timeline.png new file mode 100644 index 0000000000..72e86d65c0 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_timeline.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_certificate.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_certificate.png new file mode 100644 index 0000000000..fe3db00ce2 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_certificate.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_minimum.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_minimum.png new file mode 100644 index 0000000000..6ba8ba8377 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_minimum.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_settings.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_settings.png new file mode 100644 index 0000000000..30f3411301 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_tls_settings.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_unknown_bots.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_unknown_bots.png new file mode 100644 index 0000000000..639cde4d40 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_unknown_bots.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_unprotected_web_apps_radar.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_unprotected_web_apps_radar.png new file mode 100644 index 0000000000..fe88a0b635 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_unprotected_web_apps_radar.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_unprotected_web_apps_report.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_unprotected_web_apps_report.png new file mode 100644 index 0000000000..bdf5cdef86 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_unprotected_web_apps_report.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/waas_user_defined_bots.png b/docs/en/compute-edition/32/admin-guide/_graphics/waas_user_defined_bots.png new file mode 100644 index 0000000000..0707376a01 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/waas_user_defined_bots.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/weak_settings_compliance.png b/docs/en/compute-edition/32/admin-guide/_graphics/weak_settings_compliance.png new file mode 100644 index 0000000000..995564c5ff Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/weak_settings_compliance.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/weak_settings_incident.png b/docs/en/compute-edition/32/admin-guide/_graphics/weak_settings_incident.png new file mode 100644 index 0000000000..9162789650 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/weak_settings_incident.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/webhook-config-1.png b/docs/en/compute-edition/32/admin-guide/_graphics/webhook-config-1.png new file mode 100644 index 0000000000..7745cd52a9 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/webhook-config-1.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/webhook-config-2.png b/docs/en/compute-edition/32/admin-guide/_graphics/webhook-config-2.png new file mode 100644 index 0000000000..6b71bc7a5a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/webhook-config-2.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/wildfire.png b/docs/en/compute-edition/32/admin-guide/_graphics/wildfire.png new file mode 100644 index 0000000000..07b04b769a Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/wildfire.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/windows_compliance_checks.png b/docs/en/compute-edition/32/admin-guide/_graphics/windows_compliance_checks.png new file mode 100644 index 0000000000..93365c9bc3 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/windows_compliance_checks.png differ diff --git a/docs/en/compute-edition/32/admin-guide/_graphics/zero_day__vulns_778612.png b/docs/en/compute-edition/32/admin-guide/_graphics/zero_day__vulns_778612.png new file mode 100644 index 0000000000..9d5f8ebda1 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/_graphics/zero_day__vulns_778612.png differ diff --git a/docs/en/compute-edition/32/admin-guide/access-control/access-control.adoc b/docs/en/compute-edition/32/admin-guide/access-control/access-control.adoc new file mode 100644 index 0000000000..c787cccc0c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/access-control/access-control.adoc @@ -0,0 +1,3 @@ +== Access control + +Establish and monitor access control measures for cloud workloads and cloud native applications. diff --git a/docs/en/compute-edition/32/admin-guide/access-control/open-policy-agent.adoc b/docs/en/compute-edition/32/admin-guide/access-control/open-policy-agent.adoc new file mode 100644 index 0000000000..3f43da7309 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/access-control/open-policy-agent.adoc @@ -0,0 +1,199 @@ +[#admission-control] +== Admission Control with Open Policy Agent + +Prisma Cloud provides a dynamic https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/[admission controller] for Kubernetes and OpenShift that is built on the https://www.openpolicyagent.org/docs/latest/[Open Policy Agent (OPA)]. +In Console, you can manage and compose rules in Rego, which is OPA's native query language. +Rules can allow or deny (alert or block) pods. +Console pushes your policies to Defender, which enforces them. +Decisions made by the system are logged. + +NOTE: There is currently no support for Windows. + +=== Open Policy Agent + +The Open Policy Agent is an open source, general-purpose policy engine that lets you consolidate policy enforcement in a single place. +OPA can enforce policies in microservices, Kubernetes clusters, CI/CD pipelines, API gateways, and so on. +OPA provides a high-level declarative language called Rego, which lets you specify policy as code. +The OPA APIs let you offload policy decision-making from your software. + +OPA decouples policy decision-making from policy enforcement. +When your software needs to make policy decisions, it queries OPA and supplies structured data, such as JSON, as input. +The data can be inspected and transformed using OPA’s native query language Rego. +OPA generates policy decisions by evaluating the query input and against policies and data. + +Prisma Cloud operationalizes OPA by: + +* Extending Console to manage and compose policies in Rego. +* Integrating OPA's decision-making library into Defender. +* Connecting Defender's enforcement capabilities to OPA's decisions. + + +=== Admission webhook + +An admission controller is code that intercepts requests to the API server for creating objects. +There are two types of admission controllers: built-in and dynamic. +Prisma Cloud implements a dynamic admission controller. + +Dynamic admission controllers are built as webhooks. +After registering to intercept admission requests, they assess requests against policy, and then accept or reject those requests. +In Kubernetes terms, these are known as _validating admission webhooks_. + +The Prisma Cloud validating admission webhook handles the API server's AdmissionReview requests, and returns decisions in an AdmissionReview object. +When configuring Prisma Cloud, you'll create a ValidatingWebookConfiguration object, which sets up the Defender service to intercept all create, update, and connect calls to the API server. + +The default ValidatingWebookConfiguration provided here sets failurePolicy to Ignore. +The failure policy specifies how your cluster handles unrecognized errors and timeout errors from the admission webhook. +When set to Ignore, the API request is allowed to continue. + + +[.task] +=== Configuring the webhook + +Configure the API server to route AdmissionReview requests to Prisma Cloud. + +*Prerequisites:* + +* You have a running instance of Prisma Cloud Compute Console. +* You have a Kubernetes cluster. +Minimum supported version is v1.16. +* Defender has been deployed to your cluster as a DaemonSet. +In Console, you can verify Defenders are running and connected under *Manage > Defenders > Manage*. + +[.procedure] + +. Go to *Defend > Access > Admission* + +. Enable admission control. + +. Click the *Admission controller* link and *Copy configuration* and save it to a file. Nme this file `webhook.yaml`. ++ +[NOTE] +==== +If the Defender CA has been rotated and the old certificate still hasn't expired, you may have Defenders using an old certificate. For daemonset which its Defenders are using an old certificate, you need to retrieve the old Defender CA certificate from the daemonset yaml file you deployed this daemonset with. + +Search for `defender-ca.pem` within the daemonset yaml, copy its content, then paste it to replace the content of the `caBundle` field of the webhook. If `defender-ca.pem` doesn't exist in the daemonset yaml, use the content of the `ca.pem` field. + +If you don't have the yaml file you used to deploy the daemonset, you can retrieve the old CA bundle from the Console certificates folder under `old-defender-ca.pem`. + +To identify whether your Defenders are using an old certificate, see xref:../configure/certificates.adoc[Console-Defender communication certificates]. +==== + +. Create the webhook configuration object. ++ + $ kubectl apply -f webhook.yaml ++ +After creating the object, the Kubernetes API server directs AdmissionReview requests to Defender. + + +[.task] +=== Validating your setup + +Validate that your webhook has been properly set up with one of the predefined admission rules. + +The order in which the rules appear is the order in which they are evaluated. +Higher rules take precedence over lower rules. +Rules can be reordered. +Use the hamburger icon to drag and drop rules into the right place. + +NOTE: Notice that the processing of rules stops at the first match. To make sure the severe action will be taken in a case of more than one rule match, place the rules with action "Block" first. + +[.procedure] +. Navigate to *Defend > Access > Admission* and verify there exist default admission rules and they are all enabled by default. + +. Create the following YAML file to test the *Twistlock Labs - CIS - Privileged pod created* rule. + +.. Create the following YAML file: *priv-pod.yaml* ++ +[source] +---- +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + securityContext: + privileged: true +---- + +. Create the privileged pod. + + $ kubectl apply -f priv-pod.yaml + +. Verify an audit is created under *Monitor > Events > Admission Audits*. + +. Clean up. +Delete the pod. + + kubectl delete -f priv-pod.yaml + + +=== Creating custom admission rules + +Use https://www.openpolicyagent.org/docs/latest/policy-language/[Rego syntax] to create custom rules. +To learn more about the syntax, review the predefined rules that ship with Prisma Cloud. +Rules scripts are based on the admission review input JSON structure. +For more information, see: https://github.com/kubernetes/api/blob/master/admission/v1beta1/types.go. + +=== Examples + +The following examples should give you some ideas about how you can create your own policies by using the Rego language. + +Do not allow new namespaces to be created: + +[source] +---- +match[{"msg": msg}] { + input.request.operation == "CREATE" + input.request.kind.kind == "Namespace" + msg := "It's not allowed to create new namespace!" +} +---- + +Do not allow a specific image (for example nginx) in new pods: + +[source] +---- +match[{"msg": msg}] { + input.request.operation == "CREATE" + input.request.kind.kind == "Pod" + input.request.resource.resource == "pods" + input.request.object.spec.containers[_].image == "nginx" + msg := "It's not allowed to use the nginx Image!" +} +---- + +Do not allow new pods to expose TCP port 80: + +[source] +---- +match[{"msg": msg}] { + input.request.operation == "CREATE" + input.request.kind.kind == "Pod" + input.request.resource.resource == "pods" + input.request.object.spec.containers[_].ports[_].containerPort == 80 + msg := "It's not allowed to use port 80 (HTTP) with a Pod configuration!" +} +---- + +Control the scope of your the policy rules by checking the object's metadata, such as namespace or labels. + +Do not allow new pods in namespace _sock-shop_ without the _owner_ label: + +[source] +---- +match[{"msg": msg}] { + input.request.operation == "CREATE" + input.request.kind.kind == "Pod" + input.request.resource.resource == "pods" + input.request.object.metadata.namespace == "sock-shop" + not input.request.metadata.labels.owner + msg := "Pod in namespace sock-shop is missing the owner label" +} +---- diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-modes.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-modes.adoc new file mode 100644 index 0000000000..83ad061e2f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-modes.adoc @@ -0,0 +1,85 @@ +:toc: macro +[#scanning-modes] +== Agentless Scanning Modes + +toc::[] + +There are two ways you can set up agentless scanning with Prisma Cloud. + +* <<#same-account-mode,Same account mode (Default)>>: scans all hosts of a cloud account within the same cloud account. +* <<#hub-account-mode,Hub account mode>>: a centralized account, called the *hub account*, scans hosts in other cloud accounts, called *target accounts*. + +[NOTE] +==== +Hub account mode is only supported for AWS and GCP. +==== + +[#same-account-mode] +=== Same Account Mode + +In the same account mode, all of the xref:./agentless-scanning.adoc#scanning-process[agentless scanning process] takes place within the same account. +All snapshots, scanner instances, and network infrastructure are set up within every region that has workloads deployed to it. +The same account mode is the default agentless scanning mode when onboarding cloud accounts to Prisma Cloud. + +The following diagram gives a high level view of agentless scanning in same account mode: + +image::agentless-scanning-same-account-mode.png[width=800] + + +[#hub-account-mode] +=== Hub Account Mode + +In hub account mode, most of the agentless scanning process takes place in a centralized account known as the hub account. +You should dedicate this account entirely to the agentless scanning process. +Each account that the hub account should scan is called a target account. + +There is no limit to the number of hub accounts that you can configure and you can use each hub account to scan a different subset of target accounts. +In this mode, the scanner instances and networking infrastructure are created only on the hub account. +You don't have to replicate the agentless scanning configuration across target accounts since you can configure agentless scanning centrally on the hub account configuration. +For example, you don't need to replicate networking configuration across target accounts if you configured your xref:agentless-scanning.adoc#networking-infrastructure[networking infrastructure] in the hub account. + +* In AWS, snapshots are created within every target account and are then shared with the hub account. +* In GCP, snapshots are created directly within the hub account. + +Scanners in the hub account scan target accounts independently. An agentless scanner in the hub account only scans snapshots from one target account and this ensures segregation between target accounts. + +The following diagram gives a high level view of agentless scanning in hub account mode. + +image::agentless-scanning-hub-account-mode.png[width=800] + +[#scanning-modes-comparison] +=== Scanning Modes Comparison + +[cols="20%a,40%a,40%a"] +|=== +| |Same Account |Hub Account + +|*Scan Duration* +|Scales across all accounts, overall scan duration is short. +Assuming the maximum number of scanners is set to 50 scanners, the limit is per region being scanned. If *two* accounts are scanned, with *one* region each. In this example, agentless scanning scales as follows: 2 accounts * 1 region per account * 50 maximum scanners leads to 100 scanners in total. +|Scales only within the hub account, overall scan duration is longer. +This effect is because agentless can only scale across the maximum number of scanners defined on the hub account, regardless of the number of accounts or regions scanned. +Note: In addition, encrypted volumes in AWS are required to be copied, so scaling in hub mode is bottle-necked by the concurrent snapshot copy limit in AWS, which is https://aws.amazon.com/about-aws/whats-new/2020/04/amazon-ebs-increases-concurrent-snapshot-copy-limits-to-20-snapshots-per-destination-region/[20 by default]. + +|*Permissions* +|All read and write permissions are required on the same account. +|Most of the write permissions are required only on the hub account, and target accounts require mostly read permissions. +Because of this, this mode provides a better way to segregate permissions. + +|*Networking* +|Networking infrastructure is required on every account. +If you use custom network resources, you need to create the networking infrastructure in every region in every account. +|Networking infrastructure is only required on the hub account. +If you use custom network resources, you only need to create the networking infrastructure in all regions of the hub account. + +|*CSP Costs Incurred by Agentless Scanning* +|Each cloud account is billed for the CSP costs incurred by agentless scanning. +|The hub account is billed for the majority of the CSP costs incurred by agentless scanning. +You can still correlate the costs each target account incurs using CSPs costs analysis along with custom tags on the agentless scanning resources. + +|*Onboarding and Configuration* +|No additional configuration required. +This is the default mode to help you get started as soon as you complete onboarding. +|Additional configuration required for each account after you complete onboarding your accounts. + +|=== \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-results.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-results.adoc new file mode 100644 index 0000000000..401f51b364 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-results.adoc @@ -0,0 +1,83 @@ +:toc: macro + +== Agentless Scanning Results + +toc::[] + +Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload without having to install an agent or affecting the execution of the workload. +Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. +Prisma Cloud supports agentless scanning on AWS, GCP and Azure hosts, clusters, and containers for vulnerabilities and compliance. +Prisma Cloud only supports agentless scanning of hosts for vulnerabilities and compliance on OCI. + +See xref:./agentless-scanning.adoc#scanning-modes[scanning modes] to review the scanning options and xref:./onboard-accounts/onboard-accounts.adoc[to configure agentless scanning] on your accounts. + +=== Vulnerability Scan + +Agentless scan results are cohesively integrated with Defender results throughout the Console to provide seamless experience. + +Vulnerability scan rules control the data surfaced in Prisma Cloud Console, including scan reports and Radar visualizations. To modify these rules, see xref:../vulnerability-management/vuln-management-rules.adoc[vulnerability scan rules]. + +==== View Scan Results + +Navigate to *Monitor > Vulnerabilities > Hosts* to view agentless vulnerability scan results. +You can see a column named *Scanned by* in the results page. +On the rows where entry is *Agentless*, scan results are provided by agentless scanning. + +Agentless scans provide risk factors associated with each vulnerability such as package in use, exposed to internet, etc. (https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/compliance_explorer[here]). +You can add tags and create policies in alert mode for exceptions. +Agentless scanning is integrated with Vulnerability Explorer and Host Radar. + +image::agentless_results.png[width=600] + +=== Compliance Scans + +Navigate to *Monitor > Compliance > Hosts* to view agentless compliance scan results. +You can see a column named *Scanned by* in the results page. +On the rows where entry is *Agentless*, scan results are provided by agentless scanning. + +image::agentless_compex.png[width=600] + +Agentless scans provide risk factors associated with each compliance issue and overall compliance rate for host benchmarks. (learn more https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vuln_explorer[here]). +You can add tags and create policies in alert mode for exceptions. +Agentless scanning is integrated with Compliance Explorer and Host Radar. + +==== Custom Compliance Scans + +You can create custom compliance checks on file systems for your host and add them to your compliance policy for scanning. +https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/custom_compliance_checks[Follow the instructions] to enable custom compliance checks in a single step for both Defenders and Agentless scans. + +ifdef::prisma_cloud[] +=== Malware Scans + +Agentless scanning uses Palo Alto Networks Advanced WildFire to xref:../compliance/prisma-cloud-compliance-checks.adoc#malware[scan your container images and hosts for malware]. + +endif::prisma_cloud[] + +=== Pending OS Updates + +Unpatched OSes lead to security risks and greater possibility of exploits. +Through agentless scanning, find pending OS security updates as a compliance check. + +image::agentless_pendingOS.png[width=600] + +You can search for all hosts with pending OS updates by searching for "Ensure no pending OS updates" string in Compliance explorer page (Monitor > Compliance > Compliance eExplorer tab). + +*Syntax:* + [] ( …) + +=== Cloud Discovery Integration + +When cloud discovery is enabled, agentless scans are automatically integrated with the results to provide visibility into all regions and cloud accounts where agentless scanning is not enabled along with undefended hosts, containers, and serverless functions. + +image::agentless_cloud.png[width=800] + +=== Pre-flight checks + +Before scanning, Prisma Cloud performs pre-flight checks and shows any missing permissions. +You can see the status of the credentials without waiting for the scan to fail. +This gives you proactive visibility into errors and missing permissions allowing you to fix them to ensure successful scans. +The following image shows the notification of a missing permission. + +image::agentless_preflight.png[width=800] + +include::onboard-accounts/frag-start-agentless-scan.adoc[leveloffset=1] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning.adoc new file mode 100644 index 0000000000..b71e610256 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning.adoc @@ -0,0 +1,207 @@ +:toc: macro +[#agentless-scanning] +== Agentless Scanning + +toc::[] + +Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload without having to install an agent or affecting the execution of your workload. +Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. +Prisma Cloud supports agentless scanning of cloud workloads on AWS, Azure, GCP, and OCI for vulnerabilities and compliance. + +In AWS, Azure, and GCP you can also use agentless scanning for container images as well as xref:../vulnerability-management/serverless-functions.adoc[Serverless functions]. + +Follow the xref:./onboard-accounts/onboard-accounts.adoc[step-by-step instructions to configure agentless scanning] and start scanning your AWS, Azure, GCP, and OCI accounts for vulnerabilities and configuration risks with agentless scanning. + +Once you onboard your cloud account with agentless scanning enabled, that account is continuously scanned regardless of how many workloads are under that account. +Whether you add or remove hosts and containers, agentless scanning keeps your workload's security issues visible. + +When onboarding an organization into Prisma Cloud and enabling agentless scanning across the organization, agentless scanning automatically scans accounts added to the organization. + +To achieve that goal, you grant the needed permissions during onboarding and Prisma Cloud scans the account regularly. +By default, agentless scans are performed periodically every 24 hours and this interval is xref:./onboard-accounts/onboard-accounts.adoc#start-agentless-scan[configurable]. + +[#scanning-process] +=== Agentless Scanning Process + +To understand the process of agentless scanning, it is important to understand how cloud service providers group workloads. +At a fundamental level, workloads are grouped by region. +Agentless scans are performed regionally. +Once you add your cloud account to Prisma Cloud and enable agentless scanning, the scanning infrastructure is deployed within each region of your project, account, organization, or subscription with workloads. + +At a high level, Agentless scanning performs the following steps. + +. Validates that the Prisma Cloud role for the onboarded cloud account has the appropriate permissions and that those permissions are not blocked by an organizational policy. + +. Lists the hosts within the onboarded cloud accounts and the containers running on those hosts. + +. Creates a snapshot for each host in the onboarded cloud accounts. The snapshots are copies of the hosts' volume regardless of whether they are encrypted or not. + +. Creates scanner instances in each region with deployed workloads. + +. Creates the needed <<#networking-infrastructure,networking infrastructure>> in each region. The networking infrastructure is required to allow the scanner instances to report the scan results back to Prisma Cloud. + +. Attaches each snapshot to the corresponding scanner instance in each region. + +. Scans each snapshot for vulnerabilities and compliance issues on the host or on containers running on that host. + +. Reports the scan results back to Prisma Cloud. + +. Cleans up all snapshots, network infrastructure, and scanner instances provisioned to perform the scan from your onboarded cloud accounts. +This cleanup removes the resources that were set up from your cloud account until the next scan. + +In the cloud accounts page you can see the general scan progress you can see the status of the agentless scan of a specific account, for example, *scanning* and *completed*, and you can sort accounts by status. + +[#networking-infrastructure] +=== Networking Infrastructure + +Agentless scanning automatically deploys the network infrastructure that the scanner requires to report the scan results back to Prisma Cloud. +By default, scanners are attached to a public IP address and the networking infrastructure deployed only allows egress traffic and blocks all ingress traffic. + +image::networking-infrastructure.png[width=400] + +If you require the scanners to use a private IP address or prefer to disallow Prisma Cloud from creating the network infrastructure automatically, it is required that you deploy and maintain the network infrastructure to enable the communication between the scanners and Prisma Cloud. + +Ensure that you follow these guidelines. + +* Create your own network infrastructure using the network resources available in each cloud service provider. + +* Ensure that any hosts using your network infrastructure can connect to the Prisma Cloud console. + +* Configure the relevant network resources under *Compute > Cloud Accounts > Edit Cloud Account > Agentless scanning > Advanced settings*. + +** In AWS: Specify the deployed Security group. + +** In Azure: Specify the deployed Security group ID and Subnet ID. + +** In xref:./onboard-accounts/configure-gcp.adoc[GCP]: Specify the deployed subnet name or a shared VPC. + +** In OCI: Specify the VCN, Subnet, or Security group. + +These settings are mandatory to allow scanners to use a private IP address. +After you configure them, the next time an agentless scan is performed the default networking infrastructure is not provisioned. +Instead, the scanners use these settings for the egress traffic to communicate to the Prisma Cloud console. + +To minimize the permissions used by agentless scanning, you can optionally remove the permissions used to create and delete network resources. +Check the networking information in the xref:../configure/permissions.adoc[Permissions by feature page]. +Once you remove the permissions, no network resources are created or deleted but you can expect to see the following error: + +[source] +---- +Failed cleaning up network resources: UnauthorizedOperation: You are not authorized to perform this operation. +---- + +This error is expected because the Prisma Cloud role doesn't have the permissions and the validation process generates this message. +You can ignore the message if you deploy and maintain the networking infrastructure for the agentless scanning process. + +[#progress-and-statuses] +=== Scan Progress and Statuses + +Accounts go through the following statuses as a scan takes place. + +. *New* - if an account was added during an ongoing scan or between scan cycles. + +. *Pending Scan* - all accounts are set to this state when a scan cycle begins. + +. *Scanning* - the scan process takes place, including pre-flight checks for permissions. +Hosts that were done scanning would immediately appear in the scan results - results are never delayed to the end of a scan cycle. +At this state, after an account has finished scanning, all scanners, snapshots and disks are being cleaned up immediately. + +. *Pending Cleanup* - final state for all accounts that finished scanning. Accounts move to cleanup only after all accounts have reached this state. + +. *Cleanup* - if networking resources were created, they are cleaned up across all accounts and regions. + +. *Completed* - scanning and cleanup is completed, this could be one of two options: + +.. Completed successfully. + +.. Completed with errors if issues occurred during any stages of the scan. + +[#cycle-length] +=== Scan Cycle Length + +It is nearly impossible to estimate what is the end-to-end duration of a scan cycle since it depends on a variety of factors, for example. + +* Number of hosts +* Hosts disks sizes +* Used space on hosts disks +* Number of files in the hosts disks +* How the hosts are dispersed between accounts and regions, for example: a single account with a single region that contains 100 hosts, is scanned faster than 10 accounts with 10 regions each, that contains a single host in every region. + +* CSP-related factors: + +** API calls latency +** API calls errors + +[#snapshots-creation] +=== Snapshots Creation + +During the agentless scanning process, Prisma Cloud iterates through all regions within your environment and creates a snapshot of each host in every region. +To mitigate the security risk that non-running hosts pose,you can enable agentless scanning and scan non-running hosts by configuring the agentless scanning for every account you onboard. +Each scanner instance is attached with a maximum of 26* snapshots, which it then scans for security risks. + +[NOTE] +==== +For OCI accounts, the maximum snapshots scanned per agentless scanner is set to 16 snapshots. +==== + +By default, agentless scanning is configured to spin up a single agentless scanner within every region, meaning that at any given time, only a single agentless scanner is deployed in every region. +The agentless scanner scans hosts snapshots iteratively within every region in batches of 26 snapshots at a time. + +[#scaling-agentless-scanning] +=== Scaling and Parallel Scanning + +To expedite the scanning process, you can enable auto scaling under the agentless configuration, this enables the scanning process to spin up to 50 agentless scanners in parallel to scan the snapshots within every region. If enabled, auto-scaling allows scanning of up to 50*26=1300 hosts in parallel within every region. + +You can also configure a limit other than 50 in the *Max number of scanners* configuration field. + +image::agentless-scanning-max-number-of-scanners.png[width=800] + +If using a xref:./agentless-scanning-modes.adoc#hub-account-mode[hub account], the same limit applies to the hub itself. Meaning, that a hub account with auto-scaling enabled, spins up to 50 agentless scanners within a region to scan all target accounts. + +If the quota is exceeded within a region, for example, if an insufficient quota is set for either VM instances, IP addresses or other resources, the scan process fails for that region showing an appropriate quota error message for that specific region in the Compute Cloud Accounts page. + +[#parallel-agentless-scanning] +==== Parallel Agentless Scanning + +Agentless scanning takes place in parallel across 20 regions at a time that spans across all accounts. +For example, 10 regions from account A, 5 regions from account B, and 5 regions from account C could be scanned in parallel. + +[#csp-cost] +=== Cloud Service Provider Cost of Agentless Scanning + +The main cost associated with agentless scanning is attributed to the running time of the scanners. By default, Prisma Cloud tries to create the scanner instance as a spot instance that is at a significantly discounted price compared to regular on-demand instances, and falls back to on-demand, only when spot instances are unavailable. + +Other factors that determine the cost associated with agentless scanning is the snapshots and disks creation, and a minimal cost of egress networking from the scanners to the Prisma Cloud Compute backend. +Agentless scanning does not incur cross-region networking costs because the scanners create the snapshots within the same region for both xref:./agentless-scanning-modes.adoc[scanning modes]. + +If an instance type is not available the agentless scan process falls back to the next instance types as listed for each CSP. For example, an instance type might not be available in all regions. + +==== AWS + +. m5.2xlarge +. m4.2xlarge +. m3.2xlarge +. t2.2xlarge + +==== Azure + +* Standard_DS4_v2 + +[NOTE] +==== +Enabling Agentless Scan on Azure with an https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources[active scope lock] has a significant cost implication. The temporary resources that Prisma Cloud deploys for scanning cannot be deleted and continue to incur costs (VMs, disks, snapshots) because these resources are locked. The Prisma Cloud console generates a log entry that reports a _409 Conflict_ and _ERROR CODE: ScopeLocked_. + +To ensure that you do not incur addtional costs, you must evaluate if the scope lock is necessary for your operations. Consider releasing the scope lock or have a different method to delete the temporary resources to prevent any cost overhead. +==== + +==== GCP + +* e2-standard-8 + +==== OCI + +. VM.Standard.E4.Flex +. VM.Standard.E3.Flex +. VM.Standard3.Flex + +To get an estimate of the CSP costs associated with agentless scanning, reach out to your Prisma Cloud sales representative. diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-aws.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-aws.adoc new file mode 100644 index 0000000000..08264df5d5 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-aws.adoc @@ -0,0 +1,49 @@ +:topic_type: task +:toc: macro +[#configure-aws-agentless] +[.task] +== Configure Agentless Scanning for AWS + +toc::[] + +[.procedure] + +. Log in to the Prisma Cloud administrative console. + +. Select *Compute > Manage > Cloud Accounts*. + +. Click the edit button of your cloud account. + +. Go to the *Agentless Scanning* section. + +. Expand the *Advanced settings*. ++ +image::agentless-aws-pcee-advanced-settings.png[width=540] + +.. Enable Permissions check to verify that the permissions are correct before running a +scan. +.. *Scanning type*: For AWS accounts, you can decide between xref:../agentless-scanning.adoc#scanning-modes[two scanning modes]. + +... *Same Account*: Scan hosts of your AWS account using that same account. + +... *Hub Account*: Scan hosts of your AWS account using a different account. Select another onboarded account to scan the account you are onboarding from the list. + +.. Enter a *Proxy* value if traffic leaving your AWS tenant uses a proxy. + +.. Under *Scan scope* you can choose *All regions* to scan in all AWS regions. If you choose +Custom regions, enter the AWS region in which you want Prisma Cloud to scan. + +.. Enter tags under *Exclude VMs by tags* to further limit the scope of the scan. + +.. Choose whether or not to *Scan non running hosts*. + +.. Choose whether or not to enable *Auto-scale scanning*. If you disable auto-scale, specify number of +scanners Prisma Cloud should employ. + +.. Enter an optional *Security group*. If the default VPC isn't available in all the regions of your AWS account, follow https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#creating-security-groups[AWS instructions] for creating a custom security group https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/enable-access-prisma-cloud-console[enabling an egress connection to Prisma Cloud] on port 443 in the https://console.aws.amazon.com/vpc/[Amazon VPC Console]. + +. Click Next. + +. Leave the *Discovery features* unchanged. + +. Click *Save* to return to *Compute > Manage > Cloud accounts*. diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-azure.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-azure.adoc new file mode 100644 index 0000000000..3a922e1431 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-azure.adoc @@ -0,0 +1,104 @@ +:topic_type: task +[.task] + +ifdef::compute_edition[] +[#azure-configure-agentless-pcce] +== Configure Agentless Scanning for Azure + +[.procedure] +. Log in to your Prisma Cloud Compute Console. + +. Go to *Manage > Cloud* Accounts. + +. Click *+Add account*. + +. Enter the needed information in the *Account config* pane. ++ +image::azure-managed-identity-auth.png[width=250] + +.. *Select Cloud provider*: Azure + +.. *Name:* For example: PCC Azure Agentless. + +.. *Description:* Provide an optional string, for example: release. + +.. *Authentication method:* +... *Service key*: Paste the JSON object for the Service Principal you created. +... *Certificate*: Use a client certificate for authentication. +... *Managed Identity*: Use <<#configure-managed-identity,Managed Identity>> authentication to access Azure resources without entering any client secrets or certificates. + +. Click Next. + +. Complete the configuration in the *Scan account* pane: ++ +image::agentless-azure-scan-config-basic.png[width=400] + +.. Enable *Agentless scanning*. + +.. Set the *Console URL* and *Port* to the address of your Prisma Cloud console that can be reached from the internet. To create an address or FQDN reachable from the internet, complete the xref:../../configure/subject-alternative-names.adoc[Subject Alternative Names procedure]. + +.. Expand* Advanced settings*. ++ +image::agentless-configuration-azure.png[width=400] + +... If you use a proxy for traffic leaving your Azure tenant, enter the *Proxy* address and add it's Certificate Authority certificate. + +... Under *Scan scope* you can choose *All regions* to scan for VMs in all Azure regions. If you choose *Custom regions*, enter the Azure region in which you want Prisma Cloud to scan for VMs. + +... Enter tags under *Exclude VMs by tags* to further limit the scope of the scan. + +... Choose whether or not to *Scan non running hosts* + +... Choose whether or not to enable *Auto-scale scanning*. If you disable auto-scale, specify number of scanners Prisma Cloud should employ. + +... Enter the *Security group ID* and *Subnet ID* that are created to allow the Prisma Cloud console to communicate back with Azure. + +. Click *Next*. + +. In the *Discovery features* page, leave the *Cloud discovery* settings unchanged. ++ +image::agentless-azure-cloud-discovery.png[width=400] + +. Click *Add account*. + +endif::compute_edition[] + +ifdef::prisma_cloud[] +[#azure-configure-agentless-pcee] +== Configure Agentless Scanning for Azure + +[.procedure] + +. Log in to the Prisma Cloud administrative console. + +. Select *Compute > Manage > Cloud Accounts*. + +. Click the edit button of your cloud account. + +. Go to the *Agentless Scanning* section. + +. Expand the *Advanced settings* and provide the following information. + +.. Enable *Permissions check* to verify that the custom role permissions are correct before running a scan. + +.. Enter a *Proxy* value if traffic leaving your Azure tenant uses a proxy. + +.. Under *Scan scope* you can choose *All regions* to scan for VMs in all Azure regions. If you choose *Custom regions*, enter the Azure region in which you want Prisma Cloud to scan for VMs. + +.. Enter tags under *Exclude VMs by tags* to further limit the scope of the scan. + +.. Choose whether or not to *Scan non running hosts* + +.. Choose whether or not to enable *Auto-scale scanning*. If you disable auto-scale, specify number of scanners Prisma Cloud should employ. + +.. Enter the *Security group ID* and *Subnet ID* that are created to allow the Prisma Cloud console to communicate back with Azure. If left blank, the default name of the created resource group is `PCCAgentlessScanResourceGroup` and the default name of the created security group is `PCCAgentlessScanSecurityGroup`. + +. Click *Next*. + +. In the *Discovery features* page, leave the *Cloud discovery* settings unchanged. ++ +image::agentless-azure-cloud-discovery.png[width=400] + +. Click *Save*. + +endif::prisma_cloud[] \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-gcp.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-gcp.adoc new file mode 100644 index 0000000000..8ac4466d3b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-gcp.adoc @@ -0,0 +1,174 @@ +:topic_type: task +:toc: macro +[#configure-gcp-agentless] +[.task] +== Configure Agentless Scanning for GCP + +toc::[] + +ifdef::prisma_cloud[] + +[.procedure] + +. Log in to the Prisma Cloud administrative console. + +. Select *Compute > Manage > Cloud Accounts*. + +. Click the edit button of your cloud account. + +. Go to the *Agentless Scanning* section. + +endif::prisma_cloud[] + +ifdef::compute_edition[] + +[.procedure] + +. Log in to your Prisma Cloud Compute Console. + +. Go to *Manage > Cloud* Accounts. + +. Click *+Add account*. ++ +image::agentless-add-account.png[width=400] + +. Enter the following information for the hub account in the *Account config* page. ++ +image::agentless-gcp-account-config.png[width=400] + +.. *Select Cloud provider*: GCP + +.. *Account ID:* Enter your Google project ID for the hub account. + +.. *Description:* Provide an optional string. + +.. *Service account:* Paste the contents of the downloaded service account key file for the hub account. + +.. *API token:* Leave blank. + +. Click *Next*. + +. In the Agentless scanning page, complete the following steps. + +.. Enable *Agentless scanning*. + +.. Set the *Console URL* and *Port* to the address of your Prisma Cloud console that can be reached from the internet. To create an address or FQDN reachable from the internet, complete the xref:../../configure/subject-alternative-names.adoc[Subject Alternative Names procedure]. + +endif::compute_edition[] + +. *Hub account*: Enable the toggle to configure this account as a xref:../agentless-scanning-modes.adoc[hub account]. + +. Expand the *Advanced settings*. ++ +image::agentless-gcp-pcee-advanced-settings.png[width=400] + +.. *Select where to scan*: For GCP accounts, you can decide between xref:../agentless-scanning.adoc#scanning-modes[two scanning modes]. + +... *Same Account*: Perform the agentless scanning process using this account. + +... *Hub Account*: Perform the agentless scanning process using a centralized hub account. +Select another account from the list to use as the centralized hub account to scan this account. + on the target accounts. +If you wish Prisma Cloud to scan encrypted volumes on the target accounts, follow the steps on <>. + +.. *Auto-scale scanning*: Automatically create the required amount of scanners to scan all of the hosts within a region, up to a limit of 50 scanners. +To use a different limit specify the *Max number of scanners*. + +.. *Max number of scanners*: Enter the upper limit of scanners that Prisma Cloud can automatically spin up within a region in your account for faster results. + +.. *Enforce permissions check*: In case of failure to validate the appropriate permissions, this account won't be scanned. +If this is a hub account, the associated target accounts won't be scanned as well. + +.. Enter a *Proxy* value if traffic leaving your GCP tenant uses a proxy. + +.. *Custom labels*: Apply custom labels to any resources Prisma Cloud creates during agentless scanning. + +.. Under *Scan scope* you can refine the scope of the scanning by *Regions* or using labels. ++ +image::tags-scope.png[width=300] + +... *All regions*: Scan in all GCP regions. + +... *Custom regions*: Specify the GCP regions, which you want scanned. + +... *Scan non running hosts*: Choose whether or not to scan hosts that aren't running. + +... *Exclude hosts by labels*: Select a subset of hosts which you want to exclude from the scan process ++ +You can use wildcards to specify a range of labels in both keys and values following these examples: ++ +[source] +---- +"abcd*" +"*abcd" +"abcd" +"*" +"*abcd*" +---- + +... *Include hosts by labels*: Select a subset of hosts to scan ++ +You can use wildcards to specify a range of labels in both keys and values following these examples: ++ +[source] +---- +"abcd*" +"*abcd" +"abcd" +"*" +"*abcd*" +---- + +.. *Network resources*: Configure custom network resources for agentless scanning + +... *Subnet*: If left blank, agentless scanning uses the default xref:../agentless-scanning.adoc#networking-infrastructure[networking infrastructure] and assigns scanners with a public IP. Specify a subnet name to use an existing subnet in your environment and to use a private IP. The subnet must be unique and identical across all regions. +If you are configuring a hub account, this requirement only applies to the hub account and not for the targets. + +... *Shared VPC*: If you are using a shared VPC, enter the shared VPC path in this field with the following convention. Replace `{host_project_name}` with the ID of the project that owns the shared VPC. ++ +[source] +---- +projects/{host_project_name}/regions/{region_name}/subnetworks/{subnet_name} +---- ++ +Using a shared VPC requires xref:../../configure/permissions.adoc#gcp-agentless[additional permissions] on the shared VPC host project. +Refer to the GCP documentation to https://cloud.google.com/vpc/docs/shared-vpc[learn more about shared VPCs]. + + +. Click Next. + +. Leave the *Server scan* toggle unchanged. + +. Click Next. + +. Leave the *Discovery features* toggle unchanged. + +. Click *Save*. + +[.task] +[#gcp-encrypted-volumes] +=== Scan Encrypted Volumes When Using Hub Mode + +When you use xref:../agentless-scanning-modes.adoc[hub and target projects], you can configure your hub project to access the encrypted volumes of the target accounts. +To use encrypted volumes the service account of Google Compute Engine needs to have the `cloudkms.cryptoKeyEncrypterDecrypter` role. +Without it, the service agent of the the hub project can't access the KMS keys. + +The Compute Engine service agent for your hub project is labeled with the following convention. +`service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com` +Replace `PROJECT_NUMBER` with the number of your hub project. + +[.procedure] + +. Use the following command to apply the grant the role and permissions to the Compute Engine service agent. ++ +[source] +---- +gcloud projects add-iam-policy-binding KMS_PROJECT_ID \ + --member serviceAccount:service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com \ + --role roles/cloudkms.cryptoKeyEncrypterDecrypter +---- + +. Replace `KMS_PROJECT_ID` with any project you need to use. +The KMS project isn't required to be the hub account or the target accounts you wish to scan. + +include::frag-start-agentless-scan.adoc[leveloffset=1] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-oci.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-oci.adoc new file mode 100644 index 0000000000..8623c77920 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-oci.adoc @@ -0,0 +1,89 @@ +:topic_type: task +:toc: macro +[#configure-oci-agentless] +[.task] +== Configure Agentless Scanning for Oracle Cloud Infrastructure (OCI) + +toc::[] + +[.procedure] + +ifdef::compute_edition[] + +. Log in to your Prisma Cloud Console. + +. Go to *Manage > Cloud accounts*. ++ +image::agentless-manage-cloud-accounts.png[width=800] + +endif::compute_edition[] + +ifdef::prisma_cloud[] + +. Log in to the Prisma Cloud administrative console. ++ +image::prisma-cloud-console-pcee.png[width=800] + +. Select *Compute > Manage > Cloud accounts*. ++ +image::agentless-manage-cloud-accounts-pcee.png[width=800] + +endif::prisma_cloud[] + +. Click *Add account*. ++ +image::agentless-add-account.png[width=800] + +. Under *Select cloud provider*, pick *Oracle*. ++ +image::agentless-oci-account-configuration.png[width=800] + +. Provide a name for the account. ++ +image::agentless-oci-account-configuration-name.png[width=800] + +. Under *Tenancy*, paste the value you got from the OCI *Configuration File Preview*. ++ +image::agentless-oci-account-configuration-tenancy.png[width=800] + +. Under *User*, paste the value you got from the OCI *Configuration File Preview*. ++ +image::agentless-oci-account-configuration-user.png[width=800] + +. Under *Fingerprint*, paste the value you got from the OCI *Configuration File Preview*. ++ +image::agentless-oci-account-configuration-fingerprint.png[width=800] + +. Open the downloaded private key and paste it under *Private key*. ++ +image::agentless-oci-account-configuration-private-key.png[width=800] + +. Click *Next*. ++ +image::agentless-oci-account-configuration-next.png[width=800] + +. Select the public URL that the Prisma Cloud Console uses to connect to OCI. ++ +image::agentless-oci-agentless-configuration-url.png[width=800] + +. Enter the name of the created OCI compartment. ++ +image::agentless-oci-agentless-configuration-compartment.png[width=800] + +. Configure any *Advanced settings* you need. ++ +image::agentless-oci-agentless-advanced-settings.png[width=800] ++ +[NOTE] +==== +Any resources like VCN, subnet, or security group you want to use must exist in the compartment you created. +Create the resources using the same name in every region you wish to scan. +==== + +. Under *Download permission templates*, click *Download*. ++ +image::agentless-oci-agentless-configuration-download-template.png[width=800] + +. Click *Add account*. ++ +image::agentless-oci-agentless-configuration-add-account.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/frag-start-agentless-scan.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/frag-start-agentless-scan.adoc new file mode 100644 index 0000000000..f396e04c75 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/frag-start-agentless-scan.adoc @@ -0,0 +1,50 @@ +[#start-agentless-scan] +[.task] +== Start an Agentless Scan + +Agentless scans start immediately after onboarding the cloud account. +By default, agentless scans are performed every 24 hours, but you can change the interval on the *Manage > System > Scan* page under *Scheduling > Agentless*. + +image::agentless-interval.png[width=800] + +To manually start a scan, complete the following steps. + +[.procedure] + +ifdef::compute_edition[] +. Go to *Manage > Cloud accounts*. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. Go to *Compute > Manage > Cloud accounts*. +endif::prisma_cloud[] + +. Click the scan icon on the top right corner of the accounts table. + +. Click *Start Agentless scan*. ++ +image::agentless-start-scan.png[width=400] + +. Click the scan icon in the top right corner of the console to view the scan status. + +. View the results. + +ifdef::compute_edition[] +.. Go to *Monitor > Vulnerabilities > Hosts* or *Monitor > Vulnerabilities > Images*. +endif::compute_edition[] + +ifdef::prisma_cloud[] +.. Go to *Compute > Monitor > Vulnerabilities > Hosts* or *Compute > Monitor > Vulnerabilities > Images*. +endif::prisma_cloud[] + +.. Click on the *Filter hosts* text bar. ++ +image::vulnerability-results-filters.png[width=400] + +.. Select the *Scanned by* filter. ++ +image::vulnerability-results-scanned-by.png[width=400] + +.. Select the *Agentless* filter. ++ +image::vulnerability-results-scanned-by-agentless.png[width=400] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts.adoc new file mode 100644 index 0000000000..975c559fa7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts.adoc @@ -0,0 +1,130 @@ +== Onboard Accounts for Agentless Scanning + +Agentless scanning provides visibility into vulnerabilities and compliance risks on cloud workloads by scanning the root volumes of snapshots. +The agentless scanning architecture lets you inspect a host and the container images in that host without having to install an agent or affecting its execution. + +To learn more about the architecture and scan results, see xref:../agentless-scanning.adoc[How agentless scanning works?] + +toc::[] + +ifdef::compute_edition[] +=== Prerequisites + +To configure agentless scanning you must ensure the following requirements are met. + +* Ensure you have permissions to create service keys and security groups in your cloud account. +* Ensure you have permissions to apply agentless permission templates to your cloud account. +* Ensure you can connect to the Prisma Cloud Console over HTTPS from your cloud account. +Ideally, your configuration denies all incoming traffic and allows the tcp/8083` egress port for Prisma Cloud Compute Edition. +Review the egress port configuration needed to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/enable-access-prisma-cloud-console[enable access to the Prisma Cloud console] + +* Unless you are using a proxy to connect to the Prisma Cloud Console, you must enable auto-assign public IPs on the subnet or security group you use to connect your cloud account to the Prisma Cloud Console. + +To understand what permissions will be needed for agentless scanning, refer to our xref:../../configure/permissions.adoc[full permission list]. +The downloaded templates from Console add conditions around these permissions to ensure least privileged roles in your accounts. +To learn more about the credentials you can use, go to our xref:../../authentication/credentials-store/credentials-store.adoc[credentials store page]. + +Complete the steps in the following pages to configure agentless scanning for accounts from the supported cloud providers. + +* xref:./onboard-aws.adoc[Amazon Web Services] +* xref:./onboard-azure.adoc[Microsoft Azure] +* xref:./onboard-gcp.adoc[Google Cloud Platform] +* xref:./onboard-oci.adoc[Oracle Cloud Infrastructure] + +You can change default values after onboarding them in *Manage > Cloud accounts*. + +Click the *Edit* icon to change a specific account or select multiple accounts and complete the following steps to change the configuration of multiple accounts at once. + +[NOTE] +==== +Only change the configuration of multiple accounts from the same cloud provider and of the same authentication subtype. +If you select accounts from different providers, you can't change agentless configuration fields. +==== + +endif::compute_edition[] + + +ifdef::prisma_cloud[] + +To configure agentless scanning for your cloud accounts, you must onboard the accounts to Prisma Cloud. + +Ensure you can connect to the Prisma Cloud Console over HTTPS from your cloud account. +Ideally, your security group denies all incoming traffic and allows one egress port. +Review the egress port configuration needed to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/enable-access-prisma-cloud-console[enable access to the Prisma Cloud console]. + + +Complete the steps in the following pages to configure agentless scanning for accounts from the supported cloud providers. + +* xref:./onboard-aws.adoc[Amazon Web Services] +* xref:./onboard-azure.adoc[Microsoft Azure] +* xref:./onboard-gcp.adoc[Google Cloud Platform] +* xref:./onboard-oci.adoc[Oracle Cloud Infrastructure] + +When you enable the account on Prisma Cloud, it shows up in *Compute > Manage > Cloud accounts* after up to 24 hours. + +You can change the configuration after onboarding your cloud accounts in *Compute > Manage > Cloud accounts*. + +Click the *Edit* icon to change a specific account or select multiple accounts. + +=== Disable Accounts + +When you disable an account in Prisma Cloud, the account remains available under *Compute > Manage > Cloud accounts* for up to 24 hours. +After that time, the disabled account is removed from *Compute > Manage > Cloud accounts*. +Until the account is removed, errors occur when you run discovery, agentless, or serverless scans. +Any updates to the disabled account are ignored. + +The disabled account is marked as deleted in *Compute > Manage > Cloud accounts* with a garbage bin icon next to it, and you can delete it safely. +If you had deleted the account in *Compute > Manage > Cloud accounts* but then disabled it, the account will show up again in *Compute > Manage > Cloud accounts* with a garbage bin icon next to it, and you can delete it safely. + +endif::prisma_cloud[] + +[.task] +[#multiple-accounts] +=== Bulk Actions + +Prisma Cloud supports performing agentless configuration at scale. +Different cloud providers and authentication subtypes require different configuration fields, which also limits your ability to change accounts in bulk. +The Prisma Cloud Console displays all the configuration fields that can be changed across all the selected accounts, and hides those that differ to prevent accidental misconfiguration. + +[NOTE] +==== +Only change the configuration of multiple accounts from the same cloud provider and of the same authentication subtype. +If you select accounts from different providers, you can't change agentless configuration fields. +==== + +The following procedure shows the steps needed to configure agentless scanning for multiple accounts at the same time. + +[.procedure] +. Go to *Compute > Manage > Cloud accounts* ++ +image::manage-cloud-accounts.png[width=800] + +. Select multiple accounts. ++ +[NOTE] +==== +Only select accounts from the same cloud provider and of the same authentication subtype. +If you select accounts from different providers, you can't change agentless configuration fields. +==== + +. Click the *Bulk actions* dropdown. + +. Select the *Agentless configuration* button. ++ +image::bulk-actions.png[width=400] + +. Change the configuration values for the selected accounts. ++ +image::agentless-configuration-bulk.png[width=800] + +* Select *Save* to save the configuration for the selected accounts. + +ifdef::compute_edition[] + +=== Cloud Account Manager Role + +Use the *Cloud Account Manager* user role to grant full read and write access to all cloud account settings. +This role can manage credentials, and change *Agentless Scanning* and *Cloud Discovery* configuration. +endif::compute_edition[] + +include::frag-start-agentless-scan.adoc[leveloffset=1] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-aws.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-aws.adoc new file mode 100644 index 0000000000..e074d6fe5d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-aws.adoc @@ -0,0 +1,314 @@ +== Onboard AWS Accounts for Agentless Scanning + +Prisma Cloud gives you the flexibility to choose between agentless security and agent-based security using Defenders. Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload or container image without installing an agent or affecting the execution of your workload. Prisma Cloud supports agentless scanning for vulnerabilities and compliance on AWS hosts, containers, and clusters. To learn more, see xref:../agentless-scanning.adoc[How Agentless Scanning Works?] + +To onboard your AWS account for agentless scanning, you need to complete the following tasks. + +ifdef::compute_edition[] + +. Add <<#add-aws-credential,an AWS credential to the Prisma Cloud Compute Console>>. +. <<#apply-permission-templates-aws,Apply the agentless scanning permission templates>> to the account for scanning. +. Create a security group to <<#connect-aws-pcc,connect your AWS account and the Prisma Cloud Console>>. + +[.task] +[#add-aws-credential] +=== Add an AWS Credential to the Prisma Cloud Compute Console + +Authenticate your AWS account using its IAM users for agentless scanning. Agentless scanning in AWS only supports IAM users that are using an access key for authentication. An access key consists of an access key ID and a secret key. Create an IAM user in AWS to serve as an identity that represents a person or service interacting with AWS. You must use both the access key ID and secret access key of an access key together to authenticate requests with AWS. For more detailed information on how to create and maintain IAM users, go to the https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html[AWS documentation]. + +[.procedure] + +. Go to the IAM page for your AWS account at: \https://console.aws.amazon.com/iam/ + +. Click Add user. ++ +image::aws-agentless-add-user.png[width=800] + +. Enter a user name and enable *Access key - Programmatic access*. Agentless scanning uses this access to call the APIs and scan your AWS account. + +. Click *Next* to go to the *Set permissions* page. ++ +image::aws-agentless-set-permissions.png[width=600] + +. Skip the *Set permissions* page. You can get the needed permission templates after validating your credentials in the Prisma Cloud Console. Click *Next*. + +. Add tags as needed but no tags are needed for agentless scanning. + +. Click *Review*. + +. Ignore the “This user has no permissions” warning and click *Create user*. ++ +image::aws-agentless-user-without-permissions.png[width=600] + +. Copy the *Access Key ID* and *Secret Key* from the AWS Console for this newly created user. You need to add this information when adding the credential to Prisma Cloud Compute Console. + +. Go to the Prisma Cloud Compute Console. + +. Go to *Manage > Cloud Accounts > Add Account*. + +. Select AWS as the cloud provider and Access Key as the authentication type. + +. Paste the Access key and Secret key for the newly created user that you copied from the AWS Console. ++ +[NOTE] +==== +Following AWS best practices, you should rotate your keys every 90 days. Prisma Cloud raises an Alert when the age of the added credentials is greater than 90 days. If you follow this practice, rotate your keys at least every 90 days and update the credential in the Prisma Cloud Console. +==== + +[.task] +[#apply-permission-templates-aws] +=== Apply the Agentless Scanning Permission Templates + +After adding credentials for your AWS cloud account to the Prisma Cloud Compute Console, you need to configure agentless scanning. + +[.procedure] +. After adding the AWS IAM credential, click *Next* in the cloud account set up of the Prisma Cloud Compute Console. ++ +image::agentless-configuration-aws.png[width=400] + +. In the *Agentless scanning* tab, click the *Download* button to download agentless permission templates. ++ +image::agentless-permission-templates.png[width=500] ++ +When you click Download the Prisma Cloud Console performs the following actions: ++ +.. Validates the specified credentials and the download raises an error if the credentials are incorrect. +.. Multiple permission templates are downloaded as JSON files. ++ +The permission templates provide the permissions required by each cloud account for each of the scanning modes. Learn more about the permission included in the downloaded template files and how they are used in the xref:../../configure/permissions.adoc[permissions by feature]. +You can scan AWS accounts using the <<#aws-same-account,same account>> or the <<#aws-hub-account,hub account>> scanning modes. +If you want to use an existing AWS account, you can use the https://redlock-public.s3.amazonaws.com/aws/awsAgentlessPermissions.json[awsAgentlessPermissions.json] permissions template to grant it the needed permissions. + +[.task] +[#aws-same-account] +==== Same Account Mode +Using the same account scanning mode, you scan all hosts of a cloud account belonging to the same AWS cloud account. This scanning mode keeps the snapshots within the same AWS account where the hosts run and spins up the scanners using that same account. + +[.procedure] +. To scan accounts using this mode, you apply the permission template ending in `_target_user_permissions.json` to the AWS cloud account. For detailed instructions on how to apply cloud formation templates, refer to the https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-stack.html[AWS documentation]. + +. Create the needed AWS stack. + +.. Go to the https://console.aws.amazon.com/cloudformation/[AWS CloudFormation console] for your account. ++ +image::aws-agentless-cloudformation.png[width=800] + +.. Click the *Create stack* dropdown in the top right corner and select the *With new resources* option. + +.. Click the *Create stack* button. + +.. Select the *Template is ready* and *Upload template file* options. ++ +image::aws-agentless-create-stack.png[width=800] + +.. Under *Upload a template file*, click the *Chose file* button. Select the template that you downloaded from the Prisma Cloud Compute Console for agentless scanning ending with `_target_user_permissions.json`. ++ +image::aws-agentless-target-permission-template.png[width=600] + +.. Click *Next*. + +.. Enter a *Stack name* for the agentless scanning IAM user you created. ++ +image::aws-agentless-stack-name.png[width=600] + +.. Click *Next* and use the default values in the following screens until you reach the final *Create Stack* page. + +. Verify that the IAM user has the permissions applied. The permissions appear as `PCCAgentlessScanPolicy` in the *Permissions* tab for the IAM user. ++ +image::aws-agentless-applied-permission.png[width=800] + +[#aws-hub-account] +==== Hub Account Mode + +Using the hub account scanning mode, you scan all hosts in one or more cloud accounts, which are called target accounts, from another dedicated cloud account. This dedicated cloud account is called a hub account and it spins up the agentless scanners. To use the hub account mode, you must complete the following steps. + +. Add an AWS account to use as the hub account for agentless scanning to your Prisma Cloud Compute Console. + +. Add the AWS account or accounts that you want to scan using Prisma Cloud agentless scanning. + +[.task] +===== Add the Hub Account + +[.procedure] +. To add a hub account, apply the permission template ending in +`_hub_user_permissions.json` to the AWS cloud account. For detailed instructions on how to apply cloud formation templates, refer to the https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-stack.html[AWS documentation]. + +. Create the needed AWS stack. + +.. Go to the https://console.aws.amazon.com/cloudformation/[AWS CloudFormation console] for your account. ++ +image::aws-agentless-cloudformation.png[width=800] + +.. Click the *Create stack* dropdown in the top right corner and select the *With new resources* option. + +.. Click the *Create stack* button. + +.. Select the *Template is ready* and *Upload template file* options. ++ +image::aws-agentless-create-stack.png[width=800] + +.. Under *Upload a template file*, click the *Chose file* button. Select the template that you downloaded from the Prisma Cloud Compute Console for agentless scanning ending with `_hub_user_permissions.json`. ++ +image::aws-agentless-hub-permission-template.png[width=600] + +.. Click *Next*. + +.. Enter a *Stack name* for the agentless scanning IAM user you created. ++ +image::aws-agentless-stack-name.png[width=600] + +.. Click *Next* and use the default values in the following screens until you reach the final *Create Stack* page. + +. Verify that the IAM user has the permissions applied. The permissions appear as `PCCAgentlessScanPolicy` in the *Permissions* tab for the IAM user. ++ +image::aws-agentless-applied-permission.png[width=800] ++ +[NOTE] +==== +When you add hub account credentials to the Prisma Cloud Console, you can turn off agentless scanning in the hub account unless you want to scan all hosts in that account as well. If that is the case, you must add the target user permissions to the hub account in addition to the hub account permissions. +==== + +. Go to the Prisma Cloud Compute Console. +. Go to *Manage > Cloud Accounts > Add Account*. + +. Select AWS as the cloud provider and Access Key as the authentication type. + +. Paste the Access key and Secret key for the newly created user that you copied from the AWS Console. ++ +[NOTE] +==== +Following AWS best practices, you should rotate your keys every 90 days. Prisma Cloud raises an Alert when the age of the added credentials is greater than 90 days. If you follow this practice, rotate your keys at least every 90 days and update the credential in the Prisma Cloud Console. +==== + +. Once you add the hub account to Prisma Cloud, you can then add the target accounts. + +[.task] +===== Add your Target Accounts + +[.procedure] +. To add a target account, you apply the permission template ending in `_target_user_permissions.json` to the AWS cloud account. For detailed instructions on how to apply cloud formation templates, refer to the https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-stack.html[AWS documentation]. + +. Create the needed AWS stack. + +.. Go to the https://console.aws.amazon.com/cloudformation/[AWS CloudFormation console] for your account. + +.. Click the *Create stack* dropdown in the top right corner and select the *With new resources* option. ++ +image::aws-agentless-cloudformation.png[width=800] + +.. Click the *Create stack* button. + +.. Select the *Template is ready* and *Upload template file* options. ++ +image::aws-agentless-create-stack.png[width=800] + +.. Under *Upload a template file*, click the *Chose file* button. Select the template that you downloaded from the Prisma Cloud Compute Console for agentless scanning ending with `_target_user_permissions.json`. ++ +image::aws-agentless-target-permission-template.png[width=600] + +.. Click *Next*. + +.. Enter a *Stack name* for the agentless scanning IAM user you created. ++ +image::aws-agentless-stack-name.png[width=600] + +.. Click *Next* and use the default values in the following screens until you reach the final *Create Stack* page. + +. Verify that the IAM user has the permissions applied. The permissions appear as `PCCAgentlessScanPolicy` in the *Permissions* tab for the IAM user. ++ +image::aws-agentless-applied-permission.png[width=800] + +. Go to the Prisma Cloud Compute Console. +. Go to *Manage > Cloud Accounts > Add Account*. ++ +image::agentless-configuration-aws.png[width=400] + +. Select *AWS* as the cloud provider and *Access Key* as the authentication type. + +. Paste the *Access key* and *Secret key* for the newly created user that you copied from the AWS Console. ++ +[NOTE] +==== +Following AWS best practices, you should rotate your keys every 90 days. Prisma Cloud raises an Alert when the age of the added credentials is greater than 90 days. If you follow this practice, rotate your keys at least every 90 days and update the credential in the Prisma Cloud Console. +==== + +. In the Agentless scanning tab, select the *Hub Account* option as the *Scanning type*. + +. Select the hub account you want to use from the dropdown menu. + +. Click *Next* to connect your AWS account with the Prisma Cloud Console. + +[.task] +[#connect-aws-pcc] +=== Connect your AWS account with the Prisma Cloud Console + +Prisma Cloud looks for the `default` https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#DefaultSecurityGroup[VPC] that AWS creates to connect your AWS account to the Prisma Cloud Console for scanning. If the `default` VPC is not available, you must create and specify a custom security group. Otherwise, the connection from your AWS account to the Prisma Cloud Console fails and no scan results are shown. + +If you use the hub account scanning mode, you only need to create a security group in the hub account and not on each target account because the hub account is the only one that spins up the scanners. +Complete the following steps to create the needed security group if the `default` is unavailable. + +[.procedure] + +. Follow https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#creating-security-groups[AWS instructions] for creating a custom security group in the https://console.aws.amazon.com/vpc/[Amazon VPC Console]. + +. Allow outbound connections to the Prisma Cloud Compute Console IP address and port. Complete these steps to find these values. + +.. Go to the Prisma Cloud Console. + +.. Go to *Manage > Cloud accounts*. + +.. In the* Agentless scanning* tab, you can find the *Console URL* and *Port*. ++ +image::aws-agentless-console-url.png[width=600] + +. In the *Agentless scanning* tab, go to the *Advanced settings*. + +. Enter the name of the *Security group* you created under *Network resources*. ++ +image::aws-agentless-security-group.png[width=600] + +. Set the advanced settings: The agentless scanning advanced settings allow you to make the following changes to the configuration to better suit your needs. ++ +* *Console URL and Port*: Specify the Prisma Cloud Console URL and port that you use to connect your cloud account to the Prisma Cloud Console. ++ +* *Scanning type*: ++ +** *Same Account*: Scan hosts of a cloud account using that same cloud account. ++ +** *Hub Account*: Scan hosts of a cloud account, known as the target account, using another cloud account, known as the hub account. ++ +* *HTTP Proxy*: To connect to the Prisma Cloud Console through a proxy, specify the proxy's URL. ++ +* *Regions*: Specify the regions you want to scan. ++ +* *Exclude VMs by tags*: Specify the tags used to ignore specific hosts. For example: `example:tag` ++ +* *Scan non-running hosts*: Enable to scan stopped hosts that are not currently running. ++ +* *Auto-scale scanning*: When turned *ON*, Prisma Cloud automatically scales multiple scanners up or down for faster scans without any user-defined limits. Use this feature for large scale deployments. ++ +* *Number of scanners*: Define an upper limit to control the number of scanners Prisma Cloud can automatically spin up in your environment. Depending on the size of your environment, Prisma cloud scales scanners up or down within the given limit for faster scans. ++ +* *Security groups*: In AWS, you can enter a security group name ++ +* *Cloud Discovery*: Use the toggle to enable or disable the cloud discovery features. + +. Click the *Add account button* for new cloud accounts or the *Save button* for existing cloud accounts to complete the configuration. + +include::frag-start-agentless-scan.adoc[leveloffset=1] + +endif::compute_edition[] + +ifdef::prisma_cloud[] + +To onboard your AWS account for agentless scanning in same account mode you need to complete the following tasks. + +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-aws[Onboard the AWS Account or AWS organization] you want to use for agentless scanning in Prisma Cloud. + +. xref:./configure-aws.adoc[Configure] the onboarded account in Prisma Cloud. + +. <<#start-agentless-scan,Start an agentless scan.>> + +include::frag-start-agentless-scan.adoc[leveloffset=1] + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-azure.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-azure.adoc new file mode 100644 index 0000000000..ab1b9878d1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-azure.adoc @@ -0,0 +1,145 @@ +[#azure-onboarding] +== Onboard Azure Accounts for Agentless Scanning + +ifdef::compute_edition[] + +Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload without having to install an agent or affecting the execution of the workload. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. Prisma Cloud supports agentless scanning on Azure hosts, containers, and clusters for vulnerabilities and compliance. To learn more about how agentless scanning works, see the xref:../agentless-scanning.adoc[How Agentless Scanning Works?] + +This guide enables Agentless scanning for Prisma Cloud Compute Edition (PCCE or self-hosted) in Azure. +The procedure shows you how to complete the following tasks. + +. <<#azure-create-role-agentless-pcce,Create a role and a service principal in Azure.>> +. <<#azure-configure-agentless-pcce,Configure agentless scanning in the Prisma Cloud console.>> +. <<#start-agentless-scan,Start an agentless scan.>> + +[.task] +[#azure-create-role-agentless-pcce] +=== Create a Role and a Service Principal in Azure + +[.procedure] +. Log in to Azure with the Azure CLI. +. Download the https://redlock-public.s3.amazonaws.com/azure/azureAgentlessPermissions.json[azureAgentlessPermissions.json] file. +. Determine your `subscriptionId` with the following Azure CLI command. ++ +[source,bash] +---- +az account subscription list +---- + +. Replace `` in the `azureAgentlessPermissions.json` file with your Azure `subscriptionId`. You can find the field under the `"AssignableScopes": [ "/subscriptions/"]` element. + +. Create the role using the JSON file with the following Azure CLI command. ++ +[source,bash] +---- +az role definition create --role-definition azureAgentlessPermissions.json +---- + +. Create a Service Principal account with the following Azure CLI command. ++ +[source,bash] +---- +az ad sp create-for-rbac --name PCEE-Agentless --role "Prisma Cloud Compute Agentless Scanner" --scope /subscriptions/ --sdk-auth +---- + +. Copy and save the returned JSON object for the Service Principal, for example: ++ +[source,json] +---- +{ + "clientId": "", + "clientSecret": "", + "subscriptionId": "", + "tenantId": "", + "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", + "resourceManagerEndpointUrl": "https://management.azure.com/", + "activeDirectoryGraphResourceId": "https://graph.windows.net/", + "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", + "galleryEndpointUrl": "https://gallery.azure.com/", + "managementEndpointUrl": "https://management.core.windows.net/" +} +---- + +=== Configure Agentless Scanning + +Complete the xref:./configure-azure.adoc#azure-configure-agentless-pcce[agentless scanning configuration] for your Azure accounts. + +[#configure-managed-identity] +=== Configure Managed Identities for Azure + +Onboard your Azure Cloud account using Managed Identity authentication method to access Azure resources that support AD authentication without adding the service keys in Prisma Console. + +[.task] +==== Create a Managed Identity in Azure + +There are two types of managed identities: *System-assigned* and *User-assigned*. + +**Prerequisites**: + +* Create a VM in Azure. +* Install Console and Defender on the VM in Azure and both the Console and the Defender must use the same version. +* Assign Azure roles to a managed identity. The minimum required permission role is "Contributor". + +[.procedure] + +. To enable System assigned managed identity: +.. Sign in to the https://portal.azure.com/[Azure Portal]. +.. Go to your Virtual Machine and select *Identity*. +.. Under **System assigned, Status** select *On*. +.. Select the *Azure role assignments*, the minimum required permission *Role* is *Contributor*. ++ +image::azure-portal-managed-identity-system-assigned.png[width=250] +.. Click *Save*. + +. To enable User assigned managed identity: +.. Sign in to the https://portal.azure.com/[Azure Portal]. +.. Create a https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp[user-assigned managed identity] in the same Resource group as the VM. +.. Go to your Virtual Machine and select *Identity*. +.. Add the role you created under *Add user assigned managed identity*. ++ +image::azure-managed-identity-user-assigned.png[width=250] +.. Click *Add*. + +[.task] +==== Configure Azure Managed Identity in Prisma + +*Prerequisite*: + +* Create a Managed Identity in Azure. + +[.procedure] + +. Go to *Manage > Cloud accounts > Add account*. +. *Select cloud provider* as Azure. +. Select your *Region type*. +. Specify an *Account Name*. +. Add a *Description*, this is optional. +. Select the *Authentication method* as *Managed Identity*. +.. Select the *Managed Identity type*. +... *System Assigned*: Enter your *Subscription ID* ++ +image::managed-identity-system-assigned.png[width=200] +... *User Assigned*: Enter your *Subscription ID* and *Client ID*. ++ +image::managed-identity-user-assigned.png[width=200] +. Select *Next* and complete the setup. + +include::frag-start-agentless-scan.adoc[leveloffset=1] + +endif::compute_edition[] + +ifdef::prisma_cloud[] + +Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload without having to install an agent or affecting the execution of the workload. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. Currently, Prisma Cloud supports agentless scanning on Azure hosts, containers, and clusters for vulnerabilities and compliance. To learn more about how agentless scanning works, refer to our article on xref:../agentless-scanning-results.adoc[Agentless scanning architecture.] + +To enable agentless scanning for Prisma Cloud Enterprise Edition (PCEE or SaaS) in Azure, complete the following tasks. + +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account[Onboard the Azure Cloud account] you want to use for agentless scanning in Prisma Cloud. + +. xref:./configure-azure.adoc[Configure] the onboarded account in Prisma Cloud. + +. <<#start-agentless-scan,Start an agentless scan.>> + +include::frag-start-agentless-scan.adoc[leveloffset=1] + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp.adoc new file mode 100644 index 0000000000..03654b40d8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp.adoc @@ -0,0 +1,351 @@ +:toc: macro +== Onboard GCP Accounts for Agentless Scanning + +toc::[] + +Prisma Cloud gives you the flexibility to choose between agentless security and agent-based security using Defenders. Agentless scanning lets you inspect the risks and vulnerabilities of a cloud workload without installing an agent or affecting the execution of the workload. Prisma Cloud supports agentless scanning for vulnerabilities and compliance on hosts, clusters, and containers. To learn more about how agentless scanning works, see the xref:../agentless-scanning.adoc[How Agentless Scanning Works?][How Agentless Scanning Works?] + +Agentless scanning for GCP accounts can use one of the following xref:../agentless-scanning.adoc#scanning-modes[scanning modes]. + +ifdef::prisma_cloud[] + +To onboard your GCP account for agentless scanning in same account mode you need to complete the following tasks. + +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp[Onboard the GCP project] you want to use for agentless scanning in Prisma Cloud. + +. xref:./configure-gcp.adoc[Configure] the onboarded account in Prisma Cloud. + + +To use the hub account mode, you must complete the following steps. + +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp[Onboard the GCP project] to use as the hub account for agentless scanning to Prisma Cloud. + +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp[Onboard the GCP projects] to Prisma Cloud that you want to scan using Prisma Cloud agentless scanning. + +. xref:./configure-gcp.adoc[Configure] the onboarded target accounts to use the onboarded hub account. + +endif::prisma_cloud[] + +ifdef::compute_edition[] + +[#pcce-gcp-same-account] + +=== Onboard your GCP Account in Same Account Mode + +The following procedure shows the steps required to configure Prisma Cloud agentless scanning for a GCP project using the same account scanning mode with Prisma Cloud Compute credentials. + +This document uses the same name for the following items. +* Your GCP project +* Its service account +* Your Prisma Cloud account + +This choice creates a one-to-one mapping of projects, accounts, resources, and filenames. This mapping is not required, but it leads to simpler commands. + +[.task] +==== Configure your GCP Project + +[.procedure] + +. Setup your Google Cloud Project. + +.. Login to the https://shell.cloud.google.com/[Google Cloud shell]. + +.. Set an environment variable with the name of your project. ++ +[source] +---- +export PROJECT_NAME=example_project +---- + +.. Create a Google Cloud project. ++ +[source] +---- +export PROJECT_BILLING_ACCOUNT="ABCDE-12345-FGHIJ" +gcloud projects create ${PROJECT_NAME} +gcloud billing projects link ${PROJECT_NAME} --billing-account ${PROJECT_BILLING_ACCOUNT} +---- + +.. Enable the Google Cloud APIs needed for agentless scanning. ++ +[source] +---- +gcloud config set project ${PROJECT_NAME} +gcloud services enable cloudresourcemanager.googleapis.com +gcloud services enable compute.googleapis.com +gcloud services enable iam.googleapis.com +gcloud services enable deploymentmanager.googleapis.com +---- + +. Create the needed service account. ++ +[source] +---- +gcloud config set project ${PROJECT_NAME} +gcloud iam service-accounts create ${PROJECT_NAME} --display-name="Prisma Cloud Service Account for Agentless Scanning" +---- + +. Create and download the service account key file. ++ +[source] +---- +cloud iam service-accounts keys create ${PROJECT_NAME}-service_account_key.json --iam-account=${PROJECT_NAME}@${PROJECT_NAME}.iam.gserviceaccount.com +[ "${GOOGLE_CLOUD_SHELL}X" == "trueX" ] && cloudshell download ${PROJECT_NAME}-service_account_key.json +---- + +==== Configure Agentless Scanning + +Complete the xref:./configure-gcp.adoc[agentless scanning configuration procedure]. + + +[.task] +==== Apply the Jinja Template in GCP + +[.procedure] + +. Login to the https://shell.cloud.google.com/[Google Cloud shell]. + +. Set an environment variable with the project number. ++ +[source] +---- +gcloud config set project ${PROJECT_NAME} +export PROJECT_NUMBER=$(gcloud projects list --filter=${PROJECT_NAME} --format="value(PROJECT_NUMBER)") +---- + +. Add the needed roles to apply the templates to the project using deployment manager. ++ +[source] +---- +gcloud projects add-iam-policy-binding ${PROJECT_NAME} --member=serviceAccount:${PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.roleAdmin +gcloud projects add-iam-policy-binding ${PROJECT_NAME} --member=serviceAccount:${PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.securityAdmin +---- + +.. If you use a shared VPC, add the following permissions to the service account used for scanning target projects for the project, which owns the VPC. +Go to the GCP documentation to https://cloud.google.com/vpc/docs/shared-vpc[learn more about shared VPCs]. ++ +[source] +---- +compute.subnetworks.use +compute.subnetworks.useExternalIp +---- + +. On the Google Cloud shell page, click *More* - the three dots on the upper right corner. ++ +image::agentless-gcp-more-menu.png[width=800] + +.. Click *Upload*. +.. Select the downloaded template. +.. Click *Upload*. + +.. Extract the template files. ++ +[source] +---- +tar -xzf ${PROJECT_NAME}_templates.tar.gz +---- + +.. Apply the downloaded Jinja template. ++ +[source] +---- +gcloud deployment-manager deployments create pc-agentless-hub-user-local --project ${PROJECT_NAME} --template ${PROJECT_NAME}_target_user_permissions.yaml.jinja +---- + +.. Remove the roles required to deploy the Jinja templates. ++ +[source] +---- +gcloud projects remove-iam-policy-binding ${PROJECT_NAME} --member=serviceAccount:${PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.roleAdmin +gcloud projects remove-iam-policy-binding ${PROJECT_NAME} --member=serviceAccount:${PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.securityAdmin +---- + +[#pcce-gcp-hub-account] + +=== Onboard your GCP Accounts in Hub Account Mode + +The following procedure shows the steps required to configure Prisma Cloud agentless scanning for a GCP project using the hub account xref:../agentless-scanning.adoc#scanning-modes[scanning mode] with Prisma Cloud Compute credentials. + +This document uses the same name for the following items. +* The GCP project used as a hub account. +** Its service account +** Its Prisma Cloud account + +* The GCP project used as a target account. +** Its service account +** Its Prisma Cloud account + +This choice creates a one-to-one mapping of projects, accounts, resources, and filenames. +This mapping is not required, but it leads to simpler commands. + +The example hub account uses the `example_hub_project` name. +The example target account uses the `example_hub_project` name. + +[.task] +==== Configure your GCP Projects for Same Account Mode + +[.procedure] + +. Setup your Google Cloud projects. + +.. Login to the https://shell.cloud.google.com/[Google Cloud shell]. + +.. Set the environment variables with the names of your projects. ++ +[source] +---- +export HUB_PROJECT_NAME="example_hub_project" +export TARGET_PROJECT_NAME="example_target_project" +---- + +.. Create the Google Cloud projects. ++ +[source] +---- +export PROJECT_BILLING_ACCOUNT="ABCDE-12345-FGHIJ" +gcloud projects create ${HUB_PROJECT_NAME} +gcloud projects create ${TARGET_PROJECT_NAME} +gcloud billing projects link ${HUB_PROJECT_NAME} --billing-account ${PROJECT_BILLING_ACCOUNT} +gcloud billing projects link ${TARGET_PROJECT_NAME} --billing-account ${PROJECT_BILLING_ACCOUNT} +---- + +.. Enable the Google Cloud APIs needed for agentless scanning in the hub account. ++ +[source] +---- +gcloud config set project ${HUB_PROJECT_NAME} +gcloud services enable cloudresourcemanager.googleapis.com +gcloud services enable compute.googleapis.com +gcloud services enable iam.googleapis.com +gcloud services enable deploymentmanager.googleapis.com +---- + +.. Enable the Google Cloud APIs needed for agentless scanning in the target account. ++ +[source] +---- +gcloud config set project ${TARGET_PROJECT_NAME} +gcloud services enable cloudresourcemanager.googleapis.com +gcloud services enable compute.googleapis.com +gcloud services enable iam.googleapis.com +gcloud services enable deploymentmanager.googleapis.com +---- + +. Create the needed service account for the hub account. ++ +[source] +---- +gcloud config set project ${HUB_PROJECT_NAME} +export HUB_PROJECT_NUMBER=$(gcloud projects list --filter=${HUB_PROJECT_NAME} --format="value(PROJECT_NUMBER)") +gcloud iam service-accounts create ${HUB_PROJECT_NAME} --display-name="Prisma Cloud Service Account for Agentless Scanning" +---- + +. Create and download the service account key file for the hub account. ++ +[source] +---- +gcloud iam service-accounts keys create ${HUB_PROJECT_NAME}-service_account_key.json --iam-account=${HUB_PROJECT_NAME}@${HUB_PROJECT_NAME}.iam.gserviceaccount.com +[ "${GOOGLE_CLOUD_SHELL}X" == "trueX" ] && cloudshell download ${HUB_PROJECT_NAME}-service_account_key.json +---- + +. Create the needed service account for the target account. ++ +[source] +---- +gcloud config set project ${TARGET_PROJECT_NAME} +export TARGET_PROJECT_NUMBER=$(gcloud projects list --filter=${TARGET_PROJECT_NAME} --format="value(PROJECT_NUMBER)") +gcloud iam service-accounts create ${TARGET_PROJECT_NAME} --display-name="Prisma Cloud Service Account for Agentless Scanning" +---- + +. Create and download the service account key file for the target account. ++ +[source] +---- +gcloud iam service-accounts keys create ${TARGET_PROJECT_NAME}-service_account_key.json --iam-account=${TARGET_PROJECT_NAME}@${TARGET_PROJECT_NAME}.iam.gserviceaccount.com +[ "${GOOGLE_CLOUD_SHELL}X" == "trueX" ] && cloudshell download ${TARGET_PROJECT_NAME}-service_account_key.json +---- + +==== Configure Agentless Scanning for Hub Account Mode + +Complete the xref:./configure-gcp.adoc[agentless scanning configuration procedure]. + +[.task] +==== Apply the Jinja Template in GCP + +[.procedure] + +. Login to the https://shell.cloud.google.com/[Google Cloud shell]. + +. Add the needed roles to apply the templates to the hub account using deployment manager. ++ +[source] +---- +gcloud config set project ${HUB_PROJECT_NAME} +gcloud projects add-iam-policy-binding ${HUB_PROJECT_NAME} --member=serviceAccount:${HUB_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.roleAdmin +gcloud projects add-iam-policy-binding ${HUB_PROJECT_NAME} --member=serviceAccount:${HUB_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.securityAdmin +---- + +. Add the needed roles to apply the templates to the target account using deployment manager. ++ +[source] +---- +gcloud config set project ${TARGET_PROJECT_NAME} +gcloud projects add-iam-policy-binding ${TARGET_PROJECT_NAME} --member=serviceAccount:${TARGET_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.roleAdmin +gcloud projects add-iam-policy-binding ${TARGET_PROJECT_NAME} --member=serviceAccount:${TARGET_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.securityAdmin +---- + +. On the Google Cloud shell page, click *More* - the three dots on the upper right corner. ++ +image::agentless-gcp-more-menu.png[width=800] + +.. Click *Upload*. +.. Select the downloaded templates for the hub and target accounts. +.. Click *Upload*. + +.. Extract the template files. ++ +[source] +---- +tar -xzf ${HUB_PROJECT_NAME}_templates.tar.gz +tar -xzf ${TARGET_PROJECT_NAME}_templates.tar.gz +---- + +.. Apply the downloaded Jinja templates for the hub account. ++ +[source] +---- +gcloud config set project ${HUB_PROJECT_NAME} +gcloud deployment-manager deployments create pc-agentless-hub-user --project ${HUB_PROJECT_NAME} --template ${HUB_PROJECT_NAME}_hub_user_permissions.yaml.jinja +gcloud deployment-manager deployments create pc-agentless-hub-user-local --project ${HUB_PROJECT_NAME} --template ${HUB_PROJECT_NAME}_target_user_permissions.yaml.jinja +---- + +.. Apply the downloaded Jinja templates for the target account. ++ +[source] +---- +gcloud config set project ${TARGET_PROJECT_NAME} +gcloud deployment-manager deployments create pc-agentless-target-user --project ${TARGET_PROJECT_NAME} --template ${TARGET_PROJECT_NAME}_hub_target_user_permissions.yaml.jinja +gcloud deployment-manager deployments create pc-agentless-target-access --project ${TARGET_PROJECT_NAME} --template ${HUB_PROJECT_NAME}_hub_target_access_permissions.yaml.jinja +---- + +.. Remove the roles required to deploy the Jinja templates from the hub account. ++ +[source] +---- +cloud config set project ${HUB_PROJECT_NAME} +gcloud projects remove-iam-policy-binding ${HUB_PROJECT_NAME} --member=serviceAccount:${HUB_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.roleAdmin +gcloud projects remove-iam-policy-binding ${HUB_PROJECT_NAME} --member=serviceAccount:${HUB_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.securityAdmin +---- + +.. Remove the roles required to deploy the Jinja templates from the target account. ++ +[source] +---- +gcloud config set project ${TARGET_PROJECT_NAME} +gcloud projects remove-iam-policy-binding ${TARGET_PROJECT_NAME} --member=serviceAccount:${TARGET_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.roleAdmin +gcloud projects remove-iam-policy-binding ${TARGET_PROJECT_NAME} --member=serviceAccount:${TARGET_PROJECT_NUMBER}@cloudservices.gserviceaccount.com --role=roles/iam.securityAdmin +---- + +include::frag-start-agentless-scan.adoc[leveloffset=1] + +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-oci.adoc b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-oci.adoc new file mode 100644 index 0000000000..a7d60dd841 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-oci.adoc @@ -0,0 +1,163 @@ +[#oci-onboarding] +== Onboard Oracle Cloud Infrastructure (OCI) Accounts for Agentless Scanning + +Agentless scanning lets you inspect the risks and vulnerabilities of a virtual machine without having to install an agent or affecting the execution of the instance. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security using Defenders. Currently, Prisma Cloud supports agentless scanning on Oracle Cloud Infrastructure (OCI) for vulnerabilities and compliance. To learn more about how agentless scanning works, see the xref:../agentless-scanning.adoc[How Agentless Scanning Works?][How Agentless Scanning Works?] + +ifdef::compute_edition[] +This guide enables Agentless scanning for Prisma Cloud Compute Edition (PCCE, self-hosted) in OCI. +endif::compute_edition[] + +ifdef::prisma_cloud[] +This guide enables Agentless scanning for Prisma Cloud Enterprise Edition (PCEE, SaaS) in OCI. +endif::prisma_cloud[] + +The procedure shows you how to complete the following tasks. + +. Create an OCI compartment to run the needed instances in OCI that perform the agentless scanning. + +. Create a new OCI user for Prisma Cloud to access OCI. + +. Create an API key in OCI for the new user. + +. Configure the Prisma Cloud console to access the OCI resources. + +. Apply the needed permissions in OCI. + +. Start an agentless scan. + +[.task] +=== Create an OCI Compartment + +[.procedure] + +. Go to the Oracle Cloud console. ++ +image::agentless-oci-home.png[width=800] + +. In the menu, go to *Identity & Security > Compartments*. ++ +image::agentless-oci-id-menu-compartments.png[width=800] + +. Click *Create Compartment*. ++ +image::agentless-oci-create-compartments.png[width=800] + +. Enter a name and a description for the compartment. ++ +image::agentless-oci-create-compartments-name.png[width=800] + +. Click *Create Compartment*. ++ +[NOTE] +==== +To scan all resources across all regions, you must create the resources for the different regions in the compartment. +Make sure to create all needed resources with the same name in all regions. +==== + +[.task] +=== Create a New OCI User + +[.procedure] + +. In the menu, go to *Identity & Security > Users*. ++ +image::agentless-oci-id-menu-users.png[width=800] + +. Click *Create User*. ++ +image::agentless-oci-create-user.png[width=800] + +. Select *IAM User*. + +. Enter a *Name* and a *Description* for the user. ++ +image::agentless-oci-create-user-fields.png[width=800] + +. Click *Create*. ++ +image::agentless-oci-create-user-button.png[width=800] + +[.task] +=== Create an API Access Key + +[.procedure] + +. On the user page, go to *Resources > API Key*. ++ +image::agentless-oci-user.png[width=800] + +. Select *Generate API Key Pair*. ++ +image::agentless-oci-api-keys.png[width=800] + +. Click *Download Private Key*. ++ +image::agentless-oci-download-private-key.png[width=800] + +. Click *Add*. ++ +image::agentless-oci-add-key-button.png[width=800] + +. The *Configuration File Preview* opens. ++ +image::agentless-oci-configuration-file-preview.png[width=800] + +.. Copy the key-value pair for `user` into a text file. + +.. Copy the key-value pair for `fingerprint` into a text file. + +.. Copy the key-value pair for `tenancy` into a text file. ++ +image::agentless-oci-configuration-file-preview-fields.png[width=800] + +.. Save the text file. + +. Click *Close*. ++ +image::agentless-oci-configuration-file-preview-close.png[width=800] + +=== Configure Agentless Scanning + +Complete the xref:./configure-oci.adoc#configure-oci-agentless[agentless scanning configuration] for your OCI accounts. + +[.task] + +=== Apply the Permissions in OCI + +[.procedure] + +. Go to the Oracle Cloud console. ++ +image::agentless-oci-home.png[width=800] + +. Click on the terminal icon on the right hand corner and select *Cloud Shell*. ++ +image::agentless-oci-cloud-shell.png[width=800] + +. Click the gear icon on the shell, and select *Upload File*. ++ +image::agentless-oci-upload-file.png[width=800] + +. Select the `pcc-apply-permissions.sh` permission template you downloaded from the Prisma Cloud Console. + +. Make the file executable with the following command. ++ +[source] +---- +chmod +x pcc-apply-permissions.sh +---- + +. Apply the permissions with the following command. Replace with the name of the created compartment. ++ +[source] +---- +apply pcc-apply-permissions.sh +---- + +. Verify that the changed statements for the policy are correct and enter `y` to continue. + +. Enter `y` to dismiss the warning about tags. + +. Once the permissions are applied, you have an OCI user with the needed permissions. + +include::frag-start-agentless-scan.adoc[leveloffset=1] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/alert-mechanism.adoc b/docs/en/compute-edition/32/admin-guide/alerts/alert-mechanism.adoc new file mode 100644 index 0000000000..a7bf511546 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/alert-mechanism.adoc @@ -0,0 +1,231 @@ +== Alert Mechanism + +Prisma Cloud generates alerts to help you focus on the significant events that need your attention. +Because alerts surface policy violations, you need to put them in front of the right audience and on time. + +To meet this need, you can create alert profiles that send events/notifications to the alert notification providers your internal teams use to triage and address these violations. + +Alert profiles are built on the following constructs: + +Alert provider:: +Specifies the notification provider or channel to which you want to send alerts. +Prisma Cloud supports multiple options such as email, JIRA, Cortex, and PagerDuty. + +ifdef::prisma_cloud[] + +There are two ways of integrating with alert providers. + +. Set up once on the platform under *Settings > Integrations* for all the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools[supported integrations] and use the same integration for sending both CSPM and Compute alerts. + +. Set it up on *Compute > Manage > Alerts > Manage* for integrations that are only available on Compute. +For example, if you want to use the IBM Cloud Security Advisor, or Cortex as your alert provider. + +endif::prisma_cloud[] + +You can create any number of alert profiles, where each profile gives you granular control over who should receive the notifications and for what types of alerts. + +Alert settings:: +Specifies the configuration settings required to send the alert to the alert provider or messaging medium. + + +Alert triggers:: +Specifies what alerts you want to send to the provider included in the profile. +Alerts are generated when the rules included in your policy are violated, and you can choose whether you want to send a notification for the detected issues. For example, on runtime violations, compliance violations, cloud discovery, or WAAS. + +Not all triggers are available for all alert providers. + + +=== Frequency + +ifdef::prisma_cloud[] +Most alerts trigger on a policy violation, and are aggregated by the audit aggregation period and the frequency is inherited as a global setting. +For Vulnerability, compliance, and cloud discovery alerts, the default frequency varies by integration and is displayed when you select the alert triggers for which you want to send notifications. +endif::prisma_cloud[] + +ifdef::compute_edition[] +Most alerts trigger on a policy violation, and are aggregated by the audit aggregation period or frequency that you define as a global setting. +Vulnerability, compliance, and cloud discovery alerts work differently, as described below. +endif::compute_edition[] + +==== Vulnerability Alerts + +Image vulnerabilities are checked for images in the registry and deployed images. The number of known vulnerabilities in a resource is not static over time. + +As the Prisma Cloud Intelligence Stream is updated with new data, new vulnerabilities might be uncovered in resources that were previously considered clean. +The first time a resource (image, container, host, etc.) enters the environment, Prisma Cloud assesses it for vulnerabilities. +Thereafter, every resource is periodically rescanned. + +NOTE: Daily vulnerability alerts report is sent once in 24 hours and uses a limit of 1000 alerts of similar alert types (such as code repos, registries, images, hosts, and functions) that can be sent to a single profile in batches of 50. The limit is designed to optimize Console resource consumption in large environments. + +* *Immediate alerts* — You can configure sending alerts immediately when the number of vulnerabilities for the resource increases, which can happen in one of the following scenarios: ++ +** Deploy a new image/host with vulnerabilities. +** Detect new vulnerabilities when re-scanning existing image/host/registry images, in that case, an immediate alert is dispatched again for this resource with all its vulnerabilities. ++ +NOTE: Immediate alerts are not supported for registry scan vulnerabilities. ++ +image::alert-trigger-profile.png[scale=10] ++ +The ability to send immediate vulnerability alerts is configurable for each alert profile and is disabled by default. ++ +Immediate alerts do not affect the vulnerabilities report that is generated every 24 hours. +The report will include all vulnerabilities that were detected in the last 24 hours, including those sent as an immediate alert. + + +==== Compliance Alerts + +Compliance alerts are sent in one of two ways. +Each alert channel that has compliance alert triggers ("Container and image compliance", "Host compliance"), only uses one of these ways. + +===== Compliance Reports + +This form of compliance alert works under the idea that resources in your system can only be in one of two states: compliant or non-compliant. +When your system is non-compliant, Prisma Cloud sends an alert only when the number of compliance issues in the current scan is larger than the number of issues in the previous scan. The default scan interval is 24 hours. + +Compliance reports list each failed check, and the number of resources that failed the check in the latest scan and the previous scan. +For detailed information about exactly which resources are non-compliant, use xref:../compliance/compliance-explorer.adoc#[Compliance Explorer]. + +For example: + +* Scan period 1: You have a non-compliant container named _crusty_pigeon_. + +You'll be alerted about the container compliance issues. + +* Scan period 2: Container _crusty_pigeon_ is still running. +It's still non-compliant. +You'll be alerted about the same container compliance issues. + +The following screenshot shows an example compliance email alert: + +image::alerts_compliance_email.png[width=700] + +This method applies to the following alert channels: email and Cortex XSOAR. + + +===== Compliance Scans + +This form of compliance alert is emitted whenever there is an increment in the number of compliance issues detected on a resource. + +The first time a resource (image, container, host, etc) enters the environment, Prisma Cloud assesses it for compliance issues. +If a compliance issue violates a rule in the policy, and the rule has been configured to trigger an alert, an alert is dispatched. +Thereafter, every time a resource is rescanned (periodically or manually), and there is an increase in the resource's compliance issues, an alert is dispatched again for this resource with all its compliance issues. + +This method applies to the following alert channels: Webhook, Splunk, and ServiceNow. + + +==== Cloud Discovery Alerts + +Cloud discovery alerts warn you when new cloud-native resources are discovered in your environment so that you can inspect and secure them with Prisma Cloud. +Cloud discovery alerts are available on the email and XSOAR channels only. + +For each new resource discovered in a scan, Prisma Cloud lists the cloud provider, region, project, service type (for example, AWS Lambda and Azure AKS), and resource name (such as `my-aks-cluster`). + +==== WAAS Alerts +WAAS alerts are generated for the following—WAAS Firewall (App-Embedded Defender), WAAS Firewall (container), +WAAS Firewall (host), WAAS Firewall (serverless), WAAS Firewall (Out-of-band), and WAAS health. + +==== Management +When you set up alerts for Defender health events. +These events tell you when Defender unexpectedly disconnects from Console. +Alerts are sent when a Defender has been disconnected for more than 6 hours. + +==== Runtime + +Runtime alerts are generated for the following categories: Container runtime, App-Embedded Defender runtime, Host runtime, Serverless runtime, and Incidents. + +NOTE: For runtime audits, there's a limit of 50 runtime audits per aggregation period (seconds, minutes, hours, days) for all alert providers. + + +==== Access + +Access alerts are for the audits of users who accessed the management console (Admission audits) and Kubernetes audits. + +==== Code Repository +Code repository vulnerabilities + +ifdef::compute_edition[] + +=== Set up alert notifications to an external integration using an alert profile +. Navigate to *Compute > Manage > Alerts*. + +. Set the default frequency for alert notifications. ++ +The value you set for *General Settings* applies to all alert notifications except for vulnerability, compliance, and cloud discovery. ++ +For vulnerability, compliance, and cloud discovery, the default frequency varies by integration and is displayed when you select the alert triggers for which you want to send notifications in step 4. +The default for all other alert notifications is 1 second, and you can change it to 1 minute, 10 minutes, 1 hour, or 1 day. + +. Enter a name for the profile. ++ +Select the provider from the list. ++ +The supported providers are: Cortex, Email, Google Pub/Sub, Google CSCC, IBM Cloud Security Advisor, Jira, PagerDuty, ServiceNow, AWS Security Hub, Slack, Splunk, and Webhook. + +. Select the triggers. ++ +The triggers are grouped by category. ++ +For each category, you can select the event for which you want to send a notification and select the rules for the respective trigger. The frequency for vulnerability, compliance, and cloud discovery varies by provider and is enabled when you select one or more triggers within the alert category (see above for a description of each category). + +. Set up the configuration for integrating with the provider. ++ +Use the instructions for the xref:alerts.adoc[provider] of your choice. + +. Review the summary. + +. Send a test alert. + +. Verify the status of the alert profile. ++ +Check that the alert profile you created displays in the table and the connection status is green. +If not, edit the profile to set it up properly and verify that the test alert is successful. + +endif::compute_edition[] + +ifdef::prisma_cloud[] + +=== Set up Prisma Cloud Notification Providers + +You can set up the external integration with a provider on the Prisma Cloud console under **Settings > Integrations**.. This option enables you to set it up once on and use it for both CSPM alerts and for Compute alert notifications. + +. Set up the integration. ++ +See detailed instructions https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud.html#id24911ff9-c9ec-4503-bb3a-6cfce792a70d[here]. + +. Import the integration to send Compute alert notifications +.. Navigate to **Compute > Manage > Alerts** +.. Select the *Audit aggregation period*. ++ +You can set the default frequency for sending violation notifications at 10 Minutes, hourly, or daily for all alerts except for vulnerability, compliance, and cloud discovery. The frequency for vulnerability, compliance, and cloud discovery is more granular and is configured within the profile. + +. Add the provider to whom you want to send notifications. +.. Select *Add Profile*. +.. From the *Provider* drop down, select *Prisma Cloud*. +.. Select the *Integrations* that you want to send notifications. ++ +The list displays the integrations that you have already set up on Prisma Cloud. +.. Select the triggers to be sent to this channel. ++ +The triggers are grouped by category. You must enable at least one trigger within a category to then select the rules to alert on and verify the frequency for alert notifications. For example, with Email, Vulnerability, and Compliance alerts are sent every 24 hours and Cloud discovery is real-time. +.. *Save* your changes. + +NOTE: Test alert notifications are sent immediately to the provider channels, regardless of the alert aggregation period chosen. + +==== Supported Prisma Cloud Integrations + +* Email +* JIRA +* Slack +* Splunk +* PagerDuty +* Webhooks +* Google Cloud Security Command Center - Only available for https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-account-onboarding.html[onboarded PC accounts]. +* AWS Security Hub - Only available for onboarded PC accounts. +* ServiceNow - Only Incident Response + +NOTE: +* The alert profiles from the platform are fetched when you refresh or reload the page. However, when you are logged in, if an integration is deleted from the platform, to see the change you must log out and log in again to the console. The change is not reflected on a browser refresh. + +* Prisma Cloud platform currently supports a size limit of 1M for alert notifications' payload. Hence, the notifications set up using Prisma Cloud integration will be limited to this size. A log message will be added when an alert message of this size is generated on Compute side. + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/alerts.adoc b/docs/en/compute-edition/32/admin-guide/alerts/alerts.adoc new file mode 100644 index 0000000000..2e8feadac8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/alerts.adoc @@ -0,0 +1,4 @@ +== Alerts + +Prisma Cloud lets you surface critical policy breaches by sending alerts to any number of channels. +Alerts ensure that significant events are put in front of the right audience at the right time. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/aws-security-hub.adoc b/docs/en/compute-edition/32/admin-guide/alerts/aws-security-hub.adoc new file mode 100644 index 0000000000..bbec5c5df7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/aws-security-hub.adoc @@ -0,0 +1,133 @@ +== AWS Security Hub + +AWS Security Hub aggregates, organizes, and prioritizes security alerts from multiple AWS services and AWS Partner Network solutions, including Prisma Cloud, to give you a comprehensive view of security across your environment. + + +=== Permissions + +The minimum required permissions policy to integrate Prisma Cloud with AWS Security Hub is *AWSSecurityHubFullAccess*. +Whether using IAM users, groups, or roles, be sure the entity Prisma Cloud uses to access AWS Security Hub has this minimum permissions policy. + +This procedure shows you how to set up integration with an IAM user (configured as a service account). +In AWS IAM, create a service account that has the *AWSSecurityHubFullAccess* permissions policy. +You will need the service account's access key ID and secret access key to integrate with Prisma Cloud. + + +[.task] +=== Enabling AWS Security Hub + +[.procedure] +. Log into your AWS tenant and enter *Security Hub* in the *Find services* search, then select *Security Hub*. + +. Click *Enable Security Hub*. + +. Enable the Prisma Cloud integration. +.. Choose Integrations from the Security Hub menu. +.. Accept findings from Palo Alto Networks: Prisma Cloud Compute. ++ +See https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html[AWS documentation] + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to Security Hub + +// Reusable content fragment +:aws_security_hub: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create a new alert profile + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a *Profile name*. + +. In *Provider*, select *AWS Security Hub*. + +. Click *Next*. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] + +[.task] +=== Configure the channel + +After completing the steps in this procedure, you can use the AWS SQS integration configured in the Prisma platform to send compute workload alerts to AWS SQS. + +[.procedure] +. In *Region*, select your region. + +. Enter your *Account ID*, which can be found in the AWS Management Console under *My Account > Account Settings*. + +. Select or create xref:../authentication/credentials-store/aws-credentials.adoc[credentials], which Prisma Cloud uses to integrate with AWS Security Hub. ++ +You can use an IAM user, IAM role, or AWS STS. + +. Click *Next*. + +. Review the *Summary* and test the configuration by selecting *Send test alert*. + +. Click *Save*. + +[.task] +=== Configure AWS SQS Integration + +Add AWS SQS integration in the Prisma Platform. + +[.procedure] +. Create an https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-setting-up.html[AWS SQS queue]. + +. Go to Prisma *SaaS > Settings > Integrations > Add Integration*. + +. Select *Amazon SQS*. + +.. Enter the *Integration Name*. + +.. Enter the *Queue URL* that you copied from the AWS SQS queue. + +.. Under *More Options*, enter the credentials for *IAM Role* or *IAM Access Keys*. + +. *Test* to make sure that Prisma Cloud was successfully able to post a test message to your AWS SQS queue. ++ +image::add-aws-sqs-integration.png[width=350] + +[.task] +==== Create an alert profile for AWS SQS in Prisma Console + +[.procedure] + +. Go to *Compute > Manage > Alerts > Add profile*. + +. Enter the profile *Name*. + +. Select the *Provider* as *Prisma Cloud*. + +. Select your AWS SQS *Integration* that you created under *SaaS > Settings > Integrations > Add Integration*. + +. Select the *Triggers*. + +. Under *Settings* enter the custom JSON for the message payload. + +. You can *Send test alert* message and verify that the message was sent to the AWS queue. + +. Click *Save*. ++ +image::alert-profile-aws-sqs.png[width=350] ++ +This alert will be triggered based on your runtime policy settings under *Compute > Defend* policy settings, and the JSON payload message will be sent to the AWS SQS queue. ++ +image::alert-message-in-aws-sqs.png[width=300] ++ +image::alert-message-awssqs-json-body.png[scale=15] ++ +*Limitations* ++ +* Additional SQS features such as associating attributes with the message, etc. can not be used as these capabilities are not supported by Prisma. In the case of SQS, Compute sends the SQS message payload through Prisma API. +* Maximum allowed SQS message is 256kb. Messages larger than this limit won't be sent to Prisma, instead a specific error will be written to the Compute console log. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/email.adoc b/docs/en/compute-edition/32/admin-guide/alerts/email.adoc new file mode 100644 index 0000000000..41b4141bc4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/email.adoc @@ -0,0 +1,106 @@ +== Email alerts + +Prisma Cloud can send email alerts when your policies are violated. +Audits in *Monitor > Events* are the result of a policy violation. +Prisma Cloud can be configured to notify the appropriate party by email when an entire policy, or even specific rules, are violated. + +ifdef::prisma_cloud[] + +NOTE: Because Prisma Cloud Enterprise Edition Compute Console is hosted on Google Cloud Platform, outbound connections to port 25 from Console are blocked. +All other ports are available, including ports 587 and 465. +For more information, see https://cloud.google.com/compute/docs/tutorials/sending-mail[here]. + +endif::prisma_cloud[] + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending email alerts + +// Reusable content fragment. +:email_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create a new alert profile + +[.procedure] +. In *Manage > Alerts*, select *Add profile*. + +. Enter a *Profile name*. + +. In *Provider*, select *Email*. + +. Select *Next*. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] + +[.task] +=== Configure the channel + +[.procedure] +. In *SMTP address*, specify the hostname for your outgoing email server. + +. In *Port*, specify the port for email submissions. + +. In *Credential*, create the credentials required to access the email account that sends alerts. +This isn't a required field. + +.. Select *Add new*. + +.. Select *Basic authentication*. + +.. Enter a username and password. + +. If you are using SMTPS, where the SMTP connection is encrypted when established, set *SSL* to *On*. ++ +NOTE: To support email alerts for SMTP connections encrypted using the `STARTTLS` command, disable *SSL*. + +. Set up your recipients. + +.. Select *Add recipient*, and enter an email address. +Every email alert profile must have at least one recipient, even if you're using alert labels. + +.. (Optional) Specify recipients using xref:../audit/annotate-audits.adoc[alert labels]. + +. Select *Next*. + +. Review the *Summary* and test the configuration by selecting *Send test alert*. + +. Select *Save*. + +=== Troubleshooting + +[.task] + +==== Unable to test Email Alerts for 'smtp.office365.com' on port 587. + +*Error*: `tls: first record does not look like a TLS handshake` + +image::email-alert-failed-handshake.png[width=200] + +Prisma Cloud fails to send test alerts to 'smtp.office365.com' on port 587 after enabling *SSL*. + +*Cause*: + +In the SMTP protocol that Prisma Cloud Console uses to send Email Alerts, there is a following standard flow in which the client (Prisma Cloud Console) requests the server to convert an existing plain-text connection to an encrypted connection: + +* The client (in this case the PCC console) sends the message “EHLO” to the server (e.g. smtp.office365.com). +* The server responds with available extensions, one of which is “STARTTLS“. +* The client responds with “STARTTLS“. +* The server acknowledges receiving the “STARTTLS”. +* The client issues a TLS handshake with the server. +* Once the handshake is successful, all communication with the server from here on is encrypted. + +We support using 'STARTTLS' to encrypt Email Alerts sent over SMTP if the mail server supports it. +With 'smtp.office365.com' and 'smtp-legacy.office365.com' using port 587, 'STARTTLS' is used, which encrypts subsequent communication even without 'SSL' toggle being enabled. + +[.procedure] + +. Configure the alert profile settings with the SMTP address on same port '587' with *SSL* disabled. + diff --git a/docs/en/compute-edition/32/admin-guide/alerts/frag-config-rate.adoc b/docs/en/compute-edition/32/admin-guide/alerts/frag-config-rate.adoc new file mode 100644 index 0000000000..c71348c723 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/frag-config-rate.adoc @@ -0,0 +1,19 @@ +[.task, #_configure_alerts] +=== Configuring alert frequency + +You can configure the rate at which alerts are emitted. +This is a global setting that controls the spamminess of the alert service. +Alerts received during the specified period are aggregated into a single alert. +For each alert profile, an alert is sent as soon as the first matching event is received. +All subsequent alerts are sent once per period. + +[.procedure] +. Open Console, and go to *Manage > Alerts*. + +. In *General settings*, select the default frequency for all alerts. ++ +You can specify the following frequencies. ++ +* *10 Minutes* +* *1 Hour* +* *1 Day*. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/frag-config-triggers.adoc b/docs/en/compute-edition/32/admin-guide/alerts/frag-config-triggers.adoc new file mode 100644 index 0000000000..3ce381318c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/frag-config-triggers.adoc @@ -0,0 +1,31 @@ +// We've got the ifdef on jira_alerts because we currently only alert on vulnerabilities for JIRA. +// The list of rules from you can choose from is much smaller. We don't want to confuse customers, +// so show the right screenshot for JIRA. +[.task] +=== Configure the triggers + +[.procedure] +. In *Select triggers*, select the events that should trigger an alert to be sent. + +. To specify specific rules that should trigger an alert, deselect *All rules*, and then select any individual rules. ++ +ifdef::jira_alerts[] +image::frag_config_jira_triggers.png[scale=15] +endif::jira_alerts[] + +ifdef::servicenow_vr_alerts[] ++ +image::frag_config_servicenow_vr_triggers.png[scale=15] +endif::servicenow_vr_alerts[] + +ifdef::cortex_xdr_alerts[] ++ +image::cortex-xdr-config-triggers.png[scale=15] +endif::cortex_xdr_alerts[] + +ifndef::jira_alerts,servicenow_vr_alerts,cortex_xdr_alerts[] ++ +image::frag_config_triggers.png[scale=15] +endif::jira_alerts,servicenow_vr_alerts,cortex_xdr_alerts[] + +. Click *Next*. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/frag-send-alerts.adoc b/docs/en/compute-edition/32/admin-guide/alerts/frag-send-alerts.adoc new file mode 100644 index 0000000000..7f9e266e6d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/frag-send-alerts.adoc @@ -0,0 +1,65 @@ +Alert profiles specify which events should trigger the alert machinery, and to which channel alerts are sent. +You can send alerts to any combination of channels by creating multiple alert profiles. + +Alert profiles consist of two parts: + +*(1) Alert settings -- Who should get the alerts, and on what channel?* +Configure Prisma Cloud to integrate with your messaging service and specify the people or places where alerts should be sent. +For example, configure the email channel and specify a list of all the email addresses where alerts should be sent. +Or for JIRA, configure the project where the issue should be created, along with the type of issue, priority, assignee, and so on. + +ifdef::email_alerts[] +image::email-config-1.png[scale=15] +endif::email_alerts[] + +ifdef::webhook_alerts[] +image::webhook-config-1.png[width=250] +endif::webhook_alerts[] + +ifdef::slack_alerts[] +image::slack-config-1.png[scale=15] +endif::slack_alerts[] + +*(2) Alert triggers -- Which events should trigger an alert to be sent?* +Specify which of the rules that make up your overall policy should trigger alerts. + +ifdef::aws_security_hub[] +image::aws_security_hub_config.png[scale=15] +endif::aws_security_hub[] + +ifdef::email_alerts[] +endif::email_alerts[] + +ifdef::google_cloud_pub_sub[] +image::google_cloud_pub_sub_config.png[scale=15] +endif::google_cloud_pub_sub[] + +ifdef::google_cloud_scc[] +image::google_cloud_scc_config.png[scale=15] +endif::google_cloud_scc[] + +ifdef::ibm_cloud_security_advisor[] +image::ibm_cloud_security_advisor_config.png[scale=15] +endif::ibm_cloud_security_advisor[] + +ifdef::jira_alerts[] +image::jira_config.png[scale=15] +endif::jira_alerts[] + +ifdef::pagerduty_alerts[] +image::pagerduty_config.png[scale=15] +endif::pagerduty_alerts[] + +ifdef::slack_alerts,webhook_alerts[] +image::slack-config-2.png[width=250] +endif::slack_alerts,webhook_alerts[] + +ifdef::xdr_alerts[] +image::cortex_xdr_config.png[scale=15] +endif::xdr_alerts[] + +ifdef::xsoar_alerts[] +image::cortex_xsoar_config.png[scale=15] +endif::xsoar_alerts[] + +If you use multi-factor authentication, you must create an exception or app-specific password to allow Console to authenticate to the service. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/google-cloud-pub-sub.adoc b/docs/en/compute-edition/32/admin-guide/alerts/google-cloud-pub-sub.adoc new file mode 100644 index 0000000000..995938193a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/google-cloud-pub-sub.adoc @@ -0,0 +1,52 @@ +== Google Cloud Pub/Sub + +https://cloud.google.com/pubsub/[Google Cloud Pub/Sub] is a durable, scalable event ingestion and delivery system. +It provides asynchronous messaging that decouples senders from receivers, and enables highly available communication between independently written applications. + +Prisma Cloud can send alerts to Google Cloud Pub/Sub https://cloud.google.com/pubsub/architecture[topics], where a topic is a message feed. + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to Google Cloud Pub/Sub + +// Reusable content fragment +:google_cloud_pub_sub: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create new alert profile + +Create a new alert profile. + +*Prerequisite:* You've set up a Cloud Pub/Sub topic. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *GCP Pub/Sub*. + + +[.task] +=== Configure the channel + +Configure the channel. + +[.procedure] +. In *Credential*, click *Add new* or select an existing service account. ++ +Create a new xref:~/authentication/credentials-store/gcp-credentials.adoc[GCP credential] as needed. + +. Enter a Cloud Pub/Sub topic. + +. Click *Send Test Alert* to test the connection. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/google-cloud-scc.adoc b/docs/en/compute-edition/32/admin-guide/alerts/google-cloud-scc.adoc new file mode 100644 index 0000000000..4451e13cb0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/google-cloud-scc.adoc @@ -0,0 +1,112 @@ +== Google Cloud Security Command Center + +Prisma Cloud can be configured as a security source that provides security findings to Google Cloud Security Command Center (SCC). +This lets you see all security tool findings in a single place. + +Prisma Cloud is a registered Google Cloud Platform Marketplace partner. + + +[.task] +=== Configuring Google Cloud Security Command Center + +In Google Cloud Platform (GCP), create a service account in your project that has the *Cloud Security Command Center API* enabled. +You will need the service account keys, API, and Organization ID to enable this feature. + +You should have already enabled and onboarded https://console.cloud.google.com/marketplace/details/twistlock/twistlock[Prisma Cloud as a Security Source in Google Security Command Center]. +Prisma Cloud supports the alpha and beta versions of Google Security Command Center. +The following instructions show how to configure the beta version. + +[.procedure] +. Log into your GCP tenant and select the project that has the Cloud Security Command Center API enabled. + +. Go to *IAM & admin > Service accounts*. + +. Click *Create Service Account*. + +. Enter a name and description for the service account. ++ +image::alerts_gcss_svc_account.png[width=750] + +. *Grant this service account access to project (optional)* click *continue*. +Do not grant a role to the account at this time. + +. *Grant user account to this service account* click *create key*. + +. Set key type to *JSON*, and click *create*. +Save the downloaded JSON key. + +. Go to the project's *APIs & Services > Credentials*. + +. Click *Create credentials > API key*. ++ +image::alerts_gcss_api_key1.png[width=450] + +. Save the API key. +We recommended that you restrict the key to the *Cloud Security Command Center API*. ++ +image::alerts_gcss_api_key2.png[width=600] + +. Go to the Google tenant's organizational *IAM & admin*. ++ +NOTE: This setting is configured at the organizational level, not the project level. + +. In the *IAM* window click *+Add*. + +. Paste in the name of the service account that has been created. + +. Select Role: *Security Center > Security Center Editor*. ++ +image::alerts_gcss_role.png[width=750] + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to Google Cloud SCC + +// Reusable content fragment. +:google_cloud_scc: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create new alert profile + +Create a new alert profile. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *Security Center*. + + +[.task] +=== Configure the channel + +Configure the channel. + +[.procedure] +. In *Credential*, click *Add new* or select an existing service account. ++ +To create a new xref:~/authentication/credentials-store/gcp-credentials.adoc[GCP credential] as needed. + +. In *Source Name*, enter the resource path for a source that's already been created. ++ +The source name has the following format: ++ + organizations//sources/ ++ +Where organization_id and source_id are numeric identifiers. +For example: ++ + organizations/111122222444/sources/43211234 + +. Click *Send Test Alert* to test the connection. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/ibm-cloud-security-advisor.adoc b/docs/en/compute-edition/32/admin-guide/alerts/ibm-cloud-security-advisor.adoc new file mode 100644 index 0000000000..97110220aa --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/ibm-cloud-security-advisor.adoc @@ -0,0 +1,51 @@ +== IBM Cloud Security Advisor + +IBM Cloud Security Advisor is a centralized security dashboard. +Prisma Cloud can be configured to send security findings to your service dashboard. + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to Security Advisor + +// Reusable content fragment. +:ibm_cloud_security_advisor: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create new alert profile + +Create a new alert profile. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *IBM Cloud Security Advisor*. + + +[.task] +=== Configure the channel + +Configure the channel. + +[.procedure] +. In *Credential*, click *Add new* or select an existing service account. ++ +Create a new xref:~/authentication/credentials-store/ibm-credentials.adoc[IBM Cloud credential] as needed. + +. Copy the configuration URL, and set it aside. +You'll need it for the next step. + +. Go to the Security Advisor dashboard, and then follow the steps in https://console.bluemix.net/docs/services/security-advisor/partners.html#setup-twistlock[Prisma Cloud partner integration] to complete the setup process. + +. Click *Send Test Alert* to test the connection. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/jira.adoc b/docs/en/compute-edition/32/admin-guide/alerts/jira.adoc new file mode 100644 index 0000000000..578ba602eb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/jira.adoc @@ -0,0 +1,113 @@ +== JIRA Alerts + +Prisma Cloud continually scans your environment for vulnerabilities using the threat data in the Intelligence Stream. +Prisma Cloud can open JIRA issues when new vulnerabilities are detected in your environment. +This mechanism lets you implement continuous vulnerability assessment and remediation by hooking directly into the developer's workflow. + +New JIRA issues are opened when new vulnerabilities are found. +Issues are opened on a per-image basis. +Each JIRA issue lists the new vulnerabilities discovered, and a list of vulnerabilities that have already been reported but were still detected. + +JIRA issues are opened based on policy. +For example, an issue would be created when all of the following conditions are met: + +* You have a rule that alerts on critical vulnerabilities, +* The rule is associated with your JIRA alert profile, +* The Prisma Cloud scanner finds a critical vulnerability in an image in your environment. + +The following screenshot shows an example JIRA issue opened by Prisma Cloud. + +image::alerts_example_jira_issue.png[width=750] + + +=== Intelligent issue routing + +You can leverage image labels to intelligently route alerts to the right team, and eliminate manual ticket triage. +For example, if team-a is responsible for image-a, and a vulnerability is found in image-a, you could set up the alert to flow directly to team-a's JIRA queue. + +Intelligent routing depends on a Prisma Cloud feature called xref:../audit/annotate-audits.adoc#[alert labels], where you define labels that Prisma Cloud should watch. +When rules trigger, Prisma Cloud extracts the value of the label from the resource, and applies it to the next phase of alert processing. +For JIRA alerts, you can use labels to specify the JIRA project key, JIRA labels, and JIRA issue assignee. + +For example, if you have an image with the following labels: + + group=front-end-group + team=client-team + business-app=my-business-app + +You could configure Prisma Cloud to open issues about this specific image in the JIRA project defined by the _group_ label. + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Integrating Prisma Cloud with JIRA + +// Reusable content fragment. +:jira_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create new alert profile + +Create a new alert profile. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *JIRA*. + + +[.task] +=== Configure the channel + +Configure the channel. + +[.procedure] +. In *Base URL*, specify the location of your JIRA service. + +. In *Credential*, create the credentials required to access the account. + +.. Click *Add new*. + +.. Select *Basic authentication*. + +.. Enter a username and password. ++ +NOTE: If you are using Jira Cloud, this will be an email address and API token respectively. You can generate your API token https://id.atlassian.com/manage-profile/security/api-tokens[here]. + +.. Click *Save*. + +. In *CA certificate*, enter a copy of the CA certificate in PEM format. + +. In *Project key*, enter a project key. ++ +Alternatively, you can dynamically specify the project key based on a label. +When an alert fires, the project key is taken from the label of the resource that triggered the action. +To do so, click *Select labels...*, and choose a label that you know will contain the project key. +If there are no labels in the drop-down list, go to *Manage > Alerts > Alert Labels*, and define them. + +. Enter an issue type. + +. Enter a priority. + +. Enter a comma delimited list of JIRA labels to apply to the issue. ++ +You can dynamically define the list from a label. +Click *Select labels...*, and select one or more labels. + +. Enter an assignee for the new issue. ++ +You can dynamically define the assignee from a label. +Click *Select labels...*, and select one or more labels. + +. Click *Send Test Alert* to test the connection. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/pagerduty.adoc b/docs/en/compute-edition/32/admin-guide/alerts/pagerduty.adoc new file mode 100644 index 0000000000..212956aae6 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/pagerduty.adoc @@ -0,0 +1,90 @@ +== PagerDuty alerts + +You can configure Prisma Cloud to route alerts to PagerDuty. +When Prisma Cloud detects anomalies, it generates alerts. +Alerts are raised when the rules that make up your policy are violated. + + +[.task] +=== Configuring PagerDuty + +Create a new Prisma Cloud service, and get an integration key. + +[.procedure] +. Log into PagerDuty. + +. Go to *Configuration > Services*. + +. Click *New Service*. ++ +image::pagerduty_create_new_service.png[width=100] + +. Under *General Settings*: + +.. *Name*: Enter *Prisma Cloud*. + +. Under *Integration Settings*: + +.. *Integration Type*: Select *Use our API directly*, the select *Events API v2*. + +.. *Integration Name*: Enter *Prisma Cloud*. ++ +image::pagerduty_add_service_form.png[width=600] + +. Click *Add Service*. +You're taken to *Integrations* tab for the Prisma Cloud service. ++ +image::pagerduty_add_service.png[width=100] + +. Copy the *Integration Key*, and set it aside. +You'll use it to configure the integration in Prisma Cloud Console. ++ +image::pagerduty_integration_key.png[width=600] + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to PagerDuty + +// Reusable content fragment. +:pagerduty_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + +[.task] +=== Create new alert profile + +Create a new alert profile. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *PagerDuty*. + + +[.task] +=== Configure the channel + +Configure the channel. + +[.procedure] +. In *Routing Key*, enter the integration key you copied from PagerDuty. + +. In *Summary*, enter a brief description, which will appear in the PagerDuty dashboard alongside your alerts. + +. For *Severity*, select the urgency of the alert. + +. Click *Send Test Alert* to validate the integration. ++ +If the integration is set up properly, you will see a sample alert in PagerDuty. +In the PagerDuty dashboard, click *Alerts*. ++ +image::pagerduty_review_test_alert.png[width=800] + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/servicenow-sir.adoc b/docs/en/compute-edition/32/admin-guide/alerts/servicenow-sir.adoc new file mode 100644 index 0000000000..527e84783f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/servicenow-sir.adoc @@ -0,0 +1,181 @@ +== ServiceNow alerts for Security Incident Response + +ServiceNow is a workflow management platform. +It offers a number of security operations applications. +You can configure Prisma Cloud to route alerts to ServiceNow's Security Incident Response application. + +Prisma Cloud audits are mapped to a ServiceNow security incident as follows: + +* Audits and incidents are mapped to individual ServiceNow security incidents. +* Vulnerabilities are aggregated by resource (currently image) and mapped to individual ServiceNow security incidents. +ServiceNow short description field lists the resource. +ServiceNow description field lists the details of each finding. +* Compliance issues are aggregated by resource (image/container/host) and mapped to individual ServiceNow security incidents. +ServiceNow short description field lists the resource. +ServiceNow description field lists the details of each finding. + +NOTE: Compliance alerts will be sent to ServiceNow in real time (right after compliance scan), unlike the other alert providers which send compliance alerts every 24 hours. + +NOTE: Compliance alerts will be sent if the resource is new, or if there's a difference in the number of compliance issues for this resource after its scan. All the compliance issues of the resource will be sent (not only the new ones). + +[cols="1,1,1a", options="header"] +|=== +|ServiceNow security incident +|Field description +|Prisma Cloud audit data + +|State +|The current state of the security incident. +Upon security incident creation, this field defaults to Draft. +|Draft (automatically set by ServiceNow) + +|Priority +|Select the order in which to address this security incident, based on the urgency. If this value is changed after the record is saved, it can affect the Business impact calculation. +|Vulnerabilities: Max severity from the image’s new vulnerabilities. +ServiceNow's priorities map one-to-one to Prisma Cloud severities (Critical - Critical, High - High, Medium - Medium, Low - Low). + +Compliance: Max severity from the image/container/host’s compliance issues. +ServiceNow's priorities map one-to-one to Prisma Cloud severities (Critical - Critical, High - High, Medium - Medium, Low - Low). + +Incidents and audits: runtime audits priority set in the alert profile. + +|Business impact +|Select the importance of this security incident to your business. The default value is Non-critical. If, after the security incident record has been saved, you change the value in the Priority and/or Risk fields, the Business impact is recalculated. +|Automatically calculated by ServiceNow + +|Assignment group +|The group to which this security incident is assigned. +|Assignment group set in the alert profile + +|Assigned to +|The individual assigned to analyze this security incident. +|Assignee set in the alert profile + +|Short description +|A brief description of the security incident. +|Vulnerabilities: +Prisma Cloud Compute vulnerabilities for image + +Compliance: +Prisma Cloud Compute compliance issues for image/container/host + +Incidents and audits: +Prisma Cloud Compute Audit - - + +|Category +| +|Set to "None" + +|Sub-category +| +|Set to "None" + +|Description +|Description +|Vulnerabilities: + +* Related resource details +* CVEs IDs list (with each CVE’s details) +* Project +* Collections + +Compliance: + +* Related resource details +* Compliance issues list (with each issue’s details) +* Project +* Collections + +Incidents and audits: + +* Description +* Related resource +* Collections +* Project +* Time created +* Then add all the other fields this type of Incident/Audit has + +Note that the *Project* field will specify *Central Console* even when projects aren't enabled. + +Note that the *Collections* field will exist only for the following runtime audits: Admission Audits, Docker Audits, App Embedded Audits, Host Activities, Host Log Inspection, WAAS audits, Incidents, Defender Disconnected. + +|=== + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + +=== Sending findings to ServiceNow + +Alert profiles specify which events trigger the alert machinery, and to which channel alerts are sent. +You can send alerts to any combination of channels by creating multiple alert profiles. + +Alert profiles consist of two parts: + +*(1) Alert settings -- Who should get the alerts, and on what channel?* +Configure Prisma Cloud to integrate with ServiceNow and specify the people or places where alerts should be sent. +You can specify assignees and assignment groups. + +*(2) Alert triggers -- Which events should trigger an alert to be sent?* +Specify which of the rules that make up your overall policy should trigger alerts. + +image::servicenow_sir_config.png[width=800] + + +[.task] +=== Create new alert profile + +Create a new alert profile. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *ServiceNow*. + + +[.task] +=== Configure the channel + +Configure Prisma Cloud to send alerts to ServiceNow, then validate the setup by sending a test alert. + +*Prerequisites:* You've created a service account in ServiceNow with a base role of web_service_admin. + +[.procedure] +. In *Application*, select *Security Incident Response*. + +. In *URL*, specify the base URL of your ServiceNow tenant. ++ +For example, `\https://ena03291.service-now.com` + +. In *Credential*, click *Add New*. + +.. In *Type*, select *Basic authentication*. ++ +This is currently the only auth method supported. + +.. Enter a username and password. + +. (Optional) In *Assignee*, enter the name of a user in ServiceNow that will be assigned the security incident. ++ +This value isn't case sensitive. + +. (Mandatory) In *Assignment Group*, enter the name of a group in ServiceNow that will be assigned the security incident. +The default value is *Security Incident Assignment*. ++ +If *Assignment Group* is set without specifying *Assignee*, the first user from the group is set on the security incident (ServiceNow's logic). ++ +If the *Assignee* set in the profile isn't a part of the *Assignment Group*, the security incident won't be created (ServiceNow's logic). + +. (Optional) In *CA certificate*, enter a CA certificate in PEM format. +Relevant only for on-premises deployments of ServiceNow. + +. Click *Send Test Alert*. +If everything looks good, and you get an alert in ServiceNow, save the profile. + + + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/servicenow-vr.adoc b/docs/en/compute-edition/32/admin-guide/alerts/servicenow-vr.adoc new file mode 100644 index 0000000000..bb65bfd7d8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/servicenow-vr.adoc @@ -0,0 +1,375 @@ +== ServiceNow alerts for Vulnerability Response + +ServiceNow is a workflow management platform. +It offers a number of security operations applications. +You can configure Prisma Cloud to route alerts to ServiceNow's Vulnerability Response application. + +To integrate Prisma Cloud with ServiceNow, you'll need to create a ServiceNow endpoint to consume findings from the Prisma Cloud scanner. +The endpoint is created using ServiceNow's Scripted REST API mechanism. + +Each vulnerability found by the Prisma Cloud scanner is mapped to a ServiceNow https://docs.servicenow.com/bundle/orlando-security-management/page/product/vulnerability-response/reference/vulnerable-item-fields.html[vulnerable item]. +Scanner data is mapped to vulnerable items as follows: + +NOTE: Vulnerable items contain all CVEs reported by the Prisma Cloud scanner only if the corresponding CVEs also exist in ServiceNow’s vuln DB. +If a CVE doesn't exist in ServiceNow, the *Vulnerability (Reference)* field won't list it. + +[cols="1,1,1a", options="header"] +|=== +|ServiceNow vulnerability item field +|Field description +|Prisma Cloud scanner data + +|Source +|The scanner that found this vulnerable item. +|Prisma Cloud Compute + +|Vulnerability (Reference) +|ID of the vulnerability associated with this vulnerable item. +|Reference to CVE ID (if exists in ServiceNow’s vulnerabilities DB) + +|State +|This field defaults to Open, but you can change it to Under Investigation if the vulnerability is ready for immediate remediation. +|Open (automatically set by ServiceNow) + +|Assignment group +|Group selected to work on this vulnerability group. +|Assignment group set in the alert profile + +|Assigned to +|Individual from the selected assignment group that works on this vulnerability. +|Assignee set in the alert profile + +|Created +|The date this vulnerable item was created in your instance. +|Creation date of the vulnerable item (automatically set by ServiceNow) + +|Additional comments +|Any relevant information. +|Vulnerabilities: + +* Image name +* Severity +* Package +* Package version +* Fix status +* Project +* Collections + +|=== + + +[.task] +[#configuring-servicenow] +=== Configuring ServiceNow + +Create a ServiceNow endpoint to collect findings from the Prisma Cloud scanner. + +*Prerequisites:* +Prisma Cloud Console is running. + +[.procedure] +. In ServiceNow, create a Scripted REST API. +Name it *Prisma Vulnerabilities Report*. ++ +For more information, see the official documentation https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/task/t_CreateAScriptedRESTService.html[here]. + +. Create a new resource in your scripted REST service. ++ +image::alerts_servicenow_new_resource.png[width=700] + +. In *Name*, enter *report_findings*. + +. In *HTTP method*, select *POST*. + +. Download the script that implements the endpoint from Prisma Cloud Console. + +.. Log into Prisma Cloud Console. + +.. Go to *Manage > Alerts > Add Profile*. + +.. Click *Add Profile*. + +.. In *Provider*, select *ServiceNow*. + +.. In *Application*, select *Vulnerability Response*. + +.. In *Scripted REST API*, click *Copy*. + +.. In ServiceNow, paste the script into *Script*. + +. Click *Submit* to create the resource. + +. Construct the URL for your resource (endpoint), then copy it, and set it aside. +You'll need when you configure Prisma Cloud to send findings to ServiceNow. ++ +The format for the base URL is: `\https:///` ++ +For example: `\https://ena03291.service-now.com/api/paan/prisma_vulnerabilities_report` ++ +Where: ++ +* SERVICENOW -- URL for your ServiceNow instance. +* BASE_API_PATH -- Path to the scripted API service you just created. ++ +image::alerts_servicenow_base_api_path.png[width=700] + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + +=== Sending findings to ServiceNow + +Alert profiles specify which events trigger the alert machinery, and to which channel alerts are sent. +You can send alerts to any combination of channels by creating multiple alert profiles. + +Alert profiles consist of two parts: + +*(1) Alert settings -- Who should get the alerts, and on what channel?* +Configure Prisma Cloud to integrate with ServiceNow and specify the people or places where alerts should be sent. +You can specify assignees and assignment groups. + +*(2) Alert triggers -- Which events should trigger an alert to be sent?* +Specify which of the rules that make up your overall policy should trigger alerts. +For the Vulnerability Response application, you can send vulnerability and compliance alerts only. + +image::servicenow_vr_config.png[width=800] + + +[.task] +=== Create new alert profile + +Create a new alert profile. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *ServiceNow*. + + +[.task] +=== Configure the channel + +Configure Prisma Cloud to send alerts to ServiceNow, then validate the setup by sending a test alert. + +*Prerequisites:* You've created a service account in ServiceNow with a base role of web_service_admin. + +[.procedure] +. In *Application*, select *Vulnerability Response*. + +. In *Scripted API URL*, enter the url of the vulnerabilities reporting api defined in ServiceNow (see ServiceNow config above). e.g. https://ven03718.service-now.com/api/paan/prisma_vulnerabilities_report + +. In *Credential*, click *Add New*. + +.. In *Type*, select *Basic authentication*. ++ +This is currently the only auth method supported. + +.. Enter a username and password. + +. (Optional) In *Assignee*, enter the name of a user in ServiceNow that will be assigned the Vulnerable Items. ++ +The assignee name isn't case-sensitive. + +. (Optional) In *Assignment Group*, enter the name of a group in ServiceNow that will be assigned the Vulnerable Items. + +. (Optional) In *CA certificate*, enter a CA certificate in PEM format. +Relevant only for on-premises deployments of ServiceNow. + +. Click *Send Test Alert*. +If everything looks good, and you get an alert in ServiceNow, save the profile. + + +// Reusable content fragment. +:servicenow_vr_alerts: +include::frag-config-triggers.adoc[leveloffset=0] + + +[#map-vuln-to-ci] +[.task] +=== Map Vulnerable Items to Configuration Items (optional) + +Adjust your Scripted REST API to map each vulnerable item to its configuration item (CI) in ServiceNow's CMDB. + +[.procedure] +. Create a Discovery Source in ServiceNow for Prisma Cloud Compute: + +.. Navigate to *System Definition > Fix Script*. + +.. Click *New*. + +.. Name your Fix Script appropriately. + +.. Ensure *Run once* is selected . + +.. Execute the following code with the appropriate value for your Discovery Source name: “SG-PrismaCloudCompute”. ++ +[bash] +---- +Source var dsUtil = new global.CMDBDataSourceUtil(); +dsUtil.addDataSource("SG-PrismaCloudCompute"); +---- + +.. Your fix script should look like this: ++ +image::servicenow_vr_fix_script.png[width=800] + +.. Ensure your discovery source has fewer than 40 characters. + +.. After you have saved your fix script, navigate to it again and click *Run Fix Script*. + +. Create an Identification Rule in ServiceNow: + +.. Navigate to *Configuration > CI Class Manager*. + +.. In the CI Classes hierarchy, choose *Docker Image*. + +.. Navigate to *Class Info > Identification Rule*. + +.. Add an identification rule to identify the image by the *Image id* attribute. ++ +image::servicenow_vr_identification_rule.png[width=800] + +. Use the <> in place of the standard script you copy from Console when <>. + + +[#script] +=== Suggested script + +The following script maps vulnerable items to configuration items. +Use it in place of the script you copy from Console when setting up the Scripted REST API in <>. +To use the script, you must first set up a <>. + +The script in this section extends the standard script to: + +* Implement CI mapping -- Finds the relevant CI (from type docker image), or creates one if it doesn't exist, and references it in the Vulnerable Item. + +* Create a vulnerability placeholder -- Creates an empty vulnerability in ServiceNow’s vulnerabilities DB when the CVE ID sent by Prisma Cloud Compute can’t be found in ServiceNow. + +The following listing shows the script in its entirety. +Copy and use this listing when setting up the vulnerable item to configuration item mapping. + +[bash] +---- +(function process( /*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) { + + var vulnerabilities = request.body.data.vulnerabilities; + response.setContentType('application/JSON'); + var writer = response.getStreamWriter(); + + for (var i in vulnerabilities) { + var vulnItemRecord = new GlideRecord('sn_vul_vulnerable_item'); + var vulnEntryRecord = new GlideRecord('sn_vul_entry'); + var userGroupsRecord = new GlideRecord('sys_user_group'); + var vulnerability = vulnerabilities[i]; + // the id field is the name (a string) of the cve + if (!vulnEntryRecord.get('id', vulnerability.cve)) { + // The following code inserts the placeholder vulnerability in sn_vul_nvd_entry. The other attributes will be filled once the NVD import run's + var nvd_entry = new GlideRecord("sn_vul_nvd_entry"); + nvd_entry.initialize(); + nvd_entry.setValue("id", vulnerability.cve); + var vulEntry = nvd_entry.insert(); + vulnEntryRecord = new GlideRecord('sn_vul_entry'); + vulnEntryRecord.get(vulEntry); + } + + if (!userGroupsRecord.get('name', vulnerability.assignment_group)) { + userGroupsRecord.sys_id = ""; + } + + vulnItemRecord.initialize(); + + // The following block of code is to create a CI using IRE + if (vulnerability.imageName && vulnerability.imageID) { + // Step 1: construct the payload + // Step 2: Encode the payload as JSON + // Step 3: create CI using createOrUpdateCIEnhanced API. This API requires discovery source that needs to be created + var payload = { + "items": [{ + "className": "cmdb_ci_docker_image", // update the cmdb unmatched class name here + "values": { + "image_id": vulnerability.imageID, // update the correct values that needs to be populated and any additional fields + "name": vulnerability.imageName + }, + "sys_object_source_info": { // optional, used to optimize the fetch to get CIs from this specific source only + "source_native_key": vulnerability.imageID, // unique key/id for the item from the source + "source_name": "SG-PrismaCloudCompute" // The discovery source of the CI information + } + }] + }; + + var inputPayload = new JSON().encode(payload); + var cmdb = SNC.IdentificationEngineScriptableApi.createOrUpdateCI("SG-PrismaCloudCompute",inputPayload); // CMDB discovery source name + var output = JSON.parse(cmdb); + vulnItemRecord.cmdb_ci.setDisplayValue(output.items[0].sysId); // This will assign CMDB_ci item to vuln item. + + } else if (vulnerability.imageName != "Prisma Test Alert") { + gs.log("missing image name or image id"); + } + + vulnItemRecord.Description = vulnerability.description; + vulnItemRecord.assigned_to = vulnerability.assigned_to; + // sys_id is the unique id of a record (like an internal service now GUID), used to link records in different tables + vulnItemRecord.assignment_group.setDisplayValue(userGroupsRecord.sys_id); + vulnItemRecord.source = vulnerability.source; + vulnItemRecord.vulnerability.setDisplayValue(vulnEntryRecord.sys_id); + vulnItemRecord.comments.setJournalEntry(vulnerability.comments); + vulnItemRecord.insert(); + vulnItemRecord.query(); + writer.writeString(JSON.stringify(vulnItemRecord)); + } + + response.setStatus(201); + +})(request, response); +---- + +The following excerpt shows the part of the listing that implements the CI mapping: + +[bash] +---- + // The following block of code is to create a CI using IRE + if (vulnerability.imageName && vulnerability.imageID) { + // Step 1: construct the payload + // Step 2: Encode the payload as JSON + // Step 3: create CI using createOrUpdateCIEnhanced API. This API requires discovery source that needs to be created + var payload = { + "items": [{ + "className": "cmdb_ci_docker_image", // update the cmdb unmatched class name here + "values": { + "image_id": vulnerability.imageID, // update the correct values that needs to be populated and any additional fields + "name": vulnerability.imageName + }, + "sys_object_source_info": { // optional, used to optimize the fetch to get CIs from this specific source only + "source_native_key": vulnerability.imageID, // unique key/id for the item from the source + "source_name": "SG-PrismaCloudCompute" // The discovery source of the CI information + } + }] + }; + + var inputPayload = new JSON().encode(payload); + var cmdb = SNC.IdentificationEngineScriptableApi.createOrUpdateCI("SG-PrismaCloudCompute",inputPayload); // CMDB discovery source name + var output = JSON.parse(cmdb); + vulnItemRecord.cmdb_ci.setDisplayValue(output.items[0].sysId); // This will assign CMDB_ci item to vuln item. + + } else if (vulnerability.imageName != "Prisma Test Alert") { + gs.log("missing image name or image id"); + } +---- + +The following excerpt shows the part of the listing that creates the vulnerability placeholder: + +[bash] +---- + if (!vulnEntryRecord.get('id', vulnerability.cve)) { + // The following code inserts the placeholder vulnerability in sn_vul_nvd_entry. The other attributes will be filled once the NVD import run's + var nvd_entry = new GlideRecord("sn_vul_nvd_entry"); + nvd_entry.initialize(); + nvd_entry.setValue("id", vulnerability.cve); + var vulEntry = nvd_entry.insert(); + vulnEntryRecord = new GlideRecord('sn_vul_entry'); + vulnEntryRecord.get(vulEntry); + } +---- diff --git a/docs/en/compute-edition/32/admin-guide/alerts/slack.adoc b/docs/en/compute-edition/32/admin-guide/alerts/slack.adoc new file mode 100644 index 0000000000..d84334ce45 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/slack.adoc @@ -0,0 +1,63 @@ +== Slack Alerts + +Prisma Cloud lets you send alerts to Slack channels and users. + + +[.task] +=== Configuring Slack + +To integrate Prisma Cloud with Slack, enable the incoming webhooks. +Prisma Cloud uses incoming webhooks to post messages to Slack. +You must have an admin role to perform this action. + +[.procedure] +. Login to your Slack account and select *Apps* available inside the *More* menu in the top left of your sidebar. + +. In *App Directory* search and select *Incoming Webhooks*. + +. Click the green *Add Configuration* button. + +. Enter the channel name where you want Prisma Cloud to post. + +. Click *Add Incoming Webhooks Integration*. + +. Copy and save the *Webhook URL* to be used when configuring Prisma Cloud. + + +// == Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to Slack + +// Reusable content fragment. +:slack_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create a new alert profile + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a *Profile name*. + +. In *Provider*, select *Slack*. + +. Click *Next*. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] + +[.task] +=== Configure the channel + +[.procedure] +. In *Settings*, enter the *Incoming webhook URL* you generated in the first section. +. Enter Slack *Users* or Slack channel to whom you want to send alerts. +. Click *Next*. +. Review the *Summary* and test the configuration by selecting *Send test alert*. +. Click *Save*. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/splunk.adoc b/docs/en/compute-edition/32/admin-guide/alerts/splunk.adoc new file mode 100644 index 0000000000..e6fdfa251b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/splunk.adoc @@ -0,0 +1,116 @@ +== Splunk Alerts + +Splunk is a software platform to search, analyze, and visualize machine-generated data gathered from websites, applications, sensors, and devices. + +Prisma Cloud continually scans your environment for vulnerabilities, Compliance, Runtime behavior, WAAS violations and more. You can now monitor your Prisma Cloud alerts in Splunk using a native integration. + +=== Send Alerts to Splunk + +Follow the instructions below to send alerts from your Prisma Cloud Console to Splunk Enterprise or Splunk Cloud Platform. + +[.task] +==== Set Up Splunk HTTP Event Collector (HEC) + +Splunk HEC lets you send data and application events to a Splunk deployment over the HTTP and HTTPS protocols. Set up Splunk HEC to view alert notifications from Prisma Cloud in Splunk and consolidate alert notifications from Prisma Cloud into Splunk. This integration enables your operations team to review and take action on the alerts. + +[.procedure] +. To set up HEC, use the instructions in https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector[Splunk documentation]. +The default *source type* is *_json*. + +. Go to *Settings > Data inputs > HTTP Event*. + +. Select *Collector* and ensure that HEC is on the list with the *Enabled* the status. + +ifdef::compute_edition[] +[.task] +==== Set up the Splunk Integration + +[.procedure] +. Log in to Prisma Cloud Console. + +. Go to *Manage > Alerts > Manage* tab. + +. Click on *+ Add profile* to create a dedicated alert profile for Splunk. + +.. Enter a name for your alert profile. + +.. In *Provider*, select *Splunk*. + +... In *Splunk HTTP event collector URL*, enter the Splunk HEC URL that you set up earlier. + +... In Custom JSON, enter the structure of the JSON payload, or use the default JSON. ++ +For more details about the type of data in each field, click *Show macros*. + +... Enter *Auth Token* ++ +The integration uses token-based authentication between Prisma Cloud and Splunk to authenticate connections to Splunk HEC. +A token is a 32-bit number that is presented in Splunk. + +.. In *Alert triggers* section, select what triggers send alerts to Splunk. + +.. Click *Send test alert* to test the connection. You can view the test message in Splunk. ++ +image::splunk-alert-profile.png[width=750] +endif::compute_edition[] + +ifdef::prisma_cloud[] +[.task] +==== Set up the Splunk Integration + +The Prisma Cloud Compute Enterprise Edition (SaaS) uses the same notification settings you set up in the platform for CSPM alerts. You configure the notifications in the platform under *Settings > Integrations*. You can import them as an alert profile to use them in Prisma Cloud Compute. You need to make any changes to the provider settings on the platform side. + +[.procedure] +. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-splunk.html[Integrate Prisma Cloud with Splunk]. + +. Import the platform notification configuration in Prisma Cloud Compute: + +.. Go to *Compute > Manage > Alerts > Manage* tab. + +.. Click on *Add Profile*. + +.. From the *Provider* drop down, select *Prisma Cloud*. + +.. In the *Integrations* field, select the configuration you set up when https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-splunk.html[integrating Prisma Cloud with Splunk]. + +.. Select the triggers you want sent to this channel. + +.. Click *Save*. ++ +image::splunk-saas-alert-profile.png[width=750] +endif::prisma_cloud[] + +=== Message Structure - JSON Schema + +The integration with Splunk generates a consistent event format. + +The JSON schema includes the following default fields: + +* `app`: Prisma Cloud Compute Alert Notification. + +* `message`: Contains the alert content in a JSON format as defined in the *Custom JSON* field. For example: + +** `command`: Shows the command which triggered the runtime alert. + +** `namespaces`: Lists the Kubernetes namespaces associated with the running image. + +** `startup process`: Shows the executed process activated when the container is initiated. + +* `sender`: Prisma Cloud Compute Alert Notification. + +* `sentTs`: Event sending timestamp as Unix time. + +* `type`: Shows the message type as `alert`. + +[source,json] +---- +{ + app: Prisma Cloud Compute Alert Notification + message: { [+] } + sender: Prisma Cloud Compute Alert Notification + sentTs: 1637843439 + type: alert +} +---- + +You can learn more about the Alert JSON macros and customizations in the xref:webhook.adoc[Webhook Alert documentation] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/webhook.adoc b/docs/en/compute-edition/32/admin-guide/alerts/webhook.adoc new file mode 100644 index 0000000000..708c5fcac5 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/webhook.adoc @@ -0,0 +1,304 @@ +== Webhook alerts + +Prisma Cloud offers native integration with a number of services, including email, JIRA, and Slack. +When no native integration is available, webhooks provide a mechanism to interface Prisma Cloud's alert system with virtually any third-party service. + +A webhook is an HTTP callback. +When an event occurs, Prisma Cloud notifies your web service with an HTTP POST request. +The request contains a JSON body that you configure when you set up the webhook. +A webhook configuration consists of: + +* URL +* Custom JSON body +* Credentials +* CA Certificate + +=== Custom JSON body + +You can customize the body of the POST request with values of interest. +The content of the JSON object in the request body is defined using predefined macros. +For example: + +[source,json] +---- +{ + "type":#type, + "host":#host, + "details":#message +} +---- + +When an event occurs, Prisma Cloud replaces the macros in your custom JSON with real values and then submits the request. + +[source,json] +---- +{ + "type":"ContainerRuntime", + "host":"host1", + "details":"/bin/cp changed binary /bin/busybox MD5:XXXXXXX" +} +---- + +All supported macros are described in the following table. +Not all macros are applicable to all alert types. + +[cols="25%,75%", options="header"] +|==== +|Rule |Description + +|`#type` +|Audit alert type. +For example, 'Container Runtime'. + +|`#time` +|Audit alert time. +For example, 'Jan 21, 2018 UTC'. + +|`#container` +|Impacted container. + +|`#image` +|Impacted image. + +|`#imageID` +|The ID of the impacted image. +For example, 'sha256:13b66b487594a1f2b75396013bc05d29d9f527852d96c5577cc4f187559875d0'. + +|`#tags` +|The tags of the impacted resource. + +|`#host` +|Hostname for the host where the audit occurred. + +|`#fqdn` +|Fully qualified domain name for the host where the audit occurred. + +|`#function` +|Serverless function where the audit occurred. + +|`#region` +|Region where the audit occurred. +For example, 'N. Virginia'. + +|`#provider` +|The cloud provider in which the alert was detected. +For example, 'aws'. + +|`#osRelease` +|The OS on which the alert occurred. +For example, 'stretch'. + +|`#osDistro` +|The OS distro on which the alert occurred. +For example, 'Debian GNU/Linux 9'. + +|`#runtime` +|Language runtime in which the audit occurred. +For example, 'python3.6'. + +|`#appID` +|Serverless or Function name. + +|`#rule` +|Rule which triggered the alert. + +|`#message` +|Associated alert message. + +|`#aggregated` [Deprecated] +|All fields in the audit message as a single JSON object. + +|`#aggregatedAlerts` +|Returns the aggregated audit events in JSON format. + +NOTE: For the existing webhook alerts, you can edit the custom JSON body and replace `#aggregated` macro with `#aggregatedAlerts` macro. + +|`#rest` [Deprecated] +|All subsequent alerts that occurred during the aggregation period, in JSON format. + +|`#dropped` +|The number of alerts dropped after the aggregation buffer has reached its limit. + +NOTE: For the existing webhook alerts, you can edit the custom JSON body to add the `#dropped` macro. + +|`#forensics` +|API link to download the forensics data for the incident. + +|`#accountID` +|The cloud account ID in which the audit was detected. + +|`#category` +|Audit alert category. +For example 'unexpectedProcess'. + +|`#command` +|The command which triggered the runtime audit. + +|`#startupProcess` +|The executed process is activated when the container is initiated. + +|`#labels` +|A list of the alert labels of the resource in which the audit was detected. + +|`#collections` +|A list of the associated collections for the resource where the issue was detected. + +|`#complianceIssues` +|The compliance issues detected in the latest scan of the resource. + +A single alert includes compliance issues for a single resource. + +|`#vulnerabilities` +|The new vulnerabilities detected in the latest scan. + +A single alert includes vulnerabilities for all resources where new vulnerabilities were found, so the vulnerabilities macro includes the data about the resources as well. All other macros, except type and time, will be empty. + +|`#clusters` +|The clusters on which the alert was detected. + +|`#namespaces` +|List of the Kubernetes namespaces associated with the running image. + +|`#accountIDs` +|The cloud account IDs in which the alert was detected. +Use this macro when the resource may run on multiple accounts. + +|==== + +The `#vulnerabilities` and `#complianceIssues` macros include inner structures. +Below is an example of their content. +Notice that the structure is subject to minor changes between versions. + +[source,json] +---- +{ + "vulnerabilities": [ + { + "imageName": "ubuntu@sha256:c95a8e48bf...", [only for image vulnerabilities] + "imageID": "sha256:f643c72bc25212974c1...", [only for image vulnerabilities] + "hostname": "console.compute.internal", [only for host vulnerabilities] + "distribution": "Ubuntu 20.04.1 LTS", + "labels": { + "key1": "value1", + "key2": "value2" + }, + "collections": [ + "All", + "collection1", + "collection2" + ], + "newVulnerabilities": [ + { + "severity": "High", + "vulnerabilities": [ + { + "cve": "CVE-2020-1971", + "severity": "high", + "link": "https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1971", + "status": "Fixed in: 1.0.1f-1ubuntu2.27+esm2", + "packages": "openssl", + "packageVersion": "1.0.1f-1ubuntu2.27" + }, + ... more vulnerabilities + ] + }, + { + "severity": "Low", + "vulnerabilities": [ + { + "cve": "CVE-2019-25013", + "severity": "low", + "link": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25013", + "status": "needed", + "packages": "libc-dev-bin,libc6-dev,libc6,libc-bin", + "packageVersion": "2.31-0ubuntu9.1", + "sourcePackage": "glibc" + }, + ... more vulnerabilities + ] + } + ] + }, + ... more images/hosts + ] +} +---- + +[source,json] +---- +{ + "complianceIssues": [ + { + "title": "(CIS_Docker_v1.2.0 - 4.1) Image should be created with a non-root user", + "id": "41", + "description": "It is a good practice to run the container as a non-root user, if possible...", + "type": "image", + "category": "Docker", + "severity": "high" + }, + "title": "Private keys stored in image", + "id": "425", + "description": "", + "type": "image", + "category": "Twistlock Labs", + "severity": "high", + "cause": "Found: /usr/share/npm/node_modules/agent-base/..." + }, + ... more compliance issues + ] +} +---- + +// === Configuring alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Sending alerts to a webhook + +// Reusable content fragment. +:webhook_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create new alert channel + +Create a new alert channel. + +*Prerequisites:* You have a service to accept Prisma Cloud's callback. +For purely testing purposes, consider http://postb.in/[PostBin] or https://github.com/Runscope/requestbin#readme[RequestBin]. + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a name for your alert profile. + +. In *Provider*, select *Webhook*. + + +[.task] +=== Configure the channel + +Configure the channel. + +[.procedure] +. In *Webhook incoming URL*, enter the endpoint where Prisma Cloud should submit the alert. + +. In *Custom JSON*, Enter the structure of the JSON payload that your web application is expecting. ++ +For more details about the type of data in each field, click *Show macros*. + +. (Optional) In *Credential*, specify a basic auth credential if your endpoint requires authentication. + +. (Optional) In *CA Certificate*, enter a CA cert in PEM format. ++ +NOTE: When using a CA certificate for secure communication, only one-way SSL authentication is supported. +If two-way SSL authentication is configured, alerts will not be sent. + +. Click *Send Test Alert* to test the connection. +An alert is sent immediately. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/alerts/xdr.adoc b/docs/en/compute-edition/32/admin-guide/alerts/xdr.adoc new file mode 100644 index 0000000000..62cd4259ce --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/xdr.adoc @@ -0,0 +1,58 @@ +== Cortex XDR alerts + +https://www.paloaltonetworks.com/cortex/cortex-xdr[Cortex XDR] is a detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Prisma Cloud can send runtime alerts to XDR when your policies are violated. Prisma Cloud can be configured to send data when an entire policy, or even specific rules, are violated. + +Prisma Cloud uses webhooks to send the alerts to Cortex XDR. When an event occurs, Prisma Cloud notifies the web service with an HTTP POST request that contains a JSON body. + +// === Configuring alert frequency +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Send alerts to XDR + +// === Send alerts +// +// Reusable content fragment. +:xdr_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create a new alert channel + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a *Profile name*. + +. In *Provider*, select *Cortex*. + +. In *Application*, select *XDR*. + +. Click *Next*. + +// === Configure the triggers +// +// Reusable content fragment. +:cortex_xdr_alerts: +include::frag-config-triggers.adoc[leveloffset=0] + +[.task] +=== Configure the channel + +[.procedure] +. Under *Settings*, in *Incoming webhook URL* enter the Cortex XDR endpoint where Prisma Cloud should submit the alerts. + +. (Optional) In *Credential*, specify a basic auth credential if your endpoint requires authentication. + +. (Optional) In *CA Certificate*, enter a CA cert in PEM format. ++ +NOTE: When using a CA cert to secure communication, only one-way SSL authentication is supported. If two-way SSL authentication is configured, alerts will not be sent. + +. Click *Next*. + +. Review the *Summary* and test the configuration by selecting *Send test alert*. + +. Click *Save*. diff --git a/docs/en/compute-edition/32/admin-guide/alerts/xsoar.adoc b/docs/en/compute-edition/32/admin-guide/alerts/xsoar.adoc new file mode 100644 index 0000000000..9f0fd88152 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/alerts/xsoar.adoc @@ -0,0 +1,86 @@ +== Cortex XSOAR alerts + +https://www.paloaltonetworks.com/cortex/xsoar[Cortex XSOAR] is a security orchestration, automation, and response (SOAR) platform. +Prisma Cloud can send alerts, vulnerabilities, and compliance issues to XSOAR when your policies are violated. +Prisma Cloud can be configured to send data when an entire policy, or even specific rules, are violated. + + +// == Configure alerts +// +// Reusable content fragment. +include::frag-config-rate.adoc[leveloffset=0] + + +=== Send alerts to XSOAR + +// Reusable content fragment +:xsoar_alerts: +include::frag-send-alerts.adoc[leveloffset=0] + + +[.task] +=== Create a new alert profile + +[.procedure] +. In *Manage > Alerts*, click *Add profile*. + +. Enter a *Profile name*. + +. In *Provider*, select *Cortex*. + +. In *Application*, select *XSOAR*. + +. Click *Next*. + +// Reusable content fragment. +include::frag-config-triggers.adoc[leveloffset=0] + +[.task] +=== Configure the channel + +[.procedure] +. In *Settings*, enter a *Console Name* that XSOAR should use to access your Prisma Cloud console. + +. Copy the *Console URL* and save it for creating the integration in XSOAR. + +. Copy the *CA certificate* and save it for creating the integration in XSOAR. + +. Click *Next*. + +. Review the *Summary* and click *Save*. + +[.task] +=== Configure XSOAR + +Create a new Prisma Cloud Compute integration in XSOAR. + +[.procedure] +. Log into Cortex XSOAR. + +. Go to *Settings > Integrations*. + +. Search for *Prisma Cloud Compute* and click *Add instance*. ++ +image::demisto_add_integration.png[width=800] + +. Under the *Settings*: + +.. *Name*: Enter the name for the integration. + +.. Check the *Fetch incidents* checkbox. + +.. *Prisma Cloud Compute Console URL and Port*: Paste the URL of the console that you copied from Prisma Cloud. + +.. (optional) *Prisma Cloud Compute Project Name*: Enter the name of the project in Prisma Cloud. + +.. *Credentials*: Enter the Prisma Cloud username that XSOAR should use to communicate with your Prisma Cloud console. + +.. *Password*: Enter the password for the username you provided. + +.. *Prisma Cloud Compute CA Certificate*: Paste the CA Certificate you copied from Prisma Cloud, or enter your own CA Certificate (if using a custom certificate to access your Prisma Cloud console). + +. Click *Test* to check the connection to Prisma Cloud console. + +. Click *Done* to save the integration. + +. Go to *Incidents* to see the alerts received from Prisma Cloud. diff --git a/docs/en/compute-edition/32/admin-guide/api/api.adoc b/docs/en/compute-edition/32/admin-guide/api/api.adoc new file mode 100644 index 0000000000..e54667412d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/api/api.adoc @@ -0,0 +1,17 @@ +== API + +All information for the CWPP API has now moved to https://pan.dev[pan.dev], our home for developer docs. + +ifdef::compute_edition[] +* *Prisma Cloud Compute Edition API reference* ++ +https://pan.dev/compute/api/ +endif::compute_edition[] + +ifdef::prisma_cloud[] +* *Prisma Cloud Enterprise Edition API reference* ++ +https://pan.dev/prisma-cloud/api/cwpp/ +* *API workflows* +https://pan.dev/prisma-cloud/docs/ +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/audit/annotate-audits.adoc b/docs/en/compute-edition/32/admin-guide/audit/annotate-audits.adoc new file mode 100644 index 0000000000..966aac6a92 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/annotate-audits.adoc @@ -0,0 +1,52 @@ +== Annotate audit event records + +Prisma Cloud lets you surface and display designated labels in events and reports. +For example, you might already use labels to classify resources according to team name or cost center. +With _alert labels_, you can specify which of these key-value pairs are appended to events (audits, incidents, syslog, alerts) and reports. + +Labels are key-value string pairs that can be attached to objects such as images, containers, or pods. +In Console, specify a list of Docker and Kubernetes labels that contain the metadata you want to append to Prisma Cloud events. +When an event fires, if the associated object has any of the specified labels, they are appended to the event. + + +[.task] +=== Specifying labels to append to Prisma Cloud events + +Specify which labels to append to Prisma Cloud events. + +[.procedure] +. Open Console. + +. Go to *Manage > Alerts > Alert Labels*. + +. Click *Add Label*. ++ +image::alert_labels.png[width=800] + +. Enter the name of the label to be appended to Prisma Cloud events. + +. Click *Create*. ++ +image::alert_labels_audit.png[width=400] + + +=== Email alerts + +The contents of a label can be used as a dynamic target for email alerts. +Specify the labels that contain a comma delimited list of email addresses, and when an event fires, the recipients will be notified. + +Before setting up your email alerts, be sure you've specified a list of labels to be appended to Prisma Cloud events, where at least one label contains a comma-delimited list of email addresses. + +NOTE: Kubernetes labels don't support special characters, such as `@`, which are required to specify email addresses. +Therefore, only Docker labels can be used as a dynamic address list for email alerts. + +xref:../alerts/email.adoc[Configure email alerts] + + +=== JIRA alerts + +The contents of a label can be used to dynamically specify project keys, JIRA labels, and assignees for new JIRA issues. + +Before setting up your JIRA alerts, be sure you've specified a list of labels to be appended to Prisma Cloud events, where the labels contain the type of information you need to dynamically route JIRA issues to the right team. + +xref:../alerts/jira.adoc[Configure JIRA alerts] diff --git a/docs/en/compute-edition/32/admin-guide/audit/audit-admin-activity.adoc b/docs/en/compute-edition/32/admin-guide/audit/audit-admin-activity.adoc new file mode 100644 index 0000000000..f868f7630b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/audit-admin-activity.adoc @@ -0,0 +1,28 @@ +== Administrative activity audit trail + +All Prisma Cloud administrative activities are logged. + +Changes to any settings (including previous and new values), changes to any rules (create, modify, or delete), changes to the credentials (create,modify, or delete), and all logon activity (success and failure) are logged. +For every event, both the user name and source IP are captured. + +Audit records for App-Embedded runtime audits, Trust audits, Container network firewall audits, and Host network firewall audits are retained for up to 25,000 entries or 50 MB, whichever limit is met first. + +For login activity, the following events are captured: + +* Every login attempt from the login page, including failures. +* Every failed attempt to authenticate to the API. +Successfully authenticated calls to the API are not recorded. + +The full set of log data is available to anyone with a xref:../authentication/user-roles.adoc[user role] of auditor or higher. + +To view the administrative history, open Console, then go to *Manage > Logs > History*. + +Settings, credentials, and rule events show how a configuration has changed. +You can review the API endpoint, and a diff of the previous and current JSON objects. +The following screenshot shows the changes to a vulnerability management rule: + +image::admin_activity_audit_trail_diff.png[width=600] + +Use the https://pan.dev/compute/api/get-policies-vulnerability-ci-images/[API reference] to view information on the API endpoint. +The `/api/22.01/policies/vulnerability/ci/images` endpoint creates and modifies vulnerability rules for images scanned in the CI process. +In this case, user `name obscured` has changed the threshold for the grace period for fixing Critical and High severity CVEs to 2 days and 4 days respectively after the vulnerability was published or disclosed. diff --git a/docs/en/compute-edition/32/admin-guide/audit/audit.adoc b/docs/en/compute-edition/32/admin-guide/audit/audit.adoc new file mode 100644 index 0000000000..ffa90c2dc1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/audit.adoc @@ -0,0 +1,5 @@ +== Audit + +Prisma Cloud creates and stores audit event records (audits) for all major subsystems. +Audits can be reviewed in Monitor > Events, or they can be retrieved from the Prisma Cloud API. +If you have a centralized syslog collector, you can integrate Prisma Cloud with your existing infrastructure by configuring Prisma Cloud to send all audit events to syslog in RFC5424-compliant format. diff --git a/docs/en/compute-edition/32/admin-guide/audit/delete-audit-logs.adoc b/docs/en/compute-edition/32/admin-guide/audit/delete-audit-logs.adoc new file mode 100644 index 0000000000..9aef2c4f69 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/delete-audit-logs.adoc @@ -0,0 +1,64 @@ +== Delete audit logs + +Delete audits from the log using the Prisma Cloud API. + + +=== Delete all access audit events + +Deleting audit log entries is done through API calls only. + +*Path* + + DELETE /api/v1/audits/access?type=[type] + +*Description* + +Deletes all access events of a specific type. In case type is not provided all access audits for every type will be removed. +The possible 'types' for this command are: + +* `docker`: Docker access audit +* `kubernetes`: Kubernetes access audit (to Kubernetes master) +* `sshd`: SSH audit to host +* `sudo`: sudo commands audit on host + +*Status codes* + +* `200` - no error +* `400` - bad request was provided + +*Example request* + + curl -X DELETE -u admin: 'https://:8443/api/v1/audits/access?type=docker' + +*Example response* + + {} + + +=== Delete access audit event + +Deleting audit log entries is done through API calls only. + +*Path* + + DELETE /api/v1/audits/access/[id] + +*Description* + +Deletes an access event with specific id. + +*Status codes* + +* `200` - no error +* `400` - bad request was provided + +*Example request* + + curl -X DELETE -u admin: 'https://:8443/api/v1/audits/access/580fd342b8aaba1000ec47be' + +*Example response* + + {} + +NOTE: The current set up enables user to delete entries at the access layer for each runtime sensor. +To learn more on API calls, see the https://pan.dev/compute/api/[API reference]. diff --git a/docs/en/compute-edition/32/admin-guide/audit/event-viewer.adoc b/docs/en/compute-edition/32/admin-guide/audit/event-viewer.adoc new file mode 100644 index 0000000000..043edc6841 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/event-viewer.adoc @@ -0,0 +1,40 @@ +== Event viewer + +Prisma Cloud creates and stores audit event records (audits) for all major subsystems. +Audits can be reviewed in *Monitor > Events*, or they can be retrieved from the https://pan.dev/compute/api/get-audits-access/[Prisma Cloud Compute API]. +If you have a centralized syslog collector, you can xref:../audit/logging.adoc[integrate Prisma Cloud] with your existing infrastructure by configuring Prisma Cloud to send all audit events to syslog in https://tools.ietf.org/html/rfc5424[RFC5424]-compliant format. + +You can review some of the limits on storing xref:../deployment-patterns/caps.adoc[audit events]. + +NOTE: When you're reviewing audits in a dialog, the list of audits isn't updated in real-time. +To retrieve all the latest data, close the dialog. +If the *Refresh* button is decorated with a red indicator, click it to refresh the view with the latest data, then reopen the dialog. + +[.section] +=== Access audits +Access to any container resource protected by Defender is logged and aggregated in Console. +You can also configure Prisma Cloud to xref:../audit/host-activity.adoc[record audits for sudo, SSH, and other events] that are executed on hosts protected by Defender. +This audit trail links access to system components to individual users. +Access events can be viewed in Console under *Monitor > Events*. + +[.section] +=== Runtime audits +Prisma Cloud records an audit every time a runtime sensor (process, network, file system, and system call) detects activity that deviates from the sum of the predictive model plus any runtime rules you've defined. +For example, a file system audit event is emitted when Prisma Cloud detects malware in a container. +Runtime events for containers can be viewed in Console under *Monitor > Events*. +Runtime events for hosts can be viewed in Console under *Monitor > Events*. + +[.section] +=== Firewall audits +Web Application and API Security (WAAS) is a layer 7 filtering engine that ensures only safe, clean traffic ever reaches your web app. +Audits are generated when WAAS detects an attack, such as SQL injection or cross-site scripting. +WAAS audits can be viewed under *Monitor > Events*. + +[.section] +=== Admin activity +All Prisma Cloud xref:../audit/audit-admin-activity.adoc[administrative activity] can viewed under *Manage > View Logs*. + +Prisma Cloud limits viewing of audit trails to those with a job-related need. +To view audit events, you must log into Console. +Only users with Administrator, Operator, Defender Manager, or Auditor xref:../authentication/user-roles.adoc[roles] can view audit data in Console. +Similarly, only users with the above-mentioned roles can retrieve audit data from the Prisma Cloud API. diff --git a/docs/en/compute-edition/32/admin-guide/audit/host-activity.adoc b/docs/en/compute-edition/32/admin-guide/audit/host-activity.adoc new file mode 100644 index 0000000000..1f127d6179 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/host-activity.adoc @@ -0,0 +1,63 @@ +== Host activity + +Prisma Cloud lets you audit security-related activity on hosts protected by Defender. + +Runtime rules specify the type of activity to capture. +The default host runtime rule, _Default - alert on suspicious runtime behavior_, assesses interactive user activity. +You can create additional runtime rules to control which type of events are captured on which hosts. + +The following types of activity can be assessed and captured. + +* *Docker* -- +Docker commands that alter state: +create, +run, +exec, +commit, +save, +push, +login, +export, +kill, +start, +stop, and +tag. + +* *Read-only Docker events* -- +When you configure Prisma Cloud to capture Docker commands, you can optionally capture commands that simply read state. +These include _docker ps_ and _docker images_. + +* *New sessions spawned by sshd* -- +Self-explanatory. + +* *Commands run with sudo or su* -- +Self-explanatory. + +* *Log activity from background apps* -- +Processes run by services on the host that could raise security concerns. +Activities include: service restart, service install, service modified, cron modified, system update, system reboot, package source modified, package source added, iptables changed, secret modified, accounts modified, and sensitive files modified. + +Whereas Defender's runtime system surfaces suspect activity by sifting through events, Defender's xref:../runtime-defense/incident-explorer.adoc#forensics[forensics] system presents a raw list of all spawned processes. + + +[.task] +=== Enabling audits for local events + +To enable audits for host activity, create a new host runtime rule. +After making your changes, you can view all audits in *Monitor > Events* with the *Host Activities* filter. + +Auditing begins after a rule is created. +Any events that occurred before the rule was created are not recorded. + +[.procedure] +. Open Console. + +. Go to *Defend > Runtime > Host Policy*. + +. Click *Add rule*, and give it a name. + +. In *Hosts*, specify the hosts for which this rule applies. + +. In the *Activities* tab, enable the events for which you want audits. + +. Click *Save*. diff --git a/docs/en/compute-edition/32/admin-guide/audit/kubernetes-auditing.adoc b/docs/en/compute-edition/32/admin-guide/audit/kubernetes-auditing.adoc new file mode 100644 index 0000000000..eff8ac3e1b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/kubernetes-auditing.adoc @@ -0,0 +1,461 @@ +== Kubernetes auditing + +The Kubernetes auditing system records the activities of users, administrators, and other components, that have affected the cluster. +Prisma Cloud can ingest, analyze, and alert on security-relevant events. +Write custom rules or leverage Prisma Cloud Labs prewritten rules to assess the incoming audit stream and surface suspicious activity. + +NOTE: Audits types are limited to the ones been configured by the audit policy of the cloud provider. + + +=== Rule library + +Custom rules are stored in a central library, where they can be reused. +Besides your own rules, Prisma Cloud Labs also distributes rules via the Intelligence Stream. +These rules are shipped in a disabled state by default. +You can review, and optionally apply them at any time. + +Your Kubernetes audit policy is defined in *Defend > Access > Kubernetes*, and formulated from the rules in your library. +There are four types of rules, but the only one relevant to the audit policy is the `kubernetes-audit` type. +Custom rules are written and managed in Console under *Defend > Custom rules > Runtime* with an online editor. +The compiler checks for syntax errors when you save a rule. + + +=== Expression grammar + +Expressions let you examine contents of a Kubernetes audit. +Expressions have the following grammar: + +`expression: term (op term | in )*` + +term:: +integer | string | keyword | event | '(' expression ')' | unaryOp term + +in:: +'(' integer | string (',' integer | string)*)? + +op:: +and | or | > | < | >= | <= | = | != + +unaryOp:: +not + +keyword:: +startswith | contains + +string:: +Strings must be enclosed in double quotes + +integer:: +int + +event:: +process, file system, or network + + +=== Kubernetes audit events + +When Prisma Cloud receives an audit, it is assessed against your policy. +Like all policies in Prisma Cloud, rule order is important. +Rules are processed top to bottom, and processing stops at the first match. +When a rule matches, an alert is raised. + +Write rules to surface audits of interest. +Rules are written with the jpath function. +The jpath function extracts fields from JSON objects, which is the format of a Kubernetes audit. +The extracted string can then be compared against strings of interest. +The primary operators for jpath expressions are '=', 'in', and 'contains'. +For non-trivial examples, look at the Prisma Cloud Lab rules. + +The argument to jpath is a single string. +The right side of the expression must also be a string. +A basic rule with a single jpath expression has the following form: + + jpath("path.in.json.object") = "something" + +Let's look at some examples using the following JSON object as our example audit. + +.Example Kubernetes audit +[source,json] +---- +{ + "user":{ + "uid":"1234", + "username":"some-user-name", + "groups":[ + "group1", + "group2" + ] + }, + "stage":"ResponseComplete" +} +---- + +To examine a user's UID, use the following syntax. +This expression evaluates to true. + + jpath("user.uid") = "1234" + +To examine the username, use the following syntax: + + jpath("user.username") = "some-user-name" + +To examine the stage field, use the following syntax: + + jpath("stage") = "ResponseComplete" + +To examine the groups list field, use the following syntax: + + jpath("user.groups") contains "group1" + +Or alternatively: + + jpath("user.groups") in ("group1","group2") + + + +=== Integrating with self-managed clusters + +Prisma Cloud supports self-managed clusters. See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/system_requirements[here] for supported Kubernetes versions. +You can deploy clusters with any number of tools, including kubeadm. + +*Prerequisites:* You've already deployed a Kubernetes cluster. + +[.task] +==== Configure the API server + +Configure the API server to forward audits to Prisma Cloud. + +To configure the audit webhook backend: + +* Create an audit policy file that specifies the events to record and the data events should contain. +* Create a configuration file that defines the backend details and configurations. +* Update the API server config file to point to your audit policy and configuration files. + +NOTE: If your API server runs as a pod, then the audit policy and configuration files must be placed in a directory mounted by the API server pod. +Either place the files in an already mounted directory, or create a new one. + +NOTE: If flags/objects related to AuditSink/dynamic auditing were previously added to your API server configuration, remove them. +Otherwise, this setup won't work. + +[.procedure] +. Specify the audit policy. ++ +Create a file called _audit-policy.yaml_ with the following recommended policy: ++ +---- +apiVersion: audit.k8s.io/v1 # This is required. +kind: Policy +# Generate audit events only for ResponseComplete or panic stages of a request. +omitStages: + - "RequestReceived" + - "ResponseStarted" +rules: + # Audit on pod exec/attach events + - level: Request + resources: + - group: "" + resources: ["pods/exec", "pods/attach"] + + # Audit on pod creation events + - level: Request + resources: + - group: "" + resources: ["pods"] + verbs: ["create"] + + # Audit on changes to the twistlock namespace (defender daemonset) + - level: Request + verbs: ["create", "update", "patch", "delete"] + namespaces: ["twistlock"] + + # Default catch all rule + - level: None +---- ++ +More details can be found https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy[here]. + +. Create a configuration file. ++ +Create a configuration file named _audit-webhook.yaml_. ++ +For the server address, ``, do the following ++ +Step 1. Perform GET /api/v1/settings/kubernetes-audit and get the suffix. example response: +{ + "webhookUrlSuffix": "Rov4TLMx1UiaJuP99OyulwQVUT0=", + "lastPollingTime": null +} ++ +Step 2. Append the suffix to your console URL ++ +For example : https://1.1.1.1:8083/api/v1/kubernetes/webhook/Rov4TLMx1UiaJuP99OyulwQVUT0= ++ +---- +apiVersion: v1 +kind: Config +preferences: {} +clusters: +- name: + cluster: + server: # compute console endpoint as stated above +contexts: +- name: webhook + context: + cluster: + user: kube-apiserver +current-context: webhook +---- + +. Move the config files into place. ++ +Move both _audit-policy.yaml_ and _audit-webhook.yaml_ to a directory that holds your API server config files. +If the API server runs as a pod, move the files to a directory that is accessible to the pod. +Accessible directories can be found in the API server config file under `mounts`. ++ +Alternatively, create a new directory and add it to `mounts`. +For more information, see https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#log-backend[here]. + +. Add flags. ++ +Configure the API server to use the policy and configuration files you just created. +Add the following flags to the API server config file: ++ +---- +spec: + containers: + - command: + # Existing flags + ... + # New flags for Prisma Cloud: + - --audit-policy-file=/audit-policy.yaml + - --audit-webhook-config-file=/audit-webhook.yaml +---- ++ +IMPORTANT: When changing the kube-apiserver config file, the API server automatically restarts. +It can take a few minutes for the API server to resume operations. + +[.task] +=== Integrating with Google Kubernetes Engine (GKE) + +On GKE, Prisma Cloud retrieves audits from Stackdriver, polling it every 10 minutes for new data. + +Note that there can be some delay between the time an event occurs in the cluster and when it appears in Stackdriver. +Due to Twistock's polling mechanism, there's another delay between the time an audit arrives in Stackdriver and when it appears in Prisma Cloud. + +See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/system_requirements[here] for GKE cluster versions supported by Prisma Cloud. + +*Prerequisites:* You've created a service account with one of the following authorization scopes: + +* \https://www.googleapis.com/auth/logging.read +* \https://www.googleapis.com/auth/logging.admin +* \https://www.googleapis.com/auth/cloud-platform.read-only +* \https://www.googleapis.com/auth/cloud-platform + +[.procedure] +. Open Console. + +. Go to *Defend > Access > Kubernetes*. + +. Set *Kubernetes auditing* to *Enabled*. + +. Click *Add settings* to configure how Prisma Cloud connects to your cloud provider's managed Kubernetes service. + +.. Set *Provider* to *GKE*. + +.. Select your GKE credential. ++ +If there are no accounts to select, add one to the xref:~/authentication/credentials-store/credentials-store.adoc[credentials store]. + +.. (Optional) Specify clusters to collect audit data, allows to limit the collected data + +.. Specify project IDs. If unspecified, the project ID where the service account was created is used + +.. (Optional) Specify Advanced filter - specify a filter to reduce the amount of data transferred ++ +Do not use the `resource.type` or `timestamp` filters because Prisma Cloud uses them internally. + +.. Click *Add*. + +. Click *Save*. + + +[#ca-bundle] +=== CA bundle + +If you're sending audit data to Prisma Cloud's webhook over HTTPS, you must specify a CA bundle in the AuditSink object. + +If you've customized Console's certificate, you can get a copy from *Manage > Authentication > System-certificates > TLS certificate for Console*. +Paste the certificate into a file named _server-cert.pem_, then run the following command: + + $ openssl base64 -in server-cert.pem -out base64-output -A + +In the AuditSingle object, set the value of caBundle to the contents of the base64-output file. + + +[.task] +=== Testing your setup + +Write a new rule, or select a prewritten rule from the inventory, and add it your audit policy. +This setup installs a rule that fires when privileged pods are created in the cluster. + +[.procedure] +. Open Console, and go to *Defend > Access > Kubernetes*. + +. Add a Prisma Cloud Labs prewritten rule. + +.. Click *Select rules*. + +.. If you're integrated with a managed cluster, select *Prisma Cloud Labs - Privileged pod creation*. +If you're integrated with GKE, select *Prisma Cloud Labs - GKE - privileged pod creation*. ++ +NOTE: There are separate rules for standard Kubernetes and GKE because the structure of the audits are different. +Therefore, the logic for parsing the audit JSON is different. + +.. Click *Save*. + +. Create a pod deployment file named _priv-pod.yaml_, and enter the following contents. ++ +[source,yaml] +---- +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + securityContext: + privileged: true +---- + +. Create the privileged pod. + + $ kubectl apply -f priv-pod.yaml + +. Verify an audit was created. ++ +Go to *Monitor > Events*, and select the *Kubernetes Audits* filter. ++ +image::kubernetes_auditing.png[width=800] + + +[.task] +=== Integrating with Azure Kubernetes Service (AKS) + +With AKS, Prisma Cloud retrieves audits from "Log Analytics workspace", polling it every 10-15 minutes for new data. + +NOTE: You will have to enable exporting AKS logs into Azure Workspace, and Prisma Cloud will extract the logs from there. +You only need to export AKS resource logs of the category `kube-audit` (see https://docs.microsoft.com/en-us/azure/aks/monitor-aks#collect-resource-logs[here]). +Also, there can be some delay between the time an event occurs in the cluster and when it appears in Workspace. +Due to Prisma Cloud's polling mechanism, there's another delay between the time an audit arrives in the Workspace and when it appears in Prisma Cloud. + +Prisma Cloud supports only AKS cluster versions that allow log exporting. + +image::kubernetes_aks_diagram_audit.png[width=800] + +[.procedure] +. Open Console. + +. Go to *Defend > Access > Kubernetes*. + +. Set *Kubernetes auditing* to *Enabled*. + +. Click *Add settings* to configure how Prisma Cloud connects to your cloud provider's managed Kubernetes service. + +.. Set *Provider* to *AKS*. + +.. Select your AKS credential. ++ +If there are no accounts to select, add one to the xref:~/authentication/credentials-store/credentials-store.adoc[credentials store]. + +.. (Optional) specify clusters to collect audit data, allows to limit audit data. + +.. Specify the Workspace Name. ++ +We recommend that you use the free 7 day retention period workspace. + +.. Specify a list of resource groups. ++ +If unspecified, all resource groups will be used to retrieve the audits. + +.. (Optional) Specify Advanced filter to reduce the amount of data transferred. ++ +Use this https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries[reference] for help with the query syntax. + +.. Click *Add*. + +. Click *Save*. + +[.task] +=== Integrating with Elastic Kubernetes Service (EKS) + +On EKS, Prisma Cloud retrieves audits from AWS "Cloud watch", polling it every 10-15 minutes for new data. + +NOTE: You will have to enable exporting EKS logs into AWS Cloud Watch, and Prisma Cloud will extract the logs from there. +You only need to enable exporting Kubernetes audits (logs of type `audit`), see https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html[here]. +Also, there can be some delay between the time an event occurs in the cluster and when it appears in CloudWatch. + +Due to Prisma Cloud's polling mechanism, there's another delay between the time an audit arrives in the CloudWatch and it appears in Prisma Cloud. + +Prisma Cloud supports only EKS cluster versions that allow log exporting. + +image::kubernetes_eks_diagram_audit.png[width=800] + +[.procedure] +. Open Console. + +. Go to *Defend > Access > Kubernetes*. + +. Set *Kubernetes auditing* to *Enabled*. + +. Click *Add settings* to configure how Prisma Cloud connects to your cloud provider's managed Kubernetes service. + +.. Set *Provider* to *EKS*. + +.. Select your EKS credential. ++ +If there are no accounts to select, add one to the xref:~/authentication/credentials-store/credentials-store.adoc[credentials store]. + +.. Specify the cluster region. + +.. (Optional) Specify Advanced filter to reduce the amount of data transferred. ++ +Use https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html[AWS Log Insights syntax]. + +.. Click *Add*. + +. Click *Save*. + + +=== Custom rules + +A custom rule is made up of one or more conditions. +Configure custom rules policy in order to trigger audits and match them. +Prisma Cloud supports GKE, EKS, and AKS clusters. + +[.task] +=== Write a Kubernetes custom rule + +Expression syntax is validated when you save a custom rule. + +[.procedure] +. Open Console, and go to *Defend > Access > Kubernetes*. + +. Click *Add rule*. + +. Enter a name for the rule. + +. In *Message*, enter an audit message to be emitted when an event matches the condition logic in this custom rule. + +. Enter your expression logic. ++ +You can filter by cluster name (applies to all cloud providers), project ID (GCP), account ID (AWS), resource group (only capital letters, GCP), and subscription ID (Azure) + +. Click *Add*. ++ +Your expression logic is validated before it's saved to the Console's database. diff --git a/docs/en/compute-edition/32/admin-guide/audit/log-rotation.adoc b/docs/en/compute-edition/32/admin-guide/audit/log-rotation.adoc new file mode 100644 index 0000000000..20e0fc7474 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/log-rotation.adoc @@ -0,0 +1,42 @@ +== Log rotation + +Both Console and Defender call _log-rotate_ every 30 minutes. +The options passed to log-rotate are described below. + + +[.section] +=== Defender + +The default path for Defender's log file is _/var/lib/twistlock/log/defender.log_. + +It is configured as follows: + +* Truncate the original log file in place after creating a copy, instead of moving the old log file. (`copytruncate`) +* Have 10 backup files rotated. If rotation exceeds 10 files, the oldest rotated file is deleted. (`rotate 10`) +* Don't generate an error in case a log file doesn't exist. (`missingok`) +* Don't rotate the log in case it's empty. (`notifempty`) +* Rotate the log only if its size is 100M or more. (`size 100M`) +* Compress the rotated logs. (`compress`) + + +[.section] +=== Console +ifdef::compute_edition[] +The default path for Console's log file is _/var/lib/twistlock/log/console.log_. +endif::compute_edition[] +It is configured as follows: + +* Truncate the original log file in place after creating a copy, instead of moving the old log file. (`copytruncate`) +* Have 10 backup files rotated. If rotation exceeds 10 files, the oldest rotated file is deleted. (`rotate 10`) +* Don't generate an error in case a log file doesn't exist. (`missingok`) +* Don't rotate the log in case it's empty. (`notifempty`) +* Rotate the log only if its size is 100M or more. (`size 100M`) +* Compress the rotated logs. (`compress`) + + +[.section] +=== DB logs + +We log CRITICAL/ERROR messages to enable critical DB diagnostics. + +NOTE: This is automatically done by Prisma Cloud and is non-configurable. diff --git a/docs/en/compute-edition/32/admin-guide/audit/logging.adoc b/docs/en/compute-edition/32/admin-guide/audit/logging.adoc new file mode 100644 index 0000000000..3a4bb01076 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/logging.adoc @@ -0,0 +1,854 @@ +== Syslog and stdout integration + +You can configure Prisma Cloud to send audit event records (audits) to syslog and/or stdout for Console and Defender based on whether you have Prisma Cloud Compute Edition or Prisma Cloud Enterprise Edition. + +ifdef::compute_edition[] +With the Prisma Cloud Compute Edition, you can configure Prisma Cloud to send audit event records (audits) to syslog and/or stdout. + +Syslog integration must be turned on manually. +Open Console, go to *Manage > Alerts > Logging*, then set *Syslog* to *Enabled*. +Prisma Cloud connects to the syslog socket on _/dev/log_. +Stdout integration can be enabled from the same tab. + +When you enable syslog or stdout integration, you can optionally enable verbose output. +Verbose output records vulnerability and compliance issues in your environment. +It also records all process activity. + +In general, enabling verbose output is not recommended because of the substantial overhead. +You can retrieve this data much more efficiently from the Prisma Cloud API. +Nevertheless, sometimes this capability is expressly required for integration with SIEM tools. + +// TODO: Describe all log files in a Prisma Cloud setup. +// By default, logs are sent to Console. +// In addition, each host protected by Defender sends logs to _/var/lib/twistlock/log/defender.log_ on its local file system. + +[NOTE] +==== +Do not enable both syslog and stdout on hosts with systemd. +With systemd, anything sent to stdout gets logged to syslog. +With both syslog and stdout enabled, you would get duplicate messages in syslog. +==== +endif::compute_edition[] + +ifdef::prisma_cloud[] +For the Prisma Cloud Enterprise Edition, we operate and monitor the Console for you. Therefore, the Console does not generate syslog events that you can reference. + +The Defenders generate syslog messages that you can ingest for runtime and firewall events. In addition, you can configure Prisma Cloud to append a custom string to all Defender syslog messages. +endif::prisma_cloud[] + + +[.task] +=== Sending syslog messages to a network endpoint + +Writing to _/dev/log_ sends logs to the local host's syslog daemon. +The syslog daemon can then be optionally configured to forward those logs to a remote syslog or SIEM server. +If you don't have access to the underlying host, you can configure Prisma Cloud Console to send log messages directly to your remote system. + +[NOTE] +==== +In most cases, you won't need to specify a network endpoint in order to send syslog messages to your SIEM tool. +If you already have log collectors on your hosts, simply enable syslog. +Your log collectors will stream Prisma Cloud syslog messages to your SIEM tool. +==== + +Some things to keep in mind: + +* Console sends logs directly to your remote server. +When configuring Console with the remote server, validate that the address you enter is actually reachable from the host where Console runs. +Otherwise, you risk losing log messages. + +* Because Console sends messages directly to your remote server, and not through the local syslog daemon, you don't get some of syslog's built-in benefits, such as buffering, which protects against network outages and service failures. + +* The classic syslog implementation sends logs over UDP. +This is considered a bad practice if your logs have any value. +UDP is connectionless. +Packets are sent to their destination without confirming that they were received. +TCP's stateful connections and retransmission capabilities make it more appropriate for shuttling logs to a SIEM. + +[.procedure] +. Log into Console. + +. Go to *Manage > Alerts > Logging*. + +. Set *Syslog* to *Enabled*. + +. In *Send syslog messages over the network to*, click *Edit*, and then specify a destination. + + +[.task] +=== Appending custom strings to syslog messages + +ifdef::compute_edition[] +You can configure Prisma Cloud Compute to append a custom string to all Console and Defender syslog messages. +endif::compute_edition[] + +ifdef::prisma_cloud[] +You can configure Prisma Cloud Compute to append a custom string to all Defender syslog messages. +endif::prisma_cloud[] + +Custom strings are set in the event message as a key-value pair, where the key is "id", and the value is your custom string. +The following screenshot shows a Defender event, where the custom string is "koko". + +image::defender_syslog_event_with_custom_string.png[width=800] + +Configuring a custom string is useful when you have multiple Prisma Cloud Compute deployments (i.e. multiple Compute Consoles) and you're aggregating all messages in a single log management system. +The custom string serves as a marker that lets you correlate specific events to specific deployments. + +[.procedure] +. Open Console. + +. Go to *Manage > Alerts > Logging*. + +. Set *Syslog* to *Enabled*. + +. For *Identifier*, click *Edit*, and enter a string. + + +=== Console events + +Both Console and Defender emit messages. +Console syslog messages are tagged as _Twistlock-Console_ in the logs. + +The data emitted to syslog and stdout is exactly the same. + +[.section] +==== Console syslog event types + +The following table describes each message type and sub-type. + +[cols="15%,25%,60%", options="header"] +|=== +|Syslog Type |Sub Type |Description + +|image_scan +|-- +|This represents an image scan. + +|-- +|containerCompliance +|This represents any Compliance findings within the image scan. + +|-- +|vulnerability +|This represents any Vulnerability findings within the image scan. + +|container_scan +|-- +|This represents a Container scan. + +|-- +|container +|This represents any Compliance findings within the container scan. + +|vm_scan +|-- +|This represents a VM scan. + +|-- +|containerCompliance +|This represents any Compliance findings within the vm scan. + +|-- +|vulnerability +|This represents any Vulnerability findings within the vm scan. + +|host_scan +|-- +|This represents a Host scan. + +|-- +|containerCompliance +|This represents any Compliance findings within the host scan. + +|-- +|vulnerability +|This represents any Vulnerability findings within the host scan. + +|scan_summary +|-- +|This represents a scan summary. The type of summary is dependent upon subtype below. + +|-- +|image +|This represents a summary of image Vulnerability and Compliance issues. + +|-- +|container +|This represents a summary of container Vulnerability and Compliance issues. + +|-- +|vm +|This represents a summary of vm Vulnerability and Compliance issues. + +|-- +|host +|This represents a summary of host Vulnerability and Compliance issues. + +|-- +|code_repository_scan +|This represents a summary of code repository Vulnerability and Compliance issues. + +|-- +|registry_scan +|This represents a summary of registry Vulnerability and Compliance issues. + +|-- +|cloud_scan +|This represents a summary of cloud accounts with Compute Compliance issues. + +|management_audit +|-- +|This represents any management audit. This is broken out in the subtypes listed below. + +|-- +|login +|This represents a login audit. + +|-- +|profile +|This represents a profile state change audit. + +|-- +|settings +|This represents a settings change audit. + +|-- +|rule +|This represents a rule change audit. + +|-- +|user +|This represents a user change audit. + +|-- +|group +|This represents a group change audit. + +|-- +|credential +|This represents a credential change audit. + +|-- +|tag +|This represents a tag change audit. + +|kubernetes_audit +|-- +|This represents a Kubernetes audit. + +|admission_audit +|-- +|This represents an Admission Controller audit. + +|serverless_runtime_audit +|-- +|This represents a Serverless runtime audit. + +|serverless_app_firewall_audit +|-- +|This represents a Serverless WAAS audit. + +|app_embedded_runtime_audit +|-- +|This represents an app embedded runtime audit. + +|app_embedded_app_firewall_audit +|-- +|This represents an app embedded WAAS audit. + +|defender_disconnected +|-- +|This represents when a Defender is disconnected. + +|=== + +[.section] +==== Image scan + +Records when Prisma Cloud scans an image. + +Example image scan message: + + Jul 30 18:51:32 user-root Twistlock-Console[1]: + time="2019-07-30T18:51:32.214136319Z" + type="scan_summary" + log_type="image" + image_id="sha256:cd14cecfdb3a657ba7d05bea026e7ac8b9abafc6e5c66253ab327c7211fa6281" + image_name="user/internal:tag5" + vulnerabilities="297" + compliance="1" + + +[.section] +==== Container scan + +Records when Prisma Cloud scans a container. + +Example container scan message: + + Jul 30 22:06:15 user-root Twistlock-Console[1]: + time="2019-07-30T22:06:15.804842461Z" + type="container_scan" + log_type="container" + container_id="d29ac3222f430ccf6a7d730db5cec3363d4c608680de881e26e13f9011e36d13" + container_name="twistlock_console" + image_name="twistlock/private:console_19_07_353" + compliance="6" + + +[.section] +==== Host scan + +Records when Prisma Cloud scans a host. +Defenders scan the hosts they run on. + +Example host scan: + +[source,console] +---- + Jul 30 22:09:53 user-root Twistlock-Console[1]: + time="2019-07-30T22:09:53.390680962Z" + type="scan_summary" + log_type="host" + hostname="user-root.c.cto-sandbox.internal" + vulnerabilities="89" + compliance="17" +---- + +[.section] +==== Code repository scan + +Records when Prisma Cloud scans a code repository. + +Example scan: + +[source,console] +---- + Jul 7 23:34:09 ip-172-31-55-106 Twistlock-Console[1]: + time="2020-07-07T23:34:09.25109843Z" + type="scan_summary" + last_update_time="2020-07-07 23:21:00.203 +0000 UTC" + log_type="code_repository_scan" + source="github" + repository_name="jerryso/apper" + vulnerable_files="1" + vulnerabilities="25" + collections="All" +---- + +ifdef::compute_edition[] +[.section] +==== Individual compliance issues + +Records a compliance finding. +These messages are tagged with __log_type="compliance"__, and are generated as a byproduct of container scans, image scans, host scans, and registry scans. + +Compliance issues are only recorded when *Detailed output for vulnerabilities and compliance* is enabled in *Manage > Alerts > Logging* (to see this option, syslog must be enabled). + +A syslog entry is generated for each compliance issue. +This can result in a significant amount of data, which is why verbose output is disabled by default. + +You must have a rule that alerts on compliance issues for an entry to be written to syslog. +It might just be the __Default - alert all components__ rule, or another custom rule. +This option does not simply log all compliance issues irrespective of the rules that are in place. + +Example image compliance issue: + +[source,console] +---- + Jul 30 22:18:53 user-root Twistlock-Console[1]: + time="2019-07-30T22:18:53.23838464Z" + type="image_scan" + log_type="containerCompliance" + compliance_id="41" + severity="high" + description="(CIS_Docker_CE_v1.1.0 - 4.1) Image should be created with a non-root user" + rule="Default - ignore Prisma Cloud components" + host="user-root.c.cto-sandbox.internal" + image_id="sha256:a92d9a54137dccb6f78161d4468b21ae4bebe4fc3c772845253a2f8d80a5df08" + image_name="twistlock/private:defender_19_03_311" +---- + +Example container compliance issue: + +[source,console] +---- + Jul 30 22:22:56 user-root Twistlock-Console[1]: + time="2019-07-30T22:22:56.871490132Z" + type="container_scan" + log_type="containerCompliance" + compliance_id="526" + severity="medium" + description="(CIS_Docker_CE_v1.1.0 - 5.26) Check container health at runtime" + rule="Default - alert on critical and high" + host="user-root.c.cto-sandbox.internal" + container_id="22b745b2220f3f128a1cf57d2ffff328a02ba380930ebf83fca9f26d4d2b8aa4" + container_name="serene_cray" +---- + +Example host compliance issue: + +[source,console] +---- + Jul 30 22:09:53 user-root Twistlock-Console[1]: + time="2019-07-30T22:09:53.390585517Z" + type="host_scan" + log_type="compliance" + compliance_id="6518" + severity="high" + description="(CIS_Linux_1.1.0 - 5.1.8) Ensure at/cron is restricted to authorized users" + rule="Default - alert on critical and high" + host="user-root.c.cto-sandbox.internal" +---- + +[.section] +==== Individual vulnerability issues + +Records a vulnerability finding. +These messages are tagged with __log_type="vulnerability"__, and are generated as a byproduct of image scans, host scans, and registry scans. + +Vulnerability issues are only recorded when *Detailed output for vulnerabilities and compliance* is enabled in *Manage > Alerts > Logging*. + +A syslog entry is generated for each vulnerability for each package. +This can result in a significant amount of data, which is why verbose output is disabled by default. + +For example, consider a rule that raises an alert when vulnerabilities of medium severity or higher are found in an image. +If there are eleven packages that violate this rule, there will be eleven syslog entries, one for each package. + +You must have a rule that alerts on vulnerabilities for an entry to be written to syslog. +It might just be the __Default - alert all components__ rule, or another custom rule. +This option does not simply log all vulnerability data irrespective of the rules that are in place. + +Example image vulnerability issue: + +[source,console] +---- + May 24 07:31:02 user-root Twistlock-Console[1]: + time="2022-05-24T07:31:02.757191008Z" + type="ci_image_scan" + log_type="vulnerability" + vulnerability_id="49" + description="Image contains vulnerable Node.js components" + cve="CVE-2016-10707" + severity="high" + cvss="7" + package="jquery" + package_version="2.1.4" + vendor_status="fixed in 3.0.0" + publish_date="1516318140" + fix_date="1516627962" + package_path="/usr/local/lib/python2.7/site-packages/django/contrib/admin/static/admin/js/vendor/jquery" + layer="RUN pip install -r /api/requirements.txt" + link="https://nvd.nist.gov/vuln/detail/CVE-2016-10707" + image_id="sha256:59f0b6868fc6be4deb1f221a281973f03860a3700b0080d605f1c2de82a8605a" + image_name="mapseed/api:release-1.7.0" + collections="All" +---- + +Example registry image vulnerability issue: + +[source,console] +---- + Jul 30 22:03:56 user-root Twistlock-Console[1]: + time="2019-07-30T22:03:56.930640366Z" + type="registry_scan" + log_type="vulnerability" + vulnerability_id="410" + description="Image contains vulnerable Python components" + cve="CVE-2019-11236" + severity="medium" + package="urllib3" + package_version="1.24.1" + vendor_status="fixed in 1.24.3" + rule="test" + host="user-root.c.cto-sandbox.internal" + image_id="sha256:11cd0b38bc3ceb958ffb2f9bd70be3fb317ce7d255c8a4c3f4af30e298aa1aab" + image_name="user/internal:tag7" +---- + +Example host vulnerability issue: + +[source,console] +---- + Jul 30 22:09:53 user-root Twistlock-Console[1]: + time="2019-07-30T22:09:53.390181271Z" + type="host_scan" + log_type="vulnerability" + vulnerability_id="46" + description="Image contains vulnerable OS packages" + cve="CVE-2017-8845" + severity="low" + package="lzo2" + package_version="2.08-1.2" + vendor_status="deferred" + rule="Default - alert all components" host="user-root.c.cto-sandbox.internal" +---- + +endif::compute_edition[] + + +[.section] +==== Admin activity + +Changes to any settings (including previous and new values), changes to any rules (create, modify, or delete), and all logon activity (success and failure) are logged. +For every event, both the user name and source IP are captured. + +Example admin activity audit: + +[source,console] +---- + Jul 30 21:58:16 user-root Twistlock-Console[1]: + time="2019-07-30T21:58:16.80522678Z" + type="management_audit" + log_type="login" + username="user" + source_ip="137.83.195.96" + api="/api/v1/authenticate" + status="successful login attempt" +---- + +=== Defender events + +Defender syslog messages are tagged as _Twistlock-Defender_ in logs. +The data emitted to syslog and stdout is exactly the same. + +[NOTE] +==== +App-embedded, Serverless, and Windows Defenders do not support Syslog. +==== + +[.section] +==== Defender syslog event types + +The following table describes each event type and sub-type. + +[cols="15%,25%,60%", options="header"] +|=== +|Syslog Type |Sub Type |Description + +|container_runtime_audit +|-- +|This represents a Container Runtime Audit. Details of Audit type is listed as subtype below. + +|-- +|processes +|This represents a Container process runtime audit. + +|-- +|network +|This represents a Container network runtime audit. + +|-- +|filesystem +|This represents a Container filesystem runtime audit. + +|host_activity_audit +|-- +|This represents a Host activity audit. + +|host_network_firewall_audit +|-- +|This represents a Host WAAS audit. + +|container_app_firewall_audit +| +|This represents a Container WAAS audit. + +|host_runtime_audit +|-- +|This represents a Host Runtime Audit. Each audit type is listed as subtype below. + +|-- +|processes +|This represents a Host process runtime audit. + +|-- +|network +|This represents a Host network runtime audit. + +|-- +|kubernetes +|This represents a Host Kubernetes runtime audit. + +|-- +|filesystem +|This represents a Host filesystem runtime audit. + +|incident +|-- +|This represents an Incident. Host and Container incidents are differentiated by "host" or "container_id". + +|=== + +[.section] +==== Container runtime audit + +Activity that breaches your runtime rules or the automatically generated allow lists in your models generates audits. +The _log_type_ field specifies the runtime sensor that detected the anomaly (filesystem, processes. syscalls, or network). + +Example container runtime audit: The following process audit shows that busybox was unexpectedly launched, and an alert was raised. + +[source,console] +---- + Jul 30 22:41:25 user-root Twistlock-Defender[13460]: + time="2019-07-30T22:41:25.448709847Z" + type="container_runtime_audit" + container_id="73c2e8267f9b80ea152403c36c377476d24e43e211bb098300a317b3d1c472e4" + container_name="/dreamy_rosalind" image_id="sha256:94e814e2efa8845d95b2112d54497fbad173e45121ce9255b93401392f538499" + image_name="ubuntu:18.04" + effect="alert" + msg="High rate of reg file access events, reporting aggregation started; + last event: /usr/lib/apt/methods/gpgv wrote a suspicious file to /tmp/apt.conf.2ZH7tP. + Command: /usr/lib/apt/methods/gpgv" + log_type="filesystem" + custom_labels="io.kubernetes.pod.namespace:default" + account_id="prisma-cloud-compute" + cluster="cluster1" +---- + +[.section] +==== Host runtime audit + +Activity that breaches your runtime rules or the automatically generated allow lists in your host services models generates audits. + +Example host runtime audit: + +[source,console] +---- + Jul 30 22:47:12 user-root Twistlock-Defender[13460]: + time="2019-07-30T22:47:12.325487039Z" + type="host_runtime_audit" + service_name="ssh" + effect="alert" + msg="Outbound connection by /usr/lib/apt/methods/http to an unexpected port: 80 IP: 91.189.91.26. Low severity audit, event is automatically added to the runtime model" + log_type="network" + account_id="prisma-cloud-compute" + cluster="cluster1" +---- + +[.section] +==== Access audit + +Docker commands run on hosts protected by Defender. + +With user access events, you can determine who performed an action, and on which resource. + +For example: + +* [Bruce] [started container X] in the [DEV environment] (allowed). +* [Bruce] [stopped container Y] in the [PROD environment] (denied). + +All Docker commands issued to the Docker daemon are intercepted and inspected by Defender to determine if they comply with the policy set in Console. + +The following diagram illustrates how Defender operates on the management plane: + +. Bruce, a developer, issues a command, docker -H. + +. Defender checks the command against the policies defined in the Console. +If the command is allowed, Defender forwards it to the Docker daemon for execution. +If the command is denied, the user is notified. + +. An event is recorded in syslog. + +image::syslog_integration_554971.png[width=500] + +Access audits have the following fields: + +* type=access_audit +* user=[String] Identity of the person who ran the command +* action=[String] Docker command requested - API invoked +* action_type=[String] Action type +* allow=[Boolean] true/false - Action was allowed or not. +* rule=[String] Rule matched + +Example: + +[source,console] +---- + Jul 30 23:02:23 user-root Twistlock-Defender[13460]: + time="2019-07-30T23:02:23.179494498Z" + type="access_audit" + user="user" + action="docker_ping" + action_type="docker" + allow="true" + rule="Default - allow all" +---- + +[.section] +==== App firewall audit (WAAS) + +All events associated with WAAS (Web-Application and API Security) rules for container, hosts and app-embedded generate audits. + +NOTE: WAAS serverless events are not registered in the syslog. Events audits will be registered to the syslog in future releases. + +NOTE: WAAS Container and Host rule audits are written to the Defender host's syslog. WAAS App-Embedded rule audits are written to the console's host's syslog. + +Message fields for WAAS audit would change based on the deployment type as follows: + +.Container Deployment +- *container_id=[String]* Container id in which the event triggered +- *container_name=[String]* Container name on which the action was performed +- *image_name=[String]* Image name on which the action was performed +- *custom_labels=[String]* User-defined Alert Labels (*Mange > Alerts > Alert Labels*) +- *cluster=[String]* Cluster name in which the event triggered + +.Host Deployment +- *hostname=[String]* host in which the event triggered +- *cluster=[String]* Cluster name in which the event triggered + +.App Embedded Deployment +- *app_id=[String]* app_id in which the event triggered + +.All Deployments +- *time=[String]* request timestamp +- *type=[String]* type of app_firewall_audit +- *effect=[String]* "alert", "prevent", "ban" +- *msg=[String]* Audit message detailing the event +- *log_type=[String]* Attack Type +- *source_ip=[String]* source IP address from the request originated +- *source_country=[String]* country associated with source IP address +- *connecting_ips=[CSV]* list of IPs included in the _X-Forwarded-For_ header +- *request_method=[String]* HTTP Request Method +- *request_user_agents=[String]* user-agent string parsed from the ``User-Agent`` header +- *request_host=[String]* HTTP hostname in the request +- *request_url=[String]* request url +- *request_path=[String]* request path +- *request_query=[String]* request query string +- *request_header_names=[String]* ordered list of HTTP request headers +- *response_header_names=[String]* ordered list of HTTP response headers +- *status_code=[String]* HTTP response status code in the server response + +In addition, message structure is subject for the following changes: + +- Fields containing empty values are omitted from the message i.e. if a HTTP message does not contain a query field the request_query field will not be present in the message. +- *connecting_ips* - present only if `X-Forwarded-For` Header is present in the request. +- *status_code* - present only for audits created for the "Track Server Error Response Codes" and "Detect Information Leakage" protections +- *response_header_names* - present only for audits created for the "Track Server Error Response Codes" and "Detect Information Leakage" protections. +- *source_country* - present only if resolution was successful. +- *container_name* - will be replaced by *host_id* or *function_id* + + +Example: + +[source,console] +---- + Jul 16 20:10:16 cnaf-nightly-build Twistlock-Defender[1947]: + time="2020-07-16T20:10:16.706085135Z" + type="container_app_firewall_audit" + container_id="0a16b4e4dbefc6ef8cc6a08d038e775a8523ad053416730f01eafbf2dee2e693" + container_name="/nginx" + image_name="nginx:latest" + effect="prevent" + msg="Client exceeded violations within 1m. Banning client for 5m" + log_type="violations exceeded" + source_ip="12.34.56.78" + source_country="IL" + connecting_ips="11.22.33.44" + request_method="HEAD" + request_user_agents="curl/7.54.0" + request_host="www.example.com" + request_url="www.example.com/?id=../etc/passwd" + request_path="/" + request_query="id=../etc/passwd" + request_header_names="X-Forwarded-For,User-Agent,Accept" + response_header_names="Set-Cookie,Date,Content-Type,Content-Length X-Frame-Options" + status_code="404" +---- + +[.section] +==== Process activity audit + +Records all processes spawned in a container. + +Process audits are only recorded when *Detailed output of all runtime process activity* is enabled in *Manage > Alerts > Logging*. + +Note that process activity that breaches your runtime policy is separately audited. +For more information, see the container runtime audit section. + +This audit has the following fields: + +* type=process +* pid=Process ID +* path=Path to the executable in the container file system +* interactive=Whether the process was spawned from a shell session: true or false +* container-id=Container ID + +Example: This audit shows that busybox was spawned in the container with ID 8c5b3fe0037d. + +[source,console] +---- + Jul 30 22:06:03 user-root Twistlock-Defender[13460]: + time="2019-07-30T22:06:03.515319204Z" + type="process" + pid="20859" + path="/bin/df" + interactive="false" + container_id="3491b03544a51c60e176e54a5077161f14dbc850bf069cf7a096db028e9981de" +---- + +[.section] +==== Incidents + +Incidents are logical groupings of events, related by context, that reveal known attack patterns. + +Example container incident: + +[source,console] +---- + Jul 30 22:41:24 user-root Twistlock-Defender[13460]: + time="2019-07-30T22:41:24.987209676Z" + type="incident" + container_id="73c2e8267f9b80ea152403c36c377476d24e43e211bb098300a317b3d1c472e4" + image_name="ubuntu:18.04" + host="user-root.c.cto-sandbox.internal" + incident_category="hijackedProcess" + custom_labels="io.kubernetes.pod.namespace:default" + account_id="prisma-cloud-compute" + cluster="cluster1" +---- + +Example host incident: + +[source,console] +---- + Mar 5 00:26:42 user-root Twistlock-Defender[22797]: + time="2018-03-05T00:26:42.894707831+02:00" + type="incident" + service_name="http-service" + host="user-root" + incident_category="serviceViolation" + audit_ids="5a9c72a223d020590de74db5" + account_id="prisma-cloud-compute" + cluster="cluster1" +---- + +=== Rate limiters + +Depending on your configuration, Prisma Cloud can produce a lot of logs, especially in environments with many hosts, images, and containers. +By default, most syslog daemons throttle logging with a rate limiter. + +If you have a large environment (hundreds of Defenders with tens of images per host) AND you have configured Prisma Cloud for verbose syslog output, you will need to tune the rate limiter. +Otherwise, you might find that logs are missing. + +For example, on RHEL 7, you must tune both systemd-journald's `RateLimitInterval` and `RateLimitBurst` settings and rsyslog's `imjournalRatelimitInterval` and `imjournalRatelimitBurst` settings. +For more information about RedHat settings, see +https://access.redhat.com/solutions/1417483[How to disable log rate-limiting in Red Hat Enterprise Linux 7]. + + +=== Truncated log messages + +Very long syslog events can get truncated. +For example, changing settings in Console generates management_audits events, which show a diff between old settings and new settings. +For policies changes, the diff can be big. +Linux log managers limit the number of characters logged per line, and so long messages, such as management audits, can be truncated. + +If you've got truncated log messages, increase the log manager's default string size limit. +There are several types log managers, but rsyslog is popular with most distributions. +For rsyslog, the default log string size is 1024 characters per line. +To increase it, open _/etc/rsyslog.conf_ and set the maximum message size: + +[source,console] +---- + $MaxMessageSize 20k +---- \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/audit/prometheus.adoc b/docs/en/compute-edition/32/admin-guide/audit/prometheus.adoc new file mode 100644 index 0000000000..76c7c9db29 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/prometheus.adoc @@ -0,0 +1,393 @@ +== Prometheus + +Prometheus is a monitoring platform that scrapes the published endpoints of targets to collect their metrics. +You can configure Prisma Cloud to be a Prometheus target. + +You can use Prometheus to monitor time series data across your environment and show high-level, dashboard-like, stats to visualize trends and changes. +Prisma Cloud's instrumentation lets you track metrics such as the total number of connected Defenders and the total number of container images in your environment that your Defenders protect. + +=== Metrics + +Metrics are a core Prometheus concept. +Instrumented systems expose metrics. +Prometheus stores the metrics in its time-series database, and makes them easily available to query to understand how systems behave over time. + +Prisma Cloud has two types of metrics: + +* Counters: +Single monotonically increasing values. +A counter's value can only increase or be reset to zero. + +* Gauges: +Single numerical values that can arbitrarily go up or down. + +==== Prisma Cloud metrics + +All Prisma Cloud metrics are listed in the following table. +Vulnerability and compliance metrics are updated every 24 hours. +The rest of the metrics are updated every 10 minutes. + +The *vulnerabilities* and *compliance* metrics report the number of many entities, for example images, containers, or hosts, that are at risk by the highest severity issue impacting them. +The *images_critical_vulnerabilities* is not the total count of critical vulnerabilities in the images in your environment. +It is the total count of images where the highest severity CVE is critical. +For a thorough explanation of this type of metric, see xref:../vulnerability-management/vuln-explorer.adoc#roll-ups[Vulnerability Explorer]. + +[cols="25%,15%,60%", options="header"] +|=== +|Metric |Type |Description + +|totalDefenders +|Gauge +|Total number of Defenders connected to Console. +Connected and disconnected Defenders can be reviewed in Console under *Manage > Defenders > Manage*. + +|activeDefenders +|Gauge +|Total number of all Defenders for which a license is allocated, regardless of whether it is currently connected to Console or not. + +|images_critical_vulnerabilities +|Gauge +|Total number of containers impacted by critical vulnerabilities. + +|images_high_vulnerabilities +|Gauge +|Total number of containers impacted by high vulnerabilities. + +|images_medium_vulnerabilities +|Gauge +|Total number of containers impacted by medium vulnerabilities. + +|images_low_vulnerabilities +|Gauge +|Total number of containers impacted by low vulnerabilities. + +|hosts_critical_vulnerabilities +|Gauge +|Total number of hosts impacted by critical vulnerabilities. + +|hosts_high_vulnerabilities +|Gauge +|Total number of hosts impacted by high vulnerabilities. + +|hosts_medium_vulnerabilities +|Gauge +|Total number of hosts impacted by medium vulnerabilities. + +|hosts_low_vulnerabilities +|Gauge +|Total number of hosts impacted by low vulnerabilities. + +|serverless_critical_vulnerabilities +|Gauge +|Total number of serverless functions impacted by critical vulnerabilities. + +|serverless_high_vulnerabilities +|Gauge +|Total number of serverless functions impacted by high vulnerabilities. + +|serverless_medium_vulnerabilities +|Gauge +|Total number of serverless functions impacted by medium vulnerabilities. + +|serverless_low_vulnerabilities +|Gauge +|Total number of serverless functions impacted by low vulnerabilities. + +|images_critical_compliance +|Gauge +|Total number of images impacted by critical compliance issues. + +|images_high_compliance +|Gauge +|Total number of images impacted by high compliance issues. + +|images_medium_compliance +|Gauge +|Total number of images impacted by medium compliance issues. + +|images_low_compliance +|Gauge +|Total number of images impacted by low compliance issues. + +|containers_critical_compliance +|Gauge +|Total number of containers impacted by critical compliance issues. + +|containers_high_compliance +|Gauge +|Total number of containers impacted by high compliance issues. + +|containers_medium_compliance +|Gauge +|Total number of containers impacted by medium compliance issues. + +|containers_low_compliance +|Gauge +|Total number of containers impacted by low compliance issues. + +|hosts_critical_compliance +|Gauge +|Total number of hosts impacted by critical compliance issues. + +|hosts_high_compliance +|Gauge +|Total number of hosts impacted by high compliance issues. + +|hosts_medium_compliance +|Gauge +|Total number of hosts impacted by medium compliance issues. + +|hosts_low_compliance +|Gauge +|Total number of hosts impacted by low compliance issues. + +|serverless_critical_compliance +|Gauge +|Total number of serverless functions impacted by critical compliance issues. + +|serverless_high_compliance +|Gauge +|Total number of serverless functions impacted by high compliance issues. + +|serverless_medium_compliance +|Gauge +|Total number of serverless functions impacted by medium compliance issues. + +|serverless_low_compliance +|Gauge +|Total number of serverless functions impacted by low compliance issues. + +|active_app_firewalls +|Gauge +|Total number of active app firewalls (WAAS). + +|app_firewall_events +|Gauge +|Total number of app firewall (WAAS) events. + +|protected_containers +|Gauge +|Total number of protected containers. + +|container_runtime_events +|Gauge +|Total number of container runtime events. + +|host_runtime_events +|Gauge +|Total number of host runtime events. + +|access_events +|Gauge +|Total number of access events. + +|registry_images +|Gauge +|The total number of registry images scanned. + +|container_active_incidents +|Gauge +|The total number of container active incidents. + +|container_archived_incidents +|Gauge +|The total number of container archived incidents. + +|host_active_incidents +|Gauge +|The total number of host active incidents. + +|host_archived_incidents +|Gauge +|The total number of host archived incidents. + +|incident_snapshots +|Gauge +|The total number of incident snapshots on the console. + +|incident_snapshots_size_mb Gauge The size in MB of incident snapshots +|backups +|Gauge +|The total backups stored in a system. + +|ci_image_scan_results +|Gauge +|The total number of CI scanning results in the Prisma Cloud Console. + +|tenant_project_connectivity +|Gauge +|For tenant projects, returns 1 if the tenant project is connected to the main console. + +|compliance_rules_consumed_collections +|Gauge +|The total number of collections consumed by compliance rules. + +|vulnerability_rules_consumed_collections +|Gauge +|The total number of collections consumed by vulnerability rules. + +|runtime_rules_consumed_collections +|Gauge +|The total number of collections consumed by runtime rules. + +|api_requests +|Counter +|Total number of requests to the Prisma Cloud API. + +|defender_events +|Counter +|Total number of events sent by all Defenders to Console. + +|=== + + +[.task] +=== Integrate Prisma Cloud with Prometheus + +The Prometheus server scrapes endpoints at configurable time intervals. +Regardless of the value you set for the Prometheus scrape interval, new Prisma Cloud data is only available at the following refresh rates. + +* Vulnerability and compliance data is refreshed every 24 hours. +* All other data is refreshed every 10 minutes. + +This procedure shows how to complete the following tasks. + +. Enable the Prometheus integration. +. Configure the Prisma Cloud scrape. +. Start a Prometheus server running in a container. + +If you already have a Prometheus server in your environment, you only need to enable the integration and configure the scrape. + +[.procedure] +. Enable the Prometheus integration. + +.. Log into Prisma Cloud Console. + +.. Go to *Manage > Alerts > Logging*. + +.. Set *Prometheus instrumentation* to *Enabled*. + +. Prepare a scrape configuration file for the Prometheus server. + +.. Create a new `prometheus.yml` file, and open it for editing. + +.. Enter the following configuration fields. ++ +[source,yaml] +---- +global: + scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. + evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. + +# Prisma Cloud scrape configuration. +scrape_configs: + - job_name: 'twistlock' + static_configs: + - targets: ['CONSOLE_ADDRESS:8083'] + metrics_path: /api/v1/metrics + basic_auth: + username: 'USER' + password: 'PASS' +---- ++ +* Replace `CONSOLE_ADDRESS` with the DNS name or IP address for Prisma Cloud Console. +* Replace `USER` with a Prisma Cloud user, which has the minimum role of *Auditor*. +* Replace `PASS` with that Prisma Cloud user's password. + +. Start the Prometheus server with the scrape configuration file. ++ +[source,bash] +---- +$ docker run \ + --rm \ + --network=host \ + -p 9090:9090 \ + -v /PATH_TO_YML/prometheus.yml:/etc/prometheus/prometheus.yml \ + prom/prometheus +---- + +. Go to \http://:9090/targets to validate that the Prisma Cloud integration is properly set up. ++ +image::prometheus_target_up.png[width=800] ++ +[NOTE] +==== +To get results immediately for testing, restart the prisma Cloud Console. +If you are using the PCEE, wait 10 minutes for the first refresh window to elapse. +==== + +ifdef::compute_edition[] +=== Use Prometheus with Projects + +If you want to use Prometheus with xref:../deployment-patterns/projects.adoc[projects], modify the scrape configuration file with an additional job for each Prisma Cloud Console. + +If you are using tenant projects, enable Prometheus instrumentation in both the Central and Supervisor Consoles. + +The following listing shows an example configuration that scrapes the following Prisma Cloud Consoles. + +* A central Prisma Cloud Console. +* A supervisor Prisma Cloud Console for a tenant project. + +[source,yaml] +---- +global: + scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. + evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. + +# Prisma Cloud scrape configuration. +scrape_configs: + - job_name: 'Central Console' + static_configs: + - targets: [CONSOLE_ADDRESS:8083] + metrics_path: /api/v1/metrics + basic_auth: + username: 'USER01' + password: 'PASS01' + - job_name: 'Tenant Console' + static_configs: + - targets: [CONSOLE_ADDRESS:8083] + metrics_path: /api/v1/metrics + scheme: http + params: + project: [TENANT_PROJECT_NAME] + basic_auth: + username: 'USER02' + password: 'PASS02' +---- + +The configuration uses the following fields. + +* `CONSOLE_ADDRESS` -- DNS name or IP address for your central Prisma Cloud Console +* `USER01` -- Prisma Cloud user with access to central Prisma Cloud Console +* `PASS01` -- `USER01`'s password +* `USER02` -- Prisma Cloud user with access to the tenant project +* `PASS02` -- `USER02`'s password +* `TENANT_PROJECT_NAME` -- name of the tenant project + +[NOTE] +==== +The value in job_name does not need to match anything else. +You can set it to anything. +==== + +endif::compute_edition[] + + +[.task] +=== Create a simple graph + +Create a graph that shows the number of deployed Defenders. + +[.procedure] +. Go to \http://:9090/graph + +. Click *Add Graph*. + +. In the drop-down list, select *twistlock_total_defenders*. + +. Click *Execute*. +In the *Console* tab, you see the value for total number of Defenders connected to the Prisma Cloud Console. + +. Open the *Graph* tab to see a visual representation of how the number of Defenders has changed over time. ++ +image::prometheus_simple_graph.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/audit/throttling.adoc b/docs/en/compute-edition/32/admin-guide/audit/throttling.adoc new file mode 100644 index 0000000000..11e4d35346 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/audit/throttling.adoc @@ -0,0 +1,50 @@ +== Throttling audits + +When your runtime models aren't completely tuned, you can get a barrage of false positives. +It's difficult for operators to parse through so many audits, especially when most of it is noise. +And the volume and rate of audits can degrade your system. + +To address the problem, Console presents a cross-section of the most important audits, while dropping redundant audits. +Prisma Cloud collects, collates, and throttles audits on a per-profile (model) basis, with a maximum of 100 audits per profile, sorted by recency. +Every audit is categorized by Type and Attack Type, where a Type can have one or more Attack Types. +For example, the Network Type has the following Attack Types (not a complete list): + +[cols="15%,25%,60%", options="header"] +|=== +|Type |Attack Type |Description + +|Network +|Feed DNS +|DNS query of a high risk domain based on data in the Intelligence Stream. + +|Network +|Unexpected Listening Port +|Container process is listening on an unexpected port. + +|Network +|etc. +|etc. + +|=== + +When there's a large number of incoming audits, Prisma Cloud temporarily applies throttling. +When more than five audits of the same Attack Type are received over a short period of time, those audits are dropped. +A running count of all audits (dropped and not dropped) is updated periodically. +If no audits are received after a grace period, throttling is disabled. +Throttling is reset every 24 hours. +That is, if throttling is applied for all day 0, and five audits of a given attack have already been received, then no new audits for that Attack Type are displayed for 24 hours. +At the 24 hour period mark, throttling is disabled, and any new audits are collected, collated, and presented, until throttling is reapplied. + +Throttling is applied to audits in the following systems: + +* *Monitor > Events > Container Audits* +* *Monitor > Events > Host Audits* +* *Monitor > Events > Cloud Native App Firewall* +* *Monitor > Events > WAAS for Hosts* + +Note that a comprehensive list of audits can always be found in the Defender logs. +If syslog and/or stdout integration is enabled, all audits are always emitted there too. +Finally, if you set up alerts on all container runtime rules, you'll get all audits to your alert channel; nothing is dropped or throttled. + +Finally, if audits are being throttled, it's a symptom of a larger issue. +You should tune your runtime models. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/access-keys.adoc b/docs/en/compute-edition/32/admin-guide/authentication/access-keys.adoc new file mode 100644 index 0000000000..71031737e9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/access-keys.adoc @@ -0,0 +1,153 @@ +== Access keys + +Prisma Cloud keys are required to access twistcli and the Compute API. +They're also required to set up the Jenkins plugin. + +IMPORTANT: It's critical that access keys are provisioned with the minimum permissions required for the job. + +Prisma Cloud Enterprise has two major security modules: + +* Cloud Security Posture Management (CSPM) -- Ensures continuous, correct, and compliant configuration of your resources in the public cloud. +* Cloud Workload Protection Platform (CWPP) -- Provides consistent visibility and control for physical machines, virtual machines, containers and serverless workloads, regardless of location, and protects the workloads they run from attacks. + +The CSPM module is accessed through Prisma Cloud's main interface (outer management interface). +The CWPP module is accessed through the *Compute* tab (inner management interface, also known as Prisma Cloud Compute, or just Compute). +User management, such as integrating single sign-on, setting up custom roles, and creating access keys, is handled by the outer interface. + +image::prisma_cloud_mgmt_interfaces.png[width=800] + +The RBAC models for the Prisma Cloud outer interface (CSPM) and Prisma Cloud inner interface (CWPP) have different design goals. +The CSPM RBAC model controls who has access by cloud accounts. +The CWPP RBAC model controls who has access by Compute functionality and views (e.g. who can set and see policy, who can set and see global settings, how to segment views/data, and so on). +For example, Assigned Collections let you segment views by namespace. + +When you create an access key in Prisma Cloud (outer interface), the system automatically xref:../authentication/prisma-cloud-user-roles.adoc[maps] the key to one of the Prisma Cloud Compute roles. + +image::prisma_cloud_role_mapping.png[width=800] + +It's critical that keys created for automated workflows are properly privileged on both sides. + + +[.section] +=== Scanning in the CI/CD pipeline + +When integrating the Jenkins plugin or twistcli into your CI/CD pipeline, configure a key with the CI User role on the Compute side. +The scanner authenticates to the Compute Console’s API to assess vulnerability and compliance data. +The CI User role is purpose-built for this use case. +Its also the least privileged role in the system, with no access to the Console UI. + +[.section] +=== Compute API + +For other automated workflows, consult the Compute API documentation. +The documentation specifies the minimum role required to access each endpoint. + + +[.task] +=== Provisioning access keys + +When provisioning access keys for Compute workflows, first create a user with the appropriate Prisma Cloud role. +Then log into Prisma Cloud as the limited user and create an access key. + +[.procedure] +. Log into Prisma Cloud with a user that has the System Admin role. ++ +Only System Admins can manage users. + +. Create a very limited role in Prisma Cloud that can't do anything except log into Prisma Cloud. ++ +It will have read-only permissions with no access to any cloud account. +This role will be assigned to your service account. + +.. In Prisma Cloud, go to *Settings > Roles*. + +.. Click *Add New*. + +.. In *Name*, enter an identifier, such as *compute-svc-acct-role*. + +.. In *Permissions Group*, select *Account Group Read Only*. + +.. Select at least one Account Group. + +.. Click *Save*. + +. Create a service account. + +.. In Prisma Cloud, go to *Settings > Users*. + +.. Click *Add New*. + +.. Enter a *First Name*, *Last Name*, and *Email*. + +.. In *Assign Role*, select *compute-svc-acct-role*. + +.. Select *Allow user to create API Access Keys* + +.. Click *Save*. + +. (Optional) Allow your service account to authenticate directly with Prisma Cloud. ++ +If you have integrated Prisma Cloud with a directory service, creating a new user in your underlying auth provider can be tedious in some enterprise environments. +Prisma Cloud lets select users authenticate directly with Prisma Cloud using their email and a password that's registered separately after the user account is created. + +.. In Prisma Cloud, go to *Settings > SSO*. + +.. Enable *Allow select users to authenticate directly with Prisma Cloud*. + +.. In *Users*, select the email address you configured for your service account. + +.. Click *Save*. + +. Log out of Prisma Cloud. + +. Log back into Prisma Cloud using your newly created service account. ++ +If you're bypassing SSO, click *Forgot Password* to set a password. + +. Create an access key for your service account. + +.. Go to *Settings > Access Keys*. + +.. Click *Add New*. + +.. In *Name*, enter *compute-svc-acct-key*. + +.. Set the expiration date based on use case. + +.. Click *Create*. + +.. Save your access key ID and secret key in a safe place. ++ +image::access_keys_list.png[width=800] + + +[.task] +=== Verify your access key + +After provisioning your key, you can test that it can access the Compute API. +Both the Jenkins plugin and twistcli wrap the API, so hitting the API directly lets you validate that your key has the proper permissions. + +The path to the Compute Console API, whether you interface with it directly (e.g. curl) or indirectly (Jenkins, twistcli) is published in Compute Console itself. +Get it from *Compute > Manage > System > Utilities*. + +image::access_keys_path_to_console.png[width=800] + + +[.procedure] +. Get the path to your Console. + +.. Go to *Compute > Manage > System > Utilities*. + +.. Under *Path to Console*, click *Copy*. + +. Access an endpoint for which your key is authorized. ++ +CI Users have permission to download the twistcli binary from the API, so this is a good test when setting up your CI pipeline. +You can authenticate to the API using basic auth. +For the username and password, specify the access key ID and secret key respectively. +Both of these were generated for you when you first created the key. ++ + $ curl -k \ + -u + -o twistcli + /api/v1/util/twistcli diff --git a/docs/en/compute-edition/32/admin-guide/authentication/active-directory.adoc b/docs/en/compute-edition/32/admin-guide/authentication/active-directory.adoc new file mode 100644 index 0000000000..b2ec0af607 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/active-directory.adoc @@ -0,0 +1,143 @@ +== Integrate with Active Directory + +Prisma Cloud can integrate with Active Directory (AD), an enterprise identity directory service. + +NOTE: If your AD environment uses alternative UPN suffixes (also referred to as explicit UPNs), see xref:../authentication/non-default-upn-suffixes.adoc[Non-default UPN suffixes] to understand how to use them with Prisma Cloud. + +NOTE: LDAP group names are case sensitive in Prisma Cloud. + +With AD integration, you can reuse the identities and groups centrally defined in Active Directory, and extend your organization’s access control policy to manage the data users can see and the things they can do in the Prisma Cloud Console. + +For more information about Prisma Cloud's built-in roles, see xref:../authentication/user-roles.adoc[User Roles]. + + +=== Configuration options + +The following configuration options are available: + +[cols="25%,75%a", options="header"] +|=== +|Configuration option +|Description + +|Enabled +|Enables or disables integration with Active Directory. + +In Console, use the slider to enable (ON) or disable (OFF) integration with AD. + +By default, integration with AD is disabled. + +|URL +|Specifies the path to your LDAP server, such as an Active Directory Domain Controller. + +The format for the LDAP server path is: + +://: + Where can be ldap or ldaps. + For an Active Directory Global Catalog server, use ldap. + +For performance and redundancy, use a load balanced path. + +Example: +ldap://ldapserver.example.com:3268 + +|Search Base +|Specifies the search query base path for retrieving users from the directory. + +Example: +dc=example,dc=com + +|User identifier +|User name format when authenticating + +sAMAccountName = DOMAIN\sAMAccountName + +userPrincipalName = user@ad.example.com + +NOTE: The Active Directory domain name must be provided when using sAMAccountName due to domain trust behavior. + +|Account UPN +| +Console +Account UPN Specifies the username for the Prisma Cloud service account that has been set up to query Active Directory. + +Specify the username with the User Principal Name (UPN) format: + +@ + +Example: +twistlock_service@example.com + +|Account Password +|Specifies the password for the Prisma Cloud service account. + +|=== + + +[.task] +=== Integrating Active Directory + +Integrate Active Directory after you have installed Prisma Cloud. + +[.procedure] +. Open Console, then go to *Manage > Authentication > Identity Providers*. + +. Set *Integrate LDAP users and groups with Prisma Cloud* to *Enabled*. + +. Specify all the parameters for connecting to your Active Directory service. + +.. For *Authentication* type, select *Active Directory*. + +.. In *Path to LDAP service*, specify the path to your LDAP server. ++ +For example: `ldap://ldapserver.example.com:3268` + +.. In *Search Base*, specify the base path to the subtree that contains your users. ++ +For example: `dc=example,dc=com` + +.. In Service Account UPN and Service Account Password, specify the credentials for your service account. ++ +Specify the username in UPN format: @ ++ +For example, the account UPN format would be: `twistlock_service@example.com` + +.. If you connect to Active Directory with ldaps, paste your CA certificate (PEM format) in the CA Certificate field. ++ +This enables Prisma Cloud to validate the LDAPS certificate to prevent spoofing and man- in-the-middle attacks. +If this field is left blank, Prisma Cloud will not perform validation of the LDAPS certificate. + +. Click *Save*. + + +[.task] +=== Adding Active Directory group to Prisma Cloud + +To grant authentication to users in an Active Directory group, add the AD group to Prisma Cloud. + +[.procedure] +. Navigate to *Manage > Authentication > Groups* and click *Add group*. + +. In the dialog, enter AD group name and select *LDAP group*. ++ +image::ldap_group.png[width=500] + +. Grant a xref:../authentication/user-roles.adoc[role] to members of the group. + + +[.task] +=== Verifying integration with Active Directory + +Verify the integration with AD. + +[.procedure] +. Open Console. + +. If you are logged into Console, log out. ++ +image::logout.png[width=200] + +. At Console's login page, enter the UPN and password of an existing Active Directory user. ++ +If the log in is successful, you are directed to the view appropriate for the user's role. + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/assign-roles.adoc b/docs/en/compute-edition/32/admin-guide/authentication/assign-roles.adoc new file mode 100644 index 0000000000..b1dc89b4aa --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/assign-roles.adoc @@ -0,0 +1,414 @@ +== Assign roles + +ifdef::compute_edition[] + +After creating a user or group, you can assign a xref:../authentication/user-roles.adoc[role] to it. +Roles determine the level of access to Prisma Cloud’s data and settings. + +Prisma Cloud supports two types of users and groups: + +* Centrally managed users and groups, defined in your organization’s directory service. +With directory services such as Active Directory, OpenLDAP, and SAML providers, you can re-use the identities set up in these systems. +* Prisma Cloud users and groups, created and managed from Console. +For centrally managed users groups, roles can be assigned after you integrate your directory service with Prisma Cloud. +Roles can be assigned to individual users or to groups. +When you assign a role to a group, all members of the group inherit the role. +Managing role assignments at the group level is considered a best practice. +Groups provide an easier way to manage a large user base, and simpler foundation for building your access control policies. + +For Prisma Cloud users and groups, roles are assigned at the user level when the user is created. +When you create a Prisma Cloud group, you add Prisma Cloud users to it. +Users in this type of group always retain the role they were assigned when they were created. + + +[.task] +=== Assigning roles to Prisma Cloud users + +If you do not have a directory service, such as Active Directory (AD) or Lightweight Directory Access Protocol (LDAP), Prisma Cloud lets you create and manage your own users and groups. +When you create a Prisma Cloud user, you can assign it a role, which determines its level of access. + +To create a user and assign it a role: + +[.procedure] +. Open Console, and log in with your admin credentials. + +. Go to *Manage > Authentication > Users*. + +. Click *Add user*. + +.. Enter a username. + +.. Enter a password. + +.. Assign a role. + +.. Click *Save*. + + +[.task] +=== Assigning roles to Prisma Cloud groups + +Collecting users into groups makes it easier to manage your access control rules. + +NOTE: Each user in the group retains his own role to prevent erroneous privilege escalation. + +To create a Prisma Cloud group and add users to it: + +[.procedure] +. Open Console and log in with your admin credentials. + +. Go to *Manage > Authentication > Groups*. + +. Click *Add group*. + +.. Enter a name for your group. + +.. In the drop down list, select a user. + +.. Click *+*. + +.. Repeat steps b to c until your group contains all the members you want. + +.. Click *Save: + + +[.task] +=== Assigning roles to AD/OpenLDAP/SAML users + +By default, AD/OpenLDAP/SAML users have the very basic Access User role. +You can grant users a different level of access to Console by assigning them roles. + +NOTE: If a user is a part of an AD, OpenLDAP, or SAML group, and you have assigned a role to the group, the user inherits the group's role. + +*Prerequisites:* You have integrated Prisma Cloud with Active Directory, OpenLDAP, or SAML. + +[.procedure] +. Open Console. + +. Log in with your admin credentials. + +. Go to *Manage > Authentication > Users*. + +. Click *Add user*. + +.. Enter the username for the user whose role you want to set. +For example, if you have integrated Prisma Cloud with Active Directory, enter a UPN. + +.. In the *Role* drop-down menu, select a role. + +.. Click *Save*. + + +[.task] +=== Assigning roles to AD/OpenLDAP/SAML groups + +You can assign an AD/OpenLDAP/SAML group a role. +Members of the group inherit the group’s role. +When a user from a group tries to access a resource protected by Prisma Cloud, Prisma Cloud resolves the member’s role on the fly. + +[NOTE] +==== +If a user is assigned multiple system roles, either directly or through group inheritance, then the user is granted the rights of the highest role. +If a user is assigned both system and custom roles, then the user will be randomly granted the rights of one of the roles. + +For example, assume Bruce is part of GroupA and GroupB in Active Directory. +In Console, you assign the Administrator role to GroupA and the Auditor role to GroupB. +When Bruce logs into Prisma Cloud, he will have Administrator rights. +==== + +The following procedure shows you how to assign a role to an existing AD/OpenLDAP/SAML group: + +*Prerequisites:* You have integrated Prisma Cloud with Active Directory, OpenLDAP, or SAML. + +[.procedure] +. Open Console, and log in with your admin credentials. + +. Go to *Manage > Authentication > Groups*. + +. Click *Add group*. + +.. Specify the name of the group. It should match the group name specified in your directory service. + +.. Check LDAP group. + +.. Select a role. + +.. Click *Save*. + +endif::compute_edition[] + +ifdef::prisma_cloud[] + +After creating a user or group, you can assign roles to it. +Roles determine the level of access to Prisma Cloud’s data and settings. + +=== Creating and Assigning roles to Compute Users in Prisma Cloud + +There are a set of permissions that can be applied to a role while creating it. + +image::saas_assign_roles_role.png[width=600] + + +==== Permission Group and Advanced Options + +Each of the permission groups in platform are mapped to Compute User roles. +For more information see xref:../authentication/prisma-cloud-user-roles.adoc[Prisma Cloud User Roles mapping]. + + +==== Account Groups + +* You can assign onboarded cloud accounts in Prisma Cloud for RBAC access to Compute resources. + +* Starting in Hamilton release, you can type "Account IDs" as string in the *Non-Onboarded Account IDs* field to give RBAC access to data in Compute from accounts that are not onboarded in Prisma Cloud. + +* The following Account group consists of some onboarded cloud accounts and an additional account with ID "gcp-prod". ++ +image::saas_assign_roles_accountgroup.png[width=600] ++ +NOTE: A wildcard for this textbox will be treated as "All" accounts regardless of onboarded or not, where account ID metadata is available. This doesn't apply to Windows Defenders or other environments where cloud account metadata is not available. + + +[.task] +==== Resource Lists + +Starting in Hamilton release, you can assign Resource lists with type *Compute Access Groups* in conjunction with Account Groups to Compute users. + +These lists provide a light-weight mechanism to provision least-privilege access to the resources in your environment. + +You can assign these to specific users and groups to limit their view of data and resources in the Compute Console. + +NOTE: Some entities like CI functions aren’t updated with new Compute Access group lists. Only the lists matched during the time of the scan. + +NOTE: These lists define an "and" relationship between resources, so creating a Compute access group with `functions: myfuncs*` and `images: myImages*` will match with nothing because a function doesn't contain an image and an image doesn't include a function. + +[.procedure] +. Open Prisma Cloud Console, and log in with your admin credentials. + +. Go to *Settings > Resource Lists*. + +. Click *Add Resource List*. + +.. Select *Compute Access Group*. + +.. In the Add Resource List dialog, enter a name, description, and then specify a filter to target specific resources. + +... For example, the access group named 'Compute production hosts only' here gives access to Compute resources filtered on hosts where host name starts with 'production'. ++ +image::saas_assign_roles_resourcelist.png[width=600] ++ +For more information on syntax that can be used in the filter fields (e.g., containers, images, hosts, etc), see xref:../configure/rule-ordering-pattern-matching.adoc#[Rule ordering and pattern matching]. ++ +NOTE: Individual filters on each field in Compute Access group aren't applicable to all views. +For example, a group created with only functions won't include any resources when viewing hosts results. +Similarly, a group created with hosts won't filter images by hosts when viewing image results. + + +[.task] +==== Assigning Roles to User + +Use a combination of the above fields to assign created roles to users + +IMPORTANT: If a role allows access to policies, users with this role will be able to see all rules under the Defend section, even if the user’s view of the environment is restricted by assigned Compute Access Groups. + +[.procedure] +. Navigate to *Settings > Users*. + +. Add new user or search for an existing user. + +. Assign role(s) to the user. When a role contains multiple Compute Access groups, the effective scope is the union of each individual query. ++ +image::saas_assign_roles_user.png[width=400] ++ +NOTE: Changes to a user's Compute access group takes affect at login. +For an active session, newly created Compute Access groups are synced with Compute Console every 30 minutes. + + +=== Limitations + +Different views in Console are filtered by different resource types. + +If a Compute Access group specifies resources that are unrelated to the view, Access by this list returns an empty result. + +[cols="20%,20%,60%a", options="header"] +|=== +|Section |View |Supported resources in collection + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Images +|Images, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Registry images +|Images, Hosts (of the scanner host), Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Containers +|Images, Containers, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Hosts +|Hosts, Clusters, Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|VM images +|VM images (under Images), Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Functions +|Functions, Cloud Account IDs, Labels + +|Monitor/Vulnerabilities +|Code repositories +|Code repositories + +|Monitor/Vulnerabilities +|VMware Tanzu blobstore +|Hosts (of the scanner host), Cloud Account IDs + +|Monitor/Vulnerabilities +|Vulnerability Explorer +|Images, Hosts, Clusters, Labels, Functions, Cloud Account IDs + +|Monitor/Compliance +|Cloud Discovery +|Cloud Account IDs + +|Monitor/Compliance +|Compliance Explorer +|Images, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Monitor/Events +|Container audits +|Images, Containers, Namespaces, Clusters, Container Deployment Labels (under Labels), Cloud Account IDs. +(Cluster collections are not currently able to filter some events such as container audits, specifically.) + +|Monitor/Events +|WAAS for Containers +|Images, Namespaces, Cloud Account IDs + +|Monitor/Events +|Trust Audits +|Images, Clusters, Cloud Account IDs + +|Monitor/Events +|Admission Audits +|Namespaces, Clusters, Cloud Account IDs + +|Monitor/Events +|Docker Audits +|Images, Containers, Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|App Embedded audits +|App IDs (App Embedded), Cloud Account IDs + +|Monitor/Events +|WAAS for App-Embedded +|App IDs (App Embedded), Cloud Account IDs + +|Monitor/Events +|Host audits +|Hosts, Clusters, Labels, Cloud Account IDs + +|Monitor/Events +|WAAS for Hosts +|Hosts, Cloud Account IDs + +|Monitor/Events +|Host Log Inspection +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|Host File Integrity +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|Host Activities +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|Serverless audits +|Functions, Labels + +|Monitor/Events +|WAAS for Serverless +|Functions, Labels + +|Monitor/Runtime +|Container incidents +|Images, Containers, Hosts, Namespaces, Clusters, Cloud Account IDs + +|Monitor/Runtime +|Host incidents +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Runtime +|Serverless incidents +|Functions, Labels + +|Monitor/Runtime +|App Embedded incidents +|App IDs (App Embedded), Cloud Account IDs + +|Monitor/Runtime +|Container models +|Images, Namespaces, Clusters, Cloud Account IDs + +|Monitor/Runtime +|Host Observations +|Hosts, Clusters, AWS tags (under Labels), OS tags (under Labels), Cloud Account IDs + +|Monitor/Runtime +|Image analysis sandbox +|Images, Labels + +|Radar +|Containers Radar +|Images, Containers, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Radar +|Hosts Radar +|Hosts, Clusters, AWS tags (under Labels), OS tags (under Labels), Cloud Account IDs + +|Radar +|Serverless Radar +|Functions, Cloud Account IDs, Labels + +|Manage +|Defenders +|Hosts, Clusters, Cloud Account IDs + +|=== + +After Compute Access groups are created or updated, there are some views that require a rescan before you can see the change: + +* Deployed Images vulnerabilities and compliance views +* Registry Images vulnerabilities and compliance views +* Code repositories vulnerabilities view +* Trusted images +* Cloud Discovery +* Vulnerability Explorer +* Compliance Explorer + +After Compute Access groups are created or updated, there are some views that are affected by the change only for future records. +These views include historical records that keep their collections from creation time: + +* Images and Functions CI results view +* Events views +* Incidents view +* Image analysis sandbox results view + + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/authentication/authentication.adoc b/docs/en/compute-edition/32/admin-guide/authentication/authentication.adoc new file mode 100644 index 0000000000..274386cbe1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/authentication.adoc @@ -0,0 +1,14 @@ +== Authentication + +Prisma Cloud provides broad enterprise identity support. +It can integrate with a number of identity providers, including Active Directory, OpenLDAP, Ping, Okta, Shibboleth, Azure AD, and Google G Suite, so you can implement single sign-on for the Prisma Cloud Console. +Prisma Cloud supports simultaneous integration with multiple identity providers. +For example, you might want to integrate with both Okta and GitHub to support users that login from both platforms. + +Prisma Cloud ships with prebuilt roles to provide least privilege access to your DevOps and security teams. +Use assigned collections to precisely control what data teams can view or use built-in multi-tenancy to securely isolate entire business units or geographies within the same Console. + +Pluggable cryptography lets you bring your own certificates, not just for TLS, but also for smart card authentication to Console. + +A credentials store providers a single secure location to store service accounts for integration with the various cloud providers. +Define them once in the credentials store, and then reuse them throughout Console for your various integrations. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/aws-credentials.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/aws-credentials.adoc new file mode 100644 index 0000000000..9f7038dc36 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/aws-credentials.adoc @@ -0,0 +1,156 @@ +[#aws-credentials] +== Amazon Web Services (AWS) Credentials + +Prisma Cloud lets you authenticate with AWS using the following credentials. + +* IAM users using access keys. +* IAM roles. +* Security Token Service (STS): Recommended when using IAM users. + +[#aws-iam-users] +=== AWS IAM users + +In AWS, an IAM user is an identity that represents a person or service. +You create IAM users to allow that person or service to interact with AWS. + +Access keys are long-term credentials for IAM users. +Access keys consist of two parts: an access key ID and a secret access key. +IAM users must use both the access key ID and secret access key together to authenticate requests with AWS. + +The Prisma Cloud credentials store can save the access keys of your IAM users. +To create a new credential in the store complete these steps. +. Select the *AWS* type and *Access Key* subtype. +. Enter the access key ID and the secret access key. + +image::credentials_store_aws_access_key.png[width=600] + +[NOTE] +==== +The AWS best practice is to rotate your keys every 90 days. Prisma Cloud raises an alert if the added credentials are over 90 days old. +If you use IAM users, rotate your keys at least every 90 days. +==== + +[#aws-iam-roles] +=== AWS IAM roles + +If you need to use temporary security credentials, you should use IAM roles instead of IAM users. + +IAM roles and IAM users are identities associated to permission policies. +A permission policy determines what an identity can and cannot do in AWS. +IAM roles don't use access keys as credentials and are not unique to a person or service. +Any IAM user can assume a role when needed to temporarily acquire the permissions to carry out a specific task. + +IAM roles solve the problem of how to securely manage and distribute credentials. +For example, how do you distribute credentials to new EC2 instances created by an auto scaling group? +How do you rotate credentials on EC2 instances in a cluster? +Instead of creating and distributing credentials, you can delegate permission to call the AWS API as follows: + +. Create an IAM role. + +. Specify the AWS service (e.g. EC2) that can assume the role. + +. Specify the API actions and resources Prisma Cloud can use after assuming the role. + +. Specify the role when you launch the service. + +. Prisma Cloud retrieves a set of temporary credentials and uses them as needed. + +Prisma Cloud ships with a default credential called *IAM Role*. +Assuming you've created an IAM role in AWS, configured trust (who can use the role), permission policy (what the role can do), and launched the service with the role, Prisma Cloud can acquire the temporary credentials it needs to carry out its work. +Each feature in Prisma Cloud has documentation which describes permission policy it requires. + +image::credentials_store_default_iam_role.png[width=800] + +==== How Prisma Cloud accesses IAM role credentials + +Roles provide a way to grant credentials to applications that run on EC2 instances to access other AWS services, such as ECR. +IAM dynamically provides temporary credentials to the EC2 instances, and these credentials are automatically rotated for you. + +This section shows how Prisma Cloud Defender gets credentials to scan the ECR registry when its running on an EC2 instance with a correctly configured IAM role. +The mechanism is similar for other services where Prisma Cloud might run. + +When you create an EC2 instance, you can assign it a role. +When the instance is started, the AWS instance metadata service (IMDS) attaches your credentials to the running EC2 instance. +You can access this metadata from within the instance using the following command: + +[source] +---- +curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ +{ +"Code" : "Success", +"LastUpdated" : "2017-06-29T06:12:29Z", +"Type" : "AWS-HMAC", +"AccessKeyId" : "ASIA...", +"SecretAccessKey" : "3VI...", +"Token" : "dzE...", +"Expiration" : "2017-06-29T12:16:54Z" +} +---- + +Where `` is assigned to the EC2 instance when it is created or at some point during its life. + +The following diagram shows all the pieces. +Defender retrieves the credentials from the metadata service, then uses those credentials to retrieve and scan the container images in ECR. + +image::credentials_store_scan_ecr_iam_role.png[width=500] + + +[#aws-security-token-service-sts] +=== AWS Security Token Service (STS) + +AWS Security Token Service (STS) lets you request temporary, limited-privilege credentials for AWS IAM users or users that you authenticate (federated users). + +Per the AWS Well-Architected Framework, this method is a recommended best practice when using IAM users. +With STS, you don't have to distribute long-term AWS credentials (access keys) to places like the Prisma Cloud credentials store. +Also, the temporary credentials have a limited life span, so you don't have to rotate or revoke them when they're no longer needed. + +When you configure integration with an AWS resource, you can pick an AWS credential from the central store, then use STS to change the role of the account. +AWS STS lets you have a few number of IAM identities that can be used across many AWS accounts. +For example, if you were setting up Prisma Cloud to scan an AWS ECR registry, you would select the AWS credentials from the central store. +Then you would enable *Use AWS STS*, and enter the name of the STS role to assume in the target account. + +When using AWS STS, ensure the following: + +* The policy of the IAM user you use as credentials has *sts:AssumeRole* permission on the IAM role you're going to assume. +Sample policy: ++ +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "sts:AssumeRole", + "Resource": "arn:aws:iam::123456789123:role/stsIAMrole" + } + ] +} +---- + +* The IAM role you're going to assume has the IAM user mentioned above configured as a trusted entity. +Sample trusted entity policy: ++ +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::123456789123:user/prismaUser" + }, + "Action": "sts:AssumeRole" + } + ] +} +---- + +The following diagram shows the relationship between an IAM user, a permissions policy, and an assumed role. +By default, the IAM user has no permissions. +The permissions policy allows ready-only access to the ECR registry. +The role brings everything together. +It specifies the trust relationship (who is allowed to assume the role, also known as the principal), it grants to ability for the principal to assume roles (sts:AssumeRole), and it declares what the role can do when it assumed by a principal (permission policy). + +image::credentials_store_aws_sts_relationships.png[width=600] diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/azure-credentials.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/azure-credentials.adoc new file mode 100644 index 0000000000..55ad8cc4e1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/azure-credentials.adoc @@ -0,0 +1,121 @@ +[#azure-credentials] +== Azure Credentials + +This section discusses Azure credentials. + +[.task] +=== Authenticate with Azure using a certificate + +You can authenticate with Azure using a certificate as a secret. +As with password authentication, the certificate is stored with the Azure service principal. +For more information, see the Microsoft docs https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#use-with-certificate[here]. + +[.procedure] +. Log into Compute Console. + +. Go to *Manage > Cloud accounts* + +. Click *Add account*. + +. In *Select cloud provider*, choose *Azure*. + +. Enter a name for the credential. + +. In *Subtype*, select *Certificate*. + +. In *Certificate*, enter your service principal's certificate in PEM format. ++ +The certificate must include the private key. +Concatenate public cert with private key (e.g., cat client-cert.pem client-key.pem). + +. Enter a tenant ID. + +. Enter a client ID. + +. Enter a subscription ID. + +. Click *Next*. + +. In *Scan account*, disable *Agentless scanning*. + +. Click *Next*. + +. Click *Add account*. + +. Validate the credential. ++ +Your Azure credential is now available to be used in the various integration points in the product, including registry scanning, serverless function scanning, and so on. +If authentication with a certificate is supported, it's shown in the credential drop-down in the setup dialog. +For example, the following screenshot shows the setup dialog for scanning Azure Container Registry: ++ +image::cloud_accounts_acr_scanning.png[width=700] ++ +After setting up your integrations, you can review how and where the credential is being used by going to *Manage > Authentication > Credentials store* and clicking on the credential. ++ +image::cloud_accounts_cred_usage.png[width=700] + + +[#azure-service-principal] +[.task] +=== Create an Azure Service Principal + +Create an Azure Service Principal so that Prisma Cloud Console can scan your Azure tenant for microservices. +To get a service key: + +[.procedure] +. Download and https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[install the Azure CLI]. + +. Create a service principal and configure its access to Azure resources. + + $ az ad sp create-for-rbac \ + --name -twistlock-azure-cloud-discovery- \ + --role \ + --scopes /subscriptions/ \ + --json-auth ++ +NOTE: '--sdk-auth' has been deprecated and will be removed in a future release. Starting from Azure CLI versions `2.51.0` use `--json-auth` instead. ++ +The *--role* value depends upon the type of scanning: ++ +* contributor = Cloud Discovery + Azure Container Registry Scanning + Azure Function Apps Scanning +* reader = Cloud Discovery + Azure Container Registry Scanning + +. Copy the output of the command and save it to a text file. +You will use the output as the *Service Key* when creating an Azure credential. ++ +[source,json] +---- +{ + "clientId": "bc968c1e-67g3-4ba5-8d05-f807abb54a57", + "clientSecret": "5ce0f4ec-5291-42f8-gbe3-90bb3f42ba14", + "subscriptionId": "ae01981e-e1bf-49ec-ad81-80rf157a944e", + "tenantId": "d189c61b-6c27-41d3-9749-ca5c9cc4a622", + "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", + "resourceManagerEndpointUrl": "https://management.azure.com/", + "activeDirectoryGraphResourceId": "https://graph.windows.net/", + "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", + "galleryEndpointUrl": "https://gallery.azure.com/", + "managementEndpointUrl": "https://management.core.windows.net/" +} +---- + + +[.task] +=== Storing the credential in Prisma Cloud + +Store the service principal's credentials in Console so that Prisma Cloud can authenticate with Azure for scanning. + +[.procedure] +. Open Console, and go to *Manage > Authentication > Credentials Store*. + +. Click *Add credential*, and enter the following values: + +.. Enter a descriptive *Name* for the credential. + +.. In the *Type* field, select *Azure*. + +.. Enter the *Service Key*. ++ +Copy and paste the contents of the text file you saved earlier when you created the service principal. + +.. *Save* your changes. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/credentials-store.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/credentials-store.adoc new file mode 100644 index 0000000000..160fb455cd --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/credentials-store.adoc @@ -0,0 +1,24 @@ +== Credentials Store + +Your container environments can use many third party services across multiple cloud providers. +To improve accessibility and reusability, Prisma Cloud manages all credentials in a central encrypted store. +Prisma Cloud uses these credentials for the following integrations. + +* Scanning container registries, serverless functions, and others. +* Alerting in third party services such as email, Slack, ServiceNow, and others. +* Deploying and managing Defender DaemonSets from the Prisma Cloud Console UI. +* Injecting secrets from secret stores into containers at runtime. + +The following diagram shows the architecture of the the credentials store. + +image::credentials_store_arch.png[width=700] + +To access the credential store, go to *Manage > Authentication > Credentials Store*. +If credentials are in use, you can't delete them. +To see where credentials are used, click on an entry in the credentials store table, and review the *Usages* list. + +image::credentials_store_usage.png[width=600] + +To refresh a credential's values, you don't need to delete and set up the integration again. +If an integration uses a credential, and you edit its parameters, for example the username or password, etc. +Prisma Cloud propagates the new values automatically to the right places in the product. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/gcp-credentials.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/gcp-credentials.adoc new file mode 100644 index 0000000000..1aa5b941fc --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/gcp-credentials.adoc @@ -0,0 +1,81 @@ +[#gcp-credentials] +== Google Cloud Platform (GCP) Credentials + +Accessing GCP to scan resources can be done in one of two ways. You can make use of a service account and create a key for that account or you can use an API Key. Google recommends that you use a service account with a key and we document that here. More information is available here https://cloud.google.com/docs/authentication/api-keys. + +[NOTE] +==== +On GCP, use of onboarded accounts for organizations is not supported. To use organization credentials, you must create credentials using the *GCP* type and the *Organization* credential level in Compute instead of going to *Settings > Cloud Accounts*. +==== + +[.task] +=== Creating a service account + +Create a service account that Prisma Cloud can use to scan your resources in GCP. The permissions the service account should have depend on the features you plan to use the credentials for. For the specific permissions, see the dedicated article of each feature (e.g. xref:../../vulnerability-management/registry-scanning/scan-gcr.adoc[Google Container Registry scanning]). + +[.procedure] +. Google provide a comprehensive guide for creating a service account - https://cloud.google.com/iam/docs/creating-managing-service-accounts + +. Create a key for this service account. The format of this key should be JSON. Google have a guide for this - https://cloud.google.com/iam/docs/creating-managing-service-account-keys + +. Copy the contents of the downloaded key, here is an example: + ++ +[source,json] +---- +{ + "type": "service_account", + "project_id": "mycompany-project", + "private_key_id": "abe29475a09fb22e709fdc622306a714e17cqd1c", + "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFBBSCBKgwggSkAgEAAoIBAQCyBJgPechqsXAK\nTaz1y77AGqei47IbgWegRq8JqqoQGERhBX8X41otaRNUIn7fpTdH/JjRfJ0wyduz\nn6TLmeMz+d/yIZBtztujJ4KoGTS0yTybtcKWKg254upri6RIcMS3ArNXsNtSwLQx\nicVDCI3uDKLuNyawmLf1BiHLwWZK8bOUe5thd3J9UXc+B+dL9JRYyz1Iq+X/Nz1w\n7D3TPXfy54Hg39rDRrx0bK0E+AIRMA5vPFmGrWlYn6HyltOxCU/D5NUrExRo3aug\nsIvQgGE3QYLU4a5n9jsWPbjSGI+EH/+zZ1fze5pk6rprlvKtbvygJSFGpdsjS4EX\nbFgPVYGJAgMBAAECggEABu9fIaY1yLNIKTyYrvwsnpUDQBkk/oWSbQfn6IVfqfAa\nFNoHFx4GLLP12u6bmPiZoFoutWWIhaatgpBG9iAU/fi/cNI+K0r2W0MuJ8CQoTTg\nQbQpZBp4Daxxg7ZNVH2hKjyGklVbW/xSIMZsWwXNqq8PF17qaNGQRBFEtoh+pM94\nJ23ZKIW5muF+5Svz4wLLS7VMtbl/XrM9eCepVQNzQ701A67VQa1Z8KIot5IeQ0d2\njnHJn6XgaDe/IKuP8ClXnCUwo/GbChCtctP0BpTeaTSOUrc1O7ntgFBGYxiSmgZ0\n13x43XkuYaycyZEycKEOaa9U+k1KrcFZ/CDQdv+AUQKBgQD25mVWFxQdhFqF12vu\nEhz0jRjLbre+V3UgOYJObmKMdM6iH+NQ9CNeFIn8qgHgOK7pHEgjcLvAv4ZgECin\n1XtMNAFGRREGuzovvzQKwBGAEz8PovI2gkITqmcSQ7xzcGyY1Xm1mthpqkoWFe5c\nk253fYhMjuITTXisYv8LBl5XGQKBgQC4lER2AmTSvLe+4sulTeDEocMsP+G4j/A1\neS1mG5e5YGUtuWgIdfNKUn1YG5uX3ERZVeCdRO7B/osQ4uAeJ1SIS3Zvw5QVtS/s\nFOJa1UJ/nxGAA8vApjRgJkLyRbf/yoxsRlCQkQJcRd1SO9DRlCSWdSW1CpIpauiN\nfZZW3iD78QKBgQCWW7Lk3cMjQqH6FjmlTySRDYhHA1MkuI1fFga0Cuc7EDtyYicF\n+te7CJkL5OClkv95+P45jwLYHAsSX2TDE3o16wnHqHH4/nYt86wWy+ccbxwdQqds\n6KCi50hDyDpwtst7u62WGgmnN8xMbOivOh2w6SLjNyQ0ix5tJRCavzMeqQKBgQCu\nYvajf/N93urDIEdC8Gcxn5tkTR6XXvaVrt0joWIhtF8jag5OIBIx3+m55rywJ100\nAhzquVvSUQlWdONF2ebVtmY5hdB9Cegy5jBNnTrslH7WMb/pTZ4iUUPi3dfPhbBS\nA8TOMRLH1wIZVYYe3BYNSLTNbSVWmDkKpOLLQ6ZqIQKBgA0rkqfzz0MIij58OugB\nFyv8UWvy+hYR15EvIFOl5jXomVl199x+XHQGiwV6cXGmGcii7eC7vXSmnjxILMEA\nD4Odwi9vmyJXOtIT1WlVj/faLrpKfunZEphYnrtRASuDzzU4cTbeElhfLOqkJEA4\nK4CCBhjL3UX8Z9FbJJz7mYoX\n-----END PRIVATE KEY-----\n", + "client_email": "mycompany-service-svc@mycompany-project.iam.gserviceaccount.com", + "client_id": "120957099362691824155", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/mycompany-service-svc%40mycompany-project.iam.gserviceaccount.com" +} +---- + +[.task] +=== Storing the Credential in Prisma Cloud + +Complete these steps to store your GCP credential in Prisma Cloud. + +[.procedure] +. Open Console, and go to *Manage > Authentication > Credentials Store*. + +. Click *Add credential*, and enter the following values: + +.. In the *Name* field, enter a label to identify the credential. + +.. In the *Type* field, select *GCP*. + +.. In the *Credential level* field, select *Project* or *Organization*. When using project-level credentials, Prisma Cloud scans the resources of a single project. With organization-level credentials, Prisma Cloud will find and scan all the projects in the organization. ++ +The service account permissions should fit the credentials level. Use *Project* with service accounts that have permissions to a single project. Use *Organization* with service accounts that have permissions to an organization or multiple projects. ++ +When using organization-level credentials, the service account you use should be defined for a single organization. Credentials for multiple organizations with the same service account are not supported. ++ +NOTE: Organization-level credentials are not supported for xref:../../install/deploy-defender/serverless/auto-defend-serverless.adoc[Serverless auto-defend], xref:../../install/deploy-defender/host/auto-defend-host.adoc[Host auto-defend], and xref:../../alerts/google-cloud-pub-sub.adoc[Google Cloud Pub/Sub alerts]. ++ +[NOTE] +==== +When using organization-level credentials, the performance of several features may be affected if the organization includes a large number of projects. +For specific information and guidelines see: + +* xref:../../vulnerability-management/registry-scanning/scan-gcr.adoc[Google Container Registry scanning] +* xref:../../install/deploy-defender/orchestrator/install-gke.adoc[Managed Defender DaemonSet deployment for GKE]. +ifdef::compute_edition[] +* xref:~/cloud-service-providers/cloud-accounts-discovery-pcce.adoc[Cloud Discovery] +endif::compute_edition[] +ifdef::prisma_cloud[] +* xref:~/cloud-service-providers/cloud-accounts-discovery-pcee.adoc[Cloud Discovery] +endif::prisma_cloud[] +==== + +.. In the *Service Account* field, copy and paste the entire JSON key that you downloaded. + +.. Leave the *API token* blank + +.. Click *Save*. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/gitlab-credentials.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/gitlab-credentials.adoc new file mode 100644 index 0000000000..ba55858cea --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/gitlab-credentials.adoc @@ -0,0 +1,28 @@ +[#gitlab-credentials] +== GitLab Credentials + +Prisma Cloud lets you authenticate with GitLab using Basic authentication and Personal Access Token. + +[.task] +=== Create GitLab Credentials using API token + +*Prerequisite*: + +* Create a https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#personal-access-token-scopes[GitLab personal access token] with atleast the "read_api" scope. +* Copy and save the personal access token. + +[.procedure] + +. Go to *Compute > Manage > Authentication > Credentials store*. + +. Select *Add credential*. + +.. Enter a credential *Name*. + +.. Enter a *Description*. + +.. In *Type*, select *API token*. + +.. Enter the API *Access token* from GitLab that you saved in the prerequisite section. + +.. *Save* your changes. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/ibm-credentials.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/ibm-credentials.adoc new file mode 100644 index 0000000000..a614c43014 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/ibm-credentials.adoc @@ -0,0 +1,7 @@ +[#ibm-credentials] +== IBM Cloud Credentials + +Prisma Cloud integrates with IBM Cloud Security Advisor. +To enable the integration, you must provide credentials, which consist of an https://cloud.ibm.com/docs/account?topic=account-userapikey&interface=ui[Account GUID] and https://cloud.ibm.com/docs/account?topic=account-manapikey[API Key]. + +image::IBM_Credential.png[width=500] \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/kubernetes-credentials.adoc b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/kubernetes-credentials.adoc new file mode 100644 index 0000000000..95fb245dfb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/credentials-store/kubernetes-credentials.adoc @@ -0,0 +1,34 @@ +:topic_type: task +[#kubernetes-credentials] +[.task] +== Kubernetes Credentials + +Kubernetes stores cluster authentication information in a YAML file known as kubeconfig. +The kubeconfig file grants access to clients, such as kubectl, to run commands against the cluster. +By default, kubeconfig is stored in _$HOME/.kube/config_. + +Prisma Cloud uses the kubeconfig credential to deploy and upgrade Defender DaemonSets directly from the xref:../../install/deploy-defender/container/container.adoc[Console UI]. +If you plan to manage DaemonSets from the command line with kubectl, you don't need to create this type of credential. + +The user or service account in your kubeconfig must have permissions to create and delete the following resources: + +* ClusterRole +* ClusterRoleBinding +* DaemonSet +* Secret +* ServiceAccount + +// https://github.com/twistlock/twistlock/issues/14707 +NOTE: Prisma Cloud doesn't currently support kubeconfig credentials for Google Kubernetes Engine (GKE) or AWS Elastic Kubernetes Service(EKS). +The kubeconfig for these clusters require an external binary for authentication (specifically the Google Cloud SDK and aws-iam-authenticator, respectively), and Prisma Cloud Console doesn't ship with these binaries. + +[.procedure] +. Open Console, and go to *Manage > Authentication > Credentials Store*. + +. Click *Add credential*, and enter the following values: + +.. In *Name*, enter a label to identify the credential. + +.. In *Type* , select *Kubeconfig*. + +.. In *Kubeconfig*, paste the contents of your _kubeconfig_ file. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/identity-providers.adoc b/docs/en/compute-edition/32/admin-guide/authentication/identity-providers.adoc new file mode 100644 index 0000000000..ef8894f0ef --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/identity-providers.adoc @@ -0,0 +1,6 @@ +== Integrating with an IdP + +Prisma Cloud Compute can integrate with a number of identity providers (IdP). + +Integrating with an IdP lets you reuse the identities and groups already defined in the IdP. +From there, administrators can configure granular access control policies to the Prisma Cloud Compute UI and API, and users can access the system using their standard corporate credentials. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/login.adoc b/docs/en/compute-edition/32/admin-guide/authentication/login.adoc new file mode 100644 index 0000000000..267cfe94e4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/login.adoc @@ -0,0 +1,48 @@ +== Logging into Prisma Cloud + +Prisma Cloud Console supports multiple authentication methods. +Check with your administrator to see how sign-in has been implemented for your organization, then choose the appropriate method from the drop-down list. + +image::login.png[width=300] + +The options are: + +* *Local/ LDAP* -- +Users are evaluated against Console's database before the LDAP database. +By default, initial admin users are created in Console's local database, so choose this option when you're logging in with your first user. +If you integrate with a central identity provider, you can always delete the initial admin user, so that all users authenticate in compliance with your organization's policy (e.g., 2FA). ++ +If the same username exists in both databases, it's not possible to login with the LDAP user. + +* *SAML* -- +Security Assertion Markup Language (SAML) is an open standard that enables single sign-on. +Prisma Cloud supports all standard SAML 2.0 providers. + +* *OAuth* -- +Prisma Cloud currently supports GitHub and OpenShift for OAuth login. +For the OAuth login flow, Prisma Cloud gets permission from the user to query their information (username and email) from GitHub or OpenShift, and then checks the local database to determine if the user is authorized to access Prisma Cloud Console. +If so, Prisma Cloud issues a token to the user to access Console. + +* *OpenID Connect* -- +OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. +Prisma Cloud supports all standard OpenID Connect providers. + + +=== Login flow + +If you integrate Prisma Cloud with an identity provider (IdP), the user's identity is verified by the IdP, and the role is mapped in Prisma Cloud Console. + +If you don't want to integrate with an IdP, Prisma Cloud lets you create "local" users and groups, where the Console itself both authenticates and authorizes users. + +image::login_flow.png[width=700] + + +=== Direct login URL + +Direct login URLs are supported for SAML, OAuth and OIDC. +When you use the direct login URL, the client doesn't need the extra step of selecting an auth provider from the Prisma Cloud login page. + +Set type in the direct login URL: + + https://:/api/v1/authenticate/identity-redirect-url?type=&redirect=true + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/non-default-upn-suffixes.adoc b/docs/en/compute-edition/32/admin-guide/authentication/non-default-upn-suffixes.adoc new file mode 100644 index 0000000000..cd7f103f98 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/non-default-upn-suffixes.adoc @@ -0,0 +1,21 @@ +== Non-default UPN suffixes + +Active Directory allows administrators to https://technet.microsoft.com/en-us/library/cc772007(v=ws.11).aspx[specify custom UPN suffixes] that can be applied to user accounts. +The default UPN suffix for a user account is the Domain Name System (DNS) domain name of the domain that contains the user account. +Microsoft refers to this as the https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx[implicit UPN]. +Administrators may choose to add additional suffixes to shorten user names or provide consistent UPNs across a forest composed of multiple domains; these are known as explicit UPNs. + +For example, if a domain is named domain.directory.company.com, the default UPN suffix would be domain.directory.company.com and users could logon with username@domain.directory.company.com. +However, an admin may want to simplify this and provide an alternative UPN suffix like @company.com that would apply to all users across a forest. +Users could then logon with this explicit UPN of username@company.com instead. + +Within the directory service, the userPrincipalName attribute is updated to reflect whatever username + UPN suffix the administrator applies to a given account. +In Windows systems, the implicit UPN can be used in addition to whatever explicit UPN may be set. +However, for non-Windows LDAP systems, *the explicit UPN is the only valid UPN that can be used with the user object*. + +Thus, understanding the UPN assigned to a user account is critical to Prisma Cloud integration with Active Directory. +Even if the domain name and the search path may use one set of names (such as dc=domain,dc=directory,dc=company,dc=com in our above example), the actual (explicit) UPN must be used for all actions within Prisma Cloud, such as adding users to the system or logging on. +From our above example, this means that if the user in Active Directory has a UPN of username@domain.directory.company.com set on their account, this UPN must be used with Prisma Cloud. +Alternatively, if an Active Directory admin has set another UPN, such as username@company.com, that UPN must be used instead. + +Any attempts to use a UPN not directly found in the userPrincipalName field on the user object will result in 'user not found' errors. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/oauth2-github.adoc b/docs/en/compute-edition/32/admin-guide/authentication/oauth2-github.adoc new file mode 100644 index 0000000000..7f906ee749 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/oauth2-github.adoc @@ -0,0 +1,125 @@ +== Integrate Prisma Cloud with GitHub + +Prisma Cloud supports OAuth 2.0 as an authentication mechanism. +GitHub users can log into Prisma Cloud Console using GitHub as an OAuth 2.0 provider. + +Prisma Cloud supports the authorization code flow only. + +A CA certificate configured in *Manage > Authentication > System certificates > Certificate-based authentication to Console* is not supported in GitHub. + +[.task] +=== Configure Github as an OAuth provider + +Create an OAuth App in your GitHub organization so that users in the organization can log into Prisma Cloud using GitHub as an OAuth 2.0 provider. + +[.procedure] +. Log into GitHub as the organization owner. + +. Go to *Settings > Developer Settings > OAuth Apps*, and click *New OAuth App* (or *Register an application* if this is your first app). + +. In *Application name*, enter *Prisma Cloud*. + +. In *Homepage URL*, enter the URL for Prisma Cloud Console in the format \https://:. + +. In *Authorization callback URL*, enter \https://:/api/v1/authenticate/callback/oauth. + +. Click *Register application*. + +. Copy the *Client ID* and *Client Secret*, and set them aside setting up the integration with Prisma Cloud. ++ +image::oauth2_github_oauth_app.png[scale=60] + + +[.task] +=== Integrate Prisma Cloud with GitHub + +Set up the integration so that GitHub users from your organization can log into Prisma Cloud. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Authentication > Identity Providers > OAuth 2.0*. + +. Set *Integrate Oauth 2.0 users and groups with Prisma Cloud* to *Enabled*. + +. Set *Identity provider* to *GitHub*. + +. Set *Client ID* and *Client secret* to the values you copied from GitHub. + +. Set *Auth URL* to *\https://github.com/login/oauth/authorize*. + +. Set *Token URL* to *\https://github.com/login/oauth/access_token*. + +. Click *Save*. + + +[.task] +=== Prisma Cloud to GitHub user identity mappings + +Create a Prisma Cloud user for each GitHub user that should have access to Prisma Cloud. + +After the user is authenticated, Prisma Cloud uses the access token to query GitHub for the user’s information (user name, email). +The user information returned from GitHub is compared against the information in the Prisma Cloud Console database to determine if the user is authorized. +If so, a JWT token is returned. + +[.procedure] +. Go to *Manage > Authentication > Users*. + +. Click *Add User*. + +. Set *Username* to the GitHub user name. + +. Set *Auth method* to *OAuth*. + +. Select a xref:../authentication/user-roles.adoc[role] for the user. + +. Click *Save*. + +. Test logging into Prisma Cloud Console. + +.. Logout of Prisma Cloud. + +.. On the login page, select *OAuth*, and then click *Login*. ++ +image::oauth2_login.png[scale=60] + +.. Authorize the Prisma Cloud OAuth App to sign you in. ++ +image::oauth2_github_authorization.png[scale=60] + + +[.task] +==== Prisma Cloud group to GitHub organization mappings + +Use groups to streamline how Prisma Cloud roles are assigned to users. +When you use groups to assign roles, you don't have to create individual Prisma Cloud accounts for each user. + +Groups can be associated and authenticated with by multiple identity providers. + +[.procedure] +. Go to *Manage > Authentication > Groups*. + +. Click *Add Group*. + +. In *Name*, enter the GitHub organization. + +. In *Authentication method*, select *External Providers*. + +. In *Authentication Providers*, select *OAuth group*. + +. Select a xref:../authentication/user-roles.adoc[role] for the members of the organization. + +. Click *Save*. + +. Test logging into Prisma Cloud Console. + +.. Logout of Prisma Cloud. + +.. On the login page, select *OAuth*, and then click *Login*. ++ +image::oauth2_login.png[scale=60] + +.. Authorize the Prisma Cloud OAuth App to sign you in. ++ +image::oauth2_github_authorization.png[scale=60] + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/oauth2-openshift.adoc b/docs/en/compute-edition/32/admin-guide/authentication/oauth2-openshift.adoc new file mode 100644 index 0000000000..a09576416d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/oauth2-openshift.adoc @@ -0,0 +1,130 @@ +== Integrate Prisma Cloud with OpenShift + +OpenShift users can log into Prisma Cloud Console using OpenShift as an OAuth 2.0 provider. + +NOTE: Prisma Cloud currently supports OpenShift Platform versions 4.5 and older as an OAuth 2.0 provider. +We are working to add support for OpenShift versions 4.6 and later. + +The OpenShift master includes a built-in OAuth server. +You can integrate OpenShift authentication into Prisma Cloud. +When users attempt to access Prisma Cloud, which is a protected resource, they are redirected to authenticate with OpenShift. +After authenticating successfully, they are redirected back to Prisma Cloud Console with an OAuth token. +This token scopes what the user can do in OpenShift. +Prisma Cloud only needs the auth token to get the user's info (e.g. user name, email), and check the Prisma Cloud database to see if this user is authorized. +If so, Prisma Cloud creates a JWT token, with a xref:../authentication/user-roles.adoc[role] claim, to complete the authentication process to Console. +Roles are assigned based on users and group information specified in Console. + +The following diagram shows the login flow when the auth provider is LDAP. +With LDAP, users enter their credentials in Prisma Cloud Console, and Prisma authenticates with the LDAP server on the user's behalf. +With all other auth providers, Prisma isn't part of verifying the user credentials +Instead Prisma redirects the client to the auth provider for authentication. +Once the user successfully authenticates via the authentication provider, the client is redirected back to Prisma Cloud Console with an object (SAML assertion for SAML, JWT token for OIDC, Access token for OAuth 2.0) that proves a successful login or, in the OAuth 2.0 case, gives us access to the application to verify the user identity. + +image::oauth_openshift_flow.png[width=800] + +Prisma Cloud supports the authorization code flow only. + + +[.task] +=== Integrate Prisma Cloud with OpenShift + +Configure Prisma Cloud so that OpenShift users can log into Prisma Cloud with the same identity. + + +[.procedure] + +. In OpenShift, https://docs.openshift.com/container-platform/4.4/authentication/configuring-internal-oauth.html#oauth-register-additional-client_configuring-internal-oauth[register Prisma Cloud as an OAuth client]. +Set the redirect URL to: ++ +\https://:/api/v1/authenticate/callback/oauth. + +. Log into Prisma Cloud Console. + +. Go to *Manage > Authentication > Identity Providers > OAuth 2.0*. + +. Set *Integrate Oauth 2.0 users and groups with Prisma Cloud* to *Enabled*. + +. Set *Identity provider* to *OpenShift*. + +. Set *Client ID* to the *name* of the OAuth client you set up in OpenShift. + +. Set *Client secret* to the *secret* in the OAuth client you set up in OpenShift. + +. Set *Auth URL* to *\https://github.com/login/oauth/authorize*. + +. Set *Token URL* to *\https://github.com/login/oauth/access_token*. + +. In *User Info API URL*, enter the TCP endpoint for the OpenShift API server. +For example, *\https://openshift.default.svc.cluster.local*. + +. Click *Save*. + + +[.task] +=== Prisma Cloud to OpenShift user identity mappings + +Create a Prisma Cloud user for every OpenShift user that should have access to Prisma Cloud. + +After the user is authenticated, Prisma Cloud uses the access token to query OpenShift for the user's information (user name, email). +The user information returned from OpenShift is compared against the Prisma Cloud Console database to determine if the user is authorized. +If so, a JWT token is returned. + +[.procedure] +. Go to *Manage > Authentication > Users*. + +. Click *Add User*. + +. Set *Username* to the OpenShift user name. + +. Set *Auth method* to *OAuth*. + +. Select a xref:../authentication/user-roles.adoc[role] for the user. + +. Click *Save*. + +. Test logging into Prisma Cloud Console. + +.. Logout of Prisma Cloud. + +.. On the login page, select *OAuth*, and then click *Login*. ++ +image::oauth2_login.png[width=250] + +.. Authorize the Prisma Cloud OAuth App to sign you in. ++ +image::oauth2_github_authorization.png[width=500] + + +[.task] +==== Prisma Cloud to OpenShift group mappings + +Use groups to streamline how Prisma Cloud roles are assigned to users. +When you use groups to assign roles, you don't have to create individual Prisma Cloud accounts for each user. + +Groups can be associated and authenticated with by multiple identity providers. + +[.procedure] +. Go to *Manage > Authentication > Groups*. + +. Click *Add Group*. + +. In *Name*, enter an OpenShift group name. + +. In *Authentication method*, select *External Providers*. + +. In *Authentication Providers*, select *OAuth group*. + +. Select a xref:../authentication/user-roles.adoc[role] for the members of the group. + +. Click *Save*. + +. Test logging into Prisma Cloud Console. + +.. Logout of Prisma Cloud. + +.. On the login page, select *OAuth*, and then click *Login*. ++ +image::oauth2_login.png[width=250] + +.. Authorize the Prisma Cloud OAuth App to sign you in. + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/oidc.adoc b/docs/en/compute-edition/32/admin-guide/authentication/oidc.adoc new file mode 100644 index 0000000000..ecaa2898e4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/oidc.adoc @@ -0,0 +1,309 @@ +== Integrate Prisma Cloud with Open ID Connect + +OpenID Connect is a standard that extends OAuth 2.0 to add an identity layer. +Prisma Cloud supports integration with any standard Open ID Connect (OIDC) provider that implements both OpenID connect core and OpenID connect discovery. +Prisma Cloud supports the authorization code flow only. + +This page includes instructions to integrate with the following providers: + +* <> +* <> +* <> + +Use the *\https://:/api/v1/authenticate/callback/oidc* URL only to configure the integration between services. +The API is not included in https://pan.dev/compute/api/[our reference guide] because the URL is only enabled as a configuration value. + +[#pingone] +=== PingOne + +Integrate with PingOne. + +You need to configure Compute as an OIDC app. +When configuring your app: + +* The Start SSO URL must point to the *\https://:/callback* URL. +* The Redirect URI must point to the *\https://:/api/v1/authenticate/callback/oidc* URL. +* UserInfo must include `sub`, `idpid`, and `name`. +* All of the following scopes must be included for OpenID. + +** OpenID Connect (openid) +** OpenID profile +** OpenID Email +** OpenID address +** OpenID Phone +** Groups + +[.task] +==== Update Ping callback URL + +Update the callback URL. + +[.procedure] +. Log into the Ping web portal. + +. Click *Applications*, and then click the *OIDC* tab. + +. Click on the arrow button nest for your app. + +. Click on the pencil icon on the right side. + +. Click on *Authentication Flow*. + +. In *REDIRECT URIS*, enter the following URL to enable the service-to-service integration: ++ +*\https://:/api/v1/authenticate/callback/oidc*. + + +[.task] +==== Create new user and join to group + +[.procedure] +. In the Ping web portal, click *Users*, and then click the *Users* tab. + +. Click *Add users*, and choose the *Create New User* option. + +. Fill the fields for *Password*, *Username* (should be your email), *First Name*, *Last Name*, and *Email*. + +. In the *Membership* field, click *Add*, and choose a group. + +. Click *Save*. + +[#okta] +=== Okta + +Integrate with Okta. + +* Initiate Login URI (Okta) must point to *\https://:/callback*. +* Redirect URI must point to the *\https://:/api/v1/authenticate/callback/oidc* URL. +* UserInfo must include sub, idpid, name. +* Scopes: +** All of the following scopes must be included for OpenID: OpenID Connect (openid), OpenID profile, OpenID Email, OpenID address, OpenID Phone, Groups. +** All of the following scopes must be included for Okta: okta.groups.manage, okta.groups.read. + + +[.task] +==== Update Okta callback URL + +Update the callback URL. + +[.procedure] + +. Log into Okta. + +. Click on *Applications* and click on your application. + +. Click the *General* tab, and then click *Edit*. + +. Update *Login redirect URIs*. +Enter the following URL to enable the service-to-service integration: ++ +*\https://:/api/v1/authenticate/callback/oidc* + +. Click *Save*. + +[.task] +==== Configure Okta as an Identity Provider + +Configure Okta as an identity provider in Prisma Cloud with the following steps. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Authentication > Identity Providers > OpenID Connect*. + +. Enable OpenID Connect. + +. Fill in the settings. + +.. For *Client ID*, enter the client ID. + +.. For *Client Secret*, enter the client secret. + +.. For *Issuer URL*, enter: ++ +*\https://sso.connect.pingidentity.com/*. + +.. For *Group scope*, select *groups*. + +.. (Optional) Enter your certificate. + +.. Click *Save*. + +[#azure-ad] +[.task] +=== Azure Active Directory (AD) + +To integrate with Azure Active Directory (AD), you must register Prisma Cloud as an Open ID Connect (OIDC) application in Azure and configure Azure AD as an identity provider in Prisma Cloud. + +[.procedure] + +. Go to https://portal.azure.com/#home[your Azure console]. + +. Find the Azure AD service. + +. Click the *app registration* button and select *New registration* + +. Enter a name and select *Accounts in this organizational directory only* as the supported account type. + +. Under *Redirect URI* select *Web console URL* enter the following URL to enable the service-to-service integration: *\https://:/api/v1/authenticate/callback/oidc* + +. Click on *Register the app*. + +. To add the secret for the client, go to *certificates & secrets*. + +. Add a new secret for the client, copy and store it for later use. ++ +[IMPORTANT] +==== +You can only view the value of the secret when you create it. Copy and store the secret safely for later use. +==== + +[.task] +==== Configure Groups in Azure AD + +[.procedure] +. To add the needed claim, go to *Token Configuration*. +.. Select *Add group claim* +.. Select the *Groups assigned to the application* option. +.. Keep the default values and click *Add*. +.. Click *Add optional claim* and select *Token type - ID*. +.. Select the *email* and *preferred_username* claims. +.. Turn on the Microsoft Graph email permission, while saving these claims. ++ +image::oidc_optional_claim.png[width=250] + +. Go to the *API permissions* and click *Add a permission*. +.. Under *Microsoft API* select *Microsoft Graph*. +.. Select *Delegated permissions* +.. Select *email, openid, profile*. ++ +image::oidc_api_permission.png[width=250] + +. To create the needed application group, go to *Groups* in the Azure AD console. + +. Create a new group and keep the default values. + +[.task] +==== Assign the Created Group to the Prisma Cloud Console + +[.procedure] +. Go to *Enterprise applications* in the Azure AD console. + +. Find the application you registered. + +. Click on *Properties* and check the *Assignment required* option. + +. Click on *Assign users and groups*. + +. Click add and select the previously created group. + +. Click add and select your user. + +. Go to *App registrations* in the Azure AD console. + +. Click on *Your owned registered app*. + +. Find the application you registered and click on *Endpoints*. + +. Open the OpenID Connect metadata JSON file. + +. Copy the value under Issuer URL from the JSON file, for example: *\https://login.microsoftonline.com//v2.0* + +[.task] +==== Configure Azure AD as an Identity Provider + +After you register Prisma Cloud as an Open ID Connect (OIDC) application in Azure, complete the following steps to configure Azure AD as an identity provider. + +[.procedure] + +. Go to *Manage > Authentication > Identity Providers* in your Prisma Cloud Console. + +. Enable OpenID Connect. + +. Enter the following information in the settings fields. + +.. *Client ID*: Use the *Application (Client) ID* found in the Azure Console under *Azure AD > App registrations > Overview*. ++ +image::oidc_client_id.png[width=250] + +.. *Client Secret*: The secret for the client that you created for the application and stored safely for later use. +.. *Issuer URL*: The endpoint of the application registered in Azure AD, for example *\https://login.microsoftonline.com//v2.0* +.. *Group scope*: Leave this field blank. +.. *Group claim*: Set this field to `groups`. This allows Prisma Cloud to populate the specific group names automatically. +.. *User claim*: The optional claim for the user. Set this field to `preferred_username` for group based OIDC authentication, it is used for the audit logs. ++ +image::oidc_identity_provider_configuration.png[width=250] + +. Click *Save*. + +[.task] +=== Prisma Cloud to OIDC user identity mapping + +If you intend to use the group mapping method, skip to the <> task. +Create a user for every user that should access Prisma Cloud. +The Open ID Connect specification requires every username to match with a configured username in the Prisma Cloud database. +Prisma Cloud uses attributes that come from OIDC to perform this match, for example you can use `sub`, `username` or `email`. +You should use whichever value the provider is configured to send to Prisma Cloud when you configure users. + +[.procedure] +. Go to *Manage > Authentication > Users*. + +. Click *Add User*. + +. Set *Username* to the GitHub user name. + +. Set *Auth method* to *OpenID Connect*. + +. Select a xref:../authentication/user-roles.adoc[role] for the user. + +. Click *Save*. + +. Test logging into Prisma Cloud Console. + +.. Logout of Prisma Cloud. + +.. On the login page, select *OpenID Connect*, and then click *Login*. ++ +image::oidc_login.png[width=250] + +.. You're redirected to your OIDC provider to authenticate. + +.. After successfully authenticating, you're logged into Prisma Cloud Console. + +[#group-mapping] +[.task] +=== Prisma Cloud to OIDC provider group mapping + +When you use groups to assign roles in Prisma Cloud you don't have to create individual Prisma Cloud accounts for each user. +The group value configured on the Compute side should reflect the name of the group scope in the OIDC provider. +It might be something different than groups. + +Groups can be associated and authenticated with by multiple identity providers. +If you use Azure Active Directory (AAD), a user can't be part of more than 200 groups at once. + +[.procedure] +. Go to *Manage > Authentication > Groups*. + +. Click *Add Group*. + +. In *Name*, enter an OpenShift group name. For AAD use Azure Group's *Object ID* as the group name. + +. In *Authentication method*, select *External Providers*. + +. In *Authentication Providers*, select *OpenID Connect group*. + +. Select a xref:../authentication/user-roles.adoc[role] for the members of the group. + +. Click *Save*. + +. Test logging into Prisma Cloud Console. + +.. Logout of Prisma Cloud. + +.. On the login page, select *OpenID Connect*, and then click *Login*. ++ +image::oidc_login.png[width=250] + +.. You're redirected to your OIDC provider to authenticate. + +.. After successfully authenticating, you're logged into Prisma Cloud Console. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/openldap.adoc b/docs/en/compute-edition/32/admin-guide/authentication/openldap.adoc new file mode 100644 index 0000000000..0171f38809 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/openldap.adoc @@ -0,0 +1,92 @@ +== Integrate with OpenLDAP + +Prisma Cloud can integrate with OpenLDAP, an open source implementation of the Lightweight Directory Access Protocol. + +Integrating Prisma Cloud with OpenLDAP lets users access Prisma Cloud using their LDAP credentials, and lets admins define granular access control rules to Docker Engine or Kubernetes using existing LDAP identities. + +With OpenLDAP integration, you can: + +* Re-use the identities and groups already set up in your OpenLDAP directory. + +[.task] +=== Integrating OpenLDAP + +This procedure shows you how to integrate OpenLDAP with Prisma Cloud. + +*Prerequisites:* + +* You have installed OpenLDAP 2.4.44 or later. +Prisma Cloud has been tested with version 2.4.44. +Integration with older versions should work as well, but isn't officially supported. + +[.procedure] +. In your LDAP directory, create a service account that has admin privileges and that can run ldapsearch queries. ++ +This admin account will be used by Prisma Cloud to authenticate users in your LDAP directory. +It should be able to control the entire domain, and should therefore be created under the root OU. + +. Verify that the service account can query your LDAP directory. ++ +Run ldapsearch, passing it the credentials for your service account, and query your directory for a user: ++ + $ ldapsearch -x \ + -b dc=example,dc=com \ + -D "cn=,dc=example,dc=com" \ + -w + "(cn=)" ++ +Where: ++ +[horizontal] +``:: Common name for the Prisma Cloud service account. +``:: Password for the Prisma Cloud service account. +``:: Common name for a user in your LDAP directory. + +. Open Console, and go to *Manage > Authentication > Identity Providers > LDAP*. + +. Set *Integrate LDAP users and groups with Prisma Cloud* to *Enabled*. + +. For *Authentication type*, select *OpenLDAP*. + +. For *Path to LDAP service*, enter the LDAP server and port number in the following format: ++ +For secure connections over TLS: `ldaps://:`. ++ +For insecure connections: `ldap://:` + +. For *Search base*, enter the base DN for your users and groups. + +. (OPTIONAL) For *User identifier*, specify an attribute to be used to match users. ++ +For example, enter uid to match users based on their user IDs. + +. For *Service account UPN*, enter the DN for your Prisma Cloud service account. + +. For *Service account password*, enter the password for the Prisma Cloud service account. + +. For *CA certificate*, provide the CA certificate used to sign the LDAPS certificate on the server. ++ +Prisma Cloud uses the CA certificate to validate the LDAPS certificate and prevent man-in-the-middle attacks. +If you are using an insecure connection or do not wish to validate the LDAPS certificate, leave this field blank. + +. Click *Save*. ++ +Console verifies all your parameters with the server. +If a connection cannot be established, an error message is shown and no parameters are saved. + + +[.task] +=== Verifying integration with OpenLDAP + +Verify the integration with OpenLDAP. + +[.procedure] +. Open Console. + +. If you are logged into Console, log out. ++ +image::logout.png[width=200] + +. Log in to Console using the credentials of an existing OpenLDAP user. ++ +If the log in is successful, you are directed to the view appropriate for the user's role. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/prisma-cloud-user-roles.adoc b/docs/en/compute-edition/32/admin-guide/authentication/prisma-cloud-user-roles.adoc new file mode 100644 index 0000000000..f041671407 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/prisma-cloud-user-roles.adoc @@ -0,0 +1,81 @@ +== Prisma Cloud Compute User Roles + +If you are migrating from Prisma Cloud Compute Edition (self-hosted) to Prisma Cloud Enterprise Edition, the following table help you map roles and permissions for Prisma Cloud platform and the Compute roles. + +In Prisma Cloud Enterprise Edition, permission groups determine what a user can do and see in Prisma Cloud UI, and the APIs he or she can access. +You can assign permission groups to user roles to control their level of access on Prisma Cloud. + + + +=== Prisma Cloud Permission Group to Compute Role mapping + +The following table summarizes the Permission groups available in Prisma Cloud and their mapping to Compute Console. + +[cols="20%,40%,40%,40%", options="header"] +|=== +|Prisma Cloud Permission Group +|Compute Role +|Access level +|Typical uses case(s) + +|System Admin (supports Compute-only check) +|Administrator +|Full read-write access to all Prisma Cloud settings and data. +|Security administrators. + +|Account & Cloud Provisioning Admin (supports Compute-only check) +|Auditor +|Read-only access to all Prisma Cloud Compute rules and data. +|Auditors and compliance staff that need to verify settings and monitor compliance. + +|Cloud Provisioning Admin +|Defender Manager +|Install, manage, and remove Defenders from your environment. +|DevOps team members that need to manage Defender deployments without sysadmin privileges. + + *Note*: The permission groups you assign here only restrict access to what the user can do and see on the administrative Console. Defenders will collect and share information without differentiating which user deployed them. + +|Account Group Admin (supports Compute-only check) +|Auditor +|Read-only access to all Prisma Cloud Compute rules and data. +|Auditors and compliance staff that need to verify settings and monitor compliance. + +|Account Group Read Only (supports Compute-only check) +|DevSecOps User +|Read-only access to all results under *Radar* and *Monitor*, but no access to view or change policy or settings. +|DevSecOps personnel. + +|Build and Deploy Security +|DevOps User +|Read-only access to the Prisma Cloud CI vulnerability and compliance scan reports only. +|Developer, Operations, and DevOps personnel that need to know about and/or address the vulnerabilities in your environment. + +|Build and Deploy Security ("*Only Access Key*" selection) +|CI User +|Run the Continuous Integration plugins, IaC scans, IDE plugins only. +|CI Users can only run the plugin and have no other access to configure Prisma Cloud. + +|=== + +*Only for Compute Capabilities checkbox* +This checkbox is available for Admin and Read-Only user roles - Auditor and DevSecOps. +When assigned, users will be given access to *only* the Compute tab and Access keys tab in the Prisma Cloud platform. +All other tabs, such as Policy, Asset Inventory, etc, will be hidden from view. + +*On-prem/Other cloud providers* +You can assign read only roles to view data from Defenders that are deployed on hosts outside of supported cloud providers for Cloud Account discovery in Compute (i.e AWS, Azure, GCP, Alibaba). e.g. OpenShift on VMware vSphere inside private datacenter. Other clouds (e.g. Oracle, IBM, etc) + +Users with read-only permission to Compute Console only see data from cloud accounts they have access to (in Prisma). +For example, read-only user John who is assigned access to onboarded accounts from AWS in Prisma Cloud but no access to accounts from GCP and Azure. When John selects the Compute tab, he can only view data coming from Defenders in the assigned AWS account and no other Defenders. +Only system admin permission group users can manage/view data coming from all Defenders in Compute. This includes data from cloud accounts that may not be onboarded in Prisma Cloud. + +NOTE: DevOps/CI users only have access to CI/CD scans hence the account filtering mentioned above does not apply to these users. + +NOTE: Only Admin can create collections in Compute. Collections for Read-Only users are visible according to the cloud accounts they are assigned in Prisma Cloud and the subsets of those resources created in manual collections by Admins. + +ifdef::compute_edition[] +You can assign granular compute resources access via Resource Lists. To learn more about Prisma Cloud Roles and assignment, see xref:../authentication/assign-roles.adoc[Assign Roles] + +To learn more about Compute roles, see xref:../authentication/user-roles.adoc[User roles]. + +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/authentication/saml-active-directory-federation-services.adoc b/docs/en/compute-edition/32/admin-guide/authentication/saml-active-directory-federation-services.adoc new file mode 100644 index 0000000000..75549263fc --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/saml-active-directory-federation-services.adoc @@ -0,0 +1,212 @@ +== Integrate with Windows Server 2016 & 2012r2 Active Directory Federation Services (ADFS) via SAML 2.0 federation + +Many organizations use SAML to authenticate users for web services. +Prisma Cloud supports the SAML 2.0 federation protocol for access to the Prisma Cloud Console. +When SAML support is enabled, users can log into Console with their federated credentials. +This article provides detailed steps for federating your Prisma Cloud Console with your Active Directory Federation Service (ADFS) Identity Provider (IdP). + +Prisma Cloud supports SAML 2.0 federation with Windows Server 2016 and Windows Server 2012r2 Active Directory Federation Services via the SAML protocol. +The federation flow works as follows: + +. Users browse to Prisma Cloud Console. + +. Their browsers are redirected to the ADFS SAML 2.0 endpoint. + +. Users authenticate either with Windows Integrated Authentication or Forms Based Authentication. +Multi-factor authentication can be enforced at this step. + +. An ADFS SAML token is returned to Prisma Cloud Console. + +. Prisma Cloud Console validates the SAML token's signature and associates the user to their Prisma Cloud account via user identity mapping or group membership. + +Prisma Cloud Console is integrated with ADFS as a federated SAML Relying Party Trust. + +* <> +* <> + +NOTE: The Relying Party trust workflows may differ slightly between Windows Server 2016 and Windows Server 2012r2 ADFS, but the concepts are the same. + + +[.task] +=== Configure Active Directory Federation Services + +This guide assumes you have already deployed Active Directory Federation Services, and Active Directory is the claims provider for the service. + +[.procedure] +. Log onto your Active Directory Federation Services server. + +. Go to *Server Manager > Tools > AD FS Management* to start the ADFS snap-in. + +. Go to *AD FS > Service > Certificates* and click on the *Primary Token-signing* certificate. + +. Select the Details tab, and click *Copy to File...*. ++ +image::adfs_saml_1.png[width=600] + +. Save the certificate as a Base-64 encoded X.509 (.CER) file. +You will upload this certificate into the Prisma Cloud console in a later step. + +. Go to *AD FS > Relying Party Trusts*. + +. Click *Add Relying Party Trust* from the *Actions* menu. + +.. Step Welcome: select *Claims aware*. ++ +image::adfs_saml_2.png[width=600] + +.. Step Select Data Source: select *Enter data about the relying party manually*. ++ +image::adfs_saml_3.png[width=600] + +.. Step Specify Display Name: In *Display Name*, enter *twistlock Console*. ++ +image::adfs_saml_4.png[width=600] + +.. Step Configure Certificate: leave blank. + +.. Step Configure URL: select *Enable support for the SAML 2.0 WebSSO protocol*. +Enter the URL for your Prisma Cloud Console *\https://:8083/api/v1/authenticate/*. ++ +image::adfs_saml_5.png[width=600] + +.. Step Configure Identifiers: for example enter *twistlock* all lower case and click *Add*. ++ +image::adfs_saml_6.png[width=600] ++ + +.. Step Choose Access Control Policy: this is where you can enforce multi-factor authentication for Prisma Cloud Console access. +For this example, select *Permit everyone*. ++ +image::adfs_saml_7.png[width=600] + +.. Step Ready to Add Trust: no changes, click *Next*. + +.. Step Finish: select *Configure claims issuance policy for this application* then click *Close*. ++ +image::adfs_saml_8.png[width=600] + +.. In the Edit Claim Issuance Policy for Prisma Cloud Console click *Add Rule*. + +.. Step Choose Rule Type: In *Claim rule template*, select *Send LDAP Attributes as Claims*. ++ +image::adfs_saml_9.png[width=600] + +.. Step Configure Claim Rule: ++ +* Set *Claim rule name* to *Prisma Cloud Console* +* Set *Attribute Store* to *Active Directory* +* In *Mapping of LDAP attributes to outgoing claim types*, set the *LDAP Attribute* to *SAM-Account-Name* and *Outgoing claim type* to *Name ID*. ++ +image::adfs_saml_10.png[width=600] ++ +NOTE: The user's Active Directory attribute returned in the claim must match the Prisma Cloud user's name. In this example we are using the samAccountName attribute. + +.. Click *Finish*. + +. Configure ADFS to either sign the SAML response (_-SamlResponseSignature MessageOnly_) or the SAML response and assertion (_-SamlResponseSignature MessageAndAssertion_) for the Prisma Cloud Console relying party trust. +For example to configure the ADFS to only sign the response, start an administrative PowerShell session and run the following command: + + set-adfsrelyingpartytrust -TargetName "Prisma Cloud Console" -SamlResponseSignature MessageOnly + + +[.task] +=== Active Directory group membership within SAML response + +You can use Active Directory group membership to assign users to Prisma Cloud roles. +When a user's group membership is sent in the SAML response, Prisma Cloud attempts to associate the user's group to a Prisma Cloud role. +If there is no group association, Prisma Cloud matches the user to an identity based on the NameID to Prisma Cloud username mapping. +The SAML group to Prisma Cloud role association _does not require_ the creation of a Prisma Cloud user. +Therefore simplify the identity management required for your implementation of Prisma Cloud. + +[.procedure] +. In *Relying Party Trusts*, select the *Prisma Cloud Console* trust. + +. Click *Edit Claim Issuance Policy* in the right hand *Actions* pane. + +. Click *Add Rule*. + +. _Claim rule template:_ *Send Claims Using a Custom Rule*. + +. Click *Next*. + +. _Claim rule name:_ *Prisma Cloud Groups*. + +. Paste the following claim rule into the _Custom rule_ field: + + c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("groups"), query = ";tokenGroups;{0}", param = c.Value); + + +[.task] +=== Configure the Prisma Cloud Console + +Configure the Prisma Cloud Console. + +[.procedure] +. Login to the Prisma Cloud Console as an administrator. + +. Go to *Manage > Authentication > Identity Providers*. + +. CLick *+ Add Provider* + +. Set *Protocol* to *Saml*. + +. Set *Identity Provider* to *ADFS*. + +. Enable *Automatically detect authentication method* if the authenticating users' workstations can perform integrated windows authentication with ADFS / Active Directory + +. Enter *Provider alias* name to render to the user when initiating the SAML workflow from the Console. + +. In *Identity provider single sign-on URL*, enter your SAML Single Sign-On Service URL. +For example *\https://FQDN_of_your_adfs/adfs/ls*. + +. In *Identity provider issuer*, enter your SAML Entity ID, which can be retrieved from *ADFS > Service > Federation Service Properties : Federation Service Identifier*. + +. In *Audience*, enter the ADFS Relying Party identifier *twistlock* + +. In *X.509 certificate*, paste the ADFS *Token Signing Certificate Base64* into this field. ++ +image::adfs_saml_11.png[width=600] + +. Click *Save*. + +. Go to *Manage > Authentication > Users*. + +. Click *Add user*. + +.. *Username*: Active Directory _samAccountName_ must match the value returned in SAML token's Name ID attribute. ++ +NOTE: When federating with ADFS Prisma Cloud usernames are case insensitive. All other federation IdPs are case sensitive. + +.. *Auth method*: set to *SAML*. ++ +image::adfs_saml_12.png[width=600] + +.. *Role*: select an appropriate xref:../authentication/user-roles.adoc[role]. + +. Click *Save*. + + +[.task] +==== Active Directory group membership mapping to Prisma Cloud role + +Associate a user's Active Directory group membership to a Prisma Cloud role. + +[.procedure] +. Go to *Manage > Authentication > Groups*. + +. Click *Add group*. + +. _Group Name_ matches the *Active Directory group name*. + +. Select the *SAML group* radio button. + +. Assign the *Role*. ++ +image::adfs_saml_13.png[width=600] ++ +NOTE: The SAML group to Prisma Cloud role association _does not require_ the creation of a Prisma Cloud user. + +. Test login into the Prisma Cloud Console via ADFS SAML federation. ++ +Leave your existing session logged onto the Prisma Cloud Console in case you encounter issues. +Open a new incognito browser window and go to \https://:8083. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/saml-azure-active-directory.adoc b/docs/en/compute-edition/32/admin-guide/authentication/saml-azure-active-directory.adoc new file mode 100644 index 0000000000..2287619ef8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/saml-azure-active-directory.adoc @@ -0,0 +1,386 @@ +== Integrate with Azure Active Directory via SAML 2.0 federation + +Many organizations use SAML to authenticate users for web services. +Prisma Cloud supports the SAML 2.0 federation protocol to access the Prisma Cloud Console. +When SAML authentication is enabled, users can log into the Console with their federated credentials. +This article provides detailed steps for federating your Prisma Cloud Console with your Azure Active Directory (AAD) tenant's Identity Provider. + +The Prisma Cloud/Azure Active Directory SAML federation workflow is as follows: + +. User browses to their Prisma Cloud Console. + +. The user's browser is redirected to the Azure Active Directory SAML 2.0 endpoint. + +. The user enters their AAD credentials to authenticate. +Multi-factor authentication can be enforced at this step. + +. An AAD SAML token is returned to the user's Prisma Cloud Console. + +. Prisma Cloud Console validates the Azure Active Directory SAML token's signature and associates the user to their Prisma Cloud account via user identity mapping or group membership. +Prisma Cloud supports SAML groups for Azure Active Directory federation. + +NOTE: The Azure Portal may change the Enterprise Application SAML federation workflow over time. +The concepts and steps outlined in this document can be applied to any Non-gallery application. + +The Prisma Cloud Console is integrated with Azure Active Directory as a federated SAML Enterprise Application. +The steps to set up the integration are: + +* <> +** <> +** <> +*** <> +* <> +** <> +** <> +** <> + + +[.task] +=== Configure Azure Active Directory + +*Prerequisites:* + +* Required Azure Active Directory SKU: Premium +* Required Azure Active Directory role: Global Administrator + +[.procedure] +. Log onto your Azure Active Directory tenant (https://portal.azure.com) + +. Go to _Azure Active Directory > Enterprise Applications_ + +. On the top left of the window pane, click *+ New Application* + +. Select *+ Create your own application* on the top left of the window pane + +. In the _Name_ field enter *Compute-Console*, select the _Integrate any other application you don't find in the gallery (Non-gallery)_ radio button and then click *Create*. In this example I am using "Compute-Console" as the application's identifier. ++ +image::aad_saml_20210728_1.png[width=400] ++ +. The _Compute-Console_ overview page will appear, select *2. Single sign-on* and then choose *SAML* ++ +image::aad_saml_20210728_2.png[width=600] + +. Section #1 _Basic SAML Configuration_: + +.. _Identifier_: *Compute-Console* Set to your Console's unique Audience value. You will configure this value within your Prisma Cloud Console at a later step. + +.. _Reply URL_: *\https://:8083/api/v1/authenticate* ++ +image::aad_saml_20210728_3.png[width=600] + +. Section #2 _User Attributes & Claims_: ++ +Select the Azure AD user attribute that will be used as the user account name within Prisma Cloud. +This will be the NameID claim within the SAML response token. +We recommend using the default value. + +.. _Unique User Identifier (Name ID)_: **user.userprincipalname [nameid-format:emailAddress]** ++ +image::aad_saml_20210728_4.png[width=600] ++ +NOTE: Even if you are using AAD Groups to assign access to Prisma Cloud set the NamedID claim. + +. Section #3 _SAML Signing Certificate_: + +.. Select **Download: Certificate (Base64)** + +.. Select the edit icon + +.. Set _Signing Option_: **Sign SAML Response and Asertion** ++ +image::aad_saml_20210728_5.png[width=600] + +. Section #4 _Set up Compute-Console_: ++ +Save the value of of _Login URL_ and _Azure AD Identifier_. +You will use these values for the configuration of the Prisma Cloud Console in a later step. ++ +image::aad_saml_20210728_6.png[width=600] + +. Copy the _Application ID_. You can find this within the _Properties_ tab in the Manage section of the application. + +. Click on _1. Assign users and groups_ within the Manage section of the application. +Add the users and/or groups that will have the right to authenticate to Prisma Cloud Console. ++ +image::aad_saml_20210728_7.png[width=600] + + +==== Prisma Cloud User to AAD User identity mapping + +If you plan to map Azure Active Directory users to Prisma Cloud user accounts go to <>. + +[.task] +==== Prisma Cloud Groups to AAD Group mapping + +When you use Azure Active Directory groups to map to Prisma Cloud SAML groups, do not create users in the Prisma Cloud Console. +Configure the AAD SAML application to send group membership (http://schemas.microsoft.com/ws/2008/06/identity/claims/groups) claims within the SAML response token. +When you enable AAD group authentication the Prisma Cloud user to AAD user identity method of association will be ignored. + +NOTE: Prisma Cloud Compute version 22_06 now uses the link:https://docs.microsoft.com/en-us/graph/overview[Microsoft Graph API] + +When the Azure Active Directory SAML response returns a group claim it contains the user's group OIDs as the values. +When adding AAD groups within the Console using the group's name the Console will perform a call to the Microsoft Graph API endpoint (https://graph.microsoft.com) to determine the OID of the group. +Therefore you will need to configure the Console to query the Azure Active Directory API. +For users whose group membership exceeds 150 groups the Console will have to perform an Microsoft Graph API call to query for the full group membership of the user. +In this scenario it is recommended to use link:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims[ApplicationGroups] to emit only the groups that are explicitly assigned to the application and the user is a member of. + +Prisma Cloud Compute version 21_08 and higher supports the scenerio in which the Console is unable to call the Microsoft Graph API. +The AAD group's OID is supplied as the _OID_ value when configuring the Console's SAML groups. + +[.procedure] +. Configure the application to send group claims within the SAML response token: + +.. In Azure go to _Azure Active Directory > Enterprise applications > Compute-Console_ + +.. Under Manage click _Single sign-on_ + +.. Click the edit for section **2. User Attributes & Claims** + +.. Click **Add a group claim** + +.. Select the **Security groups** radio button + +.. Set _Source attribute_ to **Group ID** ++ +image::aad_saml_20210728_10.png[width=600] + +. Assign the group to the application + +.. In Azure go to _Azure Active Directory > Enterprise applications > Compute-Console_ + +.. Under Manage click _Users and groups_ + +.. Click **+ Add user/group** + +.. Under _Users and groups_ click **None Selected** + +.. Select the group to be used for authentication to the Console and click **Select** + +.. At the _Add Assignment_ window click **Assign** ++ +If you plan not to use the Azure Active Directory API call functionality to determine the group's OID based upon the supplied group name and/or scenarios in which a user's group membership is greater than 150 groups go to <>. +Otherwise, continue with the following steps. + + +[.task] +===== Add permissions to allow Prisma Cloud Console to query the Azure Active Directory API + +Add these permissions to allow Prisma Cloud Console to query the Azure Active Directory API. +These permissions are required in the following scenarios. + +* Your Azure Active Directory (AAD) has users that belong to more than 150 groups. +* You add groups in the Prisma Cloud Console without their Object ID (OID). + +[.procedure] +. Set Application permissions: + +.. In Azure go to _Azure Active Directory > App registrations > Compute-Console_ + +.. Under the _Manage_ section, go to _API Permissions_ + +.. Click on **Add a Permission** + +.. Click on **Microsoft Graph** + +.. _Select permissions_: **Application Permissions: Directory.Read.All** ++ +image::aad_saml_20210728_12.png[width=600] + +.. Click _Add Permissions_ + +.. Click _Grant admin consent for Default Directory_ within the Configured permissions blade + +. Create Application Secret + +.. Under the Manage section, go to _Certificates & secrets_ + +.. Click on **New client secret** + +.. Add a _secret description_ + +.. _Expires_: **Never** + +.. Click _Add_ + +.. Make sure to save the secret _value_ that is generated before closing the blade ++ +image::aad_saml_20210728_13.png[width=600] ++ +NOTE: Allow several minutes for these permissions to propagate within AAD. ++ +Continue the configuration by going to <> + + +=== Configure Prisma Cloud Console + +Configure Prisma Cloud Compute Console. + +[.task] +==== Prisma Cloud User to AAD User identity association + +Configure Prisma Cloud Console's SAML settings for user identity based logon. + +[.procedure] +. Log into Prisma Cloud Console as an administrator + +. Go to *Manage > Authentication > Identity Providers > SAML* + +. Set *SAML settings* to *Enabled* + +. Set *Identity Provider* to *Azure* + +.. In *Provider alias* enter an identifier for this SAML provider (e.g. AzureAD) + +.. In *Identity provider single sign-on URL* enter the Azure AD provided *Login URL* + +.. In *Identity provider issuer* enter the Azure AD provided *Azure AD Identifier* + +.. In *Audience* enter *Compute-Console* + +.. In *X.509 certificate* paste the Azure AD SAML *Signing Certificate Base64* into this field ++ +image::aad_saml_20210728_8.png[width=800] + +. Click *Save* + + +[.task] +===== Map an Azure Active Directory user to a Prisma Cloud account + +Map an Azure Active Directory user to a Prisma Cloud account. + +[.procedure] +. Go to *Manage > Authentication > Users* + +. Click *Add user* + +. *Create a New User* + +.. *Username*: Azure Active Directory _userprincipalname_ + +.. *Auth Method*: Select *SAML* + +.. *Role*: Select the appropriate role for the user ++ +image::aad_saml_20210728_9.png[width=600] + +.. Click *Save* + + +[.task] +==== Group mapping without calling Azure Active Directory API + +In this configuration the Console will not call the Microsoft Graph API to determine the group's AAD OID based upon the group name supplied. +If a user's security group membership is greater than 150 groups and the Console is unable to perform the Microsoft Graph API query it is recommended to to use link:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims[ApplicationGroups.] + +Configure Prisma Cloud Console's SAML settings for group based logon. + +[.procedure] +. Log into Prisma Cloud Console as an administrator + +. Go to *Manage > Authentication > Identity Providers > SAML* + +. Set *SAML settings* to *Enabled* + +. Set *Identity Provider* to *Azure* + +.. In *Provider alias* enter an identifier for this SAML provider (e.g. AzureAD) + +.. In *Identity provider single sign-on URL* enter the Azure AD provided *Login URL* + +.. In *Identity provider issuer* enter the Azure AD provided *Azure AD Identifier* + +.. In *Audience* enter *Compute-Console* + +.. In *X.509 certificate* paste the Azure AD SAML *Signing Certificate Base64* into this field ++ +image::aad_saml_20210728_8.png[width=800] + +. Click *Save* + + +[.task] +===== Assign the AAD group OID to a role + +Assign the AAD group OID to a role. + +[.procedure] +. Go to *Manage > Authentication > Groups* + +. Click *Add Group* + +. Enter a display name for the group (e.g. AAD_SAML_admins) + +. Select _Authentication method_ **External providers** + +. Select _Authentication Providers_ **SAML** + +. Enter the AAD OID of the group within the _OID_ field + +. Select the Prisma Cloud role for the group + +. Click *Save* ++ +image::aad_saml_20210728_11.png[width=600] + + +[.task] +==== Group mapping with calling Azure Active Directory API + +Azure Active Directory SAML response will send the user's group membership as OIDs and not the name of the group. +When a group name is added, Prisma Cloud Console will query the Microsoft Graph API to determine the OID of the group entered. +For users whose group membership exceeds 150 groups the Console will perform an Microsoft Graph API call to query for the full group membership of the user. +Ensure your Prisma Cloud Console is able to reach the Microsoft Graph API endpoint (https://graph.microsoft.com). + +[.procedure] +. Log into Prisma Cloud Console as an administrator + +. Go to *Manage > Authentication > Identity Providers > SAML* + +. Set *SAML settings* to *Enabled* + +. Set *Identity Provider* to *Azure* + +.. In *Provider alias* enter an identifier for this SAML provider (e.g. AzureAD) + +.. In *Identity provider single sign-on URL* enter the Azure AD provided *Login URL* + +.. In *Identity provider issuer* enter the Azure AD provided *Azure AD Identifier* + +.. In *Audience* enter *Compute-Console* + +.. Enter the *Application ID* of the _Compute-Console_ AAD application + +.. Enter the *Tenant ID* of your Azure Active Directory + +.. Enter the *Application Secret value* for permission to Azure Active Directory API + +.. In *X.509 certificate* paste the Azure AD SAML *Signing Certificate Base64* into this field + +. Click *Save* ++ +image::aad_saml_20210728_14.png[width=600] + +[.task] +===== Assign the AAD group name to a role + +Assign the AAD group name to a role. + +[.procedure] +. Go to *Manage > Authentication > Groups* + +. Click *Add Group* + +. Enter the name of the AAD group + +. Click the *SAML group* radio button + +. Select the Prisma Cloud role for the group + +. Click *Save* ++ +image::aad_saml_20210728_15.png[width=600] ++ +Test logging into Prisma Cloud Console via Azure Active Directory SAML federation. +Leave your existing session logged into Prisma Cloud Console in case you encounter issues. +Open a new incognito browser window and go to *\https://:8083* and select SAML authentication method. diff --git a/docs/en/compute-edition/32/admin-guide/authentication/saml-google-g-suite.adoc b/docs/en/compute-edition/32/admin-guide/authentication/saml-google-g-suite.adoc new file mode 100644 index 0000000000..827b50eeaf --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/saml-google-g-suite.adoc @@ -0,0 +1,102 @@ +== Integrate Google G Suite via SAML 2.0 federation + +Many organizations use SAML to authenticate users for web services. +Prisma Cloud supports the SAML 2.0 federation protocol to access the Prisma Cloud Console. +When SAML support is enabled, users can log into Console with their federated credentials. +This article provides detailed steps for federating your Prisma Cloud Console with Google G Suite. + +The Prisma Cloud/G Suite SAML federation flow works as follows: + +. Users browse to Prisma Cloud Console. + +. Their browsers are redirected to the G Suite SAML 2.0 endpoint. + +. They enter their credentials to authenticate. +Multi-factor authentication can be enforced at this step. + +. A SAML token is returned to Prisma Cloud Console. + +. Prisma Cloud Console validates the SAML token’s signature and associates the user to their Prisma Cloud account via user identity mapping or group membership. + + +[.task] +=== Setting up Google G Suite + +Prisma Cloud supports SAML integration with Google G Suite. + +[.procedure] +. Log into your G Suite admin console. + +. Click on *Apps*. ++ +image::integrate_g_suite_791235.png[width=800] + +. Click on *SAML apps*. ++ +image::integrate_g_suite_791236.png[width=800] + +. Click the *+* button at the bottom to add a new app. + +. Click *SETUP MY OWN CUSTOM APP* at the bottom of the dialog. + +. Copy the *SSO URL* and *Entity ID*, and download the certificate. +You will need these later for setting up the integration in Prisma Cloud Console. +Click *NEXT*. ++ +image::integrate_g_suite_791271.png[width=600] + +. Enter an *Application Name*, such as *Prisma Cloud*, then click *NEXT*. + +. In the Service Provider Details dialog, enter the following details, then click *NEXT*. + +.. In *ACS URL*, enter: *\https://:8083/api/v1/authenticate*. + +.. In *Entity ID*, enter: *twistlock*. + +.. Enable *Signed Response*. ++ +image::integrate_g_suite_791240.png[width=600] + +. Click *FINISH*, then *OK*. ++ +image::integrate_g_suite_791241.png[width=600] + +. Turn the application to on. Select either *ON* for everyone or *ON for some organizations*. ++ +image::integrate_g_suite_791242.png[width=800] + + +[.task] +=== Setting up Prisma Cloud + +Set up Prisma Cloud for G Suite integration. + +[.procedure] +. Log into Console, then go to *Manage > Authentication > Identity Providers > SAML*. + +. Set *Integrate SAML users and groups with Prisma Cloud* to *Enabled*. + +. Set *Identity provider* to *G Suite*. + +. Set up the following parameters: + +.. Paste the SSO URL, Entity ID, and certificate that you copied during the G Suite set up into the *Identity Provider single sign-on URL*, *Identity provider issuer*, and *X.509 certificate* fields. + +.. Set *Audience* to match the application Entity ID configured in G Suite. +Enter *twistlock*. + +.. Click *Save*. + +. Go to *Manage > Authentication > Users*, and click *Add user*. + +. In the *Username* field, enter the G Suite email address the user you want to add. +Select a role, then click *Save*. +Be sure *Create user in local Prisma Cloud account database* is *Off*. + +. Log out of Console. ++ +image::logout.png[width=200] ++ +You will be redirected into G Suite and you might need to enter your credentials. +After that, you will be redirected back into Prisma Cloud and authenticated as a user. + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/saml-ping-federate.adoc b/docs/en/compute-edition/32/admin-guide/authentication/saml-ping-federate.adoc new file mode 100644 index 0000000000..a5b52f424e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/saml-ping-federate.adoc @@ -0,0 +1,170 @@ +== Integrate with PingFederate via SAML 2.0 federation + +Many organizations use SAML to authenticate users for web services. +Prisma Cloud supports the SAML 2.0 federation protocol to access the Prisma Cloud Console. +When SAML support is enabled, users can log into the Console with their federated credentials. +This article provides detailed steps for federating your Prisma Cloud Console with your PingFederate v8.4 Identity Provider (IdP). + +The Prisma Cloud/PingFederate SAML federation flow works as follows: + +. Users browse to Prisma Cloud Console. + +. Their browsers are redirected to the PingFederate SAML 2.0 endpoint. + +. They enter their credentials to authenticate. +Multi-factor authentication can be enforced at this step. + +. A PingFederate SAML token is returned to Prisma Cloud Console. + +. Prisma Cloud Console validates the SAML token’s signature and associates the user to their Prisma Cloud account via user identity mapping or group membership. + +Prisma Cloud Console is integrated with PingFederate as a federated SAML Service Provider. +The steps to set up the integration are: + +* <> +* <> + + +[.task] +=== Configure PingFederate + +[.procedure] +. Logon to PingFederate + +. Go to *IdP Configuration > SP Connection > Connection Type*, and select *Browser SSO*. ++ +image::ping_saml_step2.png[width=600] + +. Go to *IdP Configuration > SP Connection > Connection Options*, and select *Browser SSO Profiles SAML 2.0*. ++ +image::ping_saml_step3.png[width=600] + +. Skip the *Import Metadata* tab. + +. Go to *IdP Configuration > SP Connection > General Info*. + +.. In *Partner's Entity ID*, enter *twistlock*. ++ +NOTE: By default, the Partner's Entity ID is "twistlock". +When configuring the SAML Audience in the Prisma Cloud Console, the default value is "twistlock". If you choose a different value here, be sure to set the same value in your Console. + +.. In *Connection Name*, enter *Prisma Cloud Console*. + +.. Click *Add*. ++ +image::ping_saml_step5.png[width=600] + +. In *Browser SSO > SAML Profiles*, select both *IDP-INITIATED SSO* and *SP-INITIATED SSO*. ++ +image::ping_saml_step6.png[width=600] + +. Go to *Assertion Creation* and set *SAML_SUBJECT* to *SAML 1.1 nameid-format*. ++ +In this example you mapped the user's email address to the SAML_SUBJECT attribute which matches the user's Prisma Cloud account. +If you are using group-to-Prisma Cloud-role associations, add *groups* to the list of attributes to be returned in the SAML token. ++ +image::ping_saml_step7.png[width=600] + +. In *IdP Configuration > SP Connection > Browser SSO > Protocol Settings > Assertion Consumer Service URL*, specify an assertion consumer URL. + +.. Under *Binding*, select *POST*. + +.. Under *Endpoint URL*, enter *\https://:8083/api/v1/authenticate*. ++ +image::ping_saml_step8.png[width=600] + +. In *IdP Configuration > SP Connection > Browser SSO > Protocol Settings > Signature Policy*, leave both values unchecked. ++ +image::ping_saml_step9.png[width=600] + +. In *IdP Configuration > SP Connection > Browser SSO > Protocol Settings*, review the protocol settings. ++ +image::ping_saml_step10.png[width=600] + +. Click *Done*. + +. Copy the PingFederate SAML token signing X.509 certificate as Base64 in *Server Configuration*. +This certificate will be imported into Prisma Cloud Console. + + +[.task] +=== Configure Prisma Cloud Console + +Configure Prisma Cloud Console. + +[.procedure] +. Login to the Prisma Cloud Console as an administrator. + +. Go to *Manage > Authentication > Identity Providers > SAML*. + +. Set *Integrate SAML users and groups with Prisma Cloud* to *Enabled*. + +. Set *Identity Provider* to *Ping*. + +. In *Identity provider single sign-on URL*, enter your PingFederate IdP endpoint. + +. In *Identity provider issuer*, enter your PingFederate Entity ID. + +. In *Audience*, enter *twistlock* (default) or the value you set for Partner's Entity ID in PingFederate. + +.. In *X.509 certificate*, paste your PingFederate X.509 *Signing Certificate Base64*. ++ +image::ping_saml_step11.png[width=600] + +. Click *Save*. + + +[.task] +=== User account name matching + +User account name matching. + +[.procedure] +. Go to *Manage > Authentication > Users*. + +. Click *Add user*. + +. Create a new user: + +.. In *Username*, enter the value returned within the SAML_SUBJECT attribute _IdP user's email address_. + +.. In *Role*, select the appropriate role. + +.. Set *Create user in local Prisma Cloud account database* to *Off*. ++ +image::ping_saml_step12.png[width=600] + +. Click *Save*. + +. Test login into the Prisma Cloud Console via PingFederate SAML federation. ++ +Leave your existing session logged onto the Prisma Cloud Console in case you encounter issues. +Open a new incognito browser window and go to *\https://:8083*. + + +[.task] +=== Group name matching + +Group name matching. + +[.procedure] +. Go to *Manage > Authentication > Groups*. + +. Click the *+Add Group* button. + +. In the *Name* field, enter a group name. ++ +NOTE: The group name must exactly match the group name in the SAML IDP. +Console does not verify if that the value entered matches a group name in the SAML IDP. + +. Select the *SAML group* checkbox. ++ +image::ping_saml_step13.png[width=600] + +. Click **Save** + +. Test login into the Prisma Cloud Console via PingFederate SAML federation. ++ +Leave your existing session logged onto the Prisma Cloud Console in case you encounter issues. +Open a new incognito browser window and go to *\https://:8083*. + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/saml.adoc b/docs/en/compute-edition/32/admin-guide/authentication/saml.adoc new file mode 100644 index 0000000000..448098b77a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/saml.adoc @@ -0,0 +1,193 @@ +== Integrate with Okta via SAML 2.0 federation + +Many organizations use SAML to authenticate users for web services. +Prisma Cloud supports the SAML 2.0 federation protocol to access the Prisma Cloud Console. +When SAML support is enabled, administrators can log into Console with their federated credentials. +This article provides detailed steps for federating your Prisma Cloud Console with Okta. + +The Prisma Cloud/Okta SAML federation flow works as follows: + +. Users browse to Prisma Cloud Console. + +. Their browsers are redirected to the Okta SAML 2.0 endpoint. + +. They enter their credentials to authenticate. +Multi-factor authentication can be enforced at this step. + +. A SAML token is returned to Prisma Cloud Console. + +. Prisma Cloud Console validates the SAML token’s signature and associates the user to their Prisma Cloud account via user identity mapping or group membership. + +Integrating Prisma Cloud with SAML consists of setting up your IdP, then configuring Prisma Cloud to integrate with it. + + +[.task] +=== Setting up Prisma Cloud in Okta + +Set up Prisma Cloud in Okta. + +[.procedure] +. Log into the Okta admin dashboard. + +. On the right, click *Add Applications*. ++ +image::integrate_saml_610130.png[width=600] + +. On the left, click *Create new app*. ++ +image::integrate_saml_610131.png[width=600] + +. Select *SAML 2.0*, and then click *Create*. ++ +image::integrate_saml_610135.png[width=600] + +. In the *App name* field, enter *Prisma Cloud Console*, then click *Next*. ++ +image::integrate_saml_610136.png[width=600] + +. In the SAML Settings dialog: + +.. In the *Single Sign On URL* field, enter *\https://:8083/api/v1/authenticate*. ++ +Note that if you have changed the default port you use for the HTTPS listener, you'd need to adjust the URL here accordingly. +Additionally, this URL must be visible from the Okta environment, so if you're in a virtual network or behind a load balancer, it must be configured to forward traffic to this port and it's address is what should be used here. + +.. Select *Use this for Recipient URL and Destination URL*. + +.. In the field for *Audience Restriction*, enter *twistlock* (all lowercase). + +.. Expand *Advanced Settings*. + +.. Verify that *Response* is set to *Signed*. + +.. Verify that *Assertion Signature* is set to *Signed*. ++ +image::integrate_saml_610140.png[width=600] + +. (Optional) Add a group. ++ +Setting up groups is optional. +If you set up group attribute statements, then permission to access Prisma Cloud is assessed at the group level. +If you don't set up group attribute statements, them permission to access Prisma Cloud is assessed at the user level. + +.. Scroll down to the *GROUP ATTRIBUTE STATEMENTS* section. + +.. In the *Name* field, enter *groups*. + +.. In filter drop down menu, select *Regex* and enter a regular expression that captures all the groups defined in Okta that you want to use for access control rules in Prisma Cloud. ++ +In this example, the regular expression **.{asterisk}(t|T)wistlock.{asterisk}** is used to include all groups prepended with either Prisma Cloud or twistlock. +You should enter your own desired group name here. +If you have just one group, such as YourGroup, then just enter *YourGroup*. +Regular expressions are not required. +If you have multiple groups, you can use a regular expressions, such as *(group1|group2|group3)*. ++ +image::integrate_saml_610146.png[width=600] + +. Click *Next*, and then click *Finish*. ++ +You are directed to a summary page for your new app. ++ +image::integrate_saml_610150.png[width=600] + +. Click on the *People* tab, and add users to the Prisma Cloud app. ++ +image::integrate_saml_610156.png[width=600] + +. Click on the *Groups* tab, and add groups to the Prisma Cloud app. ++ +image::integrate_saml_610160.png[width=600] + +. Click on the *Sign On* tab and click *View setup instructions*. ++ +The following values are used to configure Prisma Cloud Console, so copy them and set them aside. ++ +* Identity Provider Single Sign-On URL +* Identity Provider Issuer +* X.509 Certificate ++ +image::integrate_saml_610163.png[width=600] + + +[.task] +=== Configuring Console + +Configure Prisma Cloud Console. + +[.procedure] +. Open Console, and login as admin. + +. Go to *Manage > Authentication > Identity Providers > SAML*. + +. Set *Integrate SAML users and groups with Prisma Cloud* to *Enabled*. + +. Set *Identity provider* to *Okta*. + +. Copy the following values from Okta and paste them into their corresponding fields in Console: ++ +* Identity Provider Single Sign-On URL +* Identity Provider Issuer +* X.509 Certificate + +. In *Audience*, enter *twistlock*. + +. Click *Save*. + + +[.task] +=== Granting access by group + +Grant access to Prisma Cloud Console by group. +Each group must be assigned a xref:../authentication/user-roles.adoc[role]. + +[.procedure] +. Open Console. + +. Define a SAML group. + +.. Go to *Manage > Authentication > Groups*. + +.. Click *Add group*. + +.. In the *Name* field, enter a group name. ++ +The group name must exactly match the group name in the SAML IdP. +Console does not verify if that the value entered matches a group name in the SAML IdP. + +.. Select the *SAML group* checkbox. + +.. Select a role. + +.. Select a project(s) - Optional. + +.. Click *Save*. + + +[.task] +=== Granting access by user + +Grant access to Prisma Cloud Console by user. +Each user must be assigned a xref:../authentication/user-roles.adoc[role]. + +[.procedure] +. Open Console. + +. Define a SAML user. + +.. Go to *Manage > Authentication > Users*. + +.. Click *Add user*. + +.. In the *Username* field, enter a user name. ++ +The username must exactly match the username in the SAML IdP. +Console does not verify if that the value entered matches a user name in the SAML IdP. + +.. Select *SAML* as the Auth method + +.. Select a role. + +.. (Optional) Select a project(s). + +.. Click *Save*. + diff --git a/docs/en/compute-edition/32/admin-guide/authentication/user-roles.adoc b/docs/en/compute-edition/32/admin-guide/authentication/user-roles.adoc new file mode 100644 index 0000000000..88856cbb43 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/authentication/user-roles.adoc @@ -0,0 +1,239 @@ +== Compute user roles + +You can assign roles to users to control their level of access to Prisma Cloud. +Roles determine what a user can do and see in Console, and the APIs he or she can access. Roles are enforced the same way for both the Prisma Cloud UI and API. + +ifdef::compute_edition[] +Prisma Cloud provides several pre-defined system roles you can assign to users and groups, as well as allows you to create your own customized roles. +endif::compute_edition[] + +=== Summary of system roles + +The following table summarizes the system roles available in Prisma Cloud. + +[cols="20%,40%,40%", options="header"] +|=== +|Role +|Access level +|Typical use case(s) + +|Administrator +|Full read-write access to all Prisma Cloud settings and data. +|Security administrators. + +|Operator +|Read-write access to all rules and data. + +Read-only access to user and group management, role assignments, and the global settings under *Manage > System*. +|Security operations teams. + +|Auditor +|Read-only access to all Prisma Cloud rules and data. +|Auditors and compliance staff that need to verify settings and monitor compliance. + +|DevSecOps User +|Read-only access to all results under *Radar* and *Monitor*, but no access to change policy or settings. + +Read-only access to Utilities. + +|DevSecOps personnel. + +|Vulnerability Manager +|Define policy and monitor vulnerabilities and compliance. + +|DevOps users that also need to define policy and monitor vulnerabilities and compliance. + +|DevOps User +|Read-only access to the Prisma Cloud CI vulnerability, compliance scan reports, and Utilities. + +|Developer, Operations, and DevOps personnel that need to know about and/or address the vulnerabilities in your environment. + +|Defender Manager +|Install, manage, and remove Defenders from your environment. + +|DevOps team members that need to manage Defender deployments without sysadmin privileges. + +*Note*: The permission groups you assign here only restrict access to what the user can do and see on the administrative Console. Defenders will collect and share information without differentiating which user deployed them. + +|CI User +|Run the Continuous Integration plugin only. +|CI Users can only run the plugin and have no other access to configure Prisma Cloud. + +|=== + +Let’s look at how two roles at the opposite end of the spectrum differ: Administrator and User. +Administrators set the security policy. +They decide who can run what Docker commands, and where they can be run. +Users need to run Docker commands to do their job. +Testers, for example, run Docker commands in the staging environment to test containers under development. +Testers, however, have no business starting containers in the production environment. +Administrators set a policy to assign testers the user role that lets testers run Docker commands in staging, but restricts their access to production. + +=== System roles + +This section describes the system roles Prisma Cloud supports. + +[.section] +==== Administrator + +The Administrator can manage all aspects of your Prisma Cloud installation. +They have full read-write access to all Prisma Cloud settings and data. + +Administrators can: + +* Create and update security policies. +* Create and update access control policies. +* Create and update the list of users and groups that can access Prisma Cloud. +* Assign roles to users and groups. +* The Admin role is reserved for security administrators. + +When Administrators log into Console, they have access to the full dashboard. +If you click on the profile button on the top right of the dashboard, you get the details of the currently logged in user (admin) and associated role (Administrator). + +image::user_roles_admin.png[width=200] + +[.section] +==== Operator + +Operators can create and update all Prisma Cloud settings. +This role lets you view audit data and manage the rules that define your policies. + +Operators cannot: + +* Create, update, or delete users or groups. +* Assign or reassign roles to any user or group. +* Change the global settings under *Manage > System*. + +The Operator role is designed for members of your Security Operations team. + +[.section] +==== Auditor + +Auditors get read-only access to all Prisma Cloud data, settings, and logs. + +Auditors are typically members of your compliance team. +They verify that your Prisma Cloud setup meets your organization’s security requirements. +To verify compliance, they must be able to see your settings, but they do not need to make changes to them. + +Auditors have access to the utilities page (*Manage > System > Utilities*). + +[.section] +==== DevSecOps User + +DevSecOps Users get access to all views under *Radar* and *Monitor*. +Access to the *Actions* menu in these views is disabled. +The *Actions* menu lets you do things such as relearn models, protect services found by Cloud Discovery, and so on. + +DevSecOps Users get read only access to vulnerabilities and compliance policies under *Defend*. + +Under *Manage*, they only get access to *Manage > System > Utilities*. +This page lets you download various Prisma Cloud components. +DevSecOps Users can download all files, except Defender images, which are disabled for this role. + +[.section] +==== Vulnerability Manager + +Vulnerability Managers define and monitor vulnerabilities and compliance policy. +Vulnerability Managers gain the following permissions: + +* Read-write access to *Defend > Vulnerabilities* and *Defend > Compliance*. +* Read-write access to *Monitor > Vulnerabilities*, *Monitor > Compliance* and *Monitor > Events > Trust Audits*. +* Read-only access to *Manage > System > Utilities*. +The *Utilities* page lets you download various Prisma Cloud components. +Vulnerability Managers can download all files, except Defender images, which are disabled for this role. + +[.section] +==== DevOps User + +DevOps Users get read-only access to the *Jenkins Jobs* and *Twistcli Scans* tabs under *Monitor > Vulnerabilities* and *Monitor > Compliance*. +Each tab contains scan reports for images and serverless functions scanned using these tools. +DevOps Users can use Prisma Cloud scan reports and tools, for example, to determine why the CI/CD pipeline is stalled. + +DevOps Users get read only access to vulnerabilities and compliance policies under *Defend*. + +Under *Manage*, they only get access to *Manage > System > Utilities*. +This page lets you download various Prisma Cloud components. +DevOps Users can download all files, except Defender images, which are disabled for this role. + +[.section] +==== Defender Manager + +Defender Managers get read-write access to *Manage > Defenders* and *Manage > System > Utilities*. + +Defender Managers can install, manage, and remove Defenders from your environment. +The Defender Manager role was designed to let members of your DevOps team manage the hosts that Prisma Cloud protects without requiring Administrator-level privileges. +To help debug Defender deployment issues, Defender Managers get read-only access to Prisma Cloud settings and log files. + +Defender Managers are typically members of your DevOps team. +They need to manage the hosts that Prisma Cloud protects, but they never need to alter any security policies. + +Defender Managers are also used to automate Defender deployment. +If you use twistcli to deploy Defenders in your environment, create a service account with the Defender Manager role for the program that calls twistcli. + +// https://github.com/twistlock/twistlock/issues/18134 +IMPORTANT: This role can see view the secrets that Defenders use to do their job, such as cloud credentials for registry scanning. + +[.section] +==== CI User + +The CI user role can be assigned to users that should only be able to run the plugin but have no other access to configure Prisma Cloud or view the data that we have. +It is designed to only provide the minimal amount of access required to run the plugins. + +NOTE: A CI user cannot log into the Console or even view the UI Dashboard. + + +ifdef::compute_edition[] +=== Custom roles + +Prisma Cloud Compute allows you to create customized user roles to fit the needs of your organization. +When creating a role, you will be able to select which sections of the product the role will have access to and with what permissions - Read-Only or Read-Write. + +The permissions you grant for a role will apply to both the Prisma Cloud UI and API. + +Read permission will grant the role with access to all GET APIs for fetching data. +Write permission will grant the role with access to all other APIs (POST, PUT, DELETE, etc.) for saving data and performing actions, in addition to all GET APIs. + +IMPORTANT: If a role allows access to policies, users with this role will be able to see all rules and all collections that scope rules under the Defend section, even if the user's view of the environment is restricted by assigned collections. + + +[.task] +==== Create custom roles + +Create a new custom role under *Manage > Authentication > Roles*. + +[.procedure] +. In *Manage > Authentication > Roles*, click *Add role*. ++ +You can also use the *Clone* action on an existing role, which copies its permissions and saves you the need to set them from scratch. ++ +. Enter a name and a description for your custom role. + +. Use the *Access to Console UI* toggle to configure whether the role will have access to Prisma Cloud UI. Setting the toggle to off means that the role will only have access to the API (according to the permissions granted to it). + +. Select the role's permissions under *Radars*, *Defend*, *Monitor*, and *Manage*. For each permission you can choose granting Read or Write access. + +. Click *Save*. ++ +NOTE: Changes to role permissions while users are logged into Prisma Cloud Console only apply after users re-login. ++ +image::custom_roles_create_role.png[width=800] + + +==== Unique permissions + +* Several permissions require other permissions in order to work properly. For example, roles that access policies typically require permissions for collections. These dependencies are highlighted when setting role permissions. ++ +If a role is missing permissions, the logged-in user will get a suitable message on the relevant page. Components to which he is missing permissions will be hidden or disabled. ++ +image::custom_roles_missing_permissions.png[width=800] + +* Some pages do not include write actions (e.g. Containers Radar), however you will still have the option to grant write permission to them. This will have no effect on the UI components and API calls the role has access to. + +* *Data updates pushed to client browsers* permission is required in order to control access to sensitive information used to populate views in the UI. This data flows over the connection from the Console to client browsers and includes new audits, scan progress updates, etc. Granting no access to this permission will cause these updates to not be exposed in the UI until an active refresh of the browser. + +endif::compute_edition[] + + +=== Assign roles + +To learn how to assign roles to users and groups, see xref:../authentication/assign-roles.adoc[Assign roles]. diff --git a/docs/en/compute-edition/32/admin-guide/book.yml b/docs/en/compute-edition/32/admin-guide/book.yml new file mode 100644 index 0000000000..f2a8e805b8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/book.yml @@ -0,0 +1,807 @@ +--- +kind: book +title: Administrator’s Guide +version: 32 +author: Prisma Cloud team +ditamap: prisma-cloud-compute-edition-admin +dita: techdocs/en_US/dita/prisma/prisma-cloud/31/prisma-cloud-compute-edition-admin +graphics: techdocs/en_US/dita/_graphics/31/prisma-cloud-compute-edition-admin +attributes: + compute_edition: true +github: + owner: PaloAltoNetworks + repo: prisma-cloud-docs + bookdir: compute/admin-guide + branch: master +--- +kind: chapter +name: Welcome +dir: welcome +topics: + - name: Welcome + file: welcome.adoc + - name: Releases + file: releases.adoc + - name: Getting started + file: getting-started.adoc + - name: Product architecture + file: product-architecture.adoc + - name: Support lifecycle + file: support-lifecycle.adoc + - name: Security Assurance Policy on Prisma Cloud Compute Edition + file: security-assurance-policy.adoc + - name: Licensing + file: licensing.adoc + - name: Prisma Cloud Enterprise Edition vs Compute Edition + file: pcee-vs-pcce.adoc + - name: Utilities and plugins + file: utilities-and-plugins.adoc +--- +kind: chapter +name: Install +dir: install +topics: + - name: Install + file: install.adoc + - name: Getting started + file: getting-started.adoc + - name: System requirements + file: system-requirements.adoc + - name: Cluster Context + file: cluster-context.adoc + - name: Deploy the Prisma Cloud Console On-Prem + dir: deploy-console + topics: + - name: Deploy the Prisma Cloud Console On-Prem + file: deploy-console.adoc + - name: Prisma Cloud container images + file: container-images.adoc + - name: Deploy the Prisma Cloud Console on Kubernetes + file: console-on-kubernetes.adoc + - name: Deploy the Prisma Cloud Console on Amazon ECS + file: console-on-amazon-ecs.adoc + - name: Console on Fargate + file: console-on-fargate.adoc + - name: Deploy the Prisma Cloud Console on Onebox + file: console-on-onebox.adoc + - name: Deploy the Prisma Cloud Console on ACK + file: console-on-ack.adoc + - name: Deploy the Prisma Cloud Console on ACS + file: console-on-acs.adoc + - name: Deploy the Prisma Cloud Console on AKS + file: console-on-aks.adoc + - name: Deploy the Prisma Cloud Console on EKS + file: console-on-eks.adoc + - name: Deploy the Prisma Cloud Console on IKS + file: console-on-iks.adoc + - name: Deploy the Prisma Cloud Console on Openshift + file: console-on-openshift.adoc + - name: Deploy the Prisma Cloud Defender + dir: deploy-defender + topics: + - name: Deploy the Prisma Cloud Defender + file: deploy-defender.adoc + - name: Available Defender Types + file: defender-types.adoc + - name: Manage your Defenders + file: manage-defender.adoc + - name: Redeploy Defenders + file: redeploy-defender.adoc + - name: Uninstall Defenders + file: uninstall-defender.adoc + - name: Deploy Container Defender + dir: container + topics: + - name: Deploy Container Defender + file: container.adoc + - name: Install a single Container Defender using the CLI + file: single-defender-cli.adoc + - name: Deploy Host Defender + dir: host + topics: + - name: Deploy Host Defender + file: host.adoc + - name: Auto-defend Hosts + file: auto-defend-host.adoc + - name: Windows Defender + file: windows-host.adoc + - name: Deploy Orchestrator Defender + dir: orchestrator + topics: + - name: Kubernetes + file: orchestrator.adoc + - name: Deploy Orchestrator Defenders on Amazon ECS + file: install-amazon-ecs.adoc + - name: Automatically Install Container Defender in a Cluster + file: install-cluster-container-defender.adoc + - name: Deploy Prisma Cloud Defender from the GCP Marketplace + file: install-defender-gcp-marketplace.adoc + - name: Deploy Defenders as DaemonSets + file: install-kubernetes-cri.adoc + - name: VMware Tanzu Application Service (TAS) Defender + file: install-tas-defender.adoc + - name: Deploy Defender on Google Kubernetes Engine (GKE) + file: install-gke.adoc + - name: Google Kubernetes Engine (GKE) Autopilot + file: install-gke-autopilot.adoc + - name: Deploy Defender on OpenShift v4 + file: openshift.adoc + - name: Deploy Serverless Defender + dir: serverless + topics: + - name: Deploy Serverless Defender + file: serverless.adoc + - name: Deploy Serverless Defender as a Lambda Layer + file: install-serverless-defender-layer.adoc + - name: Auto-defend serverless functions + file: auto-defend-serverless.adoc + - name: Deploy App-Embedded Defender + dir: app-embedded + topics: + - name: Deploy App-Embedded Defender + file: app-embedded.adoc + - name: Deploy App-Embedded Defender for Fargate + file: install-app-embedded-defender-fargate.adoc + - name: Deploy App-Embedded Defender in ACI + file: deploy-app-embedded-defender-aci.adoc + - name: Deploy App-Embedded Defender in GCR + file: deploy-app-embedded-defender-gcr.adoc + - name: Default Setting for App-Embedded Defender File System Monitoring + file: config-app-embedded-fs-mon.adoc + - name: Default Setting for App-Embedded Defender File System Protection + file: config-app-embedded-fs-protection.adoc +--- +kind: chapter +name: Upgrade +dir: upgrade +topics: + - name: Upgrade + file: upgrade.adoc + - name: Support lifecycle + file: support-lifecycle.adoc + - name: Upgrade process + file: upgrade-process-self-hosted.adoc + - name: Onebox + file: upgrade-onebox.adoc + - name: Kubernetes + file: upgrade-kubernetes.adoc + - name: OpenShift + file: upgrade-openshift.adoc + - name: Helm charts + file: upgrade-helm.adoc + - name: Amazon ECS + file: upgrade-amazon-ecs.adoc + - name: Manually upgrade single Container Defenders + file: upgrade-defender-single-container.adoc + - name: Manually upgrade Defender DaemonSets + file: upgrade-defender-daemonset.adoc + - name: Manually upgrade Defender DaemonSets (Helm) + file: upgrade-defender-helm.adoc +--- +kind: chapter +name: Agentless Scanning +dir: agentless-scanning +topics: + - name: Agentless Scanning + file: agentless-scanning.adoc + - name: Agentless Scanning Modes + file: agentless-scanning-modes.adoc + - name: Onboard Accounts for Agentless Scanning + dir: onboard-accounts + topics: + - name: Onboard Accounts for Agentless Scanning + file: onboard-accounts.adoc + - name: Onboard AWS Accounts + file: onboard-aws.adoc + - name: Onboard Azure Accounts + file: onboard-azure.adoc + - name: Configure Agentless Scanning for Azure + file: configure-azure.adoc + - name: Onboard GCP Accounts + file: onboard-gcp.adoc + - name: Configure Agentless Scanning for GCP + file: configure-gcp.adoc + - name: Onboard OCI Accounts + file: onboard-oci.adoc + - name: Configure Agentless Scanning for OCI + file: configure-oci.adoc + - name: Agentless Scanning Results + file: agentless-scanning-results.adoc +--- +kind: chapter +name: Technology overviews +dir: technology-overviews +topics: + - name: Technology overviews + file: technology-overviews.adoc + - name: Intelligence Stream + file: intel-stream.adoc + - name: Prisma Cloud Advanced Threat Protection + file: twistlock-advanced-threat-protection.adoc + - name: App-specific network intelligence + file: app-specific-network-intelligence.adoc + - name: Container runtimes + file: container-runtimes.adoc + - name: Radar + file: radar.adoc + - name: Serverless Radar + file: serverless-radar.adoc + - name: Prisma Cloud rules guide for Docker + file: twistlock-rules-guide-docker.adoc + - name: Defender architecture + file: defender-architecture.adoc + - name: Host Defender architecture + file: host-defender-architecture.adoc + - name: TLS v1.2 cipher suites + file: tls-v12-cipher-suites.adoc + - name: Telemetry + file: telemetry.adoc +--- +kind: chapter +name: Configure +dir: configure +topics: + - name: Configure + file: configure.adoc + - name: Rule ordering and pattern matching + file: rule-ordering-pattern-matching.adoc + - name: Backup and restore + file: disaster-recovery.adoc + - name: Custom feeds + file: custom-feeds.adoc + - name: Proxy configuration + file: proxy.adoc + - name: Certificates + file: certificates.adoc + - name: Configure scan intervals + file: configure-scan-intervals.adoc + - name: User certificate validity period + file: user-cert-validity-period.adoc + - name: Enable HTTP access to Console + file: enable-http-access-console.adoc + - name: Set different paths for Console and Defender (with daemon sets) + file: set-diff-paths-daemon-sets.adoc + - name: Authenticate to Console with certificates + file: authenticate-console-with-certs.adoc + - name: Configure custom certs from a predefined directory + file: custom-certs-predefined-dir.adoc + - name: Customize terminal output + file: customize-terminal-output.adoc + - name: Collections + file: collections.adoc + - name: Tags + file: tags.adoc + - name: Logon Settings + file: logon-settings.adoc + - name: Reconfigure Prisma Cloud + file: reconfigure-twistlock.adoc + - name: Subject Alternative Names + file: subject-alternative-names.adoc + - name: WildFire settings + file: wildfire.adoc + - name: Log scrubbing + file: log-scrubbing.adoc + - name: Clustered-DB + file: clustered-db.adoc + - name: Permissions + file: permissions.adoc +--- +kind: chapter +name: Authentication +dir: authentication +topics: + - name: Authentication + file: authentication.adoc + - name: Log into Console + file: login.adoc + - name: Integrate with an IdP + file: identity-providers.adoc + - name: Active Directory + file: active-directory.adoc + - name: OpenLDAP + file: openldap.adoc + - name: OpenID Connect + file: oidc.adoc + - name: Okta (SAML 2.0) + file: saml.adoc + - name: Google G Suite (SAML 2.0) + file: saml-google-g-suite.adoc + - name: Azure Active Directory (SAML 2.0) + file: saml-azure-active-directory.adoc + - name: PingFederate (SAML 2.0) + file: saml-ping-federate.adoc + - name: Active Directory Federation Services (SAML 2.0) + file: saml-active-directory-federation-services.adoc + - name: GitHub (OAuth 2.0) + file: oauth2-github.adoc + - name: OpenShift (OAuth 2.0) + file: oauth2-openshift.adoc + - name: Active Directory Non-default UPN suffixes + file: non-default-upn-suffixes.adoc + - name: Compute user roles + file: user-roles.adoc + - name: Assign roles + file: assign-roles.adoc + - name: Credentials Store + dir: credentials-store + topics: + - name: Credentials Store + file: credentials-store.adoc + - name: AWS Credentials + file: aws-credentials.adoc + - name: Azure Credentials + file: azure-credentials.adoc + - name: GCP Credentials + file: gcp-credentials.adoc + - name: IBM Credentials + file: ibm-credentials.adoc + - name: Kubernetes Credentials + file: kubernetes-credentials.adoc + - name: GitLab Credentials + file: gitlab-credentials.adoc +--- +kind: chapter +name: Cloud Service Providers +dir: cloud-service-providers +topics: + - name: Cloud Service Providers + file: cloud-service-providers.adoc + - name: Cloud Discovery + file: cloud-accounts-discovery-pcce.adoc + - name: Configure Cloud Discovery + file: configure-cloud-discovery.adoc + +--- +kind: chapter +name: Vulnerability Management +dir: vulnerability-management +topics: + - name: Vulnerability Management + file: vulnerability-management.adoc + - name: Prisma Cloud Vulnerability Feed + file: prisma-cloud-vulnerability-feed.adoc + - name: Image Vulnerability Scanning + file: scan-procedure.adoc + - name: Vulnerability Management Policy + file: vuln-management-rules.adoc + #- name: Configure Vulnerability Management Rules + # file: configure-vuln-management-rules.adoc + - name: View Vulnerability Scan Reports + file: scan-reports.adoc + - name: Scan Images for Custom Vulnerabilities + file: scan-images-for-custom-vulnerabilities.adoc + - name: Exclude Base Image Vulnerabilities + file: base-images.adoc + - name: Vulnerability Explorer + file: vuln-explorer.adoc + - name: CVSS scoring + file: cvss-scoring.adoc + - name: CVE Viewer + file: search-cves.adoc + - name: Registry Scans + dir: registry-scanning + topics: + - name: Registry Scans + file: registry-scanning.adoc + - name: Configure Registry Scans + file: configure-registry-scanning.adoc + - name: Alibaba Cloud Container Registry + file: scan-alibaba-container-registry.adoc + - name: Amazon Elastic Container Registry + file: scan-ecr.adoc + - name: Azure Container Registry + file: scan-acr.adoc + - name: Docker Registry v2 (including Docker Hub) + file: scan-docker-registry-v2.adoc + - name: Scan Images in GitLab Container Registry + file: scan-gitlab.adoc + - name: Google Artifact Registry + file: scan-google-artifact-registry.adoc + - name: Google Container Registry + file: scan-gcr.adoc + - name: Harbor + file: scan-harbor.adoc + - name: IBM Cloud Container Registry + file: scan-ibm-cloud-container-registry.adoc + - name: JFrog Artifactory Docker Registry + file: scan-artifactory.adoc + - name: Sonatype Nexus Registry + file: nexus-registry.adoc + - name: OpenShift integrated Docker registry + file: scan-openshift.adoc + - name: Scan CoreOS Quay Registry + file: scan-coreos-quay.adoc + - name: Trigger Registry Scan with Webhooks + file: webhooks.adoc + - name: Configure VM Image Scanning + file: vm-image-scanning.adoc + - name: Configure Code Repository Scanning + file: code-repo-scanning.adoc + - name: Scan for Malware + file: malware-scanning.adoc + #- name: Risk trees + # file: risk-tree.adoc + #- name: Detect vulnerabilities in unpackaged software #moved to Prisma Cloud vulnerability feed article + # file: detect-vulns-unpackaged-software.adoc + - name: Configure Windows Image Scanning + file: windows-image-scanning.adoc + - name: Configure Serverless Function Scanning + file: serverless-functions.adoc + - name: Configure VMware Tanzu Blobstore Scanning + file: vmware-tanzu-blobstore.adoc + - name: Scan App-Embedded Workloads + file: app-embedded-scanning.adoc + - name: Troubleshoot Vulnerability Detection + file: troubleshoot-vuln-detection.adoc +--- +kind: chapter +name: Compliance +dir: compliance +topics: + - name: Compliance + file: compliance.adoc + - name: Compliance Explorer + file: compliance-explorer.adoc + - name: Manage compliance + file: manage-compliance.adoc + - name: CIS Benchmarks + file: cis-benchmarks.adoc + - name: Prisma Cloud compliance checks + file: prisma-cloud-compliance-checks.adoc + - name: Serverless functions + file: serverless.adoc + - name: Windows compliance checks + file: windows.adoc + - name: DISA STIG compliance checks + file: disa-stig-compliance-checks.adoc + - name: Custom compliance checks + file: custom-compliance-checks.adoc + - name: Trusted images + file: trusted-images.adoc + - name: Host scanning + file: host-scanning.adoc + - name: VM image scanning + file: vm-image-scanning.adoc + - name: App-Embedded scanning + file: app-embedded-scanning.adoc + - name: Detect secrets + file: detect-secrets.adoc + - name: OSS license management + file: oss-license-management.adoc +--- +kind: chapter +name: Runtime defense +dir: runtime-defense +topics: + - name: Runtime defense + file: runtime-defense.adoc + - name: Runtime defense for containers + file: runtime-defense-containers.adoc + - name: Runtime defense for hosts + file: runtime-defense-hosts.adoc + - name: Runtime defense for serverless + file: runtime-defense-serverless.adoc + - name: Runtime defense for App-Embedded + file: runtime-defense-app-embedded.adoc + - name: Custom runtime rules + file: custom-runtime-rules.adoc + - name: Import and export individual rules + file: import-export-individual-rules.adoc + - name: ATTACK explorer + file: attack.adoc + - name: Runtime audits + file: runtime-audits.adoc + - name: Event Aggregation + file: runtime-defense-aggregation.adoc + - name: Image analysis sandbox + file: image-analysis-sandbox.adoc + - name: Incident Explorer + file: incident-explorer.adoc + - name: Incident types + dir: incident-types + topics: + - name: Incident types + file: incident-types.adoc + - name: Altered binary + file: altered-binary.adoc + - name: Backdoor admin accounts + file: backdoor-admin-accounts.adoc + - name: Backdoor SSH access + file: backdoor-ssh-access.adoc + - name: Brute force + file: brute-force.adoc + - name: Crypto miners + file: crypto-miners.adoc + - name: Execution flow hijack attempt + file: execution-flow-hijack-attempt.adoc + - name: Kubernetes attack + file: kubernetes-attack.adoc + - name: Lateral movement + file: lateral-movement.adoc + - name: Malware + file: malware.adoc + - name: Port scanning + file: port-scanning.adoc + - name: Reverse shell + file: reverse-shell.adoc + - name: Suspicious binary + file: suspicious-binary.adoc + - name: Others + file: others.adoc +--- +kind: chapter +name: Access control +dir: access-control +topics: + - name: Access control + file: access-control.adoc + - name: Admission control + file: open-policy-agent.adoc +--- +kind: chapter +name: Continuous integration +dir: continuous-integration +topics: + - name: Continuous integration + file: continuous-integration.adoc + - name: Jenkins plugin + file: jenkins-plugin.adoc + - name: Jenkins Freestyle project + file: jenkins-freestyle-project.adoc + - name: Jenkins Maven project + file: jenkins-maven-project.adoc + - name: Jenkins Pipeline project + file: jenkins-pipeline-project.adoc + - name: Run Jenkins in a container + file: run-jenkins-container.adoc + - name: Jenkins pipeline on K8S + file: jenkins-pipeline-k8s.adoc + #- name: CloudBees Core pipeline on K8S + # file: cloudbees-core-pipeline-k8s.adoc + - name: Set policy in the CI plugins + file: set-policy-ci-plugins.adoc + - name: Code repo scanning + file: code-repo-scanning.adoc +--- +kind: chapter +name: Web-Application and API Security (WAAS) +dir: waas +topics: + - name: Web-Application and API Security (WAAS) + file: waas.adoc + - name: Overview + file: waas-intro.adoc + - name: Deploying WAAS + dir: deploy-waas + topics: + - name: Deploying WAAS + file: deploy-waas.adoc + - name: Deploy WAAS for Containers + file: deployment-containers.adoc + - name: Deploy WAAS Out-Of-Band for Containers + file: deploy-oob-containers.adoc + - name: Deploy WAAS for Hosts + file: deployment-hosts.adoc + - name: Deploy WAAS Out-Of-Band for Hosts + file: deploy-oob-hosts.adoc + - name: Deploy WAAS for App-Embedded + file: deployment-app-embedded.adoc + - name: Deploy WAAS for Serverless + file: deployment-serverless.adoc + - name: Deploy WAAS Agentless + file: deployment-vpc-mirroring.adoc + - name: Troubleshooting WAAS + file: deployment-troubleshooting.adoc + - name: WAAS Sanity Tests + file: deployment-sanity-tests.adoc + - name: WAAS explorer + file: waas-explorer.adoc + - name: App firewall + file: waas-app-firewall.adoc + - name: API protection + file: waas-api-protection.adoc + - name: DoS protection + file: waas-dos-protection.adoc + - name: Bot protection + file: waas-bot-protection.adoc + - name: Access control + file: waas-access-control.adoc + - name: Advanced settings + file: waas-advanced-settings.adoc + - name: Analytics + file: waas-analytics.adoc + - name: API observations + file: waas-api-discovery.adoc + - name: API definition scan + file: api-def-scan.adoc + - name: Custom rules + file: waas-custom-rules.adoc + - name: Unprotected web apps + file: unprotected-web-apps.adoc + - name: Log scrubbing + file: log-scrubbing.adoc +#- name: API definition scan #Duplicate entry +# file: api-def-scan.adoc +#- name: Out of band inspection +# file: out-of-band.adoc +#- name: Troubleshooting +# file: waas-troubleshooting.adoc +--- +kind: chapter +name: Firewalls +dir: firewalls +topics: + - name: Firewalls + file: firewalls.adoc +--- +kind: chapter +name: Secrets +dir: secrets +topics: + - name: Secrets + file: secrets.adoc + - name: Secrets manager + file: secrets-manager.adoc + - name: Integrate with a secrets store + file: integrate-with-secrets-stores.adoc + - name: Secrets stores + dir: secrets-stores + topics: + - name: Secrets stores + file: secrets-stores.adoc + - name: AWS Secrets Manager + file: aws-secrets-manager.adoc + - name: AWS Systems Manager Parameters Store + file: aws-systems-manager-parameters-store.adoc + - name: Azure Key Vault + file: azure-key-vault.adoc + - name: CyberArk Enterprise Password Vault + file: cyberark-enterprise-password-vault.adoc + - name: HashiCorp Vault + file: hashicorp-vault.adoc + - name: Inject secrets into containers + file: inject-secrets.adoc + - name: Injecting secrets example + file: inject-secrets-example.adoc +--- +kind: chapter +name: Alerts +dir: alerts +topics: + - name: Alerts + file: alerts.adoc + - name: Alert mechanism + file: alert-mechanism.adoc + - name: AWS Security Hub + file: aws-security-hub.adoc + - name: Cortex XDR + file: xdr.adoc + - name: Cortex XSOAR + file: xsoar.adoc + - name: Email + file: email.adoc + - name: Google Cloud Pub/Sub + file: google-cloud-pub-sub.adoc + - name: Google Cloud SCC + file: google-cloud-scc.adoc + - name: IBM Cloud Security Advisor + file: ibm-cloud-security-advisor.adoc + - name: JIRA + file: jira.adoc + - name: PagerDuty + file: pagerduty.adoc + - name: ServiceNow Security Incident Response + file: servicenow-sir.adoc + - name: ServiceNow Vulnerability Response + file: servicenow-vr.adoc + - name: Slack + file: slack.adoc + - name: Splunk + file: splunk.adoc + - name: Webhook + file: webhook.adoc +--- +kind: chapter +name: Audit +dir: audit +topics: + - name: Audit + file: audit.adoc + - name: Event viewer + file: event-viewer.adoc + - name: Host activity + file: host-activity.adoc + - name: Admin activity + file: audit-admin-activity.adoc + - name: Annotate audits + file: annotate-audits.adoc + - name: Delete audit logs + file: delete-audit-logs.adoc + - name: Syslog and stdout integration + file: logging.adoc + - name: Log rotation + file: log-rotation.adoc + - name: Throttling + file: throttling.adoc + - name: Prometheus + file: prometheus.adoc + - name: Kubernetes auditing + file: kubernetes-auditing.adoc +--- +kind: chapter +name: Tools +dir: tools +topics: + - name: Tools + file: tools.adoc + - name: twistcli + file: twistcli.adoc + - name: Scan images with twistcli + file: twistcli-scan-images.adoc + - name: Scan code repos with twistcli + file: twistcli-scan-code-repos.adoc + - name: Install Console with twistcli + file: twistcli-console-install.adoc + - name: Update offline environments + file: update-intel-stream-offline.adoc +--- +kind: chapter +name: Deployment patterns +dir: deployment-patterns +topics: + - name: Deployment patterns + file: deployment-patterns.adoc + - name: Projects + file: projects.adoc + - name: Migration options for scale projects + file: migration-options-for-scale-projects.adoc + - name: DNS and certificate management + file: best-practices-dns-cert-mgmt.adoc + - name: Storage limits for audits and reports + file: caps.adoc + - name: Migrate to SaaS Console + file: migrate-to-saas.adoc + - name: Performance planning + file: performance-planning.adoc + - name: Automated deployment + file: automated-deployment.adoc + - name: High availability + file: high-availability.adoc +--- +kind: chapter +name: API +dir: api +topics: + - name: API + file: api.adoc +--- +kind: chapter +name: How-To Guides +dir: howto +topics: + - name: How-To Guides + file: howto.adoc + - name: Configure an ECS load balancer + file: configure-ecs-loadbalancer.adoc + #- name: Configure the load balancer type for AWS EKS + # file: configure-eks-loadbalancer.adoc + #- name: Deploy Defenders External to an OpenShift cluster + # file: openshift-external-defenders.adoc + - name: Configure Console's listening ports + file: configure-listening-ports.adoc + #- name: Integrate scanning into the OpenShift build + # file: openshift-build-twistcli-scanning.adoc + - name: Provision tenant projects OpenShift + file: openshift-provision-tenant-projects.adoc + #- name: Setting up Istio + # file: configure-istio-ingress.adoc + - name: Disable automatic learning + file: disable-automatic-learning.adoc + #- name: Rolling Defender upgrades + # file: rolling-upgrade.adoc + - name: Review debug logs + file: review-debug-logs.adoc + - name: Deploy in FIPS mode + file: deploy-in-fips-mode.adoc + - name: Run third-party assessment tools + file: twistcli-sandbox-third-party-scan.adoc diff --git a/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce.adoc b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce.adoc new file mode 100644 index 0000000000..ef3761dffd --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce.adoc @@ -0,0 +1,59 @@ +== Cloud Discovery + +It's difficult to ensure that all your apps running on all the different types of cloud services are being properly secured. If you're using multiple cloud platforms, you might have many separate accounts per platform. You could easily have hundreds of combinations of providers, accounts, and regions where cloud native services are being deployed. + +Cloud discovery helps you find all cloud-native services being used on AWS, Azure, and Google Cloud, across all regions, and across all accounts. +It enables you to continuously monitor these accounts, detect when new services are added, and report on the services that are unprotected, so that you can mitigate your exposure to rogue deployments, abandoned environments, and sprawl. + +Cloud discovery offers coverage for the following services. + +*Registries:* + +* AWS +* Azure +* Google Artifact Registry +* Google Container Registry^1,2^ + +*Serverless functions:* + +* AWS +* Azure +* Google Cloud + +^3^ *Managed platforms:* + +* AWS ECS +* AWS EKS +* Azure Kubernetes Service (AKS) +* Azure Container Instances (ACI) +* Google Kubernetes Engine (GKE) + +*Virtual machines:* + +* AWS EC2 instances +* Azure VMs^3^ +* Google Cloud Platform (GCP) Compute Engine VM instances^3^ + + +^1^Although Artifact Registry supports a number of content types (for example, Java, Node.js, and Python language packs), Prisma Cloud only supports discovering and scanning Docker images. + +^2^Prisma Cloud doesn't support scanning Helm charts saved as OCI images and stored in Artifact Registry. +The OCI image that represents a Helm chart has a single layer that contains the Helm package. +It is only a way to store a Helm chart, but it has no meaning in terms of a container. +Prisma Cloud has no way to run the image to scan it. +Note that Helm charts stored as OCI images will be shown in the list of resources discovered in the registry because we can't indicate their type until we actually pull and scan them. + +^3^Auto-defend is currently not yet available for these services. +Auto-defend utilizes rule-based policies to automatically deploy Prisma Cloud to protect resources in your environment. + +=== Troubleshooting + +Ensure you have the right xref:../configure/permissions.adoc[permissions] for the account before you start with cloud discovery. + +==== Empty results from Cloud Discovery + +Cloud discovery results are visible per account. +If you have multiple credentials associated with the same account, the results are only displayed for one credential to avoid duplication. +The other credentials for the same account will show empty results. +To view comprehensive results for all credentials, navigate to Cloud Radar *Radars > Cloud*. + diff --git a/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcee.adoc b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcee.adoc new file mode 100644 index 0000000000..a7b938aee4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcee.adoc @@ -0,0 +1,111 @@ +== Cloud discovery + +It's difficult to ensure that all your apps running on all the different types of cloud services are being properly secured. +If you're using multiple cloud platforms, you might have many separate accounts per platform. +You could easily have hundreds of combinations of providers, accounts, and regions where cloud native services are being deployed. + +Cloud discovery helps you find all cloud-native services being used across cloud service providers - AWS, Azure, and Google Cloud, across all regions, and across all accounts. +It continuously monitors these accounts, detects when new services are added, and reports which services are unprotected, and helps you mitigate your exposure to rogue deployments, abandoned environments, and sprawl. + +Cloud discovery offers coverage for the following services. + +*Registries:* + +* AWS +* Azure +* Google Artifact Registry^1^ +* Google Container Registry^2^ + +*Serverless functions:* + +* AWS^3^^4^ +* Azure +* Google Cloud + +^3^ *Managed platforms:* + +* AWS ECS +* AWS EKS +* Azure Kubernetes Service (AKS) +* Azure Container Instances (ACI) +* Google Kubernetes Engine (GKE) + +*Virtual machines:* + +* AWS EC2 instances +* Azure VMs^3^ +* Google Cloud Platform (GCP) Compute Engine VM instances^3^ + +^1^Although Artifact Registry supports a number of content types (for example, Java, Node.js, and Python language packs), Prisma Cloud only supports discovering and scanning Docker images. + +^2^ For Google Container Registry, create credentials on *Compute > Manage > Cloud accounts*. + +Prisma Cloud doesn't support scanning Helm charts saved as OCI images and stored in Artifact Registry. +The OCI image that represents a Helm chart has a single layer that contains the Helm package. +It's only a way to store a Helm chart, but it has no meaning in terms of a container. +Prisma Cloud has no way to run the image to scan it. +Note that Helm charts stored as OCI images will be shown in the list of resources discovered in the registry because we can't indicate their type until we actually pull and scan them. + +^3^Auto-defend is currently not yet available for these services. +Auto-defend utilizes rule-based policies to automatically deploy Prisma Cloud Defenders to protect resources in your environment. + +^4^ Prisma Cloud ingestion only provides information on $LATEST version of AWS serverless functions and not other versions. +// https://redlock.atlassian.net/browse/RLP-40092 + +[NOTE] +==== +Cloud discovery won't find Google Artifact Registry and Google Container Registry when credentials are imported from Prisma Cloud. +Prisma Cloud finds those registries if you create the credentials in *Compute > Manage > Cloud accounts*. +==== + +=== Ingestion-Based Discovery + +After https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-account-onboarding[onboarding a cloud account into the platform], you can reuse the same onboarded account in Compute for Cloud Discovery without the need for additional permissions on cloud accounts. +Cloud Discovery uses this ingested data to discover unprotected workloads across your monitored environment. +By using the same ingested metadata from cloud providers for both CSPM and CWP, the time to scan for unprotected resources is reduced substantially, providing instant visibility into undefended workloads in your organization. + +Prisma Cloud needs an additional set of permissions to enable protection for these workloads. For example, to deploy Defenders automatically on undefended VM machines. +Review the xref:../configure/permissions.adoc[permissions by feature table] to learn about the needed permissions and protection for the onboarding template. + +[.task] +=== Configure Discovery for Cloud Service Providers + +You can configure Prisma Cloud to scan your cloud service provider accounts for cloud-native resources and services. +Then, you can configure Prisma Cloud to protect them with a single click. + +You must https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-account-onboarding[onboard your cloud service providers in Prisma Cloud] before you start. + +[.procedure] +. Log in to Prisma Cloud. + +. Select *Compute > Manage > Cloud Accounts*. + +. Select the accounts to scan. +If there are no accounts in the table, you can import Prisma Cloud onboarded accounts, using the "Add account" workflow and selecting "Prisma Cloud" as the provider. + +. Select *Bulk actions* > *Discovery configuration* + +. Enable *Cloud discovery*. ++ +image::cloud_discovery_saas.png[] + +. *Save* your changes. + +. Review the scan results. + +.. Select *Compute > Manage > Cloud Accounts* to view the scan report in tabular format. +... Select the Show account details icon to see the discovery scan results for resources within the cloud account. ++ +image::cloud_discovery_details_saas.png[] + +.. Select *Radar > Cloud* to view the scan report in a visual format. ++ +image::cloud_discovery_radar_saas.png[] +In the Radar you can see the details for the resources that are protected using Defenders and agentless scanning across the services in each region. + +.. Select *Defend* for the entities you want Prisma Cloud to scan for vulnerabilities. ++ +A new auto-defend rule is proposed. +Select the appropriate credential, tweak the scan rule as desired, then click *Add*. + +.. See the scan results on *Compute > Monitor > Vulnerabilities > {Images > Registry|Functions}*. diff --git a/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-service-providers.adoc b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-service-providers.adoc new file mode 100644 index 0000000000..37c26579b5 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-service-providers.adoc @@ -0,0 +1,95 @@ +== Cloud Service Providers + +Credentials for cloud service providers are managed in *Manage > Cloud accounts*. +Other types of credentials are managed in the credentials store in *Manage > Authentication > Credentials store*. + +ifdef::compute_edition[] + +Use the following procedures to configure and manage your credentials for specific cloud service providers. + +* xref:../authentication/credentials-store/aws-credentials.adoc[Amazon Web Services (AWS)] +* xref:../authentication/credentials-store/azure-credentials.adoc[Microsoft Azure] +* xref:../authentication/credentials-store/gcp-credentials.adoc[Google Cloud Platform (GCP)] +* xref:../authentication/credentials-store/ibm-credentials.adoc[IBM Cloud] +* xref:../authentication/credentials-store/kubernetes-credentials.adoc[Kubernetes] + +endif::compute_edition[] + +ifdef::prisma_cloud[] + +=== Onboard Cloud Service Provider Accounts to Prisma Cloud + +Use the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-account-onboarding.html[guided onboarding flow] to onboard cloud accounts onto your Prisma Cloud tenant to automatically create service accounts and roles in your cloud provider accounts. +Prisma Cloud is then quickly integrated with your cloud providers. + +The guided onboarding flow creates service accounts and roles for the following Compute-specific integrations. + +[cols="4,1,1,1", options="header"] +|=== +|Feature +|AWS +|Azure +|GCP + +|Cloud discovery +|Yes +|Yes +|Yes + +|Serverless radar +|Yes +|Not applicable^1^ +|Not applicable^1^ + +|Registry scanning +|Yes +|No +|No + +|Serverless scanning +|Yes +|Yes +|Yes + +|VM image scanning +|Yes +|No +|Yes + +|Host auto-defend +|Yes +|Yes +|Yes + +| Kubernetes auditing +|Yes +|Yes +|Yes + +|Agentless scanning +|Yes +|Yes +|Yes + +|=== + +^1^Not applicable: The feature isn't supported in the product for this cloud service provider. + +By default, Compute feature-specific minimalist permissions are added to all CloudFormation Templates for AWS, Azure and GCP accounts onboarded to Prisma Cloud. +The following two onboarding modes define these permissions: *Monitor* and *Monitor & Protect*. + +Large scale deployments require you to manage the number of accounts that you onboard to ensure the number of accounts remains within the workload scanning thresholds. +The threshold to ensure Prisma Cloud scans all workloads in your accounts is 5000 accounts. +You can manage your accounts under *Compute > Manage > Cloud Accounts*. +You must delete any accounts you don't want to scan to remain below the threshold. + +You can review the xref:../configure/permissions.adoc[list of all features and their corresponding permissions]. + +==== Cloud Account Permission Status + +Currently, cloud account status checks don't take Prisma Cloud Compute permissions into account. +They remain green even if Prisma Cloud Compute permissions are missing in order to accommodate Cloud Security Posture Management (CSPM) users who do not use Prisma Cloud Compute functionalities. For them, changing the account permissions status could cause confusion. + +Contact support to request enablement of status checks on your tenant. + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/cloud-service-providers/configure-cloud-discovery.adoc b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/configure-cloud-discovery.adoc new file mode 100644 index 0000000000..7c8121c962 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/configure-cloud-discovery.adoc @@ -0,0 +1,49 @@ +:topic_type: task +[.task] +== Configure Cloud Discovery + +Set up Prisma Cloud to scan your cloud service provider accounts for cloud-native resources and services. +Then configure Prisma Cloud to protect them with a single click. + +*Prerequisite:* You create service accounts for your cloud service providers with the xref:../configure/permissions.adoc[minimum required permissions]. + +[.procedure] +. Log in to Prisma Cloud Compute Console. + +. Select *Compute > Manage > Cloud Accounts*. + +. Select the accounts to scan. If there are no accounts in the table, use the *+ Add account* button to onboard your cloud accounts. ++ +[NOTE] +==== +* On GCP: If you select organization level GCP credentials, for an organization with hundreds of projects, the performance of the Google Cloud Registry discovery might be affected due to long query time from GCP. +The best approach to reduce scan time and avoid potential timeouts is to divide the projects in your organization into multiple GCP folders. +Then create a service account and credential for each folder, and use these credentials for cloud discovery. + +* On Azure: If you create a credential in the credentials store under *Manage > Authentication > Credentials store*, your service principal authenticates with a password. +To authenticate with a certificate, xref:./cloud-service-providers.adoc[onboard the cloud service provider]. +==== + +. Enable *Cloud discovery*. + +. Click *Add account* to save the changes. + +. Review the scan report. + +.. Go to *Compute > Manage > Cloud Accounts* to view the scan report as a table. +... Select the *Show account details* icon to see the discovery scan results for resources within the cloud account. ++ +image::cloud_discovery_details_selfhosted.png[] + +.. Go to *Radar* and select *Cloud* to view the scan report as a graphic. ++ +image::cloud_discovery_radar_selfhosted.png[] + +.. Click *Defend* for the entities you want Prisma Cloud to scan for vulnerabilities. ++ +When you click *Defend*, a new scan rule is proposed. +Select the appropriate credential, tweak the scan rule as desired, then click *Add*. + +.. Go to the scan reports under *Monitor > Vulnerabilities* + +.. Select *Hosts*, *Registry*, or *Functions* to see the pertinent report. diff --git a/docs/en/compute-edition/32/admin-guide/cloud-service-providers/use-cloud-accounts.adoc b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/use-cloud-accounts.adoc new file mode 100644 index 0000000000..72138f3811 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/cloud-service-providers/use-cloud-accounts.adoc @@ -0,0 +1,37 @@ +:topic_type: task +[.task] +== Use Cloud Service Provider Accounts in Prisma Cloud + +You can automatically create the required service accounts and roles in your cloud accounts to integrate Prisma Cloud with your cloud service providers. + +[.procedure] + +. Log into Prisma Cloud. + +. Go to *Settings > Cloud Accounts*. ++ +image::credentials_store_prisma_cloud_oboarding.png[width=800] + +. Complete the onboarding cloud account wizard to use the service accounts and roles when configuring Compute. +These accounts and roles are collectively called credentials. + +. Before using a credential it needs to become read-only in Compute. +To find the surfaced credentials open the *Compute* tab. You can only update or delete credentials in *Settings > Cloud Accounts*. +Deleting surfaced credentials in the *Compute* tab credentials store only removes them from the table. + +. Go to to the *Compute > Defend > Authentication* tab. + +. Click *Add Credential*. + +. In *Type*, select *Prisma Cloud*. + +. Select all credentials you want to use. ++ +image::credentials_store_surface_prisma_cloud_cred.png[width=500] + +. Click *Save*. + +. You can use the credential in Compute to set up features like registry scanning. ++ +image::credentials_store_config_reg_scanning.png[width=500] + diff --git a/docs/en/compute-edition/32/admin-guide/compliance/app-embedded-scanning.adoc b/docs/en/compute-edition/32/admin-guide/compliance/app-embedded-scanning.adoc new file mode 100644 index 0000000000..9eee33bf4b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/app-embedded-scanning.adoc @@ -0,0 +1,189 @@ +== App-Embedded scanning + +App-Embedded Defenders can scan their workloads for compliance issues. + +App-Embedded Defender support the following types of compliance checks: + +* Image compliance checks. +* Custom compliance checks. + +To see compliance scan reports, go to *Monitor > Compliance > Images > Deployed*. +You can filter the table by: + +* *App-Embedded: Select* -- Narrows the results to just images protected by App-Embedded Defenders. +* *App ID* -- Narrows the list to specific images. +App IDs are listed under the table's *Apps* column. ++ +For ECS Fargate tasks, the xref:../install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc#app-id-fargate[App ID] is partially constructed from the task name. +AWS Fargate tasks can run multiple containers. +All containers in a Fargate task have the same App ID. ++ +For all other workloads protected by App-Embedded Defender, the xref:../install/deploy-defender/app-embedded/app-embedded.adoc#app-id[App ID] is partially constructed from app name, which is a deploy-time configuration set in the App ID field of the embed workflow. + +You can use wildcards to filter the table by app/image name. +For example, if the app name is `dvwa`, then you could find all deployments with `Repository: dvwa*`. +This filter would show `dvwa:0438dc81a9144fab8cf09320b0e1922b` and `dvwa:538359b5f7f54559ab227375fe68cd7a`. + + +[.task] +=== Create compliance rules + +Create a compliance rules for workloads protected by App-Embedded Defender. + +[.procedure] +. Login to the Console. + +. Go to *Defend > Compliance > Containers and images > Deployed*. + +. Click *Add rule*. + +. Enter a rule name. + +. Click on *Scope* to select a relevant collection, or create a new collection. ++ +Workloads are scoped by App ID. +App ID is specified when you embed the App-Embedded Defender into a workload, and represents a unique identifier for the Defender/workload pair. + +.. If creating a collection, click *Add collection*. + +.. Enter collection name. + +.. In the *App ID* field, enter one or more App IDs. ++ +Postfix wildcards are supported. + +.. Click *Save*. + +.. Select the new collection. + +.. Click *Select collection*. + +. Click *Save*. ++ +NOTE: The block action doesn't apply to App-Embedded workloads. + + +=== Supported compliance checks + +App-Embedded Defenders support the following built-in image compliance checks: + +* *448: Package binaries should not be altered* -- +Checks the integrity of package binaries in an image. During an image scan, every binary’s checksum is compared with its package info. + +* *424: Sensitive information provided in environment variables* -- +Checks if images contain sensitive information in their environment variables. + +* *425: Private keys stored in image* -- +Searches for private keys stored in an image or serverless function. + +* *426: Image contains binaries used for crypto mining* -- +Detects when there are crypto miners in an image. Attackers have been quietly poisoning registries and injecting crypto mining tools into otherwise legitimate images. + +App-Embedded Defenders also support xref:../compliance/custom-compliance-checks.adoc[custom compliance checks]. +Custom compliance checks let you write and run your own compliance checks to assess, measure, and enforce your own security baselines. +Custom checks only work for workloads that allow users with root privileges. + + +=== Deploy an example Fargate task + +Deploy the `fargate-vulnerability-compliance-task` Fargate task. +Follow the steps in xref:../install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc[Embed App-Embedded Defender into Fargate tasks]. + +You can use the following task definition to test Prisma Cloud's App-Embedded Defender. +It's based on an Ubuntu 18.04 image. +On start up, it runs the `/bin/sh -c 'cp /bin/sleep /tmp/xmrig` command to trigger the compliance check that detects crypto miners in images. + +[source,json] +---- +{ + "containerDefinitions": [ + { + "command": [ + "/bin/sh -c 'cp /bin/sleep /tmp/xmrig && echo \"[+] Sleeping...\" && while true; do sleep 1000 ; done'" + ], + "entryPoint": [ + "sh", + "-c" + ], + "essential": true, + "image": "ubuntu:18.04", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group" : "/ecs/fargate-task-definition", + "awslogs-region": "us-east-1", + "awslogs-stream-prefix": "ecs" + } + }, + "name": "Fargate-vul-comp-test", + "portMappings": [ + { + "containerPort": 80, + "hostPort": 80, + "protocol": "tcp" + } + ] + } + ], + "cpu": "256", + "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole", + "family": "fargate-vulnerability-compliance-task", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ] +} +---- + + +[.task] +=== Review compliance scan reports + +Review the scan results in Console. + +[NOTE] +==== +For Fargate version 1.3.0 and older, Prisma Cloud shows only a single scan report if the same image is run simultaneously as: + +* A task on ECS Fargate, protected by App-Embedded Defender. +* A container on a host, protected by Container Defender. + +In this case, the image is categorized as "App-Embedded". +As a result, when the scan report table is filtered by *App-Embedded: Select*, a scan report will be shown. +When the table is filtered by *App-Embedded: Exclude*, it will be hidden. +And when filtering by *Hosts*, it will be hidden, even if the host matches, because the image is considered as App-Embedded. + +For Fargate version 1.4.0, two separate scan reports are shown, one for App-Embedded and one for Container Defender. +==== + +[.procedure] +. Navigate to *Monitor > Compliance > Images > Deployed* and validate that the deployed image appears with an alerted compliance check. + +. To see all images protected by App-Embedded Defender, filter the table by *App-Embedded: Select*. + +. If you deployed the example Fargate task, search for `fargate-vulnerability-compliance-task`. + +. Click on the image to view image details: ++ +NOTE: The *Apps* column shows a count of the number of running containers protected by App-Embedded Defender. ++ +NOTE: The *Layers*, *Process info*, *Labels*, *Runtime*, and *Trust groups* tabs aren't supported for images scannned by App-Embedded Defenders. + +.. Click the *Compliance* tab to review compliance issues. ++ +You should seen an issue for *Image contains binaries used for crypto mining*. ++ +image::fargate_image_comp_scan_result.png[width=600] + +.. Review runtime information for the container. ++ +Go to the *Environment > Apps* tab, and then click on the app in the table to open the App-Embedded observations. +You can bring up the same view by going directly to *Monitor > Runtime > App-Embedded observations*, and clicking on the same app. ++ +image::app_embedded_scanning_observations.png[width=800] ++ +The *Environment* tab shows cloud-provider metadata that App-Embedded Defender collected about the running container. +For more information about the type of cloud-provider metadata App-Embedded Defender can collect, see xref:../runtime-defense/runtime-defense-app-embedded.adoc#cloud-metadata[Monitoring workloads at runtime]. ++ +image::app_embedded_scanning_metadata.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/compliance/cis-benchmarks.adoc b/docs/en/compute-edition/32/admin-guide/compliance/cis-benchmarks.adoc new file mode 100644 index 0000000000..a530e59223 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/cis-benchmarks.adoc @@ -0,0 +1,97 @@ +== CIS Benchmarks + +The CIS Benchmarks provide consensus-oriented best practices for securely configuring systems. +Prisma Cloud provides checks that validate the recommendations in the following CIS Benchmarks: + +* https://www.cisecurity.org/benchmark/docker/[Docker Benchmark] +* https://www.cisecurity.org/benchmark/kubernetes/[Kubernetes Benchmark] +* https://www.cisecurity.org/insights/blog/cis-benchmarks-march-2021-update[Openshift Benchmark] +* https://www.cisecurity.org/benchmark/distribution_independent_linux/[Distribution Independent Linux] +* https://www.cisecurity.org/benchmark/amazon_web_services/[Amazon Web Services Foundations] +* https://workbench.cisecurity.org/benchmarks/11806s/[GKE Benchmark (only for worker nodes checks)] + + +We have graded each check using a system of four possible scores: critical, high, medium, and low. +This scoring system lets you create compliance rules that take action depending on the severity of the violation. +If you want to be reasonably certain that your environment is secure, you should address all critical and high checks. +By default, all critical and high checks are set to alert, and all medium and low checks are set to ignore. +We expect customers to review, but probably never fix, medium and low checks. + +There are just a handful of checks graded as critical. +Critical is reserved for things where your container environment is exposed to the Internet, and can result in a direct attack by somebody on the outside. +They should be addressed immediately. + +// For DistroIndependent Linux checks that weren't implemented, see https://github.com/twistlock/twistlock/issues/6454 +Prisma Cloud has not implemented CIS checks marked as _Not Scored_. +These checks are are hard to define in a strict way. +Other checks are might not implemented because the logic is resource-heavy, results depend on user input, or files cannot be parsed reliably. + + +=== Additional details about Prisma Cloud's implementation of the CIS benchmarks + +The compliance rule dialog provides some useful information. +Compliance rules for containers can be created under *Defend > Compliance > Containers and Images*, while compliance rules for hosts can be created under *Defend > Compliance > Hosts*. + +*Benchmark versions* -- To see which version of the CIS benchmark is supported in the product, click on the *All types* drop-down list. + +image::cis_benchmarks_versions.png[width=600] + +*Grades* -- To see Prisma Cloud's grade for a check, see the corresponding *Severity* column. + +image::cis_benchmarks_grades.png[width=500] + +*Built-in policy library* -- To enable the checks for the PCI DSS, HIPAA, NIST SP 800-190, and GDPR standards, select the appropriate template. + +image::cis_benchmarks_templates.png[width=500] + + +=== Notes on the CIS OpenShift benchmark + +// twistlock/twistlock/wiki/OpenShift-CIS-compliance-checks +When Prisma Cloud detects OpenShift Container Platform (OCP) 4, we assess the cluster against the CIS OpenShift benchmark. +Prisma Cloud supports the CIS OpenShift benchmark on OCP 4.6 and later. + +// twistlock/twistlock#37514 +The following checks from the CIS OpenShift benchmark haven't been implemented: + +* 1.2.7 - Ensure that the --authorization-mode argument is not set to AlwaysAllow. +* 1.2.10 - Ensure that the APIPriorityAndFairness feature gate is enabled. +* 1.2.11 - Ensure that the admission control plugin AlwaysAdmit is not set. +* 1.2.16 - Ensure that the admission control plugin SecurityContextConstraint is set. +* 1.2.21 - Ensure that the healthz endpoint is protected by RBAC. +* 1.2.23 - Ensure that the audit logs are forwarded off the cluster for retention. +* 1.2.33 - Ensure that the --encryption-provider-config argument is set as appropriate. +* 1.2.34 - Ensure that encryption providers are appropriately configured. +* 1.2.35 - Ensure that the API Server only makes use of Strong Cryptographic Ciphers. +* 1.3.1 - Ensure that garbage collection is configured as appropriate. +* 1.3.2 - Ensure that controller manager healthz endpoints are protected by RBAC. +* 1.4.1 - Ensure that the healthz endpoints for the scheduler are protected by RBAC. +* 1.4.2 - Verify that the scheduler API service is protected by authentication and authorization. +* 3.1.1 - Client certificate authentication should not be used for users. +* 3.2.2 - Ensure that the audit policy covers key security concerns. +* 4.2.2 - Ensure that the --authorization-mode argument is not set to AlwaysAllow. +* 4.2.7 - Ensure that the --make-iptables-util-chains argument is set to true. +* 4.2.8 - Ensure that the --hostname-override argument is not set. +* 4.2.9 - Ensure that the kubeAPIQPS [--event-qps] argument is set to 0 or a level which ensures appropriate event capture. +* 4.2.13 - Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers. +* Section 5 - Policies. + +=== Notes on the CIS Distribution Independent Linux benchmark + +Prisma Cloud hasn't implemented the following checks from the CIS Distribution Independent Linux benchmark: + +* _1.7.2 - Ensure GDM login banner is configured_ -- +By default, most server distributions ship without a windows manager. +A manual assessment is required. + +* _2.2.1.2 - Ensure ntp (Network Time Protocol) is configured_ -- +CIS did not score this recommendation. +A manual assessment is required. + +* _2.2.1.3 - Ensure chrony is configured_ -- +CIS did not score this recommendation. +A manual assessment is required. + +* _5.3.1 - Ensure password creation requirements are configured_ -- +This recommendation cannot be implemented generically because password requirements vary from organization to organization. +A manual assessment is required. diff --git a/docs/en/compute-edition/32/admin-guide/compliance/compliance-explorer.adoc b/docs/en/compute-edition/32/admin-guide/compliance/compliance-explorer.adoc new file mode 100644 index 0000000000..47077433fa --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/compliance-explorer.adoc @@ -0,0 +1,103 @@ +== Compliance Explorer + +Compliance Explorer is a reporting tool for compliance rate. +Metrics present the compliance rate for resources in your environment on a per-check, per-rule, and per-regulation basis. +Report data can be exported to CSV files for further investigation. + +The key pivot for Compliance Explorer is failed compliance checks. +Compliance Explorer tracks each failed check, and the resources impacted by each failed check. +From there, you can further slice and dice the data by secondary facets, such as collection, benchmark, and issue severity. + +Compliance Explorer helps you answer these types of questions: + +* What is the compliance rate for the entire estate? +* What is the compliance rate for some segment of the estate? +* What is the compliance rate relative to the checks that you consider important? +** Segment by benchmark. +** Segment by specific compliance policy rules. +Prisma Cloud supports compliance policies for containers, images, hosts, and serverless functions. +* Which resources (containers, images, hosts, serverless functions) are failing the compliance checks you care about? + +To view Compliance Explorer, go to *Monitor > Compliance > Compliance Explorer*. + + +=== Page organization + +The Compliance Explorer view is organized into three main areas: + +image::compliance_explorer_overview.png[width=900] + +*1. Collection filter.* +Collections group related resources together. +Use them to filter the data in Compliance Explorer. +For example, you might want to see how all the entities in the sock-shop namespace in your production cluster comply to the checks in the PCI DSS template. + +*2. Roll-up charts.* +Configurable charts that summarize compliance data for the perspectives you care about. +They report the following data: + +* Total compliance rate for your entire estate. + +* Compliance rate by regulation. +Click *Select regulations* to configure which benchmarks and templates are shown on the page. +Benchmarks are industry-standard checklists, such as the CIS Docker Benchmark. +Templates are Prisma Cloud-curated checklists +Checks are selected from the universe of checks provided in the product that pertain to directives in a regulatory regime, such as the Payment Card Industry Data Security Standard (PCI DSS). + +* Compliance rate by rule. +Provides another mechanism to surface specific segments of your environment when scrutinizing compliance. +Click *Add rule* to configure the card. + +* Historical trend chart for compliance rate. +Shows how the compliance rate has changed over time. + +The lists in the regulation and rule cards are sorted by compliance rate (the lowest compliance rate first). + +*3. Results table.* +Shows the universe of compliance checks, and the compliance rate for each check, relative to: + +* Your policies and the checks that are enabled. +Every compliance check has an ID, and it's either enabled or disabled. +* The collection selected at the top of the page. +* The filters applied (e.g. show critical severity issues only.) + +By default, columns are sorted by severity (primary sort key), and then by compliance rate (secondary sort key). +If no parameters are specified, Compliance Explorer shows all IDs by default. + +ifdef::prisma_cloud[] + +Use the *Category:Prisma Cloud Labs* filter in the table to show the xref:./prisma-cloud-compliance-checks.adoc#malware[malware scanning] results obtained using Advanced WildFire after an xref:../agentless-scanning/agentless-scanning.adoc[agentless scan]. + +endif::prisma_cloud[] + +The tabs organize results by benchmark or template. +The tabs are shown or hidden based on how you configure the corresponding *Compliance rate for regulations* roll-up card. +If you select the *Rules* view, the tabs show the rules selected in the *Compliance rate for policy rules* roll-up card. + +image::compliance_explorer_tabs.png[width=900] + +Filters let you show failed checks only by setting the *Status* key to *Failed*: + +image::compliance_explorer_filter.png[width=900] + +After narrowing your view of the data with collections and filters, you can export the data in the table to a CSV file. + + +=== Statistics + +The data in Compliance Explorer is calculated every time the page is loaded, and it's based on data from the latest scan. +Data in the trend graph is based on snapshots taken every 24 hours. + +You can force Console to recalculate statistics from the latest scan data by clicking the *Refresh* button. +The *Refresh* button displays a red indicator when there's a change in the following resources in your environment: + +* Containers. +* Images. +* Hosts. +* Serverless functions. + +For example, the refresh indicator is shown when new containers are detected. +It's also shown when containers are deleted. + +No red refresh indicator is shown if you simply change the compliance policy. +If you change the compliance policy, manually force Prisma Cloud to rescan your environment (or wait for the next periodic scan), and then refresh the Compliance Explorer. diff --git a/docs/en/compute-edition/32/admin-guide/compliance/compliance.adoc b/docs/en/compute-edition/32/admin-guide/compliance/compliance.adoc new file mode 100644 index 0000000000..9a254a28c3 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/compliance.adoc @@ -0,0 +1,4 @@ +== Compliance + +Prisma Cloud helps enterprises monitor and enforce compliance for hosts, containers and serverless environments. +Use the compliance management system to enforce standard configurations and security best practices. diff --git a/docs/en/compute-edition/32/admin-guide/compliance/custom-compliance-checks.adoc b/docs/en/compute-edition/32/admin-guide/compliance/custom-compliance-checks.adoc new file mode 100644 index 0000000000..38b76b4620 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/custom-compliance-checks.adoc @@ -0,0 +1,184 @@ +== Custom compliance checks + +Custom image checks give you a way to write and run your own compliance checks to assess, measure, and enforce security baselines in your environment. + +Prisma Cloud lets you implement your custom image checks with simple scripts. + +Custom compliance checks are supported for: + +- Linux and Windows hosts (Host configured for docker, containerd, or CRI-O) +- Docker images on Linux hosts +- OCI images + +Custom compliance checks are not supported for: + +- Agentless scanning on Windows hosts +- Linux and Windows containers +- Docker images on Windows hosts +- Tanzu Application Service (TAS) defender +- GKE Autopilot + +A custom image check consists of a single script. +The script's exit code determines the result of the check, where "0" stands for pass and "1" stands for fail. + +Scripts are executed in the default shell. +The most common default shell for Linux is bash, but that's not always the case. +For Windows container images, the default shell is cmd.exe. + +[NOTE] +==== +//From: https://github.com/twistlock/twistlock/issues/12805 + +If you want to use a specific shell, or if your default shell is in a non-standard location, use the shebang interpreter directive at the top of your compliance check to specify the path to the executable. + +For example, `#!/bin/bash` specifies that the Linux Bourne-again (bash) shell should parse and interpret the compliance check. +==== + +For containers, Defender runs the compliance checks inside a restricted sandboxed container instantiated from the image being scanned, thus avoiding the unnecessary risk associated with running arbitrary code. + +For hosts, Defender runs the compliance checks on the host itself with unrestricted privileges to allow execution of any script. +To limit exposure, this feature is disabled by default. + +Every compliance check in the system has a unique ID. +Custom checks are automatically assigned an ID, starting with the number 9000. +As new custom checks are added, they are automatically assigned the next available ID (9001, 9002, and so on). + +//https://redlock.atlassian.net/browse/CWP-35759 +[NOTE] +==== +Prisma Cloud drops the cached compliance and vulnerability scan results for registries, and rescans registry images, whenever: + +* A new rule referencing a custom compliance check is added, or +* An existing compliance check referenced by some existing rule is updated, or +* An existing rule is updated with a new custom compliance check. + +In a scaled-out environment with large registries, repeated changes to custom compliance checks could adversely impact on the performance of Prisma Cloud. +==== + +[.task] +=== Create a new Custom Check + +Create a new compliance rule that includes your custom check, and specify the action to take when the check fails (ignore, alert, block). + +*Prerequisite* + +* Enable custom compliance checks for hosts (By default, this is disabled). +** Go to *Manage > Defenders > Advanced Settings*. +** Set *Custom Compliance Checks for hosts* to enabled. +*** Deploy Defenders to your environment. Or if already deployed, xref:../install/deploy-defender/redeploy-defender.adoc[redeploy your Defenders]. + +NOTE: You must redeploy the Defenders everytime you enable *Custom Compliance Checks for hosts*. +If you enable the feature, and then later disable it, the disabled state is effective immediately. +You don't have to redeploy Defenders when you switch to the disabled state. + +[.procedure] + +. Go to *Defend > Compliance > Custom*. + +. Select *Add check*. + +.. Enter a *Name* and a *Description*. + +.. Specify the *Severity* of the compliance issue. + +.. Enter a <>. + +.. Select *Save*. + +. Update the compliance policy to run your check. + +.. Go to *Defend > Compliance > Containers and Images* for containers or *Defend > Compliance > Hosts* for hosts. + +.. Select *Add rule*. + +.. Enter a *Rule name*, *Notes*, and select the *Scope* for the resources. + +.. Under *Compliance actions*, narrow the compliance checks displayed. ++ +For containers, on the *All types* drop-down list, select *Custom > Image*. ++ +For hosts, on the *All types* drop-down list, select *Custom > Custom*. ++ +You should see a list of custom checks you've implemented, starting with ID 9000. + +.. Select an action for your custom check (*Ignore*, *Alert*, or *Block*). + +.. Select *Save*. + +. Validate your setup by reviewing the compliance reports under *Monitor > Compliance*. + + +[#example-scripts] +=== Example scripts + +The following example scripts show how to run some basic checks, such as checking file permissions. +Use them as starting point for your scripts. +Any special utilities or programs required by your script must be installed in the image being evaluated. + +[.section] +==== File permissions (Linux) + +The following script checks the permissions for the _/bin/busybox_ file. +Assuming busybox is installed in your image, this check should pass. + +[source,sh] +---- +if [ $(stat -c %a /bin/busybox) -eq 755 ]; then + echo 'test permission failure' && exit 1; +fi +---- + +[.section] +==== File exists (Linux) + +The following script checks if _/tmp/foo.txt_ exists in the container file system. +If it doesn't exist, the check fails. + +[source,bash] +---- +if [ ! -f /tmp/foo.txt ]; then + echo "File not found!" + exit 1 +fi +---- + +[.section] +==== User exists (Linux) + +The following script checks if the user John exists. +If the user exists, the check passes. +Otherwise, it fails. + +[source,bash] +---- +if grep -F "John" /etc/passwd +then + echo yes +else + echo "user not found!" + exit 1 +fi +---- + +[.section] +==== File exists (Windows) + +The following script checks if _C:\Users_ exists. +If it does, the check passes. + +[source,dos] +---- +IF EXIST C:\Users Echo test permission failure && exit 1 +---- + +[.section] +==== File does not exist (Windows) + +This check is the inverse of the previous check. +The script checks if _C:\Users_ doesn't exist. +If it doesn't exist, the check passes. + +[source,dos] +---- +IF NOT EXIST C:\Users Echo test permission failure && exit 1 +---- diff --git a/docs/en/compute-edition/32/admin-guide/compliance/detect-secrets.adoc b/docs/en/compute-edition/32/admin-guide/compliance/detect-secrets.adoc new file mode 100644 index 0000000000..8ed2ed0ab7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/detect-secrets.adoc @@ -0,0 +1,153 @@ +== Detect Secrets + +Prisma Cloud can detect sensitive information that is improperly secured inside images and containers. +Scans can detect embedded passwords, login tokens, and other types of secrets. +To detect improperly secured secrets, add the following checks to your xref:../compliance/manage-compliance.adoc#[compliance policy]. + + +=== Defender Secrets Detection + +Your deployed defenders detect sensitive information inside images and containers. +Select *Monitor > Compliance > Compliance Explorer* and search the results using the following compliance check IDs. + +==== Compliance Check ID 424 + +This check detects sensitive information provided in environment variables of image. +The data so provided can be easily exposed by running `docker inspect` on the image and thus compromising privacy. + +*Example* + + $ docker --tlsverify -H :9998 build -t secret:v1 . + +*Response* + + Sending build context to Docker daemon 2.048 kB + Step 1/2 : FROM alpine:latest + ---> 88e169ea8f46 + Step 2/2 : ENV PASSWORD = secret + ---> Using cache + ---> 8f3627bc339b + Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: The environment variable PASSWORD contains sensitive data + + +==== Compliance Check ID 425 + +This check detects private keys stored in an image. + +*Example* + +Navigate to *Defend > Compliance*. +Add a new compliance rule to block running an image with private key in it. + +*Test* + + $ docker --tlsverify -H user.c.cto-sandbox.internal:9998 build -t user:secretv1 + +*Response* + + Sending build context to Docker daemon 5.632 kB + Step 1/2 : FROM alpine:latest + ---> 88e169ea8f46 + Step 2/2 : ADD private_key /root/.ssh/id_rsa + ---> Using cache + ---> c6e8e2496663 + Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: Private keys stored in image /root/.ssh/id_rsa + +Set the action to *ALERT* instead of *BLOCK*, then go to *Monitor > Compliance* after running the image. +Click on the image under *Images* tab. + +==== Compliance Check ID 597 + +This check detects sensitive information provided in environment variables of container. + +[#agentless-secrets-detection] +=== Agentless Secrets Detection + +Agentless scanning detects sensitive information inside files in your hosts and container images filesystem. + +==== Compliance Check ID 456 + +This check detects secrets inside your container images' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a container image. +Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. + +==== Compliance Check ID 457 + +This check detects secrets inside your hosts' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a host. +Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. + +[#detected-secrets] +==== Detected Secrets + +When agentless scanning detects a secret in a host or container image, only the following information is sent to the Prisma Cloud console. + +* The xref:#secret-types[secret type] + +* The time when the file with the detected secret was last modified + +* A redacted snippet of the secret with a length of less than 10 characters + +** A maximum of 10% of the visible characters for secrets above 30 characters up to a maximum of 10 characters +** A maximum of 3 visible characters for secrets under 30 characters + +* The path to the file where the secret was detected + +* The line and offset in the file where the secret was detected in the `line:offset` format + +This information provides you with enough context to find the detected secret and take any needed action. + +[#secret-types] +==== Secret Types + +Agentless scanning detects the following secret types. + +* AWS + +** AWS Access Key ID +** AWS Secret Key +** AWS MWS Auth Token + +* Azure + +** Azure Storage Account access key +** Azure Service Principal + +* GCP Service Account Auth Key + +* Private encryption keys + +* DB Connection String + +** Java Database Connectivity (JDBC) +** MongoDB +** .Net SQL Server + +* SaaS API keys + +** Artifactory API Token +** Artifactory Password +** Mailchimp Access Key +** NPM tokens +** Slack Token +** Slack Webhook +** Square OAuth Secret +** Notion Integration Token +** Airtable API Key +** Atlassian Oauth2 Keys +** CircleCI Personal Token +** Databricks Authentication +** GitHub Token +** GitLab Token +** Google API key +** Grafana Token +** Python Package Index Key (PYPI) +** Typeform API Token +** Scalr token +** Braintree Access Token +** Braintree Payments Key +** Braintree Payments ID +** Datadog Client Token +** ClickUp Personal API Token +** OpenAI API Key +** Jira Token diff --git a/docs/en/compute-edition/32/admin-guide/compliance/disa-stig-compliance-checks.adoc b/docs/en/compute-edition/32/admin-guide/compliance/disa-stig-compliance-checks.adoc new file mode 100644 index 0000000000..311bf4af4a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/disa-stig-compliance-checks.adoc @@ -0,0 +1,545 @@ +== DISA STIG compliance checks + +Prisma Cloud supports the Docker Enterprise 2.x Linux/Unix STIG - Ver 2, Rel 1 and the Kubernetes STIG - Ver 1, Rel 2 compliance checks. +Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs) contain technical guidance to lock down systems that might otherwise be vulnerable to attack. +These STIGs help ensure your environments are properly secured, based on Department of Defense guidance. +Prisma Cloud will continue to incorporate DISA STIG guidance as existing STIGs are updated and new STIGs are published. + +For an overview of the STIG, see https://github.com/clemenko/stig_blog/blob/master/U_Docker_Enterprise_2-x_Linux-UNIX_V1R1_Overview.pdf[here]. + +To download the STIGs, see https://public.cyber.mil/stigs/downloads/[here]. + + +=== Checks + +Prisma Cloud Compute has a compliance template "DISA STIG" for images, containers and hosts. +This compliance template maps individual STIG rules to existing compliance checks within Compute. +In some cases, we've implemented checks specifically to support the STIGs. +When configuring your compliance policy, simply select the DISA STIG template to enable ("Alert") all relevant checks. + + +==== CAT I + +CAT I is a category code for any vulnerability, which when exploited, will _directly and immediately_ result in loss of Confidentiality, Availability, or Integrity. +These risks are the most severe. + +The following table lists the CAT I checks implemented in Prisma Cloud, and how they map to existing Prisma Cloud checks. +All CAT I checks, except DKER-EE-001070, map to CIS Docker Benchmark checks. +A separate check has been implemented for DKER-EE-001070 to support the Docker Enterprise STIG. + +[cols="1,1,4", options="header"] +|=== + +|STIG ID +|Prisma Cloud ID +|Description + +|DKER-EE-001070 +|N/A +|FIPS mode must be enabled on all Docker Engine - Enterprise nodes. + +|DKER-EE-002000 +|59 +|Docker Enterprise hosts network namespace must not be shared. + +|DKER-EE-002030 +|512 +|All Docker Enterprise containers root filesystem must be mounted as read only. + +|DKER-EE-002040 +|517 +|Docker Enterprise host devices must not be directly exposed to containers. + +|DKER-EE-002070 +|521 +|The Docker Enterprise default seccomp profile must not be disabled. + +|DKER-EE-002080 +|224 +|Docker Enterprise exec commands must not be used with privileged option. + +|DKER-EE-002110 +|525 +|All Docker Enterprise containers must be restricted from acquiring additional privileges. + +|DKER-EE-002120 +|530 +|The Docker Enterprise hosts user namespace must not be shared. + +|DKER-EE-002130 +|531 +|The Docker Enterprise socket must not be mounted inside any containers. + +|DKER-EE-002150 +|57 +|Docker Enterprise privileged ports must not be mapped within containers. + +|DKER-EE-005170 +|31 +|Docker Enterprise docker.service file ownership must be set to root:root. + +|DKER-EE-005190 +|33 +|Docker Enterprise docker.socket file ownership must be set to root:root. + +|DKER-EE-005210 +|35 +|Docker Enterprise /etc/docker directory ownership must be set to root:root. + +|DKER-EE-005230 +|37 +|Docker Enterprise registry certificate file ownership must be set to root:root. + +|DKER-EE-005250 +|39 +|Docker TLS certificate authority (CA) certificate file ownership must be set to root:root + +|DKER-EE-005270 +|311 +|Docker server certificate file ownership must be set to root:root + +|DKER-EE-005300 +|314 +|Docker server certificate key file permissions must be set to 400 + +|DKER-EE-005310 +|315 +|Docker Enterprise socket file ownership must be set to root:docker. + +|DKER-EE-005320 +|316 +|Docker Enterprise socket file permissions must be set to 660 or more restrictive. + +|DKER-EE-005330 +|317 +|Docker Enterprise daemon.json file ownership must be set to root:root. + +|DKER-EE-005340 +|318 +|Docker Enterprise daemon.json file permissions must be set to 644 or more restrictive. + +|DKER-EE-005350 +|319 +|Docker Enterprise /etc/default/docker file ownership must be set to root:root. + +|DKER-EE-005360 +|320 +|Docker Enterprise /etc/default/docker file permissions must be set to 644 or more restrictive. + +|CNTR-K8-000220 +|8134 +|The Kubernetes Controller Manager must create unique service accounts for each work payload. + +|CNTR-K8-000320 +|8117 +|The Kubernetes API server must have the insecure port flag disabled. + +|CNTR-K8-000330 +|8215 +|The Kubernetes Kubelet must have the read-only port flag disabled. + +|CNTR-K8-000340 +|8116 +|The Kubernetes API server must have the insecure bind address not set. + +|CNTR-K8-000360 +|8112 +|The Kubernetes API server must have anonymous authentication disabled. + +|CNTR-K8-000370 +|8212 +|The Kubernetes Kubelet must have anonymous authentication disabled. + +|CNTR-K8-000380 +|8213 +|The Kubernetes kubelet must enable explicit authorization. + +|CNTR-K8-001160 +|597 +|Secrets in Kubernetes must not be stored as environment variables. + +|CNTR-K8-001620 +|8217 +|Kubernetes Kubelet must enable kernel protection. + +|CNTR-K8-001990 +|81120 +|Kubernetes must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures or the installation of patches and updates. + +|CNTR-K8-002010 +|81125 +|Kubernetes must have a pod security policy set. + +|CNTR-K8-002620 +|8113 +|Kubernetes API Server must disable basic authentication to protect information in transit. + +|=== + + +==== CAT II + +CAT II is a category code for any vulnerability, which when exploited, _has a potential_ to result in loss of Confidentiality, Availability, or Integrity. + +The following table lists the CAT 1 checks implemented in Prisma Cloud, and how they map to existing checks. +Some CAT 1 checks don't map to any existing checks, and have been implemented specifically for this DISA STIG. + +[cols="1,1,4", options="header"] +|=== + +|STIG ID +|Prisma Cloud ID +|Description + +|DKER-EE-001050 +|26 +|TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled. + +|DKER-EE-001240 +|515 +|The Docker Enterprise hosts process namespace must not be shared. + +|DKER-EE-001250 +|516 +|The Docker Enterprise hosts IPC namespace must not be shared. + +|DKER-EE-001800 +|24 +|The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. + +|DKER-EE-001810 +|25 +|On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used. + +|DKER-EE-001830 +|218 +|The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. + +|DKER-EE-001840 +|221 +|Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. + +|DKER-EE-001930 +|51 +|An appropriate AppArmor profile must be enabled on Ubuntu systems for Docker Enterprise. + +|DKER-EE-001940 +|52 +|SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise. + +|DKER-EE-001950 +|53 +|Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise. + +|DKER-EE-001960 +|54 +|Privileged Linux containers must not be used for Docker Enterprise. + +|DKER-EE-001970 +|56 +|SSH must not run within Linux containers for Docker Enterprise. + +|DKER-EE-001990 +|58 +|Only required ports must be open on the containers in Docker Enterprise. + +|DKER-EE-002010 +|510 +|Memory usage for all containers must be limited in Docker Enterprise. + +|DKER-EE-002050 +|519 +|Mount propagation mode must not set to shared in Docker Enterprise. + +|DKER-EE-002060 +|520 +|The Docker Enterprise hosts UTS namespace must not be shared. + +|DKER-EE-002100 +|524 +|cgroup usage must be confirmed in Docker Enterprise. + +|DKER-EE-002160 +|513 +|Docker Enterprise incoming container traffic must be bound to a specific host interface. + +|DKER-EE-002400 +|223 +|Docker Enterprise Swarm manager must be run in auto-lock mode. + +|DKER-EE-002770 +|406 +|Docker Enterprise container health must be checked at runtime. + +|DKER-EE-002780 +|528 +|PIDs cgroup limits must be used in Docker Enterprise. + +|DKER-EE-003200 +|41 +|Docker Enterprise images must be built with the USER instruction to prevent containers from running as root. + +|DKER-EE-004030 +|514 +|The on-failure container restart policy must be is set to 5 in Docker Enterprise. + +|DKER-EE-004040 +|518 +|The Docker Enterprise default ulimit must not be overwritten at runtime unless approved in the System Security Plan (SSP). + +|DKER-EE-005180 +|32 +|Docker Enterprise docker.service file permissions must be set to 644 or more restrictive. + +|DKER-EE-005200 +|34 +|Docker Enterprise docker.socket file permissions must be set to 644 or more restrictive. + +|DKER-EE-005220 +|36 +|Docker Enterprise /etc/docker directory permissions must be set to 755 or more restrictive. + +|DKER-EE-005240 +|38 +|Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive. + +|DKER-EE-005260 +|310 +|Docker TLS certificate authority (CA) certificate file permissions must be set to 444 or more restrictive + +|DKER-EE-005280 +|312 +|Docker server certificate file permissions must be set to 444 or more restrictive + +|DKER-EE-005290 +|313 +|Docker server certificate key file ownership must be set to root:root + +|DKER-EE-006270 +|217 +|Docker Enterprise Swarm services must be bound to a specific host interface. + +|CNTR-K8-000180 +|8153 +|The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination (--auto-tls argument is not set to true). + +|CNTR-K8-000190 +|8156 +|The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination. (--peer-auto-tls argument is not set to true). + +|CNTR-K8-000270 +|81141 & 81132 +|The Kubernetes API Server must enable Node,RBAC as the authorization mode. + +|CNTR-K8-000300 +|8122 +|The Kubernetes Scheduler must have secure binding. + +|CNTR-K8-000350 +|8118 +|The Kubernetes API server must have the secure port set. + +|CNTR-K8-000850 +|82110 +|Kubernetes Kubelet must deny hostname override. + +|CNTR-K8-000860 +|81418 & 8142 & 81424 & 81422 +|The manifest files contain the runtime configuration of the API server, proxy, scheduler, controller, and etcd. If an attacker can gain access to these files, changes can be made to open vulnerabilities and bypass user authorizations inherit within Kubernetes with RBAC implemented. + +|CNTR-K8-000910 +|8132 +|Kubernetes Controller Manager must disable profiling. + +|CNTR-K8-001400 +|605213 +|The Kubernetes API server must use approved cipher suites. + +|CNTR-K8-001410 +|81122 +|Kubernetes API Server must have the SSL Certificate Authority set. + +|CNTR-K8-001420 +|81130 & 8214 +|Kubernetes Kubelet must have the SSL Certificate Authority set. + +|CNTR-K8-001430 +|8136 +|Kubernetes Controller Manager must have the SSL Certificate Authority set. + +|CNTR-K8-001450 +|8152 +|Kubernetes etcd must enable client authentication to secure service. + +|CNTR-K8-001460 +|82112 +|Kubernetes Kubelet must enable tls-private-key-file for client authentication to secure service. + +|CNTR-K8-001480 +|8155 +|Kubernetes etcd must enable client authentication to secure service. + +|CNTR-K8-001490 +|81127 +|Kubernetes etcd must have a key file for secure communication. + +|CNTR-K8-001510 +|81131 +|Kubernetes etcd must have the SSL Certificate Authority set. + +|CNTR-K8-001550 +|8154 +|Kubernetes etcd must have a peer-key-file set for secure communication. + +|CNTR-K8-002600 +|81138 +|Kubernetes API Server must configure timeouts to limit attack surface. + +|CNTR-K8-003120 +|81412 +|The Kubernetes component etcd must be owned by etcd. + +|CNTR-K8-003130 +|81414 & 8145 +|The Kubernetes conf files must be owned by root. + +|CNTR-K8-003140 +|8231 +|The Kubernetes Kube Proxy must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003150 +|8232 +|The Kubernetes Kube Proxy must be owned by root. + +|CNTR-K8-003160 +|8227 +|The Kubernetes Kubelet certificate authority file must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003170 +|8228 +|The Kubernetes Kubelet certificate authority must be owned by root. + +|CNTR-K8-003180 +|81427 +|The Kubernetes component PKI must be owned by root. + +|CNTR-K8-003210 +|8230 +|The Kubernetes kubeadm.conf must be owned by root. + +|CNTR-K8-003220 +|8229 +|The Kubernetes kubeadm.conf must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003230 +|8234 +|The Kubernetes kubelet config must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003240 +|8233 +|The Kubernetes kubelet config must be owned by root. + +|CNTR-K8-003250 +|81419 & 81421 & 81423 & 81425 +|The Kubernetes API Server must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003260 +|81411 +|The Kubernetes etcd must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003270 +|81413 +|The Kubernetes admin.conf must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003290 +|81119 +|The Kubernetes API Server must be set to audit log max size. + +|CNTR-K8-003290 +|81118 +|The Kubernetes API Server must be set to audit log maximum backup. + +|CNTR-K8-003310 +|81117 +|The Kubernetes API Server audit log retention must be set. + +|CNTR-K8-003320 +|81116 +|The Kubernetes API Server audit log path must be set. + +|CNTR-K8-003330 +|81428 +|The Kubernetes PKI CRT must have file permissions set to 644 or more restrictive. + +|CNTR-K8-003340 +|81429 +|The Kubernetes PKI keys must have file permissions set to 600 or more restrictive. + +|CNTR-K8-002630 +|81121 +|Kubernetes API Server must disable token authentication to protect information in transit. + +|CNTR-K8-002640 +|81123 +|Kubernetes endpoints must use approved organizational certificate and key pair to protect information in transit. + +|=== + + +==== CAT III + +CAT III is a category code for any vulnerability, which when it exists, _degrades measures_ to protect against loss of Confidentiality, Availability, or Integrity. + +The following table lists the CAT III checks implemented in Prisma Cloud, and how they map to existing Prisma Cloud checks. +All checks map to CIS Docker Benchmark checks. + +[cols="1,1,4", options="header"] +|=== + +|STIG ID +|Prisma Cloud ID +|Description + +|DKER-EE-002020 +|511 +|Docker Enterprise CPU priority must be set appropriately on all containers. + +|=== + + +[.task] +=== Enable DISA STIG for Docker Enterprise checks + +DISA STIG for Docker Enterprise checks have been grouped into a template. +Checks are relevant to containers, images, and hosts. + +[.procedure] +. Log into Console. + +. Enable the container checks. + +.. Go to *Defend > Compliance > Containers and images > {Deployed | CI}*. + +.. Click *Add rule*. + +.. Enter a rule name. + +.. In the *Compliance template* drop-down, select *DISA STIG*. + +.. Click *Save*. ++ +image::docker_enterprise_disa_stig_container_template.png[width=600] + +. Enable host checks. + +.. Go to *Defend > Compliance > Hosts > {Running hosts | VM images}*. + +.. Click *Add rule*. + +.. Enter a rule name. + +.. In the *Compliance template* drop-down, select *DISA STIG*. + +.. Click *Save*. ++ +image::docker_enterprise_disa_stig_host_template.png[width=600] diff --git a/docs/en/compute-edition/32/admin-guide/compliance/host-scanning.adoc b/docs/en/compute-edition/32/admin-guide/compliance/host-scanning.adoc new file mode 100644 index 0000000000..4f2fb8919f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/host-scanning.adoc @@ -0,0 +1,115 @@ +== Host scanning + +Prisma Cloud scans all hosts for compliance issues, provided that a defender is installed or the host is covered by an agentless scan. +Among these, the following compliance issues are covered. + +** *Host configuration*: Compliance issues in the host setup. + +** *Docker daemon configuration*: Compliance issues that stem from misconfiguring your Docker daemons. Docker daemon derives its configuration from various files, including /etc/sysconfig/docker or /etc/default/docker. Misconfigured daemons affect all container instances on a host. + +** *Docker daemon configuration files*: Compliance issues that arise from improperly securing critical configuration files with the correct permissions. + +** *Docker security operations*: Recommendations and reminders for extending your current security best practices to include containers. ++ +Prisma Cloud implements the checks from: + +** CIS Distribution Independent Linux v2.0.0. +** CIS Amazon Linux 2 Benchmark v1.0.0 (for AL 2) +** CIS Amazon Linux Benchmark v2.1.0 (for AL 1) + +* Compliance - For Linux hosts that have Defenders installed, you can also ensure adherence to specific application versions. Agentless scanning on hosts does not support this functionality. + +[.task] +=== Enforce Application Control +If you want to ensure that Linux hosts in your deployment are running versions of an application that you have allowed or cannnot run versions of applications that you want to deny, you can use the Application Control checks. Application control checks can generate alerts if a non-compliant version of the application is detected on a host. + +The most common uses are for : +* Enforce dedicated rules by application type. For example, control what versions of mysql can be running on a DB Server. +* Specify which applications you want to make sure are not allowed to run on hosts (for example, detect any version of mongodb and deny it) +* Create host profiles from a host that has the approved list of applications and apply the rule on all other hosts, so you are alerted when a version is changed. + +To enforce application control, the host must have a Defender installed. The Host Defender scans periodically for the application control checks, and matches against the application control list attached to a compliance policy rule to allow or deny applications on the hosts in your environment. + +The application control checks are evaluated only for the list of applications and the versions you have specified for match. When an application is not matched, there is no compliance enforcement for it. + +Application control is supported for services with an open TCP port. You can view the list of applications for which you can enforce compliance on "Monitor > Compliance > Hosts> Hosts", and on the "Host Details > Package Info", the *App control* column lists the application running on the host and indicates Yes if it is supported for application control. + +[.procedure] + +. Add an application control list. +.. Select "Defend > Compliance > Hosts > Application control". +.. Enter a Name and optionally a Description for the application control rule. +.. Assign a Severity for the rule. The severity of the alert helps you triage issues when a compliance violation occurs. +.. Pick one of the following options to add the applications. ++ +This rule defines the match criteria for verifying the list of applications that are running on Linux hosts with Defenders installed. + +... Option 1 - *Add application*. + +.... Enter the name for this application. + +.... Add the match criteria for the versions you want to allow (this is an allow list). ++ +Create distinct rules that are specific to an application. For example, a database application or a web application that you want to monitor on the hosts in your inventory and trigger an alert when a compliance violation occurs. +You can use `>`, `==` or `<=`, or something like `>=2 AND <=5` to indicate a range between 2 and 5 (including 2 and 5). +Alternatively, select *Deny all versions*, if you want to ensure that no version of the application should run on hosts in your environment. ++ +image::application-host-control-add1.png[scale:30] ++ +image::application-host-control-add2.png[scale:30] + + +... Option 2 - *Import from host*. ++ +If you have a standard image on a specific host and the applications running on that host are what you want to monitor and verify compliance for, you do not have to create the rules manually. Users can import the list of applications along with the versions that are running on the host and automatically create the application control rules. + +.... Select the Host from the list. ++ +Ensure that you select Linux Hosts with Defenders installed. ++ +image::application-host-control-import.png[scale:30] + +. Attach the application control list to a Compliance rule. +.. Select "Defend > Compliance > Hosts > Hosts". +.. Enter a *Rule name*. +.. Select the *Scope*, which are the hosts to which this rule applies. +.. Select the Compliance action. +... Select *Application control* as the type of control, ++ +image::application-host-control-compliance-rule.png[scale:30] + +... Choose the new app control rule you created earlier. +... Select the action. ++ +You can choose alert or block to enforce the criteria in the application control list and generate alerts. ++ +Do not select *Ignore* as an option, if you want to generate alerts for compliance violations. ++ +Block does not block the non-compliant application from running on the host, but rather it blocks new containers for the specified application and version from being deployed on that host. So, when a rule is matched and the action is set to block, any new container will be blocked from running on that host. + +. View the scan results. +.. Select "Monitor > Compliance > Hosts". +.. Select a host to view the alerts in the host details section. + + +[.task] +=== Review host scan reports + +Prisma Cloud lets you filter the displayed hosts by searching for specific hosts or by xref:../configure/collections.adoc[collection]. +Collections support AWS tags. +When creating new collections, specify the tags you want to use for filtering in the *Labels* field. + +You can filter the displayed hosts by searching for specific hosts or by choosing a xref:../configure/collections.adoc[collection]. +Collections support AWS tags. +When creating a new collection, add the tags you want to use for filtering to the *Labels* field. + +[.procedure] +. Open Console, then go to *Monitor > Compliance > Hosts > Running Hosts*. + +. Click on a host in the list. ++ +A report for the compliance issues on the host is shown. ++ +image::host_scanning_report.png[width=800] ++ +All vulnerabilities identified in the latest host scan can be exported to a CSV file by clicking on the *CSV* button in the top right of the table. diff --git a/docs/en/compute-edition/32/admin-guide/compliance/malware.adoc b/docs/en/compute-edition/32/admin-guide/compliance/malware.adoc new file mode 100644 index 0000000000..98e31a0386 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/malware.adoc @@ -0,0 +1,44 @@ +== Malware Scanning + +Prisma Cloud xref:../agentless-scanning/agentless-scanning.adoc[agentless scanning] uses Palo Alto Networks Advanced WildFire to scan your container images and hosts for malware. + +Malware scanning is supported for container images and hosts in the following cloud service providers. + +* AWS +* Azure +* GCP +* OCI + +Windows and Linux hosts and images are supported. + +Advanced WildFire provides https://docs.paloaltonetworks.com/advanced-wildfire/administration/advanced-wildfire-overview/advanced-wildfire-concepts/verdicts[verdicts] for the scanned container images and hosts to identify samples as malicious, unwanted (Grayware is considered obtrusive but not malicious), phishing, or benign. +Malware scanning uses the MD5 signatures of binaries and shared libraries to identify the verdict. +Malware scanning doesn't show Grayware results by default. +Go to *Compute > Manage > System > WildFire* and enable the toggle to include Grayware verdicts in the malware scanning results in Prisma Cloud. + +Once an agentless scan is complete, go to *Compute > Monitor > Compliance > Images* or to *Compute > Monitor > Compliance > Host* to see the results for a deployed image or a host. +Go to *Compute > Monitor > Compliance* to find the malware scanning results in the xref:compliance_explorer.adoc[Prisma Cloud Compliance Explorer] after an agentless scan was completed successfully. +Use the following compliance check IDs in the compliance explorer to identify malware scanning results. + +* *ID #454* - Host file is flagged as malware by WildFire. +* *ID #455* - Image file is flagged as malware by WildFire. + +You can filter the results by *Category: Prisma Cloud Labs* to show both image and host file results. +It can take some time for the *Malware status* to appear in the *Host* and *Image details* and the status shows as Pending until Advanced WildFire reports the verdicts. +The malware scanning happens asynchronously from the vulnerability and compliance scanning. +You can see the results of a completed agentless scan for vulnerability and compliance issues in your deployment before the *Malware status* is resolved. + +On Linux, malware scanning checks the ELF binaries in your hosts and container images. +On Windows, malware scanning checks the https://docs.paloaltonetworks.com/advanced-wildfire/administration/advanced-wildfire-overview/advanced-wildfire-file-type-support/advanced-wildfire-file-type-support-complete[binary files] and shared libraries in your hosts and container images. +Given the large number of binaries found in Windows systems, malware scanning results take longer to appear than for Linux systems. + +Agent-based scanning also checks your workloads for malware. +This check uses a different malware engine, and you can view the results it produces in the compliance explorer too. +Use the following compliance check ID in compliance explorer to identify malware scanning results produced by your Defenders. + +* *ID #422* - Image contains malware + +You can filter the results by *Category: Twistlock Labs* to show the detected images containing malware. + + + diff --git a/docs/en/compute-edition/32/admin-guide/compliance/manage-compliance.adoc b/docs/en/compute-edition/32/admin-guide/compliance/manage-compliance.adoc new file mode 100644 index 0000000000..5bc89f220e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/manage-compliance.adoc @@ -0,0 +1,154 @@ +== Enforce compliance checks + +Prisma Cloud can monitor and enforce compliance settings across your environment. +Out of the box, Prisma Cloud supports hundreds of discrete checks that cover images, containers, hosts, clusters, and clouds. + +Prisma Cloud provides predefined checks that are based on industry standards, such as the CIS benchmarks, as well as research and recommendations from Prisma Cloud Labs. +Your security teams can review these best practices and enable the ones that align with your organization’s security mandate and consistently enforce them across your environment. +Additionally, you can implement your own compliance checks with xref:./custom-compliance-checks.adoc[scripts]. + +=== Enforcement + +Compliance rules are defined and applied in the same way as vulnerability rules. +When there is no matching rule for compliance checks on specific resources, Prisma Cloud generates alerts on all violations that are found. +For checks that can be performed on static images, those checks are performed as images are scanned (either in the registry or on local hosts). +Results are then displayed in the compliance reports under *Monitor > Compliance* on the Console. + +When compliance rules are configured with block actions, they are enforced when a container is created. +If the instantiated container violates your policy, Prisma Cloud prevents the container from being created. + +Note that compliance enforcement is only one part of a defense in depth approach. +Because compliance enforcement is applied at creation time, it is possible that a user with appropriate access could later change the configuration of a container, making it non-compliant after deployment. +In these cases, the runtime layers of the defense-in-depth model provide protection by detecting anomalous activity, such as unauthorized processes. + +Assume that you want to block any container that runs as root. +The flow for blocking such a container is: + +. Prisma Cloud admin creates a new compliance rule that blocks containers from running as root. + +. The admin optionally targets the rule to a specific resources, such as a set of hosts, images, or containers. + +. Someone with rights to create containers attempts to deploy a container to the environment. + +. Prisma Cloud compares the image being deployed to the compliance state that it detected when it scanned the image. +For deploy-time parameters, the specific Docker client commands sent are also analyzed. + +.. If the comparison determines that the image is compliant with the policy, the 'docker run' command is allowed to proceed as normal, and the return message from Docker Engine is sent back to the user. + +.. If the comparison determines that the image is not compliant, the container_create command is blocked and Prisma Cloud returns an error message back to the user describing the violation. + +. In both success and failure cases, all activities are centrally logged in Console and (optionally) syslog. + +=== Supported runtimes + +The supported runtimes for compliance are: + +* Docker +* CRIO +* Containerd + +=== Surveying Prisma Cloud compliance checks + +As you configure your compliance policy, you might want more details for the built-in checks. +Teams that address compliance issues might also need more information about why checks fail, so that they can resolve the underlying issues. + +As you explore the built-in checks, consider the following points. + +[.section] +==== CIS + +Most built-in checks are based on the xref:../compliance/cis-benchmarks.adoc[CIS benchmarks]. +For full details about what a check does, and why, refer to the CIS benchmark documentation. +Prisma Cloud check IDs map to CIS benchmark IDs. +For example, Prisma Cloud check ID 51 maps to CIS Docker Benchmark 5.1 + +[.section] +==== Check IDs + +When creating compliance rules, there's a drop-down menu that lets you filter checks by type. +Each type has a heading, which indicates the origin of the checks. +Checks from the CIS benchmarks are clearly labeled. + +image::manage_compliance_dropdown.png[width=500] + +[.section] +==== CRI checks + +All CRI checks are direct analogs of the Docker CIS checks, but repurposed for CRI environments. + +[.section] +==== Twistlock Labs checks + +For all other checks, including those from Twistlock Labs, we provide documentation. + +* Twistlock Labs compliance checks for xref:./prisma-cloud-compliance-checks.adoc[containers, images, Istio, and Linux hosts]. +* Twistlock Labs compliance checks for xref:./serverless.adoc[serverless functions]. +* Twistlock Labs compliance checks for xref:./windows.adoc[Windows]. + +[.task] +=== Creating compliance rules + +This procedure shows you how to set up a container compliance rule to block any containers running as root. + +[.procedure] +. Open Console, then go to *Defend > Compliance > Containers and Images*. + +. Click *Add rule*. + +.. Enter a rule name, such as *my-rule*. + +.. In the search field under *Compliance actions*, enter *Container is running as root*. ++ +As you type, the available checks are filtered to match your search query. + +.. For check 599 (Container is running as root), set the action to *Block*. ++ +NOTE: The "Block" effect for the unsupported compliance policies is disabled in the UI and set to "Ignore" and "Alert" only. + +.. In *Scope*, accept the default collection, *All*. +The default collection applies the rule to all containers in your environment. + +.. Click *Save*. ++ +Your rule is now activated. + +. Verify that your rule is being enforced. + +.. Connect to a host running Defender, then run the following command, which starts an Ubuntu container with a root user (uid 0). + + $ docker run -u 0 -ti library/ubuntu /bin/sh ++ +Defender should block the command with the following message: ++ + docker: Error response from daemon: oci runtime error: [Prisma Cloud] Container operation blocked by policy: my-rule, has 1 compliance issues. + +[.task] +=== Reporting full results + +By default, Prisma Cloud reports only the compliance checks that fail. +Sometimes you need both negative and affirmative results to prove compliance. +You can configure Prisma Cloud to report checks that both pass and fail. + +The contents of a full compliance report (both passed and failed checks) is the sum of all applied rules. +If your compliance policy raises an alert for only two checks, your compliance report will show the results of two checks. +To report on _all_ compliance checks, set all compliance checks to either alert or block. + +[.procedure] +. Open Console, then go to *Defend > Compliance > {Containers and Images | Hosts}*. + +. Click *Add rule*. + +.. Enter a rule name. + +.. Under *Reported results*, click *Passed and Failed Checks*. + +.. Click *Save*. ++ +Your rule is now activated. + +. Verify that the compliance reports show both passed and failed checks. + +.. Go to *Defend > Compliance*, select any tab, then click on a resource in the table to open its scan report. +You will see a list of checks that have both passed and failed. ++ +image::manage_compliance_pass_fail.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/compliance/oss-license-management.adoc b/docs/en/compute-edition/32/admin-guide/compliance/oss-license-management.adoc new file mode 100644 index 0000000000..f319832102 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/oss-license-management.adoc @@ -0,0 +1,66 @@ +== OSS license management + +Prisma Cloud can detect licenses for package dependencies in code repositories. +It can scan code repos hosted by service providers (currently GitHub only). +It can also scan build folders constructed by CI build jobs. + +A license policy defines the criticality of a license. +For example, you might specify consider any package with a GPL license as a critical issue. +Depending on your license policy, Prisma Cloud can raise alerts and block builds. + + +[.task] +=== Create a license compliance policy + +Compliance policies consist of one or more rules. + +NOTE: Prisma Cloud ships with a default rule named *Default - alert all components*. +This rule ships with alerts disabled, so the policy is effectively disabled. +As a starting point, consider cloning this rule, and reconfiguring it for your own purposes. +Set a threshold, and declare licenses you consider critical. +Rule order is important, so be sure your custom rule sits above the default rule. + +[.procedure] +. Open Console. + +. Go to *Defend > Compliance > Code repositories*. + +. Choose the target of your policy. ++ +If your policy targets GitHub, go to the *Repositories* tab. ++ +If your policy targets your CI pipeline, go to the *CI* tab. + +. Click *Add rule*. + +. Specify a rule name. + +. In *Scope*, select one or more collections to apply your policy to specific repos. ++ +Use the default *All* collection to apply it to all repos. + +. Set the rule thresholds. + +. Specify the severity of each license of interest. ++ +Each field offers SPDX license identifiers as suggestions. +Pattern-matching expressions are supported (e.g., `GPL-*`). + + +=== Scan with twistcli + +To scan a folder with twistcli, use the following command: + + twistcli coderepo scan [FOLDER_PATH] --details + +Contents of the repo are assessed according to the policy in *Defend > Compliance > Code repositories > CI*. +Scan results are published in *Monitor > Compliance > Code repositories > CI* + +For CI only, a status column indicates if twistcli passed or failed the build according to the defined policy. + + +=== Review scan results. + +Go to *Monitor > Compliance > Code repositories*. +Each row in the results table has a meter which shows the number of compliance issues at each severity level. +Click on a row to drill into the details of the scan report. diff --git a/docs/en/compute-edition/32/admin-guide/compliance/prisma-cloud-compliance-checks.adoc b/docs/en/compute-edition/32/admin-guide/compliance/prisma-cloud-compliance-checks.adoc new file mode 100644 index 0000000000..cc1bfb5505 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/prisma-cloud-compliance-checks.adoc @@ -0,0 +1,215 @@ +== Twistlock Labs Compliance Checks + +Twistlock Labs compliance checks are designed by our research team and fill gaps not offered by other benchmarks. +Like all compliance checks, Prisma Cloud's supplementary checks monitor and enforce a baseline configuration across your environment. + +Twistlock Labs compliance checks can be enabled or disabled in custom rules. +New rules can be created under *Defend > Compliance > Policy*. + +=== Container Checks + +// #17808 +*596 -- Potentially dangerous NET_RAW capability enabled*:: + +Checks if a running container has the NET_RAW capability enabled. +This capability grants an application the ability to craft raw packets. +In the hands of an attacker, NET_RAW can enable a wide variety of networking exploits, such as ARP-spoofing and hijacking a cluster's DNS traffic. + +*597 -- Secrets in clear text environment variables (container and serverless function check)*:: + +Checks if a running container (instantiated from an image) or serverless function contains sensitive information in its environment variables. +These env vars can be easily exposed with docker inspect, and thus compromise privacy. + +*598 -- Container app is running with weak settings*:: + +Weak settings incidents indicate that a well-known service is running with a non-optimal configuration. This covers settings for common applications, specifically: Mongo, Postgres, Wordpress, Redis, Kibana, Elastic Search, RabbitMQ, Tomcat, Haproxy, KubeProxy, Httpd, Nginx, MySql, and registries. These check for things such as the use of default passwords, requiring SSL, etc. The output for a failed compliance check will contain a "Cause" field that gives specifics on the exact settings detected that caused a failure. + +*599 -- Container is running as root (container check)*:: + +Checks if the user value in the container configuration is root. +If the user value is 0, root, or "" (empty string), the container is running as a root user, and the policy's configured effect (ignore, alert, or block) is actuated. + +[#container-image] +=== Container Image Checks + +*422 -- Image contains malware (image check)*:: + +Checks if any binary file in the image matches the MD5 checksum for known malicious software in the database. +For this check, we use the database composed of our Intelligence Stream (IS) and WildFire. +We check the CI images for malware by WildFire detection and check deployed images by MD5 detection. +You can populate MD5 by adding them to the xref:../configure/custom-feeds#create-a-list-of-malware-signatures-and-trusted-executables[*Manage > System > Custom feeds > Malware signatures*], these signatures added by you will also be checked for any malicious software. +Whether the user updates the MD5 on the custom-feed page or not, we will always check the images with the Intelligence Stream and Wildfire. + +*423 -- Image is not trusted (image check)*:: + +Checks if unauthorized (untrusted) images are pulled or loaded into your environment. ++ +Prisma Cloud provides a mechanism to specify specific registries, repositories, and images that are considered trusted. +Enable this check to prevent unauthorized containers from running in your critical environment. +For more information, see +xref:./trusted-images.adoc[Trusted images]. + +*424 -- Sensitive information provided in environment variables (image and serverless function check)*:: + +Checks if images or serverless functions contain sensitive information in their environment variables. +Container images define environment variables with the Dockerfile ENV instruction. +These environment variables can be easily exposed with _docker inspect_. +These checks use pattern-matching with various terms related to secrets, and no extra analysis is done on these environment variables. +These checks can detect private keys, Amazon access keys (for example `AKIAIOSFODNN7EXAMPLE`), and key-values secrets with known keys (for example "token=fdfsfgsdfkjbsdkf"). + +*425 -- Private keys stored in image (image and serverless function check)*:: + +Opens the file with an image or serverless function, and uses a regex pattern to search only for private keys. +A policy effect (ignore, alert, block) is applied on deployment if any private key is found. + +*426 -- Image contains binaries used for crypto mining (image check)*:: + +Detects when there are crypto miners in an image. +Attackers have been quietly poisoning registries and injecting crypto mining tools into otherwise legitimate images. +When you run these images, they perform their intended function, but also mine Bitcoin for the attacker. +This check is based on research from Prisma Cloud Labs. +For more information, see https://dockercon.docker.com/watch/T2xVKBNbq255j56Hecd1XZ[Real World Security: Software Supply Chain]. +The improved search logic detects binaries with known crypto miners. +The following examples from Docker Hub include crypto miners that we identify: + +https://hub.docker.com/r/anthonytatowicz/eth-cuda-miner/[Ethereum CUDA Miner] + +https://hub.docker.com/r/wernight/bfgminer[BFGMiner] + +The output message does not include remediation details, only that the binary is identified as a crypto miner. + +*448 -- Package binaries should not be altered*:: + +Checks the integrity of package binaries in an image. +During an image scan, every binary's checksum is compared with its package info. +If there's a mismatch, a compliance issue is raised. ++ +Besides scan-time, this compliance issue can also be raised at run-time if a modified binary is spawned. + + +=== Twistlock Labs Istio Compliance Checks + +Istio compliance checks help enforce a secure Istio configuration. +They address risks such as misconfigured TLS settings and universally scoped service roles. + +The goals of the compliance rules are to: + +* Ensure mutual TLS is configured correctly (enabled over HTTPS). +* Ensure RBAC policy is configured with service level access control (service x can only talk with service y). +* Ensure RBAC policy is not too permissive. + +[.section] +==== Istio Checks + +*427 -- Configure TLS per service using Destination Rule traffic policy* + +*450 -- Enable mesh-wide mutual TLS authentication using Peer Authentication Policy* + +*451 -- Avoid using permissive authorization policies without rules as it can compromise the target services* + +*452 -- Enable Istio access control on all workloads in the mesh using Authorization Policies* + +NOTE: In Istio versions 1.6 and later, Mesh Policy is deprecated and replaced with Peer Authentication Policy. + + +=== Linux Host Checks + +*449 -- Ensure no pending OS security updates* + +On each host scan, Prisma Cloud checks for available package updates marked as security updates. +If such updates are found, they're listed under the security updates tab in *Monitor > Runtime > Host observations > * +Supported for Ubuntu and Debian hosts only. + +ifdef::prisma_cloud[] +[#malware] +=== Malware Checks + +Agentless scanning scans your workloads for malware by using an integration with https://www.paloaltonetworks.com/network-security/advanced-wildfire[Palo Alto Networks Advanced WildFire], the industry's leading malware scanning feed. + +Malware scanning covers malicious files known as Malware and also Grayware, which are unwanted applications or files that are not classified as malware, but can worsen the performance of workloads and cause security risks. + +==== Agentless Malware Detection + +When agentless scanning checks your hosts and container images for security risks, it calculates the MD5 signatures of the xref:#support[relevant files] for malware analysis. Agentless malware detection uses the following process. + +. The agentless scan concludes for vulnerabilities and compliance issues. + +. Prisma Cloud sends the list of signatures to WildFire to determine their verdicts. + +. While a workload is pending verdicts from WildFire, a relevant status shows up in the workload scan results. ++ +The possible verdicts are: ++ +* Malware +* Grayware +* Benign ++ +By default, Prisma Cloud only reports files flagged as malware and you can xref:#grayware[enable flagging of grayware]. + +. All verdicts are received and the appropriate status is set on the xref:#status[workload malware status]. + +==== Configuration + +Malware scanning is a default capability for all hosts and container images scanned by agentless. + +Malware scanning is incorporated into Prisma Cloud Compute as compliance checks: +*ID 454* - Host file is flagged as malware by WildFire +*ID 455* - Image file is flagged as malware by WildFire + +[.task] +[#grayware] +===== Enable Flagging Of Grayware + +[.procedure] +. Under Runtime Security, select to *Manage > System > WildFire*. +. Under the Advanced configuration section, enable *Treat grayware as malware*. + +==== Results + +Once an agentless scan is complete, you can select *Monitor > Compliance > Images* to see the results for a deployed image or select to *Monitor > Compliance > Host* to see the results for a host. + +To view all hosts and container images that were flagged as malware, select *Monitor > Compliance > Compliance Explorer* and filter compliance issues using `malware` as a keyword. + +It can take some time for the *Malware status* to appear in the *Host* and *Image details* and the status shows as *Pending* until Advanced WildFire reports the verdicts. +Malware analysis results are reported asynchronously only after a host scan is completed for vulnerabilities and other compliance issues. +You can see the results of an agentless scan for vulnerabilities and other compliance issues in your deployment before the *Malware status* is resolved. +Given the large number of binaries found in Windows systems, malware scanning results will take longer to conclude. + +[#status] +==== Workload Malware Status + +The following malware scan statuses are possible. + +* Pending Verdicts +* No issues found +* The number of issues found + +You can't allowlist specific malware results, but you can allowlist all malware results from specific workloads by scoping compliance rules. + +[#support] +==== Supported Environments and Files + +Malware scanning is supported only for hosts scanned by agentless and images of containers running on those hosts since it is done in an offline manner on a snapshot and not on a running host. Calculating signatures of all relevant files on a filesystem with a Defender would have performance implications on a running workload. + +===== Supported Cloud Service Providers + +Supported for the following cloud service providers.: + +* GCP +* AWS +* Azure +* OCI + +===== Linux Hosts and Container Images + +Supports scanning binaries - ELF files. + +===== Windows Hosts + +Supports all executable types and shared libraries. + +==== Defenders Malware Detection + +Defenders also check your xref:#container-image[container images for malware]. + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/compliance/serverless.adoc b/docs/en/compute-edition/32/admin-guide/compliance/serverless.adoc new file mode 100644 index 0000000000..278deaa833 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/serverless.adoc @@ -0,0 +1,202 @@ +== Serverless functions compliance checks + +Prisma Cloud Labs has developed compliance checks for serverless functions. +Currently, only AWS Lambda is supported. + +In AWS Lambda, every function has an execution role. +Execution roles are identities with permission policies that control what functions can and cannot do in AWS. +When you create a function, you specify an execution role. +When the function is invoked, it assumes this role. + +When Prisma Cloud scans the functions in your environment, it inspects the execution role for overly permissive access to AWS services and resources. +Two fields are inspected: _resource_ and _action_. + +[.section] +=== Resource + +Specifies the objects to which the permission policy applies. +Resources are specified with ARNs. +ARNs let you unambiguously specify a resource across all of AWS. +ARNs have the following format: + + arn:partition:service:region:account-id:resource + +Where: + +* `service` -- Identifies the AWS product, such as Amazon S3, IAM, or CloudWatch Logs. + +* `resource` -- Identies the objects in the service. +It often includes the resource type, followed by the resource name itself. +For example, the following ARN uniquely identifies the user Francis in the IAM service: + + arn:aws:iam::586975633310:user/Francis + +[.section] +=== Action + +Describes the tasks that can be performed on the service. +For example, ec2:StartInstances, iam:ChangePassword, and s3:GetObject. +Wildcards can be used to grant access to all the actions of a given AWS service. +For example, s3:* applies to all S3 actions. + + +=== Types of issues + +The following permission policy is tightly scoped. +It grants read-write only access to the Books table. +Prisma Cloud would not flag an execution role with this type of permissions policy. + +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": { + "Effect": "Allow", + "Action": [ + "dynamodb:GetItem", + "dynamodb:BatchGetItem" + ], + "Resource": "arn:aws:dynamodb:us-east-1:125643784111:table/Books" + } +} +---- + +The following permissions policy has been implemented carelessly. +It allows all DyanmoDB operations on all tables owned by the AWS account in the current region, including dynamodb:DeleteTable, which has serious implications for the integrity and availability of your data. +This type of configuration would raise compliance check 437 because the execution role permits all DyanmoDB operations, and it's unlikely a function actually needs this range of capabilities. + +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": { + "Sid": "AllAPIActionsOnBooks", + "Effect": "Allow", + "Action": "dynamodb:*", + "Resource": "*" + } +} +---- + + +=== Compliance check details + +The following checks are supported: + +*434: Sensitive information provided in environment variables*:: +Detects when functions contain environment variables (such as MYSQL_PASSWORD) that expose sensitive information. + +*435: Private keys stored in function*:: +Detects private keys in functions. + +*436: Unbounded service access*:: +Detects functions with permission to run all actions on all services and their resources. + +*437: Overly permissive service access*:: +Detects functions with permission to run all actions on one or more services. + +*438: Broad resource access*:: +Detects functions that granted access to all resources in one or more services. + +*439: Suspicious function actions*:: +Detects functions with permission to run actions that are used in exploits and attacks. +Includes things like cloudtrail:StopLogging, cloudtrail:UpdateTrail that allow disabling and changing the output of CloudTrail logging. + +*440: Unused service API with information disclosure risk*:: +Detects functions with permissions to unused APIs that could allow information disclosure. + +*441: Unused service API with data leakage risk*:: +Detects functions with permissions to unused APIs that could leak data. + +*442: Unused service API with data tampering risk*:: +Detects functions with permissions to unused APIs that could allow data tampering. + +*443: Unused service API with lateral movement risk*:: +Detects functions with permissions to unused APIs that could allow an attacker to move laterally. + +*444: Unused service API with denial of service risk*:: +Detects functions with permissions to unused APIs that could facilitate a denial of service attack. + +*445: Unused service API with information exfiltration risk*:: +Detects functions with permissions to unused APIs that could allow data exfiltration. + +*446: Unused service API with persistent access risk*:: +Detects functions with permissions to unused APIs that allow persistent access. + +*447: Unused service API with privilege elevation risk*:: +Detects functions with permissions to unused APIs that allow privilege elevation. + +[.task] +=== Scanning serverless functions + +Configure Prisma Cloud to periodically scan your serverless functions. +Function scanning is handled by Console. + +[.procedure] +. Open Console. + +. Go to *Defend > Compliance > Functions*. + +. Click on *Add scope*. In the dialog, enter the following settings: + +.. Specify a cap for the number of functions to scan. ++ +NOTE: Prisma Cloud scans the X most recent functions, where X is the cap value. +Set this value to '0' to scan all functions. + +.. (AWS only) Specify which regions to scan. +By default, the scope is applied to *Regular regions*. +Other options include *China regions* or *Government regions*. + +.. (AWS only) Select *Scan only latest versions* to only scan the latest version of each function. +Otherwise, the scanning will cover all versions of each function up to the specified *cap* value. + +.. (AWS only) Select *Scan Lambda Layers* to enable scanning the function's Layers as well. + +.. Select the accounts to scan by credential. +If you wish to add an account, click on *Add credential*. + +.. Click *Add*. + +. Verify that you have assigned the xref:../vulnerability-management/serverless-functions.adoc#authenticating-with-aws[correct permissions] required to scan. + +. To view the scan report, go to *Monitor > Compliance > Functions*. + ++ +All compliance issues identified in the latest serverless scan report can be exported to a CSV file by clicking on the CSV button in the top right of the table. + + +[.task] +=== View AWS Lambda Layers scan report + +Prisma Cloud can scan the AWS Lambda Layers code as part of the Lambda function's code scanning. +This capability can help you determine whether the Compliance checks are associated with the function or function Layers. +Follow the steps below to view the Lambda Layers compliance scan results: + +[.procedure] +. Open Console. + +. Make sure you selected the *Scan Lambda layers* in the Defend > Compliance > Functions > Functions > Serverless Accounts > *Function scan scope* ++ +image::function_scan_scope.png[width=700] + +. Go to *Monitor > Compliance > Functions > Scanned functions*. + +. Filter the table to include functions with the desired Layer by adding the *Layers* filter. ++ +You can also filter the results by a specific layer name or postfix wildcards. +Example: `Layers:* OR Layers:arn:aws:lambda:*` ++ +image::comp_layers_filter.png[width=700] + +. Open the *Function details* dialog to view the details about the Layers and the Compliance issues associated with them: + +.. Click on a specific function + +.. See the Function's vulnerabilities, compliance issues and package info in the related tabs. Use the *Found in* column to determine if the component is associated with the Function or with the Function's Layers. ++ +image::comp_function_details.png[width=700] + +.. Use the *Layers info* tab to see the full list of the function's the Layers. ++ +image::vuls_functions_layers_info.png[width=700] diff --git a/docs/en/compute-edition/32/admin-guide/compliance/trusted-images.adoc b/docs/en/compute-edition/32/admin-guide/compliance/trusted-images.adoc new file mode 100644 index 0000000000..d1ce9c8fb7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/trusted-images.adoc @@ -0,0 +1,355 @@ +== Trusted images + +Trusted images is a security control that lets you declare, by policy, which registries, repositories, and images you trust, and how to respond when untrusted images are started in your environment. + +Image provenance is a core security concern. +In NIST SP 800-190 (Application Container Security Guide), the section on countermeasures for major risks (Section 4) says: + +_"Organizations should maintain a set of trusted images and registries and ensure that only images from this set are allowed to run in their environment, thus mitigating the risk of untrusted or malicious components being deployed."_ + +Container runtimes, such as Docker Engine, will run, by default, any container you ask it to run. +Trusted images lets you explicitly define which images are permitted to run in your environment. +If an untrusted image runs, Prisma Cloud emits an audit, raises an alert, and optionally blocks the container from running. + +Modern development has made it easy to reuse open source software. +Pulling images from public registries, such as Docker Hub, is simple and fast, and it removes a lot of friction in operations. +Retrieving and executing software with such ease, however, runs contrary to many organizations' security policies, which mandate that software originates from approved providers and distribution points. +The Trusted Images rule engine lets you specify registries, repositories, and images that are considered trustworthy. + + +=== Feature overview + +Trusted images is disabled by default. +To enable it, go to *Defend > Compliance > Trusted Images > Policy*. + +After enabling the feature, you must specify the images you trust. +Declare trust using objects called _trust groups_. +Trust groups collect related registries, repositories, and images in a single entity. +Then use those entities for writing policy rules. + +The default policy consists of a single rule that alerts on all images started in your environment. +Build out your policy by writing new rules. +Rules let you define: + +* Explicitly allowed trust groups. +* Explicitly denied trust groups +* An action to take when an image isn't trusted. + +When a container starts in your environment, Defender assesses the event against your trust policy, and then acts accordingly. +Rules in a policy are evaluated top-down. +The criteria for matching an event to a rule is the cluster or the hostname. +When a matching rule is found, the rule is processed. +No subsequent rules are processed. +The first rule that matches the cluster or hostname holds the verdict for all images that can run on that cluster/host. +If the image being started matches an explicitly denied trust group, the rule effect is applied. +If an image doesn't match either the list of explicitly allowed trust groups or explicitly denied trust groups, the rule effect is also applied. + +Audits are created when the effect of a rule is alert or block. +You can review audits in *Monitor > Events*. +When reviewing audits, you can optionally add the image to a trust group to quickly adjust your policy and clean up false positives. + +The Console UI provides a number of features to surface trust in your environment. + +* Image scan reports have indicators in the report header to show whether an image is trusted or not. +See: + +** *Monitor > Compliance > Containers and Images* +** *Monitor > Vulnerabilities > Images* + +* A dedicated page in *Monitor > Compliance > Trusted Images*, shows a snapshot of all running images in your environment and their trust status. +The table is updated at scan-time, which is once per 24 hours by default. +However, the page lets you force a re-scan and refresh the results. ++ +Also note that updated policies aren't automatically reflected in the view. +If you change a rule in your Trusted Images policy, re-scan the images in your environment to update the view. + +NOTE: Trusted images aren't supported for workloads protected by App-Embedded Defender, including Fargate tasks. + + +=== Trust indicators in the Console UI + +Badges are shown throughout Console to clearly delineate between trusted and unstrusted images. +The following badges are used: + +* Trusted -- +Explicitly trusted by a user-defined rule (*Defend > Compliance > Trusted Images > Policy*). ++ +image::trusted_images_trust_badge.png[width=50] + +* Untrusted. +An image is considered untrusted if it's untrusted on at least one host. ++ +image::trusted_images_not_trusted_badge.png[width=50] + +Badges are shown in the following pages: + +* Scan reports (click on a row in the table to open an image scan report): +** *Monitor > Compliance > Containers and Images* +** *Monitor > Vulnerabilities > Images* +* Snapshot of all running containers and their trust status. +The table is updated at scan-time. +** *Monitor > Compliance > Trusted Images* + +NOTE: After a trust policy update, the image data is only updated as a trusted image when you initiate a re-scan. +While, the hostnames with the same image are evaluated as trusted immediately after the policy update. + +=== Events Viewer + +Prisma Cloud generates an audit for every image that is started in your environment, but fails to comply with your trust policy. +Audits can be reviewed under *Monitor > Events > Trust Audits*. +When reviewing audits, you can optionally add the image to a trust group. + + +=== Establishing trust with rules + +Prisma Cloud monitors the origin of all containers on the hosts it protects. + +Policies are built on rules, and rules reference trust groups. +Trust groups are collections of related registries and repositories. + +Trust is established by one of the following factors: + +* Point of origin (registry and/or repository), +* Base layer(s). + +NOTE: Trusting images by image tag isn't supported. + + +[.section] +==== Establishing trust by registry and repository + +Prisma Cloud lets you specify trust groups by registry and repository. +If you specify just a registry, all images in the registry are trusted. + + +[.section] +==== Establishing trust by base layer + +Images can have layers in common. +If your organization builds and approves specific base images for use in containerized apps, then you can use this mechanism to enforce compliance. + +For example, consider the ubuntu:16.04 image. +If you run _docker inspect_, the layers are: + +.Layers for Ubuntu 16.04 image +---- +"Layers": [ + "sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad" +] +---- + +Now consider a new image, where ubuntu:16.04 is the base OS. +The following Dockerfile shows how such an image is constructed: + +.Dockerfile for my_app:1.0 +---- +FROM ubuntu:16.04 +RUN apt-get update +ADD hello.txt /home/hello.txt +WORKDIR /home +---- + +After building the image, and inspecting the layers, you can see that both images share the same first five layers. + +.Layers for my_app:1.0 image +---- +"Layers": [ + "sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad", + "sha256:29d16833b7ef90fcf63466967c58330bd513d4dfe1faf21bb8c729e69084058f", + "sha256:1d622b0ae83a00049754079a2bbbf7841321a24cfd2937aea2d57e6e3b562ab9" +] +---- + + +[.task] +=== Creating trust groups manually + +Trust groups are collections of related registries and repositories. +Policies are built on rules, and rules reference trust groups. + +When setting up a trust group, you can explicitly specify registries and repositories to trust. + +image::trusted_images_trust_group_manual.png[width=700] + +Prisma Cloud supports leading and trailing wildcard matches as described in the following table: + +[cols="1,1,1,1", options="header"] +|=== + +|Match type +|Registry only +|Repository only +|Both + +|Exact match +|reg +|repo +|reg/repo + +|Suffix match +|reg{asterisk} +|repo{asterisk} +repo/{asterisk} +|reg/repo{asterisk} +reg/repo/{asterisk} + +|Prefix match +|{asterisk}reg +|{asterisk}repo +|{asterisk}reg/repo + +|Both suffix & prefix +|{asterisk}reg/{asterisk} +|{asterisk}repo/{asterisk} +|{asterisk}reg/repo/{asterisk} + +|=== + +Examples: + +* All repos under a parent repo: ++ +*reg:* reg ++ +*repo:* parent-repo/{asterisk} + +* A nested repo: ++ +*reg:* reg ++ +*repo:* parent-repo/some-repo + +* All registries ending with "gcr.io": ++ +*reg:* {asterisk}gcr.io ++ +*repo:* + +*Prerequisites:* + +* You've enabled the trusted images feature in *Defend > Compliance > Trusted Images > Policy*. + +[.procedure] +. Open Console. + +. Go to *Defend > Compliance > Trusted Images > Trust Groups*. + +. Click *Add New Group*. + +. In *Name*, enter a group name. + +. In *Type*, select how you want to specify an image. ++ +*_By Image:_* ++ +There are two ways to specify images: ++ +Method 1 - Choose from a list of containers already running in your environment. +In the table, select the images you trust, and click *Add To Group*. ++ +Method 2 - Specify a registry address and/or repository, and click *Add To Group*. +If you specify just a registry, then all images in the registry are trusted. +If you specify just a repository, the registry is assumed to be Docker Hub. ++ +As you add entries to the trust group, the entries are enumerated in the *Group Images* table at the bottom of the dialog. ++ +*_By Base Layer:_* ++ +Prisma Cloud lets you import the base layers from any image in your environment. +If Prisma Cloud has seen and scanned an image, it is available in the *Image* drop-down list. ++ +Select an image, import it, and then review the SHA256 hashes for the base layers. +For example, if the secteam/ubuntu:16.04 is your trusted base OS, select it from the *Image* drop-down list, and click *Import*. + +. Click *Save*. + + +=== Creating trust groups based on what's running in your environment + +When setting up a trust group, Prisma Cloud shows you all running images in your environment +You can use the filters to narrow the set, and them all to a trust group. + +Filtering images by cluster is the most convenient option. +For example, consider an environment with two clusters called "prod" and "dev". +To create a trust group called "production images", select all the images running on the "prod" cluster. +You would type "prod" in the filter line, and click Enter to filter. +Then you could select all images on cluster and add them to the trust group. +Later, you could create a rule for this prod cluster by specifying the cluster resource as "prod", and add the new trust group to the allowed groups. +For more specific needs, you can also filter the running images by hosts. + +image::trusted_images_trust_group_filters.png[width=700] + +[.task] +=== Writing policy + +After declaring the images you trust with trust groups, write the rules that make up your policy. + +Prisma Cloud evaluates the rules in your trusted images policy from top to bottom until a match is found based on cluster and hostname. +If the image being started in your environment matches a cluster/hostname in a rule, Prisma Cloud applies the actions in the rule and stops processing any further rules. +If no match is found, no action is taken. + +You should never delete the default rule, _Default - alert all_, and it should always be the last rule in your policy. +The default rule matches all clusters and hosts ({asterisk}). +It serves as a catchall, alerting you to images that aren't captured by any other rule in your policy. + +NOTE: If you delete all rules in your policy, including the default rule, all images in your environment will be considered trusted. + +Assuming the default rule is in place, policy is evaluated as follows: + +* *A rule is matched* -- +The rule is evaluated. + +* *A rule is matched, but no trust group is matched* -- +The image is considered untrusted. +Prisma Cloud takes the same action is if it were explicitly denied. + +* *No rule match is found* -- +The default rule is evaluated, and an alert is raised for the image that was started. +The default rule is always matched because the cluster and hostname are set to a wildcard + +[.procedure] +. Open Console. + +. Go to *Defend > Compliance > Trusted Images > Policy*. + +. Click *Add Rule*. + +. Enter a rule name. + +. In *Effect*, specify how Prisma Cloud responds when it detects an explicitly denied image starting in your environment. +This action is also used when a rule is matched (by cluster/hostname), but no trust group in the rule is matched. ++ +*Ignore* -- Do nothing if an untrusted image is detected. ++ +*Alert* -- Generate an audit and raise an alert. ++ +*Block* -- Prevent the container from running on the affected host. +Blocking isn't supported for Windows containers. + +. Specify the rule's scope. ++ +By default, the rule applies to all clusters and hosts in your environment. +Pattern matching is supported. + +. Explicitly allow or deny images by trust group. ++ +. (Optional) Append a custom message to the block action message. ++ +Custom messages help the operator better understand how to handle a blocked action. +You can enhance Prisma Cloud’s default response by appending a custom message to the default message. +For example, you could tell operators where to go to open a ticket. + +. Click *Save*. ++ +Your rule is added to the top of the rule list. +Rules are evaluated from top to bottom. +The rule at the top of the table has the highest priority. +The rule at the bottom of the table should be your catch-all rule. diff --git a/docs/en/compute-edition/32/admin-guide/compliance/vm-image-scanning.adoc b/docs/en/compute-edition/32/admin-guide/compliance/vm-image-scanning.adoc new file mode 100644 index 0000000000..0d8ff63a58 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/vm-image-scanning.adoc @@ -0,0 +1,29 @@ +== VM image scanning + +Prisma Cloud can scan the virtual machine (VM) images in your cloud environment for the following types of vulnerabilities: + +* *Host configuration*: Vulnerabilities in the VM image setup. + +* *Docker daemon configuration*: Vulnerabilities that stem from misconfiguring your Docker daemon. The Docker daemon derives its configuration from various files, including `/etc/sysconfig/docker` or `/etc/default/docker`. + +* *Docker daemon configuration files*: Vulnerabilities that arise from setting incorrect permissions on critical configuration files. + +* *Docker security operations*: Recommendations and reminders for extending your current security best practices to include containers. + +* *Linux configuration*: Compliance of Linux hosts. For example, ensure mounting of the `hfs` filesystem is disabled. + +[.task] +=== Reviewing VM image scan reports + +To view the health of the VM images in your environment: + +[.procedure] +. Open Console, then go to *Monitor > Compliance > Hosts > VM images*. + +. Click on a VM image on the list. ++ +A report for the compliance issues on the VM image is shown. ++ +image::vm_image_scanning_report.png[scale=15] ++ +Select *CSV* to export a list of all the compliance issues identified in the latest VM image scan to a CSV file. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/compliance/windows.adoc b/docs/en/compute-edition/32/admin-guide/compliance/windows.adoc new file mode 100644 index 0000000000..82097a755b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/compliance/windows.adoc @@ -0,0 +1,89 @@ +== Windows compliance checks + +Windows compliance checks were developed by Prisma Cloud Labs. +They can be enabled in your host compliance policy. + +Create Windows host compliance rules in *Defend > Compliance > Hosts*. +In the new rule dialog, select *Windows host* from the *Types* drop-down list. + +image::windows_compliance_checks.png[width=800] + +The following checks are supported: + + +*200001: Verify Windows Defender antivirus is running*:: +Microsoft's built in Windows Defender antivirus service is running. + + +*200002: Verify Windows Defender antivirus is enabled*:: +Microsoft's built in Windows Defender service antivirus, anti-malware, and anti-spyware features are enabled + + +*200003: Verify Windows Defender always-on protection is enabled*:: +Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities. + + +*200004: Verify antivirus signatures match defined frequency*:: +Windows antivirus signatures are overdue based on your frequency policy. + + +*200005: Verify antivirus signatures are up-to-date*:: +Windows antivirus signatures list must be updated within the last 14 days. +If 14 days elapse without an update, signatures are stale. +This interval is required to be effective against current threats. + + +*200006: Verify anti-spyware signatures match defined frequency*:: +Windows anti-spyware signatures are overdue based on your frequency policy. + + +*200007: Verify anti-spyware signatures are up-to-date*:: +Windows anti-spyware signatures list must be updated within the last 14 days. +If 14 days elapse without an update, signatures are stale. +This interval is required to be effective against current threats. + + +*200201: Verify Windows Defender Control Flow Guard (CFG) is enabled*:: +Control Flow Guard (CFG) is a platform security feature that combats memory corruption vulnerabilities. +By placing tight restrictions on where an application can execute code, CFS makes it harder for exploits to execute arbitrary code through vulnerabilities, such as buffer overflows. +This check is applicable to Windows Server 2019 only. + + +*200202: Verify Windows Defender Data Execution Prevention (DEP) is enabled*:: +Data Execution Prevention (DEP) monitors memory to stop malicious code from running. +It monitors all processes and services and stops a program if it isn't running correctly in memory. +This check is applicable to Windows Server 2019 only. + + +*200203: Verify Windows Defender Address Space Layout Randomization (ASLR) is enabled*:: +Address space layout randomization (ASLR) prevents exploitation of memory corruption vulnerabilities. +It prevents an attacker from reliably jumping to an exploited function in memory by randomly arranging the position (address) of the stack, heap, and loaded libraries. +This check is applicable to Windows Server 2019 only. + + +*200300: Verify Windows Firewall public profile is enabled*:: +This setting is applied when a connection to a domain is made through a public network, such as at an airport, hotel, or coffee shop. +Since the security of these networks is unknown and not really controlled by the user running the computer, it is suggested that the Public network profile of settings be more restrictive than either the Domain network or Private network. + + +*200400: Verify Windows Update is enabled*:: +Windows Update is a service which automates downloading and installing Microsoft Windows software updates. + + +*200401: Verify Windows Update is set to automatically install*:: +Verify that Windows is configured to automatically download and install updates at a regular interval. + + +[NOTE] +==== +* If Windows Defender antivirus is not installed or running, all Windows Defender related checks (200001, 200002, 200003, 200201, 200202, 200203) fail with the following cause: "Windows Defender antivirus service is not installed/running". + +* Although checks 200004/5 and 200006/7 look similar, they clarify the root cause of the issue when assessed separately. +Checks 200004/6 verify the update frequency policy, while 200005/7 verify that signatures are actually up-to-date. +Checks 200004/6 show whether the defined frequency is suboptimal (greater than 14 days), while checks 200005/7 show if there was a failure to update the signatures according to the defined policy (whether it's 14 days or some other interval). + +* If no definition files (signatures) are available, checks 200004 and 200006 fail with the following cause: "Windows Defender definition files are not available". +Definitions can be removed with the following command: ++ + "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -removedefinitions +==== diff --git a/docs/en/compute-edition/32/admin-guide/configure/authenticate-console-with-certs.adoc b/docs/en/compute-edition/32/admin-guide/configure/authenticate-console-with-certs.adoc new file mode 100644 index 0000000000..8ee13adcaa --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/authenticate-console-with-certs.adoc @@ -0,0 +1,42 @@ +== Authenticate to Console with Certificates + +Prisma Cloud supports certificate-based authentication in addition to username/password based authentication for the Console UI and the API. + +This is especially useful for those in government and financial services, who use multi-factor authentication technologies built on x.509 certificates. +This is applicable to users authenticating through Active Directory accounts as well. +This feature allows customers to control the trusted CAs for signing certificates for authentication. +ifdef::compute_edition[] +NOTE: GitHub doesn't allow a certificate-based authentication, you need to configure xref:../authentication/oauth2-github.adoc[GitHub as an OAuth provider]. +endif::compute_edition[] + +[.task] +=== Setting up your Certificates + +Set up Prisma Cloud for certificate-based authentication. + +NOTE: If you are using certificates to authenticate against Active Directory accounts, Prisma Cloud uses the UserPrincipalName field in the SAN to match the certificate to the user in Active Directory. +This is the same process used by Windows clients for authentication, so for most customers, the existing smart card certificates you are already using can also be used for authentication to Prisma Cloud. + +[.procedure] +. Save the CA certificate(s) used to sign the certificates that you will use for authentication to Prisma Cloud. ++ +The certificate has to be in PEM format. +If you have multiple CA certificates that issue certificates to your users, concatenate their PEM files together. +For example, if you have Issuing CA 1 and Issuing CA 2, create a combined PEM file like this: ++ + $ cat issuing-ca-1.pem issuing-ca-2.pem > issuing-cas.pem + +. Log into Console, and go to *Manage > Authentication > System Certificates*. + +. Under *Certificate-based authentication to Console*, upload your CA certificate(s) in PEM format. + +. Select *Save*. + +. Open Console login page in your browser. When prompted select your user certificate. ++ +image::cert_auth_to_console_765460.png[scale=60] + + +=== What's Next + +See xref:../authentication/assign-roles.adoc[Assigning roles] to learn how to add users and assign roles to them. diff --git a/docs/en/compute-edition/32/admin-guide/configure/certificates.adoc b/docs/en/compute-edition/32/admin-guide/configure/certificates.adoc new file mode 100644 index 0000000000..9a9f5bc5e2 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/certificates.adoc @@ -0,0 +1,357 @@ +== Prisma Cloud Compute certificates + +This article summarizes all the certificates used by Prisma Cloud Compute. +Learn more about the certificates used on Prisma Cloud Compute including details on what it is used for, signing CA, and your customization options. + +NOTE: Customizing certificates is only allowed for Prisma Cloud Compute edition. + +[cols="10%a, 20%a, 10%a, 20%a, 10%a, 15%a, 15%a", options="header"] +|=== +|Category |Certificate |Communication |Certificate customization |Default CA |CA customization |Prisma Cloud edition + +|Console TLS communication +|Console Web and API certificate +|Web browser, API, and Twistcli access to Console +|Customize under *Manage > Authentication > System certificates > TLS certificate for Console > Concatenate public cert and private key* +|Console CA +|Your organization CA +|Compute edition + +|Certificate-based authentication to Console +| +|Clients access the Console +| +|No CA by default +|Enable Console verification of the client's CA certificate when accessing the Console. + +Define CA under *Manage > Authentication > System certificates > Certificate-based authentication to Console > CA certificate* +|Compute edition + +|Console-Defender communication +|Defender server certificate (Console side) +|Console-Defender communication +|Yes, for Compute Edition only. + +ifdef::compute_edition[] +See xref:custom-certs-predefined-dir.adoc[here] +endif::[] +|Defender CA (defender-ca.pem) +|Yes, for Compute Edition only. + +ifdef::compute_edition[] +See xref:custom-certs-predefined-dir.adoc[here] +endif::[] +|Compute edition only. Not relevant for Enterprise edition (uses API token) + +|Console-Defender communication +|Defender client certificate (Defender side) +|Console-Defender communication +|No +|Defender CA (defender-ca.pem) +|No +|Compute edition, not relevant for Enterprise edition (uses API token) + +|xref:../access-control/open-policy-agent.adoc[Admission control] +|Admission certificate (admission-cert.pem) +|Admission webhook authentication with Prisma Cloud Defender +|No +|Defender CA (defender-ca.pem) +|No +|Compute edition, Enterprise edition + +|=== + +=== Console TLS communication certificates + +You can secure access to Console with your own digital certificate. +By default, Prisma Cloud accesses the Console's web portal and API with a self-signed certificate. + +[NOTE] +==== +The self-managed certificate generated by Console is valid for three years. +90 days prior to expiration, Prisma Cloud will let you rotate it (a banner will appear at the top of the UI). +After rotating Console's certificate, you must restart the Console. + +image::rotate_console_cert.png[width=600] +==== + +When you access Console's web portal with this setup, for example, the browser flags the portal as untrusted with a warning message. +The following screenshot shows the warning message in Chrome: + +image::custom_certs_console_access_565474.png[width=600] + +You can resolve these warnings by installing your own certificate that proves your server's identity to the client. +With the proper certificate, users are taken directly to Console, and the green padlock in the address bar indicates that the site is trusted. + +image::custom_certs_console_access_565475.png[width=150] + +Creating certificates is outside the scope of this article. +For more information about how SSL and certificates secure a site, see http://robertheaton.com/2014/03/27/how-does-https-actually-work/[How does HTTPS actually work]. + + +==== Configuration options + +Prisma Cloud secures the communication between various actors and entities with certificates. +These certificates are automatically generated and self-signed during the Prisma Cloud install process. +They secure communication between: + +* Users and the Console web portal +* Users and the Console API +* Console and the Prisma Cloud Intelligence Stream + +The following options control the properties of the certificates generated during the installation process. +The default values for these options are typically adequate. + +Note that these settings only change the values used when creating self-signed certificates. +Thus, users accessing the Console will still see warning messages because the certificates are not signed by a trusted certificate authority (CA). +To configure the Console to use a certificate signed by a trusted CA, follow the steps later in this article. + +These options can be found in _twistlock.cfg_ under the General Configuration section: + +[cols="25%,75%a", options="header"] +|=== +|Configuration option +|Description + +|`CONSOLE_CN` +|Specifies the Common Name to be used in the certificate generated by Prisma Cloud for the host that runs Console. +The Common Name is typically your hostname plus domain name. +For example, it might be www.example.com or example.com. + +(Default) By default, the Common Name is assigned the output from the command `hostname --fqdn`. + +|`DEFENDER_CN` +|Specifies the Common Name to be used in the certificate generated by Prisma Cloud for the hosts that run Defender. + +(Default) By default, the Common Name is assigned the output from the command `hostname --fqdn`. + +|=== + +ifdef::compute_edition[] +You can also xref:../configure/subject-alternative-names.adoc#[control the Subject Alternative Names (SANs)] in Console's certificate. +endif::compute_edition[] + +[.task] +==== Securing access to Console with custom certificates + +Secure access to Console with your own custom certificates. + +*Prerequisites:* + +* Your certs have been generated by a commercial Certificate Authority (CA) or with your own Public Key Infrastructure (PKI). +You should have the following files on hand: +** A _.pem_ file, which contains your certificate and your Certificate Authority's intermediate certificates. +** A _.key_ file, which contains your private key. + +[.procedure] +. Have your signed certificate (_.pem_ file) and private key (_.key_ file) ready to be accessed and uploaded to Console. ++ +[IMPORTANT] +==== +Make sure that the private key starts and ends with: + + ----BEGIN PRIVATE KEY---- + ----END PRIVATE KEY---- + +or: + + -----BEGIN RSA PRIVATE KEY----- + -----END RSA PRIVATE KEY----- +==== + +. Open Prisma Cloud Console in a browser. + +. Navigate to *Manage > Authentication > System Certificates*. + +. Concatenate your public certificate and private key into a single PEM file. + + $ cat server.crt server.key > server-cert.pem + +. Open the *TLS certificate for Console* section + +.. Upload the PEM file into the *Concatenate public cert and private key (e.g., cat server-cert.pem server-key.pem)* + +.. Click *Save* + +. Verify that your certs have been correctly installed. ++ +Open your browser, and navigate to: \https://:8083 ++ +If you see the locked padlock icon, you have installed your certs correctly. ++ +image::custom_certs_console_access_565472.png[width=800] ++ +NOTE: HTTP Public Key Pinning (HPKP) was a security feature that was used to tell a web client to associate a specific cryptographic public key with a certain web server to decrease the risk of Man In The Middle (MITM) attacks with forged certificates. +This feature is no longer recommended. +See https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning + +[.task] +=== Certificate-based authentication to Console + +This feature allows the Console to verify the client's CA certificate when accessing the Console. Use certificates from an implicitly trusted CA for securing the TLS connection. +To enable this feature, follow the steps below: + +[.procedure] +. Open Console, and go to *Manage > Authentication > System Certificates*. + +. Open the *Certificate-based authentication to Console* card. + +. Under *Console Authentication* upload the CA certificate(s) in PEM format, then click *Save*. ++ +If you have multiple CAs, such as a root CA and several issuing CAs, you must add all these certificates into the PEM file. +The order of certificates in the PEM file should be from the lowest tier of the hierarchy to the root. +For example, if you have a 3 tier hierarchy that looks like this: ++ + ->RootCA + ->IntermediateCA + ->IssuingCA1 + ->IssuingCA2 ++ +Your PEM file should be ordered as IssuingCA1, IssuingCA2, IntermediateCA, RootCA. +To create such a PEM file, you'd get the public keys of each CA in PEM format and concatenate them together: ++ + $ cat IssuingCA1.pem IssuingCA2.pem IntermediateCA.pem RootCA.pem > CAs.pem + + +=== Console-Defender communication certificates + +By design, Console and Defender don't trust each other and use certificates to mutually authenticate when Defender establishes a connection with Console. +The certificates for Console-Defender communication are issued by the Defender CA (defender-ca.pem). +The Defender CA is a self-signed CA, generated by Console, and it's valid for three years. +Console is considered the server and Defender the client. +Console generates certs for each party, and signs them with the Defender CA. + +Prisma Cloud automatically rotates the Defender CA and related server and client certificates 1.5 years before the Defender CA expires. +Console and Defender use the old certs until the old Defender CA expires. + +New Defenders, deployed after the certificates have been rotated, automatically get both the new and old certificates. +Existing Defenders, however, must be redeployed to get the new certificates. +Existing Defenders use the old certificates until they expire. +Thereafter, these Defenders won't be able to establish a connection to Console until they're redeployed. + +NOTE: Single Defenders upgraded from the Console UI don't get newly rotated certificates. +To set up single Defenders with the new certificate, you must manually redeploy them. + +To identify which Defenders need to be redeployed, go to *Manage > Defenders > Manage > Defenders*. +Use the *Status* column to identify the Defenders that are using an old certificate. +Use the note at the top of the page to understand how many Defenders require redeployment, and when the old certificate will expire. + +image::defenders_using_old_certs.png[width=800] + +Use the *Using old certificate* filter on the Defenders list to see only the Defenders that are using an old certificate: + +image::defenders_using_old_certs_filter.png[width=800] + +If you still have Defenders in your environment that are using an old certificate, which is about to expire in 60 days or less, you will get notified once entering the Console UI: + +image::defenders_certs_top_banner.png[width=800] + +If the old certificate has expired, and you still have Defenders in your environment that are using the expired certificate, you will get notified once entering the Console UI. +The *Status* column on the Defenders page will reflect the Defenders that are using an expired certificate. +Use the *Certificate expired* filter on the Defenders list to see only the Defenders with expired certificates. + + +==== Additional technical details + +This section provides additional technical details about how the certificates that secure Console-Defender communication are managed. + +===== What is the rotation model? + +When Console is first deployed, it generates a set of certs for Console-Defender communication - a Defender CA, a Defender server cert, and a Defender client cert (with keys). +The certs are valid for three years. +Console initiates the certificate rotation. +Console rotates the certs 1.5 years before the Defender CA expires. +Thereafter, Console holds two sets of certificates: old and new +Console rotates the new certs 1.5 years before the new Defender CA expires. +The old certs are deleted, the new certs become the old certs, and a new set of certs are created. + +Newly deployed Defenders, after rotation, are deployed with two sets of certs: old and new. +Defenders that aren't redeployed only have the old client certs and CA, and keep using them until they expire. + +Until the old Defender CA expires, Console responds with the old Defender certs during the TLS handshake when Defender tries to connect to Console. +As long as the old Defender CA is valid, Defender uses the old client cert for TLS handshakes. +When the old certs expire, Defender uses the new certs for TLS handshakes. + +===== Which certificates are rotated? + +Console rotates the following files: + +* `defender-ca.pem` -- Rotated to defender-ca.pem.old, and then Console creates a new defender-ca.pem. +* `defender-server-cert.pem` and `defender-server-key.pem` -- Rotated to defender-server-cert.pem.old and defender-server-key.pem.old, and then Console creates new ones. +* `defender-client-cert.pem` and `defender-client-key.pem` -- Rotated to defender-client-cert.pem.old and defender-client-key.pem.old, and then Console creates new ones. + +===== Are all certs rotated at the same time? + +Yes, the Defender CA cert, server cert, and client cert are all rotated at the same time. + +===== What triggers Console to regenerate and rotate the certs? + +Console checks the expiration date of the Defender CA, and rotates all certs 1.5 years before the Defender CA expires. + +===== What is the rotation frequency? + +Once every 1.5 years. + +===== What happens when you upgrade Prisma Cloud Compute? + +When Console or Defenders are upgraded, the old, unexpired certificates remain on the system. +Defenders that only have the old certificates are supported until the old Defender CA expires. + +===== How can you programmatically determine that certs have been rotated? + +Look for changes to the Defender certificates on the machine that runs Console. +Certificates are stored in `/var/lib/twistlock/certificates`. + +Inspect the Defender CA cert for its expiration time. +When the .old suffix is added to the cert file, you will know it has been rotated. + +===== Can you manage the certificate lifecycle yourself? + +Yes, for Compute Edition (self-hosted) only. +ifdef::compute_edition[] + +See xref:custom-certs-predefined-dir.adoc[Configure custom certs from a predefined directory]. + +endif::[] + +SaaS Defenders connect to Console using an API token, not certs. + +===== After certs have been rotated, what's returned from api/v/defenders/daemonset.yaml? + +The DaemonSet yaml will include both sets of new and old certs: + +New certs: + +* defender-ca.pem +* defender-client-cert.pem +* defender-client-key.pem + +Old certs: + +* defender-ca.pem.old +* defender-client-cert.pem.old +* defender-client-key.pem.old + +===== Which Defender types support certificate rotation? + +Supported Defender types: + +* Container Defenders (Windows and Linux) +* Host Defenders (Windows and Linux) +* DaemonSet Defenders +* App-Embedded Defenders, including Fargate + +Serverless Defenders aren't supported. +Serverless Defenders are always deployed with old, unexpired certs, even if new certs exist. + +===== What happens the moment a Defender's old certs expire? + +Defenders can switch to new certificates from old certificates at runtime. +No restart is required. + +=== Admission control certificates + +Prisma Cloud provides a dynamic admission controller for Kubernetes built on the Open Policy Agent (OPA). +The admission control certificate is used for the authentication between the Defenders and the admission webhook. +When deploying the admission webhook, make sure it is configured with the right CA bundle, according to the Defender's admission certificate. +See the webhook configuration section on the xref:../access-control/open-policy-agent.adoc[admission control article]. diff --git a/docs/en/compute-edition/32/admin-guide/configure/clustered-db.adoc b/docs/en/compute-edition/32/admin-guide/configure/clustered-db.adoc new file mode 100644 index 0000000000..fc04cec617 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/clustered-db.adoc @@ -0,0 +1,279 @@ +== Clustered-DB + +Running Prisma Cloud Compute in the clustered-DB configuration lets you sync Console’s database across multiple instances of Console. +When using the clustered-DB deployment, all Consoles must be accessible with the same DNS name and connected to the same load balancer. + +The Consoles in a clustered-DB pool can be deployed in the same region across different availability zones. + +A new Prisma Cloud Compute self-hosted setup is required to create a clustered-DB deployment. +That is, all Consoles must be new. +Accordingly, all Defenders must be new as well. + + +=== Recommendations for your clustered-DB setup + +The information in the following sections help you make informed decisions when selecting pool size, load balancer configuration, and storage types. + + +[#pool-size] +==== Number Of Consoles in the clustered-DB pool + +The clustered-DB mechanism continuously requires the pool to choose a primary Console. +This is done by the replica sets election mechanism. +The election determines which member will become primary. +Replica sets can trigger an election in response to a variety of events, such as: adding a new member, initiating a pool, and losing connectivity to the primary for more than the configured timeout. + +An odd number of Consoles is recommended for better fault tolerance. +The table below describes the fault tolerance for 3/5/7 Consoles: + +[cols="1,1,1"] +|=== +|Number of Members |Majority Required to Elect a New Primary |Fault Tolerance + +|3 +|2 +|1 + +|4 +|3 +|1 + +|5 +|3 +|2 + +|6 +|4 +|2 + +|7 +|4 +|3 +|=== + + +[#lb] +==== Load balancer configuration + +When configuring your load balancer, make sure to set up the following: + +* TCP (Network) load balancer. +* TLS health through. +* Except for traffic on the used ports (8083, 8084 the default). +* To ensure LB can identify unavailable Consoles, we recommended that you set a health check to the Console ping API: \https:///api/v1/_ping. + + +==== Performance implications + +When deploying a clustered-DB setup on AWS, we recommend that you use https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html[EBS-optimized instances]. + + +=== Custom certificates + +You can provide a custom certificate to the clustered-DB Consoles pool. +When configuring custom certificates, make sure that all Consoles and Defenders know all clustered-DB Consoles and the load balancer. +To do so, add all Console addresses and load balancer names to the certificate's SAN. + +NOTE: All Consoles and Defenders must be signed with the same CA. + +This is also relevant for xref:../configure/custom-certs-predefined-dir.adoc[configuring custom certs from a predefined directory]. + + +=== Guidelines + +Before you begin, make sure to follow these guidelines: + +* Managing and monitoring a clustered-DB setup requires System Admin permissions. +* When using IAM roles, all Console nodes must be assigned with the same role. +* The clustered-DB pool should be created with fresh Consoles and Defenders. +* All Consoles should run the same *major and minor version*. +* All Consoles should be able to communicate with each other on port 27017. +* The number of the total Consoles in the pool should be between 3 to 7. +See <>. +* Create a load balancer using the instructions described in <> +This load balancer will be used for Defenders, twistcli, API and TLS communication with the clustered-DB pool. + + +[.task] +=== Creating the clustered-DB pool + +[.procedure] +. Deploy the clustered-DB pool’s Consoles without initializing them with usernames and passwords. + +.. Option 1 - Deploy Console using YAML/Helm charts. ++ + ./twistcli console export kubernetes --clustered-db ++ + kubectl create -f twistlock_console.yaml ++ +When deploying Consoles on the same cluster, you can use a statefulset deployment or use different namespaces for the Console installation. +Make sure to change the YAML/Helm accordingly. + +.. Option 2 - Deploy the Console as a single Console. + +... Add `CLUSTERED_DB_ENABLED=true` configuration to the `twistlock.cfg` file + +... Install the Console (not the onebox installation), without initializing it. ++ +For example `sudo ./twistlock.sh console` + +. Configure the load balancer to send traffic to the Console services. + +. Choose one of the Consoles and initialize it with a user, password, and license. ++ +When initializing the Console, access it directly, rather than through the load balancer. ++ +This first Console is considered the seed Console. + +. Check the clustered-DB status against the initialized Console: ++ + ./twistcli clustered-db status --address https://:8083/ --password ++ +You should expect to see the following result: ++ + Clustered DB status: + Last updated: 28 Mar 22 18:00 UTC + Load balancer address: + Members: + 1. Address: , State: PRIMARY + +. Add a load balancer to the clustered-DB. ++ +The Console’s address should be static and available for the other Consoles. +You can choose a static IP address or a DNS name. ++ +Run the following command to set up the clustered-DB load balancer address. +The should be the initialized Console address: ++ + ./twistcli clustered-db configure --load-balancer-address --address https://:8083/ --password + +. (Optional) Edit the seed address. ++ +This command can be useful if the initialized Console address is not accessible for the other Consoles that you are about to add to the pool. +Note you can use this command after adding the first Console to the pool (the seed Console), meaning that this command can’t be executed after adding the other Consoles to the pool. ++ + ./twistcli clustered-db configure --seed-console-address --password + +. Add the other Consoles to the pool. ++ +The Consoles’ addresses should be static and available for the other Consoles. +You can choose a static IP address or a DNS name. ++ +Run the following command in order to add members to the clustered-DB pool. +You can add single or multiple addresses at once: ++ + ./twistcli clustered-db add --member-address --member-address … --address https://:8083/ --password + +. Check status the pool status: ++ +Now it’s possible to check the pool status against the load balancer address: ++ + ./twistcli clustered-db status --address https://:8083/ --password ++ +Expected output: ++ + Clustered DB status: + Last updated: 28 Mar 22 18:25 UTC + Load balancer address: load_balancer_address + Members: + 1. Address: Console1_address, State: PRIMARY + 2. Address: Console2_address, State: SECONDARY + 3. Address: Console3_address, State: SECONDARY + + +=== Clustered-DB potential statuses + +The clustered-DB status call restrains the status of the entire pool and the status for each one of the members. +Status is a string representation of the member's state, from the cluster perspective. +The last updated field represents the time when the status was last updated. + +---- +./twistcli clustered-db status --address https://:8083/ --password +---- + + +See the available statuses in the list below: + +[cols="1,4"] +|=== +|Name |State Description + +|STARTUP +|Not yet an active member of any set. All members start up in this state. + +|PRIMARY +|The member in state primary the primary member of the pool. Eligible to vote. + +|SECONDARY +|A member in state secondary is replicating the data store. Eligible to vote. + +|RECOVERING +|Members either perform startup self-checks, or transition from completing a rollback or resync. Eligible to vote. + +|STARTUP2 +|The member has joined the set and is running an initial sync. Eligible to vote. +NOTE this member is not eligible to vote and cannot be elected during the initial sync process. + +|UNKNOWN +|The member's state, as seen from another member of the set, is not yet known. + +|DOWN +|The member, as seen from another member of the set, is unreachable. + +|ROLLBACK +|This member is actively performing a rollback. Eligible to vote. The member is not accessible during the rollback time frame. + +|REMOVED +|This member was once in a replica set but was subsequently removed. This status can be available for a very short period of time after removing a member. When the remove action is complete, the member will no longer appear in the status. + +|=== + + +[.task] +=== Remove members + +Follow the steps below to remove a member (Console) from the pool. +Note that after removing a member, this Console cannot be reused. + +[.procedure] +. Remove the member from the LB settings. + +. Remove a member from the pool using the following command: ++ + ./twistcli clustered-db remove --address https:// -u user -p password --member-address + +. Delete the removed Console instance, since it’s not reusable. ++ +After removing a member from the pool, the deleted Console will remain in the existing DB. +This Console can’t be added to the pool again since it’s already initialized. +You won't be able to return the same member to the pool, unless you delete the Console and create a new non-initialized one. + + +=== Console disconnection + +If Console fails, the clustered-DB pool will choose a new primary Console. +The primary selections might cause a short downtime to make the transition. +The downtime period depends on different factors (sufficient number of members to vote, network latency, etc). +Typically the process will take about 30 seconds. + +If a single member is disconnected from the pool for a long period of time, it might take a while for it to return. +This is due to possible DB differences. +If the delta between the disconnected member and the pool DB is significant, the member DB will be restored from the current pool DB. + + +=== Upgrade clustered-DB Consoles + +All Consoles should run the same *major and minor version* (i.e., exactly the same x.y.z version). +All clustered-DB Consoles should be upgraded within a reasonable amount of time, to make sure that all of them will run with the same version shortly. +For example, if the DB was upgraded to x.y.z+1, members still running the previous version x.y.z won't be able to become primary. +They just replicate the DB. + + +=== Limitations + +The clustered-DB setup has the following limitations: + +* You cannot deploy xref:../deployment-patterns/projects.adoc[projects] when using clustered-DB. +* Consoles running on Fargate aren't supported. +* Backup and restore: clustered-DB can track only periodic backups only (daily, weekly, monthly), but not on demand. +The backup is taken from all of the clustered-DB pool members. diff --git a/docs/en/compute-edition/32/admin-guide/configure/collections.adoc b/docs/en/compute-edition/32/admin-guide/configure/collections.adoc new file mode 100644 index 0000000000..23470498e0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/collections.adoc @@ -0,0 +1,460 @@ +== Collections + +Collections are predefined filters for segments of your environment. +They're centrally defined, and they're used in rules and views across the product. + +Collections are used to: + +* Scope rules to target specific resources in your environment. +For example, you might create a vulnerability rule that applies to all container images in an app called sock-shop. +The rule might reference a collection, which specifies `sock-shop**` in the image resource filter. +* Partition views. +Collections provide a convenient way to browse data from related resources. +* Enforce which views specific users and groups can see. +Collections can control access to data on a need-to-know basis. +These are known as assigned collections. + +Collections are created with xref:../configure/rule-ordering-pattern-matching.adoc[pattern matching] expressions that are evaluated against attributes such as image name, container name, hostname, labels, function name, namespace, registry tag, and more. + +For labels, Prisma Cloud supports AWS tags, as well as distro attributes. +Distro attributes are designed for central security teams that manage the policies in Console, but have little influence over the operational practices of the groups that run apps in the environments being secured. +If the central security team can't rely on naming conventions or labels to apply policies that are OS-specific (e.g. different compliance checks for different OSs), they can leverage the distro attributes. +Supported distro attributes are: + +* Distro name -- "osDistro:" (e.g. "osDistro:Ubuntu") +* Distro version -- "osVersion:" (e.g. "osVersion:20.04") + +=== Partitioning views + +While a single Console manages data from Defenders spread across all hosts, collections let you segment that data into different views based on attributes. + +Collections are useful when you have large container deployments with multiple teams working on multiple apps all in the same environment. +For example, you might have a Kubernetes cluster that runs a shopping app, a travel app, and an expenses app. +Different teams might be responsible for the development and operation of each app. +An internal tools team might be responsible for the travel and expenses app, while a product team runs the shopping app. + +Selecting a collection reduces the scope displayed in Console to just the relevant resources. +For example, the developer for the travel app only cares about vulnerabilities in the images that make up the travel app. +All other vulnerabilities are just noise. +Collections help focus the data. + + +=== Scoping rules + +The scope of a rule is defined by referencing the relevant collections. +Collections offer a centralized way to create and manage scope settings across the product. +Collections make it easy to consistently reuse scope settings across policies. +Policy tables give you a clear picture of what resources are being targeted in your rules. + +image::collections_policy_table_scopes.png[width=800] + +When creating new rules, you can either select from a list of previously defined collections or create a new one. +By default, Prisma Cloud sets a rule's scope to the *All* collection, which captures all resources in the environment. + +image::collections_rule_scope.png[width=700] + +=== Importing and exporting rules + +Rules can be exported from one Console and imported into another Console. +When importing rules, any associated collections are also imported and created. + +* If the imported rule uses a collection that doesn't exist in Console, the collection is automatically created. +* If the imported rule uses a collection with a name that already exists, but with a different scope, the collection is created with the following name and description: +** Name: - +** Description: Automatically generated collection for an imported rule/entity +* If the imported rule uses a collection that already exists, and a matching scope, the existing collection is used as-is. + + +[.task] +=== Creating collections + +You can create as many collections as you like. +Collections cannot be nested. +ifdef::compute_edition[] +In tenant projects, collections are created and managed on a per-project basis. +endif::compute_edition[] + +Prisma Cloud ships with a built-in set called *All* that is not editable. +The *All* collection contains all objects in the system. +It is effectively the same as creating a collection manually and setting a wildcard (*) for each resource type (e.g., containers, images, hosts, labels, etc). + +Collections can be created in *Manage > Collections and Tags > Collections*. +Alternatively, collections can be created directly from a new rule dialog when you're setting the rule's scope. +When creating collections from a new rule dialog, Prisma Cloud automatically disables any irrelevant scope fields. +When selecting previously defined collections in a rule's scope field, any improperly scoped collections are hidden from the display. +For example, you can't select a collection that specifies serverless functions in a container runtime rule. + +By default, new collections set a wildcard for each resource, effectively capturing all resources in the system. +Customize the relevant fields to capture some segment of the universe of resources. + +The labels field supports https://docs.docker.com/config/labels-custom-metadata/[Docker labels], Azure registry tags (`key:value`), Kubernetes pod template labels, Kubernetes namespace labels, Kubernetes deployment labels, AWS tags, distribution name for hosts (`osDistro:`), and operating system version for hosts (`osVersion:`). + +Prisma Cloud extracts registry tags from Azure registry. +ifdef::compute_edition[] +To fetch registry tags from Azure Container Registry, enable https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/cloud-service-providers/cloud-accounts-discovery-pcee[Cloud discovery]. +endif::compute_edition[] +You can use these registry tags to implement role-based access control to regulate the visibility of registry vulnerability scan findings to a user role. +Prisma Cloud designates all identified Azure registry tags as *Registry labels* under *Monitor > Vulnerabilities > Images > Registries, Image details > Labels*. + +To use Kubernetes namespace and deployment labels, enable the following setting when deploying Defenders: *Manage > Defenders > Defenders: Deployed > Manual deploy > Collect Deployment and Namespace labels*. + +To use AWS tags for hosts, enable *VM tags* for relevant accounts under *Manage > Cloud accounts > Add/edit account > Discovery features*. + +To scope App-Embedded policy rules (e.g., vulnerability, compliance, and runtime rules), use the collection's *App ID* field. +For Fargate tasks protected by App-Embedded Defenders, you can additionally scope rules by image. + +// https://github.com/twistlock/twistlock/issues/11646 +// https://redlock.atlassian.net/browse/PCSUP-13010 +[NOTE] +==== +You cannot have collections that specify a combination of both: + +- Host and cluster +- Container and image + +You must leave a wildcard in one of the fields, or else the collection won't be applied correctly. +For example, if you want to create collections that apply to both a container and an image, create two separate collections. +The first collection should only include the container name, and the second should only include the image name. +Filtering on both collections at the same time will not yield the desired result. + +//https://github.com/twistlock/twistlock/issues/19678 +Filtering by cloud account ID for Azure Container Instances isn't currently supported. +==== + +To create a new collection: + +[.procedure] +. Open Console. + +. Go to *Manage > Collections and Tags > Collections*. + +. Select *Add collection*. + +. In *Create new collection*, enter a *Name*, and *Description*, and then specify a filter to target specific resources. ++ +For example, create a collection named *Raspberry images* that shows all _raspberry_ images in the _fruit_ namespace. +Pick a color for easy visibility and differentiation. ++ +The following collection selects all images that start with the string _raspberry_. +You can also create collections that exclude resources. +For more information on syntax that can be used in the filter fields (e.g., containers, images, hosts, etc), see xref:../configure/rule-ordering-pattern-matching.adoc#[Rule ordering and pattern matching]. ++ +image::collections_specify_filter.png[width=300] + +. Select *Save*. ++ +You can view a summary of each Collection in the sidecar, which shows the resources' data and usage of the Collection. ++ +image::collection-sidecar-view.png[width=300] + +ifdef::compute_edition[] +=== Assigned collections + +Collections provide a lightweight mechanism to provision least-privilege access to the resources in your environment. +You can assign collections to specific users and groups to limit their view of data and resources in the environment. + +NOTE: Projects are the other mechanism for partitioning your environment. +Projects are Prisma Cloud's solution for multi-tenancy. +They let you provision multiple independent environments, and federate them behind a single Console URL, interface, and API. +Projects take more effort to deploy than collections. +Collections and Projects can work together. +Collections can be utilized in both non-Project and Project-enabled environments. + +By default, users and groups can access all collections and are not assigned with any collection. + +Users with admin or operator roles can always see all resources in the system. +They can also see all collections, and utilize them to filter views. +When creating users or groups with the admin or operator role, there is no option for assigning collections. + +When creating users or groups with any other role, admins can optionally assign one more collection. +These users can only see the resources in the collections they've been assigned. + +image::collections_dropdown_list.png[scale=15] + +[NOTE] +==== +If a user is assigned multiple system roles, either directly or through group inheritance, then the user is granted the highest role and access to the assigned collections of all the groups to which the user belongs. +If a user is assigned both system and custom roles, then the user will be randomly granted the rights of one of the groups, including its role and assigned collections. +==== + +You cannot delete a Collection as long as it is being used by a rule, or if a Collection is assigned to users or groups. +This enforcement mechanism ensures that the rules, users, and groups are never left stateless (unscoped). +Select a Collection to see what resource is using the Collection: + +image::collections_usages.png[width=300] + +NOTE: Changes to a user or group's assigned collections only take effect after users re-login. + +[.task] +=== Assigning collections + +Assign collections to specific users and groups to restrict their view of data in the environment. + +IMPORTANT: If a role allows access to policies, users with this role will be able to see all rules and all collections that scope rules under the Defend section, even if the user’s view of the environment is restricted by assigned collections. + +Collections can be assigned to local users, LDAP users, and SAML users. +Collections can also be assigned to LDAP and SAML groups. +They cannot be assigned to local groups. + +When using Projects, Collections can only be assigned to users on each project. Users of the Central Console have access to all projects, and cannot be limited to assigned collections. + +*Prerequisites:* + +* You've already created one or more collections. +* (Optional) You've integrated Prisma Cloud with a directory service or SAML IdP. + +[.procedure] +. Open Console, and go to *Manage > Authentication > {Users | Groups}*. + +. Click *Add users* or *Add group*. + +. Select the *Auditor* or *DevOps User* role. + +. In *Permissions*, select one or more collections. +If left unspecified, the default permission is *All collections*. + +. Click *Save*. + +endif::compute_edition[] + +=== Selecting a collection + +Collections filter data in the *Monitor* section of the Console. + +When a collection (or multiple collections) is selected, only the objects that match the filter are shown in those views. +When a collection is selected, it remains selected for all views until it is explicitly disabled. + +To select a collection, go to any view under *Monitor*. +In the Collections drop-down list in the top right of the view, select a collection. +In the following screenshot, the view is filtered based on the collection named *google images*, which shows all images that contain the string *google_containers*. + +image::collections_792004.png[scale=15] + +When multiple collections are selected, the effective scope is the union of each individual query. + +// https://github.com/twistlock/twistlock/issues/14262 +NOTE: Individual filters on each collection aren't applicable to all views. +For example, a collection created with only functions won't include any resources when viewing the hosts results. +Similarly, a collection created with hosts won't filter images by hosts when viewing image results. + +The *Collections* column shows to which collection a resource belongs. +The color assigned to a collection distinguishes objects that belong to specific collections. +This is useful when multiple collections are displayed simultaneously. +Collections can also be assigned arbitrary text tags to make it easier for users to associate other metadata with a collection. + +=== Use Collections with TAS Metadata Fields + +Prisma Cloud automatically collects metadata fields such as Foundation, Organization Name, Application Name and ID, and Space Name and ID. +To utilize these fields, you'll have to *manually create* appropriate collections that can then be used for filtering and aggregation. + +[cols="30%,40%", options="header"] +|=== +|Resource type |Supported Labels + + +|Host +|tas-foundation + +|Containers (running applications) +|tas-application-id, tas-application-name, tas-space-id, tas-space-name, tas-org-id, tas-org-name, tas-foundation + +|Droplets +|tas-application-id, tas-application-name, tas-space-id, tas-space-name, tas-org-id, tas-org-name, tas-foundation + +|=== + +* To use the *tas-fundation* label, enter a *Foundation* name in the Prisma Cloud TAS tile configuration screen at the time of xref:../install/deploy-defender/orchestrator/install-tas-defender.adoc[deploying a TAS Defender]. + +=== Limitations + +Different views in Console are filtered by different resource types. + +If a collection specifies resources that are unrelated to the view, filtering by this collection returns an empty result. + +[cols="20%,20%,60%a", options="header"] +|=== +|Section |View |Supported resources in collection + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Images +|Images, Hosts, App IDs (App-Embedded), Namespaces, Clusters, Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Registry images +|Images, Hosts (of the scanner host), Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Containers +|Images, Containers, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Hosts +|Hosts, Clusters, Labels, Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|VM images +|VM images (under Images), Cloud Account IDs + +|Monitor/Vulnerabilities + +Monitor/Compliance +|Functions +|Functions, Cloud Account IDs, Labels (Region, AWS tag) + +|Monitor/Vulnerabilities +|Code repositories +|Code repositories + +|Monitor/Vulnerabilities +|VMware Tanzu blobstore +|Hosts (of the scanner host), Cloud Account IDs, Labels (tas-application-id, tas-application-name, tas-space-id, tas-space-name, tas-org-id, tas-org-name, tas-foundation) + +|Monitor/Vulnerabilities +|Vulnerability Explorer +|Images, Hosts, Clusters, Labels, Functions, Cloud Account IDs + +|Monitor/Compliance +|Cloud Discovery +|Cloud Account IDs + +|Monitor/Compliance +|Compliance Explorer +|Images, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Monitor/Events +|Container audits +|Images, Containers, Namespaces, Clusters, Container Deployment Labels (under Labels), Cloud Account IDs. +(Cluster collections are not currently able to filter some events such as container audits, specifically.) + +|Monitor/Events +|WAAS for Containers +|Images, Namespaces, Cloud Account IDs + +|Monitor/Events +|Trust Audits +|Images, Clusters, Cloud Account IDs + +|Monitor/Events +|Admission Audits +|Namespaces, Clusters, Cloud Account IDs + +|Monitor/Events +|Docker Audits +|Images, Containers, Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|App-Embedded audits +|App IDs (App-Embedded), Cloud Account IDs, Clusters, Images + +|Monitor/Events +|WAAS for App-Embedded +|App IDs (App Embedded), Cloud Account IDs + +|Monitor/Events +|Host audits +|Hosts, Clusters, Labels, Cloud Account IDs + +|Monitor/Events +|WAAS for Hosts +|Hosts, Cloud Account IDs + +|Monitor/Events +|Host Log Inspection +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|Host File Integrity +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|Host Activities +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Events +|Serverless audits +|Functions, Cloud Account IDs, Labels (Region, Provider) + + +|Monitor/Events +|WAAS for Serverless +|Functions, Cloud Account IDs, Labels (Region) + +|Monitor/Runtime +|Container incidents +|Images, Containers, Hosts, Namespaces, Clusters, Cloud Account IDs + +|Monitor/Runtime +|Host incidents +|Hosts, Clusters, Cloud Account IDs + +|Monitor/Runtime +|Serverless incidents +|Functions, Cloud Account IDs, Labels (Region) + +|Monitor/Runtime +|App Embedded incidents +|App IDs (App Embedded), Cloud Account IDs + +|Monitor/Runtime +|Container models +|Images, Namespaces, Clusters, Cloud Account IDs + +|Monitor/Runtime +|App-Embedded observations +|App IDs, Images, Containers, Clusters, Account IDs, Regions (under Labels) + +|Monitor/Runtime +|Host observations +|Hosts, Clusters, AWS tags (under Labels), OS tags (under Labels), Cloud Account IDs + +|Monitor/Runtime +|Image analysis sandbox +|Images, Labels + +|Radar +|Containers Radar +|Images, Containers, Hosts, Namespaces, Clusters, Labels, Cloud Account IDs + +|Radar +|Hosts Radar +|Hosts, Clusters, AWS tags (under Labels), OS tags (under Labels), Cloud Account IDs + +|Radar +|Serverless Radar +|Functions, Cloud Account IDs, Labels (Region, AWS tag) + +|Manage +|Defenders +|Hosts, Clusters, Cloud Account IDs + +|=== + +==== Using Collections + +After collections are created or updated, some views require a rescan before you can see the change: + +* Deployed Images vulnerabilities and compliance views +* Registry Images vulnerabilities and compliance views +* Code repositories vulnerabilities view +* Trusted images +* Cloud Discovery +* Vulnerability Explorer +* Compliance Explorer + +After collections are created or updated, some views are affected by the change only for future records. +These views include historical records that keep their collections from creation time: + +* Images and Functions CI results view +* Events views +* Incidents view +* Image analysis sandbox results view diff --git a/docs/en/compute-edition/32/admin-guide/configure/configure-scan-intervals.adoc b/docs/en/compute-edition/32/admin-guide/configure/configure-scan-intervals.adoc new file mode 100644 index 0000000000..8be1c74f1f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/configure-scan-intervals.adoc @@ -0,0 +1,99 @@ +== Configure scanning + +You can specify how often Prisma Cloud scans your environment for vulnerabilities and compliance issues. +By default, Prisma Cloud scans your environment every 24 hours. +Images are re-scanned when changes are detected. +For example, pulling a new image triggers a scan. + +Prisma Cloud scans for vulnerabilities and/or compliance issues in: + +* Images {set:cellbgcolor:#fff} +* VMware Tanzu blobstores +* Containers +* Serverless functions +* Hosts +* Cloud platforms +* Registries +* VM images + +Scan intervals can be separately configured for each type of object. + + +[.task] +=== Configuring scan intervals + +The scan frequency is configurable. +By default, Prisma Cloud scans your environment every 24 hours. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Scan*. + +. Scroll down to the *Scheduling* section. + +. Set the scan intervals for each type according to your requirements. ++ +Scan intervals are specified in hours. + +. Scroll to the bottom of the page, and click *Save*. + + +=== Last scan time + +Console reports the last time Defender scanned your environment. +Go to *Manage > Defenders > Manage*, and click a row in the table to get a detailed status report for each deployed Defender. +The sidecar shows the last time Defender scanned the containers and images on the host where it runs. + +image::configure_scan_intervals_defender_details.png[width=350] + + +=== Scan performance + +Scanning for malware in archives in container images consumes a lot of resources. +The scanner unpacks each archive to search for malicious software. +Checksums must be individually calculated for each file. +Because of the performance impact and the way containers tend to be used, malware in archives is an unlikely threat. +As such, *Scan for malware within archives in images* is disabled by default. + +If this option is enabled, Prisma Cloud supports the following archive file types. + +* ZIP +* GZ +* TAR +* WAR +* JAR +* EAR + +Note: If the archive is over 512Mb, Prisma Cloud will not scan it. + + +=== Scan JavaScript components in manifest but not on disk + +// See https://github.com/twistlock/twistlock/issues/17341 + +The purpose of this option is to show vulnerabilities in dependencies that might not exist on disk (which are often development dependencies). + +Most Node.js packages contain a package.json that lists all of its dependencies (both dependencies, and devDependencies). +When parsing a Node.js package discovered during a scan, if this option is enabled, Prisma Cloud appends the all packages found in each package.json to the list of packages to be assessed for vulnerabilities. +This option isn't recommended for production scenarios because it can generate a significant number of false positives. + +If this option is disabled (default), Prisma Cloud only evaluates the packages that are actually found on disk during scan. +This is the recommended setting for production scenarios. + +NOTE: When scanning images with twistcli, use `--include-js-dependencies` to enable this option. + + +=== Unrated vulnerabilities + +When *Show vulnerabilities that are of negligible severity* is enabled, the scanner reports CVEs that aren't scored yet or have a negligible severity. +Negligible severity vulnerabilities don't pose a security risk, and are often designated with a status of "will not fix" or similar labels by the vendor. +They are typically theoretical, require a very special (unlikely) situation to be exploited, or cause no real damage when exploited. + +By default, this setting is disabled to strip unactionable noise from your scan reports. + + +=== Orchestration + +Kubernetes and other orchestrators have control plane components implemented as containers. +By default, Prisma Cloud doesn't scan orchestrator utility containers for vulnerability and compliance issues. diff --git a/docs/en/compute-edition/32/admin-guide/configure/configure.adoc b/docs/en/compute-edition/32/admin-guide/configure/configure.adoc new file mode 100644 index 0000000000..481c96f7af --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/configure.adoc @@ -0,0 +1,3 @@ +== Configure + +After installing Prisma Cloud, configure it to meet your operational and security requirements. diff --git a/docs/en/compute-edition/32/admin-guide/configure/custom-certs-predefined-dir.adoc b/docs/en/compute-edition/32/admin-guide/configure/custom-certs-predefined-dir.adoc new file mode 100644 index 0000000000..4398579b24 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/custom-certs-predefined-dir.adoc @@ -0,0 +1,206 @@ +== Configure custom certs from a predefined directory + +You can use your own certs to secure Prisma Cloud communication channels by simply copying your custom certs to a predefined directory that the Console and Defender containers mount at runtime. +No additional configuration in the Console UI is required to use your custom certs. +This mechanism is enabled by default. + +The communication channels you can secure with this mechanism are: + +* Console web UI and API over HTTPS ++ +By default, web and API clients connect to Console over HTTPS on port 8083. +Out of the box, traffic is TLS encrypted using self-signed certs. + +* Console-Defender communication over a WebSocket ++ +By default, Defender connects to Console over a WebSocket on TCP port 8084. +Out of the box, traffic between Defender and Console is TLS encrypted using self-signed certs. ++ +By design, Console and Defender don’t trust each other. +When Defender initiates a connection with Console, mutual TLS is used to verify both parties. + +In general, the keys and certs used for Defender-Console communication are considered an internal implementation detail. +Prisma Cloud generates, manages, and rotates the keys internally. +However, if your organization's policy calls for directly managing all keys and certs, Prisma Cloud gives you the control to do so. + + +=== How it works + +Configure Console and Defender to use custom certs by saving the certs into a known, predefined directory. +The predefined directory is `/var/lib/twistlock/custom-certificates`. +The directory must be mounted in the Console and Defender container file systems when the Prisma Cloud containers are started. + +When establishing a connection, the directory is checked for the required certificates. +If the required files exist, they are used to establish the connection. + +If there's any error in the cert files (e.g., corrupt files, key-cert mismatch, etc.), the connection fails to be established, and an error is logged. + +Prisma Cloud monitors the predefined directory for file system changes. +If a relevant change is detected, the connection is restarted. +For example, if console-cert.pem or console-key.pem are changed, the HTTPS listener is restarted. +This system is designed to make rotating certificates easy by simply copying new certs to the predefined directory. + + +=== Loading a TLS configuration + +When Console and Defender start, they create TLS configurations. + +Depending on the environment, a number of scenarios are possible. + +*Scenario: Console/Defender starts and the predefined custom certificates directory doesn't exist and isn't mounted in the container.* + +In this case, the feature is switched off. +Console/Defender uses its own self-signed certificates. + +*Scenario: Console/Defender starts and finds the predefined custom certificates directory mounted, but not all of the required files exist.* + +For example, Defender requires three files to secure Console-Defender communication: defender-ca.pem, defender-client-cert.pem, defender-client-key.pem. +In this scenario, assume the defender-ca.pem file is missing. + +In this case, Prisma Cloud initializes the connection using its own self-signed certificates, and then watches the predefined custom directory for changes. +If there are changes to the predefined directory, Prisma Cloud checks if all certificate files exist. +If they do, it tries to create a TLS configuration using those certs. +If it succeeds, the connection is reset and new connection is established with the custom certs. +If it fails, Prisma Cloud logs an error and keeps the existing connection. + +*Scenario: Console/Defender starts and finds the required certificates in the mounted directory* + +Prisma Cloud reads the certs and creates a TLS configuration. +If reading a cert fails, Console/Defender logs the following messages, and exits: + +---- + DEBU 2021-10-27T17:37:46.645 defender.go:1928 Using custom directory certificates + CRIT 2021-10-27T17:37:46.645 defender.go:285 Failed to construct defender client TLS config error reading X509 key pair (/var/lib/twistlock/custom-certificates/defender-client-cert.pem, /var/lib/twistlock/custom-certificates/defender-client-key.pem): tls: failed to parse private key +---- + + +==== Fixing misconfigurations + +If there's an error loading your certs (for example, malformed key material), you can fix the problem by simply copying fixed certs to the predefined directory. +As long as the Prisma Cloud container starts with the predefined directory mounted, it can watch the directory for changes, and try to reestablish a new connection with the latest certs when new files are detected + +This, in conjunction with the verbose log messages, will help you get your configuration right. + + +=== Required certificate files + +To secure a connection with your custom certs, Prisma Cloud looks for specific files in `/var/lib/twistlock/custom-certificates`. + + +==== Console + +For the Console HTTPS listener (for securing the web UI and API), the following files must be available in the predefined directory: + +* `console-cert.pem` +* `console-key.pem` + +For Console's WebSocket listener (for securing Console-Defender communication), the required files are: + +* `defender-ca.pem` +* `defender-server-cert.pem` +* `defender-server-key.pem` + + +==== Defender + +For Defender's WebSocket listener (for securing Console-Defender communication), the required files are: + +* `defender-ca.pem` +* `defender-client-cert.pem` +* `defender-client-key.pem` + + +=== Log messages + +Clear operational and error messages are sent to the Console and Defender logs so you can debug certificate issues. + +On startup, the following message is logged, indicating the custom directory is mounted and being tracked for rotations: + + Watching custom certificates directory: /var/lib/twistlock/custom-certificates + +If the directory was not mounted, the following message is logged: + + Custom certificates watcher disabled: certificates directory is not mounted + +Upon resetting a connection following a cert rotation, a message is logged, e.g., + + Defender custom certificates rotated, resetting connection + +Any error in the cert files (e.g., corrupt files, key-cert mismatch, etc.) will result in failure to establish connection, and it's logged as an error. + + +=== Deployment patterns + +This feature depends on your key material already being present on each node where Console and Defender run. +Certificate enrollment, renewal, and management are strictly your responsibility. + +The predefined custom certs directory must be mounted into Console/Defender's file system when the containers start (or restart). +Console/Defender only requires read access to the predefined directory. + +In general, you should have some kind of network storage (e.g., NFS), where you can centrally store and rotate your custom certs. +All pods would mount the same network volume, so that when you rotate your certs, the latest files are available to all pods at the same time. + + +[.task] +==== Onebox + +[.procedure] +. Before installing Onebox, create the predefined custom certs directory. + + mkdir -p /var/lib/twistlock/custom-certificates + +. Install xref:../install/deploy-console/console-on-onebox.adoc[Onebox]. + +. Check the Console and Defender logs. ++ +A log message says the pre-created directory was identified and that it's being watched. ++ +---- +DEBU 2021-11-11T11:59:33.296 cert_watcher.go:45 Watching custom certificates directory: /var/lib/twistlock/custom-certificates +---- + +. Copy your custom certificates to the pre-created directory. ++ +Both Console and Defender watch this directory for their certificates +Connections are reset when relevant changes are detected. + + +[.task] +==== Deploying Console and Defender in Kubernetes or OpenShift clusters + +The following steps provide high-level guidance for deploying Prisma Cloud containers with your custom certs in your clusters. + +[.procedure] +. Use twistcli to generate a Defender DaemonSet YAML configuration file. ++ +* xref:../install/deploy-console/console-on-kubernetes.adoc[Console on Kubernetes] +* xref:../install/deploy-console/console-on-openshift.adoc[Console on OpenShift] +* xref:../install/deploy-defender/orchestrator/orchestrator.adoc[Defender DaemonSets on Kubernetes] +* xref:../install/deploy-defender/orchestrator/openshift.adoc[Defender DaemonSets for OpenShift] + +. Before deploying, open the YAML file, and add a volume mount for the predefined directory, `/var/lib/twistlock/custom-certificates/`. ++ +For example: ++ +---- +apiVersion: v1 +kind: Pod +metadata: + name: example-pod +spec: + volumes: + - name: example-pv-storage + persistentVolumeClaim: + claimName: example-pv-claim + containers: + - name: defender-container + image: defender-image + volumeMounts: + - mountPath: "/var/lib/twistlock/custom-certificates/" + name: example-pv-storage +---- + + +=== Limitations + +App-Embedded and Serverless Defenders currently do not support custom keys and certs for securing Console-Defender communication. diff --git a/docs/en/compute-edition/32/admin-guide/configure/custom-feeds.adoc b/docs/en/compute-edition/32/admin-guide/configure/custom-feeds.adoc new file mode 100644 index 0000000000..79e573f366 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/custom-feeds.adoc @@ -0,0 +1,168 @@ +== Custom feeds + +You can supplement the Prisma Cloud Intelligence Stream with your own custom data, including: + +* Suspicious or high-risk IP addresses +* Malware signatures +* Trusted executables +* xref:../vulnerability-management/scan-images-for-custom-vulnerabilities.adoc[Custom vulnerabilities for proprietary software components.]. +* Allowed CVEs + +For each data type, you can add individual entries to a table from the Console web interface, bulk upload a list from a CSV file, or submit a JSON object using the Prisma Cloud API. + + +[.task] +=== Supplementing the IP reputation list + +You can supplement the Prisma Cloud Intelligence Stream with your own list of suspicious or high-risk IP addresses that you want to ban on your network. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Custom Feeds*. + +. Click *IP Reputation Lists*, and either click *Add IP* or *Import CSV*. ++ +Your list of banned IP addresses is immediately enforced when your data is imported. +A default runtime defense rule, *Default - detect suspicious runtime behavior*, logs an alert when a container tries to connect to a banned IP address. ++ +You can manually add one entry at a time, or do a bulk upload from a CSV file. +The maximum file size for a csv is 20MB. ++ +The first line in your CSV file must be a header record that contains the field names. +Specify one IP address per line. +For example: + + ip + 99.104.125.48 + 101.200.81.187 + 103.19.89.118 + +. Review the default rule ++ +Go to *Defend > Runtime > {Container Policy | Host Policy}*, then click manage for the *Default - detect suspicious runtime behavior* rule. +You should see that *Prisma Cloud Advanced Threat Protection* is set to *On*. + +[.task] +=== Create a list of malware signatures and trusted executables + +You can supplement the Prisma Cloud Intelligence Stream with your own custom malware signatures and trusted executable list. +The trusted executable list is a mechanism to address potential misidentification of legitimate files as malware. + +You can add MD5 hashes of custom malicious executables to the malware signatures list, it enables you to monitor malware that you want to alert or block in runtime rules. + +NOTE: Malware scanning and detection is supported for Linux container images and hosts only. +Windows containers and hosts are not supported. + +When you add MD5 hashes (signatures of binaries) to the trusted executables list, it enables you to ensure that a legitimate binary is not potentially identified as malicious by file system based defense capability in runtime rules. + +The trusted executable list does not apply to other runtime defense capabilities, such as process runtime protection. To exclude files from other runtime detection capabilities use the allowed list in the xref:../runtime-defense/runtime-defense.adoc[runtime defense section]. + + +[.procedure] +. Open Console. + +. Go to *Manage > System > Custom Feeds*. + +. Select *Malware signatures* or *Trusted executables*. + +. Choose how to add the MD5 hashes for malware signatures or trusted executables. ++ +The MD5 hashes you add to either list of custom feed, are used in all subsequent image scans. +It is also used immediately by the runtime defense file system sensor, which assesses all writes to the host and container file system. + +.. For *Add MD5*, you can manually add one entry at a time. +.. For *Import CSV*, you can bulk upload from a CSV file. ++ +The maximum file size is 20MB. ++ +The first line in your CSV file must be a header record that contains the field names. ++ +Specify one entry per line. Each entry must include the MD5, followed by a good description to identify why the MD5 is trusted ( in the case of trusted executables) or is known to be malicious (in the case of malware signatures). ++ +For example: ++ + md5,name + 194836fbe0f121a25b145e55e80cef22,legitimate binary built in-house + 0aeb0cac186a81a6ac45776d6b56dd70,test file + 33cc273ae3aa8bce6a22c92e7d11f63a,benign file + +. Review the default rule. ++ +A default runtime defense rule, *Default - detect suspicious runtime behavior*, logs an alert when malware is detected using signatures from the Prisma Cloud data set or your custom data set. ++ +To review the default rule, go to *Defend > Runtime > {Container Policy | Host Policy}*, then click manage for the *Default - detect suspicious runtime behavior* rule. +You should see that *Prisma Cloud Advanced Threat Protection* is set to *On*. + + +[.task] +=== Allowing CVEs globally + +Some organizations have have very sophisticated CI pipelines that encompass many teams and products. +When your security team concludes that a CVE doesn't impact the organization, they want to dismiss it globally without having to manage individual rules or exceptions. + +The CVE Allow List lets you allow CVEs system-wide. +Any entry in the CVE Allow List affects all flows in the product, including twistcli, the Jenkins plugin, registry scanning, deployment blocking, Vulnerability Explorer, and so on. +Adding a CVE to this list effectively filters it out from the data in the Prisma Cloud Intelligence Stream before it's used by the scanner. + +The CVE Allow List takes precedence over any rule that's been created under *Defend > Vulnerabilities*. +It is a feature designed to complement rules. +Rules also let you allow a CVE, but more granularly, by scoping them to specific resources or parts of your environment. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Custom Feeds*. + +. Click *CVE Allow List*, and either click *Add CVE* or *Import CSV*. ++ +You can set an expiration date for the CVE, if you want to set a time restriction for when it should no longer be allowed. + + +=== Test Prisma Cloud malware detection capabilities + +Safely simulate malware in your environment to test the malware detection capabilities on Prisma Cloud. + + +[.task] +==== Configure a custom malware feed + +Set up a custom feed by uploading the provided CSV file to Prisma Cloud Console. +This file specifies the MD5 signature for a file that will be considered malware for the purposes of this demo. + +[.procedure] +. Download https://cdn.twistlock.com/docs/attachments/malware.csv[_malware.csv_]. + +. In Console, go to *Manage > System > Custom Feeds > Malware Signatures*. + +. Click *Import CSV*, and upload _malware.csv_. + + +[.task] +==== Detect malware at runtime + +Test how Prisma Cloud detects malware being downloaded into a container at runtime. + +*Prerequisites:* +The default runtime rule, *Default - alert on suspicious runtime behavior* under *Defend > Runtime > Container Policy* is in place. +If you have deleted or changed the default rule, create a new one. + +. Go to *Defend > Runtime > Container Policy*, and click *Add rule*. + +. Enter a name for the rule. + +. In the *General* tab, verify *Prisma Cloud Advanced Threat Protection* is *On*. + +. In each of the *Process*, *Networking*, *File System*, and *System Calls* tabs, set *Effect* to *Alert*. + +[.procedure] +. Run a container and download malware into it. + + $ docker run -ti alpine sh + / # wget https://cdn.twistlock.com/docs/attachments/evil + +. Look at resulting audit. +Open Console and browse to *Monitor > Events > Container Audits*. +You will see a file system audit that says malware was detected. ++ +image::malware_detected.png[width=850] diff --git a/docs/en/compute-edition/32/admin-guide/configure/customize-terminal-output.adoc b/docs/en/compute-edition/32/admin-guide/configure/customize-terminal-output.adoc new file mode 100644 index 0000000000..18f2489879 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/customize-terminal-output.adoc @@ -0,0 +1,71 @@ +== Customize terminal output + +Prisma Cloud lets you create rules that block access to resources or block the deployment of non-compliant containers. + +For example, you might create a rule that blocks the deployment of any image that has critical severity vulnerabilities. +By default, when you try to run non-compliant image, Prisma Cloud returns a terse response: + + # docker -H :9998 --tls run -ti morello/docker-whale + docker: Error response from daemon: [Prisma Cloud] operation blocked by policy: (test-compliance), host has 19 compliance issues. + +To help the operator better understand how to handle a blocked action, you can enhance Prisma Cloud's default response by + +* Appending a custom message to the default message. +For example, you could tell operators where to go to open a ticket. + +* Configuring Prisma Cloud to return an itemized list of compliance issues rather than just a summary. +This way, the operator does not need to contact the security team to determine which issues are preventing deployment. +They are explicitly listed in the response. + +Enhanced terminal output is available for rules created under: + +* *Defend > Vulnerabilities > Policy* +* *Defend > Compliance > Policy* +* *Defend > Access* (Kubernetes access control rules) + +=== Specify a Custom Message + +You can create custom rules to audit your Kubernetes cluster and alert when a rule is violated. Refer to the xref:../audit/kubernetes-auditing.adoc[Kubernetes auditing] documentation. + +[.task] +=== Output itemized list of compliance issues + +You can configure vulnerability and compliance rules to return a detailed list of issues when Prisma Cloud blocks a deployment. + +In this procedure, you create a vulnerability rule that prevents the deployment of any image that contains any type of vulnerable package. + +Although this procedure is specific to vulnerability rules, the process for compliance rules is the same. + +[.procedure] +. Open Console. + +. Create a new vulnerability rule (*Defend > Vulnerabilities > Policy*) or compliance rule (*Defend > Compliance > Policy*). + +. In the new rule dialog, enter the following information: + +.. Enter a rule name. + +.. Specify conditions that trigger a block action. ++ +For example, for the *Image contains vulnerable OS packages* condition in a vulnerability rule, set the *Action* to *Block* and set the *Severity* threshold to *Low*. + +.. Set *Terminal output verbosity for blocked requests* to *Detailed*. + +.. Click *Save*. + +. Test your setup by deploying an image with vulnerabilities. ++ +On a host protected by Prisma Cloud, run an image with vulnerabilities. ++ +[source,console] +---- +$ docker run --rm -it ubuntu:14.04 sh +docker: Error response from daemon: [Prisma Cloud] Image operation blocked by policy: (sdf), has 44 vulnerabilities, [low:25 medium:19]. +Image ID CVE Package Version Severity Status +===== == === ======= ======= ======== ====== +ubuntu:14.04 4333f1 CVE-2017-2518 sqlite3 3.8.2-1ubuntu2.1 medium deferred +ubuntu:14.04 4333f1 CVE-2017-6512 perl 5.18.2-2ubuntu1.1 medium needed + . + . + . +---- diff --git a/docs/en/compute-edition/32/admin-guide/configure/disaster-recovery.adoc b/docs/en/compute-edition/32/admin-guide/configure/disaster-recovery.adoc new file mode 100644 index 0000000000..3e4f43c23d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/disaster-recovery.adoc @@ -0,0 +1,229 @@ +== Backup and Restore + +Prisma Cloud automatically backs up all data and configuration files periodically. +You can view all backups, make new backups, and restore specific backups from the Console UI. +You can also restore specific backups using the `twistcli` command line utility. + +Prisma Cloud is implemented with containers that cleanly separate the application from its state and configuration data. +To back up a Prisma Cloud installation, only the files in the data directory need to be archived. +Because Prisma Cloud containers read their state from the files in the data directory, Prisma Cloud containers do not need to be backed up, and they can be installed and restarted from scratch. + +When data recovery is enabled (default), Prisma Cloud archives its data files periodically and copies the backup file to a location you specify. +The default path to the data directory is _/var/lib/twistlock_. +You can specify a different path to the data directory in _twistlock.cfg_ when you install Console. + +[.task] +=== Configure Automated Backups + +By default, automated backups are enabled. +With automated backups enabled, Prisma Cloud takes a daily, weekly, and monthly snapshots. +These are known as system backups. + +To specify a different backup directory or to disable automated backups, modify _twistlock.cfg_ and install (or reinstall) Prisma Cloud console. +The following configuration options are available: + +[cols="25%,75%a", options="header"] +|=== +|Configuration option +|Description + +|`DATA_RECOVERY_ENABLED` +|Enables or disables automated backups. + +* `true` -- Enables automated backups (default). +* `false` -- Disables automated backups. + +|`DATA_RECOVERY_VOLUME` +|Specifies the directory where backups are saved. + +For example, archives could be saved on durable persistent storage, such as a volume from Amazon Elastic Block Storage (EBS). + +The default value is _/var/lib/twistlock-backup_. +|=== + +[.procedure] +. Open _twistlock.cfg_ for editing. + +. Scroll down to the Data recovery section. + +. Enable (or disable) automated back up by setting DATA_RECOVERY_ENABLED to true (or false). ++ + DATA_RECOVERY_ENABLED=true + +. Specify the location where backups should be stored. ++ + DATA_RECOVERY_VOLUME= + +. Load your new configuration settings. ++ +If you have not installed Prisma Cloud console yet, follow the regular installation procedure. +For more information, see xref:../install/getting-started.adoc[Install Prisma Cloud]. ++ +If Prisma Cloud has already been installed on your host, load your new _twistlock.cfg_ file by re-running _twistlock.sh_. +The following command assumes that _twistlock.sh_ and your updated _twistlock.cfg_ reside in the same directory. ++ + $ sudo ./twistlock.sh console + + +[.task] +=== Add Manual Backups + +Prisma Cloud automatically creates and maintains daily, weekly, and monthly backups. +These are known as system backups. +You can also make your own backups at any point in time. +These are known as manual backups. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Backup & restore*. + +. Under *Manual backups*, select *Add backup*. + +. Enter a name for your backup, and select *Create*. ++ +Your backup file is stored in _/var/lib/twistlock-backup_ in the storage volume allocated to Prisma Cloud console. +For a onebox installation, this would simply be the local file system of the host where Console runs. +For a cluster, such as Kubernetes, this would be the persistent volume allocated to the Console service. + +[#restore-console-ui] +[.task] +=== Restore Backups from the Console UI + +You can restore Console from a backup file directly from within the Console UI. +The Console UI lists all available backups. + +NOTE: You can only restore Console from a backup file whose version exactly matches the current running version of Console. +Therefore, if the current running version of Console is `v31.01.xxx`, you cannot restore a backup whose version is `v31.00.xxx`. +To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. +As long as the specified backup directory (by default, _/var/lib/twistlock-backup_) contains your backup file, you'll be able to restore it. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Backup & restore*. + +. Select *Restore* on one of the system or manual backups. ++ +[NOTE] +==== +The restore process takes a few minutes, during which the Console will be unavailable for any other operations. + +If the database restore fails, the Console will revert the changes and fallback to the database state it had before the restore started. +==== + +. After the database is reloaded from the backup file, restart Console. ++ +For a onebox installation, ssh to the host where Console runs, then run the following command: ++ + $ docker restart twistlock_console ++ +For a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it: ++ +[source,bash] +---- +// Get the name of Prisma Cloud console pod: +$ kubectl get po -n twistlock | grep console + +// Delete the Prisma Cloud console pod: +$ kubectl delete po -n twistlock +---- ++ +[NOTE] +==== +If any new Defenders were installed since the backup was created, restart those Defenders. +Otherwise, they might not function properly. + +If a Defender created any new runtime models since the backup was created, restart those Defenders. +Otherwise, those models might not be visible. +==== + +[.task] +=== Restore Backups using `twistcli` + +You can restore Console from a backup using _twistcli_. +Use this restore flow when Console is unresponsive and you cannot access the UI to force a restore to a known good state. + +NOTE: You can only restore Console from a backup file whose version exactly matches the current running version of Console. +Therefore, if the current running version of Console is `v31.01.xxx`, you cannot restore a backup whose version is `v31.00.xxx`. +To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. +As long as the specified backup directory (by default, _/var/lib/twistlock-backup_) contains your backup file, you'll be able to restore it. + +*Prerequisites:* + +* Your host can access the volume where the Prisma Cloud backups are stored. +By default, backups are stored in _/var/lib/twistlock-backup_, although this path might have been customized at install time. + +* Your host can access the Prisma Cloud's data volume. +By default, the data volume is located in _/var/lib/twistlock_, although this path might have been customized at install time. + +* Your version of _twistcli_ matches the version of the backup you want to restore. + +[.procedure] +. Go to the directory where you unpacked the Prisma Cloud release. + +. Run the _twistcli restore_ command. +Run _twistcli restore --help_ to see all arguments. + +.. List all available backups. +To list all files in the default backup folder (/var/lib/twistlock-backup), run _twistcli restore_ without any arguments: ++ + $ ./twistcli restore ++ +To list all backup files in a specific location, run: ++ + $ ./twistcli restore + +.. Choose a file to restore by entering the number that corresponds with the backup file. ++ +For example: ++ +``` +aqsa@aqsa-faith: ./twistcli restore --data-recovery-folder /var/lib/twistlock-backup/ +Please select from the following: +0: backup1 2.5.91 2018-08-07 15:10:10 +0000 UTC +1: daily 2.5.91 2018-08-06 16:10:48 +0000 UTC +2: monthly 2.5.91 2018-08-06 16:10:48 +0000 UTC +3: weekly 2.5.91 2018-08-06 16:10:48 +0000 UTC +Please enter your selection: +0 +``` +. After the database is reloaded from the backup file, re-install/restart Console. ++ +For a onebox installation, ssh to the host where Console runs, then rerun the installer: ++ + $ sudo ./twistlock.sh -ys onebox ++ +For a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it: ++ +[source,bash] +---- +// Get the name of Prisma Cloud Console pod: +$ kubectl get po -n twistlock | grep console + +// Delete the Prisma Cloud Console pod: +$ kubectl delete po -n twistlock +---- + +ifdef::compute_edition[] + +[.task] +=== Restore Fargate Console + +When restoring a Console running on Fargate perform the following steps: + +[.procedure] +. Create a new xref:../install/deploy-console/console-on-fargate.adoc[Console Fargate task]. + +. Create Console's first administrative account and enter your license. + +. <>. + +. Restart the Console by stopping the task and allowing the scheduler to create a new Console task. + +endif::compute_edition[] + +=== Download Backups + +Prisma Cloud Compute lets you download backup files so that they can be copied to another location. +Backup files can be downloaded from the Console. Go to *Manage > System > Backup & Restore*, and click *Actions > Export* to download a backup. diff --git a/docs/en/compute-edition/32/admin-guide/configure/enable-http-access-console.adoc b/docs/en/compute-edition/32/admin-guide/configure/enable-http-access-console.adoc new file mode 100644 index 0000000000..88de02e6cf --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/enable-http-access-console.adoc @@ -0,0 +1,39 @@ +== Enable HTTP access to Console + +By default, Prisma Cloud only creates an HTTPS listener for access to Console. +In some circumstances, you may wish to enable an HTTP listener as well. +Notice that accessing Console over plain, unencrypted HTTP isn't recommended, as sensitive information can be exposed. + +Enabling an HTTP listener simply requires providing a value for it in twistlock.cfg. +At first, your configuration file would look like this: + + ############################################# + # Network configuration + ############################################# + # Each port must be set to a unique value (multiple services cannot share the same port) + ###### Management console ports ##### + # Sets the ports that the Prisma Cloud management website listens on + # The system that you use to configure Prisma Cloud must be able to connect to the Prisma Cloud Console on these ports + # To disable a listener, leave the value empty (e.g. MANAGEMENT_PORT_HTTP=) + # Accessing Console over plain, unencrypted HTTP isn't recommended, as sensitive information can be exposed + MANAGEMENT_PORT_HTTP= + MANAGEMENT_PORT_HTTPS=8083 + +To enable the HTTP listener, your configuration file should look like this: + + ############################################# + # Network configuration + ############################################# + # Each port must be set to a unique value (multiple services cannot share the same port) + ###### Management console ports ##### + # Sets the ports that the Prisma Cloud management website listens on + # The system that you use to configure Prisma Cloud must be able to connect to the Prisma Cloud Console on these ports + # To enable the HTTP listener, set the value of MANAGEMENT_PORT_HTTP (e.g. MANAGEMENT_PORT_HTTP=8081) + # Accessing Console over plain, unencrypted HTTP isn't recommended, as sensitive information can be exposed + MANAGEMENT_PORT_HTTP=8081 + MANAGEMENT_PORT_HTTPS=8083 + +After you've updated the configuration file, just rerun _twistlock.sh_ for the changes to take effect. +For example: + + $ sudo ./twistlock.sh -s console diff --git a/docs/en/compute-edition/32/admin-guide/configure/log-scrubbing.adoc b/docs/en/compute-edition/32/admin-guide/configure/log-scrubbing.adoc new file mode 100644 index 0000000000..7c43cc04c6 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/log-scrubbing.adoc @@ -0,0 +1,58 @@ +== Log Scrubbing + +Prisma Cloud Compute Runtime events may include sensitive information that's found in commands that are run by protected workloads, such as secrets, tokens, PII, or other information considered to be personal by various laws and regulations. + +Using the Runtime log scrubbing capabilities, you can filter such sensitive information and ensure that it is not included in the Runtime findings (such as Forensics, Incidents, audits, and so on.). + +You can filter your Runtime sensitive data out using the automatic scrubbing capability, as well as using custom scrubbing rules. +Follow the documentation instructions to learn more about these two options. + +Sensitive information from WAAS logs can be scrubbed as well, see xref:../waas/log-scrubbing.adoc[WAAS Log Scrubbing] to learn more. + +=== Automatically scrub secrets from runtime events + +//This info is repeated +//To help identify and filter secrets that commonly appear in the Runtime monitored commands, we added the capability to automatically +You can enable the automatic scrubbing of known sensitive phrases (such as "secrets", "passwords", "tokens", and so on.) from your runtime events. +The detected sensitive data will be replaced in the events by `"[\\*****]"`. + +[.task] +==== Enable/Disable the automatic scrubbing: + +[.procedure] +. Open the Console, and go to *Manage > System > General*. + +. Enable/Disable *Automatically scrub secrets from runtime events*. + +[.task] +=== Add/Edit custom scrubbing rule + +Create or edit log scrubbing rules. + +[.procedure] +. Open the Console, and go to *Manage > System > General*. + +. In the *Custom log scrubber* section select *Runtime* or *WAAS*. + +. Click on *Add rule* or select an existing rule. + +. Enter the rule *Name*. + +. Provide a matching *Pattern* in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^sessionID$`, `key-[a-zA-Z]{8,16}`. + +. Provide a *Placeholder* string e.g. `[scrubbed email]`. + +.. Placeholder strings indicating the nature of the scrubbed data should be used as users will not be able to see the underlying scrubbed data. + +. Click *Save*. ++ +[NOTE] +==== +* Data will now be scrubbed from any Runtime and WAAS event before it is written (either to the Defender log or syslog) and sent to the console. +* The automatic scrubbing and custom scrubbing are independent, meaning that you can choose to use each one of them separately. +* Data will be scrubbed only in messages that are generated while the scrubbing toggle or scrubbing rule is *enabled*. Messages that were generated *before* enabling one of the scrubbing configurations above or *after* disabling them, won't be scrubbed. +* The WAAS scrubbing rules are synced with the rules in *Defend > WAAS > Sensitive data*. +* Serverless Runtime events are not scrubbed. +==== ++ +image::runtime_log_scrubbing.png[width=700] diff --git a/docs/en/compute-edition/32/admin-guide/configure/logon-settings.adoc b/docs/en/compute-edition/32/admin-guide/configure/logon-settings.adoc new file mode 100644 index 0000000000..4c785abcb4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/logon-settings.adoc @@ -0,0 +1,151 @@ +== Logon settings + +You can control how users access Prisma Cloud with logon settings. + + +=== Setting Console's token validity period + +Prisma Cloud lets you set up long-lived tokens for access to the Console web interface and the API. + +For security, users are redirected to the login page when an inactive Console session exceeds a configurable timeout. +By default, the timeout is 30 minutes. +This configurable timeout value also controls the validity period for API tokens. + +// Invalidate token when user logs out of Console +// https://github.com/twistlock/twistlock/issues/3814 +// Auto calculate API token renewal period +// https://github.com/twistlock/twistlock/issues/4807 +// Users logged-off after a few seconds after changing the "API token renewal period (in minutes)" +// https://github.com/twistlock/twistlock/issues/4494 + +For Console web interface tokens: + +* If a user explicitly logs out, the claim to access Console is revoked. +* If Console is restarted, all users are automatically logged out. + + +[.task] +=== Setting Console's token validity period + +Tokens are issued to control access to both Console's web interface and the API. +You can set a timeout for Console sessions and a validity period for API tokens. + +[.procedure] +. Open Console. + +. Go to *Manage > Authentication > Logon*. + +. Specify a value for *Timeout for inactive Console sessions*. ++ +This value controls: ++ +* Time, in minutes, that a Console session can be inactive. +After the timeout expires, the user is redirected to the login page. +In an active session, the token is automatically renewed when the time elapsed is greater than or equal to half the timeout value. +* Time, in minutes, that an API token is valid. +After the token expires, a new one must be retrieved. ++ +The maximum value permitted for *Timeout for inactive Console sessions* is 71580 minutes. + +. Click *Save*. ++ +After you save your changes, Console redirects you to the login page for your changes to take effect. + + +[.task] +=== Single sign-on to the Prisma Cloud Support + +Prisma Cloud can allow single sign on and contextual help from the "?" button in the upper right hand corner of each Console page. + +Our https://docs.twistlock.com site allows access when a valid token is issued from the Customer. +Or in this case, the "?" contextual links can embed the token into the URL used to access the page. + +[.procedure] +. Open Console. + +. Go to *Manage > Authentication > Logon*. + +. Set the toggle for *Enable context sensitive help and single sign on to the Twistlock Support site*. ++ +When set to on (default), the token will be embedded into the contextual help link. when set to off, it will not be and you will need to enter the token manually. + +. Click *Save*. ++ +After saving your changes, Console redirects you to the login page for your changes to take effect. + + +[.task] +=== Basic authentication to Console and API + +Twistlock lets you disable basic authentication to the Console and API. Basic authentication is used in connections from _twistcli_, the API, and Jenkins. + +With _twistcli_, you need to use the '_--token_' option to authenticate with the Console for image scanning and other operations that access Console. +This is the same token you receive form the /api/v1/authenticate API endpoint. +For more information, see the https://pan.dev/compute/api/[API documentation]. + +With the API, you would have use the authenticate endpoint to generate an authentication token to access any of the endpoints. Accessing the APi with Basic Authentication would not be allowed. + +With Jenkins, there is no option at this point to use the Jenkins plugin and have basic authentication disabled. An option would be to use _twistcli_ within Jenkins. this would require a step in the pipeline to retrieve an authentication token from the API for the scan to be completed. + +[.procedure] +. Open Console. + +. Go to *Manage > Authentication > Logon*. + +. Set the toggle for *Disable basic authentication to Console and API*. ++ +When set to on, basic authentication will be disabled for the Console and API. You will not loose access to the Console from the login page. All of your user account will still be active and will still have access to login to the Console. + +. Click *Save*. ++ +After saving your changes, Console redirects you to the login page for your changes to take effect. + + +[.task] +=== Strict certificate validation in Defender + +Twistlock Console provides Defender installation scripts which use _curl_ to transfer data from Console. +By default, scripts copied from Console append the '_-k_' option, also known as '_--insecure_', to curl commands. +This option lets curl proceed even if server connections are otherwise considered insecure. + +Console provides a global option to disable the '_-k_' argument for curl commands. + +[.procedure] +. Open Console. + +. Go to *Manage > Authentication > Logon*. + +. Set the toggle for *Require strict certificate validation in Defender installation links*. ++ +When set to *On*, Defender installation scripts copied from Console do not use the '_-k_' option with curl when transferring data from Console. +In addition, the piped _sudo bash_ command passes the '_-v_' option to defender.sh to secure secondary curl commands in the defender.sh script. + +. Click *Save*. ++ +After saving your changes, Console redirects you to the login page for your changes to take effect. + + +[.task] +=== Strong passwords for local accounts + +Twistlock can enforce the use of a strong password. +A strong password has the following requirements: + +* Cannot be the same as the username. +* Must be at least 12 characters. +* Must contain one of each of the following: uppercase character, lowercase character, number, special character. +* List of special characters: `~!@#$%^&*()-_=+|[{}];:'\",<.>/?"` + +[.procedure] +. Open Console. + +. Go to *Manage > Authentication > Logon*. + +. Set the toggle for *Require strong passwords for local accounts*. ++ +When enabled, strong passwords are required for passwords of newly created accounts or when existing passwords are changed. +Enabling this setting doesn't force existing accounts to change their password or disable access to any accounts. + +. Click *Save*. ++ +After saving your changes, Console redirects you to the login page for your changes to take effect. diff --git a/docs/en/compute-edition/32/admin-guide/configure/permissions.adoc b/docs/en/compute-edition/32/admin-guide/configure/permissions.adoc new file mode 100644 index 0000000000..68787bc268 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/permissions.adoc @@ -0,0 +1,185 @@ +:toc: macro +== Permissions by feature + +When you set up Prisma Cloud Compute to secure your cloud workloads, you'll need to ensure you've granted Prisma Cloud the right permissions. +The following tables list the permissions required for each of Compute's protection capabilities. + +toc::[] + +You can review the permissions needed for agentless scanning in each cloud service provider: + +* <<#aws-agentless,AWS>> +* <<#azure-agentless,Azure>> +* <<#gcp-agentless,GCP>> + +[#aws] +=== AWS + +The following table shows the required permissions needed if you are using AWS. +You can also review the <<#aws-agentless,permissions needed for agentless scanning in AWS>>. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/compute-feature-wise-permissions?sheet=aws-used-in-docs-for-22.12 +|=== + +[#aws-agentless] +==== Agentless Permissions + +The following table shows the required permissions, conditions, and resources for agentless scanning. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/compute-feature-wise-permissions?sheet=aws-agentless-30-03 +|=== + +Go to the https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#ebs-encryption-requirements[AWS documentation for the official list of permissions needed to support EBS encryption]. + +[#gcp] +=== GCP + +The following table shows the required permissions needed if you are using GCP. +You can also review the <<#gcp-agentless,permissions needed for agentless scanning in GCP>>. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/compute-feature-wise-permissions?sheet=gcp-used-in-docs-for-22.12 +|=== + +[#gcp-agentless] +==== Agentless Permissions + +The following table shows the required permissions for agentless scanning. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/compute-feature-wise-permissions?sheet=gcp-agentless-30-03 +|=== + +[#azure] +=== Azure + +The following table shows the required permissions needed if you are using Azure. +You can also review the <<#azure-agentless,permissions needed for agentless scanning in Azure>>. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/compute-feature-wise-permissions?sheet=azure-used-in-docs-for-22-12 +|=== + +[#azure-agentless] +==== Agentless Permissions + +The following table shows the required permissions for agentless scanning. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/compute-feature-wise-permissions?sheet=azure-agentless-30-03 +|=== + +ifdef::prisma_cloud[] +Use these link to download the permissions as a text file for the https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/azure-commercial-permissions-security-coverage.txt[Azure Commercial] | https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/azure-government-permissions-security-coverage.txt[Azure Government] environments + +endif::prisma_cloud[] + +ifdef::compute_edition[] +[#min-permission-cloud-discovery] +=== Minimum Permissions for Cloud Discovery + +Prisma Cloud needs one set of minimum permissions to discover and itemize all the resources in your account. +After finding those resources, Prisma Cloud typically needs an additional set of permissions to protect them. +Permissions might be needed to retrieve those resources and inspect them for vulnerabilities and compliance issues. + +For example, the service account for cloud discovery uses the `ecr:DescribeRepositories` permission to list all ECR repositories in your AWS accounts. +If you find a repository that's not being scanned, and you want to configure Prisma Cloud to scan it, Prisma Cloud needs another service account with deeper permissions that lets it auth with the ECR service and download images from the repository. The permissions needed could be `ecr:GetAuthorizationToken`, `ecr:BatchGetImage`, etc. +Here you find the permissions required for cloud discovery to scan your accounts. +The permissions required to enable protection, for example scanning a repository, are documented in each protection feature respective page. + +==== AWS + +For AWS, Prisma Cloud requires a service account with following minimum permissions policy: + +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PrismaCloudComputeCloudDiscovery", + "Effect": "Allow", + "Action": [ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ec2:DescribeTags", + "ecr:DescribeRepositories", + "ecs:DescribeClusters", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "eks:DescribeCluster", + "eks:ListClusters", + "lambda:GetFunction", + "lambda:ListFunctions" + ], + "Resource": "*" + } + ] +} +---- + +To learn more about the needed credentials for AWS, go to the xref:../authentication/credentials-store/aws-credentials.adoc[AWS credentials store page]. + +==== Azure + +For Azure, Prisma Cloud requires a role with the following minimum permissions: + +[source,json] +---- +{ + "permissions": [ + { + "actions": [ + "Microsoft.ContainerRegistry/registries/read", + "Microsoft.ContainerRegistry/registries/metadata/read", + "Microsoft.ContainerService/managedClusters/read", + "Microsoft.Web/sites/Read", + "Microsoft.ContainerInstance/containerGroups/read", + "Microsoft.ContainerInstance/containerGroups/containers/exec", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachineScaleSets/read", + "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read", + "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ] +} +---- + +The `Microsoft.ContainerInstance/containerGroups/containers/exec` checks for whether ACI is defended. + +To learn more about the needed credentials for Azure, go to the xref:../authentication/credentials-store/azure-credentials.adoc[Azure credentials store page]. + +==== Google Cloud + +For GCP, Prisma Cloud requires a xref:../authentication/credentials-store/gcp-credentials.adoc[service account with the viewer role]. +The basic role `roles/viewer`, however, is very broad with thousands of permissions across all Google Cloud services. + +For production environments, use a more tightly scoped service account with the following predefined roles: + +Predefined roles: + +* Artifact Registry Reader (https://cloud.google.com/artifact-registry/docs/access-control#roles[`roles/artifactregistry.reader`]) +* Storage Object Viewer (`roles/storage.objectViewer`) +* Kubernetes Engine Cluster Viewer (`roles/container.clusterViewer`) +* Cloud Functions Viewer (`roles/cloudfunctions.viewer`) + +Also, create custom role with the following permissions, and attach it to your serivce account. + +* `compute.instances.list` +* `compute.zones.list` +* `compute.projects.get` +* `cloudfunctions.functions.sourceCodeGet` # Required for serverless function scanning +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/configure/proxy.adoc b/docs/en/compute-edition/32/admin-guide/configure/proxy.adoc new file mode 100644 index 0000000000..9ec11f0362 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/proxy.adoc @@ -0,0 +1,123 @@ +== Configuring Prisma Cloud proxy settings + +In some environments, access to the internet must go through a proxy and you can configure Prisma Cloud to route requests through your proxy. +Proxy settings can either be applied to both Console and Defender containers or separately for each Defender deployment. + +The global proxy settings are configured in the UI after Console is installed. +Console starts using these settings after you apply it. +Any Defenders deployed after you configure the proxy settings will use it unless you explicitly choose a different proxy when deploying the Defenders. +Any Defenders that were deployed before you saved your proxy settings must be redeployed. + + +[.section] +=== Console + +Console has a number of connections that might traverse a proxy. + +image::configure_proxy_console.png[width=420] + +* Retrieving Intelligence Stream updates. +* Connecting to services, such as Slack and JIRA, to push alerts. + + +[.section] +=== Defenders + +Defender has a number of connections that might traverse a proxy. + +image::configure_proxy_defender.png[width=500] + +* Connecting to Console. ++ +If you have a proxy or a load balancer between Defender and Console, make sure that TLS interception is not enabled. The certificate and keys used for the Console to Defender mutual TLS v1.2 web socket session cannot be intercepted. This ensures that the Console is only communicating with the Defenders it has deployed and the Defenders only communicate with the Console that manages them. + +* Connecting to external systems, such as Docker Hub or Google Container Registry, for scanning. +* Connecting to your secrets store to retrieve secrets for injection into your containers. + +=== Global proxy settings + +A number of settings let you specify how Prisma Cloud interfaces with your proxy. + + +[.section] +==== Proxy bypass + +You can provide a list of addresses—DNS names, IP addresses, or a combination of both—that Prisma Cloud can contact directly without connecting through the proxy. +Specifying IP addresses in CIDR notation is supported. Specifying DNS names using wildcards is supported. + +[.section] +==== CA certificate + +Console verifies server certificates for all TLS connections. +With TLS intercept proxies, the connection from Console to the Internet passes through a proxy, which may be transparent. +To facilitate traffic inspection, the proxy terminates the TLS connection and establishes a new connection to the final destination. + +If you have a TLS intercept proxy, it will break the Console's ability to connect to external services, because Console won't be able to verify the proxy's certificate. +To get Console to trust the proxy, provide the CA certificates for Console to trust. And, ensure that your proxy uses the client certificate of the Defender when it sends requests from the Defender to the Console. + +[.section] +==== Proxy authentication + +If egress connections through your proxy require authentication, you can provide the credentials in Prisma Cloud's proxy settings. +Prisma Cloud supports link:https://tools.ietf.org/html/rfc7617[Basic authentication] for the Proxy-Authenticate challenge-response framework defined in link:https://tools.ietf.org/html/rfc7235[RFC 7235]. +When you provide a username and password, Prisma Cloud submits the credentials in the request's Proxy-Authorization header. + + +[.task] +=== Configuring global proxy settings + +Configure your proxy settings in Console. + +[.procedure] +. Open Console, and go to *Manage > System > Proxy*. + +. In *HTTP Proxy*, enter the address of the web proxy. +Specify the address in the following format: ://:, such as http://proxyserver.company.com:8080. + +. (Optional) In *No Proxy*, enter addresses that Prisma Cloud can access directly without connecting to the proxy. +Enter a list of IP addresses and domain names. +Specifying IP addresses in CIDR notation is supported. Specifying DNS names using wildcards is supported. + +. (Required for TLS intercept proxies only) Enable trusted communication to the Prisma Cloud Console. ++ +The proxy must trust the Prisma Cloud Console Certificate Authority (CA) and use the client certificate of the Defender when the proxy sends requests from the Defender to the console. + +.. Enter the proxy root CA, in PEM format that Console should trust. + +.. Configure the proxy to use the Defender client-certificate when it opens a TLS connection to the Console. ++ +Use the `/api/v1/certs/server-certs.sh` API to obtain the following files: + +* The client key of the Defender: `defender-client-key.pem` +* The client certificate of the Defender: `defender-client-cert.pem` +* The Prisma Cloud Console CA certificate: `ca.pem` + +. (Optional) If your proxy requires authentication, enter a username and password. + +. Click *Save*. + +. Redeploy your Defenders to propagate updated proxy settings to them. ++ +Console does not need to be restarted. +After proxy settings are saved, Console automatically uses the settings the next time it establishes a connection. ++ +Any newly deployed Defenders will use your proxy settings. ++ +Any already deployed Defenders must be redeployed. +For single Container Defenders, uninstall then reinstall. +For Defender DaemonSets, regenerate the DaemonSet YAML, then redeploy. + + $ kubectl apply -f defender.yaml + + +[.task] +=== Configuring per-deployment proxy settings + +Prisma Cloud supports setting custom proxy settings for each Defender deployment. This way you can set multiple proxies for Defenders which are deployed in different environments. + +[.procedure] +. Open Console, and go to *Manage > Defenders > Deploy*. + +. Choose your preferred deployment method. + +. Click on *Specify a proxy for the defender (optional)* and enter your proxy details. diff --git a/docs/en/compute-edition/32/admin-guide/configure/reconfigure-twistlock.adoc b/docs/en/compute-edition/32/admin-guide/configure/reconfigure-twistlock.adoc new file mode 100644 index 0000000000..948b3eec7a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/reconfigure-twistlock.adoc @@ -0,0 +1,28 @@ +:topic_type: task + +[.task] +== Reconfigure Prisma Cloud + +In many cases, you will set up _twistlock.cfg_ before you install Prisma Cloud. +However, in some cases, you might want to change some parameters in _twistlock.cfg_ after Prisma Cloud has already been installed. +To reconfigure Prisma Cloud with an updated _twistlock.cfg_, run the _twistlock.sh_ installer script again. + +[.procedure] +. Extract the release tarball to a new location on your host. ++ +Make sure this location does not have any previous Prisma Cloud install files. ++ + $ tar -xvf twistlock_.tar.gz + +. Update _twistlock.cfg_ with your new settings. + + $ vim twistlock.cfg + +. Reload twistlock.cfg. + + $ sudo ./twistlock.sh onebox ++ +This command assumes that both _twistlock.sh_ and _twistlock.cfg_ reside in the same directory. +To specify a configuration file in a different directory, use the -c option. ++ +The old configuration is stored in _/var/lib/twistlock/scripts/twistlock.cfg.old_ diff --git a/docs/en/compute-edition/32/admin-guide/configure/rule-ordering-pattern-matching.adoc b/docs/en/compute-edition/32/admin-guide/configure/rule-ordering-pattern-matching.adoc new file mode 100644 index 0000000000..78c57dcd10 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/rule-ordering-pattern-matching.adoc @@ -0,0 +1,165 @@ +== Rule ordering and pattern matching + +Prisma Cloud supports pattern matching so that rules can be applied granularly. +For example, you could apply a rule to any image with the name `ubuntu{asterisk}`. +Or you could apply a rule to all hosts, except those named `{asterisk}test{asterisk}`. +This article describes how filtering and pattern matching works in Prisma Cloud. + + +=== Pattern matching + +All rules have resource filters that let you precisely target specific parts of your environment. +This is known as a rule's _scope_. +Scope is specified using xref:../configure/collections.adoc[collections]. +Rules reference collections to set their scope. + +image::rule_ordering_763992.png[width=800] + +The fields in a collection let you capture a segment of the resources in your environment based on container name, image name, host name, etc. +By default, each field is populated with a wildcard. +Wildcards capture all objects of a given type. +Constrain the scope of a collection by specifying filters in one or more field. + +You can customize how a field is evaluated with string matching. +When Prisma Cloud encounters a wildcard in a resource name, it evaluates the resource name according to the position of the wildcard. + +* If the string starts with a wildcard, it's evaluated as _string-ends-with_. +* If the string terminates with a wildcard, it's evaluated as _string-starts-with_. +* If a string is starts and terminates with a wildcard, it's evaluated as _string-contains_. + +For example, if you specify a resource filter of `{asterisk}foo-resource{asterisk}`, Prisma Cloud matches that resource to any value that contains the string, such as `example-foo-resource` and `foo-resource-1`. +Matching logic is case insensitive. + +image::rule_ordering_763994.png[width=800] + +Individual fields are combined using *AND* logic. +In the following example, there are filters for hosts named `foo-hosts{asterisk}` and images named `foo-images{asterisk}`. +There are no filters for containers or labels (they're wildcards). +If this collection were used to scope a rule, the effective result would be to *apply this rule anytime the host name starts with foo-hosts and image name starts with foo-images, regardless of the container name or label*. + +image::rule_ordering_763995.png[width=800] + +If strings have no wildcards, Prisma Cloud exactly matches the value you enter against the resource string. +This gives you precise control over which values match. +For example: + +* `{asterisk}/ubuntu:latest` matches `/library/ubuntu:latest` or `docker.io/library/ubuntu:latest`. +* `*:latest` matches `ubuntu:latest` or `debian:latest`. +* If you want to explicitly target just `ubuntu:latest` from Docker Hub, use `docker.io/library/ubuntu:latest`. +Because the value you provide is the complete name of the resource, Prisma Cloud matches it exactly. +* `*_test` matches `host_sandbox_test` and `host_preprod_test` but doesn't match `host_test_server`. + +image::rule_ordering_763996.png[width=800] + +For DNS filtering, Prisma Cloud doesn't prevent you from entering multiple wildcards per string, but it's treated the same as if you simply entered the right-most wildcard. +The following patterns are equivalent: + + *.*.b.a == *.b.a + + +=== Exemptions + +While basic string matching makes it easy to manage rules for most scenarios, you sometimes need more sophisticated logic. +Prisma Cloud lets you exempt objects from a rule with the minus (`-`) sign (the NOT operator). +From example, if you want a rule to apply to all hosts starting with `foo-hosts{asterisk}`, except those starting with `foo-hosts-exempt{asterisk}`, then you could create the following rule: + +image::rule_ordering_763997.png[width=800] + +When Prisma Cloud evaluates an object against a rule with a NOT operator, it first skips any object for which there is a match with the exempted object. +So, from our example: + +. If the host name starts with `foo-hosts-exempt`, skip the rule. +. If the host name starts with `foo-hosts` AND the image name starts with `foo-images`, apply the rule. + +All scope fields, in both policy rules and collection specs, support the NOT operator. + +When using the NOT operator, remember that what's being excluded can't be broader than what's included. +For example, the following expression for scoping images is illogical: + + -ngnix*, ngnix:latest + +The following expression, however, is valid. +It sets the scope to all NGINX images, and then excludes `nginx:latest` from the set. + + ngnix*, -ngnix:latest + +To exclude just a single image from the universe, set the include scope with a wildcard, and then use the NOT operator to omit the image. + + *, -mongo:latest + + +[#rule-order] +=== Rule ordering + +For any given feature area, such as vulnerability management or compliance, you might have multiple rules, such as _test 1_ and _test 2_. + +image::rule_ordering_two_rules.png[width=800] + +The entire set of rules in a given feature area is called the policy. +The rules in the policy are evaluated from top to bottom, making it easy to understand how policy is applied. +When evaluating whether to apply a rule to a given object, Prisma Cloud uses the following logic: + +. Does rule 1 apply to object? If yes, apply action(s) defined in rule and stop. If no, go to 2. +. Does rule 2 apply to object? If yes, apply action(s) defined in rule and stop. If no, go to 3. +. ... +. Apply the built-in Default rule (unless it was removed or modified). + +Prisma Cloud evaluates the rule list from top to bottom until it finds a match based on the object filters. +When a match is found, it applies the actions in the rule and stops processing further rules. +If no match is found, then no action is applied. +Sometimes this could mean that an attempted action is blocked (e.g. if no access control rule is matched that allows a user to run a container). + +To reorder rules, click on a rule's hamburger button and drag it to a new position in the list. + +image::rule_ordering_drag_and_drop.png[width=800] + + +=== Disabling rules + +If you want to test how the system behaves without a particular rule, you can temporarily disable it. +Disabling a rule gives you a way to preserve the rule and its configuration, but take it out of service, so that it's ignored when Prisma Cloud evaluates events against your policy. + +To disable a rule, click *Actions > Disable*. + +image::rule_ordering_disable_rule.png[width=800] + + +=== Image names + +The canonical name of an image is it’s *full name* in a format like registry/repo/image-name. +For example: `1234.dkr.ecr.us-east-1.amazonaws.com/morello:foo-images`. +Within Docker itself, these canonical names can be seen by inspecting any given image, like this: + + $ sudo docker inspect morello/foo-images | grep Repo -A 3 + "RepoTags": [ + "1234.dkr.ecr.us-east-1.amazonaws.com/morello:foo-images", + +However, there’s a special case to be aware of with images sourced from Docker Hub. +For those images, the Docker Engine and client do not show the full path in the canonical name; instead it only shows the ‘short name’ that can be used with Docker Hub and the full name is implied. +For example, compare the previous example of an image on AWS ECR, with this image on Docker Hub: + + $ sudo docker inspect morello/docker-whale | grep Repo -A 3 + "RepoTags": [ + "morello/docker-whale:latest", + +Note that when the image is from Hub, the canonical name is listed as just the short name (the same name you could use with the Docker client to issue a command like ‘docker run morello/docker-whale’). +For images like this, Prisma Cloud automatically prepends the actual address of the Docker Hub registry (docker.io) and, if necessary, the library repo name as well, even though these values are not shown by Docker itself. + +For example, you can run the Alpine image from Docker Hub simply by issuing a Docker client command like ‘docker run -ti alpine /bin/sh’. +The Docker client automatically knows that this means to pull and run the image that has a canonical name of docker.io/library/alpine:latest. +However, this full canonical name is not exposed by the Docker client when inspecting the image: + + $ sudo docker inspect alpine | grep Repo -A 2 + "RepoTags": [ + "alpine:latest" + ], + "RepoDigests": [ + "alpine@sha256:1354db23ff5478120c980eca1611a51c9f2b88b61f24283ee8200bf9a54f2e5c" + ], + +But because Prisma Cloud automatically prepends the proper values to compose the canonical name, a rule like this blocks images from Hub from running: + +image::rule_ordering_764008.png[width=800] + + $ docker -H :9998 --tls run -ti alpine /bin/sh + docker: Error response from daemon: [Prisma Cloud] The command container_create denied for user admin by rule Deny - deny all docker.io images. diff --git a/docs/en/compute-edition/32/admin-guide/configure/set-diff-paths-daemon-sets.adoc b/docs/en/compute-edition/32/admin-guide/configure/set-diff-paths-daemon-sets.adoc new file mode 100644 index 0000000000..9930e0870e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/set-diff-paths-daemon-sets.adoc @@ -0,0 +1,39 @@ +:topic_type: task + +[.task] +== Set different paths for Defender and Console (with DaemonSets) + +When using daemon sets, Console is set up to store the Prisma Cloud config under _/opt/twistlock_. +By default, it uses this same config when installing the defenders. +This article describes a work around solution to be able to set up different config paths for Console and Defenders using daemon sets + +[.procedure] +. Download Daemonset configurations for Defender. ++ +The API to download Daemonset Configuration is: ++ + /api/v1/defenders/daemonset.yaml?registry=${registry}&type=${DEFENDER_TYPE} + &consoleaddr=${consoleaddr}&namespace=${namespace} + &orchestration=${orchestration}&ubuntu=${os_ubuntu}" ++ +The parameters are: ++ +[horizontal] +registry:: the registry from where Kubernetes gets the image, where you pushed the image. +In the example above, the value will be “gcr.io/projectA/” + +type:: defender type - Daemon Set Docker on Linux or Daemon Set Kubernetes Node. +(Daemon set Docker on Linux is the regular default Defender type, called in the UI Docker. +Only difference being, unlike the default Defender, it does not listen to incoming traffic. + +consoleaddr:: Name or IP address that Defenders use to connect to Console. + +namespace:: the default when using the script is twistlock, but you can use whatever you want. + +orchestration:: OpenShift or Kubernetes + +ubuntu:: (ubuntu=true \ ubuntu=false), states if the cluster is running on ubuntu OS or not. If not provided, it's assumed to be false. + +. Edit the yaml file. ++ +Make the necessary changes in this yaml file and upload this modified version of the yaml to the K8 controller. diff --git a/docs/en/compute-edition/32/admin-guide/configure/subject-alternative-names.adoc b/docs/en/compute-edition/32/admin-guide/configure/subject-alternative-names.adoc new file mode 100644 index 0000000000..55aec0a56c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/subject-alternative-names.adoc @@ -0,0 +1,34 @@ +== Subject Alternative Names + +You can add or remove Subject Alternative Names (SANs) to Console's certificate. +The subjectAltName extension is described in https://tools.ietf.org/html/rfc6125[RFC6125]. +It defines a mechanism for adding identities to Public Key Infrastructure X.509v3 (PKIX) certificates. + +Defender communicates with Console using Transport Layer Security (TLS). +When Defender tries to establish a secure connection with Console, it must validate Console's identity. +Defender checks a reference identity against the identifiers presented in Console's PKIX certificate, searching for a match. +The reference identity is set when you deploy Defender. +It's the name you configured Defender to use to connect to Console. + +When deploying Prisma Cloud Console, setting up a DNS name for it is considered a best practice. +RFC6125 says: + +"IP addresses are not necessarily reliable identifiers for application services because of the existence of private internets [PRIVATE], host mobility, multiple interfaces on a given host, Network Address Translators (NATs) resulting in different addresses for a host from different locations on the network, the practice of grouping many hosts together behind a single IP address, etc. +Most fundamentally, most users find DNS domain names much easier to work with than IP addresses, which is why the domain name system was designed in the first place." + + +[.task] +=== Adding a SAN to Console's certificate + +Add a SAN to Console's certificate directly from Console's web interface. + +[.procedure] +. Open Console. + +. Go to *Manage > Defenders > Names*. + +. Click *Add SAN*. + +. Enter a DNS name or IP address. + +. Click *Add*. diff --git a/docs/en/compute-edition/32/admin-guide/configure/tags.adoc b/docs/en/compute-edition/32/admin-guide/configure/tags.adoc new file mode 100644 index 0000000000..838c982255 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/tags.adoc @@ -0,0 +1,90 @@ +== Tags + +Tags are predefined labels that can help you manage the vulnerabilities in your environment. +They are centrally defined and can be set to vulnerabilities and as policy exceptions. + +Tags are used as: + +* Vulnerability labels. +They provide a convenient way to categorize the vulnerabilities in your environment. +* Policy exceptions. +They can be a part of your rules to have a specific effect on tagged vulnerabilities. + +Tags are useful when you have large container deployments with multiple teams working in the same environment. For example, you might have different teams handling different types of vulnerabilities. Then you can set tags to define responsibilities over vulnerabilities. Other uses would be to set the status of fixing the vulnerability or to mark vulnerabilities to ignore when there are known problems that can't be fixed in the near future. + +NOTE: For tags that are not used as policy exceptions, all user roles that can view the scan results and have the Collections and Tags permission, are allowed to assign these tags on CVEs. +Assigning tags that are used as policy exceptions is allowed only for Admin, Operator, and Vulnerability Manager user roles. Custom roles aren't allowed to set these tags, regardless of their other permissions. + +[.task] +=== Tag definition + +You can define as many tags as you like. + +[.procedure] +. To define a new tag, navigate to *Manage > Collections and Tags > Tags*. ++ +Prisma Cloud ships with a predefined set of tags: Ignored, In progress, For review, and DevOps notes. The predefined tags are editable, and you can use them according to your needs. + +. Click *Add Tag*. + +. In the *Create new tag* dialog, enter a name and description. + +. Pick a color for easy visibility and differentiation. ++ +image::tags_define_tag.png[width=600] ++ +. Click *Save*. + +[.task] +=== Tag assignment + +You can assign tags to vulnerabilities, and specify their scope based on CVE ID, packages and resources. Alternatively, you can manually tag vulnerabilities from xref:../vulnerability-management/scan-reports.adoc[scan reports]. + +Note that a tag assignment is uniquely identified by a tag, CVE ID, package scope, and resource type, therefore, you can not create multiple tag assignments for the same tag, CVE ID, package scope, and resource type. To extend the scope of a tag applied to a CVE, edit its existing tag assignment to apply to more packages or resources. + +For example, assign the tag _Ignored_ to _CVE-2020-1971_, package _openssl_, and all _ubuntu_ images as follows: + +image::tags_add_tag_assignment.png[width=600] + +You can also adjust the scope of a tag assigned either from the tags management page or from scan reports. Click the *Edit* button to start editing the tag assignment. For example, extend the scope of the tag _Ignored_ for _CVE-2020-1971_ to all packages affected by this CVE by changing the *Package scope*: + +image::tags_edit_tag_assignment.png[width=600] + +As another example, after the _In progress_ tag was assigned to _CVE-2019-14697_ for specific _alpine_ images from the scan reports, you can extend its scope so it will apply to all _alpine_ images and their descendant images: + +image::tags_assigned_from_scan_reports.png[width=800] + +image::tags_specific_images.png[width=600] + +image::tags_images_with_wildcard.png[width=600] + +To easily navigate in multiple tag assignments, use the table filters on the *Tag assignment* table. Filter by CVE ID, tag, package scope, and resource type to quickly find all places a tag applies to. + +image::tags_filters_a.png[width=600] + +image::tags_filters_b.png[width=600] + +[.procedure] +. To assign a tag to a vulnerability, navigate to *Manage > Collections and Tags > Tags*. + +. Click *Assign Tag*. + +. In *Tag*, select the tag to assign. + +. In *CVE*, select the CVE ID to assign the tag for. + +. In *Package scope*, select the package to which the tag should apply. You can select *All packages* to apply the tag to all the packages affected by the CVE. + +. In *Resource type*, select the type of resources to assign the tag for. You can select *All resources* to apply the tag to all the resources across your environment. ++ +NOTE: VMware Tanzu droplets and running applications are being referenced as *Images*. + +. Once a resource type is selected, specify the resources to which the tag should apply under *Images*, *Hosts*, *Functions*, or *Code repositories*. Wildcards are supported. + +. (Optional) For images, turn on the *Tag descendant images* toggle to let Prisma Cloud automatically tag this CVE in all images where the base image is one of the images specified in the *Images* field. ++ +For Prisma Cloud to be able to tag descendant images, first identify the xref:../vulnerability-management/base-images.adoc[base images] in your environment under *Defend > Vulnerabilities > Images > Base images*. + +. (Optional) In *Comment*, specify a comment for this tag assignment. + +. Click *Save*. diff --git a/docs/en/compute-edition/32/admin-guide/configure/user-cert-validity-period.adoc b/docs/en/compute-edition/32/admin-guide/configure/user-cert-validity-period.adoc new file mode 100644 index 0000000000..96ffaf8ec9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/user-cert-validity-period.adoc @@ -0,0 +1,56 @@ +== User certificate validity period + +User certificates identify a user, and are used to enforce access control policies. +You can control how long user certificates are valid. +By default, user certificates are valid for 365 days. + + +[.task] +=== Configuring the validity period of user certificates + +Configure the validity period of user certs. + +[.procedure] +. Open Console. + +. Go to *Manage > Authentication > Certificates*. + +. Under *Configuration*, enter a new value for *Number of days until expiration of certificate*. + +. Click *Save*. + + +=== Expired user certificates + +The following message is printed when you try to authenticate with an expired certificate. +This example command tries to run `docker ps` on a remote host named prod_host1. + + $ docker --tlsverify -H prod_host1:9998 ps + The server probably has client authentication (--tlsverify) enabled. + Please check your TLS client certification settings + + +[.task] +=== Generating new certificates + +When your certificates expire, you can generate new ones. + +[.procedure] +. Go to Console. + +. Log in with your credentials to reauthenticate with Console. +This step generates fresh certificates. ++ +* If you integrated Prisma Cloud with LDAP, log in with your LDAP credentials. +* If you integrated with SAML, log in with your SAML credentials. +* If you are using Prisma Cloud users, log in with your Prisma Cloud user credentials. + +. On the left menu, click *Manage > Authentication > User certificates*. + +. Copy the installation script, and run it on your local machine. ++ +The script installs fresh certificates on your machine. + +. Verify that your certs are valid by running a Docker command on a host protected by Defender. + + $ docker --tlsverify -H prod_host1:9998 ps diff --git a/docs/en/compute-edition/32/admin-guide/configure/wildfire.adoc b/docs/en/compute-edition/32/admin-guide/configure/wildfire.adoc new file mode 100644 index 0000000000..f5680bd7ff --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/configure/wildfire.adoc @@ -0,0 +1,90 @@ +== WildFire Settings + +WildFire is Palo Alto Networks' malware detection engine, and it provides malware detection for both known and unknown threats. + +Wildfire analysis is provided without additional costs, but this may change in future releases. +The service is available in Prisma Cloud for malware analysis as part of containers Continuous Integration (CI) and as runtime protection for containers and hosts. +Access to WildFire is provided as a new subscription that is specific to Prisma Cloud Compute, and doesn't affect any existing WildFire subscriptions. + +To check a file verdict, the file hash is calculated and sent to WildFire for a verdict. +If a file with the specified hash was already uploaded for a verdict, Wildfire provides an instantaneous verdict. +You can send unknown files to WildFire for a full analysis, which includes machine based static analysis, dynamic analysis with detonation of the file in a sandbox, and behavioral analysis. + +WildFire supports the following verdict types: benign, malware, grayware, and unknown: + +* *Benign:* The sample is safe and doesn't exhibit malicious behavior. + +* *Grayware:* The sample doesn't pose a direct security threat, but might display otherwise obtrusive behavior. Grayware typically includes: +** Adware +** Spyware +** Browser Helper Objects (BHOs). + +* *Malicious:* The sample is malware and poses a security threat. Malware can include: +** Viruses +** Worms +** Trojans +** Remote Access Tools (RATs) +** Rootkits +** Botnets + +* *Unknown:* The file hasn't been uploaded previously to Wildfire for analysis. +Full analysis can be performed on file upload. + +Configuration of the WildFire malware analysis service is done via *Manage > System > WildFire*. + +* *Wildfire malware detection:* Enable WildFire malware detection. + +* *Status:* Shows the current activation state of WildFire. The status is updated upon successful activation of the Wildfire service. + +* *WildFire cloud region:* The WildFire service is available in multiple locations to meet local privacy requirements and reduce latency for communication to the service. + +image::wildfire.png[width=700] + +All Defenders connected to a given Prisma Cloud Console must use the same Wildfire service. +This WildFire service is used for file verdicts and to upload files for full analysis. +You should select the WildFire service closest to where most defenders are, or based on your privacy requirements. +Defenders must be able to access the relevant WildFire service configured over https (port 443) based on the following URLs: + +* Global (US): wildfire.paloaltonetworks.com +* Australia: au.wildfire.paloaltonetworks.com +* Canada: ca.wildfire.paloaltonetworks.com +* Europe (Netherlands): eu.wildfire.paloaltonetworks.com +* Germany: de.wildfire.paloaltonetworks.com +* Japan: jp.wildfire.paloaltonetworks.com +* Singapore: sg.wildfire.paloaltonetworks.com +* United Kingdom: uk.wildfire.paloaltonetworks.com + +For WildFire activation and license renewals, the Prisma Cloud Console must be able to access the Intelligence Stream (IS) server at https://intelligence.twistlock.com. + +* *Use WildFire for runtime protection:* Enable WildFire malware scanning in runtime for containers and hosts. +Go to the rule's *Anti-malware* tab, to configure the preferred effects per rule. + +* *Use WildFire for CI compliance checks:* Enable WildFire malware scanning for containers CI checks. +WildFire scans malware as part of Twistlock labs image check (ID 422). + +* *Upload files with unknown verdicts to WildFire:* Determine whether files with unknown verdict are sent to WildFire for full analysis. +When disabled, WildFire only provides verdicts for files that have been uploaded to WildFire via a different client. + +* *Treat grayware as malware:* Use a more restrictive approach and treat files with grayware verdict as malware. + +Currently Prisma Cloud Compute uses WildFire for file verdicts only in the following scenarios: + +* Hosts runtime: + +** ELF files written to a Linux host file system in runtime, which are not deployed via a package manager. +** Files must be smaller than 100MB due to the size limit of WildFire. + +* Container runtime and CI: +** ELF files written to a Linux container file system in runtime. Malware analysis not supported for other file types. ++ +During CI scanning, WildFire analyses only executable files that were not written as part of a package installation. +** WildFire doesn't scan shared objects. +** File must be smaller than 100MB due to the size limit of WildFire. + +[NOTE] +==== +* You can submit up to 5000 files per day, and get up to 50,000 verdicts on your submissions to the WildFire service. +* Wildfire is supported on Linux only. ++ +*Windows containers and hosts aren't currently supported.* +==== diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/cloudbees-core-pipeline-k8s.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/cloudbees-core-pipeline-k8s.adoc new file mode 100644 index 0000000000..b7a6c04f0e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/cloudbees-core-pipeline-k8s.adoc @@ -0,0 +1,159 @@ +== CloudBees Core pipeline on Kubernetes +// Not included in the book as of Nov 9,2021 + +CloudBees Core is the successor to CloudBees Jenkins Platform and CloudBees Jenkins Enterprise. +This article explains how to integrate the Prisma Cloud Jenkins plugin with a CloudBees Core build pipeline running in a Kubernetes cluster. + + +[.section] +=== Key concepts + +Refer to the article on setting up a xref:jenkins_pipeline_k8s.adoc[Jenkins Pipeline in Kubernetes], as the core concepts are the same. +In the case of CloudBees Core on Kubernetes, much of the configuration is already done and the pipeline script is simpler because the JNLP Agent/Slave container is launched automatically. +The only tricky bit of configuration is determining the group ID (_gid_) of the docker group on your Kubernetes hosts, and using it to add some YAML to the default JNLP Agent/Slave pod configuration in CloudBees core. +This allows a pod running your pipeline to build and scan images using the mapped Docker socket of the underlying hosts. + + +[.task] +=== Integrating Prisma Cloud + +After installing the Prisma Cloud Jenkins plugin, configure the default pod template. + +*Prerequisites:* + +* You have set up a Kubernetes cluster using the Docker runtime and can SSH to nodes (see _gid_ note below). + +* You have xref:../install/deploy-console/console-on-kubernetes.adoc[installed Prisma Cloud Console]. +You can install Prisma Cloud inside or outside of the cluster, as long as any cluster node can reach Console over the network. + +* You have installed CloudBees Core in your cluster. +The https://go.cloudbees.com/docs/cloudbees-core/cloud-install-guide/[CloudBees Core Install Guides] are very helpful. + +* You've built or identified an image for your Docker build executor that contains the _docker_ binary. +See an example _Dockerfile_ below. + +* xref:../continuous_integration/jenkins_plugin.adoc[Install the Prisma Cloud Jenkins plugin.] + + +[.procedure] +. Get the _docker_ group ID (GID) used by the hosts in your Kubernetes cluster. + +.. SSH to a node in the cluster. + +.. Get the docker group GID. +Copy it and set it aside for now. + + $ sudo grep docker /etc/group + +. Log into the CloudBees Core console, and navigate to _/cjoc/view/All/_. + +. Click on *kubernetes shared cloud*. ++ +image::cloudbees_core_cjoc_all.png[width=800] + +. In the left navigation bar, click on *Configure*. + +. Scroll down to the *Kubernetes pod template* section. +You'll notice a pod template named default-java with a single container named jnlp. ++ +image::cloudbees_core_pod_template.png[width=800] + +. Scroll to the bottom of the section. +In *Raw yaml for the Pod*, enter the following snippet, replacing with the docker GID for your environment. ++ +[source,yml] +---- +spec: + securityContext: + fsGroup: +---- + +. Grant all containers in the pod access to the underlying host's Docker socket (unless you do this manually in the pipeline script). + +.. Scroll up to the *Volumes* section. + +.. Add a Host Path Volume to the pod template. + +.. In both *Host path* and *Mount path*, enter */var/run/docker.sock*. + +. Add a second container to the pod template. ++ +In addition to the JNLP agent/slave, you'll also want to spin up a container with the _docker_ binary inside of it. +Use the official https://hub.docker.com/%5F/docker[docker image from DockerHub] and name it *build*, although you could use any image with the _docker_ client command installed in it. +The docker client will use the Docker socket mounted from the underlying host. + +.. Scroll up the *Container Template* section. + +.. Click *Add Container*. + +.. In *Name*, enter *build*. + +.. In *Docker image*, enter *docker*. + +.. In *Working directory*, enter */home/jenkins*. + +.. In *Command to run*, enter */bin/sh -c*. + +.. In *Arguments to pass to the command*, enter *cat*. + +.. Enable *Allocate pseudo-TTY*. + +. Your CloudBees Core pod template config page should look like the following screenshot. ++ +image::cloudbees_core_pod_setup_poster.png[width=800] + + +=== Pipeline template + +The following template can be used as a starting point for your own scripted pipeline. +This template illustrates how to build a new Docker image and then scan it with the Prisma Cloud scanner. +Because the pod template includes a container named 'build' that has the _docker_ client command, you can use it in step (1) to build an image. + +[source,groovy] +---- +{ + node { + + stage ('Build image') { // See 1 + container('build') { + sh """ + mkdir myproj + cd myproj + echo 'FROM alpine:latest' > Dockerfile + docker build -t myalpine:latest . + """ + } + } + + stage ('Prisma Cloud scan') { // See 2 + prismaCloudScanImage + ca: '', + cert: '', + image: 'myalpine:latest', + resultsFile: 'prisma-cloud-scan-results.xml', + project: '', + dockerAddress: 'unix:///var/run/docker.sock', + ignoreImageBuildTime: true, + key: '', + logLevel: 'true', + timeout: 10, + podmanPath:'' + } + + stage ('Prisma Cloud publish') { // See 3 + prismaCloudPublish resultsFilePattern: 'prisma-cloud-scan-results.xml' + } + + } +} +---- + +This template has the following characteristics: + +* *1* -- The first stage of the pipeline builds a new container image from a one-line _Dockerfile_ inside the 'build' container specified in the pod config. +Note that the _prismaCloudScanImage_ and _prismaCloudPublish_ functions cannot be run inside the _container('')_ block . +They must be run in the default context. + +* *2* -- The second stage runs the Prisma Cloud scanner on our newly built image in the default JNLP Agent/Slave container named 'jnlp'. + +* *3* -- The third stage publishes the scan results to the Prisma Cloud Console. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/code-repo-scanning.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/code-repo-scanning.adoc new file mode 100644 index 0000000000..13929c7432 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/code-repo-scanning.adoc @@ -0,0 +1,46 @@ +== Code repo scanning + +Both twistcli and the Jenkins plugin can evaluate package dependencies in your code repositories for vulnerabilities. + +The runtimes supported are: + +* Go +* Java +* Node.js +* Python +* Ruby + +[.task] +=== Integrate code scanning into CI builds + +Point the Jenkins plugin to your code repo in the build directory. + +*Prerequisites:* You've xref:../continuous-integration/jenkins-plugin.adoc[installed and configured the Prisma Cloud Jenkins plugin]. + +[.procedure] +. In your Jenkins job configuration, click *Add build step*, and select *Scan Prisma Cloud Code Repositories*. + +. Configure the repo scan. ++ +image::code_repo_scanning_config_scan.png[width=550] + +.. In *Repository Name*, specify the name to be used when reporting the results in Console. + +.. In *Repository path*, specify the path to the repo in the build directory. ++ +For example, it could simply be the current working directory (`.`) or some relative directory. + +. Click *Save*, and then execute a build job. ++ +To see the scan results, log into Console, and go to *Monitor > Vulnerabilities > Code repositories > CI*. +Prisma Cloud evaluates the contents of the repo according to the policy you've specified in *Defend Vulnerabilities > Code repositories > CI*. +Prisma Cloud ships with a single default rule that alerts on all vulnerabilities. ++ +image::code_repo_scanning_results.png[width=800] + + +=== Use twistcli to scan repos in the CI + +If you're using a CI tool other than Jenkins, Prisma Cloud ships a command line utility that can be invoked from the shell in the build pipeline. + +For more information, see xref:../tools/twistcli-scan-code-repos.adoc[code repo scanning with twistcli]. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/continuous-integration.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/continuous-integration.adoc new file mode 100644 index 0000000000..7f5cd8a2bc --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/continuous-integration.adoc @@ -0,0 +1,5 @@ +== Continuous integration + +Prisma Cloud integrates security into your continuous integration workflows so you can find and fix problems before they enter production. +Prisma Cloud's CI plugins surface vulnerability and compliance issues directly in the build tool every time developers build their container images and serverless functions. +Security teams can set policies that only allow compliant and fully remediated images to progress down the pipeline. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-freestyle-project.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-freestyle-project.adoc new file mode 100644 index 0000000000..8b2d23d630 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-freestyle-project.adoc @@ -0,0 +1,107 @@ +== Jenkins Freestyle project + +Jenkins Freestyle projects let you create general-purpose build jobs with maximum flexibility. + +[.task] +=== Setting up a Freestyle project for container images + +Create a Freestyle project that builds a Docker image and then scans it for vulnerability and compliance issues. + +[.procedure] +. Go to the Jenkins top page. + +. Create a new project. + +.. Click *New Item*. + +.. In *Enter an item name*, enter a name for your project. + +.. Select *Freestyle project*. + +.. Click *OK*. + +. Add a build step. + +.. Scroll down to the *Build* section. + +.. In the *Add build step* drop-down list, select *Execute shell*. + +.. In the *Command* text box, enter the following: ++ +[source] +---- +echo "Creating Dockerfile..." +echo "FROM imiell/bad-dockerfile:latest" > Dockerfile +docker build --no-cache -t test/test-image:0.1 . +---- + +. Add a build step that scans the container image(s) for vulnerabilities. + +.. In the *Add build step* drop-down list, select *Scan Prisma Cloud Images*. + +.. In the *Image* field, select the image to scan by specifying the repository and tag. ++ +Use xref:../configure/rule-ordering-pattern-matching.adoc#[pattern matching expressions]. +For example, enter `test/test-image*`. ++ +[NOTE] +==== +Select the following *Advanced settings* for specific scenarios. + +* Select xref:../continuous-integration/jenkins-plugin.adoc#ignore-image-creation-time[*Ignore image creation time*]. + +** To scan an image created outside of this build. +** To scan the image every build, even if the build might doesn't generate an new image. + +* Select *Scan the image every build, even if it hasn't changed since the last build* + +** To avoid errors after the first time you create the Docker image. +==== + +. Add a post-build action to publish the scan results in Jenkins directly. ++ +This post-build step depends on a file generated by the previous scan build step, which holds the scan results. +This step specifically makes the results available for review in the Jenkins build tool. +Note that the previous scan step already published the results in Console, and they're ready to be reviewed there. + +.. Scroll down to *Post-build Actions*. + +.. In the *Add post-build action* drop-down menu, select *Publish Prisma Cloud analysis results*. + +.. In *Scan Result Files*, accept the default. ++ +Scan result files aren't deleted by the publish step. +They stay in the workspace. + +. Click *Save*. + +. Click *Build Now*. + +. After the build completes, examine the results. +Scan reports are available in the following locations: ++ +* Prisma Cloud Console: +Log into Console, and go to *Monitor > Vulnerabilities > Images > CI*. +* Jenkins: +Drill down into the build job, then click *Image Vulnerabilities* to see a detailed report. ++ +image::jenkins_dashboard_scan_results.png[width=800] + + +=== Setting up a Freestyle project for serverless functions + +The procedure for setting up Jenkins to scan serverless functions is similar to the procedure for container images, except you should use the *Scan Prisma Cloud Functions* build step. + +image::jenkins_plugin_scan_functions_build_step.png[width=600] + +Where: + +* *Function Path* -- +Path to the ZIP archive of the function to scan. +* *Function Name* -- +(Optional) String identifier for matching policy rules in Console with the functions being scanned. +When creating policy rules in Console, you can target specific rules to specific functions by function name. +If this field is left unspecified, the plugin matches the function to the first rule where the function name is a wildcard. +* *AWS CloudFormation template file* -- +(Optional) Path to CloudFormation template file in either JSON or YAML format. +Prisma Cloud scans the function source code for AWS service APIs being used, compares the APIs being used to the function permissions, and reports when functions have permissions for APIs they don't need. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-maven-project.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-maven-project.adoc new file mode 100644 index 0000000000..a14456b2b5 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-maven-project.adoc @@ -0,0 +1,160 @@ +== Jenkins Maven project + +Create a Maven project that builds a Docker image and then scans it for vulnerability and compliance issues. + +[.task] +=== Configuring Maven + +Configure Maven. + +[.procedure] +. Go to the Jenkins top page. + +. Click Manage Jenkins. + +. Select Global Tool Configuration. + +. Scroll down to the Maven section (Not Maven Configuration), and click Add Maven. ++ +image::jenkins_maven_project_770273.png[width=400] + + +[.task] +=== Setting up a Maven project for container images + +Set up a Jenkins Maven project. + +[.procedure] +. Go to the Jenkins top page. + +. Create a new project. + +.. Click *New Item*. + +.. In *Item* name, enter a name for your project. + +.. Select *Maven project*. + +.. Click *OK*. + +. Add a build step. + +.. Scroll down to the *Pre steps* section. + +.. In the *Add pre-build step* drop-down list, select *Execute shell*. ++ +image::jenkins_maven_project_770276.png[width=800] + +.. In the *Command* text box, enter the following: ++ +[source,bash] +---- +echo "Creating Dockerfile..." +echo "FROM imiell/bad-dockerfile:latest" > Dockerfile +echo 'docker build --no-cache -t test/test-image:0.1 .' > build_image.sh +chmod +x build_image.sh + +echo "Creating POM file..." +cat > pom.xml << EOF + + + 4.0.0 + groupId + artifactid + 1.0-SNAPSHOT + jar + projectName + + UTF-8 + + + + + + exec-maven-plugin + org.codehaus.mojo + + + Build Image + generate-sources + + exec + + + build_image.sh + + + + + + + +EOF +---- + +. Add a build step that scans the container image(s) for vulnerabilities. + +.. In the *Add build step* drop-down list, select *Scan Prisma Cloud Images*. + +.. In the *Image* field, select the image to scan by specifying the repository and tag. ++ +Use xref:../configure/rule-ordering-pattern-matching.adoc#[pattern matching expressions]. +For example, enter `test/test-image*`. ++ +NOTE: If the image you want to scan is created outside of this build, or if you want to scan the image every build, even if the build might not generate an new image, then click *Advanced*, and select xref:../continuous-integration/jenkins-plugin.adoc#ignore-image-creation-time[*Ignore image creation time*]. + +. Add a post-build action so that image scan results in Jenkins directly. ++ +This post-build step depends on a file generated by the previous scan build step, which holds the scan results. +This step specifically makes the results available for review in the Jenkins build tool. +Note that the previous scan step already published the results in Console, and they're ready to be reviewed there. + +.. Scroll down to *Post-build Actions*. + +.. In the *Add post-build action* drop-down menu, select *Publish Prisma Cloud analysis results*. + +.. In the *Scan Result Files* field, accept the default. ++ +Scan result files aren't deleted by the publish step. +They stay in the workspace. + +. Click *Save*. + +. Click *Build Now*. + +. After the build completes, examine the results. +Scan reports are available in the following locations: ++ +* Prisma Cloud Console: +Log into Console, and go to *Monitor > Vulnerabilities > Images > CI*. +* Jenkins: +Drill down into the build job, then click *Image Vulnerabilities* to see a detailed report. ++ +image::jenkins_dashboard_scan_results.png[width=800] + + +=== Setting up a Maven project for serverless functions + +The procedure for setting up Jenkins to scan serverless functions is similar to the procedure for container images, except you should use the *Scan Prisma Cloud Functions* build step. + +image::jenkins_plugin_scan_functions_build_step.png[width=600] + +Where: + +* *Function Path* -- +Path to the ZIP archive of the function to scan. +* *Function Name* -- +(Optional) String identifier for matching policy rules in Console with the functions being scanned. +When creating policy rules in Console, you can target specific rules to specific functions by function name. +If this field is left unspecified, the plugin matches the function to the first rule where the function name is a wildcard. +* *AWS CloudFormation template file* -- +(Optional) Path to CloudFormation template file in either JSON or YAML format. +Prisma Cloud scans the function source code for AWS service APIs being used, compares the APIs being used to the function permissions, and reports when functions have permissions for APIs they don't need. + +After a build completes, you can view the scan reports in the following locations: + +* Prisma Cloud Console: +Log into Console, and go to *Monitor > Vulnerabilities > Functions > CI*. + +* Jenkins: +Drill down into the build job, then click *Vulnerabilities* to see a detailed report. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-pipeline-k8s.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-pipeline-k8s.adoc new file mode 100644 index 0000000000..1b5945d981 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-pipeline-k8s.adoc @@ -0,0 +1,196 @@ +== Jenkins pipeline on Kubernetes + +Jenkins is fundamentally architected as a distributed system, with a master that coordinates the builds and agents that do the work. +The Kubernetes plugin enables deploying a distributed Jenkins build system to a Kubernetes cluster. +Everything required to deploy Jenkins to a Kubernetes cluster is nicely packaged in the Jenkins Helm chart. +This article explains how to integrate the Prisma Cloud scanner into a pipeline build running in a Kubernetes cluster. + + +[.section] +=== Key concepts + +A pipeline is a script that tells Jenkins what to do when your pipeline is run. +The Kubernetes Plugin for Jenkins lets you control the creation of the Jenkins slave pod from the pipeline, and add one or more build containers to the slave pod to accommodate build requirements and dependencies. + +When the Jenkins master schedules the new build, it creates a new slave pod. +Each stage of the build is run in a container in the slave pod. +By default, each stage runs in the Jenkins slave (jnlp) container, unless other specified. +The following diagram shows a slave pod being launched on a worker node using the Java Network Launch Protocol (JNLP) protocol: + +image::jenkins_pipeline_k8s_start_slave_pod.png[Start slave pod,400] + +A slave pod is composed of at least one container, which must be the Jenkins jnlp container. +Your pipeline defines a podTemplate, which specifies all the containers that make up the Jenkins slave pod. +You'll want your podTemplate to include any images that provide the tools required to execute the build. +For example, if one part of your app consists of a C library, then your podTemplate should include a container that provides the GCC toolchain, and the build stage for the library should execute within the context of the GCC container. + +image::jenkins_pipeline_k8s_pod_template.png[Pod template,400] + +The Prisma Cloud Jenkins plugin lets you scan images generated in your pipeline. + +NOTE: The Prisma Cloud scanner can run inside the default Jenkins jnlp slave container only. +It cannot be run within the context of a different container (i.e. from within the container statement block). + + +=== Scripted Pipeline + +This section provides a pipeline script that you can use as a starting point for your own script. + +[WARNING] +==== +You cannot run the Prisma Cloud scanner inside a container. +The following example snippet will NOT work. + +---- +stage('Prisma Cloud Scan') { + container('jenkins-slave-twistlock') { + // THIS DOES NOT WORK + prismaCloudScanImage ca: '', cert: '', ... + } +} +---- + +Instead, run the Prisma Cloud scanner in the normal context: + +---- +stage('Prisma Cloud Scan') { + // THIS WILL WORK + prismaCloudScanImage ca: '', cert: '', ... +} +---- +==== + +*Prerequisites:* + +* You have set up a Kubernetes cluster. + +ifdef::compute_edition[] +* You have xref:../install/deploy-console/console-on-kubernetes.adoc[installed Prisma Cloud Console]. +You can install Prisma Cloud inside or outside of the cluster, as long as any cluster node can reach Console over the network. +endif::compute_edition[] + +* You have installed Jenkins in your cluster. +The https://github.com/jenkinsci/helm-charts[Jenkins Helm chart] is the easiest path for bringing up Jenkins in a Kubernetes cluster. + +* xref:../continuous-integration/jenkins-plugin.adoc[Install the Prisma Cloud Jenkins plugin.] + + +[.section] +==== Pipeline template + +The following template can be used as a starting point for your own scripted pipeline. +This template is a fully functional pipeline that pulls the nginx:stable-alpine image from Docker Hub, and then scans it with the Prisma Cloud scanner. + +While this example shows how to scan container images, you can also call _prismaCloudScanFunction_ to scan your severless functions. + +[source,groovy] +---- +#!/usr/bin/groovy + +podTemplate(label: 'prismaCloud-example-builder', // See 1 + containers: [ + containerTemplate( + name: 'jnlp', + image: 'jenkinsci/jnlp-slave:3.10-1-alpine', + args: '${computer.jnlpmac} ${computer.name}' + ), + containerTemplate( + name: 'alpine', + image: 'twistian/alpine:latest', + command: 'cat', + ttyEnabled: true + ), + ], + volumes: [ // See 2 + hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'), // See 3 + ] +) +{ + node ('prismaCloud-example-builder') { + + stage ('Pull image') { // See 4 + container('alpine') { + sh """ + curl --unix-socket /var/run/docker.sock \ // See 5 + -X POST "http:/v1.24/images/create?fromImage=nginx:stable-alpine" + """ + } + } + + stage ('Prisma Cloud scan') { // See 6 + prismaCloudScanImage ca: '', + cert: '', + dockerAddress: 'unix:///var/run/docker.sock', + image: 'nginx:stable-alpine', + resultsFile: 'prisma-cloud-scan-results.xml', + project: '', + dockerAddress: 'unix:///var/run/docker.sock', + ignoreImageBuildTime: true, + key: '', + logLevel: 'info', + podmanPath: '', + project: '', + resultsFile: 'prisma-cloud-scan-results.json', + ignoreImageBuildTime:true + } + + stage ('Prisma Cloud publish') { + prismaCloudPublish resultsFilePattern: 'prisma-cloud-scan-results.json' + } + } +} +---- + +This template has the following characteristics: + +* *1* -- This _podTemplate_ defines two containers: the required jnlp-slave container and a custom alpine container. +The custom alpine container extends the official alpine image by adding the curl package. + +* *2* -- The docker socket is mounted into all containers in the pod. +For more information about the _volumes_ field, see https://github.com/jenkinsci/kubernetes-plugin/blob/master/README.md#pod-and-container-template-configuration[Pod and container template configuration]. + +* *3* -- By default, the docker socket lets the root user or any member of the docker group read or write to it. +The default user in the jnlp container is _jenkins_ +The Prisma Cloud plugin functions need access to the docker socket, so you must add the jenkins user to the docker group. +The following listing shows the default permissions for the docker socket: + + $ ls -l /var/run/docker.sock + srw-rw---- 1 root docker 0 May 30 07:58 docker.sock + +* *4* -- The first stage of the build pulls down the nginx image. +We run the curl command inside the alpine container because the alpine container was specifically built to provide curl. +Note that the _prismaCloudScanImage_ and _prismaCloudPublish_ functions cannot be run inside the _container('/job/docs_issue/pipeline-syntax/_. ++ +image::jenkins_pipeline_project_pipeline_syntax.png[width=800] + +. Generate Pipeline Script for the scan step. + +.. In the *Sample Step* drop-down, select *prismaCloudScanImage - Scan Prisma Cloud Images*. + +.. In the *Image* field, select the image to scan by specifying the repository and tag. ++ +Specify the repository and tag using an exact match or xref:../configure/rule-ordering-pattern-matching.adoc#[pattern matching expressions]. +For example, enter `test/test-image*`. ++ +NOTE: If the image you want to scan is created outside of this build, or if you want to scan the image every build, even if the build might not generate an new image, then click *Advanced*, and select xref:../continuous-integration/jenkins-plugin.adoc#ignore-image-creation-time[*Ignore image creation time*]. + +.. Click *Generate Pipeline Script*, copy the snippet, and set it aside. + +. Generate Pipeline Script to publish the scan results in Jenkins directly. ++ +This post-build step depends on a file generated by the previous scan build step, which holds the scan results. +This step specifically makes the results available for review in the Jenkins build tool. +Note that the previous scan step already published the results in Console, and they're ready to be reviewed there. + +.. In the *Sample Step* drop-down, select *prismaCloudPublish - Publish Prisma Cloud analysis results*. + +.. In *Scan Result Files*, review the json filename. ++ +If you have configured scanning for multiple images and configured unique filenames for each scan in the previous step, you must add a wildcard to the json filename for scan results. For example `prisma-cloud-scan-results*.json`. This ensures that publish command reads all the result files with the same name pattern, and publishes the results so that you can view it. +In other cases, accept the default value `prisma-cloud-scan-results.json`. ++ +Scan result files aren't deleted by the publish step. +They stay in the workspace. ++ +image::jenkins-scan-result-files.png[width=400] + +.. Click *Generate Pipeline Script*, copy the snippet, and set it aside. + +. Return to your project configuration page. + +. Paste both snippets into the script section for your project configuration. Use the template below. ++ +The following example template builds a simple image, and runs the scan and publish steps. ++ +[source] +---- +pipeline { + agent any + stages { + stage('Build') { + steps { + // Build an image for scanning | Input values for your image below + sh 'echo "FROM Dockerfile' + sh 'docker build --no-cache -t .' + } + } + stage('Scan') { + steps { + // Scan the image | Input value from first script copied below, '' +prismaCloudScanImage - Scan Prisma Cloud Images" + + } + } + } + post { + always { + // The post section lets you run the publish step regardless of the scan results | Input value from second script copied below, " +prismaCloudPublish - Publish Prisma Cloud analysis results." + + } + } +} +---- + +. Click *Save*. + +. Click *Build Now*. + +. After the build completes, examine the results. + +.. The Status page shows a summary of each build step: ++ +image::jenkins_pipeline_project_stage_view.png[width=800] + +.. Click on a step to view the log messages for that step: ++ +image::jenkins_pipeline_project_stage_logs.png[width=800] +.. Scan step returned result: ++ +The criteria for passing or failing a scan is determined by the CI vulnerability and compliance policies set in Console. +The default CI vulnerability policy alerts on all CVEs detected. +The default CI compliance policy alerts on all critical and high compliance issues. ++ +[NOTE] +==== +There are two reasons why `prismaCloudScanImage` scan step might return a failed result. + +* The scan failed because the scanner found issues that violate your CI policy. +* Prisma Cloud Compute Jenkins plugin failed to run due to an error. + +In order to understand the reason for the failure, view the step's log messages, or move to the Jenkins Console Output page. +Another option that can help you differentiate the reason for the failure could be to create preliminary steps to the scan step in order to check the Console's availability, network connectivity, etc. + +Anyhow, although the return value is ambiguous -- you cannot determine the exact reason for the failure by just examining the return value -- this setup supports automation. +From an automation process perspective, you expect that the entire flow will work. +If you scan an image, with or without a threshold, either it works or it does not work. +If it fails, for whatever reason, you want to fail everything because there is a problem. +==== + +.. Scan reports are available in the following locations: ++ +* Prisma Cloud Console: +Log into Console, and go to *Monitor > Vulnerabilities > Images > CI*. +* Jenkins: +Drill down into the build job, then click *Image Vulnerabilities* to see a detailed report. ++ +image::jenkins_dashboard_scan_results.png[width=800] ++ +The *Projects* column in the CI scan results table displays the name of the Jenkins pipeline you created. ++ +Below is the sample code if you'd like to test an image for your Jenkins Pipeline for troubleshooting purposes: ++ +The following example script builds a simple image, and runs the scan and publish steps. ++ +[source] +---- +pipeline { + agent any + stages { + stage('Build') { + steps { + // Build an image for scanning + sh 'echo "FROM imiell/bad-dockerfile:latest" > Dockerfile' + sh 'docker build --no-cache -t test/test-image:0.1 .' + } + } + stage('Scan') { + steps { + // Scan the image + prismaCloudScanImage ca: '', + cert: '', + dockerAddress: 'unix:///var/run/docker.sock', + image: 'test/test-image*', + key: '', + logLevel: 'info', + podmanPath: '', + // The project field below is only applicable if you are using Prisma Cloud Compute Edition and have set up projects (multiple consoles) on Prisma Cloud. + project: '', + resultsFile: 'prisma-cloud-scan-results.json', + ignoreImageBuildTime:true + } + } + } + post { + always { + // The post section lets you run the publish step regardless of the scan results + prismaCloudPublish resultsFilePattern: 'prisma-cloud-scan-results.json' + } + } +} +---- + +=== Setting up a Pipeline project for serverless functions + +The procedure for setting up Jenkins to scan serverless functions is similar to the procedure for container images, except select *prismaCloudScanFunction: Scan Prisma Cloud Functions* in the snippet generator. + +image::jenkins_pipeline_project_snippet_generator_function_scanner.png[width=600] + +Where: + +* *Function Path (functionPath)* -- +Path to the ZIP archive of the function to scan. +* *Function Name (functionName)* -- +(Optional) String identifier for matching policy rules in Console with the functions being scanned. +When creating policy rules in Console, you can target specific rules to specific functions by function name. +If this field is left unspecified, the plugin will use the function zip file name to match against policy. +* *AWS CloudFormation template file (cloudFormationTemplateFile)* -- +(Optional) Path to CloudFormation template file in either JSON or YAML format. +Prisma Cloud scans the function source code for AWS service APIs being used, compares the APIs being used to the function permissions, and reports when functions have permissions for APIs they don't need. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-plugin.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-plugin.adoc new file mode 100644 index 0000000000..e5c41e83ba --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/jenkins-plugin.adoc @@ -0,0 +1,189 @@ +== Jenkins plugin + +The Jenkins plugin for Prisma Cloud enables you to scan container images, code repositories, and serverless functions for security vulnerabilities and compliance issues within your continuous integration pipeline. + +We support the current and previous two major releases with our defenders and plugins. +Please note, the Prisma Cloud console is backward compatible with up to two (N-2) major releases (including all minor versions) with the Jenkins plugin. + +* The Jenkins plugin is built for Jenkins on Linux. +To scan images with Jenkins on other operating systems, use a platform-specific xref:../tools/twistcli-scan-images.adoc[twistcli binary]. + +While the Jenkins plugin doesn't support scanning Windows images for vulnerability and compliance issues on hosts with the `containerd`` runtime, however, the Jenkins plugin does support scanning when running on hosts with Docker Engine and Podman. + +=== Build and scan flow + +After Jenkins builds a container image or serverless function package, the Prisma Cloud Jenkins plugin scans it for vulnerabilities and compliance issues. + +Prisma Cloud can pass or fail builds, depending on the types of issues discovered, and the policies you have defined in Console. +By incorporating scanning into the build phase of the development workflow, developers get immediate feedback about what needs to be fixed. +The scan report provides all the information required to fix the vulnerabilities that were identified in the scan. + +The sequence of events is described below: + +. A developer commits a change, which triggers a build. + +. Jenkins builds the container image. + +. Jenkins calls the Prisma Cloud plugin for scanning. +The plugin collects data about the image, including the packages and binaries in the image, and submits it to console for analysis. + +. The console returns a list of vulnerabilities and compliance issues. + +. The Prisma Cloud plugin passes or fails the build, depending on your policy. ++ +For more information about configuring a scan, see: +xref:jenkins-freestyle-project.adoc#[Setting up a Freestyle project], +xref:jenkins-maven-project.adoc#[Setting up a Maven project], or +xref:jenkins-pipeline-project.adoc#[Setting up a Pipeline project]. ++ +For more information about targeting rules created in Console to the Jenkins plugin, see +xref:set-policy-ci-plugins.adoc#[Set policy in the CI plugins]. + +. You can view the scan results in: ++ +* The Jenkins tool, including the project/job page and dashboard view. +* Prisma Cloud Console, in the *Monitor > Vulnerabilities > {Images | Functions} > CI* pages. + +NOTE: When scanning multiple images in a single build, results do not appear correctly in the Jenkins dashboard view or vulnerability trends table/graph. +Only trend data for the last image scanned is shown. +Instead, go to the Console to see scan results for all images in the build. + + +[.task] +=== Installing the Prisma Cloud Jenkins plugin + +*Prerequisites:* + +* Your version of Jenkins meets the minimum xref:../install/system-requirements.adoc#jenkins[system requirements for Prisma Cloud Jenkins plugin]. +* To implement a Jenkins plugin, install the https://plugins.jenkins.io/matrix-project/[Matrix project] plugin. +* You have installed Prisma Cloud Console on a host in your environment. +* Your Jenkins host can reach Prisma Cloud Console over the network. +* We recommend adding a Prisma Cloud user with the _CI User_ role to minimize privileges on Console. +For more information, see xref:../authentication/user-roles.adoc[user roles]. +ifdef::prisma_cloud[] +Also, see xref:../authentication/access-keys.adoc[access keys]. +endif::prisma_cloud[] + +[.procedure] +. Open the Jenkins top page. + +. Install the Prisma Cloud Jenkins plugin. ++ +The Jenkins plugin can be downloaded directly from Console (*Manage > System > Utilities*). +ifdef::compute_edition[] +It's also delivered with the release tarball that you download from xref:../welcome/releases.adoc[Releases]. +endif::compute_edition[] + +.. Click *Manage Plugins* (in the left menu bar) and then click the *Advanced* tab. + +.. Scroll down to *Upload Plugin*, and click *Choose File*. + +.. Navigate to the folder where you unpacked the Prisma Cloud download and select _prisma-cloud-jenkins-plugin.hpi_. + +.. Click *Upload*. + +. Configure the Prisma Cloud plugin. + +.. Go to the Jenkins top page, and then click *Manage Jenkins* > *Configure System*. + +.. Scroll down to the Prisma Cloud section. ++ +image::prisma_cloud_plugin_config.png[Prisma Cloud plugin config,650] ++ +Configuring a proxy: ++ +image::jenkins_proxy_23722.png[width=600] + +.. In *Choose Proxy Protocol Type*, select the proxy option that is to be used for the plugin to communicate with Console. ++ +Choose either the default global Jenkins proxy, configure a separate one, or choose to skip any Proxy communication with the 'No Proxy' option. +If you choose to configure a separate proxy, fill in the proxy's address URL, port, username, password, and CA certificate (if any). + +.. In *Proxy Address*, enter the URL for Prisma Cloud Console. + +.. Enter the Prisma Cloud *Proxy Port*. + +.. In *Proxy Username*, enter the *CI role*. + +.. Enter the *Proxy Password* with the user's credentials for Prisma Cloud Console. ++ +The username is the access key ID and the password is the access key secret of the user with the CI role (Build and Deploy Security permission group with the option to create an access key on Prisma Cloud). + +.. Click *Test Connection* to validate that the Jenkins plugin can communicate with Prisma Cloud Console. + +.. Select *Save*. + +=== Scan artifacts + +When a build completes, you can view the scan results directly in Jenkins. +To support integration with other processes and applications in your organization, Prisma Cloud scan reports can be retrieved from several locations. + +Full scan reports for the latest build can be retrieved from: + +* The scan results file in the project's workspace (by the name configured in the scan steps). + +* The Prisma Cloud API. +For more information, see the https://pan.dev/compute/api/get-scans/[`/api/v/scans`] endpoint for downloading Jenkins scan results. + +For example, if you use https://threadfix.it/[ThreadFix] to maintain a consolidated view of vulnerabilities across all your organization's applications, you could create a post-build action that triggers ThreadFix's Jenkins plugin to grab Prisma Cloud Compute's scan report from the project workspace and upload it to the ThreadFix server. +Contact your ThreadFix support team for details on how to ingest this output. + +To download the scan report from Console using the Prisma Cloud API, use the following command: + +[source,console] +---- +$ curl -k \ + -u \ + https:///api/v1/scans/download?search= \ + > scan_report.csv +---- + +[NOTE] +=== +If you see the following error in the build console output in Jenkins: +"No CA certificate was specified, using insecure connection". + +This is becasue, by default, the `twistcli` binary checks the trust chain of the Prisma console. + +*Solution*: +To establish the trust between the Jenkins plugin and Prisma Console, run `twistlcli` binary with `--tlscacert PATH` flag to specify the path to the Prisma Cloud CA certificate file. + +Although, Jenkins plugin doesn’t provide an option to pass the CA certificate path, however, the connection between Jenkins and Console is still encrypted with TLS. +=== + +[#ignore-image-creation-time] +=== Ignore image creation time + +A common stumbling point is the "Ignore Image Build Time" option. +This option checks the time the image was created against the time your Jenkins build started. +If the image was not created after the start of your current build, the scan is bypassed. +The plugin, by default, scans any image generated as part of your build process but ignores images not created or updated as part of the build. + +As per the Docker's creation time for images, if the image is not changed, the creation time isn't updated. +This could lead to a scenario where an image is built and scanned in one job, but not scanned in subsequent jobs because the creation time wasn't updated as the image didn't change. + +=== Post-build cleanup + +Most of the CI pipelines push images to the registry after passing vulnerability and compliance scan steps of Prisma Cloud. +Pipelines also have a final cleanup step that removes images from the local Docker cache. +If your build fails, and the pipeline is halted, use a *post* section to clean up the Docker cache. +The *post* section of a pipeline is guaranteed to run at the end of a pipeline's execution. + +For more information, see the https://jenkins.io/doc/pipeline/tour/post/[Jenkins documentation]. + + +=== What's next? + +Set up a build job and configure Prisma Cloud to scan the Docker image generated from the job. + +For more information, see: + +* xref:jenkins-freestyle-project.adoc#[Jenkins Freestyle project] +* xref:jenkins-maven-project.adoc#[Jenkins Maven project] +* xref:jenkins-pipeline-project.adoc#[Jenkins Pipeline project] + +Notifications of build failures can be enabled using existing Jenkins plugins, for example: + +* https://plugins.jenkins.io/mailer[Mailer plugin] +* https://plugins.jenkins.io/jira[Jira plugin] +* https://plugins.jenkins.io/slack[Slack plugin] diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/run-jenkins-container.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/run-jenkins-container.adoc new file mode 100644 index 0000000000..40b6f516d0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/run-jenkins-container.adoc @@ -0,0 +1,40 @@ +== Run Jenkins in a container + +Running Jenkins inside a container is a common setup. +This article shows you how to set up Jenkins to run in a container so that it can build and scan Docker images. + + +[.task] +=== Setting up and starting a Jenkins container + +To set up Jenkins to run in a container: + +*Prerequisite:* You have already installed Docker on the host machine. + +[.procedure] +. Create the following Dockerfile. It uses the base Jenkins image and sets up the required permissions for the jenkins user. ++ +---- +FROM jenkins/jenkins:lts + +USER root +RUN apt-get update \ + && apt-get install -y sudo libltdl7 \ + && rm -rf /var/lib/apt/lists/* +RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers +---- + +. Build the image. + + $ docker build -t jenkins_docker . + +. Run the Jenkins container, giving it access to the docker socket. + + $ docker run -d -v /var/run/docker.sock:/var/run/docker.sock \ + -v $(which docker):/usr/bin/docker -p 8080:8080 jenkins_docker + +. Open a browser and navigate to :8080. + +. Install the Prisma Cloud plugin. ++ +For more information, see xref:../continuous-integration/jenkins-plugin.adoc[Jenkins plugin]. diff --git a/docs/en/compute-edition/32/admin-guide/continuous-integration/set-policy-ci-plugins.adoc b/docs/en/compute-edition/32/admin-guide/continuous-integration/set-policy-ci-plugins.adoc new file mode 100644 index 0000000000..a3392131e9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/continuous-integration/set-policy-ci-plugins.adoc @@ -0,0 +1,79 @@ +== CI plugin policy + +Prisma Cloud lets you centrally define your CI policy in Console. +These policies establish security gates at build-time. +Use policies to pass or fail builds, and surface security issues early during the development process. + +There are two types of policies you can use to target your CI tool: vulnerability policies and compliance policies. +CI rules have the same parameters as the rules for registries and deployed components, letting you evenly enforce policy in all phases of the app lifecycle. + +Prisma Cloud offers the following components for integrating with CI tools: + +* A native Jenkins plugin. +* A stand-alone, statically compiled binary, called _twistcli_, that can be integrated with any CI tool. + +=== Vulnerability policy + +For more information about the parameters in vulnerability management rules, see xref:../vulnerability-management/vuln-management-rules.adoc[here]. + +Vulnerability rules that target the build tool can allow specific vulnerabilities by creating an exception and setting the effect to 'ignore'. +Block them by creating an exception and setting the effect to 'fail'. +For example, you could create a vulnerability rule that explicitly allows CVE-2018-1234 to suppress warnings in the scan results. + +Rules take effect as soon as they are saved. + +[.task] +==== Create CI Policy for Vulnerabilities + +Vulnerability CI policies let you raise alerts or fail builds when images/functions scanned in the CI process have vulnerabilities. + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > {Images | Functions} > CI*. + +. Select *Add rule*. ++ +image::vulnerabilities-ci-policy-image.png[width=200] ++ +image::vulnerabilities-ci-policy-functions.png[width=200] + +. Enter a *Rule name* and xref:../vulnerability-management/vuln-management-rules.adoc[configure the rule]. + +. Select *Save*. + +. View the scan report under *Monitor > Vulnerabilities > {Images | Functions} > CI*. + +=== Compliance policy + +The compliance checks in Prisma Cloud are based on the Center for Internet Security (CIS) Docker Benchmarks. +We also provide numerous checks from our xref:../compliance/prisma-cloud-compliance-checks.adoc[lab]. +You can also implement your own checks using xref:../compliance/custom-compliance-checks.adoc[custom checks]. + +NOTE: Compliance rules that target the CI tool can permit specific compliance issues by setting the action to 'ignore'. + +Rules take effect as soon as they are saved. + +[.task] +==== Create CI Policy for Compliance + +Compliance CI policies let you monitor, audit, and enforce security and configuration settings for your CI images and functions. + +[.procedure] +. Open Console. + +. Go to *Defend > Compliance > {Containers and images | Functions} > CI*. + +. Select *Add rule*. ++ +image::compliance-ci-policy.png[width=200] + +. Enter a *Rule name* and configure the rule to xref:../compliance/manage-compliance.adoc[enforce compliance checks]. + +. Select *Save*. + +. View the scan report under *Monitor > Compliance > {Images | Functions} > CI*. + +=== Alert Profiles + +To surface critical compliance and vulnerabilities events, you can create xref:../alerts/alerts.adoc[alert profiles] for forwarding the alerts to various integrations. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/automated-deployment.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/automated-deployment.adoc new file mode 100644 index 0000000000..cf72aa9678 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/automated-deployment.adoc @@ -0,0 +1,49 @@ +== Automated deployment + +The following is an example of Infrastructure as Code (IaC) for the automated deployment of a Console and Defenders within a Kubernetes cluster using an Ansible playbook. +This requires a docker host, Prisma Cloud Compute license and kubectl administrative access to the Kubernetes cluster. +The Ansible playbook must run on a host that is able to route to the Console service's ClusterIP address to perform the required API calls to configure the Console. +Use of this Ansible playbook does not imply any rights to Palo Alto Networks products and/or services. + + +=== Requirements + +This sample IaC deployment runs on a unix based host with the following requirements: + +* https://docs.docker.com/engine/install/[docker] +* https://www.ansible.com/[Ansible] +* https://www.paloaltonetworks.com/prisma/cloud[Prisma Cloud Compute license] +* kubectl access to Kubernetes cluster with xref:../install/deploy-console/console-on-kubernetes.adoc[permissions] to deploy Prisma Cloud Compute. +* Ability to pull images from registry-auth.twistlock.com +* https://github.com/twistlock/sample-code/tree/master/automated-deployments/K8s-Console-Defender-deployment-ansible.yaml[K8s-Console-Defender-deployment-ansible.yaml] Ansible playbook + + +=== Process + +image::automated_deployment.png[width=400] + + +=== Ansible playbook + +Pull the Ansible playbook from https://github.com/twistlock/sample-code/tree/master/automated-deployments/K8s-Console-Defender-deployment-ansible.yaml[here]. +Update the variables in the `vars:` section in https://github.com/twistlock/sample-code/tree/master/automated-deployments/K8s-Console-Defender-deployment-ansible.yaml[_K8s-Console-Defender-deployment-ansible.yaml._] + +* twistlock_registry_token: +* twistlock_license: +* twistlock_install_version: https://docs.prismacloudcompute.com/docs/releases/release-information/latest.html[] +* user: +* password: +* storage_class: +* namespace: + + +=== Execution + +On the unix host, sudo to root and run the command *ansible-playbook K8s-Console-Defender-deployment-ansible.yaml* + +NOTE: The supporting files will be written to the `/root/twistlock` directory. + + +=== Post execution + +Once the playbook has successfully completed, establish communications to the twistlock-console service's management-port-https port (default 8083/TCP) using a https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/[Kubernetes LoadBalancer] or your organization's approved cluster ingress technology. diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt.adoc new file mode 100644 index 0000000000..76ed807cfb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt.adoc @@ -0,0 +1,110 @@ +== Best practices for DNS and certificate management + +As with most cloud-native software, Prisma Cloud relies on core infrastructure services, such as x509 cryptography and DNS name resolution. +Defenders use these services to find and securely connect back to Console, and administrators use them to connect to Console and the API endpoints. +When Console's name can't be resolved, or its certificate doesn't include the name that Defenders use to connect to it, set up might fail and/or Defenders might not be able to successfully connect to Console. + +In relatively simple environments, such as an on-premises environment with a flat network, Prisma Cloud can automatically discover and configure the appropriate network configuration during setup. +However, in more complex environments, auto-discovery is difficult and administrators typically have to manually configure the appropriate settings. + +Consider a deployment where Console exists in one cloud service, but protects hosts distributed across other cloud services in different regions. +In this model, Console's hostname is probably not resolvable by remote Defenders. +And since Defenders probably do not connect directly to Console, but through some reverse NAT or a load balancer, the details of the underlying connectivity are probably obscured. + + +=== Map out your topology + +Mapping out your topology is a fairly obvious step that is often overlooked, but it is the single best way to avoid connectivity problems. + +First, document Console's local hostname and IP. +Try to determine whether this name is the actual name that Defenders will use to connect, or if there is an another entity in between, such as a load balancer or reverse NAT service. + +Then, map out all the potential connection paths from Defenders to Console. +For example, there might be some Defenders deployed in the same cloud service as Console. +They can connect to Console directly. Other Defenders might connect from another routed network or over the Internet using different names. + +Documenting all of these paths and names at the beginning of the planning process saves significant time later when you're troubleshooting. +Use the following sample worksheet as a starting point: + + Console IP address: + Console local host name: + Console management port: + Console / Defender communication port: + + Load balancer / NAT IP address Load balancer / NAT name: + Load balancer / NAT management port: + Load balancer / NAT Console / Defender communication port: + + Defender to Console connection paths: + Direct? + From other cloud services in same deployment? + Over the Internet? + +Because naming is so critical to connectivity, you should use durable, Prisma Cloud-specific names for accessing Console. +For example, although the default host name might be ip-10-1-27-12, it would be a poor choice because it's tied to a specific hostname, which could change if you redeploy Console to a new host. + +Instead, create a CNAME with a short TTL to reference this hostname, and use the CNAME for all name resolution. +This way, if your hostname changes in the future, you simply need to remap the CNAME to the new hostname. +Using CNAMEs is preferable to directly mapping an A record because many cloud services automate DNS resolution within their fabric and offer limited options for overriding this behavior. +In a complex, multi-network environment, the CNAME can be used to reference Console both from the local network and from other networks, including the Internet, through simple and well established DNS configurations. + +Consider the following example scenario: + +* Console runs in cloud network 1, with an IP of 10.1.27.12, and local hostname of ip-10-1-27-12. +* This IP can be accessed over the Internet through a load balancer. +* The load balancer's IP is 100.4.1.8, with a name of lb1.cloudprovider.com. +* Some Defenders also run in cloud network 1. +* Other Defenders run in a data center in another region, and connect to Console over the Internet. + +In this scenario, a good approach would be to create a CNAME, such as console.customer.com. +Internet facing DNS servers would answer queries for Console with lb1.cloudprovider.com. +Internal facing DNS servers would answer queries for Console with ip-10-1-27-12. + + +=== Implement the topology + +After your naming scheme has been planned, the final step is implementing the names in Prisma Cloud. + +When you deploy a Defender, you must specify how it connects to Console, with either an IP address or, preferably, a DNS name. +The Prisma Cloud dashboard lets you specify these names, and provides some preconfigured names, in the *Subject Alternative Names* table on the *Manage > Defenders > Deploy* page. +Any name in the table is added to Console's certificate and becomes available as a configuration parameter in the Defender deployment pages. + +image::best_practices_dns_766674.png[width=700] + +Using our example scenario described in the previous section, the Subject Alternative Name table should contain the CNAME we chose (console.customer.com). +If you have multiple names that you want to use to address Console, add them to the Subject Alternative Name table. +For example, if Defenders in the same cloud network should access Console using cs1-console, you should have the following entries: + +* console.customer.com +* cs1-console + +After Prisma Cloud is set up with these values, you will see them in the drop down menu in all of the Defender deployment pages as a configuration parameter. +When you set up a new Defender, select how it should connect to Console from the same list of names in the Subject Alternative Names table. + +image::best_practices_dns_757328.png[width=650] + +When you're installing Defender, always ensure that the name you select from the drop down list can be resolved from the host where Defender will run. +Using our example scenario, this means that you would select cs1-console for 'local' hosts that run in the same cloud service as the Console, and that you would select console.customer.com for 'remote' hosts. +If the name you select cannot be resolved from the host where you install Defender, Defender set up will fail. + + +[.task] +=== Updating the list of resolvable names for Console + +Define additional names Defenders can use to connect to Console. +After adding a name to the Subject Alternative Name table, the name is added to Console's certificate and it is available in the drop down list in the Defender deployment pages. + +NOTE: The values for CONSOLE_CN and DEFENDER_CN in _twistlock.cfg_ should never be modified unless you are directed to do so by Prisma Cloud Support. +These values are needed to work around distribution-specific abnormalities in the hostname command, which we use to create certificates during set up. +Your custom names should always go in the Subject Alternative Name table, and never be hard-coded into CONSOLE_CN or DEFENDER_CN. + +[.procedure] +. In Console, go to *Manage > Defenders > Deploy*. + +. In the *Subject Alternative Name* table, click *Add row*. + +. Specify an IP address or fully qualified domain name. + +. Redeploy any Defenders that require the new name to connect to Console. ++ +If the old names are still accessible, this step can be skipped. diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/caps.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/caps.adoc new file mode 100644 index 0000000000..d45cb31fc0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/caps.adoc @@ -0,0 +1,87 @@ +== Storage Limits for Audits and Reports + +Prisma Cloud restricts the size of some data collections to prevent misconfigured or noisy systems from consuming all available disk space and compromising the availability of the Console service. + +=== Registry Scanning + +Prisma Cloud scans a maximum of 1,000,000 registry images, ordered by most recently published. +Publish date is the time an image is pushed to the registry. + +=== Data Collections Limits + +The following limits are currently enforced in Console's database. + +For audits: if you must retain all audits, consider configuring Console to send audits to syslog, and then forward the audits to a log management system for long term storage. + +[cols="1,3", options="header"] +|=== +|Collection +|Cap + +|Registry specifications +|19,999 entries + +|xref:../vulnerability-management/scan-reports.adoc[Jenkins plugin and twistcli scan reports] +|5000 scan reports or 500 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[Container runtime audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[Container network firewall audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../runtime-defense/image-analysis-sandbox.adoc[Image sandbox analysis reports] +|5000 scan reports or 500 MB (whichever limit is reached first) + +|xref:../audit/kubernetes-auditing.adoc[Kubernetes audits] +|100K audits or 50 MB (whichever limit is reached first) + +|xref:../access-control/open-policy-agent.adoc[Admission audits] +|100K audits or 50 MB (whichever limit is reached first) + +|xref:../runtime-defense/runtime-defense-hosts.adoc[Log inspection events] +|100K audits or 50 MB (whichever limit is reached first) + +|xref:../runtime-defense/runtime-defense-hosts.adoc[File integrity events] +|100K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/host-activity.adoc[Host activities] +|100K audits or 50 MB (whichever limit is hit first) + +|xref:../audit/audit-admin-activity.adoc[Host history] +|100K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[Host runtime audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[Host network firewall audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[Serverless runtime audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[App-Embedded runtime audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../audit/event-viewer.adoc[Trust audits] +|25K audits or 50 MB (whichever limit is reached first) + +|xref:../waas/waas-analytics.adoc[WAAS for containers events] +|200K audits or 200 MB (whichever limit is reached first) + +|xref:../waas/waas-analytics.adoc[WAAS for hosts events] +|200K audits or 200 MB (whichever limit is reached first) + +|xref:../waas/waas-analytics.adoc[WAAS for serverless events] +|200K audits or 200 MB (whichever limit is reached first) + +|xref:../waas/waas-analytics.adoc[WAAS for app-embedded events] +|200K audits or 200 MB (whichever limit is reached first) + +|xref:../runtime-defense/incident-explorer.adoc[Incidents] +|25K incidents or 50 MB (which limit is reached first) + +|xref:../vulnerability-management/registry-scanning/registry-scanning.adoc[Registry specifications] +|19,999 entries + +|=== diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/deployment-patterns.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/deployment-patterns.adoc new file mode 100644 index 0000000000..33cdc63b9d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/deployment-patterns.adoc @@ -0,0 +1,4 @@ +== Deployment patterns + +As you prepare to deploy Prisma Cloud, consider how to tailor it fit into your environment. +Prisma Cloud supports multitenancy, which gives you a way to manage all your deployments from a single interface, and control which data each team can see. diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/high-availability.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/high-availability.adoc new file mode 100644 index 0000000000..903dd91744 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/high-availability.adoc @@ -0,0 +1,71 @@ +== High Availability and Disaster Recovery guidelines + +The following article describes the key guidelines for keeping your Prisma Cloud Compute deployment highly available, and creating a disaster recovery process. + +Prisma Cloud Compute deployment consists of two components - Console and Defenders. + +* Console is the management interface. +It lets you define policy and monitor your environment. +* Defenders are spread across your environment and protect its workloads according to the policies set in the Console. + +When the Console fails or stops working, your environment still has active runtime protection done by the Defenders. Each Defender holds the updated policies, and keeps protecting your workloads according to them. + +This article mainly focuses on Prisma Cloud Compute Edition deployment (self-hosted Console). When leveraging Prisma Cloud Enterprise Edition (SaaS Console), high availability for the console is automatically provided by Palo Alto Networks. + +=== Guidelines + +Use the guidelines in this section to create high availability and disaster recovery processes for your deployment. + +The following flowchart depicts the guidelines: + +image::ha_dr_flow_chart.png[width=800] + + +==== Inside each cluster + +Whether your deployment is in the cloud or on-premises, orchestrators, such as Kubernetes, OpenShift, and AWS ECS, automatically support HA of the cluster and the containers running on it. + +* *Console* -- Set your storage to be external to the Console container/node. +In case the Console container/node fails, the orchestrator brings Console back up, where it connects to the external storage to get its latest state. +* *Defenders* -- Defenders are deployed as a DaemonSet. +In case of a node failure, the orchestrator automatically brings up another node and deploys a Defender container on it, as a part of the DaemonSet definition. + + +==== Between clusters + +While not explicitly tested or supported by Palo Alto Networks, in general, solutions that replicate storage between clusters to provide disaster recovery work transparently to Prisma Cloud Compute Edition. +Note that ingress into the Console (DNS mapping and IP routing) may require additional steps during the activation of the secondary sites to ensure the Console is reachable over the network. + +*Public cloud* + +* *Inside each region* -- CSPs provide high availability using availability zones inside each region. +In case of an AZ failure, most cloud providers bring the cluster back up in another AZ. ++ +Use cross availability zones storage solutions, so when the cluster is up in another AZ, it connects to the shared storage and keeps functioning as before. +For example, in AWS, EFS can be used as a shared storage between availability zones. +* *Between regions* -- CSPs provide solutions such as snapshots and backups that can be moved between regions, shared storage between regions, etc. +You can also use xref:../configure/disaster-recovery.adoc[Compute's backup and restore] capabilities for moving the data between regions. + +*Private cloud (on-premises)* + +* *Inside each site/data center* (between clusters on the same site) +** Use shared storage between the clusters. +** Create a disaster recovery process using xref:../configure/disaster-recovery.adoc[Compute's backup and restore] capabilities: +*** Create a spare cluster (warm or cold) with a Prisma Cloud Compute (PCC) deployment. +*** Backup PCC’s data periodically to a location outside of the active cluster. +*** If the active cluster fails, bring the spare cluster up, and restore PCC’s data to it. + +* *Between sites/data centers* +** Create a disaster recovery process for cases where one site goes down, using xref:../configure/disaster-recovery.adoc[Compute's backup and restore] capabilities: +*** Create a spare site (warm or cold) with a PCC deployment. +*** Backup PCC’s data periodically to a location outside of the active site. +*** If the entire active site fails, bring the spare site up, and restore PCC’s data from the external location to it. + + +=== Projects + +xref:../deployment-patterns/projects.adoc[Projects] solve the problem of multi-tenancy. Each project consists of a Console and its Defenders. +Each project is a separate, compartmentalized environment which operates independently with its own rules and configurations. + +High availability and disaster recovery processes should be created for each tenant project, similar to the way you would handle a single Console deployment. +If using Compute's backup and restore capabilities, backups should be created and restored separately for each project. diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/migrate-to-saas.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/migrate-to-saas.adoc new file mode 100644 index 0000000000..2a1e6ed9f7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/migrate-to-saas.adoc @@ -0,0 +1,11 @@ +== Migrating to a SaaS Console + +If you are interested in moving from Prisma Cloud Compute Edition (self-hosted) to Prisma Cloud Enterprise Edition (SaaS), contact Palo Alto Network Customer Support or your Customer Success Team to discuss the migration process in detail. + +Points to consider: + +* This is a one-time migration. +* The direction is Prisma Cloud Compute Edition to Prisma Cloud Enterprise Edition. +You cannot migrate from Prisma Cloud Enterprise Edition to Prisma Cloud Compute Edition. +* If you have projects enabled with Prisma Cloud Compute Edition, you will need to break them apart and pick a single Console to migrate. +* Your Prisma Cloud Compute Edition Console version must exactly match the Prisma Cloud Enterprise Edition Console, which is always the latest version of Prisma Cloud Compute that is available. diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/migration-options-for-scale-projects.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/migration-options-for-scale-projects.adoc new file mode 100644 index 0000000000..d1ac9f3d93 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/migration-options-for-scale-projects.adoc @@ -0,0 +1,47 @@ +== Migration options for scale projects + +Starting in 20.12, Console has substantially increased the number of simultaneous Defenders it can support. +Each instance of Console can support 10K Defenders. +With this new capability, scale projects have been deprecated. + +Scale projects gave security teams full control over policies for all application teams. +If you're currently using scale projects, we offer the following migration paths when upgrading to 20.12 + + +=== Migration paths + +If you're using scale projects, there are two ways you can migrate to a supported configuration. + +*1. Convert existing scale projects to tenant projects --* + +When upgrading to 20.12, all existing scale projects will automatically be converted into tenant projects. +Scale project policy rules will be converted to tenant project policy rules. +From that point, any changes to the tenant project policies will only apply to the project itself, without any sync with Central Console. + +If you choose this migration option, reevaluate the roles assigned to your users. +After upgrading, users with the Admin, Operator, or Vulnerability Manager roles on the converted projects (now tenant projects) will have the ability to edit policy rules, so you might need to lower their privileges. + +*2. Unify the scale projects into Central Console --* + +Before upgrading to 20.12, redeploy all scale project Defenders and connect them directly to Central Console. +Use collections and RBAC to control which resources can be viewed and managed by different users (see example below). + +If you have more than 10K Defenders, consider deploying more than one tenant project. +To share policies between tenants, develop an automated process on top of the API to push policies from one Console to the other. + + +=== Using collections + +Examples of how to use collections in your migration. + +*Create a collection for a specific cluster:* + +image::create_collections.png[width=800] + +*Assign the collection to a user:* + +image::assign_collections_to_user.png[width=800] + +*Collections can also be used when defining policies:* + +image::use_collections_in_rules.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/performance-planning.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/performance-planning.adoc new file mode 100644 index 0000000000..1e726b0e37 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/performance-planning.adoc @@ -0,0 +1,245 @@ +== Performance planning + +This section details the run-time characteristics of a typical Prisma Cloud deployment. +The information provided is for planning and estimation purposes. + +System performance depends on many factors outside of our control. +For example, heavily loaded hosts have fewer available resources than hosts with balanced workloads. + + +=== Scale + +Prisma Cloud has been tested and optimized to support up to 10,000 Defenders per Console. + +ifdef::compute_edition[] +Higher numbers of Defenders per Console can be supported, as long as the xref:../install/system-requirements.adoc#hardware[required resources] are allocated to Console. +endif::compute_edition[] + + +ifdef::compute_edition[] +=== Storage + +Using a network based storage is not recommended because it affects the database performance. if you choose to use a network based storage, such as NFS, make sure to review the https://www.mongodb.com/docs/v4.2/administration/production-notes/#remote-filesystems-nfs[Mongodb documentation] for NFS storage requirements. + +Host and Container Defenders don't support the following storage solutions. + +* NFS storage +* Symbolic links + +endif::compute_edition[] + +=== Scanning performance + +This section describes the resources consumed by Prisma Cloud Defender during a scan. +Measurements were taken on a test system with 1GB RAM, 8GB storage, and 1 CPU core. + + +[.section] +==== Host scans + +Host scans consume the following resources: + +[cols="30%,70%", options="header"] +|=== +|Resource |Measured consumption + +|Memory +|10-15% + +|CPU +|1% + +|Time to complete a host scan +|1 second +|=== + + +[.section] +==== Container scans + +Container scans consume the following resources: + +[cols="30%,70%", options="header"] +|=== +|Resource |Measured consumption + +|Memory +|10-15% + +|CPU +|1% + +|Time to complete a container scan +|1-5 seconds per container +|=== + + +[.section] +==== Image scans + +When an image is first scanned, Prisma Cloud caches its contents so that subsequent scans run more quickly. +The first image scan, when there is no cache, consumes the following resources: + +[cols="30%,70%", options="header"] +|=== +|Resource |Measured consumption + +|Memory +|10-15% + +|CPU +|2% + +|Time to complete an image scan. +|1-10 seconds per image. +(Images are estimated to be 400-800 MB in size.) +|=== + +Scans of cached images consume the following resources: + +[cols="30%,70%", options="header"] +|=== +|Resource |Measured consumption + +|Memory +|10-15% + +|CPU +|2% + +|Time to complete an image scan +|1-5 seconds per image. +(Images are estimated to be 400-800 MB in size.) +|=== + + +=== Real-world system performance + +Each release, Prisma Cloud tests performance in a scaled out environment that replicates a real-world workload and configuration. +The test environment is built on Kubernetes clusters, and has the following properties: + +* *Hosts:* 20,000 +* *Hardware:* +** *Console:* 16 vCPUs, 50 GB memory +** *Defenders:* 2 vCPUs, 8 GB memory +* *Operating system:* Container-Optimized OS +* *Images:* 323 +* *Containers:* 192,087 (density of 9.6 containers per host) + +The results are collected over the course of 24 hours. +The default vulnerability policy (alert on everything) and compliance policy (alert on critical and high issues) are left in place. + +[.underline]#Resource consumption#: + +The following table shows normal resource consumption. + +[cols="1,1,1", options="header"] +|=== +|Component |Memory (RAM) |CPU (single core) + +|Console +|1,474 MiB +|8.0% + +|Defender +|82 MiB +|1.0% + +|=== + + +=== WAAS performance benchmark + +==== Minimum requirements + +Results detailed in this document assume a Defender instance complying with xref:../install/system-requirements.adoc[these] minimum requirements. + +==== Methodology + +===== Benchmark target servers + +Benchmark target servers were run on AWS EC2 instances running Ubuntu Server 18.04 LTS + +|=== +|Instance type|Environment|Compared servers|Versions + +|t2.large|Docker|Nginx vs WAAS-protected Nginx|Nginx/1.19.0 +|t2.large|Host|Nginx vs WAAS-protected Nginx|Nginx/1.14.0 +|t2.large|Kubernetes|Nginx vs WAAS-protected Nginx|Nginx/1.17.10 +|=== + +===== Benchmarking client + +Benchmarking was performed using the https://github.com/rakyll/hey[hey] load generating tool deployed on a ‘t2.large’ instance running Ubuntu Server 18.04 LTS + +===== Benchmark scenarios + +Test scenarios were run using hey against each server: +[cols="10,3,5"] +|=== +|Scenario ^.^|HTTP Requests ^.^|Concurrent Connections + +|HTTP GET request ^.^|5,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP GET request with query parameters ^.^|5,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP GET request with an attack payload in a query parameter ^.^|5,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP GET with 1 MB response body ^.^|1,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP GET with 5 MB response body ^.^|1,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP POST request with body payload size of 100 bytes ^.^|5,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP POST request with body payload size of 1 KB ^.^|5,000 ^.^|10, 100, 250, 500, 1,000 +|HTTP POST request with body payload size of 5 KB ^.^|5,000 ^.^|10, 100, 250, 500, 1,000 +|=== + +NOTE: In order to support 1,000 concurrent connections in large file scenarios, WAAS HTTP body inspection size limit needs to be set to 104,857 bytes + +==== Results + +===== HTTP transaction overhead + +The following table details request average *overhead* (in milliseconds): +[cols="3,7,2,2,2,2,2"] +|=== +2.2+^.^h|*Environment* 5.1+^h|*Concurrent Connections* +^h|*10* ^h|*100* ^h|*250* ^h|*500* ^h|*1,000* +1.8+^.^|Docker <.^|HTTP GET request ^.^|3 ^.^|30 ^.^|70 ^.^|99 ^.^|185 + <.^|HTTP GET request with query parameters ^.^|4 ^.^|34 ^.^|70 ^.^|100 ^.^|151 + <.^|GET w/ attack payload ^.^|1 ^.^|6 ^.^|6 ^.^|26 ^.^|96 + <.^|GET - 1MB Response ^.^|1 ^.^|-268 ^.^|-1314 ^.^|-3211 ^.^|-5152 + <.^|GET - 5MB Response ^.^|15 ^.^|-1,641 ^.^|-6,983 ^.^|-9,262 ^.^|-18,231 + <.^|POST w/ 100B body ^.^|5 ^.^|42 ^.^|84 ^.^|119 ^.^|194 + <.^|POST w/ 1KB body ^.^|12 ^.^|106 ^.^|245 ^.^|430 ^.^|800 + <.^|POST w/ 5KB body ^.^|42 ^.^|402 ^.^|970 ^.^|1,853 ^.^|3,189 +1.8+^.^|Host <.^|HTTP GET request ^.^|2 ^.^|22 ^.^|53 ^.^|82 ^.^|217 + <.^|HTTP GET request with query parameters ^.^|3 ^.^|27 ^.^|63 ^.^|93 ^.^|212 + <.^|GET w/ attack payload ^.^|0 ^.^|6 ^.^|17 ^.^|78 ^.^|104 + <.^|GET - 1MB Response ^.^|-1 ^.^|-6 ^.^|32 ^.^|131 ^.^|-681 + <.^|GET - 5MB Response ^.^|7 ^.^|-45 ^.^|-638 ^.^|-2,677 ^.^|-9,099 + <.^|POST w/ 100B body ^.^|3 ^.^|29 ^.^|66 ^.^|114 ^.^|300 + <.^|POST w/ 1KB body ^.^|10 ^.^|97 ^.^|234 ^.^|436 ^.^|774 + <.^|POST w/ 5KB body ^.^|39 ^.^|407 ^.^|940 ^.^|1,831 ^.^|3,196 +1.8+^.^|Kubernetes <.^|HTTP GET request ^.^|3 ^.^|29 ^.^|58 ^.^|78 ^.^|155 + <.^|HTTP GET request with query parameters ^.^|4 ^.^|33 ^.^|79 ^.^|114 ^.^|288 + <.^|GET w/ attack payload ^.^|0 ^.^|5 ^.^|15 ^.^|63 ^.^|177 + <.^|GET - 1MB Response ^.^|-4 ^.^|-252 ^.^|-981 ^.^|-2827 ^.^|-5754 + <.^|GET - 5MB Response ^.^|15 ^.^|-1,653 ^.^|-5,254 ^.^|-14,966 ^.^|-23,828 + <.^|POST w/ 100B body ^.^|5 ^.^|39 ^.^|92 ^.^|130 ^.^|280 + <.^|POST w/ 1KB body ^.^|11 ^.^|109 ^.^|252 ^.^|498 ^.^|907 + <.^|POST w/ 5KB body ^.^|43 ^.^|421 ^.^|1,013 ^.^|2,005 ^.^|3,557 +|=== + +NOTE: Negative numbers indicate a performance improvement. WAAS response time can be faster than origin-server response time when attacks are blocked and not forwarded to the origin server. + +===== Load testing + +The following table details average request time (in milliseconds) of 1,000,000 request benchmarking load (includes response time for both WAAS and underlying origin): + +[cols="3,7,2,2,2,2,2"] +|=== +2.2+^.^h|*Environment* 5.1+^h|*Concurrent Connections* +^h|*10* ^h|*100* ^h|*250* ^h|*500* ^h|*1,000* +1.2+^.^|Docker <.^|HTTP GET request ^|4 ^|36 ^|90 ^|177 ^|358 +<.^|HTTP POST request, 100 Byte body ^|5 ^|47 ^|116 ^|232 ^|472 +1.2+^.^|Host <.^|HTTP GET request ^|3 ^|28 ^|70 ^|140 ^|298 +<.^|HTTP POST request, 100 Byte body ^|4 ^|40 ^|99 ^|197 ^|397 +1.2+^.^|Kubernetes <.^|HTTP GET request ^|4 ^|38 ^|92 ^|181 ^|363 +<.^|HTTP POST request, 100 Byte body ^|5 ^|49 ^|119 ^|236 ^|460 +|=== diff --git a/docs/en/compute-edition/32/admin-guide/deployment-patterns/projects.adoc b/docs/en/compute-edition/32/admin-guide/deployment-patterns/projects.adoc new file mode 100644 index 0000000000..76e17fb3fe --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/deployment-patterns/projects.adoc @@ -0,0 +1,325 @@ +== Projects + +Some deployments must be compartmentalized for regulatory or operational reasons. +Projects solve the problem of multi-tenancy. +Each project, or tenant, consists of a Console and its Defenders. +Each project is a separate, compartmentalized environment which operates independently with its own rules and configurations. + +Projects are federated behind a single master Console with a single URL. +For example, \https://console.customer.com might be the URL for accessing the master Console UI and API. +Tenant projects are deployed, accessed, and managed from the single master Console. +You could deploy a tenant Console for each business unit, giving each team their own segregated environment. +Each team accesses their tenant through the master Console's URL. + +Role-based access control (RBAC) rules manage who can access which project. +When users log onto Prisma Cloud Central Console, they are shown a list of projects to which they have access and can switch between them. + +NOTE: Scale projects have been deprecated. +If you've deployed a scale project, see xref:../deployment-patterns/migration-options-for-scale-projects.adoc[migration options for scale projects] for more information about how to transition to a supported configuration. + + +=== Terminology + +The following terms are used throughout this article: + +Central Console:: +Also known as the master Console or just master. +This is the interface from which administrators manage (create, access, and delete) their projects. + +Supervisor:: +Secondary, slave Console responsible for the operation of a project. +Supervisor Consoles are headless. +Their UI and API are not directly accessible. +Instead, users interact with a project from Central Console's UI and API. + +Project (also tenant project, or just tenant):: +Deployment unit that consists of a supervisor Console and it's connected Defenders. +Tenant projects are like silos. +Each tenant maintains its own rules and settings, separate from Central Console and any other tenant. + + +=== When to use projects + +Carefully assess whether you need projects. +Provisioning projects when they are not required will needlessly complicate the operation and administration of your environment. + +*1. Do you have multiple segregated environments, where each environment must be configured with its own rules and policies?* + +If yes, then deploy a tenant project for each environment. + +*2. If you choose not to use projects now, can you migrate to projects at a later time?* + +Yes. +Even if you choose not to use projects now, you're not locked into that decision. +You can always migrate to projects at a later time. +For more information, see <>. + + +=== Architecture + +Projects federate the UI and API for multiple Consoles. + +For example, if you have three separate instances of Consoles for development, test, and production environments, projects let you manage all of them from a single Central Console. +With projects, one Console is designated as the master and all others are designated as supervisors. +Thereafter, all UI and API requests for a project are proxied through the master and routed to the relevant supervisor. +Supervisors do not serve a UI or API. + +image::projects_arch.png[width=800] + + +[.section] +==== Connectivity + +By default, the master and its supervisor Consoles communicate over port 8083. +You can configure a different port by setting MANAGEMENT_PORT_HTTPS in _twistlock.cfg_ at install time. +All Consoles must use the same value for MANAGEMENT_PORT_HTTPS. +Communication between the master and supervisor Consoles must be direct, and cannot be routed through a proxy. + +Defenders communicate with their respective supervisor Consoles. +Project Defenders never communicate directly with the Central Console. + +Prisma Cloud CA signed certs are used for establishing the Central Console to supervisor Console communication link. +Since no user interacts with the supervisor Console directly, the link is an internal architecte detail, and we use our own CA. +This setup reduces the risk of outages due to expired certs. + +NOTE: When configuring Central and supervisor Consoles, you must configure the supervisor Console to xref:../configure/subject-alternative-names.adoc[include the Subject Alternative Name (SAN)] for the Central Console. + +NOTE: When configuring access to the Consoles via Ingress Network Routes in Kubernetes, you must add the Central Console to the supervisor Console Ingress configuration. + +Central Console can have its own set of Defenders. +In this case, these Defenders do communicate directly with Central Console. +However, no project Defenders ever communicate directly with Central Console. + + +[.section] +==== Access control + +When users log into Prisma Cloud Console, they are presented with a list of projects to which they have access, and they can chose the project they want to work in. +Access to projects is controlled by role-based access control rules. + +You can grant access to specific projects for any 'local' users created in Console under *Manage > Authentication > Users*. +If you have integrated Console with an OpenLDAP, Active Directory, or SAML provider, you can grant access to projects by group. +Users and groups can be granted access to multiple projects. + +A user's role is applied globally across all projects. +That is, a user will have the same role for each project for which he has been granted access. + +NOTE: Project access control rules at the user level takes precedence over access control granted at the group level. +For example, if a 'local' user has been granted access to project1, but also belongs to group1, which has been granted access to project2, he will only have permissions to access project1. + + +[.section] +==== Secrets + +Prisma Cloud fully supports secrets management for tenant projects. +Secrets management can be independently configured and managed for each tenant project. + + +[.section] +==== Limitations + +Moving Defenders between projects is not supported. +To "move" a Defender, decommission it from one project and deploy it to another. + + +=== Provisioning flow + +Let's look at how projects are provisioned. + +*Step 1:* +Install Console using any installation method. +For example, you could install xref:../install/deploy-console/console-on-onebox.adoc[Console (onebox) with the _twistlock.sh_ script] or as a xref:../install/deploy-console/console-on-kubernetes.adoc[service in a Kubernetes cluster]. +When Console is installed, it runs in master mode by default. + +image::projects_setup_flow1.png[width=600] + +*Step 2:* +Install a second Console on a different host. +By default, it also runs in master mode. + +image::projects_setup_flow2.png[width=600] + +*Step 3:* +In the UI for Console 1, provision a new project. +Specify the URL to Console 2. +The provisioning process automatically changes the operating mode for Console 2 to supervisor. +The UI and API for Console 2 are now no longer directly accessible. + +image::projects_setup_flow3.png[width=600] + +*Step 4:* +The only difference between a master Console and a supervisor Console is whether its UI and API can be accessed directly, or whether it is proxied through the master. +To view your tenant project (managed by Console 2), open Console 1 and select the project. +All your rules and settings for your project are loaded and displayed in Console 1. + +image::projects_setup_flow4.png[width=600] + +You can release a supervisor, and return it to its original state, by deleting the project. +The supervisor Console reverts back to master mode. + + +=== Migration strategies + +If you have already deployed one or more stand-alone Consoles, and you want to adopt a project-based structure, then the migration is easy. +Designate one Console as master, then designate each remaining Console as a supervisor by provisioning projects for them. + +Adding an existing Console to a project is not a destructive operation. +All data is preserved, and the process can be reversed. +The only thing that changes is the way you access Console when it's mode changes to supervisor. +Supervisor Consoles cannot be accessed directly. +They can only be accessed through the master Console, by selecting a project from the *Selected project* drop-down list. + +For example, assume you've deployed three separate stand-alone Consoles: one for your production environment, one for your test environment, and one for your development environment. + +image::projects_migrate1.png[width=700] + +When migrating to projects, you have the following options: + +*Option 1:* +Promote one Console to master, and designate the others as supervisors. +In this example, you pick the prod Console to be master, then create tenant projects for the test and development Consoles. + +By default, Consoles run in master mode when they are installed, so you don't need to do anything to "promote" prod to master. +To relegate test and dev to supervisor, <> for each one. + +image::projects_migrate2.png[width=700] + +*Option 2:* +Install a new Console on a dedicated host and designate it as master. +Provision a tenant project for each of the prod, test, and dev Consoles. + +image::projects_migrate3.png[width=700] + + +=== Accessing the API + +All API requests should be routed to Central Console only. +Central Console checks if the client has the correct permissions to access the given project, and then Central Console redirects the request to right supervisor, and then returns to supervisor's response to the client. + +For API requests that create, modify, or delete data, Central Console responds to the client with a success return code, and then updates the supervisor asynchronously. + +To target an API request to a specific project, append the `project=` query parameter to your request. +For example, to get a list of Defenders deployed in the `prod` project: + + GET http://:8083/api/v1/defenders?project=prod + +Central Console reroutes the request to the appropriate supervisor. +Not all requests need to be rerouted. +For example, the endpoints for getting a list of users, groups, or projects are handled by Central Console directly. +Some endpoints require no special permissions to access them, such as getting a list projects to which a user has been granted access. + + +[.task] +=== Provisioning a project + +Provision new projects from the Central Console UI. + +NOTE: Communication between the master and supervisor Consoles must be direct, and cannot be routed through a proxy. + +[.procedure] +. Install a Console on a host in your environment using any install procedure. ++ +There is no need to create an admin user or enter your license. +Those details will be handled for you in the provisioning phase of this procedure. + +. Register the newly installed Console with the Central Console and create a project. + +. Go to *Manage > Projects > Manage* + +. Set *Use Projects* to *On*. + +. Click *Provision project*. + +. In *Project name*, give your project a name. + +. In *Supervisor address*, enter the URL for accessing Console +Include both the protocol (\https://) and port. + +. For a fresh Console install, there is no need to enter any credentials. +They will be created for you automatically. ++ +If you are migrating an existing Console to a project, specify the admin credentials. + + +[.task] +=== Decommissioning a project + +Decommissioning a project simply reverts the supervisor Console back to a stand-alone master Console. +The link between Central Console and the former supervisor Console is severed. +All project data (rules, audits, scan reports) is left in tact. + +When a project is created, the Console is configured with an admin user. +When you delete the project, the admin credentials are shown to you so that you can continue to access and administer it. +The credentials are shown only one time, so copy them, and set them aside in a safe place. + +[.procedure] +. Open Central Console. + +. Go to *Manage > Projects > Manage*. + +. In the *Provisioned Projects* table, click delete on the project you want to delete. + + +[.task] +=== Decommissioning disconnected projects + +Central Console lets you delete projects, even if the supervisor Console is disconnected. +The project is deleted from the master's database, but it leaves the supervisor Console in the wrong state. + +When you delete a disconnected project, Prisma Cloud tells you that the supervisor cannot be reached. +To manually revert the supervisor Console back to a stand-alone master Console, call the supervisor's REST API to change its settings. + +[.procedure] +. Decide how you want to access the supervisor's REST API. +You can use basic auth or an auth token. + +. Update the supervisor's project settings. +The following example command uses basic auth. +Only xref:../authentication/user-roles.adoc#administrator[admin users] are permitted to change project settings. + + $ curl -k \ + -u \ + -X POST \ + -H 'Content-Type:application/json' \ + -d '{"master":false, "redirectURL":""}' \ + https://:8083/api/v1/settings/projects + + +[.task] +=== Deploying Defender DaemonSets for projects (Console UI) + +When creating a DaemonSet for a project, you can use the Console UI, twistcli, or API. +This section shows you how to use the Console UI. + +[.procedure] +. In Console, use the drop-down menu at the top right of the UI to select the project where you want to deploy your DaemonSet. + +. Go to *Manage > Defenders > Deploy Daemon Set*. + +. Configure the deployment parameters, then copy and run the resulting install script. + + +=== Deploying Defender DaemonSets for projects (twistcli) + +Create a DaemonSet deployment file with twistcli. +Specify both the project name and the DNS name or IP address of the supervisor Console to which the DaemonSet Defenders will connect. +The DNS name or IP address must be a xref:../configure/subject-alternative-names.adoc[Subject Alternative Name] in the supervisor Console's certificate. + + $ /twistcli defender export kubernetes \ + --address https://:8083 \ + --project + --user \ + --cluster-address + + +=== Deploying Defender DaemonSets for projects (API) + +A DaemonSet deployment file can also be created with the API. +Specify both the project name and the DNS name or IP address of the supervisor Console to which the DaemonSet Defenders will connect. +The DNS name or IP address must be a xref:../configure/subject-alternative-names.adoc[Subject Alternative Name] in the supervisor Console's certificate. + + $ curl -k \ + -u + -X GET \ + 'https://:8083/api/v1/defenders/daemonset.yaml?consoleaddr=&listener=none&namespace=twistlock&orchestration=kubernetes&privileged=true&serviceaccounts=true&project=' + diff --git a/docs/en/compute-edition/32/admin-guide/firewalls/firewalls.adoc b/docs/en/compute-edition/32/admin-guide/firewalls/firewalls.adoc new file mode 100644 index 0000000000..c96a061dbb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/firewalls/firewalls.adoc @@ -0,0 +1,11 @@ +== Firewalls + +ifdef::compute_edition[] +Prisma Cloud provides layer 4 monitoring and enforcement, and layer 7 firewalling. +For layer 7 firewalling, see WAAS. +endif::compute_edition[] + +ifdef::prisma_cloud[] +Prisma Cloud provides layer 4 monitoring and layer 7 firewalling. +For layer 7 firewalling, see WAAS. +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/howto/attachments/efs-provisioner-template.yaml b/docs/en/compute-edition/32/admin-guide/howto/attachments/efs-provisioner-template.yaml new file mode 100644 index 0000000000..ace4d9e9fd --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/attachments/efs-provisioner-template.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: efs-provisioner +data: + file.system.id: + aws.region: + provisioner.name: example.com/aws-efs + dns.name: "" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: efs-provisioner + namespace: default +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: efs-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-efs-provisioner +subjects: + - kind: ServiceAccount + name: efs-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: ClusterRole + name: efs-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: efs-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: efs-provisioner + spec: + serviceAccountName: efs-provisioner + containers: + - name: efs-provisioner + image: quay.io/external_storage/efs-provisioner:latest + env: + - name: FILE_SYSTEM_ID + valueFrom: + configMapKeyRef: + name: efs-provisioner + key: file.system.id + - name: AWS_REGION + valueFrom: + configMapKeyRef: + name: efs-provisioner + key: aws.region + - name: DNS_NAME + valueFrom: + configMapKeyRef: + name: efs-provisioner + key: dns.name + optional: true + - name: PROVISIONER_NAME + valueFrom: + configMapKeyRef: + name: efs-provisioner + key: provisioner.name + volumeMounts: + - name: pv-volume + mountPath: /persistentvolumes + volumes: + - name: pv-volume + nfs: + server: .efs..amazonaws.com + path: / +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: aws-efs +provisioner: example.com/aws-efs +--- diff --git a/docs/en/compute-edition/32/admin-guide/howto/configure-ecs-loadbalancer.adoc b/docs/en/compute-edition/32/admin-guide/howto/configure-ecs-loadbalancer.adoc new file mode 100644 index 0000000000..a37e9338e7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/configure-ecs-loadbalancer.adoc @@ -0,0 +1,71 @@ +:topic_type: task + +[.task] +== Configure an AWS Classic Load Balancer for ECS + +Configure an AWS Classic Load Balancer for accessing Prisma Cloud Console. +Console serves its UI and API over HTTPS on port 8083, and Defender communicates with Console over a websocket on port 8084. +You'll set up a single load balancer to forward requests for both port 8083 and 8084 to Console, with the load balancer checking Console's health using the _/api/v1/_ping_ endpoint on port 8083. + +For the complete install procedure for Prisma Cloud on Amazon ECS, see https://docs.twistlock.com/docs/latest/install/install_amazon_ecs.html[here]. + +[.procedure] +. Log into the AWS Management Console. + +. Go to *Services > Compute > EC2*. + +. In the left menu, go to *Load Balancing > Load Balancers*. + +. Create a load balancer. + +.. Click *Create Load Balancer*. + +.. In *Classic Load Balancer*, click *Create*. + +.. Give your load balancer a name, such as *pc-ecs-lb*. + +.. Leave default *VPC*. + +.. Create the following listener configuration: ++ +* *Load Balancer Protocol*: TCP +* *Load Balancer Port*: 8083 +* *Instance Protocol*: TCP +* *Instance Port*: 8083 + +.. Click *Add* to add another listener using following listener configuration: ++ +* *Load Balancer Protocol*: TCP +* *Load Balancer Port*: 8084 +* *Instance Protocol*: TCP +* *Instance Port*: 8084 + +.. Click *Next: Assign Security Groups*. ++ +* Select the *pc-security-group* + +.. Click *Next Configure Security Settings*. ++ +* Ignore the warning and click *Next: Configure Health Check* + +.. Use the following health check configuration: ++ +* *Ping Protocol*: HTTPS +* *Ping Port*: 8083 +* *Ping Path*: /api/v1/_ping +* For *Advanced Details*, accept the default settings. + +.. Click *Next: Add EC2 Instances* ++ +* Do not select any instances. + +.. Click *Next: Add Tags*. ++ +* Under *Key*, enter *Name*. +* Under *Value*, enter *pc-ecs-lb*. + +.. Click *Review and Create*. + +.. Review your settings and select *Create*. + +.. Review the load balancer that was created and record its *DNS Name*. diff --git a/docs/en/compute-edition/32/admin-guide/howto/configure-istio-ingress.adoc b/docs/en/compute-edition/32/admin-guide/howto/configure-istio-ingress.adoc new file mode 100644 index 0000000000..77adbc5e1b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/configure-istio-ingress.adoc @@ -0,0 +1,405 @@ +== Configure Prisma Cloud to use Istio Ingress Gateway +// Not included in the book as of Nov 9,2021 + +Ingress is a Kubernetes capability that lets you expose your services to HTTP, HTTPS, and other types of traffic outside the cluster. +When configured correctly, the Ingress endpoint handles all routing from external clients to your Kubernetes services. +In the setup described here, the Istio Ingress controller forwards external traffic to the Prisma Cloud Console, for both HTTPS connections and Defender traffic. + + +[.section] +=== Ingress versus LoadBalancers + +An Ingress offers more options than LoadBalancers. +Extended capabilities for SSL, authentication, and routing are available with Ingress resources, but not LoadBalancers. +Ingress can help with cost management in cloud environments. +A single Ingress Controller can reduce the number of LoadBalancers you need to provision and can instead share one Ingress endpoint. +Additionally, there are lots of integrations with automated certificate management tools that can help you manage certificates for your services. + + +[.section] +=== Istio versus other Ingress Controllers + +Istio provides lots of flexibility around how your deployed services communicate. +Using sidecars to create a service mesh enables capabilities at the network layer that can be useful for advanced routing. +This can be especially true if you want to deploy services across multiple clusters, or increase security between services with mutual TLS. +Istio's traffic management features lets you set up circuit breakers and A/B or canary testing workflows, that dynamically route traffic between various deployed versions of your software. + +If you have started adopting Istio, and wish to use it as the main Ingress point for your services, this guide helps you expose your Prisma Cloud installation using Istio. + + +=== Setting up Istio + +This example is built on a self-managed Kubernetes cluster running on Google Cloud Platform using Istio v1.1. +This should work on any Istio environment, as long as ports are properly configured in the istio-ingressgateway. + +NOTE: MARCH 6, 2019 - GKE uses Istio v1.03, and there may be a potential issue with TCP routing. +For more information, see https://github.com/istio/istio/issues/6574. + +The following diagram shows the components in the solution: + +// Edit this diagram with http://asciiflow.com. + +---- + +---------------------------+ +-----------------------------+ + | End User | | | + | | | | + +-------------+-------------+ | Defenders outside | + | | of cluster | + + | | + Port 443 Port 8084 | | + + +--------------+-----------------------------+ + | | + | | + | | + | | ++-------------------------------------------------------------------------------------+ +| | | | +| | | | +| v v | +| | +| +--------------------------+ | +| | | | +| | Istio Ingress Controller | | +| | | | +| +------------+-------+-----+ | +| | ^ | +| | | +------------------------+ | +| +------------------------+ | | | | | +| | | | | | | | +| | +-------------------+ | + | Port 8084 | | | +| | | | | Ports +------------+ Prisma Cloud Defender Pod | | +| | | twistlock-console | | 8081 | | | | +| | | | | 8083 | | | | +| | | | | 8084 | | | | +| | +--------+----------+ | + | | | | +| | | | | | +------------------------+ | +| | | | <------+ | | +| | +--------v----------+ | | +------------------------+ | +| | | | | | | | | +| | | Istio Sidecar | | | | | | +| | | | | | | | | +| | +-------------------+ | | | Prisma Cloud Defender Pod | | +| | | +------------+ | | +| | Prisma Cloud Console Pod | | | | +| | | | | | +| +------------------------+ +------------------------+ | +| | +| | +| Kubernetes Cluster | +| | ++-------------------------------------------------------------------------------------+ + +---- + + +[.task] +=== Setting up sidecar injection + +Set up Istio sidecar injection for the `twistlock` namespace before deploying Prisma Cloud Console. + +[.procedure] +. Create the twistlock namespace. + + $ kubectl create namespace twistlock + +. Enable sidecar injection for the `twistlock` namespace. + + $ kubectl label namespace twistlock istio-injection=enabled + +. Validate the setup. + + $ kubectl get namespace -L istio-injection + NAME STATUS AGE ISTIO-INJECTION + default Active 13m + istio-system Active 13m disabled + kube-public Active 13m + kube-system Active 13m + twistlock Active 26s enabled + + +[.task] +=== Installing Prisma Cloud Console + +Generate the YAML configuration file for Console, then deploy it. + +[.procedure] +. Generate the Prisma Cloud Console YAML. +You will see an error that says the namespace already exists, but you can safely ignore it. ++ + $ /twistcli console export kubernetes + +. Deploy Console. + + $ kubectl create -f twistlock_console.yaml -n twistlock + configmap/twistlock-console created + service/twistlock-console created + persistentvolumeclaim/twistlock-console created + serviceaccount/twistlock-console created + replicationcontroller/twistlock-console created + Error from server (AlreadyExists): error when creating "twistlock_console.yaml": namespaces "twistlock" already exists + +. Validate your setup. ++ +You should see two containers in the Prisma Cloud Console pod. +This indicates that you have successfully deployed both the Prisma Cloud Console and the Istio sidecar. ++ + $ kubectl get pods -n twistlock + NAME READY STATUS RESTARTS AGE + twistlock-console-6fdsx 2/2 Running 0 5m + + +=== Egress Controller for Prisma Cloud Intelligence Stream + +Prisma Cloud Console connects to https://intelligence.twistlock.com (35.238.214.241) with a secure web socket to download updated threat data. +In the YAML for the Prisma Cloud-Console replicationController, add the following Istio egress annotation. + +.twistlock-console.yaml +[source,yml] +---- +spec: + replicas: 1 + selector: + name: twistlock-console + template: + metadata: + annotations: + traffic.sidecar.istio.io/excludeOutboundIPRanges: 35.238.214.241/32 +---- + + +[.task] +=== Creating Istio Ingress and VirtualService resources for Console and Defender traffic + +Set up two ingress points: one for Console's HTTPS web and API interface, and one for the WebSocket channel between Console and Defender. + +Set up the certificates following the steps in Istio's https://istio.io/docs/tasks/traffic-management/secure-ingress/[documentation]. + +[.procedure] +. Set up your certificate. ++ +The high level commands are shown here. +Full details can be found in Istio's https://istio.io/docs/tasks/traffic-management/secure-ingress/[documentation]. +These steps assume that your Console lives at https://twistlock.example.com. +If you have your own certs, you will want to replace the certificates in the steps below with your own. +For a quick test setup however, the following procedure will work. + + $ git clone https://github.com/nicholasjackson/mtls-go-example + $ pushd mtls-go-example + $ ./generate.sh twistlock.example.com secretpassword + $ mkdir ~+1/twistlock.example.com && mv 1_root/ 2_intermediate/ 3_application/ 4_client/ ~+1/twistlock.example.com + $ popd + +. Create a secret for your certificate. + + $ kubectl create -n istio-system secret tls istio-ingressgateway-certs \ + --key twistlock.example.com/3_application/private/twistlock.example.com.key.pem \ + --cert twistlock.example.com/3_application/certs/twistlock.example.com.cert.pem + +. Set up an ingress point that forwards HTTPS traffic to Console. + +.. Define a Gateway to expose port 443 at the edge of the mesh network to receive incoming HTTPS traffic. ++ +.console-ingress.yaml +[source,yml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: twistlock-console-gateway +spec: + selector: + istio: ingressgateway # use Istio default gateway implementation + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + serverCertificate: /etc/istio/ingressgateway-certs/tls.crt + privateKey: /etc/istio/ingressgateway-certs/tls.key + hosts: + - "twistlock.example.com" +---- + +.. Define a VirtualService route incoming HTTPS traffic on port 443 to Prisma Cloud Console. ++ +.console-virtualservice.yaml +[source,yml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: twistlock-console +spec: + gateways: + - twistlock-console-gateway + hosts: + - "twistlock.example.com" + tcp: + - match: + route: + - destination: + port: + number: 8083 + host: twistlock-console +---- + +.. Deploy the HTTPS Gateway and VirtualService. + + $ kubectl create -f console-ingress.yaml -n twistlock + $ kubectl create -f console-virtualservice.yaml -n twistlock ++ +You should now be able to access Prisma Cloud Console at https://twistlock.example.com as long as its DNS resolves to the same IP as you have specified by the external IP in `kubectl get svc istio-ingressgateway -n istio-system`. + +. Set up an ingress point that will forward 8084 WebSocket traffic to the Console. ++ +You can use an alternative port if that is what you have opened in your Istio ingress gateway, but you will then need to make sure that your Defender DaemonSet reflects the updated port. +The only port that must remain 8084 will be the `spec.tcp.route.destination.port.number` setting that routes to the actual `twistlock-console` Kubernetes service. +In the example below, you can set it up with the following ingress gateway and virtual service using the default 8084 port for your backend service. +If you are using a specific SAN in the Prisma Cloud Console for Defender traffic, the wildcard can be replaced with an appropriate DNS hostname or IP address. + +.. Define a Gateway to expose port 8084 at the edge of the mesh network for WebSocket traffic. ++ +.defender-ingress.yaml +[source,yml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: twistlock-defender-gateway +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: communication-port + number: 8084 + protocol: TCP +---- + +.. Define a VirtualService route WebSocket traffic from port 8084 to Prisma Cloud Console. ++ +.defender-virtualservice.yaml +[source,yml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: twistlock-defender +spec: + gateways: + - twistlock-defender-gateway + hosts: + - '*' + tcp: + - match: + - port: 8084 + route: + - destination: + host: twistlock-console.twistlock.svc.cluster.local + port: + number: 8084 + weight: 100 +---- + +.. Deploy the WebSocket Gateway and VirtualService. + + $ kubectl create -f defender-ingress.yaml -n twistlock + $ kubectl create -f defender-virtualservice.yaml -n twistlock + + +[.task] +=== Installing the Defender DaemonSet + +Install Defender as a DaemonSet. + +[.procedure] +. Generate the YAML for the Defender DaemonSet. + + $ /twistcli defender export kubernetes \ + --address=https://twistlock.example.com \ + --cluster-address= + +. Apply the new configuration. + + $ kubectl create -f defender.yaml -n twistlock ++ +You should now see your Defenders connect in Prisma Cloud Console. + + +[.task] +=== Configuring Prisma Cloud Projects through Istio Ingress Controllers + +The Prisma Cloud xref:../deployment_patterns/projects.adoc#[Projects] feature can be implemented when the _Supervisor_ Prisma Cloud Console is accessed through an Istio Ingress Controller. +This is very similar to xref:openshift_provision_tenant_projects.adoc[implementing Projects in OpenShift clusters]. +The Prisma Cloud _Central Console_ must validate the _Supervisor_ Prisma Cloud Console's TLS certificate. +That certificate must be issued by Prisma Cloud. +Therefore Istio is configured to allow TCP passthrough for the _Supervisor_ Prisma Cloud Console's API endpoint. +The _Central Console's_ ingress configuration can still use the Istio certificates and HTTPS protocol as described above. + +[.procedure] +. _Supervisor_ Console's ingress controller Gateway. ++ +.console-ingress.yaml +[source,yml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: twistlock-console-gateway +spec: + selector: + istio: ingressgateway # use Istio default gateway implementation + servers: + - port: + number: 443 + name: https + protocol: TCP + hosts: + - "twistlock.example.com" +---- + +. _Supervisor_ Console's ingress controller VirtualService. ++ +.console-virtualservice.yaml +[source,yml] +---- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: twistlock-console +spec: + gateways: + - twistlock-console-gateway + hosts: + - "twistlock.example.com" + tcp: + - match: + - port: 443 + route: + - destination: + port: + number: 8083 + host: twistlock-console +---- + + +[.task] +=== Implementing SAML federation with a Prisma Cloud Console through Istio Ingress Controllers + +When federating the Prisma Cloud Console that is accessed through an Istio Ingress Controller with a SAML v2.0 Identity Provider (IdP), the SAML authentication request's _AssertionConsumerServiceURL_ value must be modified. +Prisma Cloud automatically generates the _AssertionConsumerServiceURL_ value sent in a SAML authentication request based on Console's configuration. +When the Console is accessed through an Istio Ingress Controller, the URL for Console's API endpoint is most likely not the same as the automatically generated _AssertionConsumerServiceURL._ +Therefore, you must configure the _AssertionConsumerServiceURL_ value that Prisma Cloud sends in the SAML authentication request. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Authentication > SAML*. + +. In *Console URL*, define the _AssertionConsumerServiceURL_. ++ +In this example, enter _twistlock.example.com/api/v1/authenticate_. diff --git a/docs/en/compute-edition/32/admin-guide/howto/configure-listening-ports.adoc b/docs/en/compute-edition/32/admin-guide/howto/configure-listening-ports.adoc new file mode 100644 index 0000000000..6fa0ef6e9a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/configure-listening-ports.adoc @@ -0,0 +1,41 @@ +:topic_type: task + +[.task] +== Configure Prisma Cloud Console's listening ports + +This guide shows you how to configure Prisma Cloud to listen on different ports. +Typically this type of configuration is made at the load balancer layer, but it can be done directly with Prisma Cloud. + +By default Prisma Cloud listens on: + +* `8083` HTTPS management port for access to Console. +* `8084` WSS port for Defender *to* Console communication. + +*If you are setting the port _below_ `1024` then Prisma Cloud needs permission to access this privileged port. +You must also set `RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-false}` to true.* + + + +[.procedure] +. Download and unpack the Prisma Cloud software. + +. Go to the directory where you unpacked the bits. + +. Open _twistlock.cfg_ for editing. ++ +* `MANAGEMENT_PORT_HTTP` sets the HTTP access port, leaving this blank disables HTTP access. ++ +Example: `MANAGEMENT_PORT_HTTP=${MANAGEMENT_PORT_HTTP-80}` configures Console to listen on port `80`. + +* `MANAGEMENT_PORT_HTTPS` sets the HTTPS access port. ++ +Example: `MANAGEMENT_PORT_HTTPS=443` configures Console to to listen on port `443`. + +* `COMMUNICATION_PORT` sets the WSS port used for Defender to Console communication. ++ +Example: `COMMUNICATION_PORT=9090` configures Console to listen on port `9090`. + +. Run `twistlock.sh` to install Prisma Cloud Console with your settings. ++ +*If you are setting the port _below_ `1024` then Prisma Cloud needs permission to access this privileged port. +You must also set `RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-false}` to true.* diff --git a/docs/en/compute-edition/32/admin-guide/howto/deploy-in-fips-mode.adoc b/docs/en/compute-edition/32/admin-guide/howto/deploy-in-fips-mode.adoc new file mode 100644 index 0000000000..28f578fc90 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/deploy-in-fips-mode.adoc @@ -0,0 +1,53 @@ +:topic_type: task + +[.task] +== Deploy Console and Defenders in FIPS140-2 Level 1 mode + +The Console, Defender and twistcli Compute components can run using FIPS140-2 Level 1 validated cryptographic modules. +The Compute GoLang components are statically compiled with the https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md[BoringCrypto module], using the built-in mechanism introduced in Go1.19 https://pkg.go.dev/internal/goexperiment[GOEXPERIMENT]. + +The cipher suites used are: + +* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + +The following procedures are for xref:../welcome/pcee-vs-pcce.adoc[self-hosted] deployments only. + +[.procedure] +. Download the latest release tar bundle from the Palo Alto Networks https://support.paloaltonetworks.com/[Customer Support Portal]. ++ +Note that v22.12 or later is certified for FIPS. + +. Untar the release + + $ tar -xzf prisma_cloud_compute_.tar.gz + +. Set the FIPS mode for deployment. ++ +* For Onebox deployments, modify twistlock.cfg and set the FIPS_ENABLED flag to "true." ++ + ##### FIPS configuration ##### + # Forces Console and Defender to use FIPS-compliant cryptography, https://csrc.nist.gov/projects/cryptographic-module-validation-program + FIPS_ENABLED=true + +* For Kubernetes deployments, download the Defender YAML file from Console and and set the FIPS_ENABLED flag to "true." + + . Deploy the Console either via the xref:../install/deploy-console/console-on-onebox.adoc[Onebox] or xref:../install/deploy-console/console-on-kubernetes.adoc[Kubernetes] deployment methods. +. To confirm the Console is running in FIPS mode, login to the Console and go to Manage > Logs > Console and search for "FIPS." +_FIPSEnabled: true_ is confirmation that the Console has started in FIPS mode. + + manager.go:73 Starting Console manager: ConsoleCN: STIG.lomsgaupfzzurnlkzzmxivmymh.cx.internal.cloudapp.net, ConsoleSAN: [IP:127.0.0.1 IP:10.0.1.4 IP:172.17.0.1], IsProd: true, DataRecoveryEnabled: true, DefenderPort: 8084, MgmtPortHTTPS: 8083, Version: 22.12.415, FIPSEnabled: true + +. To confirm that the Defender is running in FIPS mode, login to the Console and go to Manage > Defenders > Defenders: Deployed in the Actions column of the Defender(s) click Logs and search for "FIPS." + + defender.go:778 FIPS mode enabled true + +. When using the _twistcli_ command line tool use the *FIPS_ENABLED=true* variable to enforce FIPS validated TLS communication to the Console, for example: + + $ FIPS_ENABLED=true ./twistcli images scan --address https://127.0.0.1:8083 0c413668ee0d + +. The Jenkins plug-in communication to the Console can enforce FIPS compliant TLS traffic, enable *FIPS mode* in the Prisma Cloud Jenkins plug-in's configuration. ++ +image::jenkins_plug_in_fips.png[width=400] diff --git a/docs/en/compute-edition/32/admin-guide/howto/disable-automatic-learning.adoc b/docs/en/compute-edition/32/admin-guide/howto/disable-automatic-learning.adoc new file mode 100644 index 0000000000..71805c2d53 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/disable-automatic-learning.adoc @@ -0,0 +1,108 @@ +== Disable automatic learning + +Prisma Cloud lets you disable automatic learning to give you full control over creating, managing, and maintaining runtime rules for your apps. + +IMPORTANT: Disabling automatic runtime learning is strongly discouraged. +Prisma Cloud has been architected and optimized to automatically learn known good runtime behaviors, then create models that explicitly allow those behaviors. +Disabling learning requires creating manual rules for all of these behaviors and greatly increases the likelihood of encountering false positive events. + +If you have a regimented deployment process that must guarantee consistency between your test environment and your production environment, then you might want to disable automatic runtime learning, and manually create runtime rules instead. +With this approach, the full range of runtime behaviors is locked down in production, and cannot be extended without manually adding new rules. + + +=== Models and learning + +When a model is created for an entity, it's initially empty. +Empty models don't allow any runtime behaviors. +In a default installation, Prisma Cloud uses machine learning to compose models that encapsulate all known good behaviors. +Models are sets of rules that allow process, network, and file system activity. + +When learning is disabled, newly created models are empty. +Since empty models don't allow any behaviors, you must manually create rules that explicitly allow process, network, and file system activity. +Remember that rules come from two places: models (automatically created) and runtime rules (manually created). +Manually created rules are designed to augment models when learning does not capture the full range of known good behaviors. +When automatic learning is disabled, they must fully specify the full range of known good behaviors. + + +[.section] +==== Deploying Prisma Cloud + +// https://github.com/twistlock/twistlock/issues/13058 + +Models created before automatic learning is disabled might still contain learned content. +To guarantee all models are empty, disable automatic learning before deploying Defenders to your environment. + +. Disable automatic learning. +.. On the Prisma Cloud Console, select *Defend > Runtime > Containers*. +.. Set the toggle off for *Enable automatic runtime learning*. +. Deploy Defenders. + + +=== Workflow + +You should have two environments: test and production. +Deploy Prisma Cloud Console to each environment. +In the test environment, enable automatic learning. +You'll use automatic learning to assist with the creation of rules. +In the production environment, disable automatic learning. +You'll port the rules from the test environment to the production environment. + +The recommended workflow is: + +. Deploy your app to the test environment, and fully exercise it. + +. Validate models that were automatically created. + +. Export models from the test environment as rules. + +. Optionally store the rules in a source control system. + +. Import the rules into your production environment, where automatic learning is disabled. + + +=== Exporting and importing rules from the Console UI + +After your app has been fully exercised in the test environment, create a rule from the runtime model. +In *Monitor > Runtime > Container Models*, find your model, click *Actions*, then click *Copy Into Rule*. + +image::disable_automatic_learning_copy_into_rule.png[width=800] + +Next, download the rule in JSON format. +Go to *Defend > Runtime > Container Policy*, find your rule, and in the *Actions* menu, click *Export*. + +image::disable_automatic_learning_export.png[width=800] + +Finally, import your rule into Console in your production environment. +Go to *Defend > Runtime > Container Policy*, and click *Import rule*. + + +=== Exporting and importing rules programmatically + +After your app has been fully exercised in the test environment, retrieve the model as a runtime rule. +Use the _GET /profiles/container/{id}/rule_ endpoint, where _{id}_ is the profile ID. + +NOTE: A list of profiles (models) can be retrieved from _GET /api/v1/profiles/container_. +Profile IDs can be found in the _id field. +Profile ID is simply the concatenation of the image ID and an underscore. + + $ curl -k \ + -u ian \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/container/{id}/rule \ + | jq '.' > model_rules.json + +Then push the rule to Console in your production environment. +When a rule is pushed with this endpoint, it is ordered first in the policy. +Rule order is important, so be sure you're pushing rules in the right order. +The version of Console where the rule was exported must match the version of Console where it's imported. + + $ curl -k \ + -u \ + -X POST \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/runtime/container \ + --data-binary "@model_rules.json" + +NOTE: The _POST /api/v1/policies/runtime/container_ endpoint pushes one rule at a time. +The _PUT /api/v1/policies/runtime/container_ endpoint pushes the entire policy (i.e. all rules) in a single shot. diff --git a/docs/en/compute-edition/32/admin-guide/howto/howto.adoc b/docs/en/compute-edition/32/admin-guide/howto/howto.adoc new file mode 100644 index 0000000000..01416d608e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/howto.adoc @@ -0,0 +1,3 @@ +== Howto + +This section contains guides for deploying various advanced setups. diff --git a/docs/en/compute-edition/32/admin-guide/howto/openshift-build-twistcli-scanning.adoc b/docs/en/compute-edition/32/admin-guide/howto/openshift-build-twistcli-scanning.adoc new file mode 100644 index 0000000000..0fd3a37137 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/openshift-build-twistcli-scanning.adoc @@ -0,0 +1,300 @@ +== Integrate Prisma Cloud scanning into the OpenShift build process + +This guide demonstrates how to scan images emitted from the OpenShift (OSE) build process. +You can pass or fail the build process based on the severity of the vulnerability and compliance issues uncovered by the Prisma Cloud scanner called xref:../tools/twistcli.adoc#[twistcli]. +The scanner produces actionable data that application developers can use to resolve issues. +This setup leverages the *postCommit* https://docs.openshift.com/container-platform/3.10/dev_guide/builds/build_hooks.html[build hook] to scan images before they're pushed to the registry. + +You can also use postCommit hooks with https://docs.openshift.com/container-platform/3.10/using_images/other_images/jenkins.html[OpenShift Jenkins] pipeline builds because pipeline builds integrate with the OpenShift https://docs.openshift.com/container-platform/3.10/dev_guide/dev_tutorials/openshift_pipeline.html#overview[BuildConfig] process. +Examples of OpenShift Jenkins Pipeline builds can be found https://github.com/openshift/origin/tree/master/examples/jenkins/pipeline[here]. + +[.section] +=== Background + +Every release of Prisma Cloud ships with a Prisma Cloud Jenkins plugin called _prisma-cloud-jenkins-plugin.hpi_. +The Prisma Cloud Jenkins plugin works with containerized local on-premises Jenkins and Cloudbees Jenkins. +This plugin is designed to be integrated into Jenkins Pipeline, Freestyle and Maven build workflows. +The Prisma Cloud Jenkins plugin requires that the docker socket be mounted in the Jenkins container. +The docker socket is used when scanning an image that is being built by the Jenkins workflow. + +The version of Jenkins included with OpenShift is specially modified for the OpenShift Container Platform. +From the https://docs.openshift.com/container-platform/3.10/dev_guide/dev_tutorials/openshift_pipeline.html[OpenShift docs]: + +"In addition to standard Jenkins Pipeline Syntax, the OpenShift Jenkins image provides the OpenShift Domain Specific Language (DSL) (through the OpenShift Jenkins Client Plug-in), which aims to provide a readable, concise, comprehensive, and fluent syntax for rich interactions with an OpenShift API server, allowing for even more control over the build, deployment, and promotion of applications on your OpenShift cluster." + +The Prisma Cloud Jenkins plugin does not understand the OpenShift Domain Specific Language nor does the OpenShift Jenkins Master and Slave containers mount the docker socket. +Therefore, the standard configuration of the Prisma Cloud Jenkins plugin is not applicable to the OpenShift Jenkins. +But the OpenShift Jenkins leverages the OpenShift BuildConfig process as part of the Jenkins build process. +Prisma Cloud can scan images built via the OpenShift BuildConfig process via the postCommit build hook using the _twistcli_ utility. + +Also from the OpenShift docs: + +"The *postCommit* field of a *BuildConfig* object executes commands inside a temporary container that is running the build output image. +The hook is executed immediately after the last layer of the image has been committed and before the image is pushed to a registry. + +… + +The hook fails if the script or command returns a non-zero exit code or if starting the temporary container fails. +When the hook fails it marks the build as failed and the image is not pushed to a registry. +The reason for failing can be inspected by looking at the build logs." + +The twistcli scan of the image during the postCommit phase returns either success (exit 0) or error (exit 1) upon exit. +The OpenShift build process will either continue or stop based upon these exit codes. +You can configure the twistcli scan to pass/fail builds passed upon the vulnerabilities discovered in the image and configuration compliance. + + +[.task] +=== Prisma Cloud Console configuration + +The Prisma Cloud scanning application is called xref:../tools/twistcli.adoc#[twistcli]. +The twistcli scanner must authenticate to the Prisma Cloud Console's API to assess vulnerability and compliance data. +Since the CI User account is the least privileged account we will pass the credentials as part of the script in this example. +The CI User account does not have the rights to authenticate to the Prisma Cloud Console's user interface. +The scanner itself accesses Console's API via the *twistlock-console.twislock.svc* OSE internal DNS FQDN. +You can use OpenShift secrets to protect the username/password of the CI User account. +See <>. + +*Prerequisites:* +Prisma Cloud Console is fully operational. +See the Prisma Cloud xref:../install/deploy-console/console-on-openshift.adoc[OpenShift 4] deployment guide. + +Create a least privileged xref:../authentication/user_roles.adoc[CI User] account. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Authentication > Users*. + +. Click *Add user*. + +.. Username: *bob_the_builder* + +.. Password: *twistlock2019* + +.. Role: *CI User* ++ +NOTE: If using SAML or Active Directory/OpenLDAP integration this account must be of type *Basic* + + +[.task] +=== Create and configure an OpenShift build + +Modify the BuildConfig to scan an image, then build an image and review the results. + +[.procedure] +. Log into OpenShift using *oc*. + +. Create a new build. +This example build creates an image named _pfox-ose-build-scan-demo_ from the _registry.access.redhat.com/rhel7_ base image. + + $ oc new-build \ + -D $'FROM registry.access.redhat.com/rhel7' \ + --to=pfox-ose-build-scan-demo + +. In the OpenShift Console, go to *Project > Builds > Builds*. +If you are using a Jenkins Pipeline, go to *Project > Builds > Pipelines*. + +. Click on the *pfox-ose-build-scan-demo* build. + +. In the *Actions* drop-down list, select *Edit YAML*. + +. In the *spec: postCommit* node, add the following *script*, modifying it as necessary for your environment. +The `>-` characters are a block chomping indicator that strips the line feeds from the multi-line script string. +It's one of the ways to write multi-line strings in YAML files. +For a line-by-line breakdown of how the script works, see <<_postcommit_script,Post commit hook script>>. ++ +// Breaking strings over multiple lines in YAML. +// https://stackoverflow.com/questions/3790454/in-yaml-how-do-i-break-a-string-over-multiple-lines ++ +[source,yaml] +---- +postCommit: + script: >- + curl -k -ssl -u "bob_the_builder:twistlock2019" + https://twistlock-console.twistlock.svc:8083/api/v1/util/twistcli -o twistcli && + chmod +x ./twistcli && + ./twistcli images scan + --containerized + --user bob_the_builder + --password twistlock2019 + --address https://twistlock-console.twistlock.svc:8083 + --vulnerability-threshold high + --details + $OPENSHIFT_BUILD_NAME +---- ++ +image::openshift_build_twistcli_postCommit.png[width=600] + +. Build a new image. + + $ oc start-build pfox-ose-build-scan-demo + +. Monitor the build logs. + + $ oc logs -f bc/pfox-ose-build-scan-demo + + +=== Looking at the results + +Since twistcli is configured with _--vulnerability-threshold high_ and _--details_, the output contains detailed information for vulnerabilities in the image. + +image::openshift_build_twistcli_scan1.png[width=800] + +The pass/fail status of the twistcli scan is printed at the end of the scan. + +image::openshift_build_twistcli_scan2.png[width=800] + +If you want less verbosity from the scanner, remove the _--details_ option from the postCommit script. +To push the image to registry regardless of the scanner's findings, don't set any thresholds by removing the _--vulnerability-threshold high_ option. + +[source,yaml] +---- +postCommit: + script: >- + curl -k -ssl -u "bob_the_builder:twistlock2019" + https://twistlock-console.twistlock.svc:8083/api/v1/util/twistcli -o twistcli && + chmod +x ./twistcli && + ./twistcli images scan + --containerized + --user bob_the_builder + --password twistlock2019 + --address https://twistlock-console.twistlock.svc:8083 + --details + $OPENSHIFT_BUILD_NAME +---- + +With the updated postCommit script, the scanner provides just a summary report: + +image::openshift_build_twistcli_scan3.png[width=800] + +In the OpenShift Console, the build information and twistcli scan output is displayed. + +image::openshift_build_twistcli_ose_build.png[width=800] + +The scan results can be reviewed in Prisma Cloud Console under *Monitor > Vulnerabilities > Twistcli Scans*. + +image::openshift_build_twistcli_ose_twistcli_scans.png[width=800] + +Click on the image to drill down into the detailsClick on the image to drill down into the details. + +image::openshift_build_twistcli_ose_twistcli_scans1.png[width=800] + + +[#_postcommit_script] +=== Post commit hook script + +The postCommit script runs the Prisma Cloud scanner on the image just built. +This section describes how the script works. + +[source,yaml] +---- +postCommit: + script: >- + curl -k -ssl -u "bob_the_builder:twistlock2019" // See 1 + https://twistlock-console.twistlock.svc:8083/api/v1/util/twistcli -o twistcli && + chmod +x ./twistcli && // See 2 + ./twistcli images scan // See 3 + --containerized + --user bob_the_builder + --password twistlock2019 + --address https://twistlock-console.twistlock.svc:8083 + --vulnerability-threshold high + --details + $OPENSHIFT_BUILD_NAME // See 4 +---- + +* *1* -- Pulls the twistcli binary from Prisma Cloud Console API. +This guarantees that the Prisma Cloud Console and twistcli versions are synchronized. +Note that if the image being built does not contain curl, then add the twistcli application to the image itself. + +* *2* -- Makes the twistcli binary executable. + +* *3* -- Scans the image within the running container. +The https://docs.openshift.com/container-platform/3.10/dev_guide/builds/build_hooks.html[postCommit field of a BuildConfig object] executes commands inside a temporary container that is running the build output image. + +* *4* -- Name of the image being scanned based upon the build's environment variable. + +The following options control how the scan runs: +See *twistcli images scan --help* for additional flags and details. + +* _--containerized_ -- Run the scan from within a container. +* _--vulnerability-threshold high_ -- Minimum vulnerability threshold for failing the build on vulnerability checks. +* _--details_ -- Show all vulnerability details. + +Twistcli returns an exit code of 1 if there are any xref:../vulnerability_management/cvss_scoring.adoc#[_high_] severity vulnerabilities in the image. +An exit code of 1 notifies the OSE start-build process that the postCommit task has failed and that the process should stop before the image is pushed to the registry. + + +[.task] +=== OpenShift secret for the Prisma Cloud credentials + +Create an OpenShift generic secret to protect your CI User credentials. +These credentials are presented as environment variables to the script run in the postCommit stage. +More information about providing credentials to a BuildConfig, see OpenShift's docs on https://docs.openshift.com/container-platform/3.10/dev_guide/builds/build_inputs.html#using-secrets-in-the-buildconfig[input secrets]. + +WARNING: The OpenShift build process will create environment variables containing the Prisma Cloud CI User account's username:password in the resulting image. + +[.procedure] +. Log into OpenShift using *oc*, and go to the project where you run builds. + +. Create files for the username and password. + + $ echo -n 'bob_the_builder' > ./username.txt + $ echo -n 'twistlock2019' > ./password.txt + +. Create an OpenShift generic secret with the username and password. + + $ oc create secret generic twistlock-scan \ + --from-file=username=./username.txt \ + --from-file=password=./password.txt + +. Grant the builder service account access to the secret. + + $ oc secrets link builder twistlock-scan + +. Create a new build. +This example build creates an image named _pfox-ose-build-scan-demo_ from the _registry.access.redhat.com/rhel7_ base image. +Associate the *twistlock-scan* secret with the build. + + $ oc new-build \ + -D $'FROM registry.access.redhat.com/rhel7' \ + --to=pfox-ose-build-scan-demo \ + --build-secret twistlock-scan + +. In the OpenShift Console, go to *Project > Builds > Builds*. +If you are using a Jenkins Pipeline, go to *Project > Builds > Pipelines*. + +. Click on the *pfox-ose-build-scan-demo* build. + +. In the *Actions* drop-down list, select *Edit YAML*. + +. Add in the *postCommit* script as instructed above. + +. Modify the *spec:source* and *spec:strategy* nodes accordingly. ++ +[source,yaml] +---- + source: + dockerfile: FROM registry.access.redhat.com/dotnet-beta/dotnet-20-rhel7 + secrets: + - secret: + name: twistlock-scan + sourceSecret: + name: twistlock-scan + type: Dockerfile + strategy: + dockerStrategy: + env: + - name: twistlock_scan_username + valueFrom: + secretKeyRef: + key: username + name: twistlock-scan + - name: twistlock_scan_password + valueFrom: + secretKeyRef: + key: password + name: twistlock-scan +---- ++ +image::openshift_build_twistcli_secrets.png[width=600] diff --git a/docs/en/compute-edition/32/admin-guide/howto/openshift-external-defenders.adoc b/docs/en/compute-edition/32/admin-guide/howto/openshift-external-defenders.adoc new file mode 100644 index 0000000000..3a1ab3ec05 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/openshift-external-defenders.adoc @@ -0,0 +1,130 @@ +== Deploy Defenders outside an OpenShift Cluster +// Not included in the book as of Nov 9,2021 + +This guide demonstrates how to deploy Prisma Cloud Defenders outside the OpenShift cluster where Prisma Cloud Console is running. +You need to expose the Prisma Cloud-Console service's TCP ports 8083 and 8084 as external OpenShift routes. +Each route will be an unique, fully qualified domain name. +In this example, you deploy Prisma Cloud Defenders as a DaemonSet in a second OpenShift cluster and to a Windows Server 2016 with Containers node. +Prisma Cloud API calls are made to the Prisma Cloud-Console external OSE router https://console1.apps.jonathan.lab.twistlock.com +The Prisma Cloud Defenders will communicate to the Console via wss://defenders.apps.jonathan.lab.twistlock.com:443 + +*Prerequisites:* + +* The Prisma Cloud Console is fully operational. +See the Prisma Cloud xref:../install/deploy-console/console-on-openshift.adoc[OpenShift 4] deployment guide. +* An existing OpenShift external route to the Prisma Cloud-Console's TCP port 8083 (Prisma Cloud UI and API) + + +[.task] +=== OpenShift and Prisma Cloud Console configuration + +All commands are run from a system that is external to the OpenShift Cluster using the *oc* and *twistcli* commands. + +[.procedure] +. Log into the OpenShift Cluster running the Prisma Cloud Console. + +. Go to *Prisma Cloud Project > Applications > Routes*. + +. Create New Route. + +.. Name: *twistlock-defender*. + +.. Hostname: *defenders.apps.jonathan.lab.twistlock.com*. + +.. Target Port: *8084 -> 8084*. + +.. Security: ++ +* TLS Termination: *Passthrough*. +* Insecure Traffic: *Redirect*. ++ +image::external_defender_openshift_router.png[width=600] ++ +. Add the new route to the Prisma Cloud Console's SubjectAlternativeName. + +.. In the Prisma Cloud Console go to *Manage > Defenders > Names*. + +.. Click *Add SAN*. + +.. Add the new route FQDN *defenders.apps.jonathan.lab.twistlock.com*. ++ +image::external_defender_openshift_san.png[width=600] + + +[.task] +=== Deploy Prisma Cloud Defender Daemonset in Second OpenShift Cluster + +Using the xref:../tools/twistcli.adoc#[twistcli] tool generate the Prisma Cloud Defender _defender.yaml_ file. + +[.procedure] +. Run the command: + + $ linux/twistcli defender export openshift \ + --address https://console1.apps.jonathan.lab.twistlock.com \ + --cluster-address defenders.apps.jonathan.lab.twistlock.com \ + --namespace twistlock \ + --selinux-enabled + +. Edit the resulting *defender.yaml* and change: ++ +``` + - name: WS_ADDRESS + value: wss://defenders.apps.jonathan.lab.twistlock.com:8084 +``` ++ +to: ++ +``` + - name: WS_ADDRESS + value: wss://defenders.apps.jonathan.lab.twistlock.com:443 +``` + +. *oc login* to the OpenShift Cluster you will be deploying the Prisma Cloud Defenders to. + +. Create the Prisma Cloud Project *oc new-project twistlock*. + +. Deploy the Twislock Defender daemonset *oc create -f ./defender.yaml*. + +. The Defenders in the second OpenShift Cluster will appear in the Prisma Cloud Console's *Manage > Defenders > Manage*. ++ +image::external_defender_openshift_ds.png[width=600] + + +[.task] +=== Deploy Prisma Cloud Defender on Windows Server 2016 w/ Containers Node + +Deploy Prisma Cloud Defender on a Windows Server 2016 node. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Defenders > Deploy*. + +.. 1.a = *console1.apps.jonathan.lab.twistlock.com*. + +.. 1.b = *Docker on Windows*. ++ +image::external_defender_openshift_windows.png[width=700] ++ + +. Copy the powershell script that is generated in 1.c. + +. Modify the following in the script: + +.. Remove “:8083” from the *-Uri*. + + -Uri "https://console1.apps.jonathan.lab.twistlock.com/api/v1/scripts/defender.ps1" + +.. Change the *-consoleCN* to the twistlock-defender FQDN and add the *-wsPort 443* variable. + + -consoleCN defenders.apps.jonathan.lab.twistlock.com -wsPort 443 + +. The resulting script looks similar to the following: + + add-type "using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; }}"; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy; Invoke-WebRequest -Uri "https://console1.apps.jonathan.lab.twistlock.com/api/v1/scripts/defender.ps1" -Headers @{"authorization" = "Bearer " } -OutFile defender.ps1; .\defender.ps1 -type dockerWindows -consoleCN defenders.apps.jonathan.lab.twistlock.com -wsPort 443 -install + +. On the Windows Server node, run the script in a Powershell x64 shell. + +. The Windows Prisma Cloud Defender will appear in *Manage > Defenders > Manage*. ++ +image::external_defender_openshift_windowsnode.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/howto/openshift-provision-tenant-projects.adoc b/docs/en/compute-edition/32/admin-guide/howto/openshift-provision-tenant-projects.adoc new file mode 100644 index 0000000000..0fb2f4a50c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/openshift-provision-tenant-projects.adoc @@ -0,0 +1,61 @@ +:topic_type: task + +[.task] +== Provision tenant projects in OpenShift + +This guide shows you how to set up tenant projects on Openshift clusters. +If you try to provision tenant projects using the xref:../deployment-patterns/projects.adoc#[normal provisioning flow], Central Console cannot reach the host where Supervisor Console runs. +Failing to follow these steps can lead an 'Internal Server Error', even when everything seems to be set up properly. + +image::openshift_provision_tenant_projects_error.png[width=600] + +In this example provisioning flow, the DNS names for Central Console and Supervisor Console are: + +* Central Console -- https://console.apps.jonathan.lab.twistlock.com +* Supervisor Console to be provisioned -- https://console.39apps.jonathan.lab.twistlock.com + +*Prerequisites:* + +* Two fully operational Prisma Cloud Consoles are already deployed. +For more information, see the xref:../install/deploy-console/console-on-openshift.adoc[OpenShift 4] deployment. +* OpenShift external routes to both Consoles' TCP port 8083 (Prisma Cloud UI and API), with the TLS termination type set to passthrough, already exist. +* The to-be Central and Supervisor Consoles are already licensed and you've created initial admin users. + +[.procedure] +. Designate one Console to be Supervisor and the other to be Central. + +. Log into the Supervisor Console with your admin user. + +. Add the FQDN of the Supervisor Console to the Subject Alternative Name field of the Supervisor Console's certificate. + +.. In the Supervisor Console, go to *Manage > Defenders > Names*. + +.. Click *Add SAN*. + +.. Add the Supervisor Console's FQDN. +In this example, it is *console.39apps.jonathan.lab.twistlock.com*. + +.. Click *Add*. ++ +image::openshift_provision_tenant_projects_san.png[width=600] + +. Log into the Central Console with your admin user. + +. Enable Projects by going to *Manage > Projects > Manage* and setting *Use Projects* to *On*. + +. Click the *Provision* tab and to provision a tenant Console. + +.. Under *Select Project type*, choose *Tenant*. + +.. In *Project name*, give your project a name. + +.. In *Supervisor address*, add the FQDN of the Supervisor. +In this example, it is https://console.39apps.jonathan.lab.twistlock.com. + +.. Add the *Admin credentials for Supervisor*. + +.. Click *Provision*. ++ +Your Supervisor Console should be successfully provisioned. ++ +image::openshift_provision_tenant_projects_provisioned.png[width=600] diff --git a/docs/en/compute-edition/32/admin-guide/howto/review-debug-logs.adoc b/docs/en/compute-edition/32/admin-guide/howto/review-debug-logs.adoc new file mode 100644 index 0000000000..c72283acd6 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/review-debug-logs.adoc @@ -0,0 +1,21 @@ +== Debug data + +Console and Defender generate logs as they run. +These logs, also known as debug data, are designed to help troubleshoot operational issues. +They're different from audits, which are designed to report significant security events. + +If you contact Prisma Cloud Support with an issue, you'll be asked to collect debug data from your setup and send it to us. +Debug data helps us find the root cause of problems, and provide timely resolutions. + + +=== Collect Console debug logs + +The simplest way to view Console's debug logs is from within the UI itself. +Go to *Manage > Logs > Console* and *Download Logs*. + + +=== Collect Defender debug logs + +To view Defender's debug logs, go to *Manage > Defenders > Defenders: Deployed*. +Select the Defender from the table and then click *Actions > Logs* and *Download Logs*. + diff --git a/docs/en/compute-edition/32/admin-guide/howto/rolling-upgrade.adoc b/docs/en/compute-edition/32/admin-guide/howto/rolling-upgrade.adoc new file mode 100644 index 0000000000..5b568acc83 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/rolling-upgrade.adoc @@ -0,0 +1,46 @@ +:topic_type: task +// Not included in the book as of Nov 9,2021 +[.task] +== Performing a rolling upgrade of Defenders + +Prisma Cloud requires a strict version matching of Console to Defender. After upgrading your Prisma Cloud Console, any Defenders which have not been upgraded to a matching version will be in a read-only state, and continue to enact the last policy prior to the Console upgrade. They will not send any information back to the Console until the Defender has been upgraded. While your Defenders will continue to protect your environment, they must be upgraded to become fully functional Defenders. + +For large deployments, you may want to schedule a "rolling" upgrade of your Defenders over a period of time. While this is not a common need, this may be required due to change control requirements in your organization or due to issues with coordinating the upgrade of many clusters which may be owned by different teams. + +The strategy described in this article details a plan to stand up a second Console during upgrade, replacing existing Defenders with upgraded Defenders pointed to the upgraded Console, and, eventually, retiring the initial Console. This will have all Defenders remain in an active state regardless of the time window of your upgrade. + +*Prerequisites:* + +* You have an existing Prisma Cloud Console at version _n-1_. +* You have xref:../welcome/releases.adoc[downloaded the release tarball] for target version _n-1_ and _n_. +* You have the ability to create DNS records. +* You can xref:../install/deploy-defender/defender_types.adoc[install Defenders on your nodes]. +* You have a second location where you can install a Prisma Cloud Console, which we will call the "upgrade host" (this second deployment could also be in a Kubernetes cluster). This upgrade host must meet the minimum system requirements for a Prisma Cloud Console. Typically, the upgrade host will match the setup of your existing Prisma Cloud Console. After this procedure, this will the new location for your Console. + +NOTE: If you are using xref:../configure/certificates.adoc[custom certificates for authorization] you may have additional steps to add your custom certs with the correct DNS addresses. This can be avoided by using a wildcard cert (e.g. *.company.com) so that individual certificates do not need to be changed for new DNS records on your domain. + +[.procedure] +. On the upgrade host, first xref:../install/getting_started.adoc[install a Prisma Cloud Console] at version _n-1_ (the same version that your current Console is running). + +. On the pre-upgrade Console host, xref:../configure/disaster_recovery.adoc[Create a manual backup] of your existing Prisma Cloud Console. + +. On your upgrade host, xref:../configure/disaster_recovery.adoc[restore the backup using twistcli] from the backup created in the previous step. + +. On your upgrade host, xref:../upgrade/upgrade.adoc[perform an upgrade to version _n_]. + +. You now have two Consoles: your pre-upgrade Console and your upgraded Console. Create a new DNS record to point to your upgraded Console. + +* For instance, if your pre-upgrade Console DNS was _twistlock-18-11-127.my.company.com_, your upgraded Console DNS may be _twistlock-19-03-307.my.company.com_. + +. In your upgraded console, xref:../configure/subject_alternative_names.adoc[add the new DNS record entry into the SAN list]. + +. For each environment running Defenders, redeploy the Defenders to connect to the new upgraded Console. Typically, you'd use the same method you used in the initial environment, such as a Daemon Set. + +* For each Defender, you must follow the instructions to xref:../install/deploy-defender/defender_types.adoc[install Defenders on your nodes]. +You should select the upgraded Console SAN as the name that clients and Defenders use to access this Console. + +* The individual upgrades may be timed according to your needs. Since all Defenders are communicating with a Console at the corresponding version, all Defenders are fully functional. + +. Eventually, all Defenders will be redeployed and no Defenders will be connecting into the pre-upgrade Console. At this point, the pre-upgrade Console can be decommissioned. ++ +NOTE: To maintain a single DNS record from which your users access the Console, consider using a CNAME record to point at the correct Console address at all times. For example, you may instruct your users to bookmark _twistlock.my.company.com_ which would be a CNAME record that could be re-pointed between different Console versions as you complete the upgrades. diff --git a/docs/en/compute-edition/32/admin-guide/howto/twistcli-sandbox-third-party-scan.adoc b/docs/en/compute-edition/32/admin-guide/howto/twistcli-sandbox-third-party-scan.adoc new file mode 100644 index 0000000000..d1eda1d4f0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/howto/twistcli-sandbox-third-party-scan.adoc @@ -0,0 +1,59 @@ +:topic_type: task + +[.task] +== Twistcli sandbox run third-party assessment tool. + +In the https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-release-notes/release-information[Lagrange release (v22.12+)] the xref:../runtime-defense/image-analysis-sandbox.adoc[twistcli image analysis sandbox] capability allows for the execution of third-party assessment tools. +You can supply a third-party binary/script that is executed after the twistcli sandbox image analysis is completed. +The output of the third-party tool can be captured within a volume mount for further analysis. +Twistcli sandbox analysis occurs within a temporary container of the image under examination. +No modifications are made to the image under analysis. + +In this example we will use the https://www.open-scap.org/[OpenSCAP] utility to perform a https://github.com/ComplianceAsCode/content/blob/master/products/rhel8/profiles/stig.profile[Compliance as Code's v0.1.65 RHEL-8 STIG profile] scan of a https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e[RedHat Universal Base Image 8]. + + +[.procedure] + +. On the host on which the twistcli sandbox analysis will occur create a directory `/opt/sandbox`. + +. Download the https://github.com/ComplianceAsCode/content/releases[latest ComplianceAsCode release], extract `ssg-rhel8-ds.xml` and copy to the `/opt/sandbox` directory. + +. Copy the following bash script to `/opt/sandbox/openscap_analysis.sh`. ++ +---- +#!/bin/bash +# Install tools and OpenSCAP +yum update -y -q +yum install -y -q openscap-scanner + +# Run OpenSCAP scan +# Note: HTML and XML OSCAP output files are written to the host mounted directory +oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --report /opt/sandbox/openscap_sandbox_stig.html --results /opt/sandbox/openscap_sandbox_stig.xml /opt/sandbox/ssg-rhel8-ds.xml +---- + +. Set the executable flag on openscap_analysis.sh. + + $ chmod +x openscap_analysist.sh + +. Execute twistcli sandbox analysis of the ubi:8.7-1037 image with the following command: + + linux/twistcli sandbox \ + --address https://127.0.0.1:8083 \ + --volume /opt/sandbox:/opt/sandbox \ + --third-party-delay 5s \ + --third-party-cmd /opt/sandbox/openscap_analysis.sh \ + --third-party-output /opt/sandbox/oscap-results.txt \ + registry.access.redhat.com/ubi8/ubi:8.7-1037 ++ +Where: ++ +* `--volume /opt/sandbox:/opt/sandbox` - mounts the host's /opt/sandbox directory into the running container's /opt/sandbox. +The files necessary to execute the OpenSCAP scan are read from this directory and the output of the script is written to this directory. +* `--third-party-delay 5s` - time delay after the sandbox analysis completes and the third party script is executed. +* `--third-party-output /opt/sandbox/oscap-results.txt` - path to output results. + +. The following output files are written to the host's /opt/sandbox directory: ++ +* openscap_sandbox_stig.html - OSCAP report output. +* openscap_sandbox_stig.xml - OSCAP results output. +* oscap-results.txt - stdout captured during the execution of openscap_analysis.sh. diff --git a/docs/en/compute-edition/32/admin-guide/install/attachments/amazon-ecs-compute-defender.json b/docs/en/compute-edition/32/admin-guide/install/attachments/amazon-ecs-compute-defender.json new file mode 100644 index 0000000000..22aa4c51e8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/attachments/amazon-ecs-compute-defender.json @@ -0,0 +1,144 @@ +{ + "containerDefinitions": [ + { + "cpu": 0, + "environment": [ + { + "name": "DEFENDER_LISTENER_TYPE", + "value": "none" + }, + { + "name": "DEFENDER_TYPE", + "value": "daemonset" + }, + { + "name": "DOCKER_CLIENT_ADDRESS", + "value": "/var/run/docker.sock" + }, + { + "name": "HTTP_PROXY", + "value": "" + }, + { + "name": "LOCAL_DOCKER_AUDIT_ENABLED", + "value": "true" + }, + { + "name": "LOG_PROD", + "value": "true" + }, + { + "name": "NO_PROXY", + "value": "" + }, + { + "name": "SYTEMD_ENABLED", + "value": "false" + }, + { + "name": "WS_ADDRESS", + "value": "wss://:" + }, + { + "name": "INSTALL_BUNDLE", + "value": "" + }, + { + "name": "SERVICE_PARAMETER", + "value": "" + } + ], + "mountPoints": [ + { + "containerPath": "/var/lib/twistlock", + "sourceVolume": "data-folder" + }, + { + "containerPath": "/var/run", + "sourceVolume": "docker-sock-folder" + }, + { + "readOnly": true, + "containerPath": "/var/run/docker/netns", + "sourceVolume": "docker-netns" + }, + { + "readOnly": true, + "containerPath": "/etc/passwd", + "sourceVolume": "passwd" + }, + { + "containerPath": "/dev/log", + "sourceVolume": "syslog-socket" + }, + { + "containerPath": "/var/log/audit", + "sourceVolume": "auditd-log" + }, + { + "containerPath": "/run", + "sourceVolume": "iptables-lock" + } + ], + "memory": 512, + "image": "registry-auth.twistlock.com/tw_/twistlock/defender:defender_", + "essential": true, + "readonlyRootFilesystem": true, + "privileged": true, + "name": "twistlock_defender" + } + ], + "placementConstraints": [], + "memory": "512", + "family": "pc-defender", + "requiresCompatibilities": [ + "EC2" + ], + "networkMode": "host", + "pidMode": "host", + "cpu": "256", + "volumes": [ + { + "name": "data-folder", + "host": { + "sourcePath": "/var/lib/twistlock" + } + }, + { + "name": "docker-sock-folder", + "host": { + "sourcePath": "/var/run" + } + }, + { + "name": "syslog-socket", + "host": { + "sourcePath": "/dev/log" + } + }, + { + "name": "docker-netns", + "host": { + "sourcePath": "/var/run/docker/netns" + } + }, + { + "name": "passwd", + "host": { + "sourcePath": "/etc/passwd" + } + }, + { + "name": "auditd-log", + "host": { + "sourcePath": "/var/log/audit" + } + }, + { + "name": "iptables-lock", + "host": { + "sourcePath": "/run" + } + } + ] +} diff --git a/docs/en/compute-edition/32/admin-guide/install/attachments/amazon-ecs-task-pc-console.json b/docs/en/compute-edition/32/admin-guide/install/attachments/amazon-ecs-task-pc-console.json new file mode 100644 index 0000000000..490af0ba40 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/attachments/amazon-ecs-task-pc-console.json @@ -0,0 +1,142 @@ +{ + "family": "pc-console", + "taskRoleArn": "", + "networkMode": "bridge", + "containerDefinitions": [{ + "name": "twistlock-console", + "image": "registry-auth.twistlock.com/tw_/twistlock/console:console_", + "memoryReservation": 3000, + "portMappings": [{ + "containerPort": 8083, + "hostPort": 8083, + "protocol": "tcp" + }, + { + "containerPort": 8084, + "hostPort": 8084, + "protocol": "tcp" + } + ], + "essential": true, + "entryPoint": [ + "" + ], + "command": [ + "/app/server" + ], + "environment": [{ + "name": "SERVICE", + "value": "twistlock" + }, + { + "name": "CONSOLE_CN", + "value": "" + }, + { + "name": "CONSOLE_SAN", + "value": "IP:" + }, + { + "name": "HIGH_AVAILABILITY_ENABLED", + "value": "false" + }, + { + "name": "KUBERNETES_ENABLED", + "value": "" + }, + { + "name": "KERBEROS_ENABLED", + "value": "false" + }, + { + "name": "CONFIG_PATH", + "value": "/twistlock_console/var/lib/twistlock-config" + }, + { + "name": "LOG_PROD", + "value": "true" + }, + { + "name": "DATA_RECOVERY_ENABLED", + "value": "true" + }, + { + "name": "COMMUNICATION_PORT", + "value": "8084" + }, + { + "name": "MANAGEMENT_PORT_HTTPS", + "value": "8083" + }, + { + "name": "MANAGEMENT_PORT_HTTP", + "value": "" + }, + { + "name": "FILESYSTEM_SCAN_ENABLED", + "value": "true" + }, + { + "name": "PROCESS_SCAN_ENABLED", + "value": "true" + }, + { + "name": "SCAP_ENABLED", + "value": "" + } + + ], + "mountPoints": [{ + "sourceVolume": "syslog-socket", + "containerPath": "/dev/log", + "readOnly": false + }, + { + "sourceVolume": "twistlock-console", + "containerPath": "/var/lib/twistlock/", + "readOnly": false + }, + { + "sourceVolume": "twistlock-config-volume", + "containerPath": "/var/lib/twistlock/scripts/", + "readOnly": false + }, + { + "sourceVolume": "twistlock-backup-volume", + "containerPath": "/var/lib/twistlock-backup", + "readOnly": false + } + ], + "privileged": false, + "readonlyRootFilesystem": true + }], + "volumes": [{ + "name": "syslog-socket", + "host": { + "sourcePath": "/dev/log" + } + }, + { + "name": "twistlock-console", + "host": { + "sourcePath": "/twistlock_console/var/lib/twistlock" + } + }, + { + "name": "twistlock-config-volume", + "host": { + "sourcePath": "/twistlock_console/var/lib/twistlock-config" + } + }, + { + "name": "twistlock-backup-volume", + "host": { + "sourcePath": "/twistlock_console/var/lib/twistlock-backup" + } + } + ], + "placementConstraints": [{ + "type": "memberOf", + "expression": "attribute:purpose == infra" + }] +} diff --git a/docs/en/compute-edition/32/admin-guide/install/cluster-context.adoc b/docs/en/compute-edition/32/admin-guide/install/cluster-context.adoc new file mode 100644 index 0000000000..e0bf7b62a7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/cluster-context.adoc @@ -0,0 +1,37 @@ +== Cluster Context + +Prisma Cloud can segment your environment by cluster. +For example, you might have three clusters: test, staging, and production. +The cluster pivot in Prisma Cloud lets you inspect resources and administer security policy on a per-cluster basis. + +image::radar_clusters_pivot.png[width=800] + +=== Cluster awareness across the product + +Radar lets you explore your environment cluster-by-cluster. Various scan reports and audits include the relevant cluster name to provide environment context. +You can also create stored filters (also known as xref:../configure/collections.adoc[collections]) based on cluster names. +Finally, you can scope policy by cluster. +Vulnerability and compliance rules for container images and hosts, runtime rules for container images, and trusted images rules can all be scoped by cluster name. + +=== Determine cluster name + +Defenders in each DaemonSet are responsible for reporting which resources belong to which cluster. +When deploying a Defender DaemonSet, Prisma Cloud tries to determine the cluster name through introspection. +First, it tries to retrieve the cluster name from the cloud provider. +As a fallback, it tries to retrieve the name from the kubeconfig file (the cluster name will be taked from the _server_ field). +Finally, you can override these mechanisms by manually specifying a cluster name when deploying your Defender DaemonSet. + +Both the Prisma Cloud UI and twistcli tool accept an option for manually specifying a cluster name. +Let Prisma Cloud automatically detect the name for provider-managed clusters. +Manually specify names for self-managed clusters, such as those built with kops. + +There are some things to consider when manually naming clusters: + +* If you specify the same name for two or more clusters, they're treated as a single cluster. +* For GCP, if you have clusters with the same name in different projects, they're treated as a single cluster. +Consider manually specifying a different name for each cluster. +* Manually specifying names isn't supported in *Manage > Defenders > Manage > DaemonSet*. +This page lets you deploy and manage DaemonSets directly from the Prisma Cloud UI. +For this deployment flow, cluster names are retrieved from the cloud provider or the supplied kubeconfig only. + +If you wish to change the cluster name determined by Prisma Cloud Compute, or the name you manually set for the cluster, you must redeploy the Defenders DaemonSet and specify the new name. Notice that after changing the name, historical records for audits and incidents, will keep the cluster name from their creation time. The new cluster name will only apply for future records. Also, if you already created collections using the old cluster name, these need to be manually updated with the new name. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-ack.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-ack.adoc new file mode 100644 index 0000000000..e6437c6d73 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-ack.adoc @@ -0,0 +1,77 @@ +:topic_type: task +[.task] +[#ack] +== Alibaba Cloud Container Service for Kubernetes (ACK) + +https://www.alibabacloud.com/product/kubernetes[Alibaba Cloud Container Service for Kubernetes (ACK)] is a managed Kubernetes service. +Use the standard Kubernetes install procedure to deploy Prisma Cloud to Alibaba ACK, but specify an Alibaba Cloud-specific StorageClass when configuring the deployment. + +This procedure shows you how to use Helm charts to install Prisma Cloud, but all other install methods are supported. + +*Prerequisites* + +* You have provisioned an ACK cluster. + +[.procedure] +ifdef::compute_edition[] +. xref:../../welcome/releases.adoc[Download] the latest recommended release. +endif::compute_edition[] +. Download the release tarball to the system where you administer your cluster (where you run your kubectl commands). ++ +[source,bash] +---- + $ wget +---- + +. Unpack the Prisma Cloud release tarball. ++ +[source,bash] +---- + $ mkdir twistlock + $ tar xvzf twistlock_.tar.gz -C prisma_cloud/ +---- + +. Create a Helm chart for Prisma Cloud Console. ++ +[source,yaml] +---- + $ /twistcli console export kubernetes \ + --storage-class alicloud-disk-available \ + --service-type LoadBalancer \ + --helm +---- + +. Install Console. ++ +[source,bash] +---- + $ helm install twistlock-console \ + --namespace twistlock \ + ./twistlock-console-helm.tar.gz +---- + +. Change the PersistentVolumeClaim's reclaimPolicy. ++ +[source,bash] +---- + $ kubectl get pv + $ kubectl patch pv -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' +---- + +. Get the public endpoint address for Console. +When the service is fully up, the LoadBalancer's IP address is shown. ++ +[source,bash] +---- + $ kubectl get service -w -n twistlock +---- + +. Open a browser window, and navigate to Console. +By default, Console is served on HTTPS on port 8083 of the `LoadBalancer`: ++ +[source,bash] +---- +https://:8083 +---- + +. Continue with the rest of the install <>. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-acs.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-acs.adoc new file mode 100644 index 0000000000..b98d0fa252 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-acs.adoc @@ -0,0 +1,115 @@ +:topic_type: task +[.task] +[#acs] +== Azure Container Service (ACS) with Kubernetes + +Use the following procedure to install Prisma Cloud in an ACS Kubernetes cluster. + +[NOTE] +==== +https://azure.microsoft.com/en-us/updates/azure-container-service-will-retire-on-january-31-2020/[Microsoft will retire ACS] as a standalone service on January 31, 2020. +==== + +*Prerequisites* + +* You have deployed an https://docs.microsoft.com/en-us/azure/container-service/kubernetes/[Azure Container Service with Kubernetes] cluster. + +* You have installed https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Azure CLI 2.0.22] or later on a Linux system. + +* You have <>. + + +[.procedure] +. Create a persistent volume for your Kubernetes cluster. +ACS uses Azure classic disks for the persistent volume. +Within the same Resource Group as the ACS instance, create a classic storage group. + +. On a Windows based system use Disk Manager to create an unformatted, 100GB Virtual Hard Disk (VHD). + +. Use https://azure.microsoft.com/en-us/features/storage-explorer/[Azure Storage Explorer] to upload the VHD to the classic storage group. + +. Make sure the disk is 'released' from a 'lease'. + +. On your Linux host with Azure CLI installed, attach to your ACS Kubernetes Master. + + $ az acs kubernetes get-credentials --resource-group pfoxacs --name pfox-acs + Merged "pfoxacsmgmt" as current context in /Users/paulfox/.kube/config + + $ kubectl config use-context pfoxacsmgmt + +. Confirm connectivity to the ACS Kubernetes cluster. ++ +[source,bash] +---- +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +k8s-agent-e32fd1a6-0 Ready agent 4m v1.7.7 +k8s-agent-e32fd1a6-1 Ready agent 5m v1.7.7 +k8s-master-e32fd1a6-0 Ready master 4m v1.7.7 +---- + +. Create a file named _persistent-volume.yaml_, and open it for editing. ++ +[source,yaml] +---- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: twistlock-console + labels: + app: twistlock-console + annotations: + volume.beta.kubernetes.io/storage-class: default +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + azureDisk: + diskName: pfox-classic-tl-console.vhd + diskURI: https://pfoxacs.blob.core.windows.net/twistlock-console/pfox-classic-tl-console.vhd + cachingMode: ReadWrite + fsType: ext4 + readOnly: false +---- ++ +[horizontal] +`diskName`:: Name of the persistent disk created in the previous steps. +`labels`:: Label for the persistent volume. +`diskURI`:: Azure subscription path to the disk created in the previous steps. + +. Create the persistent volume: ++ +[source,bash] +---- + $ kubectl create -f ./persistent-volume.yaml +---- + +. Generate the Console YAML configuration file: ++ +[source,bash] +---- + $ /linux/twistcli console export kubernetes \ + --persistent-volume-labels app:twistlock-console \ + --storage-class default +---- ++ +[horizontal] +`--persistent-volume-labels`:: _app:twistlock-console_ label defined in the persistent-volume.yaml. +`--storage-class`:: _default_ must match the storage class of the Azure Disk. + +. Deploy the Prisma Cloud Console in your cluster. ++ +[source,bash] +---- + $ kubectl create -f ./twistlock-console.yaml +---- + +. Wait for the service to come up completely. ++ +[source,bash] +---- + $ kubectl get service -w -n twistlock +---- + +. Continue with the rest of the install <>. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks.adoc new file mode 100644 index 0000000000..83e10d2414 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks.adoc @@ -0,0 +1,58 @@ +:topic_type: task +[.task] +[#aks] +== Azure Kubernetes Service (AKS) + +Use the following procedure to install Prisma Cloud in an AKS cluster. +This setup uses dynamic PersistentVolumeClaim provisioning using Premium Azure Disk. +When creating your Kubernetes cluster, be sure to specify a https://docs.microsoft.com/en-us/azure/virtual-machines/windows/premium-storage#supported-vms[VM size] that supports premium storage. + +[NOTE] +==== +Prisma Cloud doesn't support Azure Files as a storage class for persistent volumes. +Use Azure Disks instead. +==== + +*Prerequisites* + +* You have deployed an https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-cluster[Azure Container Service (AKS) cluster]. +Use the https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-create[--node-vm-size] parameter to specify a VM size that supports Premium Azure Disks. + +* You have installed https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Azure CLI 2.0.22] or later. + +* You have xref:../../tools/twistcli-console-install.adoc[downloaded the Prisma Cloud command-line utility]. + +[.procedure] +. Use `twistcli` to generate the Prisma Cloud Console YAML configuration file, where can be `linux` or `osx`. +Set the storage class to Premium Azure Disk. ++ +[source,yaml] +---- + $ /twistcli console export kubernetes \ + --storage-class managed-premium \ + --service-type LoadBalancer +---- + +. Deploy the Prisma Cloud Console in the Azure Kubernetes Service cluster. ++ +[source,bash] +---- + $ kubectl create -f ./twistlock_console.yaml +---- + +. Wait for the service to come up completely. ++ +[source,bash] +---- + $ kubectl get service -w -n twistlock +---- + +. Change the `reclaimPolicy` of the `PersistentVolumeClaim`. ++ +[source,bash] +---- + $ kubectl get pv + $ kubectl patch pv -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' +---- + +. Next, xref:./console-on-kubernetes.adoc#configure-console-k8s[configure the Prisma Cloud console]. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-amazon-ecs.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-amazon-ecs.adoc new file mode 100644 index 0000000000..85f3c08158 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-amazon-ecs.adoc @@ -0,0 +1,479 @@ +== Deploy the Prisma Cloud Console on Amazon ECS + +Complete the steps on this page to deploy the Prisma Cloud console in an ECS cluster. +This example deployment consists of a single infrastructure node and two worker nodes. +The console runs on the infrastructure node. +An instance of the Prisma Cloud Defender runs on every node in the cluster. + +The Prisma Cloud console runs as a service in your ECS cluster to provide you a management interface. +You can describe the parameters of the service in a task definition written in JSON format. + +To protect the workloads in in your containerized environment, you set policies in the Prisma Cloud console. +The Defender service enforces the policies you set running a service in your ECS cluster. +You can xref:../deploy-defender/orchestrator/install-amazon-ecs.adoc[automatically deploy an instance of the Defender] on each node in your cluster. + +This example provisions a highly available Prisma Cloud console. +If the infrastructure node goes down, ECS reschedules the Prisma Cloud console service on any healthy node. +You must attach storage that's accessible from each of your infrastructure nodes to ensure high availability. +The recommended option is the Amazon Elastic File System (EFS) to ensure that the Prisma Cloud console continues to have access to its state since your data persists across nodes. + +When you have multiple infrastructure nodes, ECS can schedule Console on any of them. +Defenders need a reliable way to connect to Console. +A load balancer automatically directs traffic to the node where Console runs, and offers a stable interface that Defenders can use to connect to Console and that operators can use to access its web interface. + +NOTE: We assume you are deploying Prisma Cloud to the default VPC. +If you are not using the default VPC, adjust your settings accordingly. + +This guide assumes you know very little about AWS ECS. +As such, it is extremely prescriptive, and includes step for building your cluster. +If you are already familiar with AWS ECS and do not need assistance navigating the interface, simply read the section synopsis, which summarizes all key configurations. +To better understand clusters, read our xref:../cluster-context.adoc[cluster context] topic. + +[.task] +=== Get Prisma Cloud + +The Prisma Cloud release tarball contains all the release artifacts. + +[.procedure] +. xref:../../welcome/releases.adoc#download[Download] the latest recommended release. + +. Retrieve the release tarball. + + $ wget + +. Unpack the Prisma Cloud release tarball. + + $ mkdir twistlock + $ tar xvzf prisma_cloud_compute_edition_.tar.gz -C twistlock/ + +[.task] +=== Create a cluster + +Create an empty cluster named _pc-ecs-cluster_. +Later, you will create launch configurations and auto-scaling groups to start EC2 instances in the cluster. + +[.procedure] +. Log into the AWS Management Console. + +. Go to *Services > Containers > Elastic Container Service*. + +. Click *Create Cluster*. + +. Select *Networking only*, then click *Next Step*. + +. Enter a cluster name, such as *pc-ecs-cluster*. + +. Click *Create*. + +[.task] +=== Create a security group + +Create a new security group named _pc-security-group_ that opens the following ports. +This security group will be associated with resources in your cluster. + +[cols="25%,75%a", options="header"] +|=== +|Port +|Description + +|8083 +|Prisma Cloud Console's UI and API. + +|8084 +|Prisma Cloud secure websocket for Console-Defender communication. + +|2049 +|NFS for Prisma Cloud Console to access its state. + +|22 +|SSH for managing nodes. + +|=== + +You can harden this configuration as required. +For example, you might want to limit access to port 22 to specific source IPs. + +[.procedure] +. Go to *Services > Compute > EC2*. + +. In the left menu, click *NETWORK & SECURITY > Security Groups*. + +. Click *Create Security Group*. + +. In *Security group name*, enter a name, such as *pc-security-group*. + +. In *Description*, enter *Prisma Cloud ports*. + +. In *VPC*, select your default VPC. + +. Under the *Inbound rules* section, click *Add Rule*. + +.. Under *Type*, select *Custom TCP*. + +.. Under *Port Range*, enter *8083-8084*. + +.. Under *Source*, select *Anywhere*. + +. Click *Add Rule*. + +.. Under *Type*, select *NFS*. + +.. Under *Source*, select *Anywhere*. + +. Click *Add Rule*. + +.. Under *Type*, select *SSH*. + +.. Under *Source*, select *Anywhere*. + +. Click *Create security group*. + +[.task] +=== Create an EFS file system for Console + +Create the Console EFS file system, and then get the command that will be used to mount the file system on every infrastructure node. + +NOTE: The EFS file system and ECS cluster must be in the same VPC and security group. + +*Prerequisites:* Prisma Cloud Console depends on an EFS file system with the following performance characteristics: + +* *Performance mode:* General purpose. +* *Throughput mode:* Provisioned. +Provision 0.1 MiB/s per deployed Defender. +For example, if you plan to deploy 10 Defenders, provision 1 MiB/s of throughput. + +[.procedure] +. Log into the AWS Management Console. + +. Go to *Services > Storage > EFS*. + +. Click *Create File System*. + +. Enter a value for *Name*, such as *pc-efs-console* + +. Select a VPC. + +. Click *Customize*. + +. Set throughput mode to *Provisioned*, and set *Throughput* to 0.1 MiB/s per Defender to be deployed. ++ +For example, if you plan to deploy ten Defenders, set throughput to 1 MiB/s (10 Defenders * 0.1 MiB/s = 1 MiB/s). + +. Click *Next*. + +. For each mount target, select the *pc-security-group*. + +. Click *Next*. + +. In *File System Policy*, click *Next*. + +. Review your settings and click *Create*. + +. Click *View file system*. + +. Click *Attach*, copy the NFS client mount command, and set it aside for later. ++ +You will use the mount command when setting up Console's launch configuration. + +=== Set up a load balancer + +Set up an AWS Classic Load Balancer, and capture the Load Balancer DNS name. + +You'll create two load balancer listeners. +One is used for Console's UI and API, which are served on port 8083. +Another is used for the websocket connection between Defender and Console, which is established on port 8084. + +For detailed instructions on how to create a load balancer for Console, see xref:../../howto/configure-ecs-loadbalancer.adoc[Configure an AWS Load Balancer for ECS]. + +[.task] +=== Use a private registry + +For maximum control over your environment, you might want to store the Console container image in your own private registry, and then install Prisma Cloud from your private registry. +When the Console service is started, ECS retrieves the image from your registry. +This procedure shows you how to push the Console container image to Amazon's Elastic Container Registry (ECR). + +*Prerequisites:* + +* AWS CLI is installed on your machine. +It is required to push the Console image to your registry. + +[.procedure] +. Go to the directory where you unpacked the Prisma Cloud release tarball. + + $ cd prisma_cloud_compute_edition/ + +. Load the Console image. + + $ docker load < ./twistlock_console.tar.gz + +. Go to *Services > Containers > Elastic Container Service*. + +. In the left menu, click *Repositories*. + +. Click *Create repository*. + +. Follow the AWS instructions for logging in to the registry, tagging the Console image, and pushing it to your repo. ++ +Be sure to update your Console task definition so that the value for `image` points to your private registry. + +=== Deploy Console + +Launch an infrastructure node that runs in the cluster, then start Prisma Cloud Console as a service on that node. + +[.task] +==== Create a launch configuration for the infrastructure node + +Launch configurations are templates that are used by an auto-scaling group to start EC2 instances in your cluster. + +Create a launch configuration named _pc-infra-node_ that: + +* Creates an instance type of t2.xlarge, or higher. +For more information about Console's minimum requirements, see the xref:../system-requirements.adoc[system requirements]. +* Runs Amazon ECS-Optimized Amazon Linux 2 AMI. +* Uses the ecsInstanceRole IAM role. +* Runs a user data script that joins the _pc-ecs-cluster_ and defines a custom attribute named _purpose_ with a value of _infra_. +Console tasks will be placed to this instance. + +[.procedure] +. Go to *Services > Compute > EC2*. + +. In the left menu, click *Auto Scaling > Launch Configurations*. + +. Click *Create launch configuration*. + +. In *Name*, enter a name for your launch configuration, such as *pc-infra-node*. + +. In Amazon machine image, select *Amazon ECS-Optimized Amazon Linux 2 AMI*. ++ +You can get a complete list of per-region Amazon ECS-optimized AMIs from https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html[here]. + +. Under instance type, select *t2.xlarge*. + +. Under *Additional Configuration*: + +.. In *IAM instance profile*, select *ecsInstanceRole*. ++ +NOTE: If this role doesn't exist, create it. +For complete details, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html[Amazon ECS Container Instance IAM Role]. + +.. Under *User data*, select *Text*, and paste the following code snippet, which installs the NFS utilities and mounts the EFS file system: ++ +[source,sh] +---- +#!/bin/bash +cat <<'EOF' >> /etc/ecs/ecs.config +ECS_CLUSTER=pc-ecs-cluster +ECS_INSTANCE_ATTRIBUTES={"purpose": "infra"} +EOF + +yum install -y nfs-utils +mkdir /twistlock_console + /twistlock_console + +mkdir -p /twistlock_console/var/lib/twistlock +mkdir -p /twistlock_console/var/lib/twistlock-backup +mkdir -p /twistlock_console/var/lib/twistlock-config +---- ++ +*ECS_CLUSTER* must match your cluster name. +If you've named your cluster something other than *pc-ecs-cluster*, then update the user data script accordingly. ++ +** is the Console mount command you copied from the AWS Management Console after creating your console EFS file system. +The mount target must be _/twistlock_console_, not the _efs_ mount target provided in the sample command. + +.. (Optional) In *IP Address Type*, select *Assign a public IP address to every instance*. ++ +With this option, you can easily SSH to this instance to troubleshoot issues. + +. Under *Security groups*: + +.. Select *Select an existing security group*. + +.. Select *pc-security-group*. + +. Under *Key pair (login)*, select an existing key pair, or create a new key pair so that you can access your instances. + +. Click *Create launch configuration*. + + +[.task] +=== Create an auto scaling group for the infrastructure node + +Launch a single instance of the infrastructure node into your cluster. + +[.procedure] +. Go to *Services > Compute > EC2*. + +. In the left menu, click *Auto Scaling > Auto Scaling Groups*. + +. Click *Create an Auto Scaling group*. + +. In *Choose launch template or configuration*: + +.. In *Auto Scaling group Name*, enter *pc-infra-autoscaling*. + +.. In *Launch template*, click *Switch to launch configuration*. + +.. Select *pc-infra-node*. + +.. Click *Next*. + +. Under *Configure settings*: + +.. In *VPC*, select your default VPC. + +.. In *Subnet*, select a public subnet, such as 172.31.0.0/20. + +.. Click *Skip to review*. + +. Review the configuration and click *Create Auto Scaling Group*. ++ +After the auto scaling group spins up (it will take some time), validate that your cluster has one container instance, where a container instance is the ECS vernacular for an EC2 instance that has joined the cluster and is ready to accept container workloads: ++ +* Go to *Services > Containers > Elastic Container Service*. +The count for *Container instances* should be 1. ++ +* Click on the cluster, then click on the *ECS Instances* tab. +In the status table, there should be a single entry. +Click on the link under the *EC2 Instance* column. +In the details page for the EC2 instance, record the *Public DNS*. + + +[.task] +=== Copy the Prisma Cloud config file into place + +The Prisma Cloud API serves the version of the configuration file used to instantiate Console. +Use scp to copy _twistlock.cfg_ from the Prisma Cloud release tarball to _/twistlock_console/var/lib/twistlock-config_ on the infrastructure node. + +[.procedure] +. Upload _twistlock.cfg_ to the infrastructure node. + +.. Go to the directory where you unpacked the Prisma Cloud release tarball. + +.. Copy _twistlock.cfg_ to the infrastructure node. + + $ scp -i twistlock.cfg ec2-user@:~ + +. SSH to the infrastructure node. + + $ ssh -i ec2-user@ + +. Copy the _twistlock.cfg_ file into place. + + $ sudo cp twistlock.cfg /twistlock_console/var/lib/twistlock-config + +. Close your SSH session. + + $ exit + +[.task] +=== Create a Prisma Cloud Console task definition + +Prisma Cloud provides a task definition template for Console. +Download the template, then update the variables specific to your environment. +Finally, load the task definition in ECS. + +*Prerequisites:* + +* The task definition provisions sufficient resources for Console to operate. +The template specifies reasonable defaults. +For more information, see the xref:../system-requirements.adoc[system requirements]. + +[.procedure] +. Download the https://cdn.twistlock.com/docs/attachments/amazon-ecs-task-pc-console.json[Prisma Cloud Compute Console task definition], and open it for editing. + +. Update the value for `image`. ++ +Replace the following placeholder strings with the appropriate values: ++ +* `` -- +Your Prisma Cloud access token. +All characters must be lowercase. +* `` -- +Version of the Console image to use. +For example, for version `20.04.177`, specify `20_04_177`. +The image and tag will look like `console:console_20_04_177`. + +. Update the value for`` to the Load Balancer's DNS name. + +. Go to *Services > Containers > Elastic Container Service*. + +. In the left menu, click *Task Definitions*. + +. Click *Create new Task Definition*. + +. Select *EC2*, and then click *Next step*. + +. In *Step 2: Configure task and container definitions*, scroll to the bottom of the page and click *Configure via JSON*. + +. Delete the default task definition, and replace it with the Prisma Cloud Compute Console task definition. + +. Click *Save*. + +. (Optional) Change the name of the task definition. +By default, its name is *pc-console*. + +. Click *Create*. + +[.task] +=== Start the Prisma Cloud Console service + +Create the Console service using the previously defined task definition. +A single instance of Console will run on the infrastructure node. + +[.procedure] +. Go to *Services > Containers > Elastic Container Service*. + +. In the left menu, click *Clusters*. + +. Click on your cluster. + +. In the *Services* tab, then click *Create*. + +. In *Step 1: Configure service*: + +.. For *Launch type*, select *EC2*. + +.. For *Task Definition*, select *pc-console*. + +.. In *Service Name*, enter *pc-console*. + +.. In *Number of tasks*, enter *1*. + +.. Click *Next Step*. + +. In *Step 2: Configure network*: + +.. For *Load Balancer type*, select *Classic Load Balancer*. + +.. For *Service IAM role*, leave the default *ecsServiceRole*. + +.. For *Load Balancer Name*, select previously created load balancer. + +.. Unselect *Enable Service discovery integration* + +.. click *Next Step*. + +. In *Step 3: Set Auto Scaling*, accept the defaults, and click *Next*. + +. In *Step 4: Review*, click *Create Service*. + +. Wait for the service to launch, and then click *View Service*. + +. Wait for *Last status* to change to *RUNNING* (it can take a few minutes), and then proceed to the next step. + +[.task] +=== Configure Prisma Cloud Console + +Navigate to Console's web interface, create your first admin account, and enter your license. + +[.procedure] +. Start a browser, then navigate to \https://:8083 + +. At the login page, create your first admin account. +Enter a username and password. + +. Enter your license key, then click *Register*. ++ +You have successfully deployed the Prisma Cloud console on your ECS cluster. +Next, deploy the Defender to protect your workloads. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-eks.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-eks.adoc new file mode 100644 index 0000000000..5122553b8b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-eks.adoc @@ -0,0 +1,44 @@ +:topic_type: task +[.task] +[#eks] +== Amazon Elastic Kubernetes Service (EKS) + +https://aws.amazon.com/eks/#[Amazon Kubernetes Service (EKS)] lets you deploy Kubernetes clusters on demand. +Use our standard Kubernetes install method to deploy Prisma Cloud to EKS. + +[NOTE] +==== +If using Bottlerocket OS-based nodes for your EKS Cluster: + +* Pass the `--container-runtime containerd` flag to `twistcli`. +* Or select the *Container Runtime type* as `containerd` in the Console UI when generating the Defender `YAML` or `Helm` chart. + +Follow the instructions to xref:../deploy-defender/orchestrator/install-kubernetes-cri.adoc[deploy Defenders as DaemonSet] for more details. +==== + +*Prerequisites* + +* You have deployed an Amazon EKS cluster. + +* You have xref:../../tools/twistcli.adoc[downloaded the Prisma Cloud software]. + +[.procedure] +. Generate the Prisma Cloud Compute Console deployment file. + + $ twistcli console export kubernetes \ + --service-type LoadBalancer \ + --storage-class gp2 + +. Deploy Console. + + $ kubectl create -f twistlock_console.yaml + +. Wait for the service to come up completely. + + $ kubectl get service -w -n twistlock + +. Continue with the rest of the xref:./console-on-kubernetes.adoc[installation for Kubernetes clusters]. + + + + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-fargate.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-fargate.adoc new file mode 100644 index 0000000000..7778007558 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-fargate.adoc @@ -0,0 +1,288 @@ +== Console on Fargate + +You can run Prisma Cloud Console in AWS Fargate. + +This procedure assumes you've already created an ECS cluster. + + +[.task] +=== Create a security group + +Create a security group that opens ports 8083-8084 for Prisma Cloud Console and port 2049 for NFS. + +[.procedure] +. In the AWS console, go to *Services > Compute > EC2 > Security Groups*. + +. Click *Create security group*. + +. In *Security group name*, enter a name, such as *pc-security-group*. + +. In *Description*, enter *Prisma Cloud Compute Console on Fargate*. + +. In *VPC*, select the VPC where your ECS cluster runs. + +. Create an inbound rule for Prisma Cloud Console ports. + +.. Under *Inbound rules* , click *Add rule*. + +.. Under *Type*, select *Custom TCP*. + +.. Under *Port range*, enter *8083-8084*. + +.. Under *Source*, select *Anywhere*. + +. Create an inbound rule for NFS, where Console stores its data. + +.. Click *Add rule*. + +.. Under *Type*, select *NFS*. + +.. Under *Source*, select *Anywhere*. + +. Click *Create security group*. + +. Write down the security group ID and save it for later. + + +[.task] +=== Create an EFS file system + +Create a highly available file system for Console to store its data. + +[.procedure] +. In the AWS console, go to *Services > Storage > EFS*. + +. Click *Create file system*. + +. Click *Customize* to open a more detailed dialog. + +. Enter a value for *Name*, such as *pc-efs-console*. + +. Set the throughput mode to *Provisioned*. + +. Set *Provisioned Throughput (MiB/s)* to 0.1 MiB/s per Defender that will be deployed. + +. Click *Next*. + +. In *VPC*, select the VPC where your EC2 cluster runs and the relevant mount targets. + +. For each mount target, change the security group to the ID of the pc-security-group. + +. Click *Next*, accepting all defaults, until the file system is created. + +. Write down the file system ID and save it for later. + + +[.task] +=== Create target groups + +Create two target groups for the load balancer, one for port 8083 and one for port 8084. + +[.procedure] +. In the AWS console, go to *Services > Compute > EC2 > Load Balancing > Target Groups*. + +. Click *Create target group*. + +. In *Basic configuration*, select *IP addresses*. + +. Enter a value for *Name*, such as *pc-tgt-8083* or *pc-tgt-8084*. + +. Set *Protocol* to *TCP* and *Port* to *8083* or *8084* respectively. + +. In VPC, select the VPC where your ECS cluster runs. + +. For port 8083 only, specify the following health check configuration: ++ +* *Health check protocol*: *HTTPS* +* *Health check path*: */* +* *Port*: *Traffic port* +* Accept the default values for all other settings. + +. Click *Next*, and then click *Create target group*. + +. Repeat the process for port 8084, but accept the default values for the health check configuration. ++ +The health check protocol for 8084 must be *TCP*. + +. Write down the ARN for both target groups, and save them for later. + + +[.task] +=== Create a load balancer + +Create a network load balancer to route traffic to the Console container. + +[.procedure] +. In the AWS console, go to *Services > Compute > EC2 > Load Balancers*. + +. Click *Create Load Balancer*. + +. Choose *Network Load Balancer* and *Create*. + +. Enter a value for *Name*, such as *pc-ecs-lb*. + +. Under *Network mapping*, select the VPC and subnet where the Prisma Cloud Console task will run. + +. Under *Listeners and routing*, create a listener for port 8083. + +.. Set *Protocol* to *TCP*. + +.. Set *Port* to *8083*. + +.. Set *Default action* to *Forward to: pc-tgt-8083*. + +. Create a listener for port 8084. + +.. Click *Add listener*. + +.. Set *Protocol* to *TCP*. + +.. Set *Port* to *8084*. + +.. Set *Default action* to *Forward to: pc-tgt-8084*. + +. Click *Create load balancer*. + +. Write down the DNS name for the load balancer, and save it for later. + + +[.task] +=== Create task definition + +Use twistcli to generate a task definition for Console. + +Each task definition's Console can support up to 1000 deployed Defenders. + +The following table lists valid values for cpu-limit and memory-limit: + +[cols="1,2", options="header"] +|=== + +|CPU limit +|Memory limit (MiB) + +|1024 (1 vCPU) +|2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) + +|2048 (2 vCPU) +|Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) + +|4096 (4 vCPU) +|Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) + +|=== + +[.procedure] +. Download the Prisma Cloud Compute Edition release tarball, and unpack it. + +. Run twistcli to create the task definition. + + .//twistcli console export fargate \ + --registry-token \ + --cluster-ip \ + --memory-limit \ + --cpu-limit \ + --efs-volume ++ +For example: + + ./linux/twistcli console export fargate \ + --registry-token \ + --cluster-ip my-fargate-console-dns-address.elb.us-east-1.amazonaws.com \ + --memory-limit 8192 \ + --cpu-limit 2048 \ + --efs-volume fs-12345678 + +. In the AWS console, go to *Services > Containers > Elastic Container Service > Task Definitions*. + +. Click *Create new Task Definition*. + +. Click *Fargate*, then *Next step*. + +. Scroll to the bottom of the page, and click *Configure via JSON*. + +. Clear the text box, paste the contents of *twistlock-console.json* which was generated by twistcli, and click *Save*. + +. In *Task Role*, specify *ecsTaskExecutionRole*. + +. Click *Create*. + +. Click *View Task Definition*. + +. Copy the task definition name and revision (e.g., *pc-console:1*). + + +[.task] +=== Create Fargate service + +Create the Fargate service. + +[.procedure] +. In the AWS console, go to *Services > Networking & Content Delivery > VPC > Subnets*. + +. Filter the subnets by the VPC where your ECS cluster runs, and write down subnet IDs of the relevant availability zones. + +. Fill out the ECS service JSON with all values you've set aside until now. ++ +Replace the strings between the `< >` characters, and save the file with the name fargate-pc-console-service.json. ++ +[source,json] +---- +{ + "cluster": "", + "serviceName": "pc-console", + "taskDefinition": ":", + "loadBalancers": [ + { + "targetGroupArn": "", + "containerName": "twistlock-console", + "containerPort": 8083 + }, + { + "targetGroupArn": "", + "containerName": "twistlock-console", + "containerPort": 8084 + } + ], + "desiredCount": 1, + "launchType": "FARGATE", + "deploymentConfiguration": { + "maximumPercent": 100, + "minimumHealthyPercent": 0 + }, + "platformVersion": "1.4.0", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "", + "" + ], + "securityGroups": [ + "" + ], + "assignPublicIp": "ENABLED" + } + }, + "enableECSManagedTags": true +} +---- + +. Create the service using awscli. ++ + aws ecs create-service --cli-input-json file://path/to/fargate-pc-console-service.json ++ +If successful the service is successfully created, awscli outputs the full JSON for the service being deployed. + +. In the AWS console, go to *Services > Containers > Elastic Container Service > Clusters*, click your cluster. + +. In the *Services* tab, click the service name (*pc-console*). ++ +You should see the details for load balancing and network access. + +. In the *Tasks* tab, you should find details about the running container. + + +=== Log into Prisma Cloud Console + +Open a web browser and go to `\https://:8083`. +Create an initial admin account, and then enter your license to activate Console. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-iks.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-iks.adoc new file mode 100644 index 0000000000..f28cde370f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-iks.adoc @@ -0,0 +1,47 @@ +:topic_type: task +[.task] +[#iks] +== IBM Kubernetes Service (IKS) + +Use the following procedure to install Prisma Cloud in an IKS cluster. +IKS uses dynamic PersistentVolumeClaim provisioning (`ibmc-file-bronze` is the default StorageClass) as well as automatic LoadBalancer configuration for the Prisma Cloud Console. +You can optionally specify a StorageClass for premium https://cloud.ibm.com/docs/containers?topic=containers-file_storage[file] or https://cloud.ibm.com/docs/containers?topic=containers-block_storage[block] storage options. +Use a https://cloud.ibm.com/docs/containers?topic=containers-file_storage#existing-file-1[retain] storage class (not default) to ensure your storage is not destroyed even if you delete the PVC. + +[NOTE] +==== +When installing Defenders the IKS Kubernetes version you use matters. +https://www.ibm.com/cloud/blog/ibm-cloud-kubernetes-service-supports-containerd[IKS Kubernetes version 1.10 uses Docker, and 1.11+ uses containerd] as the container runtime. + +* If using `containerd`, pass the `--container-runtime containerd` flag to `twistcli`. +* Or select the *Container Runtime type* as `containerd` in the Console UI when generating the Defender `YAML` or `Helm` chart. +==== + +[.procedure] +. Use _twistcli_ to generate the Prisma Cloud Console YAML configuration file, where can be linux or osx. +Optionally set the storage class to premium storage class. +For IKS with Kubernetes 1.10, use our standard Kubernetes instructions. +Here is an example with a premium StorageClass with the retain option. ++ +[source,yaml] +---- + $ /twistcli console export kubernetes \ + --storage-class ibmc-file-retain-silver \ + --service-type LoadBalancer +---- + +. Deploy the Prisma Cloud Console in the IBM Kubernetes Service cluster. ++ +[source,bash] +---- + $ kubectl create -f ./twistlock_console.yaml +---- + +. Wait for the service to come up completely. ++ +[source,bash] +---- + $ kubectl get service -w -n twistlock +---- + +. Continue with the rest of the install <>. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-kubernetes.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-kubernetes.adoc new file mode 100644 index 0000000000..c691e7ad5a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-kubernetes.adoc @@ -0,0 +1,326 @@ +== Kubernetes + +This topic helps you install Prisma Cloud in your Kubernetes cluster quickly. +There are many ways to install Prisma Cloud, but use this workflow to quickly deploy Defenders and verify how information is accessible from the Prisma Cloud Console. +After completing this procedure, you can modify the installation to match your needs. + +To install Prisma Cloud, you use the command-line utility called `twistcli`, which is bundled with the Prisma Cloud software. +The process has the following steps to give you full control over the created objects. + +. The `twistcli` command-line utility generates YAML configuration files or Helm charts for the Prisma Cloud Console and Defender. +. You create the required objects in your cluster with the `kubectl create` command. + +To better understand clusters, read our xref:../cluster-context.adoc[cluster context] topic. + +You can inspect, customize, and manage the YAML configuration files or Helm charts before deploying the Prisma Cloud Console and Defender. +You can place the files or charts under source control to track changes, to integrate them with Continuous Integration and Continuous Development (CI/CD) pipelines, and to enable effective collaboration. + +To ensure a single copy of the Prisma Cloud Console is always available, the Prisma Cloud Console is created as a Kubernetes `Deployment`. +Kubernetes deployments are also known as Kubernetes services. +To ensure that a Prisma Cloud Defender instance runs on each worker node of your cluster, each Prisma Cloud Defender is deployed as a Kubernetes `DaemonSet`. + +When a node goes down, the orchestrator can reschedule the Prisma Cloud Console on a different healthy node. +To improve the availability of the Prisma Cloud Console, you must ensure that the orchestrator can run the Prisma Cloud Console on any healthy node. +The default configuration files or charts ensure this capability. +These default configuration files or charts enable the following features to ensure availability. + +* *Deploy a persistent volume (PV), to enable Prisma Cloud Console to save the state.* +This configuration ensures that no matter where Prisma Cloud Console runs, it has access to the state of the deployment. +For persistent volumes to work, every node in the cluster must have access to the shared storage. +Setting up a https://kubernetes.io/docs/concepts/storage/persistent-volumes/[persistent volume] can be easy or hard depending on the following factors. ++ +** What is your cloud provider? ++ +For example, Google Cloud Kubernetes Engine (GKE) offers persistent volumes out-of-the box with zero additional configuration required. +** Is Kubernetes managed or unmanaged? ++ +If you deploy your clusters manually, you might need to configure a Network File System (NFS). + +* *Expose the Prisma Cloud Console to the network through a load balancer.* +A load balancer ensures that the Prisma Cloud Console is reachable regardless of where it runs in the cluster. +The Prisma Cloud Console must be accessible in your deployment because it serves as a web interface and communicates policy to all the deployed Defenders. + + +=== Requirements + +To deploy your Defenders smoothly, you must meet the following requirements. + +* You have a valid Prisma Cloud license key and access token. + +* You provisioned a Kubernetes cluster that meets the minimum xref:../system-requirements.adoc[system requirements] and runs a xref:../system-requirements.adoc#orchestrators[supported Kubernetes version]. + +* You set up a Linux or macOS system to control your cluster, and you can access the cluster using the `kubectl` command-line utility. + +* The nodes in your cluster can reach Prisma Cloud's cloud registry at `registry-auth.twistlock.com`. + +* Your cluster can create https://kubernetes.io/docs/concepts/storage/persistent-volumes/[PersistentVolumes] and https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/[LoadBalancers] from YAML configuration files or Helm charts. + + +* Your cluster uses any of the following runtimes. +For more information about the runtimes that Prisma Cloud supports, see the xref:../system-requirements.adoc#container-runtimes[system requirements]. + +** Docker Engine +** CRI-O +** CRI-containerd + +==== Required Permissions + +* You can create and delete namespaces in your cluster. + +* You can run the `kubectl create` command. + +==== Required Firewall and Port Configuration + +Open the following ports in your firewall. + +Ports for the *Prisma Cloud Console*: + +* Incoming: 8083, 8084 +* Outgoing: 443, 53 + +[.task] +[#download-console] +=== Download the Prisma Cloud Console + +Download the Prisma Cloud software to any system where you run `kubectl` to manage your cluster. + +[.procedure] +. xref:../../welcome/releases.adoc#download[Download] the current release. + +. Create the `prisma_cloud` folder and unpack the release tarball. ++ +[source] +---- +$ mkdir prisma_cloud +$ tar xvzf prisma_cloud_compute_edition_.tar.gz -C prisma_cloud/ +---- + +[.task] +[#deploy-console-k8s] +=== Deploy the Prisma Cloud on Kubernetes + +To use Prisma Cloud as part of your Kubernetes deployment, you need the `twistcli` command-line utility and the Prisma Cloud Defenders. + +Use the xref:../../tools/twistcli.adoc[`twistcli`] command-line utility to install the Prisma Cloud Console and deploy the Defenders. +The `twistcli` utility is included with every release, or you can <>. +After completing this procedure, the Prisma Cloud Console and Prisma Cloud Defenders run in your Kubernetes cluster. + +When you install Prisma Cloud on xref:console-on-eks.adoc[Amazon Elastic Kubernetes Service] (EKS), xref:console-on-aks.adoc[Azure Kubernetes Service] (AKS), or xref:console-on-acs.adoc[Alibaba Container Service] with Kubernetes, additional configuration steps are required. + +Install the Prisma Cloud Console and expose the service using a load balancer. + +[.procedure] +. On your cluster controller, navigate to the directory where you downloaded and extracted the Prisma Cloud release tarball. + +. Generate a YAML configuration file for Console, where can be linux or osx. ++ +The following command saves `twistlock_console.yaml` to the current working directory. +If needed, you can edit the generated YAML file to modify the default settings. ++ +[source,bash] +---- +$ /twistcli console export kubernetes --service-type LoadBalancer +---- ++ +[NOTE] +==== +If you're using Network File System version 4 (NFSv4) as the persistent storage in your cluster, use the `nolock`, `noatime` and `bg` mount options in your `PersistentVolume` custom resource definition (CRD). +After generating the YAML file in the Prisma Cloud Console, add the mount options to your `PersistentVolume` CRD as follows. + +[source,yaml] +---- +apiVersion: v1 +kind: PersistentVolume +metadata: +name: twistlock-console +labels: +app-volume: twistlock-console +annotations: +volume.beta.kubernetes.io/mount-options: "nolock,noatime,bg" +---- +==== + +. Deploy the Prisma Cloud Console with the following command. ++ +[source,bash] +---- +$ kubectl create -f twistlock_console.yaml +---- + +. Wait for the service to come up completely. ++ +[source,bash] +---- +$ kubectl get service -w -n twistlock +---- + +[#configure-console-k8s] +[.task] +=== Configure the Prisma Cloud Console + +Create your first administrator and enter your license key. + +[.procedure] +. Get the public endpoint address for the Prisma Cloud Console. ++ +[source,bash] +---- +$ kubectl get service -o wide -n twistlock +---- + +. Register a DNS entry for the external IP address of the Prisma Cloud Console. +This procedure assumes the registered DNS name is `yourconsole.example.com`. + +. If you need to secure the Prisma Cloud Console communication with TLS, set up a xref:../../configure/certificates.adoc[custom certificate]. (Optional) + +. Open a browser window, and navigate to the Prisma Cloud Console. +By default, the Prisma Cloud Console is served with the HTTPS protocol on port 8083. +You can go to https://yourconsole.example.com:8083 to access the Prisma Cloud Console. + +. Create your first administrator. + +. Enter your Prisma Cloud license key. + +. The Defender communicates with the Prisma Cloud Console using TLS. +Update the xref:../../configure/subject-alternative-names.adoc[list of identifiers in the Prisma Cloud Console certificate] that Defenders use to validate the identity of the Prisma Cloud Console. + +.. Go to *Manage > Defenders > Names*. + +.. In the *Subject Alternative Name* table, click *Add SAN*, then enter the Prisma Cloud Console IP address or domain name. Enter the `yourconsole.example.com` domain name. +Any Defenders deployed outside the cluster can use this domain name to connect to the Prisma Cloud Console. + +.. In the *Subject Alternative Name* table, click *Add SAN* again, then enter `twistlock-console`. +Any Defenders deployed in the same cluster as the Prisma Cloud Console can use the `yourconsole.example.com` domain name to access the Prisma Cloud console. ++ +[NOTE] +==== +The service name of the Prisma Cloud Console is `twistlock-console`, but that name is not the same as the pod's name, which is `twistlock-console-XXXX`. +==== + +[.task, #_helm] +=== Install Prisma Cloud with Helm charts + +You can use `twistcli` to create Helm charts for the Prisma Cloud Console and the Defenders. +Helm is a package manager for Kubernetes, and a `chart` is a Helm package. + +Apply the following changes. + +* Pass the `--helm_ option to _twistcli` to generate a Helm chart. +Don't change the other options passed to `twistcli` since they configure the chart. + +* Deploy your Defender with the `helm install` command instead of `kubectl create`. + +The following procedure shows the modified commands. + +[.procedure] +. xref:../../welcome/releases.adoc#download[Download] the current recommended release. + +. Create a Console Helm chart. + + $ /twistcli console export kubernetes \ + --service-type LoadBalancer \ + --helm + +. Install the Console. + + $ helm install twistlock-console \ + --namespace twistlock \ + --create namespace \ + ./twistlock-console-helm.tar.gz + +. <>. + +. Create a Defender `DaemonSet` Helm chart. + + $ /twistcli defender export kubernetes \ + --address https://yourconsole.example.com:8083 \ + --helm \ + --user \ + --cluster-address twistlock-console + +. Install the Defender. + + $ helm install twistlock-defender-ds \ + --namespace twistlock \ + --create namespace \ + ./twistlock-defender-helm.tar.gz + +=== Troubleshooting + +==== Pod Security Policy +If Pod Security Policy is enabled in your cluster, you might get the following error when trying to create a Defender DaemonSet. + + Error creating: pods "twistlock-defender-ds-" is forbidden: unable to validate against any pod security policy ..Privileged containers are not allowed + +If you get this error, then you must create a PodSecurityPolicy for the Defender and the necessary ClusterRole and ClusterRoleBinding for the twistlock namespace. +You can use the following Pod Security Policy, ClusterRole and ClusterRoleBinding: + +.PodSecurityPolicy +[source,yaml] +---- +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: prismacloudcompute-service +spec: + privileged: false + seLinux: + rule: RunAsAny + allowedCapabilities: + - AUDIT_CONTROL + - NET_ADMIN + - SYS_ADMIN + - SYS_PTRACE + - MKNOD + - SETFCAP + volumes: + - "hostPath" + - "secret" + allowedHostPaths: + - pathPrefix: "/etc" + - pathPrefix: "/var" + - pathPrefix: "/run" + - pathPrefix: "/dev/log" + - pathPrefix: "/" + hostNetwork: true + hostPID: true + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny +---- + +.ClusterRole +[source,yaml] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prismacloudcompute-defender-role +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - prismacloudcompute-service +---- + +.ClusterRoleBinding +[source,yaml] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prismacloudcompute-defender-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prismacloudcompute-defender-role +subjects: +- kind: ServiceAccount + name: twistlock-service + namespace: twistlock +---- + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-onebox.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-onebox.adoc new file mode 100644 index 0000000000..04c2c21eb7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-onebox.adoc @@ -0,0 +1,98 @@ +== Onebox + +Onebox provides a quick, simple way to install both Console and Defender onto a single host. +It provides a fully functional, self-contained environment that is suitable for evaluating Prisma Cloud. + + +[.task] +=== Install Prisma Cloud + +Install Onebox with the _twistlock.sh_ install script. + +*Prerequisites:* + +* Your host meets the minimum xref:../system-requirements.adoc[system requirements]. +* You have a license key. +* Port 8083 is open. +Port 8083 (HTTPS) serves the Console UI. +You can configure alternative ports in _twistlock.cfg_ before installing. +* Port 8084 is open. +Console and Defender communicate with each other on this port. + +[.procedure] +. xref:../../welcome/releases.adoc#download[Download] the latest Prisma Cloud release to the host where you'll install Onebox. + +. Extract the tarball. +All files must be in the same directory when you run the install. ++ + $ mkdir twistlock + $ tar -xzf prisma_cloud_compute_.tar.gz -C twistlock/ + +. Configure Prisma Cloud for your environment. ++ +Open _twistlock.cfg_ and review the default settings. +The default settings are acceptable for most environments. ++ +NOTE: If your Docker socket is in a custom location, update _twistlock.cfg_ before continuing. +By default, Prisma Cloud expects to find the Docker socket in _/var/run/docker.sock_. +If it's not located there on your host, open _twistlock.cfg_ in an editor, find the DOCKER_SOCKET variable, and update the path. + +. Install Prisma Cloud. + + $ sudo ./twistlock.sh -s onebox ++ +[horizontal] +`-s`:: Agree to EULA. +`-z`:: (Optional) Print additional debug messages. +Useful for troubleshooting install issues. +`onebox`:: Install both Console and Defender on the same host, which is the recommended configuration. +Specify `console` to install just Console. + +. Verify that Prisma Cloud is installed and running: ++ + $ docker ps --format "table {{.ID}}\t{{.Status}}\t{{.Names}}" + CONTAINER ID STATUS NAMES + 764ecb72207e Up 5 minutes twistlock_defender_ + be5e385fea32 Up 5 minutes twistlock_console + + +[.task] +=== Configure Console + +Create your first admin user and enter your license key. + +[.procedure] +. Open Prisma Cloud Console. +In a browser window, navigate to 'https://:8083', where is the IP address or DNS name of the host where Console runs. + +. Create your first admin user. ++ +Consider using _admin_ as the username. +It's a convenient choice because _admin_ is the default user for many of Prisma Cloud's utilities, including twistcli. + +. Enter your license key. + + +[.task] +=== Uninstall + +Use the _twistlock.sh_ script to uninstall Prisma Cloud from your host. +The script stops and removes all Prisma Cloud containers, removes all Prisma Cloud images, and deletes the _/var/lib/twistlock_ directory, which contains your logs, certificates, and database. + +[.procedure] +. Uninstall Prisma Cloud. + + $ sudo ./twistlock.sh -u + +. Verify that all Prisma Cloud containers have been stopped and removed from your host. + + $ docker ps -a + +. Verify that all Prisma Cloud images have been removed from your host. + + $ docker images + + +=== What's next? + +xref:../deploy-defender/container/container.adoc[Install Defender] on each additional host you want to protect. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-openshift.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-openshift.adoc new file mode 100644 index 0000000000..d61315b78b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/console-on-openshift.adoc @@ -0,0 +1,498 @@ +== OpenShift v4 + +Prisma Cloud Console is deployed as a Deployment, which ensures it's always running. +The Prisma Cloud Console and Defender container images can be stored either in the internal OpenShift registry or your own Docker v2 compliant registry. +Alternatively, you can configure your deployments to pull images from xref:./container-images.adoc[Prisma Cloud's cloud registry]. + +=== Preflight checklist + +To ensure that your installation on supported versions of OpenShift v4.x goes smoothly, work through the following checklist and validate that all requirements are met. + +==== Minimum system requirements + +Validate that the components in your environment (nodes, host operating systems, orchestrator) meet the specs in +xref:../system-requirements.adoc[System requirements]. + +[IMPORTANT] +==== +For OpenShift installs, we recommend using the overlay or overlay2 storage drivers due to a known issue in RHEL. +For more information, see https://bugzilla.redhat.com/show_bug.cgi?id=1518519. +==== + +==== Permissions + +Validate that you have permission to: + +* Push to a private docker registry. +For most OpenShift setups, the registry runs inside the cluster as a service. +You must be able to authenticate with your registry with docker login. + +* Pull images from your registry. +This might require the creation of a docker-registry secret. + +* Have the correct role bindings to pull and push to the registry. +For more information, see https://docs.openshift.com/container-platform/3.10/install_config/registry/accessing_registry.html[Accessing the Registry]. + +* Create and delete projects in your cluster. +For OpenShift installations, a project is created when you run _oc new-project_. + +* Run _oc create_ commands. + +==== Internal cluster network communication +TCP: 8083, 8084 + +==== External cluster network communication +TCP: 443 + +The Prisma Cloud Console connects to the Prisma Cloud Intelligence Stream (https://intelligence.twistlock.com) on TCP port 443 for vulnerability updates. +If your Console is unable to contact the Prisma Cloud Intelligence Stream, follow the guidance for xref:../../tools/update-intel-stream-offline.adoc[offline environments]. + +[.task] +==== Download the Prisma Cloud software + +Download the latest Prisma Cloud release to any system where the OpenShift https://www.okd.io/download.html[oc client] is installed. + +[.procedure] +. Go to xref:../../welcome/releases.adoc[Releases], and copy the link to current recommended release. + +. Download the release tarball to your cluster controller. ++ +[source] +---- +$ wget +---- + +. Unpack the release tarball. ++ +[source] +---- +$ mkdir twistlock +$ tar xvzf twistlock_.tar.gz -C twistlock/ +---- + +. Use xref:../../tools/twistcli.adoc[_twistcli_] to install the Prisma Cloud Console and Defenders. +The _twistcli_ utility is included with every release. +After completing this procedure, both Prisma Cloud Console and Prisma Cloud Defenders will be running in your OpenShift cluster. + + +==== Create an OpenShift project for Prisma Cloud + +Create a project named _twistlock_. + +. Login to the OpenShift cluster and create the _twistlock_ project: + +[source] +---- + $ oc new-project twistlock +---- + +[.task] +==== (Optional) Push the Prisma Cloud images to a private registry + +When Prisma Cloud is deployed to your cluster, the images are retrieved from a registry. +You have a number of options for storing the Prisma Cloud Console and Defender images: + +* OpenShift internal registry. + +* Private Docker v2 registry. +You must create a docker-secret to authenticate with the registry. + +Alternatively, you can pull the images from the xref:./container-images.adoc[Prisma Cloud cloud registry] at deployment time. +Your cluster nodes must be able to connect to the Prisma Cloud cloud registry (registry-auth.twistlock.com) with TLS on TCP port 443. + +This guides shows you how to use both the OpenShift internal registry and the Prisma Cloud cloud registry. +If you're going to use the Prisma Cloud cloud registry, you can skip this section. +Otherwise, this procedure shows you how to pull, tag, and upload the Prisma Cloud images to the OpenShift internal registry's _twistlock_ imageStream. + +[.procedure] +. Determine the endpoint for your OpenShift internal registry. +Use either the internal registry's service name or cluster IP. ++ +[source] +---- +$ oc get svc -n default +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +docker-registry ClusterIP 172.30.163.181 5000/TCP 88d +---- + +. Pull the images from the Prisma Cloud cloud registry using your access token. +The major, minor, and patch numerals in the string are separated with an underscore. +For example, 18.11.128 would be 18_11_128. ++ +[source] +---- + $ docker pull \ + registry-auth.twistlock.com/tw_/twistlock/defender:defender_ + + $ docker pull \ + registry-auth.twistlock.com/tw_/twistlock/console:console_ +---- + +. Tag the images for the OpenShift internal registry. ++ +[source] +---- +$ docker tag \ + registry-auth.twistlock.com/tw_/twistlock/defender:defender_ \ + 172.30.163.181:5000/twistlock/private:defender_ + +$ docker tag \ + registry-auth.twistlock.com/tw_/twistlock/console:console_ \ + 172.30.163.181:5000/twistlock/private:console_ +---- + +. Push the images to the _twistlock_ project's imageStream. ++ +[source] +---- + $ docker push 172.30.163.181:5000/twistlock/private:defender_ + $ docker push 172.30.163.181:5000/twistlock/private:console_ +---- + +==== Install Console + +Use the _twistcli_ tool to generate YAML files or a Helm chart for Prisma Cloud Compute Console. +The _twistcli_ tool is bundled with the release tarball. +There are versions for Linux, macOS, and Windows. + +The _twistcli_ tool generates YAML files or helm charts for a Deployment and other service configurations, such as a PersistentVolumeClaim, SecurityContextConstraints, and so on. +Run the twistcli command with the _--help_ flag for additional details about the command and supported flags. + +You can optionally customize _twistlock.cfg_ to enable additional features. +Then run twistcli from the root of the extracted release tarball. + +Prisma Cloud Console uses a PersistentVolumeClaim to store data. +There are two ways to provision storage for Console: + +* *Dynamic provisioning:* +Allocate storage for Console link:https://docs.openshift.com/container-platform/3.10/install_config/persistent_storage/dynamically_provisioning_pvs.html[on-demand] at deployment time. +When generating the Console deployment YAML files or helm chart with _twistcli_, specify the name of the storage class with the _--storage-class_ flag. +Most customers use dynamic provisioning. + +* *Manual provisioning:* +Pre-provision a persistent volume for Console, then specify its label when generating the Console deployment YAML files. +OpenShift uses NFS mounts for the backend infrastructure components (e.g. registry, logging, etc.). +The NFS server is typically one of the master nodes. +Guidance for creating an NFS backed PersistentVolume can be found link:https://docs.openshift.com/container-platform/3.10/install_config/persistent_storage/persistent_storage_nfs.html#overview[here]. +Also see <>. + +[.task] +===== Option #1: Deploy with YAML files + +Deploy Prisma Cloud Compute Console with YAML files. + +[.procedure] +. Generate a deployment YAML file for Console. +A number of command variations are provided. +Use them as a basis for constructing your own working command. + +.. Prisma Cloud Console + dynamically provisioned PersistentVolume + image pulled from the OpenShift internal registry.* ++ +[source] +---- + $ /twistcli console export openshift \ + --storage-class "" \ + --image-name "172.30.163.181:5000/twistlock/private:console_" \ + --service-type "ClusterIP" +---- + +.. *Prisma Cloud Console + manually provisioned PersistentVolume + image pulled from the OpenShift internal registry.* +Using the NFS backed PersistentVolume described in <>, pass the label to the _--persistent-volume-labels_ flag to specify the PersistentVolume to which the PersistentVolumeClaim will bind. ++ +[source] +---- + $ /twistcli console export openshift \ + --persistent-volume-labels "app-volume=twistlock-console" \ + --image-name "172.30.163.181:5000/twistlock/private:console_" \ + --service-type "ClusterIP" +---- + +.. *Prisma Cloud Console + manually provisioned PersistentVolume + image pulled from the Prisma Cloud cloud registry.* +If you omit the _--image-name_ flag, the Prisma Cloud cloud registry is used by default, and you are prompted for your access token. ++ +[source] +---- + $ /twistcli console export openshift \ + --persistent-volume-labels "app-volume=twistlock-console" \ + --service-type "ClusterIP" +---- + +. Deploy Console. ++ +[source] +---- + $ oc create -f ./twistlock_console.yaml +---- ++ +[NOTE] +==== +You can safely ignore the error that says the twistlock project already exists. +==== + +[.task] +===== Option #2: Deploy with Helm chart + +Deploy Prisma Cloud Compute Console with a Helm chart. + +// https://github.com/twistlock/twistlock/issues/13333 + +Prisma Cloud Console Helm charts fail to install on OpenShift 4 clusters due to a Helm bug. +If you generate a Helm chart, and try to install it in an OpenShift 4 cluster, you'll get the following error: + +[source] +---- + Error: unable to recognize "": no matches for kind "SecurityContextConstraints" in version "v1" +---- + +To work around the issue, you'll need to manually modify the generated Helm chart. + +[.procedure] +. Generate a deployment helm chart for Console. +A number of command variations are provided. +Use them as a basis for constructing your own working command. + +.. *Prisma Cloud Console + dynamically provisioned PersistentVolume + image pulled from the OpenShift internal registry.* ++ +[source] +---- + $ /twistcli console export openshift \ + --storage-class "" \ + --image-name "172.30.163.181:5000/twistlock/private:console_" \ + --service-type "ClusterIP" \ + --helm +---- + +.. *Prisma Cloud Console + manually provisioned PersistentVolume + image pulled from the OpenShift internal registry.* +Using the NFS backed PersistentVolume described in <>, pass the label to the _--persistent-volume-labels_ flag to specify the PersistentVolume to which the PersistentVolumeClaim will bind. ++ +[source] +---- + $ /twistcli console export openshift \ + --persistent-volume-labels "app-volume=twistlock-console" \ + --image-name "172.30.163.181:5000/twistlock/private:console_" \ + --service-type "ClusterIP" \ + --helm +---- + +.. *Prisma Cloud Console + manually provisioned PersistentVolume + image pulled from the Prisma Cloud cloud registry.* +If you omit the _--image-name_ flag, the Prisma Cloud cloud registry is used by default, and you are prompted for your access token. ++ +[source] +---- + $ /twistcli console export openshift \ + --persistent-volume-labels "app-volume=twistlock-console" \ + --service-type "ClusterIP" \ + --helm +---- + +. Unpack the chart into a temporary directory. ++ +[source] +---- + $ mkdir helm-console + $ tar xvzf twistlock-console-helm.tar.gz -C helm-console/ +---- + +. Open _helm-console/twistlock-console/templates/securitycontextconstraints.yaml_ for editing. + +. Change `apiVersion` from `v1` to `security.openshift.io/v1`. ++ +[source,yaml] +---- +{{- if .Values.openshift }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: twistlock-console +... +---- + +. Repack the Helm chart ++ +[source] +---- + $ cd helm-console/ + $ tar cvzf twistlock-console-helm.tar.gz twistlock-console/ +---- + +. Install the updated Helm chart. ++ +[source] +---- + $ helm install --namespace=twistlock -g twistlock-console-helm.tar.gz +---- + +[.task] +==== Create an external route to Console + +Create an external route to Console so that you can access the web UI and API. + +[.procedure] +. From the OpenShift web interface, go to the _twistlock_ project. + +. Go to *Application > Routes*. + +. Select *Create Route*. + +. Enter a name for the route, such as *twistlock-console*. + +. Hostname = URL used to access the Console, e.g. _twistlock-console.apps.ose.example.com_ + +. Path = */* + +. Service = *twistlock-console* + +. Target Port = 8083 → 8083 + +. Select the *Security > Secure Route* radio button. + +. TLS Termination = Passthrough (if using 8083) ++ +If you plan to issue a xref:../../configure/certificates.adoc[custom certificate for Console TLS communication] that is trusted and will allow the TLS establishment with the Prisma Cloud Console, then Select Passthrough TLS for TCP port 8083. + +. Insecure Traffic = *Redirect* + +. Click *Create*. + +[.task] +==== Create an external route to Console for external Defenders + +If you are planning to deploy Defenders to another cluster and report to this Console, you will need to create an additional external route to Console so that the Defenders can access the Console. You need to expose the Prisma Cloud-Console service’s TCP port 8084 as external OpenShift routes. Each route will be an unique, fully qualified domain name. + +[.procedure] +. From the OpenShift web interface, go to the _twistlock_ project. + +. Go to *Application > Routes*. + +. Select *Create Route*. + +. Enter a name for the route, such as *twistlock-console-8084*. + +. Hostname = URL used to access the Console, using a different hostname, e.g. _twistlock-console-8084.apps.ose.example.com_ + +. Path = */* + +. Service = *twistlock-console* + +. Target Port = 8084 → 8084 + +. Select the *Security > Secure Route* radio button. + +. TLS Termination = Passthrough (if using 8084) ++ +[NOTE] +==== +The Defender to Console communication is a mutual TLS secure websocket session. This communication cannot be intercepted. +==== + +. Insecure Traffic = *Redirect* + +. Click *Create*. + +[.task] +==== Configure Console + +Create your first admin user, enter your license key, and configure Console's certificate so that Defenders can establish a secure connection to it. + +[.procedure] +. In a web browser, navigate to the external route you configured for Console, e.g. _\https://twistlock-console.apps.ose.example.com_. + +. Create your first admin account. + +. Enter your license key. + +. Add a SubjectAlternativeName to Console's certificate to allow Defenders to establish a secure connection with Console. ++ +Use either Console's service name, _twistlock-console_ or _twistlock-console.twistlock.svc_, or Console's cluster IP. ++ +Additionally, if a route for external Defenders was created, add that one to the SAN list too: _twistlock-console-8084.apps.ose.example.com_ ++ +[source] +---- + $ oc get svc -n twistlock + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) + twistlock-console LoadBalancer 172.30.41.62 172.29.61.32,172.29.61.32 8084:3184... +---- + +.. Go to *Manage > Defenders > Names*. + +.. Click *Add SAN* and enter Console's service name. + +.. Click *Add SAN* and enter Console's cluster IP. ++ +image::install_openshift_san.png[width=700] + +[.task] +=== Appendix: NFS PersistentVolume example + +Create an NFS mount for the Prisma Cloud Console's PV on the host that serves the NFS mounts. +[.procedure] + +. *mkdir /opt/twistlock_console* + +. Check selinux: *sestatus* + +. *chcon -R -t svirt_sandbox_file_t -l s0 /opt/twistlock_console* + +. *sudo chown nfsnobody /opt/twistlock_console* + +. *sudo chgrp nfsnobody /opt/twistlock_console* + +. Check perms with: *ls -lZ /opt/twistlock_console* (drwxr-xr-x. nfsnobody nfsnobody system_u:object_r:svirt_sandbox_file_t:s0) + +. Create */etc/exports.d/twistlock.exports* + +. In the */etc/exports.d/twistlock.exports* add in line */opt/twistlock_console *(rw,root_squash)* + +. Restart nfs mount *sudo exportfs -ra* + +. Confirm with *showmount -e* + +. Get the IP address of the Master node that will be used in the PV (eth0, openshift uses 172. for node to node communication). +Make sure TCP 2049 (NFS) is allowed between nodes. + +. Create a PersistentVolume for Prisma Cloud Console. ++ +The following example uses a label for the PersistentVolume and the https://docs.openshift.com/container-platform/3.10/dev_guide/persistent_volumes.html#persistent-volumes-volumes-and-claim-prebinding[volume and claim pre-binding] features. +The PersistentVolumeClaim uses the `app-volume: twistlock-console` label to bind to the PV. +The volume and claim pre-binding `claimref` ensures that the PersistentVolume is not claimed by another PersistentVolumeClaim before Prisma Cloud Console is deployed. ++ +[source,yaml] +---- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: twistlock + labels: + app-volume: twistlock-console +storageClassName: standard +spec: + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + nfs: + path: /opt/twistlock_console + server: 172.31.4.59 +persistentVolumeReclaimPolicy: Retain +claimRef: + name: twistlock-console + namespace: twistlock +---- + +[.task] +=== Appendix: Implementing SAML federation with a Prisma Cloud Console inside an OpenShift cluster + +When federating Prisma Cloud Console that is accessed through an OpenShift external route with a SAML v2.0 Identity Provider (IdP), the SAML authentication request's _AssertionConsumerServiceURL_ value must be modified. +Prisma Cloud automatically generates the _AssertionConsumerServiceURL_ value sent in a SAML authentication request based on Console's configuration. +When Console is accessed through an OpenShift external route, the URL for Console's API endpoint is most likely not the same as the automatically generated _AssertionConsumerServiceURL._ +Therefore, you must configure the _AssertionConsumerServiceURL_ value that Prisma Cloud sends in the SAML authentication request. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Authentication > SAML*. + +. In *Console URL*, define the _AssertionConsumerServiceURL_. ++ +In this example, enter _\https://twistlock-console.apps.ose.example.com_ diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/container-images.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/container-images.adoc new file mode 100644 index 0000000000..70dbc12d88 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/container-images.adoc @@ -0,0 +1,116 @@ +== Prisma Cloud Container Images + +You can deploy the Prisma Cloud console as a container using your active subscription or your valid license key to get the images from a cloud registry. +The Prisma Cloud images are built using the https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8?gti-tabs=unauthenticated[RedHat Universal Base Image 8 Minimal] (UBI8-minimal). +This format is designed for applications that contain their own dependencies. + +[CAUTION] +==== +All builds, including private builds, are published to the registry. +Private builds temporarily address specific customer issues. +Unless you've been asked to use a private build by a Prisma Cloud representative during the course of a support case, you should only pull officially published builds. +==== + +You can optionally manage Prisma Cloud images in your own registry. +You can push the Prisma Cloud images to your own private registry, and manage them from there as you see fit. +The Prisma Cloud console image is delivered as a _.tar.gz_ file in the release tarball. +Go to *Manage > System > Utilities* in the Prisma Cloud Console to download the Defender image. + +The length of time that images are available on the cloud registry complies with our standard xref:../../welcome/support-lifecycle.adoc[n-1 support lifecycle]. + +There are two different methods for accessing images in the cloud registry: + +* Basic authorization. +* URL authorization. + +[.task] +=== Get the Prisma Cloud Console Images with Basic Authorization + +Authenticate using _docker login_ or _podman login_, then retrieve the Prisma Cloud images using _docker pull_ or _podman pull_. +For basic authorization, the registry is accessible at _registry.twistlock.com_. + +[IMPORTANT] +==== +Image names contain a version string. +The version string is formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. +For example, 19.07.363 is formatted as 19_07_363. +For example: + +registry.twistlock.com/twistlock/defender:defender_19_07_363. +==== + +*Prerequisites:* + +* You have your Prisma Cloud access token. + +[.procedure] +. Authenticate with the registry. ++ +---- +$ docker (or podman) login registry.twistlock.com +Username: +Password: +---- ++ +Where *Username* can be any string, and *Password* must be your access token. + + +. Pull the Prisma Cloud console image from the Prisma Cloud registry. ++ +---- +$ docker (or podman) pull registry.twistlock.com/twistlock/console:console_ +---- + +. Pull the Defender image from the Prisma Cloud registry. ++ +---- +$ docker (or podman) pull registry.twistlock.com/twistlock/defender:defender_ +---- + +[.task] +=== Get the Prisma Cloud Console Images with URL Authorization + +Retrieve Prisma Cloud images with a single command by embedding your access token into the registry URL. +For URL authorization, the registry is accessible at _registry-auth.twistlock.com_. + +By embedding your access token into the registry URL, you only need to run _docker pull_ or _podman pull_. +The _docker login_ or _podman login_ command isn't required. + +The format for the registry URL is: `registry-auth.twistlock.com/tw_/:` + +[IMPORTANT] +==== +Image names contain a version string. +The version string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. +For example, 19.07.363 should be formatted as 19_07_363. +For example: + +registry.twistlock.com/twistlock/defender:defender_19_07_363. +==== + +*Prerequisites:* + +* You have a Prisma Cloud access token. +* The Docker or Podman client requires that repository names be lowercase. +Therefore, all characters in your access token must be lowercase. +To convert your access token to lowercase characters, use the following command: ++ +---- +$ echo | tr '[:upper:]' '[:lower:]' +---- + +[.procedure] + +. Pull the Console image from the Prisma Cloud registry. ++ +---- +$ docker (or podman) pull \ + registry-auth.twistlock.com/tw_/twistlock/console:console_ +---- + +. Pull the Defender image from the Prisma Cloud registry. ++ +---- +$ docker (or podman) pull \ + registry-auth.twistlock.com/tw_/twistlock/defender:defender_ +---- diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-console/deploy-console.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-console/deploy-console.adoc new file mode 100644 index 0000000000..19b0c78a39 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-console/deploy-console.adoc @@ -0,0 +1,7 @@ +:toc: macro + +== Deploy the Prisma Cloud Console + +Deploy the Prisma Cloud Console + +toc::[] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/app-embedded.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/app-embedded.adoc new file mode 100644 index 0000000000..1eb672887e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/app-embedded.adoc @@ -0,0 +1,278 @@ +== Deploy App-Embedded Defender + +App-Embedded Defenders monitor and protect your applications from the entrypoint script and all the entrypoint child processes to ensure they execute as designed. +Deploy App-Embedded Defender anywhere you can run a container, but can't deploy xref:../defender-types.adoc#container-defender[Container Defender]. +App-Embedded Defenders are typically used to protect the entrypoint in applications in containers that run on container-on-demand services, such as Google Cloud Run (GCR) and Azure Container Instances (ACI). + +To learn when to use App-Embedded Defenders, see xref:../defender-types.adoc[Defender types]. + +To learn more about App-Embedded Defender's capabilities, see: + +* xref:../../../vulnerability-management/app-embedded-scanning.adoc[Vulnerability scanning for App-Embedded] +* xref:../../../compliance/app-embedded-scanning.adoc[Compliance scanning for App-Embedded] +* xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[Runtime defense for App-Embedded] +* Protecting front-end containers at runtime with xref:../../../waas/waas.adoc[WAAS] + +NOTE: App-Embedded Defender is the only supported option for securing containers at runtime when you're using nested virtualization, also known as _Docker-in-Docker_. +Docker-in-Docker is a setup where you have a Docker container that itself has Docker installed, and from within the container you use Docker to pull images, build images, run containers, and so on. +To secure the applications inside a container, use App-Embedded Defender. + +=== Securing Containers + +To secure a container, embed the App-Embedded Defender into it. +You can embed App-Embedded Defenders with the Console UI, twistcli, or Prisma Cloud API. +App-Embedded Defender has been tested on Azure Container Instances, Google Cloud Run, and Fargate on EKS. + +The steps are: + +. Define your policy in Prisma Cloud Console. ++ +App-Embedded Defenders dynamically retrieve rules from Console as they are updated. +You can embed the App-Embedded Defender into a task with a simple initial policy, and then refine it later, as needed. + +. Embed the App-Embedded Defender into the container. + +. Start the service that runs your container. + +The embed process takes a Dockerfile as input, and returns a ZIP file with an augmented Dockerfile and App-Embedded Defender binaries. +Rebuild your container image with the new Dockerfile to complete the embedding process. +The embed process modifies the container's entrypoint to run App-Embedded Defender. +The App-Embedded Defender, in turn, runs the original entrypoint program under its control. + +When embedding App-Embedded Defender, specify a unique identifier for your container image. +This gives you a way to uniquely identify the App-Embedded Defender in the environment. + +When securing your apps with runtime rules, target rules to apps using the App ID. +(Because the App-Embedded Defender runs inside the container, it can't reliably get information such as image and container names.) + +image::install_app_embedded_defender_scope_app_id.png[width=500] + + +[#app-id] +=== App ID + +When you deploy an App-Embedded Defender, it is embedded inside the container. +The embed process modifies the container's entrypoint to run App-Embedded Defender first, which in turn starts the original entrypoint program. + +When App-Embedded Defender sends scan data back to Console, it must correlate it to an image. +Because App-Embedded Defender runs inside the container, it can't retrieve any information about the image, specifically the image name and image ID. +As such, the deployment flow sets an image name and image ID, and embeds this information alongside the App-Embedded Defender. + +During the embed flow, you must specify a value for App ID (or more accurately, app name, which becomes part of the final App ID). +In the Console, this value is presented as the image name. +When specifying App ID, choose a value you can easily trace back to the image when reviewing and mitigating security findings. + +As part of the embed flow, Prisma Cloud automatically generates a universally unique identifier (UUID) to represent the image ID. +The image ID is a primary key in the Prisma Cloud Compute database, so it's essential that it is defined. + +Together, the app name plus the generated UUID form the final App ID. +The final App ID has the following format: + + : + +The following screenshot shows how images protected by App-Embedded Defender are listed under *Monitor > Vulnerabilities*. +The *Repository* column, which represents the image name, shows two images: ian-app1 and ian-app2. +Both ian-app1 and ian-app2 were specified as the App IDs when embedding Defenders into the images. + +image::install_app_embedded_defender_app_id1.png[width=800] + +The next screenshot shows the scan report for ian-app1. +Notice that *Image* is set to *ian-app1*, which was the App ID specified when embedding Defender. +Also notice that the value for *Image ID* is a UUID. + +image::install_app_embedded_defender_app_id2.png[width=800] + +Finally, back in *Monitor > Vulnerabilities*, notice that the *Apps* column shows the final App ID, which is the combination of the app name (specified as App ID in the embed flow) plus the internally generated UUID. + +image::install_app_embedded_defender_app_id3.png[width=800] + +[.task] +=== Embed App-Embedded Defender + +Embed App-Embedded Defender into a container image from Prisma Console UI. + +*Prerequisites:* + +* At runtime, the container where you're embedding App-Embedded Defender can reach Console over the network. +For Enterprise Edition, Defender talks to Console on port 443. +For Compute Edition, Defender talks to Console on port 8084. +* You have the Dockerfile for your image. + +[.procedure] +. Open Console, and go to *Manage > Defenders > Defenders: Deployed > Manual deploy*. + +. In *Deployment method*, select *Single Defender*. + +. Select the DNS name or IP address that App-Embedded Defender uses to connect to Console. + +. In *Choose the Defender type*, select *Container Defender - App-Embedded Defender*. + +. *Enable file system runtime protection* if your runtime policy requires it. ++ +If App-Embedded Defender is deployed with this setting enabled, the sensor will monitor file system events, regardless of how your runtime policy is configured, and could impact the underlying workload's performance. ++ +If you later decide you want to disable the sensor completely, you must re-embed App-Embedded Defender with this setting disabled. ++ +Conversely, if you deploy App-Embedded Defender with this setting disabled, and later decide you want file system protection, you'll need to re-embed App-Embedded with this setting enabled. ++ +You can set a xref:./config-app-embedded-fs-protection.adoc[default file system protection state] for all App-Embedded Defender deployments. + +. In *Deployment type*, select *Dockerfile*. + +. In *App ID*, enter a unique identifier for the App-Embedded Defender. ++ +All vulnerability, compliance, and runtime findings for the container will be aggregated under this App ID +In Console, the App ID is presented as the image name. +Be sure to specify an App ID that lets you easily trace findings back to the image. + +. In *Dockerfile*, click *Choose File*, and upload the Dockerfile for your container image. + +. Click *Create embedded ZIP*. ++ +A file named _app_embedded_embed_help.zip_ is created and downloaded to your system. + +. Unpack app_embedded_embed_help.zip. + + $ mkdir tmp + $ unzip app_embedded_embed_help.zip -d tmp/ + +. Build the modified Docker image. + + $ cd tmp/ + $ docker build . + +. Tag and push the updated image to your repository. + + +[.task] +=== Embed App-Embedded Defender manually + +Embed App-Embedded Defender into a container image manually. +Modify your Dockerfile with the supplied information, download the App-Embedded Defender binaries into the image's build context, then rebuild the image. + +*Prerequisites:* + +* At runtime, the container where you're embedding App-Embedded Defender can reach Console over the network. +For Enterprise Edition, Defender talks to Console on port 443. +For Compute Edition, Defender talks to Console on port 8084. +* The host where you're rebuilding your container image with App-Embedded Defender can reach Console over the network on port 8083. +* You have the Dockerfile for your image. + +[.procedure] +. Open Console, and go to *Manage > Defenders > Defenders: Deployed > Manual*. + +. In *Deployment method*, select *Single Defender*. + +. Select the DNS name or IP address that App-Embedded Defender uses to connect to Console. + +. In *Choose the Defender type*, select *Container Defender - App-Embedded Defender*. + +. Enable *Monitor file system events*, if your runtime policy requires it. ++ +If App-Embedded Defender is deployed with this setting enabled, the sensor will monitor file system events, regardless of how your runtime policy is configured, and could impact the underlying workload's performance. ++ +If you later decide to disable the sensor completely, you must re-embed App-Embedded Defender with this setting disabled. ++ +Conversely, if you deploy App-Embedded Defender with this setting disabled, and later decide you want file system protection, you'll need to re-embed App-Embedded with this setting enabled. ++ +You can set a xref:./config-app-embedded-fs-protection.adoc[default file system protection state] for all App-Embedded Defender deployments. + +. In *Deployment Type*, select *Manual*. ++ +A set of instructions for embedding App-Embedded Defender into your images is provided. + +.. Using the provided curl command, download the App-Embedded Defender binary into your image's build context directory. + +.. Open your Dockerfile for editing. + +.. Add the App-Embedded Defender to the image. + + ADD twistlock_defender_app_embedded.tar.gz /twistlock/ + +.. Add the specified environment variables. ++ +When setting `DEFENDER_APP_ID`, specify a value that lets you easily trace findings back to the image. +All vulnerability, compliance, and runtime findings for the container will be aggregated under this App ID +In Console, the App ID is presented as the image name. + +.. Modify the entrypoint so that your app starts under the control of App-Embedded Defender. ++ +For example, to start the hello-world program under the control of App-Embedded Defender, specify the following entrypoint. + + ENTRYPOINT ["/twistlock/defender", "app-embedded", "hello-world"] + +. Rebuild your image. + + $ docker build . + +. Tag and push the updated image to your repository. + + +[.task] +=== Embed App-Embedded Defender with twistcli + +Prisma Cloud supports automation for embedding App-Embedded Defender into container images with either twistcli or the API. +This section shows you how to use twistcli. +To learn how to use the API, see the API docs. + +*Prerequisites:* + +* The container where you're embedding App-Embedded Defender can reach Console's port 8084 over the network. +* You have the Dockerfile for your image. + +[.procedure] +. Download twistcli. + +.. Log into Console, and go to *Manage > System > Utilities*. + +.. Download the twistcli binary for your platform. + +. Generate the artifacts for an updated container with twistcli. ++ +A file named _app_embedded_embed_.zip_ is created. ++ + $ ./twistcli app-embedded embed \ + --user + --address "https://:8083" \ + --console-host \ + --app-id "" \ + --data-folder "" \ + Dockerfile ++ +* -- Name of a Prisma Cloud user with a minimum xref:../../../authentication/user-roles.adoc[role] of Defender Manager. +* -- DNS name or IP address for Console. +* -- Unique identifier. +When setting ``, specify a value that lets you easily trace findings back to the image. +All vulnerability, compliance, and runtime findings for the container will be aggregated under this App ID. +In Console, the App ID is presented as the image name. +For example, _my-app_. +* -- Readable and writable directory in the container's filesystem. +For example, _/tmp_. +* To enable file system protection, add the `--filesystem-monitoring` flag to the twistcli command. + +. Unpack _app_embedded_embed_help.zip_. + + $ mkdir tmp + $ unzip app_embedded_embed_help.zip -d tmp/ + +. Build the updated image. + + $ cd tmp/ + $ docker build . + +. Tag and push the updated image to your repository. + + +=== Connected Defenders + +You can review the list of all Defenders connected to Console under *Manage > Defenders > Manage > Defenders*. +To see just App-Embedded Defenders, filter the table by type, `Type: Container Defender - App-Embedded`. + +image::connected_app_embedded_defenders.png[width=800] + +By default, Prisma Cloud removes disconnected App-Embedded Defenders from the list after an hour. +As part of the cleanup process, data collected by the disconnected Defender is also removed from *Monitor > Runtime > App-Embedded observations*. + +NOTE: There is an advanced settings dialog under *Manage > Defenders > Manage > Defenders*, which lets you configure how long Prisma Cloud should wait before cleaning up disconnected Defenders. +This setting doesn't apply to App-Embedded Defenders. +Disconnected App-Embedded Defenders are always removed after one hour. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon.adoc new file mode 100644 index 0000000000..9513ecb0cc --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon.adoc @@ -0,0 +1,29 @@ +:topic_type: task + +[.task] +== Default Setting for App-Embedded Defender File System Monitoring + +This procedure is intended for security teams that want to set a global recommendation for whether file system monitoring should be enabled when teams deploy App-Embedded Defenders. + +By default, file system monitoring is disabled in App-Embedded Defenders. +Security teams can turn it on by default so that the teams that build and manage apps will deploy Defender according to your organization's best practices. +Individual teams can optionally override the default setting at embed-time, and they may want to do so if file system monitoring interferes with their workload's operation. + +[.procedure] +. Log into Console. + +. Go to *Manage > Defenders > Manage > Defenders*. + +. Click *Advanced settings*. + +. Set *Default app-embedded file system monitoring* to *On* or *Off*. + +. Validate the global setting has been properly applied by inspecting the Defender embed flow. + +.. Go to *Manage > Defenders > Deploy > Defenders*. + +.. In *Deployment method*, select *Single Defender*. + +.. In *Choose the Defender type*, select *Container Defender - App-Embedded*. + +.. Verify that the value for *Monitor file system events* matches the value you set in *Advanced settings*. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection.adoc new file mode 100644 index 0000000000..15de7bf70d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection.adoc @@ -0,0 +1,35 @@ +:topic_type: task + +[.task] +== Default Setting for App-Embedded Defender File System Protection + +Because App-Embedded Defender's file system protection could affect workload performance, you can enable or disable it. + +This procedure is intended for security teams that want to set a global recommendation for whether file system protection should be enabled when teams deploy App-Embedded Defenders. + +By default, file system protection is disabled in App-Embedded Defenders. +Security teams can turn it on by default so that teams that build and manage apps will deploy Defender according to your organization's best practices. +Individual teams can optionally override the default setting at embed-time, and they may want to do so if file system protection interferes with their workload's operation. + +[.procedure] +. Log into Console. + +. Go to *Manage > Defenders > Manage > Defenders*. + +. Click *Advanced settings*. + +. Set *Default file system protection statefor App-Embedded Defenders* to *On* or *Off*. ++ +image::config_app_embedded_fs_protection_global.png[width=800] + +. Validate the global setting has been properly applied by inspecting the Defender embed flow. + +.. Go to *Manage > Defenders > Deploy > Defenders*. + +.. In *Deployment method*, select *Single Defender*. + +.. In *Choose the Defender type*, select *Container Defender - App-Embedded*. + +.. Verify that the value for *Monitor file system events* matches the value you set in *Advanced settings*. ++ +image::config_app_embedded_fs_protection_deploy.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci.adoc new file mode 100644 index 0000000000..796e9993ce --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci.adoc @@ -0,0 +1,120 @@ +:toc: macro + +== Deploy App-Embedded Defender in Azure Container Instance (ACI) + +toc::[] + +Deploy an App-Embedded Defender in ACI to provide runtime protection to App-Embedded applications installed in ACI. +The App-Embedded Defender enforces runtime policy on the application entrypoint and any child processes created by this entrypoint. +To learn when to use App-Embedded Defenders, see xref:../defender-types.adoc[Defender types]. + +To learn more about App-Embedded Defender's capabilities, see: + +* xref:../../../vulnerability-management/app-embedded-scanning.adoc[Vulnerability scanning for App-Embedded] +* xref:../../../compliance/app-embedded-scanning.adoc[Compliance scanning for App-Embedded] +* xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[Runtime defense for App-Embedded] +* Protecting front-end containers at runtime with xref:../../../waas/waas.adoc[WAAS] + +[#sys-reqs] +=== System Requirements + +* ACI supports Linux containers +* App-Embedded Defender image is supported on Linux (x86) architecture +* Any Docker image with Prisma Cloud App-Embedded Defender binary. +* Azure Container Registry (ACR) (recommended) + +[#app-embedded-prisma] +=== Configure App-Embedded Defender in Prisma Console UI + +include::fragments/configure-app-embedded-defender-in-prisma.adoc[leveloffset=0] + +*Prerequisites* + +* You can connect to Azure Container Registry(ACR) or any other registry used to pull your images. +* The container where you are embedding App-Embedded Defender can reach Console's port 8084 over the network. +* You have the Dockerfile for your image if you choose the *Deployment type* as Dockerfile. + +[#defender-dockerfile] +[.task] +==== Embed App-Embedded Defender with Dockerfile + +Upload your Dockerfile and Prisma Cloud creates a new Dockerfile with App-Embedded Defender parameters and the Defender binary file. + +[.procedure] +include::fragments/embed-app-embedded-defender-with-dockerfile.adoc[leveloffet=0] +. Rebuild the image and embed the Defender in ACI. + +//==== Embed App-Embedded Defender Manually +include::fragments/embed-app-embedded-defender-manually.adoc[leveloffset=0] + +[#defender-in-aci] +[.task] +=== Embed App-Embedded Defender in Azure ACI + +Prisma Cloud uses the updated Dockerfile to deploy the Defender in your containers running in ACI. +Use the updated Dockerfile to build the image for App-Embedded Defender, push it to Azure Container Registry, and then run the container instance. + +*Prerequisite*: + +* Log in to Azure +* Create an Azure resource group +* Create an Azure ACI context +* You have an image of the Defender binary from the download App-Embedded zipped bundle from Prisma Cloud Console. +* You have the modified Dockerfile with App-Embedded Defender deployment configurations. + +[.procedure] + +. Log in to your Azure instances + + az login + +. Copy the App-Embedded zipped bundle and unzip it to get the Dockerfile and App-Embedded Defender binary. + +. Build the Dockerfile: + + docker build -t : ++ +If your Dockerfile is in the current directory, use *.* for + +. Start an Azure container instance from this image: + +.. Go to *Azure Portal > Azure Container Registry > Repositories*. Right-click on the App-Embedded image and select *Run Instance*. + +.. Create a container instance and edit the following: + +... Enter the *Container name* to be the same as the container image name in Azure. +... Select the *OS type* as Linux (as Prisma Cloud only supports Linux x86 App-Embedded Defenders). +... Select *Public IP address* if you need routable IPs to establish communication between Prisma Console and Defender installed in Azure. +... Enter the *Port* defined for the APP in Dockerfile. + +.. Select *Create*. + +. In Azure Container instances, verify that your application shows a *running* status. ++ +This App-Embedded Defender running in ACI is now recognized in Prisma Console under *Manage > Defenders > Defenders: Deployed*. + +//=== Embed App-Embedded Defender with twistcli + +:app-embedded-defender-aci: +include::fragments/embed-app-embedded-defender-twistcli.adoc[leveloffset=0] + +#### Delete a Container Instance + + $ az container delete -g --name -y + +[#view-defenders] +=== View Deployed Defenders + +include::fragments/view-deployed-defenders.adoc[leveloffset=0] + +[#trigger-events] +=== Trigger Events for App-Embedded + +Refer to xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[Runtime defense for App-Embedded]. + +[#monitor-events] +=== Monitor App-Embedded Events + +You can view the xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[App-Embedded runtime events] by app ID under *Monitor > Events > App-Embedded audits*, and view the xref:../../../runtime-defense/incident-explorer.adoc[App-Embedded incidents] under *Monitor > Runtime > Incident Explorer*. + +You can also xref:../../../waas/deploy-waas/deployment-app-embedded.adoc[deploy WAAS for Containers Protected By App-Embedded Defender], create a WAAS rule policy, add an app, enable protections, run WAAS sanity tests, and monitor the events under *Monitor > Events > WAAS for App-Embedded*. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr.adoc new file mode 100644 index 0000000000..6f2bc215fe --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr.adoc @@ -0,0 +1,141 @@ +:toc: macro + +== Deploy App-Embedded Defender in Google Cloud Run (GCR) + +toc::[] + +Deploy an App-Embedded Defender in GCR to provide runtime protection to App-Embedded applications installed in GCR. + +The App-Embedded Defender enforces runtime policy on the application entrypoint and any child processes created by this entrypoint. +To learn when to use App-Embedded Defenders, see xref:../defender-types.adoc[Defender types]. + +To learn more about App-Embedded Defender's capabilities, see: + +* xref:../../../vulnerability-management/app-embedded-scanning.adoc[Vulnerability scanning for App-Embedded] +* xref:../../../compliance/app-embedded-scanning.adoc[Compliance scanning for App-Embedded] +* xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[Runtime defense for App-Embedded] +* Protecting front-end containers at runtime with xref:../../../waas/waas.adoc[WAAS] + +[#sys-reqs] +=== System Requirements + +* GCR supports Linux (X86) containers +* Any Docker image with Prisma Cloud App-Embedded Defender binary +* Google Cloud Registry (recommended) + +[#prerequisites] +=== Prerequisites + +* You can connect to GCR and DockerHub + +*Configure GCP to authenticate Prisma Cloud* + +* Sign in to your Google Cloud account. +* Log in to Google Cloud Registry. +* In the Google Cloud Console, on the project selector page, select or create a Google Cloud project. +** Set "private" visibility for your GCP container registry host under *GCP project > Home > Container Registry > Settings*. +* Configure GCloud authentication using any of the following options: + +** Authenticate using GCP user credentials: + + $ gcloud auth login ### Type the User GCP credentials + $ cat ~/.docker/config.json ### Check that GCP has gcloud users configured + +** Authenticate using GCP Service Account: + + $ gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE + ### KEY-FILE is the Service Account key file under *GCP > Service Accounts > Actions > Manage keys* + +*Configure Docker for GCP in your localhost* + + $ gcloud auth configure-docker + $ cat ~/.docker/config.json. ### check that GCP has gcloud users configured + +[#app-embedded-prisma] +=== Configure App-Embedded Defender in Prisma Console UI + +include::fragments/configure-app-embedded-defender-in-prisma.adoc[leveloffset=0] + +[#defender-dockerfile] +[.task] +==== Embed App-Embedded Defender with Dockerfile + +Upload your Dockerfile and Prisma Cloud creates a new Dockerfile with App-Embedded Defender parameters and the Defender binary file. + +[.procedure] +include::fragments/embed-app-embedded-defender-with-dockerfile.adoc[leveloffet=0] +. Rebuild the image and embed the Defender in GCR. + +//==== Embed App-Embedded Defender Manually +include::fragments/embed-app-embedded-defender-manually.adoc[leveloffset=0] + +[#defender-in-gcr] +[.task] +=== Embed App-Embedded Defender in GCR + +Prisma Cloud uses the updated Dockerfile to deploy the Defender in your containers running in GCR. +Use the updated Dockerfile to build the image for App-Embedded Defender, push it to Google Container Registry, and then run the Google Container instance. + +*Prerequisite*: + +* Create a new https://cloud.google.com/artifact-registry/docs/repositories/create-repos[GCR repository], if not already exists. + +[.procedure] + +. Log in to Docker + + docker login + +. Copy the App-Embedded zipped bundle and unzip it to get the Dockerfile and App-Embedded Defender binary. + +. Build the Dockerfile: + + docker build -t : ++ +If your Dockerfile is in the current directory, use *.* for + +. *Push the docker image to GCR*: + + docker push HOSTNAME/PROJECT-ID/IMAGE:TAG + +.. Verify the docker image exists in your *GCP project > Container Registry > Images* under your relevant repository. + +. *Deploy Docker image in Google Cloud Run using Google Console*: + +.. Select your *Container Registry > Images*, and select *Actions > Deploy to Cloud Run*. +.. Enter a *Service name* or select the default value. +.. Set the *CPU allocation and pricing* to *CPU is always allocated*. +.. Select the *Ingress* traffic to allow *All* requests, including requests directly from the internet to the *run*. + +. In the *Container, Networking, Security* section, enter the *Container port* as 8080. + +. Select *CREATE*. + +. Go to *Cloud Run* and verify the Docker Container service running in GCP. ++ +This App-Embedded Defender running in GCR is now recognized in Prisma Console under *Manage > Defenders > Defenders: Deployed*. + +//=== Embed App-Embedded Defender with twistcli +:app-embedded-defender-gcr: +include::fragments/embed-app-embedded-defender-twistcli.adoc[] + +#### Delete a Container Instance + + $ az container delete -g --name -y + +[#trigger-events] +=== Trigger Events for App-Embedded + +Refer to xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[Runtime defense for App-Embedded]. + +To trigger the App Server logs, get the GCP URL from GCP Docker Container service. + + $ curl -k -X POST -H "Authorization: Bearer $(gcloud auth print-identity-token)" /runsee -d $(echo 'ldd --help'|base64) + +[#monitor-events] +=== Monitor App-Embedded Events + +You can view the xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[App-Embedded runtime events] by app ID under *Monitor > Events > App-Embedded audits*, and view the xref:../../../runtime-defense/incident-explorer.adoc[App-Embedded incidents] under *Monitor > Runtime > Incident Explorer*. + +You can also xref:../../../waas/deploy-waas/deployment-app-embedded.adoc[deploy WAAS for Containers Protected By App-Embedded Defender], create a WAAS rule policy, add an app, enable protections, run WAAS sanity tests, and monitor the events under *Monitor > Events > WAAS for App-Embedded*. + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/configure-app-embedded-defender-in-prisma.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/configure-app-embedded-defender-in-prisma.adoc new file mode 100644 index 0000000000..d4d60a8451 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/configure-app-embedded-defender-in-prisma.adoc @@ -0,0 +1,6 @@ +Prisma Console provides you with an App-Embedded Defender bundle that contains the Dockerfile with App-Embedded configurations and the Defender installation binary file. + +You can select one of the *Deployment types*: Dockerfile or Manual. + +* *Dockerfile*: Creates a new Dockerfile based on your Dockerfile and embeds the App-Embedded parameters. +* *Manual*: Select the manual method to customize the required Dockerfile parameters in the Console UI and directly download the App-Embedded Defender binary file. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-manually.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-manually.adoc new file mode 100644 index 0000000000..4ff4e068ce --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-manually.adoc @@ -0,0 +1,42 @@ +[#defender-manually] +[.task] +==== Embed App-Embedded Defender Manually + +Embed App-Embedded Defender into a container image manually. Modify your Dockerfile with the given configurations, download the App-Embedded Defender binaries into the image's build context, then rebuild the image. + +*Prerequisites* + +* At runtime, the container where you're embedding App-Embedded Defender can reach Console over the network. For Enterprise Edition, Defender talks to Console on port 443. For Compute Edition, Defender talks to Console on port 8084. +* The host where you are rebuilding your container image with App-Embedded Defender can reach Console over the network on port 8083. +* You have the Dockerfile for your image. + +[.procedure] +. Log in to Prisma Cloud Console. +. Go to *Manage > Defenders > Defenders: Deployed > Manual deploy*. +. In Deployment method, select *Single Defender*. +. Select the Defender type as *Container Defender - App-Embedded*. +. Select the DNS name (configured in *Manage > Defenders > Names (SAN)* or public IP address that Defender will use to connect to Prisma Console. +. *Enable file system runtime protection* to allow the sensors to monitor file system events regardless of how your runtime policy is configured, and could impact the underlying workload's performance. +. Select *Deployment type* as *Manual* ++ +Follow the instructions for embedding App-Embedded Defender into your image. + +.. Download the App-Embedded bundle using the command or download the file directly. +.. Configure your Dockerfile and set the following environment variables: + + DEFENDER_TYPE="appEmbedded" + ENV DEFENDER_APP_ID="Unique identifier for the App-Embedded Defender in Prisma Cloud Console" + FILESYSTEM_MONITORING="true/false" + WS_ADDRESS="Websocket address the Defender is communicating to" + DATA_FOLDER="The path that Defender uses to store its metadata" + INSTALL_BUNDLE="The access key for the Prisma Console, copy this from the Console" + FIPS_ENABLED="true/false" + ENTRYPOINT="Modify the entrypoint for the app to start the app under the control of App-Embedded Defender" + +.. Add the App-Embedded Defender to Dockerfile. + + ADD twistlock_defender_app_embedded.tar.gz + +.. Modify the entrypoint so that your app starts under the control of App-Embedded Defender. + +.. Rebuild your image and embed the Defender in Cloud instance. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-twistcli.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-twistcli.adoc new file mode 100644 index 0000000000..50652fc09b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-twistcli.adoc @@ -0,0 +1,151 @@ +[#defender-twistcli] +[.task] +=== Embed App-Embedded Defender with twistcli + +Use the `twistcli` command line tool to embed an App-Embedded Defender in your Cloud Container Registries. + +*Prerequisites*: + +* Running tasks can connect to Prisma Cloud Console over the network. +* Prisma Cloud Defender connects to Console to retrieve runtime policies and send audits. +ifdef::prisma_cloud[] +* Defender uses port 443 to connect to the Prisma Cloud Console. +endif::prisma_cloud[] +ifdef::compute_edition[] +* Defender uses port 8084 to connect to the Prisma Cloud Console by default. +You can configure the port number when you install the Prisma Cloud Console. +endif::compute_edition[] +* The container where you're embedding App-Embedded Defender can reach Console's port 8084 over the network. +* You have Dockerfile for you image. +* Cloud CLI, such as Azure CLI, or Google Cloud CLI. + +[.procedure] +. Log in to Prisma Cloud Console. +. Download `twistcli` +ifdef::prisma_cloud[] +.. Go to *Compute > Manage > System > Utilities*, and download `twistcli` for your platform. +endif::prisma_cloud[] +ifdef::compute_edition[] +.. Go to *Manage > System > Utilities*, and download `twistcli` for your platform. +endif::compute_edition[] + +. Run `twistcli` to embed Defender in your Cloud Registry (such as Azure, or Google Run). ++ +A file named _app_embedded_embed_.zip_ is created, that has the Dockerfile for App-Embedded Defender and App-Embedded Defender binary file. +ifdef::compute_edition[] + + $ ./twistcli app-embedded embed \ + --user \ + --password \ + --address "" \ + --app-id \ + --data-folder /tmp \ + +endif::compute_edition[] +ifdef::prisma_cloud[] ++ +Get the API *Token details* from *Manage > System > Utilities > API token, Token details*. + + $ ./twistcli app-embedded embed \ + --user \ + --password \ + --token=$token \ + --address "" \ + --app-id \ + --data-folder /tmp \ + +endif::prisma_cloud[] ++ +* -- Name of a Prisma Cloud user with a minimum xref:../../../authentication/user-roles.adoc[role] of Defender Manager. ++ +* -- For Prisma Cloud Enterprise Edition, you can also specify the secret key that you configured under *Prisma > Settings > Access Control > Access Keys*. ++ +* -- API Token for authenticating with Prisma Cloud Console. (For Enterprise Edition only) ++ +* -- DNS name or IP address for Console. ++ +* -- Unique identifier. ++ +When setting ``, specify a value that lets you easily trace findings back to the image. All vulnerability, compliance, and runtime findings for the container will be aggregated under this App ID. ++ +In Console, the App ID is presented as the image name. ++ +* -- Readable and writable directory in the container's filesystem. ++ +* To enable file system protection, add the `--filesystem-monitoring` flag to the `twistcli` command. + +. Unpack _app_embedded_embed_help.zip_. +ifdef::app-embedded-defender-aci[] +. Create and push the docker image to ACR + + $ az login + $ docker login -u -p + $ docker build -t /REPO:TAG + $ docker images + $ docker push /REPO:TAG + +.. Check the image exists in Azure repo + + $ az acr repository show-tags \ + --name \ + --repository \ + --top 10 \ + --orderby time_desc \ + --detail + +.. Create a container instance (ACI) + + $ az container create -g \ + --name \ + --image \ + --registry-username \ + --registry-password \ + --location \ + --ip-address Public \ + --os-type Linux \ + --ports 8080 \ + --cpu 1 \ + --memory 1.5 +endif::app-embedded-defender-aci[] +ifdef::app-embedded-defender-gcr[] +. Create and push the docker image to GCR + +.. Authenticate using GCP credentials: + + $ gcloud auth login + +.. Or, Authenticate using GCP Service Account key (KEY-FILE): (Get the KEY-FILE from *GCP > Service Accounts > Actions > Manage keys*) + + $ gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE + +.. Configure Docker for GCP in your localhost + + $ glcoud auth configure-docker + +.. Build the Dockerfile + + $ docker build -t : + $ docker images ### Verify the image built + +.. Push the image to GCR + + $ docker push HOSTNAME/PROJECT-ID/IMAGE:TAG + +.. Check the image exists in GCR repo under *GCP project > Container Registry > Images* + +.. Deploy Docker image in Google Cloud Run using `gcloud` + + $ gcloud run deploy [SERVICE] \ + --image \ + --service-account \ + --no-cpu-throttling \ + --platform managed \ + --ingress \ + --port \ + --region \ + --project ++ +If there is no port exposed in Dockerfile, GCP Cloud Run will use 8080 port as the default. + +endif::app-embedded-defender-gcr[] + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-with-dockerfile.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-with-dockerfile.adoc new file mode 100644 index 0000000000..64ae6afd80 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/embed-app-embedded-defender-with-dockerfile.adoc @@ -0,0 +1,23 @@ +. Log in to Prisma Cloud Console. + +. Go to *Manage > Defenders > Defenders: Deployed > Manual deploy*. ++ +image::deploy-app-embedded-defender-aci.gif[scale=20] + +. In Deployment method, select *Single Defender*. + +. Select the Defender type as *Container Defender - App-Embedded*. + +. Select the DNS name configured in *Manage > Defenders > Names (SAN)* or public IP address that Defender will use to connect to Prisma Console. + +. *Enable file system runtime protection* to allow the sensors to monitor file system events regardless of how your runtime policy is configured, and could impact the underlying workload's performance. + +. Select Deployment type as *Dockerfile*. +.. In *App ID*, enter a unique identifier for the App-Embedded Defender. +All vulnerability, compliance, and runtime findings for the container will be aggregated under this App ID. In Console, the App ID is presented as the image name. Be sure to specify an App ID that lets you easily trace findings back to the image. +.. In *Data folder*, enter the path that the Defender will use to write files and store information. +.. *Dockerfile*: Upload the Dockerfile for your container image. +Set up the task's entrypoint in the Dockerfile. The embed process modifies the container's entrypoint to run the App-Embedded Defender first, which in turn starts the original entrypoint process. The Defender starts defending the app from the entrypoint and the thread/child process created by this entrypoint. + +. *Download* the App-embedded bundle that contains the Dockerfile with Defender deployment configurations appended to your Dockerfile and the App-Embedded Defender binary file. + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/view-deployed-defenders.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/view-deployed-defenders.adoc new file mode 100644 index 0000000000..16a27ba237 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/fragments/view-deployed-defenders.adoc @@ -0,0 +1,32 @@ +ifdef::prisma_cloud[] +You can review the list of all Defenders connected to Console under *Compute > Manage > Defenders > Defenders: Deployed*. +endif::prisma_cloud[] + +ifdef::compute_edition[] +You can review the list of all Defenders connected to Console under *Manage > Defenders > Defenders: Deployed*. +endif::compute_edition[] + +To narrow the list to just App-Embedded Defenders, filter the table by type `Type: Container Defender - App-Embedded`. + +image::connected_app_embedded_defenders.png[scale=40] + +By default, Prisma Cloud removes disconnected App-Embedded Defenders from the list after an hour. +As part of the cleanup process, data collected by the disconnected Defender is also removed from *Monitor > Runtime > App-Embedded observations*. + +ifdef::prisma_cloud[] +[NOTE] +==== +There is an advanced settings dialog under *Compute > Manage > Defenders > Defenders: Deployed*, which lets you configure how long Prisma Cloud should wait before cleaning up disconnected Defenders. +This setting doesn't apply to App-Embedded Defenders. +Disconnected App-Embedded Defenders are always removed after one hour. +==== +endif::prisma_cloud[] + +ifdef::compute_edition[] +[NOTE] +==== +There is an advanced settings dialog under *Manage > Defenders > Defenders: Deployed*, which lets you configure how long Prisma Cloud should wait before cleaning up disconnected Defenders. +This setting doesn't apply to App-Embedded Defenders. +Disconnected App-Embedded Defenders are always removed after one hour. +==== +endif::compute_edition[] \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc new file mode 100644 index 0000000000..0e20b1eb25 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc @@ -0,0 +1,658 @@ +== Deploy App-Embedded Defender for Fargate + +App-Embedded Defenders for Fargate monitor and protect your Fargate tasks to ensure they execute as designed. + +To learn when to use App-Embedded Defenders, see xref:../defender-types.adoc[Defender types]. + +To learn more about App-Embedded Defender's capabilities, see: + +* xref:../../../vulnerability-management/app-embedded-scanning.adoc[Vulnerability scanning for App-Embedded] +* xref:../../../compliance/app-embedded-scanning.adoc[Compliance scanning for App-Embedded] +* xref:../../../runtime-defense/runtime-defense-app-embedded.adoc[Runtime defense for App-Embedded] +* Protecting front-end containers at runtime with xref:../../../waas/waas.adoc[WAAS] + +For front-end Fargate tasks, deploy the xref:../../../waas/waas.adoc[WAAS] application firewall for additional runtime protection. + + +=== Architecture + +When you embed the App-Embedded Defender into your Fargate task, Prisma Cloud modifies the task definition. +The updated task definition includes a Prisma Cloud sidecar container. +The sidecar container handles all communication with Console, including retrieving policies and sending audits. +It also hosts the App-Embedded Defender binaries, which are shared with the task's other containers through a shared volume. +The embed process modifies each containerDefinition to: + +* Mount the Prisma Cloud sidecar container's shared volume to gain access to the App-Embedded Defender binaries. +* Start the original entrypoint command under the control of App-Embedded Defender. + +App-Embedded Defenders do not communicate directly with Console. +All communication is proxied through the Prisma Cloud sidecar container. + +[#app-id-fargate] +=== App ID + +Each App-Embedded Defender deployed in an ECS Fargate task has an App ID that's automatically generated during the embed flow. +For ECS Fargate tasks, the App ID is constructed from the task name and an internally generated UUID. +The format is: + + : + +This App ID is used throughout the Console UI. +In particular, it's listed in the *Apps* column of the vulnerability and compliance scan reports under *Monitor > Vulnerabilities > Images > Deployed* and *Monitor > Compliance > Images > Deployed*. + + +[#waas-for-fargate] +=== WAAS for Fargate + +All the capabilities of standard WAAS are available for Fargate tasks. +The only difference is that Fargate Defenders run as a reverse proxies to all other containers in the task. +As such, when you set up WAAS for Fargate, you must specify the exposed external port where Fargate Defender can listen, and the port (not exposed to the Internet) where your web application listens. +WAAS for Fargate forwards the filtered traffic to your application port - _unless an attack is detected and you chose_ *Prevent* _in your WAAS for Fargate rule_. + +For more information on the type of attacks that Prisma Cloud detects and prevents, see xref:../../../waas/waas.adoc[Prisma Cloud WAAS]. + + +=== Securing Fargate tasks + +To secure a Fargate task, embed the Prisma Cloud Fargate Defender into it. +The steps are: + +. Define your policy in Prisma Cloud Console. ++ +App-Embedded Defenders dynamically retrieve rules from Console as they are updated. +You can embed the App-Embedded Defender into a task with a simple initial policy, and then refine it later, as needed. + +. Embed the Fargate Defender into your task definition. + +. Start the service. + +When securing Fargate tasks with runtime rules and WAAS, target rules to tasks using the *Scope* fields. +For runtime, create new collections or use already defined collections scoped by image and container name, as shown in the image below. +Policy is applied per-container in the task. + +image::install_app_embedded_defender_fargate_runtime_rule_scope.png[width=500] + +For WAAS, scope rules by App ID. +Policy is applied per-task. +The WAAS firewall listens on a specific port, and since all containers run in the same network namespace, it applies to the entire task. + +image::install_app_embedded_defender_fargate_waas_scope.png[width=500] + + +=== Task entrypoint + +When Prisma Cloud generates a protected task definition, it needs to know the container image's `entryPoint` and/or `command` instructions. +We override these values to first run the App-Embedded Defender, and then run the original `entryPoint`/`command` under Defender's watch. + +Setting the entrypoint in a task definition is optional. +It's only required when you want to override the image's entrypoint as specified in its Dockerfile. +As such, many task definitions don't explicitly specify it. +However, Prisma Cloud needs to know what it is, so it can run the original app under Defender's control. +To aid in embedding Defender into Fargate tasks without any manual intervention (i.e. updating task definitions to explicitly specify entrypoints), Prisma Cloud can automatically find the image's entrypoint and set it up in the protected task definition. + +Prisma Cloud can find the image's entrypoint from: + +* Registry scans. +When Prisma Cloud scans an image from a registry, it saves the `entryPoint` and `command` parameters to the database. +When embedding Defender into a task, Prisma Cloud searches the database to see if it's seen the task's image before. +If so, it extracts the original entrypoint, and sets it up in the new protected task definition. + +* Querying the registry directly. +If the image hasn't been scanned by the registry scanner, then you can point Prisma Cloud to the registry where the image lives, and Prisma Cloud can find and extract the entrypoint. +Prisma Cloud supports the following registries: + +** AWS Elastic Container Registry (ECR). +** Docker Registry v2. +** JFrog Artifactory. + +Automatically extracting the entrypoint using one of the methods described above is optional. +It can be enabled or disabled when embedding Defender in a task definition. + +The twistcli tool also supports entrypoint extraction when generating protected task definitions. +For more information, see the help menu: + + twistcli app-embedded generate-fargate-task --help + +=== Embedding App-Embedded Defender into Fargate tasks + +Prisma Cloud cleanly separates the code developers produce from the Fargate containers we protect. +Developers don't need to change their code to accommodate Prisma Cloud. +They don't need to load any special libraries, add any files, or change any manifests. +When a container is ready to be deployed to test or production, run your task definition through our transform tool to automatically embed the Fargate Defender, then load the new task definition into AWS. + +The method for embedding the Fargate Defender was designed to seamlessly integrate into the CI/CD pipeline. +You can call the Prisma Cloud API to embed the Fargate Defender into your task definition. + +NOTE: Prisma Cloud doesn't support https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html[Intrinsic functions] in AWS CloudFormation template. + +*Prerequisites:* + +* The task where you're embedding the App-Embedded Defender can reach Console over the network. +ifdef::prisma_cloud[] +Defender uses port 443 to connect to the Prisma Cloud Console. +endif::prisma_cloud[] +ifdef::compute_edition[] +Defender uses port 8084 to connect to the Prisma Cloud Console by default. +You can configure the port number when you install the Prisma Cloud Console. +endif::compute_edition[] + +* You have a task definition. +* You have already created an ECS cluster. +* Cluster VPC and subnets. +* Task role. +* Your image has a shell. + +[NOTE] +==== +You can optionally run the Fargate Defender sidecar as a non-essential container. +This configuration isn't recommended because Defender's goal is to ensure that tasks are always protected. + +If you've configured Defender as a non-essential container and you're having issues with your setup, first validate that Defender is running as expected before contacting Palo Alto Networks customer support. +By setting Defender as non-essential, there is no guarantee that Defender is running, and validating that it's running is the first step in debugging such issues. +==== + + +=== Supported task definition formats + +Prisma Cloud supports the following task definition formats: + +* Standard JSON format, as described https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html[here]. +* CloudFormation templates for `AWS::ECS::TaskDefinition` in JSON and YAML formats, as described https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html[here]. You can use either just the task definition part of the CloudFormation template, or a full CloudFormation template. + + +*Example of a standard JSON format task definition:* + +---- +{ + "containerDefinitions": [ + { + "name": "web", + "image": "nginx", + "entryPoint": [ + "/http_server" + ] + } + ], + "cpu": "256", + "executionRoleArn": "arn:aws:iam::112233445566:role/ecsTaskExecutionRole", + "family": "webserver", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ] +} +---- +*Example of the equivalent task definition as a JSON CloudFormation template:* + +---- +{ + "Type" : "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Name": "web", + "Image": "nginx", + "EntryPoint": [ + "/http_server" + ] + } + ], + "Cpu" : 256, + "ExecutionRoleArn": "arn:aws:iam::112233445566:role/ecsTaskExecutionRole", + "Family": "webserver", + "Memory" : 512, + "NetworkMode" : "awsvpc", + "RequiresCompatibilities" : [ + "FARGATE" + ] + } +} +---- + +*Example of a full JSON CloudFormation template that includes a Fargate task definition:* + +---- +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "fargateTaskDefinition": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ExecutionRoleArn": "arn:aws:iam::1234567891234:role/ecsTaskExecutionRole", + "ContainerDefinitions": [ + { + "Name": "test-server", + "Image": "1234567891234.dkr.ecr.us-east-1.amazonaws.com/user:ubuntu-test-server", + "MemoryReservation": "", + "Essential": true, + "PortMappings": [], + "Cpu": 256, + "Memory": 512, + "EntryPoint": [ + "/http_server" + ], + "EnvironmentFiles": [], + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": "/ecs/user-tracer-test", + "awslogs-region": "us-east-1", + "awslogs-stream-prefix": "ecs" + } + } + } + ], + "Memory": "512", + "TaskRoleArn": "arn:aws:iam::1234567891234:role/ecsTaskExecutionRole", + "Family": "TASK-NAME", + "RequiresCompatibilities": [ + "FARGATE" + ], + "NetworkMode": "awsvpc", + "Cpu": "256", + "InferenceAccelerators": [], + "Volumes": [], + "Tags": [] + } + }, + "HelloLambdaRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "RoleName": "HelloLambdaRole1", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + } + } + } +} +---- +*Example of a full YAML CloudFormation template that includes a Fargate task definition:* + +---- +AWSTemplateFormatVersion: "2010-09-09" +Resources: + fargateTaskDefinition: + Type: 'AWS::ECS::TaskDefinition' + Properties: + ExecutionRoleArn: 'arn:aws:iam::1234567891234:role/ecsTaskExecutionRole' + ContainerDefinitions: + - Name: test-server + Image: >- + 1234567891234.dkr.ecr.us-east-1.amazonaws.com/user:ubuntu-test-server + MemoryReservation: '' + Essential: true + PortMappings: [] + Cpu: 256 + Memory: 512 + EntryPoint: + - /http_server + EnvironmentFiles: [] + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-group: /ecs/user-tracer-test + awslogs-region: us-east-1 + awslogs-stream-prefix: ecs + Memory: '512' + TaskRoleArn: 'arn:aws:iam::1234567891234:role/ecsTaskExecutionRole' + Family: TASK-NAME + RequiresCompatibilities: + - FARGATE + NetworkMode: awsvpc + Cpu: '256' + InferenceAccelerators: [] + Volumes: [] + Tags: [] + HelloLambdaRole: + Type: 'AWS::IAM::Role' + Properties: + RoleName: HelloLambdaRole2 + AssumeRolePolicyDocument: + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: 'sts:AssumeRole' +---- + + +[.task] +=== Embed App-Embedded Defender from the Console UI + +You can create a protected task definition in the Console UI. + +*Prerequisites:* + +* You've already created an ECS cluster, cluster VPC, and subnets. +* You've already created a task role. +* You have a task definition. +* At runtime, your tasks can connect to Prisma Cloud Console over the network. +Prisma Cloud Defender connects to Console to retrieve runtime policies and send audits. +ifdef::prisma_cloud[] +Defender uses port 443 to connect to the Prisma Cloud Console. +endif::prisma_cloud[] +ifdef::compute_edition[] +Defender uses port 8084 to connect to the Prisma Cloud Console by default. +You can configure the port number when you install the Prisma Cloud Console. +endif::compute_edition[] + +[.procedure] +. Log into Prisma Cloud Console. + +ifdef::prisma_cloud[] +. Go to *Compute > Manage > Defenders > Defenders: Deployed > Manual deploy*. +endif::prisma_cloud[] + +ifdef::compute_edition[] +. Go to *Manage > Defenders > Defenders: Deployed > Manual deploy*. +endif::compute_edition[] + +. In *Deployment method*, select *Single Defender*. + +. Select the DNS name or IP address that App-Embedded Defender uses to connect to Console. ++ +NOTE: A list of IP addresses and hostnames is pre-populated in the drop-down list. +If none of the items are valid, select the *Names* tab and add a new subject alternative name (SAN) using *Add SAN* button. +After adding a SAN, your IP address or hostname will be available in the drop-down list in the *Deploy* tab. ++ +NOTE: Selecting an IP address in an evaluation setup is acceptable, but using a DNS name is more resilient. +If you select Console's IP address, and Console's IP address changes, your Defenders will no longer be able to communicate with Console. + +. In *Defender type*, select *Container Defender - App-Embedded*. + +. In *Enable file system runtime protection*, set the toggle to *On* if your runtime policy requires it. ++ +If App-Embedded Defender is deployed with this setting turned on, the sensor will monitor file system events, regardless of how your runtime policy is configured, and could impact the underlying workload's performance. ++ +If you later decide you want to disable the sensor completely, you must re-embed App-Embedded Defender with this setting turned off. ++ +Conversely, if you deploy App-Embedded Defender with this setting disabled, and later decide you want file system protection, you'll need to re-embed App-Embedded with this setting enabled. ++ +You can specify the xref:./config-app-embedded-fs-protection.adoc[default setting] for this toggle so it's set the same way for all App-Embedded Defender deployments. + +. In *Deployment type*, select *Fargate task*. + +. Set up the task's entrypoint. ++ +If your task definition doesn't explicitly specify an entrypoint, Prisma Cloud can automatically determine how to set it to start the image's app under App-Embedded Defender's control. ++ +IMPORTANT: If you don't enable any of the following options and your task definition doesn't specify an entrypoint, you must update your task definition to include matching `entryPoint` and `command` parameters from the Dockerfile(s) of the image(s) in your task. +Because Prisma Cloud won't see the actual images as part of the embedding flow, it depends on having these parameters present to insert the App-Embedded Defender into the task startup flow. + +.. Enable *Automatically extract entrypoint*. ++ +Prisma Cloud finds the image and its entrypoint in the registry scan results. ++ +IMPORTANT: If you have enabled *Automatically extract entrypoint*, you must remove the `command` and `entryPoint` fields in your task definition or CloudFormation template for each of the containers that you prefer, for the auto entrypoint extraction to take effect. + +.. (Optional) Tell Prisma Cloud where it can find the image. ++ +If Prisma Cloud hasn't scanned the image, you can point it to the registry where the image resides. +Prisma Cloud will find the image and extract its entrypoint. ++ +Specify the registry type and pick the credential Prisma Cloud can use to access the registry. + +. Embed the Fargate Defender into your task definition. + +.. Set *Template type* according to the format used to specify your task definition. ++ +* *Native Fargate* -- Standard JSON format, as described https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html[here]. +* *CloudFormation* -- CloudFormation template for `AWS::ECS::TaskDefinition`, as described https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html[here]. + +.. Copy and paste your task definition into the left-hand box. + +.. Click *Generate protected task*. + +.. Copy the updated task definition from the right-hand box, and use it to create a new task definition in AWS. ++ +The newly generated task definition always uses the version of Defender that matches the Console from which you are generating the task definition. The task definition includes a complete configuration, such as volumes, startup dependencies, entrypoint, healthchecks for its successful execution. Therefore, manually changing the Defender version label in the task is not supported. + + +[.task] +=== Embed App-Embedded Defender with twistcli + +The twistcli command line tool lets you embed App-Embedded Defender into Fargate task definitions. + +*Prerequisites:* + +* You've already created an ECS cluster, cluster VPC, and subnets. +* You've already created a task role. +* You have a task definition. +* Running tasks can connect to Prisma Cloud Console over the network. +Prisma Cloud Defender connects to Console to retrieve runtime policies and send audits. + +ifdef::prisma_cloud[] +Defender uses port 443 to connect to the Prisma Cloud Console. +endif::prisma_cloud[] +ifdef::compute_edition[] +Defender uses port 8084 to connect to the Prisma Cloud Console by default. +You can configure the port number when you install the Prisma Cloud Console. +endif::compute_edition[] + +[.procedure] +. Log into Prisma Cloud Console. + +ifdef::prisma_cloud[] +. Go to *Compute > Manage > System > Utilities*, and download twistcli for your machine's operating system. +endif::prisma_cloud[] + +ifdef::compute_edition[] +. Go to *Manage > System > Utilities*, and download twistcli for your machine's operating system. +endif::compute_edition[] + +. Run twistcli to embed Defender into the task definition. ++ +---- +$ twistcli app-embedded generate-fargate-task \ + --user \ + --address "" \ + --console-host "" \ + --output-file "protected_taskdef.json" \ + taskdef.json +---- ++ +If your task definition file is specified as a CloudFormation template, then add the `--cloud-formation` option to the twistcli command. You can use JSON or YAML formats in CloudFormation template. ++ +* `` -- Prisma Cloud user with the role of Defender Manager or higher. +* `` -- https://www.rfc-editor.org/rfc/rfc1808.html#section-2.1[RFC 1808 scheme and netloc] for Console. +twistcli uses this value to connect to Console to submit the task definition for embedding Defender. +Example: +https://127.0.0.1:8083+ +* `` -- https://www.rfc-editor.org/rfc/rfc1738#section-3.1[RFC 1738 host] where Console runs. +This value will be the fully qualified domain name of the network host, or IP address, where Console runs. +This value configures how the embedded Defender connects to Console. + + +[.task] +=== Creating a task definition in AWS + +Create a new task definition in AWS with the output from the previous section. +If you already have an existing task definition, create a new revision. + +[.procedure] +. Log into the AWS Management Console. + +. Go to *Services > ECS*. + +. Click *Task Definitions*, then click *Create new Task Definition*. + +.. Select *Fargate*, then click *Next step*. + +.. Scroll to the bottom of the page, and click *Configure via JSON*. + +.. Delete the prepopulated JSON, then paste the JSON generated for task from the previous section. + +.. Click *Save*. + +. Validate task content. + +.. Task name should be as described in the JSON. + +.. Select the *Task Role*. + +.. The task should include the *TwistlockDefender* container. + +.. Click *Create*. + +.. Click *View task definition*. + + +[.task] +=== Testing the task + +[.procedure] +. Log into the AWS Management Console. + +. Go to *Services > ECS*. + +. Click *Clusters*, then select one of your Fargate cluster. + +. Click the *Services* tab, then click *Create*. + +.. For *Launch type*, select *Fargate*. + +.. For *Task Definition*, select your pre-defined task. + +.. Enter a *Service name*. + +.. For *Number of tasks*, enter *1*. + +.. Click *Next step*. + +.. Select a *Cluster VPC* and *Subnets*, then click *Next step*. + +.. For *Service Auto Scaling*, select *Do not adjust the service’s desired count*, then click *Next step*. + +.. Review your settings, then click *Create Service*. + +. Validate the results. + +.. Click *View Service*. + +.. When Last status is Running, your Fargate task is running. + +.. The containers are running. + +ifdef::prisma_cloud[] +. View the defender in the Prisma Cloud Console: Go to *Compute > Manage > Defenders > Defenders: Deployed* and search the fargate task by adding the filters *Fargate* and *Status:Connected*. ++ +image::connected_fargate_defenders.png[width=500] +endif::prisma_cloud[] + +ifdef::compute_edition[] +. View the defender in the Prisma Cloud Console: Go to *Manage > Defenders > Defenders: Deployed* and search the fargate task by adding the filters *Fargate* and *Status:Connected*. ++ +image::connected_fargate_defenders.png[width=500] +endif::compute_edition[] + +=== Connected Defenders + +ifdef::prisma_cloud[] +You can review the list of all Defenders connected to Console under *Compute > Manage > Defenders > Defenders: Deployed*. +endif::prisma_cloud[] + +ifdef::compute_edition[] +You can review the list of all Defenders connected to Console under *Manage > Defenders > Defenders: Deployed*. +endif::compute_edition[] + +To narrow the list to just App-Embedded Defenders, filter the table by type `Type: Container Defender - App-Embedded`. +To see the list of Fargate tasks protected by App-Embedded Defender, filter the table by `Type: Fargate`. + +image::connected_app_embedded_defenders.png[width=800] + +By default, Prisma Cloud removes disconnected App-Embedded Defenders from the list after an hour. +As part of the cleanup process, data collected by the disconnected Defender is also removed from *Monitor > Runtime > App-Embedded observations*. + +ifdef::prisma_cloud[] +[NOTE] +==== +There is an advanced settings dialog under *Compute > Manage > Defenders > Defenders: Deployed*, which lets you configure how long Prisma Cloud should wait before cleaning up disconnected Defenders. +This setting doesn't apply to App-Embedded Defenders. +Disconnected App-Embedded Defenders are always removed after one hour. +==== +endif::prisma_cloud[] + +ifdef::compute_edition[] +[NOTE] +==== +There is an advanced settings dialog under *Manage > Defenders > Manage > Defenders*, which lets you configure how long Prisma Cloud should wait before cleaning up disconnected Defenders. +This setting doesn't apply to App-Embedded Defenders. +Disconnected App-Embedded Defenders are always removed after one hour. +==== +endif::compute_edition[] + +[.task] +=== Jenkins Fargate example + +Passing the Fargate task definition to your Prisma Cloud Console's API returns the Prisma Cloud protected Fargate task definition. +Use this task definition to start Prisma Cloud protected Fargate containers. +This example demonstrates using the Jenkins Pipeline build process to: + +* Call the Prisma Cloud Console's API endpoint for Fargate task creation. +* Pass the Fargate task definition to the API. +* Capture the returned Prisma Cloud protected Fargate task definition. +* Save the Prisma Cloud protected Fargate task definition within the Pipeline's archive \https:///job///artifact/tw_fargate.json + +In this example, a simple task _fargate.json_ and _Jenkinsfile_ have been placed in a GitHub repository. + +image::fargate_jenkins_repo.png[width=600] + +[source] +---- +{ + node { + + stage('Clone repository') { + checkout scm + } + + stage('Fargate Task call') { + withCredentials([usernamePassword(credentialsId: 'twistlockDefenderManager', passwordVariable: 'TL_PASS', usernameVariable: 'TL_USER')]) { + sh 'curl -s -k -u $TL_USER:$TL_PASS https://$TL_CONSOLE/api/v1/defenders/fargate.json?consoleaddr=$TL_CONSOLE -X POST -H "Content-Type:application/json" --data-binary "@fargate.json" | jq . > tw_fargate.json' + sh 'cat tw_fargate.json' + } + } + + stage('Publish Function') { + archiveArtifacts artifacts: 'tw_fargate.json'} + } +} +---- + +[.procedure] +. Create an account in Prisma Cloud with the Defender Manager role. + +. Create a Jenkins username/password credential for this account called *twistlockDefenderManager*. + +. The *$TL_Console* Jenkins global variable was defined when the Prisma Cloud Jenkins plugin was installed. + +. Create a Jenkins Pipeline. + +.. Definition: *Pipeline script from SCM*. + +.. SCM: *Git*. + +.. Repository URL: . + +.. Credentials: . + +.. Script path: *Jenkinsfile*. + +.. Save. + +. Run *Build Now*. ++ +image::fargate_jenkins_stage.png[width=600] + +. The tw_fagate.json file will be within the archive of this build \https:///job///artifact/tw_fargate.json. ++ +image::fargate_jenkins_archive.png[width=600] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/container/container.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/container/container.adoc new file mode 100644 index 0000000000..4e5a9dc650 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/container/container.adoc @@ -0,0 +1,114 @@ +== Install a Single Container Defender + +Install Container Defender on each host that you want Prisma Cloud to protect. + +Single Container Defenders can be configured in the Console UI, and then deployed with a curl-bash script. +Alternatively, you can use xref:./single-defender-cli.adoc[twistcli to configure] and deploy Defender directly on a host. + + +[.task] +=== Install a single Container Defender (Console UI) + +Configure how a single Container Defender will be installed, and then install it with the resulting curl-bash script. + +*Prerequisites*: + +* Your system meets all minimum xref:../../system-requirements.adoc[system requirements]. +* Ensure that the host machine where you installed the Defender can access the Prisma Cloud console the network. +ifdef::compute_edition[] +** You have already xref:../../getting-started.adoc[installed Console]. +** Port 8083 is open on the host where Console runs. +Port 8083 serves the API. +Port 8083 is the default setting, but it is customizable when first installing Console. +When deploying Defender you can configure it to communicate to Console via a proxy. +** Port 8084 is open on the host where Console runs. +Console and Defender communicate with each other over a web socket on port 8084. +Defender initiates the connection. +Port 8084 is the default setting, but it is customizable when first installing Console. +Defender can also be configured to communicate to Console via a proxy. +endif::compute_edition[] +ifdef::prisma_cloud[] +** Port 443 is open for outgoing traffic from your host. +endif::prisma_cloud[] +* You have sudo access to the host where you want to deploy the Defender. + +[.procedure] +ifdef::prisma_cloud[] +. Go to *Compute > Manage > System > Utilities* and copy the *Path to Console*. +.. Run the following command by replacing the variable `PATH-TO-CONSOLE` with the copied value: ++ +[source] +---- +curl -sk -D - /api/v1/_ping +---- + +.. Run the command on your host system. +If curl returns an HTTP response status code of 200, you have connectivity to Console. + +. Go to *Compute > Manage > Defenders > Defenders: Deployed* and select *Manual deploy*. +endif::prisma_cloud[] +ifdef::compute_edition[] +. Go to *Manage > System > Utilities* and copy the *Path to Console*. +.. Run the following command by replacing the variable `PATH-TO-CONSOLE` with the copied value: ++ +[source] +---- +curl -sk -D - :8083/api/v1/_ping +---- + +.. Run the command on your host system. +If curl returns an HTTP response status code of 200, you have connectivity to Console. +If you customized the setup when you installed Console, you might need to specify a different port. + +. Go to *Compute > Manage > Defenders > Defenders: Deployed* and select *Manual deploy*. +endif::compute_edition[] ++ +image::install-defender-deploy-page.png[width=800] + +.. Under *Deployment method*, select *Single Defender*. + +.. In *Defender type*, select *Container Defender - Linux* or *Container Defender - Windows*. +ifdef::compute_edition[] +.. Select the way Defender connects to Console. ++ +A list of IP addresses and hostnames are pre-populated in the drop-down list. +If none of the items are valid, go to *Manage > Defenders > Names*, and add a new Subject Alternative Name (SAN) to Console's certificate. +After adding a SAN, your IP address or hostname will be available in the drop-down list. ++ +NOTE: Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. +If you select Console's IP address, and Console's IP address changes, your Defenders will no longer be able to communicate with Console. +endif::compute_edition[] + +.. (Optional) Set a custom communication port (4) for the Defender to use. + +.. (Optional) Set a proxy (3) for the Defender to use for the communication with the Console. + +.. (Optional) Under *Advanced Settings*, Enable *Assign globally unique names to Hosts* when you have multiple hosts that can have the same hostname (like autoscale groups, and overlapping IP addresses). ++ +NOTE: After setting the option to *ON*, Prisma Cloud appends a unique identifier, such as ResourceId, to the host's DNS name. +For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d. + +.. Copy the install scripts command from the right side panel, which is generated according to the options you selected. On the host where you want to install Defender, paste the command into a shell window, and run it. + +[.task] +=== Verify the Install + +Verify that the Defender is installed and connected to Console. + +NOTE: Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). +All features will work normally and without any additional configuration steps required. +Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. +No action is needed from the user. + +// It would be useful to add a troubleshooting section here. +// First step: Go to the host, and validate that the Defender container is actually running. +// Need to provide steps for each Defender type (Linux Server, Windows Server, Windows Container Host). +// Verify that Defender is running on the host. +// +// $ docker ps --format "{{.Names}}: {{.Status}}" | grep defender +// twistlock_defender: Up 7 minutes + +[.procedure] +. In Console, go to *Manage > Defenders > Defenders: Deployed*. ++ +Your new Defender should be listed in the table, and the status box should be green and checked. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/container/single-defender-cli.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/container/single-defender-cli.adoc new file mode 100644 index 0000000000..5df49654c9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/container/single-defender-cli.adoc @@ -0,0 +1,118 @@ +:topic_type: task + +[.task] +== Deploy a Single Container Defender using the CLI + +Use the `twistcli` CLI tool to install a single Container Defender on a Linux host. + +ifdef::compute_edition[] +NOTE: Anywhere `` is used, be sure to specify both the address and port number for Console's API. +By default, the port is 8083. +For example, `\https://:8083`. +endif::compute_edition[] + +*Prerequisites*: + +* Your system meets all minimum xref:../../system-requirements.adoc[system requirements]. +ifdef::compute_edition[] +** You have already xref:../../getting-started.adoc[installed Console]. +** Port 8083 is open on the host where Console runs. +Port 8083 serves the API. +Port 8083 is the default setting, but it is customizable when first installing Console. +When deploying Defender you can configure it to communicate to Console via a proxy. +** Port 8084 is open on the host where Console runs. +Console and Defender communicate with each other over a web socket on port 8084. +Defender initiates the connection. +Port 8084 is the default setting, but it is customizable when first installing Console. +Defender can also be configured to communicate to Console via a proxy. +endif::compute_edition[] +ifdef::prisma_cloud[] +** Port 443 is open for outgoing traffic from your host. +endif::prisma_cloud[] +* You have sudo access to the host where you want to deploy the Defender. +* You've created a service account with the Defender Manager role. +twistcl uses the service account to access Console. + +[.procedure] +. Verify that the host where you install Defender can connect to the Prisma Cloud console. ++ +ifdef::prisma_cloud[] +.. Copy the path to the value under *Path to Console* from *Compute > Manage > System > Utilities*. +.. Complete the following command with copied value. ++ +[source] +---- +curl -sk -D - /api/v1/_ping +---- + +.. Run the command on your host. +If curl returns an HTTP response status code of 200, you have connectivity to Console. +endif::prisma_cloud[] +ifdef::compute_edition[] +.. Copy the path to the value under *Path to Console* from *Manage > System > Utilities*. +.. Complete the following command with copied value. ++ +[source] +---- +curl -sk -D - :8083/api/v1/_ping +---- + +.. Run the command on your host. +If curl returns an HTTP response status code of 200, you have connectivity to Console. +If you customized the setup when you installed Console, you might need to specify a different port. +endif::compute_edition[] + +. SSH to the host where you want to install Defender. + +. Download twistcli. + + $ curl -k \ + -u \ + -L \ + -o twistcli \ + https:///api/v1/util/twistcli + +. Make the twistcli binary executable. + + $ chmod a+x ./twistcli + +. Install Defender. + + $ sudo ./twistcli defender install standalone container-linux \ + --address https:// \ + --user + +. Verify Defender was installed correctly. + + $ sudo docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 677c9883c4b6 twistlock/private:defender_21_04_333 "/usr/local/bin/defe…" 11 seconds ago Up 10 seconds twistlock_defender_21_04_333 + + +[.task] +=== Verify the install + +Verify that Defender is installed and connected to Console. + +[NOTE] +==== +Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). +All features will work normally and without any additional configuration steps required. +Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. +No action is needed from the user. +==== + +// It would be useful to add a troubleshooting section here. +// First step: Go to the host, and validate that the Defender container is actually running. +// Need to provide steps for each Defender type (Linux Server, Windows Server, Windows Container Host). +// Verify that Defender is running on the host. +// +// $ docker ps --format "{{.Names}}: {{.Status}}" | grep defender +// twistlock_defender: Up 7 minutes + +[.procedure] +. In the Prisma Cloud console, go to *Manage > Defenders > Defenders: Deployed*. ++ +Your new Defender should be listed in the table, and the status box should be green and checked. ++ +image::install-defender-deploy-page.png[width=400] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/defender-types.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/defender-types.adoc new file mode 100644 index 0000000000..a0ab7b0f4a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/defender-types.adoc @@ -0,0 +1,157 @@ +:toc: macro +[#defender-types] +== Defender Types + +toc::[] + +To take advantage of the agent-based security features of Prisma Cloud, you must deploy Defenders. Defenders enforce the policies you set in the Prisma Cloud console. + +ifdef::compute_edition[] + +Before you deploy Defenders in your environment, ensure you have xref:../deploy-console/deploy-console.adoc[deployed the Prisma Cloud console]. + +endif::compute_edition[] + +Generally, you should deploy Defenders whenever you can. It offers the most features, it can simultaneously protect both containers and host, and nothing needs to be embedded inside your containers for Defenders to protect them. +Specific types of assets require specific Defender types to protect them, to ensure optimal deployment into the environment, and to fully support for automated workflows. + +You must decide how to deploy the Defenders based on the type of asset you want to protect. + +image::defender-decision-tree.png[width=400] + +* Single Container Defenders: xref:./container/container.adoc[Deploy a single Defender to a single container]. + +* Single Host Defenders: xref:./host/host.adoc[Deploy a single Defender to a single bare-metal or virtual host]. + +* Orchestrator Defenders: xref:./orchestrator/orchestrator.adoc[Deploy Defenders on an entire cluster at the orchestration level]. + +* Serverless Defenders: xref:./serverless/serverless.adoc[Deploy a single Defender to protect serverless functions at runtime]. + +* App-embedded Defenders: xref:./app-embedded/app-embedded.adoc[Deploy a single Defender to protect containers that run on container-on-demand services]. + +To avoid manually deploying Defenders on each container, VM, or host, you can use xref:./host/auto-defend-host.adoc[auto-Defend] to deploy Defenders automatically on AWS, Azure, or GCP. + + +[#container-defender] +=== Container Defender (Linux and Windows) + +xref:./container/container.adoc[Deploy a container Defender] on any host that runs a container workload. +Container Defender protects both your containers and the underlying host. +Docker must be installed on the host because this Defender type runs as a container. + +Container Defender offers the richest set of capabilities. +The deployment is also the simplest. +After deploying a container Defender to a host, it can immediately protect and monitor your containers and host. +No additional steps are required to rebuild your containers with an agent inside. +Container Defender should always be your first choice whenever possible. + +There are some minimum requirements to run container Defender. +You should have full control over the host where container Defender runs. +It must be able to run alongside the other containers on the host with xref:../system-requirements.adoc#kernel[select kernel capabilities]. +And it must be able to run in the host's network and process namespace. + +Deploy single container Defenders when containers and the host running them that are not part of a cluster. + +[#host-defender] +=== Host Defender (Linux and Windows) + +xref:./host/host.adoc[Host Defender] uses Prisma Cloud's model-based approach for protecting hosts that do not run containers. +This Defender type lets you extend Prisma Cloud to protect all the hosts in your environment, regardless of their purpose. +Defender runs as a systemd service on Linux and a Windows service on Windows. +If Docker is deployed on your host, deploy a container Defender to protect the containers and the underlying host. + +Deploy one Host Defender per host. +Do not deploy Host Defender if you've already deployed Container Defender to a host. +Container Defender offers the same host protection capabilities as Host Defender. + +=== Orchestrator Defenders (Kubernetes) + +Container orchestrators provide native capabilities for deploying agents, such as Defender, to every node in the cluster. +Prisma Cloud leverages these capabilities to install Defender. +Kubernetes and OpenShift, for example, offer DaemonSets +As such, Container Defender is deployed as a DaemonSet on Kubernetes + +You can also xref:./orchestrator/install-cluster-container-defender.adoc[deploy container Defenders automatically in an entire cluster using kubeconfig]. + +You can deploy an orchestrator Defender to protect assets in these orchestrators. + +* xref:./orchestrator/install-amazon-ecs.adoc[ECS] +* xref:./orchestrator/orchestrator.adoc[Kubernetes] +* xref:./orchestrator/install-gke.adoc[GKE] +* xref:./orchestrator/install-gke-autopilot.adoc[GKE Autopilot] +* xref:./orchestrator/openshift.adoc[Openshift] +* xref:./orchestrator/install-tas-defender.adoc[Tanzu Application Service] + +=== Serverless Defender + +Serverless Defenders offer runtime protection for https://docs.aws.amazon.com/lambda/latest/dg/welcome.html[AWS Lambda functions] and https://azure.microsoft.com/en-us/services/functions/[Azure Functions]. +Serverless Defender must be xref:./serverless/serverless.adoc[embedded inside your functions]. +xref:./serverless/serverless.adoc[Deploy one Serverless Defender] per function. + +=== App-Embedded Defender + +If you use services providing containers on demand, you can run containers, but the service abstracts away the underlying cluster, host, operating system, and software modules. +Without access to those hooks, container Defenders can't monitor and protect resources in those environments. +Instead, embed an app-embedded Defender directly inside your workload running in the container to establish a point of control. +You can manually embed the Defenders or use automated workflows to embed Defenders using Fargate or Dockerfile. + +Using Dockerfile, you xref:./app-embedded/app-embedded.adoc[deploy one app-embedded Defender per container]. +Using Fargate, you xref:./app-embedded/install-app-embedded-defender-fargate.adoc[deploy one app-embedded Defender per task]. + +==== Fargate + +If you have an AWS Fargate task, deploy App-Embedded Fargate Defender. + +A key attribute of the App-Embedded Fargate Defender is that you don't need to change how the container images in the task are built. +The process of embedding the App-Embedded Defender simply manipulates the task definition to inject a Prisma Cloud sidecar container, and start existing task containers with a new entry point, where the entry point binary is hosted by the Prisma Cloud sidecar container. +The transformation of an unprotected task to a protected task takes place at the task definition level only. +The container images in the task don't need to be manually modified. +This streamlined approach means that you don't need to maintain two versions of an image (protected and unprotected). +You simply maintain the unprotected version, and when you protect a task, Prisma Cloud dynamically injects App-Embedded Defender into it. + +The Prisma Cloud sidecar container has a couple of jobs: + +* Hosts the Defender binary that gets injected into containers in the task. + +* Proxies all communication to Console. +Even if you have multiple containers in a task, it appears as a single entity in Console's dashboard. + +* Synchronizes policy with Console and sends alerts to Console. + +==== Dockerfile + +The Docker image format, separate from the runtime, is becoming a universal runnable artifact. +If you're not using Fargate, but something else that runs a Docker image, such as Azure Container Instances, use the App-Embedded Defender with the Dockerfile method. + +Provide a Dockerfile, and Prisma Cloud returns a new version of the Dockerfile in a bundle. +Rebuild the new Dockerfile to embed Prisma Cloud into the container image. +When the container starts, Prisma Cloud App-Embedded Defender starts as the parent process in the container, and it immediately invokes your program as its child. + +There are two big differences between this approach and the Fargate approach: + +* With the Fargate approach, you don't change the actual image. +With the Dockerfile approach, you have the original image and a new protected image. +You must modify the way your containers are built to embed App-Embedded Defender into them. +You need to make sure you tag and deploy the right image. + +* Each Defender binary makes it's own connection to the prisma Cloud console. +In the Console dashboard, they are each counted as unique applications. + +Nothing prevents you from protecting a Fargate task using the Dockerfile approach, but it's inefficient. + +==== Manual + +Use the manual approach to protect almost any type of runtime. +If you're not running a Docker image, but you still want Prisma Cloud to protect it, deploy App-Embedded Defender with the manual method. +Download the App-Embedded Defender, set up the required environment variables, then start your program as an argument to the App-Embedded Defender. + +If you choose the manual approach, you have to figure out how deploy, maintain, and upgrade your app on your own. +While the configuration is more complicated, it's also the most universal option because you can protect almost any executable. + +=== Tanzu Application Service Defender + +xref:../../vulnerability-management/vmware-tanzu-blobstore.adoc[Tanzu Application Service (TAS) Defenders] run on your TAS infrastructure. +TAS Defenders provide nearly all the same capabilities as Container Defenders, as well as the ability to scan droplets in your blobstores for vulnerabilities. +For specific differences between TAS Defenders and Container Defenders, see the xref:./orchestrator/install-tas-defender.adoc[TAS Defender install article]. + +The TAS Defender is delivered as a tile that can be installed from your TAS Ops Manager Installation Dashboard. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/deploy-defender.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/deploy-defender.adoc new file mode 100644 index 0000000000..b9b5a8715f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/deploy-defender.adoc @@ -0,0 +1,211 @@ +:toc: macro +== Deploy Prisma Cloud Defenders + +toc::[] + +To take advantage of the agent-based security features of Prisma Cloud, you must deploy the Defender agent. + +You can deploy single Defenders for containers, hosts, and serverless functions or deploy Defenders on entire clusters using an orchestrator. +There are several xref:./defender-types.adoc[Defender types] based on the assets they protect and how you wish to deploy them. + +=== Defender capabilities + +The following table summarizes the key functional differences between Defender types. + +[cols="3,2,1,1,1,1", frame="topbot"] +|==== +2+^|Capabilities 4+^|Defender type + +2+| +|Container^1^ +|Host +|Serverless +|App-Embedded + +.3+|*Deployment methods* +|*Console UI* +|Y +|Y +|Y +|Y + +|*API* +|Y +|Y +|Y +|Y + +|*twistcli* +|Y +| +| +|Y + +|*Vulnerability management* +| +|Y +|Y +|Y^2^ +|Y^3^ + +|*Compliance* +| +|Y +|Y +|Y^2^ +|Y^4^ + +.5+|*Runtime defense* +|*Behavioral modeling* +|Y +| +| +| + +|*Process* +|Y +|Y +|Y +|Y + +|*Networking* +|Y +|Y +|Y +|Y + +|*File system* +|Y +|Y +|Y +|Y + +|*Forensics* +|Y +|Y +| +|Y + +.2+|*Access control* +|*Kubernetes auditing* +|Y^5^ +| +| +|Y^5^ + +|*Admission control* +|Y +| +| +| + +.1+|*Firewalls* +|*WAAS* +|Y +|Y +|Y +|Y + +.1+|*Radar (visualization)* +|*Radar* +|Y +|Y +|Y +| + +|==== + +^1^ +Container Defender supports all Host Defender capabilities. +You can deploy single container and host Defenders or deploy container and host Defenders using an xref:./orchestrator/orchestrator.adoc[orchestrator]. + +^2^ +Normally Defender scans workloads for vulnerabilities and compliance issues. +For serverless functions, Console does the scanning. +In the Console, create a configuration that points to your repository of functions in your cloud provider. + +^3^ +Vulnerability management for deployed images only. +Registry scanning by app-embedded Defenders is not supported. + +^4^ +Image compliance and custom compliance checks only. +The trusted images feature isn't supported. + +^5^ +Kubernetes auditing is done by the Console, and not by the Defenders. +In the Console, enable Kubernetes auditing and create a configuration that points to your cluster. + +=== Connectivity + +Defender must be able to communicate with Prisma Cloud over the network because it pulls policies down and sends data (alerts, events, etc) back to the Prisma Cloud console. + +If you are using a certificate authority through a proxy, add the `--proxy-cacert` flag to the curl command https://curl.se/docs/manpage.html#--proxy-cacert[as described in the curl documentation]. + +ifdef::compute_edition[] +In simple environments, where your hosts run on the same subnet, you can connect to Console using the host's IP address or hostname. +In more complex environments, where your setup runs in the cloud, it can be more difficult to determine how Defender connects to Console. +When setting up Defender, use whichever address routes over your configuration and lets Defender connect to Console. + +For example, Console might run in one Virtual Private Cloud (VPC) in AWS, and your containers might run in another VPC. +Each VPC might have a different RFC1918 address space, and communication between VPCs might be limited to specific ports in a security group. +Use whichever address lets Defender connect to Console. +It might be a publicly exposed IP address, a hostname registered with a DNS, or a private address NAT'ed to the actual IP address assigned to Console. +For more information about setting up name resolution in complex networks, see +xref:../../deployment-patterns/best-practices-dns-cert-mgmt.adoc#[Best practices for for DNS and certificate management]. + +[#deployment-scenarios] +=== Deployment Scenarios + +Install the Defender type that best secures the resource you want to protect. +Install Defender on each host that you want Prisma Cloud to protect. +Container Defenders protect both the containers and the underlying host. +Host Defenders are designed for legacy hosts that have no capability for running containers. +Host Defenders protect the host only. +For serverless technologies, embed Defender directly in the resource. + +The scenarios here show examples of how the various Defender types can be deployed. + +[.section] +==== Scenario #1 + +Stand-alone Container Defenders are installed on hosts that are not part of a cluster. +Stand-alone Container Defenders might be required in any number of situations. + +For example, a very simple evaluation setup might consist of two virtual machines. + +* *1* -- One VM runs Onebox (Console + Container Defender). +* *2* -- To protect the container workload on a second VM, install another stand-alone Container Defender. + +image::install_defender_pattern1.png[width=600] + + +[.section] +==== Scenario #2 + +For clusters, such as Kubernetes and OpenShift, Prisma Cloud utilizes orchestrator-native constructs, such as DaemonSets, to guarantee that Defender runs on every node in the cluster. +For example, the following setup has three different types of Defender deployments. + +* *1* -- In the cluster, Container Defenders are deployed as a DaemonSet. +(Assume this is a Kubernetes cluster; it would be a similar construct, but with a different name, for AWS ECS etc). +* *2* -- On the host dedicated to scanning registry images, which runs outside the cluster, a stand-alone Container Defender is deployed. +* *3* -- On the legacy database server, which doesn't run containers at all, a Host Defender is deployed. +Host Defenders are a type of stand-alone Defender that run on hosts that don't have Docker installed. + +image::install_defender_pattern2.png[width=750] + + +[.section] +==== Scenario #3 + +Managed services that run functions and containers on-demand isolate the runtime from the underlying infrastructure. +In these types of environments, Defender cannot access the host's operating system with elevated privileges to observe activity and enforce policies in the runtime. +Instead, Defender must be built into the runtime, and control application execution and detect and prevent real-time attacks from within. +App Embedded Defender can be deployed to protect any container, regardless of the platform or runtime, whether it's Docker, runC, or Diego on Tanzu Application Service. + +* *1* -- Serverless Defender is embedded into each AWS Lambda function. + +image::install_defender_pattern3.png[width=750] + +endif::compute_edition[] + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/auto-defend-host.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/auto-defend-host.adoc new file mode 100644 index 0000000000..2231815307 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/auto-defend-host.adoc @@ -0,0 +1,250 @@ +:toc: macro + +== Auto-defend hosts + +Host auto-defend lets you automatically deploy Host Defenders on virtual machines/instances in your AWS, Azure and Google Cloud accounts. +This covers AWS EC2 instances, Azure Virtual Machines, and GCP Compute Engine instances. + +toc::[] + +[#deployment-process] +=== Deployment process + +After setting up auto-defend for hosts, Prisma Cloud discovers and protects unsecured hosts as follows: + +. Discover - Prisma Cloud uses cloud provider APIs to get a list of all VM instances. +. Identify - Prisma Cloud identifies unprotected instances. +. Verify - Ensure unprotected resources meet auto-defend prerequisites. +. Install - Prisma Cloud installs Host Defender on unprotected instances using cloud provider APIs. + +Regardless of the underlying container runtime, the host deployment process skips your worker nodes. + +[#AWS] +=== AWS EC2 instances + +Prisma Cloud uses AWS Systems Manager (formerly known as SSM) to deploy Defenders to EC2 instances. + +==== Minimum requirements + +The following sections describe the minimum requires to auto-defend to hosts in AWS. + +===== AWS Systems Manager + +Prisma Cloud uses AWS Systems Manager (formerly known as SSM) to deploy Defenders to instances. +This means that: + +* The SSM Agent must be installed on every instance. +* AWS Systems Manager must have permission to perform actions on each instance. + +To view all SSM managed instances, go to the AWS console https://console.aws.amazon.com/systems-manager/managed-instances[here]. + +====== SSM Agent + +Prisma Cloud uses the https://docs.aws.amazon.com/systems-manager/latest/userguide/prereqs-ssm-agent.html[SSM Agent] to deploy Host Defender on an instance. The SSM Agent must be installed prior to deploying the Host Defenders. +The SSM Agent is installed by default on the following distros. + +* Amazon Linux +* Amazon Linux 2 +* Amazon Linux 2 ECS-Optimized AMIs +* Ubuntu Server 16.04, 18.04, and 20.04 + +The SSM Agent doesn't come installed out of the box but supported on the following distributions. Ensure its installed https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html[ahead of time] before proceeding. : + +* CentOS +* Debian Server +* Oracle Linux +* Red Hat Enterprise Linux +* SUSE Linux Enterprise Server + +====== IAM instance profile for Systems Manager + +By default, AWS Systems Manager doesn't have permission to perform actions on your instances. +You must grant it access with an IAM instance profile. + +If you've used System Manager's Quick Setup feature, assign the *AmazonSSMRoleForInstancesQuickSetup* role to your instances. + +===== Required permissions + +Prisma Cloud needs a service account with the following permissions to automatically protect EC2 instances in your AWS account. +Add the following policy to an IAM user or role: + +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ssm:SendCommand", + "ssm:DescribeInstanceInformation", + "ssm:ListCommandInvocations", + "ssm:CancelCommand", + "ec2:DescribeRegions", //You can ignore if you already have these permissions as apart of the discovery feature + "ec2:DescribeTags",//You can ignore if you already have these permissions as apart of the discovery feature + "ssm:SendCommand" + ], + "Resource": "*" + } + ] +} +---- + +[#azure-vms] +=== Azure virtual machines + +Prisma Cloud uses the Azure VM agent https://docs.microsoft.com/en-us/azure/virtual-machines/linux/run-command[Run Command] option to invoke the script to deploy Host defenders. +You are required to configure the permissions below in your subscription and create host deploy rules to begin installing Defenders. + + +==== Minimum requirements + +The following sections describe the minimum requires to auto-defend to hosts on Azure. + +===== Azure Linux VM agent & Run command + +Prisma Cloud uses the `run command` action on the Azure Linux VM agent to deploy Defenders on instances. + +The VM Agent must be on every instance. +By default, the VM agent is available on most Linux OS machines. +Refer to the documentation for more information. + +NOTE: Currently cancelling running operation is not supported. +Dangling command will automatically timeout after 90 minutes. +Also, run command is only supported on Linux VMs. + +===== Required permissions + +In addition to the https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader[Reader] role to get the list and details of the virtual machines, the Azure credential user needs permissions to invoke the runcommand. + +---- +Microsoft.Compute/virtualMachines/runCommand/action +---- + +Typically, the Virtual Machine https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor[Contributor] role and higher levels have this permission. You can either directly use the role or create a custom role with the above permission. + +[#gcp-compute] +=== GCP Compute Engine instances + +The installation uses https://cloud.google.com/compute/docs/os-patch-management[OS Patch Management] service. +Prisma Cloud creates an OS patch job with the information of the installation script stored in the temporarily created storage bucket and the list of instances to deploy the Host defender on the instances. + +==== Minimum requirements + +The following sections describe the minimum requires to auto-defend hosts on GCP. + +===== Storage Buckets + +Prisma cloud auto creates a temporary storage bucket in the region you selected for the auto-defend rule. The bucket is named 'prisma-defender-bucket-' where is a randomly generated string, e.g., 'prisma-defender-bucket-346a7e425d344c8a7dd9ce75da674970'. +The Prisma defender installation script 'prisma-defender-script.sh' is stored in the bucket. + +The service account user needs permissions to be able to create and delete the bucket. + +===== OS Patch Management + +https://cloud.google.com/compute/docs/vm-manager[VM Manager] is a suite of tools that can be used to manage operating systems for large virtual machine (VM) fleets running Windows and Linux on Compute Engine. +Prisma cloud uses https://cloud.google.com/compute/docs/os-patch-management[OS Patch Management service] which is a part of a broader VM Manager service to deploy the host defenders. + +* Setup VM Manager for OS patch management. +Users can do auto enablement of VM Manager from the Google cloud console as shown https://cloud.google.com/compute/docs/manage-os#automatic[here] + +* VM is supported on most of the active OS versions for Linux. +For more information, refer to https://cloud.google.com/compute/docs/images/os-details#vm-manager[Operating system] for details. + +* In Google Cloud project, https://cloud.google.com/compute/docs/manage-os#enable-service-api[OS Config API] should be enabled. +This needs to be done via the google cloud console. + +===== Required permissions + +Prisma Cloud needs a service account with the following permissions to automatically protect GCP compute instances in your Google project. +Add the following permissions: + +---- +Compute.instances.list +Compute.zones.list +Compute.projects.get +osconfig.patchJobs.exec +osconfig.patchJobs.get +osconfig.patchJobs.list +storage.buckets.create +storage.buckets.delete +storage.objects.create +storage.objects.delete +storage.objects.get +storage.objects.list +compute.disks.get +---- + +[#instance-types] +=== Instance types + +Host auto-defend is supported on Linux hosts only. +Hosts must have either `wget` or `curl` installed. +ifdef::compute_edition[] +Hosts must be able to communicate to Console on port 8083. +endif::compute_edition[] +ifdef::prisma_cloud[] +Host must be able to communicate to Console on port 443. +endif::prisma_cloud[] + +Auto-defend is supported for stand-alone hosts only, not hosts that are part of clusters. +For hosts that are part of clusters, use one of the cluster-native install options (e.g., DaemonSets on Kubernetes). + +NOTE: When configuring the scope of hosts that should be auto-defended, ensure that the scope doesn't include any hosts that are part of a cluster or that run containers. +Auto-defend doesn't currently check if a host is part of cluster. +If you mistakenly include nodes that are part of a cluster in an auto-defend rule, and the cluster is not already protected, the auto-defend rule will deploy Host Defenders to the cluster nodes. + +[.task] +[#host-auto-defend] +=== Add a host auto-defend rule + +Host auto-defend rules let you specify which hosts you want to protect. +You can define a specific account by referencing the relevant credential or collection. +Each auto-defend rule is evaluated separately. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Deploy > Host auto-defend*. + +. Click on *Add rule*. + +. In the dialog, enter the following settings: + +.. Enter a rule name. + +.. In *Provider* - AWS, Azure and GCP are currently supported. + +.. In *Console*, specify a DNS name or IP address that the installed Defender can use to connect back to Console after it's installed. + +.. (Optional) In *Scope*, target the rule to specific hosts. ++ +Create a new collection. +Supported attributes are hosts, images, labels, account IDs. ++ +The following example shows a collection that is based on hosts labels, in this case a label of host_demo with the value centos. ++ +image::auto_defend_collection_example.png[width=600] + +.. Set up these options for specific Cloud Service Providers. ++ + * (For AWS only) Specify the Scanning scope for the AWS region- Commercial or regular, Government, or China. + * (For GCP only) Specify the Bucket region. Prisma cloud auto creates a temporary storage bucket named 'prisma-bucket' in the region and deletes it after the process of creating the rule is completed. + +.. Select or xref:../../../authentication/credentials-store/credentials-store.adoc[create credentials] so Prisma Cloud can access your account. +The service account must have the xref:../../../configure/permissions.adoc[minimum permissions]. + +.. Click *Add*. ++ +The new rule appears in the table of rules. + +. Click *Apply Defense*. ++ +Select the rule to start the scan. +By default, host auto-protect rules are evaluated every 24 hours. +Click the *Apply Defense* button to force a new scan. ++ +The following screenshot shows that the `auto-defend-testgroup` discovered two EC2 instances and deployed two Defenders (2/2). ++ +image::auto_defend_host_rule.png[width=900] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/host.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/host.adoc new file mode 100644 index 0000000000..4ff7a59b60 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/host.adoc @@ -0,0 +1,152 @@ +== Install a Single Host Defender + +Install Host Defender on each host that you want Prisma Cloud to protect. + +Single Host Defenders can be configured in the Console UI, and then deployed with a curl-bash script. +Alternatively, you can use `twistcli` to configure and deploy Defender directly on a host. + + +[.task] +=== Install a Host Defender (Console UI) + +Host Defenders are installed with a curl-bash script. + +ifdef::compute_edition[] +NOTE: When you use `` in the path, you must specify both the address and the port number (default: 8083) for the Console API. +For example, `\https://:8083`. +endif::compute_edition[] + +*Prerequisites*: + +* Your system meets all minimum xref:../../system-requirements.adoc[system requirements]. +* Ensure that the host machine where you installed the Defender can access the Prisma Cloud console the network. +* You have `sudo` access to the host where Defender will be installed. +ifdef::compute_edition[] +* You have already xref:../../getting-started.adoc[installed Console] +* Port 8084 is open on the host where Defender runs. Console and Defender communicate with each other over a web socket on port 8084 (by default the communication port is set to 8084 - however, you can specify your own custom port when deploying a Defender). +endif::compute_edition[] + +[.procedure] +ifdef::prisma_cloud[] +. Go to *Compute > Manage > System > Utilities* and copy the *Path to Console*. +.. Run the following command by replacing the variable `PATH-TO-CONSOLE` with the copied value: ++ +[source] +---- +curl -sk -D - /api/v1/_ping +---- + +.. Run the command on your host system. +If curl returns an HTTP response status code of 200, you have connectivity to Console. + +. Go to *Compute > Manage > Defenders > Defenders: Deployed* and select *Manual deploy*. +endif::prisma_cloud[] +ifdef::compute_edition[] +. Go to *Manage > System > Utilities* and copy the *Path to Console*. +.. Run the following command by replacing the variable `PATH-TO-CONSOLE` with the copied value: ++ +[source] +---- +curl -sk -D - :8083/api/v1/_ping +---- + +.. Run the command on your host system. +If curl returns an HTTP response status code of 200, you have connectivity to Console. +If you customized the setup when you installed Console, you might need to specify a different port. + +. Go to *Compute > Manage > Defenders > Defenders: Deployed* and select *Manual deploy*. +endif::compute_edition[] + +.. Under *Deployment method*, select *Single Defender*. + +.. In *Defender type*, select *Host Defender - Linux* or *Host Defender - Windows*. +ifdef::compute_edition[] +.. Select the way Defender connects to Console. ++ +A list of IP addresses and hostnames are pre-populated in the drop-down list. +If none of the items are valid, go to *Manage > Defenders > Names*, and add a new Subject Alternative Name (SAN) to Console's certificate. +After adding a SAN, your IP address or hostname will be available in the drop-down list. ++ +NOTE: Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. +If you select Console's IP address, and Console's IP address changes, your Defenders will no longer be able to communicate with Console. +endif::compute_edition[] + +.. (Optional) Set a custom communication port (4) for the Defender to use. + +.. (Optional) Set a proxy (3) for the Defender to use for the communication with the Console. + +.. (Optional) Under *Advanced Settings*, Enable *Assign globally unique names to Hosts* when you have multiple hosts that can have the same hostname (like autoscale groups, and overlapping IP addresses). ++ +NOTE: After setting the option to *ON*, Prisma Cloud appends a unique identifier, such as ResourceId, to the host's DNS name. +For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d. + +.. Copy the install scripts command from the right side panel, which is generated according to the options you selected. On the host where you want to install Defender, paste the command into a shell window, and run it. + +[.task] +=== Install a single Host Defender (twistcli) + +Use `twistcli` to install a single Host Defender on a Linux host. + +ifdef::compute_edition[] +NOTE: Anywhere `` is used, be sure to specify both the address and port number for Console's API. +By default, the port is 8083. +For example, `\https://:8083`. +endif::compute_edition[] + +*Prerequisites*: + +* Your system meets all minimum xref:../../system-requirements.adoc[system requirements]. +ifdef::compute_edition[] +* You have already xref:../../getting-started.adoc[installed Console]. +* Port 8083 is open on the host where Console runs. +Port 8083 serves the API. +Port 8083 is the default setting, but it is customizable when first installing Console. +When deploying Defender, you can configure it to communicate to Console via a proxy. +* Port 8084 is open on the host where Console runs. +Console and Defender communicate with each other over a web socket on port 8084. +Defender initiates the connection. +Port 8084 is the default setting, but it is customizable when first installing Console. +When deploying Defender, you can configure it to communicate to Console via a proxy. +* You've created a service account with the Defender Manager role. +twistcli uses the service account to access Console. +endif::compute_edition[] +* Console can be accessed over the network from the host where you want to install Defender. +* You have sudo access to the host where Defender will be installed. +ifdef::prisma_cloud[] +* Create a Role with Cloud Provisioning Admin permissions and without *any* account groups attached. +endif::prisma_cloud[] + +[.procedure] +. Verify that the host machine where you install Defender can connect to Console. + + $ curl -sk -D - https:///api/v1/_ping ++ +If curl returns an HTTP response status code of 200, you have connectivity to Console. +If you customized the setup when you installed Console, you might need to specify a different port. + +. SSH to the host where you want to install Defender. + +. Download `twistcli`. + + $ curl -k \ + -u \ + -L \ + -o twistcli \ + https:///api/v1/util/twistcli + +. Make the twistcli binary executable. + + $ chmod a+x ./twistcli + +. Install Defender. + + $ sudo ./twistcli defender install standalone host-linux \ + --address https:// \ + --user + +=== Verify the Install + +Verify that the Defender is installed and connected to Console. + +In Console, go to *Manage > Defenders > Defenders: Deployed*. +Your new Defender should be listed in the table, and the status box should be green and checked. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/windows-host.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/windows-host.adoc new file mode 100644 index 0000000000..8d4b69d8a5 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/host/windows-host.adoc @@ -0,0 +1,221 @@ +== Deploy Windows Defender + +Prisma Cloud can secure Windows containers running on Windows Server 2016 and Windows Server 2019 hosts. +A single instance of Prisma Cloud Console can simultaneously protect both Windows and Linux containers on both Windows and Linux hosts. +Prisma Cloud’s Intelligence Stream includes vulnerability data from Microsoft, so as new CVEs are reported, Prisma Cloud can detect them in your Windows images. + +The architecture for Defender on Windows is different than Defender on Linux. +The Defender runs as a Docker container on Linux, and as a Windows service on Windows. +On Linux, it is implemented as runtime protection in the userspace, and on Windows it is implemented using Windows drivers. +This is because there is no concept of capabilities in Windows Docker containers like there is on Linux. +Defender on Windows runs as service so it can acquire the permissions it needs to secure the containers on your host. +When you deploy the Defender, it appears as a service. +The Defender type "Container Defender - Windows" means that Defender is capable of securing your containers, not that it's deployed as a container. + +To deploy Defender on Windows, you’ll copy a PowerShell script from the Prisma Cloud Console and run it on the host where you want to install Defender. + + +=== Feature matrix + +The following table compares Prisma Cloud's Windows Server feature support to Linux feature support: + +[cols="1,1,1,1,1,1,1,1", options="header"] +|=== +|Platform |Vulnerability |Compliance |Runtime - Processes |Runtime - Network |Runtime - Filesystem |Firewalls - CNNS| Firewalls - WAAS + +|Linux +|Yes +|Yes +|Yes +|Yes +|Yes +|Yes +|Yes + +|Windows Server 2016 +|Yes +|Yes +|No +|No +|No +|No +|Yes + +|Windows Server 2019 (Host Defender) +|Yes +|Yes +|No +|No +|No +|No +|Yes + +|Windows Server 2019 (Container Defender) with Docker runtime +|Yes +|Yes +|Yes +|No +|No +|No +|No + +|Windows Server 2019 (Container Defender) with containerd runtime^1^ +|Yes +|Yes +|Yes +|No +|No +|No +|No + +|Windows Server 2022 (Container Defender) with Docker runtime +|Yes +|Yes +|Yes +|No +|No +|No +|No + +|Windows Server 2022 (Container Defender) with containerd runtime^1^ +|Yes +|Yes +|Yes +|No +|No +|No +|No + +|=== + +^1^Supported on AKS only. + +Windows Host Defenders support xref:../../../compliance/windows.adoc[Windows compliance checks for hosts]. +Only Windows Container Defenders for Windows based containers support xref:../../../compliance/custom-compliance-checks.adoc[custom compliance checks]. + +As a quick review, Prisma Cloud runtime defense builds a model of allowed activity for each container image during a learning period. +After the learning period has completed, any violation of the model triggers an action as defined by your policy (alert, prevent, block). + +As Prisma Cloud builds the model, any interactive tasks that are run are logged. +These interactive tasks can be viewed in each model's history tab. +On Windows, Prisma Cloud can't currently detect when interactive tasks are run with the _docker exec_ command, although Prisma Cloud does correctly record interactive tasks run from a shell inside a container with the _docker run -it sh_ command. +No matter how the interactive task is run, however, the model will correctly allow a process if it's in learning mode, and it will take action if the model is violated when in enforcement mode. + +Windows Container Defenders scan both the containers and the hosts where they run for vulnerabilities. + + +[.task] +=== Deploying Defender on Windows with Docker runtime + +ifdef::compute_edition[] +Prisma Cloud Console must be first installed on a Linux host. +Prisma Cloud Defenders are then installed on each Windows host you want to protect. +For more information about installing Console, see xref:../../getting-started.adoc[Getting Started]. +The xref:../../deploy-console/console-on-onebox.adoc[Onebox] install is the fastest way to get Console running on a stand-alone Linux machine. +endif::compute_edition[] + +ifdef::prisma_cloud[] +Install Prsima Cloud Defenders on every Windows host you want to protect. +endif::prisma_cloud[] + +Defenders are deployed with with a PowerShell 64-bit script, _defender.ps1_, which downloads the necessary files from Console. +Defender is registered as a Windows service. + +NOTE: Run the Prisma Cloud Defender deployment PowerShell script from a Windows PowerShell 64-bit shell. + +NOTE: Prisma Cloud Windows container defenders are tested and supported for GKE Windows server containers. + +After the install is completed, Prisma Cloud files can be found in the following locations: + +* _C:\Program Files\Prisma Cloud\_ +* _C:\ProgramData\Prisma Cloud\_ + +*Prerequisites:* + +* Windows Server 2016 or Windows Server 2019. +Prisma Cloud is not supported on Windows 10 or Hyper-V. +* Docker for Windows (1.12.2-cs2-ws-beta) or higher. +For more information about installing Docker on Windows, see +https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server[Windows Containers on Windows Server]. + +[.procedure] +. Log into Console + +. Go to *Manage > Defenders > Deploy* + +. Select *Single Defender* + +. In *Choose the Defender type*, select *Container Defender - Windows* + +. Copy the curl script and run it on your host to install Windows Defender ++ +NOTE: If you install Windows locally on your laptop, the 'netsh' commands are not needed. +They are only applicable to the GCE environment. + +[.task] +=== Deploy Container Defender on Windows with containerd runtime + +You can also deploy the Windows container defender to protect your containers running on *Azure Kubernetes Service (AKS)* Windows nodes with *containerd* runtime. +By installing the Defender you will be able to view the running containers and images on the Radar and leverage Prisma Cloud Runtime Defense capabilities on the running containers. + +*Prerequisites:* + +* Make sure you are using Windows Server 2019 with containerd runtime. +* The nodes are part of an Azure Kubernetes Service (AKS) Windows Server node pool +* Learn more about https://docs.microsoft.com/en-us/azure/aks/windows-container-cli#optional-using-containerd-with-windows-server-node-pools-preview[Using containerd with Windows Server node pools (preview)] + +[.procedure] +. Log into Console. + +. Go to *Manage > Defenders > Deploy* + +. Select *Single Defender* + +. In *Choose the Defender type*, select *Container Defender - Windows* + +. Set the option for *Node is using containerd, not Docker* to *On* + +. Copy the curl script and run it on your host to install Windows Defender ++ +NOTE: Twistcli can't be used on Windows machines running containerd. + + +=== Registry scanning + +To scan Windows images in your registry, you must install at least one Windows Defender. +Prisma Cloud automatically distributes the scan job across available Defenders. +To scan registries that hold both Windows and Linux images, install at least one Linux Defender and one Windows Defender in your environment. + +Registry scan settings can include a mix of both Defenders running on hosts with Docker Engine and containerd as scanners. + + +[.task] +=== Uninstalling Defender + +You can uninstall Defender directly from the Console UI. + +You can also manually uninstall Defender from the command line by running: + + C:\Program Files\Twistlock\scripts\defender.ps1 -uninstall + +NOTE: Since Defender runs as a Windows service, decommissioning it will stop the service. +Some remnant files might need to be deleted manually. + +[.procedure] +. Go to *Manage > Defenders > Manage*. ++ +This page shows a list of Defenders deployed in your environment and connected to Console. + +. Click the *Decommission* button. + + +=== Limitations + +Be aware of the following limitations: + +* Windows Defenders support xref:../../../compliance/windows.adoc[Windows compliance checks for hosts] and xref:../../../compliance/custom-compliance-checks.adoc[custom compliance checks] only. +Image and container compliance checks aren't supported. +* Windows requires the host OS version to match the container OS version. +If you want to run a container based on a newer Windows build, make sure you have an equivalent host build. +Otherwise, you can use Hyper-V isolation to run older containers on new host builds. +For more information, see https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-11-21H2[Windows containers version compatibility]. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/manage-defender.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/manage-defender.adoc new file mode 100644 index 0000000000..69a6771737 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/manage-defender.adoc @@ -0,0 +1,55 @@ +== Manage your Defenders + +When using the Prisma Cloud Defenders, you can complete the following tasks to manage the agents. + +* Select the needed xref:./defender-types.adoc[Defender type] +* xref:./deploy-defender.adoc[Deploy the Defender] +* Configure the Defender +* xref:./redeploy-defender.adoc[Re-deploy the Defender] +* xref:./uninstall-defender.adoc[Uninstall the Defender] + +You can expect a runtime restart in the following scenarios. + +* When a Defender starts. + +* When a Defender stops. + +* When you add the first blocking rule. + +* When you remove the last blocking rule. + +* When a Defender upgrades because the Defender restarts. + +When Defender restarts in Openshift Kubernetes clusters, nodes may become `NotReady`. +The nodes come back online after the `kubelet` restart is complete. + +To deploy and configure specific Defender instances, choose from the following list. + +* Container Defender + +** xref:./container/container.adoc[Single Container Defender using the UI] +** xref:./container/container.adoc[Single Container Defender using the CLI] + +* Host Defender + +** xref:./host/host.adoc[Host Defender] +** xref:./host/auto-defend-host.adoc[Auto-defend hosts] +** xref:./host/windows-host.adoc[Windows Host] + +* Orchestrator Defender + +** xref:./orchestrator/orchestrator.adoc[Cluster Container Defender] +** xref:./orchestrator/install-amazon-ecs.adoc[Cluster Container Defender in ECS] +** xref:./orchestrator/install-tas-defender.adoc[VMware Tanzu Application Service (TAS) Defender] + +* App-Embedded Defender + +** xref:./app-embedded/app-embedded.adoc[App-Embedded Defender] +** xref:./app-embedded/install-app-embedded-defender-fargate.adoc[App Embedded Defender for Fargate] + +* Serverless Defender + +* xref:./serverless/serverless.adoc[ Serverless Defender] +* xref:./serverless/install-serverless-defender-layer.adoc[Serverless Defender (Lambda layer)] +* xref:./serverless/auto-defend-serverless.adoc[Auto-defend serverless functions] + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs.adoc new file mode 100644 index 0000000000..ba1f4a43f4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs.adoc @@ -0,0 +1,272 @@ +== Deploy Orchestrator Defenders on Amazon ECS + +This guide shows you how to deploy Prisma Cloud Defenders in an ECS cluster. + +The Defender protects your containerized environment according to the policies you set in Prisma Cloud Console. +It runs as a service in your ECS cluster. +The parameters of the service are described in a task definition, and the task definition is written in JSON format. +To automatically deploy an instance of Defender on each node in your cluster, you'll run the Defender task as a _daemon_ service. + +The Defender deployment process consists of the following steps. + +. Create worker nodes in your ECS cluster. +. Create a task definition for the Prisma Cloud Defender. +. Create a service of type `Daemon` to deploy Defender to every node in the cluster. + +This deployment guide includes the following steps you need to take in AWS before you deploy the Defender if you haven't provisioned a cluster. + +. <>. +. <> +. <> + +If you already have an AWS ECS cluster with worker nodes and are familiar with the AWS interface, you can skip directly to <>. + +Before you create the task definition, ensure that the launch configuration for your worker nodes in ECS includes the following actions. + +** Run the Amazon ECS-Optimized Amazon Linux 2 AMI. +** Use the `ecsInstanceRole` IAM role. +** Run the following script for worker nodes to join the cluster and install the Defender. ++ +[source,sh] +---- +#!/bin/bash +echo ECS_CLUSTER=pc-ecs-cluster >> /etc/ecs/ecs.config +---- + +`ECS_CLUSTER` must match your cluster name. +Replace `pc_ecs_cluster` with the name of the cluster where you create launch configurations and auto-scaling groups to start EC2 instances for Prisma Cloud. +Modify your user data scripts accordingly. + +To better understand clusters, read our xref:../../cluster-context.adoc[cluster context] topic. + +[#create-ecs-cluster] +[.task] +=== Create your ECS Cluster + +Create an empty cluster named `pc-ecs-cluster`. +This is the cluster where you will create launch configurations and auto-scaling groups to start EC2 instances. + +[.procedure] +. Log into the AWS Management Console. + +. Go to *Services > Containers > Elastic Container Service*. + +. Click *Create Cluster*. + +. Select *Networking only*, then click *Next Step*. + +. Enter a cluster name, such as `pc-ecs-cluster`. + +. Click *Create*. + +[#create-launch-configuration] +[.task] +=== Create a launch configuration for worker nodes + +Create a launch configuration named `pc-worker-node` that: + +* Runs the Amazon ECS-Optimized Amazon Linux 2 AMI. +* Uses the `ecsInstanceRole` IAM role. +* Runs a user data script that joins the pc-ecs-cluster and runs the commands required to install Defender. + +[.procedure] +. Go to *Services > Compute > EC2*. + +. In the left menu, click *Auto Scaling > Launch Configurations*. + +. Click *Create Launch Configuration* + +. In *Name*, enter a name for your launch configuration, such as `pc-worker-node`. + +. In Amazon machine image, select *Amazon ECS-Optimized Amazon Linux 2 AMI*. ++ +You can get a complete list of per-region Amazon ECS-optimized AMIs from https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html[here]. + +. Choose an instance type, such as `t2.medium`. + +. Under *Additional configuration*: + +.. In *IAM instance profile*, select `ecsInstanceRole`. + +.. Under *User data*, select *Text*, and paste the following code snippet: ++ +[source,sh] +---- +#!/bin/bash +echo ECS_CLUSTER=pc-ecs-cluster >> /etc/ecs/ecs.config +---- ++ +Where: ++ +* `ECS_CLUSTER` must match your cluster name. +If you've named your cluster something other than `pc_ecs_cluster`, then modify your user data script accordingly. + +.. (Optional) In *IP Address Type*, select *Assign a public IP address to every instance*. ++ +With this option, you can easily SSH to this instance to troubleshoot issues. + +. Under *Security groups*: + +.. Select *Select an existing security group*. + +.. Select *pc-security-group*. + +. Under *Key pair (login)*, select an existing key pair, or create a new key pair so that you can access your instances. + +. Click *Create launch configuration*. + +[#create-auto-scaling-group] +[.task] +=== Create an auto scaling group for worker nodes + +Launch two worker nodes into your cluster. + +[.procedure] +. Go to *Services > Compute > EC2*. + +. In the left menu, click *Auto Scaling > Auto Scaling Groups*. + +. Click *Create an Auto Scaling group*. + +. In *Choose launch template or configuration*: + +.. In *Auto Scaling group Name*, enter *pc-worker-autoscaling*. + +.. In *Launch template*, click *Switch to launch configuration*. + +.. Select *pc-worker-node*. + +.. Click *Next*. + +. Under *Configure settings*: + +.. In *VPC*, select your default VPC. + +.. In *Subnet*, select a public subnet, such as 172.31.0.0/20. + +.. Click *Next*. + +. In *Configure advanced options*, accept the defaults, and click *Next*. + +. In *Configure group size and scaling policies*: + +.. Set *Desired capacity* to *2*. + +.. Leave *Minimum capacity* at *1*. + +.. Set *Maximum capacity* to *2*. + +.. Click *Skip to review*. + +. Review the configuration and click *Create Auto Scaling Group*. ++ +After the auto scaling group spins up (it will take some time), validate that your cluster has three container instances. + +.. Go to *Services > Containers > Elastic Container Service*. + +ifdef::compute_edition[] +.. The count for *Container instances* in your cluster should now be a total of three. +endif::compute_edition[] + +ifdef::prisma_cloud[] +.. The count for *Container instances* in your cluster should now be a total of two. +endif::prisma_cloud[] + + +[#create-task-definition] +[.task] +=== Create a Prisma Cloud Defender task definition + +Generate a task definition for Defender in Prisma Cloud Console. + +[.procedure] +. Log into Prisma Cloud Compute Console. + +. Go to *Manage > Defenders > Deploy > Defenders*. + +. In *Deployment method*, select *Orchestrator*. + +. For orchestrator type, select *ECS*. + +ifdef::compute_edition[] +. For the name that Defender uses to connect to Console, select the DNS name of the load balancer that sits in front of Console. +endif::compute_edition[] + +. In *Specify a cluster name*, leave the field blank. ++ +The Prisma Cloud console automatically retrieves the cluster name from AWS. +Only enter a value if you want to override the cluster name assigned in AWS. + +. In *Specify ECS task name*, leave the field blank. ++ +By default, the task name is `pc-defender`. + +. Click *Download* to download the task definition. + +. Log into AWS. + +. Go to *Services > Containers > Elastic Container Service*. + +. In the left menu, click *Task Definitions*. + +. Click *Create new Task Definition*. + +. In *Step 1: Select launch type compatibility*, select *EC2*, then click *Next step*. + +. In *Step 2: Configure task and container definitions*, scroll to the bottom of the page and click *Configure via JSON*. + +. Delete the contents of the window, and replace it with the Prisma Cloud Console task definition you just generated. + +. Click *Save*. + +. (Optional) Change the name of the task definition before creating it. +The default name is `pc-defender`. + +. Click *Create*. + +[.task] +==== Start the Prisma Cloud Defender Service + +Create the Defender service using the task definition. +With Daemon scheduling, ECS schedules one Defender per node. + +[.procedure] +. Go to *Services > Containers > Elastic Container Service*. + +. In the left menu, click *Clusters*. + +. Click on your cluster. + +. In the *Services* tab, click *Create*. + +. In *Step 1: Configure service*: + +.. For *Launch type*, select *EC2*. + +.. For *Task Definition*, select *pc-defender*. + +.. In *Service Name*, enter *pc-defender*. + +.. In *Service Type*, select *Daemon*. + +.. Click *Next Step*. + +. In *Step 2: Configure network*, accept the defaults, and click *Next step*. + +. In *Step 3: Set Auto Scaling*, accept the defaults, and click *Next step*. + +. In *Step 4: Review*, click *Create Service*. + +. Click *View Service*. + +. Verify that you have Defenders running on each node in your ECS cluster. + +ifdef::compute_edition[] +.. Go to your Prisma Cloud Console and view the list of Defenders in *Manage > Defenders > Manage* +There should be a total of three Defenders, one for each EC2 instance in the cluster. +endif::compute_edition[] + +ifdef::prisma_cloud[] +.. Go to your Prisma Cloud Console and view the list of Defenders in *Compute > Manage > Defenders > Manage*. +There should be two new Defenders that have been connected for a few minutes, one for each ECS instance in the cluster. +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender.adoc new file mode 100644 index 0000000000..032977e4f0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender.adoc @@ -0,0 +1,81 @@ +== Automatically Install Container Defender in a Cluster + +Container orchestrators provide native capabilities for deploying agents, such as Defender, to every node in the cluster. +Prisma Cloud leverages these capabilities to install Defender. + +The process for deploying Container Defender to a cluster can be found in the dedicated orchestrator-specific xref:../../install.adoc[install guides]. + +If you wish to automate the defenders deployment process to a cluster, or you don't have kubectl access to your cluster (or oc access for OpenShift), you can deploy Defender DaemonSets directly from the Console UI. + +[NOTE] +==== +This Defender install flow doesn't let you manually configure a cluster name. +Cluster names let you xref:../../../technology-overviews/radar.adoc#cluster-pivot[segment your views] of the environment. +For most cases, this shouldn't be a problem because if you're deploying to a managed cluster, then Prisma Cloud retrieves the cluster name directly from the cloud provider. +If you must manually specify a name, deploy your Defenders from *Manage > Defenders > Deploy > DaemonSet* or use twistcli. +==== + +[IMPORTANT] +==== +If your clusters use *ARM architecture or multiple architectures* on Google Kubernetes Engine (GKE) you can't use the following procedure to automatically deploy the defenders. +Instead, use the xref:./orchestrator.adoc#install-defender[manual installation procedure for Kubernetes] and edit the `daemonset.yaml` configuration file to https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm[prepare your workloads]. +==== + +[.task] +=== Deploy Defender DaemonSet using kubeconfig + +*Prerequisites:* + +* You've created a xref:../../../authentication/credentials-store/kubernetes-credentials.adoc[kubeconfig credential] for your cluster so that Prisma Cloud can access it to deploy the Defender DaemonSet. + +*Deployment process:* + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Defenders > Manage*. + +. Click *DaemonSets*. + +. For each cluster in the table, click *Actions > Deploy*. ++ +The table shows a count of deployed Defenders and their version number. + +[.task] +[#deamonset-gke] +=== Deploy Defender DaemonSet for GKE + +*Prerequisites:* + +* You deployed a GKE cluster +* You created a corresponding Service Account key in JSON format. The Service Account should have the following permissions: +** Editor +** Compute Storage Admin +** Kubernetes Engine Admin +** Service Account Token Creator +* You created a xref:~/authentication/credentials-store/gcp-credentials.adoc.adoc[GCP credential] for your cluster so that Prisma Cloud can access it to deploy the Defender DaemonSet: ++ +. Log into Prisma Cloud Console. +. Go to *Manage > Authentication > Credentials Store* +. Click *Add credential* button +. Select type *GCP* and credential level, then copy the content of the JSON Service Account key into the Service Account line (take it all including brackets). + +To deploy the Defender DaemonSet, use the following procedure. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Defenders > Manage > DaemonSets*. ++ +When the page is loaded, multiple rows of K8S clusters visible with SA credentials are displayed. ++ +[NOTE] +==== +For GCP organizations with hundreds of projects, using organization level credentials might affect the performance of the page and the time to load the clusters. Therefore, the best approach to reduce the time and to avoid potential timeouts, is to divide the projects within your organization into multiple GCP folders. Then, create a service account and credential for each one of them. +==== + +. Verify that the status is *Success* and the Defender count is 0/0 for all relevant clusters. + +. For each cluster, click *Actions > Deploy*. + +. Refresh the view and verify that for each cluster the version is the correct, the status is *Success*, and the Defender count is equal to the number of cluster nodes. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace.adoc new file mode 100644 index 0000000000..f80f4dad9e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace.adoc @@ -0,0 +1,74 @@ +:topic_type: task + +[.task] +== Deploy Prisma Cloud Defender from the GCP Marketplace + +*Prerequisites:* +You need access to a Prisma Cloud SaaS Console. +You can sign up for a free trial of Prisma Cloud on the Google Cloud Marketplace. + +[.procedure] +. Find Prisma Cloud - Kubernetes Security Defender in the GCP Marketplace. +Click Configure. ++ +image::gcp1.png[scale=10] + +. Create Cluster, if you don’t have an existing Kubernetes cluster. +Otherwise, continue to the next step. ++ +image::gcp2.png[scale=10] + +. Select an existing namespace to install Defender, or Create a namespace (recommended). +The default new namespace is "twistlock". ++ +image::gcp3.png[scale=10] + +. Enter the App instance name for the Defender the installation. +This name displays on the Application section of the GKE portal: ++ +image::gcp4.png[scale=10] + +. Specify the following information about your Prisma Cloud SaaS Console (go through steps 6-8 to get these info): ++ +image::gcp5.png[scale=10] + +. To get the URL for your Prisma Cloud Console: + +.. Log into your Prisma Cloud portal (e.g., \https://app.prismacloud.io/). + +.. Navigate to *Compute > System*. + +.. Copy the URL in Path to Console. +GCP uses this URL to get all the setup artifacts from your Prisma Cloud Console. In this example, it's \https://us-east1.cloud.twistlock.com/us-1-111573360. ++ +image::gcp6.png[scale=15] + +. To get a token for your Prisma Cloud Compute Console. + +.. Go to Compute > Authentication. + +.. Copy the API token. and paste it into the GCP Marketplace form. ++ +image::gcp7.png[width=600] + +. Specify the IP address or domain name of your Prisma Cloud Compute Console. ++ +The Defenders that you are deploying will use this IP address to communicate with Prisma Cloud. +It's almost the same as the URL, but remove the protocol (\https://) and the path (everything trailing the first "/"). +In this example, us-east1.cloud.twistlock.com. ++ +image::gcp8.png[width=600] + +. When the form is filled out, click Deploy. ++ +image::gcp9.png[scale=10] + +. Go to Prisma Cloud SaaS Console to confirm the deployment is successful. + +.. In the GKE console, review the status of your deployment: ++ +image::gcp10.png[width=600] + +.. In Prisma Cloud Console, go to Compute > Defender to review the status of your deployment: ++ +image::gcp11.png[width=600] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot.adoc new file mode 100644 index 0000000000..1e401aa730 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot.adoc @@ -0,0 +1,51 @@ +:topic_type: task +[#gke-autopilot] +[.task] +== Google Kubernetes Engine (GKE) Autopilot + +You can now install the Prisma Cloud DaemonSet Defender on your GKE *Autopilot* cluster. +GKE Autopilot clusters are using https://cloud.google.com/kubernetes-engine/docs/concepts/using-containerd[*cos_containerd*] nodes, therefore the DaemonSet must be configured with *Containerd* runtime. +Defenders deployed on GKE Autopilot clusters only support the official twistlock registry. You can't use a custom registry. + +[.procedure] +. Review the prerequisites and the procedure in the *Google Kubernetes Engine (GKE)* and the *Install Prisma Cloud on a CRI (non-Docker) cluster* sections. + +. Use the following twistcli command to generate the YAML file for the GKE Autopilot deployment. ++ +ifdef::prisma_cloud[] +[source] +---- + $ /twistcli defender export kubernetes \ + --gke-autopilot \ + --container-runtime containerd \ + --cluster-address \ + --address https://:443 +---- +endif::prisma_cloud[] +ifdef::compute_edition[] +[source] +---- + $ /twistcli defender export kubernetes \ + --gke-autopilot \ + --container-runtime containerd \ + --cluster-address \ + --address https://:8083 +---- +endif::compute_edition[] ++ +The `--gke autopilot flag adds the 'autopilot.gke.io/no-connect: "true"`' annotation to the YAML file and `--container-runtime containerd` flag enables GKE Autopilot clusters to use the Container-Optimized OS with containerd node image, not Docker. It also removes the '/var/lib/containers' mount from the generated file as that configuration is not required for the GKE autopilot deployment. ++ +[NOTE] +==== +If you are using the web interface, on *Runtime Security > Manage > Defenders > Defenders: Deployed > Manual deploy* ensure that the *orchestrator type* is *Kubernetes*, select the *Container Runtime type* as *Containerd*, and enable *GKE Autopilot deployment*. +==== + +. Create the *twistlock* namespace on your cluster by running the following command: + + $ kubectl create namespace twistlock + +. Deploy the updated YAML or the Helm chart on your GKE Autopilot cluster. + +. Verify that the Defenders are deployed. ++ +After a few minutes you should observe the nodes and running containers in Console, with Prisma Cloud Compute now protecting your cluster. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke.adoc new file mode 100644 index 0000000000..cac7d91403 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke.adoc @@ -0,0 +1,72 @@ +:topic_type: task +[#gke] +[.task] +== Deploy Defender on Google Kubernetes Engine (GKE) + +To install Prisma Cloud on https://cloud.google.com/kubernetes-engine/#[Google Kubernetes Engine (GKE)], use the standard Kubernetes install flow. +Before getting started, create a `ClusterRoleBinding`, which grants the permissions required to create the Defender `DaemonSet`. + +[NOTE] +==== +For GKE Autopilot, follow the xref:./install-gke-autopilot.adoc[Autopilot steps]. +==== + +The Google Cloud Platform (GCP) service account that you use to create the Prisma Cloud Console resources, including Deployment controller and PersistentVolumeClaim, must have at least the *Kubernetes Engine Developer* role to be successful. + +The GCP service account that you use to create the Defender resources, including `DaemonSet`, must have the Kubernetes cluster-admin role. +If you try to create the Defender resources from a service account without this cluster-specific role, it will fail because the GCP *Kubernetes Engine Developer* role doesn't grant the developer sufficient permissions to create a ClusterRole (one of the Defender resources). +You'll need to use an account with the GCP *Kubernetes Engine Admin* role to bind the Kubernetes cluster-admin role to your Kubernetes developer's service account. + +It's probably best to create the ClusterRoleBinding before turning the cluster over any user (typically DevOps) tasked with managing and maintaining Prisma Cloud. + +[NOTE] +==== +Run the command in the following procedure on ANY service account that attempts to apply the Defender `DaemonSet` YAML or Helm chart, even if that service account already has elevated permissions with the GCP *Kubernetes Engine Admin* role. +Otherwise, you'll get an error. +==== + +The following procedure uses a service account named `your-dev-user@your-org.iam.gserviceaccount.com` that has the GCP *Kubernetes Engine Developer* role. +You'll also need access to a more privileged GCP account that has the *Kubernetes Engine Admin* role to create the `ClusterRoleBinding` in your cluster. + +*Prerequisites* + +* You have deployed a GKE cluster. +* You have a Google Cloud Platform (GCP) service account with the *Kubernetes Engine Developer* role. +* You have access to a GCP account with at least the *Kubernetes Engine Admin* role. + +[.procedure] +. With the link:https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account#[service account] that has the GCP *Kubernetes Engine Admin* role set as the link:https://cloud.google.com/sdk/gcloud/reference/config/set#[active account], run: ++ +[source,bash] +---- +$ kubectl create clusterrolebinding your-dev-user-cluster-admin-binding \ + --clusterrole=cluster-admin \ + --user=your-dev-user@your-org.iam.gserviceaccount.com +---- + +. With the *Kubernetes Engine Developer* service account, continue with the xref:./orchestrator.adoc#install-defender[standard installation of Kubernetes Defenders]. ++ +[IMPORTANT] +==== +If you are using GKE with ARM architecture or multiple architectures you must edit the `daemonset.yaml` configuration file to https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm[prepare your workloads]. +==== + +=== Troubleshooting + +If you see the following error when trying to create the Defender DaemonSet, you've probably tried to create the Defender resources from a service account that has the GCP *Kubernetes Engine Developer* role. +To fix the issue, grant the <> to the service account. + +[source] +---- +Error from server (Forbidden): error when creating "daemonset.yaml": clusterroles.rbac.authorization.k8s.io is forbidden: User "your-dev-user@your-org.iam.gserviceaccount.com" cannot create clusterroles.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoles.create" permission. + +Error from server (Forbidden): error when creating "daemonset.yaml": clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "your-dev-user@your-org.iam.gserviceaccount.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission. +---- + +If you see the following error when trying to create the Defender DaemonSet, you've probably tried to create the Defender resources from a service account with the *Kubernetes Engine Admin* role. +To fix the issue, grant the <> to the service account. + +[source] +---- +Error from server (Forbidden): error when creating "daemonset.yaml": clusterroles.rbac.authorization.k8s.io "twistlock-view" is forbidden: attempt to grant extra privileges: [{[list] [rbac.authorization.k8s.io] [roles] [] []} {[list] [rbac.authorization.k8s.io] [rolebindings] [] []} {[list] [rbac.authorization.k8s.io] [clusterroles] [] []} {[list] [rbac.authorization.k8s.io] [clusterrolebindings] [] []}] user=&{your-admin-user@your-org.iam.gserviceaccount.com [system:authenticated] map[user-assertion.cloud.google.com:[iVWgsppUtVXaN1xToHtXpQdi5jJy6jv7BlSUZSUNTMjI2N77AaL5zQwZse0rqdu0Bz/35+6CG//82jdATfqfEWxDIRdAYHGvzRweXDZxOvI4EZzhyUVVKHJKL6i6v47VlFsHtSMx63QiVWgsppUtVXaN1xToHtXpQmU3nNtlspQaH3RtqSLwK/MoqW3Cc+VkWmuxyGUCYcW94Ttd6euy8iVWgsppUtVXaN1xToHtXpQWhRRTxlidgQdMzAbcAAbbv2C/uMlWs4VkzII7i9l6EEg==]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[] +---- diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri.adoc new file mode 100644 index 0000000000..d3f7cb4625 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri.adoc @@ -0,0 +1,177 @@ +[#deploying-cri-defenders] +== Deploy Defenders as DaemonSets + +Kubernetes lets you set up a cluster with the container runtime of your choice. +Prisma Cloud supports Docker Engine, CRI-O, and cri-containerd. + +When generating the YAML file or Helm chat to deploy the Defender DaemonSet, you can select the *Container Runtime type* on Console UI under *Manage > Defenders > Defenders: Deployed > Manual deploy*. + +Since Defenders need to have a view of other containers, this option is necessary to guide the communication. + +NOTE: If you use _containerd_ on GKE, and you install Defender without selecting the `CRI-O` *Container Runtime type*, everything will appear to work properly, but you'll have no images or container scan reports in *Monitor > Vulnerability* and *Monitor > Compliance pages* and you'll have no runtime models in *Monitor > Runtime*. +This happens because the Google Container Optimized Operating system (GCOOS) nodes have Docker Engine installed, but Kubernetes doesn't use it. +Defender thinks everything is OK because all of the integrations succeed, but the underlying runtime is actually different. + +image::container-runtime-type-ui.png[scale=20] + +If you're deploying Defender DaemonSets with twistcli, use the following flag with one of the container runtime types: + +* `--container-runtime docker` +* `--container-runtime crio` +* `--container-runtime containerd` + +ifdef::prisma_cloud[] +[source,bash] +---- +$ /twistcli defender export kubernetes \ + --container-runtime crio + --address https://yourconsole.example.com:443 \ + --user \ + --cluster-address yourconsole.example.com +---- +endif::prisma_cloud[] + +ifdef::compute_edition[] +[source,bash] +---- +$ /twistcli defender export kubernetes \ + --container-runtime crio + --address https://yourconsole.example.com:8083 \ + --user \ + --cluster-address yourconsole.example.com +---- +endif::compute_edition[] + +When generating YAML from Console or twistcli, there is a simple change to the _yaml_ file as seen below. + +In this abbreviated version DEFENDER_TYPE:daemonset will use the Docker interface. + +ifdef::prisma_cloud[] +[source,yaml] +---- +... +spec: + template: + metadata: + labels: + app: twistlock-defender + spec: + serviceAccountName: twistlock-service + restartPolicy: Always + containers: + - name: twistlock-defender-19-03-321 + image: registry-auth.twistlock.com/tw_/twistlock/defender:defender_19_03_321 + volumeMounts: + - name: host-root + mountPath: "/host" + - name: data-folder + mountPath: "/var/lib/twistlock" + ... + env: + - name: WS_ADDRESS + value: wss://yourconsole.example.com:443 + - name: DEFENDER_TYPE + value: daemonset + - name: DEFENDER_LISTENER_TYPE + value: "none" + ... +---- +endif::prisma_cloud[] + +ifdef::compute_edition[] +[source,yaml] +---- +... +spec: + template: + metadata: + labels: + app: twistlock-defender + spec: + serviceAccountName: twistlock-service + restartPolicy: Always + containers: + - name: twistlock-defender-19-03-321 + image: registry-auth.twistlock.com/tw_/twistlock/defender:defender_19_03_321 + volumeMounts: + - name: host-root + mountPath: "/host" + - name: data-folder + mountPath: "/var/lib/twistlock" + ... + env: + - name: WS_ADDRESS + value: wss://yourconsole.example.com:8084 + - name: DEFENDER_TYPE + value: daemonset + - name: DEFENDER_LISTENER_TYPE + value: "none" + ... +---- +endif::compute_edition[] + +In this abbreviated version DEFENDER_TYPE:cri will use the CRI. + +ifdef::prisma_cloud[] +[source,yaml] +---- +... +spec: + template: + metadata: + labels: + app: twistlock-defender + spec: + serviceAccountName: twistlock-service + restartPolicy: Always + containers: + - name: twistlock-defender-19-03-321 + image: registry-auth.twistlock.com/tw_/twistlock/defender:defender_19_03_321 + volumeMounts: + - name: host-root + mountPath: "/host" + - name: data-folder + mountPath: "/var/lib/twistlock" + ... + env: + - name: WS_ADDRESS + value: wss://yourconsole.example.com:443 + - name: DEFENDER_TYPE + value: cri + - name: DEFENDER_LISTENER_TYPE + value: "none" + ... +---- +endif::prisma_cloud[] + +ifdef::compute_edition[] +[source,yaml] +---- +... +spec: + template: + metadata: + labels: + app: twistlock-defender + spec: + serviceAccountName: twistlock-service + restartPolicy: Always + containers: + - name: twistlock-defender-19-03-321 + image: registry-auth.twistlock.com/tw_/twistlock/defender:defender_19_03_321 + volumeMounts: + - name: host-root + mountPath: "/host" + - name: data-folder + mountPath: "/var/lib/twistlock" + ... + env: + - name: WS_ADDRESS + value: wss://yourconsole.example.com:8084 + - name: DEFENDER_TYPE + value: cri + - name: DEFENDER_LISTENER_TYPE + value: "none" + ... +---- +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-oc.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-oc.adoc new file mode 100644 index 0000000000..e47c9904d8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-oc.adoc @@ -0,0 +1,186 @@ +== Deploy Defender with Declarative Object Management + +Defender is installed as a DaemonSet, which ensures that an instance of Defender runs on every node in the cluster. +Use _twistcli_ to generate a YAML configuration file or Helm chart for the Defender DaemonSet, then deploy it using _oc_. +You can use the same method to deploy Defender DaemonSets from both macOS and Linux. + +The benefit of declarative object management, where you work directly with YAML configuration files, is that you get the full "source code" for the objects you create in your cluster. +You can use a version control tool to manage and track modifications to config files so that you can delete and reliably recreate DaemonSets in your environment. + +If you don't have kubectl access to your cluster (or oc access for OpenShift), you can deploy Defender DaemonSets directly from the xref:../container/container.adoc[Console UI]. + +NOTE: The following procedure shows you how to deploy Defender DaemonSets with twistcli using declarative object management. +Alternatively, you can generate Defender DaemonSet install commands in the Console UI under *Manage > Defenders > Deploy > DaemonSet*. +Install scripts work on Linux hosts only. +For macOS and Windows hosts, use twistcli to generate Defender DaemonSet YAML configuration files, and then deploy it with oc, as described in the following procedure. + +[.task] +=== Get connection strings + +When calling twistcli to generate your YAML files and Helm charts, you'll need to specify a couple of addresses. + +[.procedure] +. Retrieve Console's URL (PRISMA_CLOUD_COMPUTE_CONSOLE_URL). + +.. Sign into Prisma Cloud. + +.. Go to *Compute > Manage > System > Utilities*. + +.. Copy the URL under *Path to Console*. + +. Retrieve Console's hostname (PRISMA_CLOUD_COMPUTE_HOSTNAME). ++ +The hostname can be derived from the URL by removing the protocol scheme and path. +It is simply the host part of the URL. You can also retrieve the hostname directly. + +.. Go to *Compute > Manage > Defenders > Defenders: Deployed > Manual deploy > Orchestrator* + +.. Select *OpenShift* from *Step 2* (*Choose the orchestrator type*) + +.. Copy the hostname from *Step 3* (*The name that Defender will use to connect to this Console*) + +[.task] +=== Option #1: Deploy with YAML files + +Deploy the Defender DaemonSet with YAML files. + +The _twistcli defender export_ command can be used to generate native Kubernetes YAML files to deploy the Defender as a DaemonSet. + +[.procedure] +. Generate a _defender.yaml_ file, where: ++ +The following command connects to Console (specified in _--address_) as user (specified in _--user_), and generates a Defender DaemonSet YAML config file according to the configuration options passed to _twistcli_. +The _--cluster-address_ option specifies the address Defender uses to connect to Console. ++ + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --container-runtime crio ++ +* can be linux, osx, or windows. +* is the name of a Prisma Cloud user with the System Admin role. + +. Deploy the Defender DaemonSet. + + $ oc create -f ./defender.yaml + + +[.task] +=== Option #2: Deploy with Helm chart + +Deploy the Defender DaemonSet with a Helm chart. + +// https://github.com/twistlock/twistlock/issues/13333 +Prisma Cloud Defenders Helm charts fail to install on OpenShift 4 clusters due to a Helm bug. +If you generate a Helm chart, and try to install it in an OpenShift 4 cluster, you'll get the following error: + + Error: unable to recognize "": no matches for kind "SecurityContextConstraints" in version "v1" + +To work around the issue, manually modify the generated Helm chart. + +[.procedure] +. Generate the Defender DaemonSet helm chart. ++ +A number of command variations are provided. +Use them as a basis for constructing your own working command. ++ +The following commands connects to Console (specified in _--address_) as user (specified in _--user_), and generates a Defender DaemonSet YAML config file according to the configuration options passed to _twistcli_. +The _--cluster-address_ option specifies the address Defender uses to connect to Console. ++ +*Outside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +Use the OpenShift external route for your Prisma Cloud Console, _--address \https://twistlock-console.apps.ose.example.com_. +Designate Prisma Cloud's cloud registry by omitting the _--image-name_ flag. Defining CRI-O as the default container engine by using the `--container-runtime crio` flag. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --container-runtime crio \ + --helm ++ +*Outside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image from the OpenShift internal registry. Defining CRI-O as the default container engine by using the `--container-runtime crio` flag. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --container-runtime crio \ + --helm ++ +*Inside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +When generating the Defender DaemonSet YAML with twistcli from a node inside the cluster, use Console's service name (twistlock-console) or cluster IP in the _--cluster-address_ flag. +This flag specifies the endpoint for the Prisma Cloud Compute API and must include the port number. Defining CRI-O as the default container engine by using the `--container-runtime crio` flag. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --container-runtime crio \ + --helm ++ +*Inside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image in the OpenShift internal registry. Defining CRI-O as the default container engine by using the `--container-runtime crio` flag. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --container-runtime crio \ + --helm + +. Unpack the chart into a temporary directory. + + $ mkdir helm-defender + $ tar xvzf twistlock-defender-helm.tar.gz -C helm-defender/ + +. Open _helm-console/twistlock-defender/templates/securitycontextconstraints.yaml_ for editing. + +. Change `apiVersion` from `v1` to `security.openshift.io/v1`. ++ +[source,yaml] +---- +{{- if .Values.openshift }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: +name: twistlock-console +... +---- + +. Repack the Helm chart + + $ cd helm-defender/ + $ tar cvzf twistlock-defender-helm.tar.gz twistlock-defender/ + +. Install the new helm chart via the helm command + + $ helm install --namespace=twistlock -g twistlock-defender-helm.tar.gz + + +[.task] +=== Confirm Defenders were deployed + +Confirm the installation was successful. + +[.procedure] +. In Prisma Cloud Console, go to *Compute > Manage > Defenders > Defenders: Deployed* to see a list of deployed Defenders. ++ +image::install-openshift-tl-defenders.png[] + +. In the OpenShift Web Console, go to the Prisma Cloud project's monitoring window to see which pods are running. ++ +image::install_openshift_ose_defenders.png[width=800] + +. Use the OpenShift CLI to see the DaemonSet pod count. + + $ oc get ds -n twistlock + + NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE + twistlock-defender-ds 4 3 3 3 3 29m ++ +NOTE: The _desired_ and _current_ pod counts do not match. +This is a job for the nodeSelector. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-tas-defender.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-tas-defender.adoc new file mode 100644 index 0000000000..9a6f645146 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-tas-defender.adoc @@ -0,0 +1,187 @@ +:toc: macro +== VMware Tanzu Application Service (TAS) Defender + +Prisma Cloud deploys the Defender on the VMware Tanzu Application Service (TAS) as add-on software, which works similarly to a Daemon set in Kubernetes. +This approach co-locates the Defender on every Diego cell VM. +The "Prisma Cloud for TAS" tile in the Tanzu Ops Manager allows you to configure the Defender across your TAS environment. +When you deploy full coverage Defenders for TAS, they perform blobstore scanning alongside compliance, vulnerability, and runtime protection. +If you have a large-scale environment, you can choose to deploy blobstore scanning Defenders as dedicated VMs that focus exclusively on scanning your blobstores. + +Tanzu Application Service (TAS) Defender supports the following functions: + +* Vulnerability scanning for running apps. +* Vulnerability and compliance scanning for the underlying Diego cell hosts. +* Blobstore scanning for Linux droplets. +* Runtime protection: Linux TAS Defenders support runtime protection for process, networking, and file system. Windows TAS Defenders support runtime protection for process. + +The Prisma Cloud Console lets you deploy Defender to multiple TAS environments. +TAS Defender supports the prevent action because it doesn't require controlling the app lifecycle. +The TAS Defenders don't support the block action for runtime rules, vulnerability rules, and compliance rules because the Defenders cannot block running apps. +The TAS framework controls the app lifecycle, including stopping the containers as required by the block action. + +toc::[] + +[.task] +=== Install the TAS Defender + +ifdef::compute_edition[] +*Prerequisites:* + +* Prisma Cloud Compute Console has already been installed somewhere in your environment. +endif::compute_edition[] + +[.procedure] + +. Get the Prisma Cloud tile. + +.. Log in to the Prisma Cloud console. + +.. Select *Manage > Defender > Deployed Defenders*. + +.. Click *Manual deploy*. + +.. Select the *Orchestrator* deployment method. + +.. Under *Orchestrator type*, select one of the following options: ++ +* Tanzu Application Service Defender - Linux +* Tanzu Application Service Defender - Windows + +.. On the sidebar, click the *Download* button to get the TAS tile. ++ +[NOTE] +==== +Alternatively, you can download the *VMWare Tanzu tile* from under *Manage > System > Utilities*. +==== + +. Import the Prisma Cloud tile. + +.. Go to the *Tanzu Ops Manager > Installation Dashboard*. + +.. Click the *Import a Product* button. + +.. Select the downloaded tile. + +.. On the left sidebar, the Prisma Cloud for TAS appears. + +.. Click the *plus sign* beside the version number to stage the tile. + +.. Click the tile that was added. + +. Configure the Defenders. + +.. Return to the Prisma Cloud Console. + +.. Under *The name that Defender will use to connect to this Console*, select the IP address or URL that your TAS environment can reach. + +ifdef::compute_edition[] +.. Provide any needed Defender communication port. +endif::compute_edition[] + +.. If you selected the *Tanzu Application Service Defender - Windows* as the *Orchestrator type*, enable or disable *Runtime protection*. + +ifdef::compute_edition[] +.. Provide the Central Console address that the Defender can access. This is only needed if you follow a Project deployment pattern (*Manage > Projects*). +endif::compute_edition[] + +.. Enable the *Assign globally unique names to Hosts* in the *Advanced Settings* as needed. + +.. Copy the installation scripts from the sidebar. You can deploy Prisma Cloud Defenders on Linux and Windows. + +. Configure the Prisma Cloud tile. +.. Return to the Tanzu Ops Manager. +.. Under *Assign AZs and Networks*, select the *TAS network* and select *Save*. +.. Under *Prisma Cloud Component Configuration*, paste the installation scripts for the operating systems you are using. ++ +If you don't provide an installation script, Tanzu doesn't deploy Defenders for that operating system. ++ +Enter a *Foundation* name (optional). If you don't enter a Foundation name, you will not be able to use *tas-foundation* label in *Manage > Collections*. ++ +Select *Save*. + +.. Under *Prisma Cloud Proxy configuration*, configure your Proxy as needed if you are using Linux. ++ +Select *Save*. ++ +The Defender on Windows doesn't support a proxy. + +.. Under *Credentials*, provide your Prisma Cloud credentials for Linux and Windows. Select *Save*. +You can use certificates for authentication if you only use Linux. +Provide your username and password credentials instead to authenticate the Defender if you use Windows Defenders by themselves or together with Linux Defenders. + +.. Under *Resource configuration*, you can add dedicated Linux VMs to serve exclusively as Linux blobstore scanners. Select *Save*. + +.. Go back to the *Installation Dashboard*. + +.. Click Review Pending Changes. +.. Select the following products. ++ +* Prisma Cloud for TAS +* VMWare Tanzu Application Service +* Every TAS Isolation segment in your environment. + +.. Apply the changes and wait for the tile to become active. ++ +[NOTE] +==== +It can take an hour or longer for the changes to apply and your deployment to complete. +==== + +. Verify the deployment on Prisma Cloud under *Manage > Defenders*. ++ +After the deployment is complete, the deployed Defenders will appear in the table. The *Host* column shows *Agent ID* of the defended Linux Diego cells and *VM CID* of the defended Windows Diego cells. + ++ +You can search and filter your TAS Defenders based on the hostnames. + +.. To fetch the *Agent ID* of your Diego cells: +... Log into a Diego cell. +... The `/var/vcap/instance/dns/records.json` file shows how the *Agent ID* maps to a host IP address. + +.. To fetch the *VM CID* of your Diego cells, run `bosh vms` in the *ops-manager* VM. + +[.task] +=== Deploy Blobstore Scanners for TAS + +Prisma Cloud for TAS can perform blobstore scanning on Linux VMs. +Defenders deployed as dedicated blobstore scanners still scan the host where they run for vulnerabilities, compliance issues, and runtime protection. +Prisma Cloud periodically discovers and scans the droplets in your blobstores for vulnerabilities using pattern matching. + +[.procedure] + +. Go to the *Tanzu Ops Manager > Installation Dashboard*. + +. Click the *Prisma Cloud for TAS* tile. + +. Under *Prisma Cloud Component Configuration*, paste the Linux installation script. +If you don't provide an installation script, Tanzu doesn't deploy Defenders. ++ +If you are deploying only TAS Linux blobstore scanners you can unselect the *Install TAS Defender on all Linux Diego cells in the cluster* checkbox. ++ +Select *Save*. + +. Go to *Resource Configuration*. ++ +Specify the number of instances of blobstore scanners you want in your environment. + +. Select the *VM TYPE*. + +. Select the *PERSISTENT DISK TYPE*. + +. Provide any load balancing configuration needed. + +. Select whether an internet connection is allowed by the Blobstore scanner VM. ++ +Select *Save*. + +. Under *Assign AZs and Networks*, select the TAS network and specify the preferred AZs for placing the blobstore scanners. ++ +Select *Save*. + +. Return to the *Installation Dashboard*. + +. Click *Review Pending Changes*, and select *Prisma Cloud for TAS*. ++ +Apply the changes. Wait for Tanzu to finish deploying the Defenders. This process can take a long time. + +. Configure Prisma Cloud to xref:../../../vulnerability-management/vmware-tanzu-blobstore.adoc[scan a blobstore]. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-vmware-tkg.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-vmware-tkg.adoc new file mode 100644 index 0000000000..0c3e815ac4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-vmware-tkg.adoc @@ -0,0 +1,148 @@ +== VMware Tanzu Kubernetes Grid (TKG) +// Not included in the book as of Nov 9,2021 + +https://tanzu.vmware.com/kubernetes-grid[VMware Tanzu Kubernetes Grid (TKG)] lets you deploy Kubernetes clusters on demand. +Use our standard Kubernetes install procedure to deploy Prisma Cloud to TKG. +The only difference between TKG and standard Kubernetes is the location of the Docker socket. +ifdef::compute_edition[] +A single line change in the Prisma Cloud configuration file lets you specify the path to the Docker socket in TKG. +From there, follow the normal Kubernetes install procedure. +endif::compute_edition[] + + +=== Preflight checklist + +To ensure that your installation goes smoothly, work through the following checklist and validate that all requirements are met. + +[.section] +==== General + +ifdef::compute_edition[] +* You have a valid Prisma Cloud license key and access token. +endif::compute_edition[] + +ifdef::prisma_cloud[] +* You have access to a Prisma Cloud tenant. + +* You have adequate permissions (i.e. role) to deploy Defenders. +endif::prisma_cloud[] + +[.section] +==== Cluster + +ifdef::compute_edition[] +* You have provisioned a TKG cluster that meets the minimum xref:../../system_requirements.adoc[system requirements]. +endif::compute_edition[] + +* Prisma Cloud Defender requires elevated privileges. +Ensure that the _Set Privileged Containers_ permission is set to true (enabled) in your TKG cluster. + +* The nodes in your cluster can reach Prisma Cloud's cloud registry (registry-auth.twistlock.com). + +[.section] +==== Permissions + +* You can create and delete namespaces in your cluster. + +* You can Run _kubectl create_ commands. + +[.section] +==== Firewalls and external IP addresses + +Validate that the following ports are open: + +ifdef::compute_edition[] +*Prisma Cloud Console*: + +* Incoming: 8083, 8084 +* Outgoing: 443, 53 +endif::compute_edition[] + +*Prisma Cloud Defenders*: + +* Incoming: None +ifdef::compute_edition[] +* Outgoing: 8084 +endif::compute_edition[] +ifdef::prisma_cloud[] +* Outgoing: 443 to Prisma Cloud +endif::prisma_cloud[] + + +ifdef::compute_edition[] +=== Install Prisma Cloud + +Prepare your TKG environment, then use the standard procedure for installing Prisma Cloud on Kubernetes. + + +[.task] +==== Download the Prisma Cloud software + +Download the Prisma Cloud software to your cluster's controller node. + +[.procedure] +. xref:../../../welcome/releases.adoc#download[Download] the current recommended release. + +. Download the release tarball to your cluster controller. + + $ wget + +. Unpack the Prisma Cloud release tarball. + + $ mkdir twistlock + $ tar xvzf twistlock_.tar.gz -C twistlock/ + +. Open _twistlock/twistlock.cfg_ and set the path to the Docker socket. + + DOCKER_SOCKET=${DOCKER_SOCKET:-/var/vcap/data/sys/run/docker/docker.sock} + +. In twistlock.cfg, set RUN CONSOLE AS ROOT to true. + + RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-true} + + +==== Install Console and Defenders + +Proceed with the standard instructions for installing xref:../../deploy-console/console-on-kubernetes.adoc[Prisma Cloud on Kubernetes]. + +endif::compute_edition[] + +ifdef::prisma_cloud[] +[.task] +=== Install Prisma Cloud Defender DaemonSet + +The standard location of the Docker socket in Kubernetes is _/var/run/docker.sock_. +In TKG, the Docker socket can be located in either _/var/vcap/data/sys/run/docker/docker.sock_ or _/var/vcap/sys/run/docker/docker.sock_. +Before you deploy your Defender DaemonSet, you must manually update the Defender DaemonSet configuration file with the path to the Docker socket. + +[.procedure] +. Use the standard procedure for xref:./orchestrator.adoc#install-defender[generating a standard DaemonSet file]. ++ +The DaemonSet file can be generated from the Prisma Cloud UI. +Go to *Prisma Cloud > Compute > Defenders > Deploy > DaemonSet* and configure your deployment. +At the bottom of the page, choose *Download YAML directly*. + +. Open _defender.yaml_ for editing, and update the file so Defender can find the Docker socket. + +.. In _volumeMounts_, _name: docker-sock-folder_, set _mountPath_ to: + + mountPath: "/var/vcap/data/sys/run/docker" + +.. In _env_, _name: _DOCKER_CLIENT_ADDRESS_, set _value_ to: + + value: "/var/vcap/data/sys/run/docker/docker.sock" + +.. In _volumes_, _name: docker-sock-folder_, _hostPath_, set _path_ to: + + path: "/var/vcap/data/sys/run/docker" + +. Deploy your Defender DaemonSet. + +.. Create the Twistlock namespace. + + $ kubectl create namespace twistlock + +.. Deploy the Defender DaemonSet. + + $ kubectl create -f defender.yaml +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/openshift.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/openshift.adoc new file mode 100644 index 0000000000..dd8d2352c1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/openshift.adoc @@ -0,0 +1,396 @@ +== Deploy Defender on OpenShift v4 + +Prisma Cloud Defenders are deployed as a DaemonSet, which ensures that an instance of Defender runs on every node in the cluster. +You can run Defenders on OpenShift master and infrastructure nodes by removing the taint from them. + +The Prisma Cloud Defender container images can be stored either in the internal OpenShift registry or your own Docker v2 compliant registry. +ifdef::compute_edition[] +Alternatively, you can configure your deployments to pull images from xref:../../deploy-console/container-images.adoc[Prisma Cloud's cloud registry]. +endif::compute_edition[] +This guide shows you how to generate deployment YAML files for Defenders, and then deploy them to your OpenShift cluster with the _oc_ client. + +To better understand clusters, read our xref:../../cluster-context.adoc[cluster context] topic. + +=== Preflight checklist + +To ensure that your installation on supported versions of OpenShift v4.x goes smoothly, work through the following checklist and validate that all requirements are met. + +==== Minimum system requirements + +Validate that the components in your environment (nodes, host operating systems, orchestrator) meet the specs in +xref:../../system-requirements.adoc[System requirements]. + +==== Permissions + +Validate that you have permission to: + +* Push to a private docker registry. +For most OpenShift setups, the registry runs inside the cluster as a service. +You must be able to authenticate with your registry with docker login. + +* Pull images from your registry. +This might require the creation of a docker-registry secret. + +* Have the correct role bindings to pull and push to the registry. +For more information, see https://docs.openshift.com/container-platform/3.10/install_config/registry/accessing_registry.html[Accessing the Registry]. + +* Create and delete projects in your cluster. +For OpenShift installations, a project is created when you run _oc new-project_. + +* Run _oc create_ commands. + +==== Network connectivity + +Validate that outbound connections to your Console can be made on port 443. + +Use xref:../../../tools/twistcli.adoc[_twistcli_] to install the Prisma Cloud Defenders in your OpenShift cluster. +The _twistcli_ utility is included with every release. + + +[.task] +==== Create an OpenShift project for Prisma Cloud + +Create a project named _twistlock_. + +[.procedure] +. Login to the OpenShift cluster and create the _twistlock_ project: ++ +[source] +---- + $ oc new-project twistlock +---- + +[.task] +==== (Optional) Push the Prisma Cloud images to a private registry + +When Prisma Cloud is deployed to your cluster, the images are retrieved from a registry. +You have a number of options for storing the Prisma Cloud Console and Defender images: + +* OpenShift internal registry. + +* Private Docker v2 registry. +You must create a docker-secret to authenticate with the registry. + +ifdef::compute_edition[] +Alternatively, you can pull the images from the xref:../../deploy-console/container-images.adoc[Prisma Cloud cloud registry] at deployment time. +endif::compute_edition[] +Your cluster nodes must be able to connect to the Prisma Cloud cloud registry (registry-auth.twistlock.com) with TLS on TCP port 443. + +This guides shows you how to use both the OpenShift internal registry and the Prisma Cloud cloud registry. +If you're going to use the Prisma Cloud cloud registry, you can skip this section. +Otherwise, this procedure shows you how to pull, tag, and upload the Prisma Cloud images to the OpenShift internal registry's _twistlock_ imageStream. + +[.procedure] +. Determine the endpoint for your OpenShift internal registry. +Use either the internal registry's service name or cluster IP. ++ +[source] +---- + $ oc get svc -n default + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + docker-registry ClusterIP 172.30.163.181 5000/TCP 88d +---- + +. Pull the image from the Prisma Cloud cloud registry using your access token. +The major, minor, and patch numerals in the string are separated with an underscore. +For exampe, 18.11.128 would be 18_11_128. ++ +[source] +---- + $ docker pull \ + registry-auth.twistlock.com/tw_/twistlock/defender:defender_ +---- + +. Tag the image for the OpenShift internal registry. ++ +[source] +---- + $ docker tag \ + registry-auth.twistlock.com/tw_/twistlock/defender:defender_ \ + 172.30.163.181:5000/twistlock/private:defender_ +---- + +. Push the image to the _twistlock_ project's imageStream. ++ +[source] +---- + $ docker push 172.30.163.181:5000/twistlock/private:defender_ +---- + +ifdef::compute_edition[] +[#install-defender-openshift] +==== Install Defender + +Prisma Cloud Defenders run as containers on the nodes in your OpenShift cluster. +They are deployed as a DaemonSet. +Use the _twistcli_ tool to generate the DaemonSet deployment YAML or helm chart. + +The command has the following basic structure +It creates a YAML file named _defender.yaml_ or a helm chart _twistlock-defender-helm.tar.gz_ in the working directory. + +Example for export of a YAML file: + + $ /twistcli defender export openshift \ + --address
\ + --cluster-address \ + --container-runtime crio + +Example for export of a Helm chart: + + $ /twistcli defender export openshift \ + --address
\ + --cluster-address \ + --helm \ + --container-runtime crio + +The command connects to Console’s API, specified in _--address_, to generate the Defender DaemonSet YAML config file or helm chart. +The location where you run twistcli (inside or outside the cluster) dictates which Console address should be supplied. + +The _--cluster-address_ flag specifies the address Defender uses to connect to Console. +For Defenders deployed inside the cluster, specify Prisma Cloud Console’s service name, twistlock-console or twistlock-console.twistlock.svc, or cluster IP address. +For Defenders deployed outside the cluster, specify the external route for the Console over port 8084 created before, _twistlock-console-8084.apps.ose.example.com_, if the external route is not exposing port 8084, specify the port in the address, e.g. _twistlock-console-8084.apps.ose.example.com:443_ within the defender daemonSet yaml. + +Example: Edit the resulting defender.yaml and change: + - name: WS_ADDRESS + value: wss://twistlock-console-8084.apps.ose.example.com:8084 +to + - name: WS_ADDRESS + value: wss://twistlock-console-8084.apps.ose.example.com:443 + +If SELinux is enabled on the OpenShift nodes, pass the _--selinux-enabled_ argument to twistcli. + +For managed clusters, Prisma Cloud automatically gets the cluster name from the cloud provider. +To override the cloud provider's cluster name, use the `--cluster` option. +For self-managed clusters, manually specify a cluster name with the `--cluster` option. + +[.task] +===== Option #1: Deploy with YAML files + +Deploy the Defender DaemonSet with YAML files. + +[.procedure] +. Generate the Defender DaemonSet YAML. +A number of command variations are provided. +Use them as a basis for constructing your own working command. ++ +*Outside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +Use the OpenShift external route for your Prisma Cloud Console, _--address \https://twistlock-console.apps.ose.example.com_. +Designate Prisma Cloud's cloud registry by omitting the _--image-name_ flag. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://twistlock-console.apps.ose.example.com \ + --cluster-address 172.30.41.62 \ + --selinux-enabled \ + --container-runtime crio ++ +*Outside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image from the OpenShift internal registry. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://twistlock-console.apps.ose.example.com \ + --cluster-address 172.30.41.62 \ + --selinux-enabled \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --container-runtime crio ++ +*Inside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +When generating the Defender DaemonSet YAML with twistcli from a node inside the cluster, use Console's service name (twistlock-console) or cluster IP in the _--cluster-address_ flag. +This flag specifies the endpoint for the Prisma Cloud Compute API and must include the port number. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://172.30.41.62:8083 \ + --cluster-address 172.30.41.62 \ + --selinux-enabled \ + --container-runtime crio ++ +*Inside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image in the OpenShift internal registry. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://172.30.41.62:8083 \ + --cluster-address 172.30.41.62 \ + --selinux-enabled \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --container-runtime crio + +. Deploy the Defender DaemonSet. + + $ oc create -f ./defender.yaml + + +[.task] +===== Option #2: Deploy with Helm chart + +Deploy the Defender DaemonSet with a Helm chart. + +// https://github.com/twistlock/twistlock/issues/13333 + +Prisma Cloud Defenders Helm charts fail to install on OpenShift 4 clusters due to a Helm bug. +If you generate a Helm chart, and try to install it in an OpenShift 4 cluster, you'll get the following error: + + Error: unable to recognize "": no matches for kind "SecurityContextConstraints" in version "v1" + +To work around the issue, you'll need to manually modify the generated Helm chart. + +[.procedure] +. Generate the Defender DaemonSet helm chart. +A number of command variations are provided. +Use them as a basis for constructing your own working command. ++ +*Outside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +Use the OpenShift external route for your Prisma Cloud Console, _--address \https://twistlock-console.apps.ose.example.com_. +Designate Prisma Cloud's cloud registry by omitting the _--image-name_ flag. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://twistlock-console.apps.ose.example.com \ + --cluster-address 172.30.41.62 \ + --helm \ + --container-runtime crio ++ +*Outside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image from the OpenShift internal registry. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://twistlock-console.apps.ose.example.com \ + --cluster-address 172.30.41.62 \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --helm \ + --container-runtime crio ++ +*Inside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +When generating the Defender DaemonSet YAML with twistcli from a node inside the cluster, use Console's service name (twistlock-console) or cluster IP in the _--cluster-address_ flag. +This flag specifies the endpoint for the Prisma Cloud Compute API and must include the port number. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://172.30.41.62:8083 \ + --cluster-address 172.30.41.62 \ + --helm \ + --container-runtime crio ++ +*Inside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image in the OpenShift internal registry. Defining CRI-O as the default container engine by using the `--container-runtime` flag. + + $ /twistcli defender export openshift \ + --address https://172.30.41.62:8083 \ + --cluster-address 172.30.41.62 \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --helm \ + --container-runtime crio + +. Unpack the chart into a temporary directory. + + $ mkdir helm-defender + $ tar xvzf twistlock-defender-helm.tar.gz -C helm-defender/ + +. Open _helm-console/twistlock-defender/templates/securitycontextconstraints.yaml_ for editing. + +. Change `apiVersion` from `v1` to `security.openshift.io/v1`. ++ +[source,yaml] +---- +{{- if .Values.openshift }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: +name: twistlock-console +... +---- + +. Repack the Helm chart + + $ cd helm-defender/ + $ tar cvzf twistlock-defender-helm.tar.gz twistlock-defender/ + +. Install the updated Helm chart. + + $ helm install --namespace=twistlock -g twistlock-defender-helm.tar.gz + +==== Confirm the Defenders were deployed. + +.. In Prisma Cloud Console, go to *Manage > Defenders > Manage* to see a list of deployed Defenders. ++ +image::install_openshift_tl_defenders.png[width=800] + +.. In the OpenShift Web Console, go to the Prisma Cloud project's monitoring window to see which pods are running. ++ +image::install_openshift_ose_defenders.png[width=800] + +.. Using the OpenShift CLI to see the DaemonSet pod count. + + $ oc get ds -n twistlock + + NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE + twistlock-defender-ds 4 3 3 3 3 29m ++ +NOTE: The _desired_ and _current_ pod counts do not match. +This is a job for the nodeSelector. + +endif::compute_edition[] + + +ifdef::prisma_cloud[] +=== Use OC to Deploy the Defender + +You can deploy Defenders using the xref:install-oc.adoc[OpenShift OC]. +endif::prisma_cloud[] + +=== Control Defender deployments with taint + +You can deploy Defenders to all nodes in an OpenShift cluster (master, infra, compute). +OpenShift Container Platform automatically taints infra and master nodes +These taints have the NoSchedule effect, which means no pod can be scheduled on them. + +To run the Defenders on these nodes, you can either remove the taint or add a toleration to the Defender DaemonSet. +Once this is done, the Defender Daemonset will automatically be deployed to these nodes (no need to redeploy the Daemonset). +Adjust the guidance in the following procedure according to your organization's deployment strategy. + +* *Option 1 - remove taint all nodes:* ++ + $ oc adm taint nodes --all node-role.kubernetes.io/master- + +* *Option 2 - remove taint from specific nodes:* ++ + $ oc adm taint nodes node-role.kubernetes.io/master- + +* *Option 3 - add tolerations to the twistlock-defender-ds DaemonSet:* ++ + $ oc edit ds twistlock-defender-ds -n twistlock ++ +Add the following toleration in PodSpec (DaemonSet.spec.template.spec) ++ + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + + +[.task] +=== Uninstall + +ifdef::compute_edition[] +To uninstall Prisma Cloud, delete the _twistlock_ project, then delete the Prisma Cloud PersistentVolume. + +[.procedure] +. Delete the _twistlock_ Project + + $ oc delete project twistlock + +. Delete the _twistlock_ PersistentVolume + + $ oc delete pv twistlock + +endif::compute_edition[] + +ifdef::prisma_cloud[] +To uninstall Prisma Cloud, delete the _twistlock_ project. + +[.procedure] +. Delete the _twistlock_ Project ++ +[source] +---- + $ oc delete project twistlock +---- + +endif::prisma_cloud[] + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator.adoc new file mode 100644 index 0000000000..4c064d183c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator.adoc @@ -0,0 +1,319 @@ +== Kubernetes + +This topic helps you install Prisma Cloud in your Kubernetes cluster quickly. +There are many ways to install Prisma Cloud, but use this workflow to quickly deploy Defenders and verify how information is accessible from the Prisma Cloud Console. +After completing this procedure, you can modify the installation to match your needs. + +To better understand clusters, read our xref:../../cluster-context.adoc[cluster context] topic. + +To deploy Prisma Cloud Defenders, you use the xref:../../../tools/twistcli.adoc[command-line utility called `twistcli`], which is bundled with the Prisma Cloud software. +The process has the following steps to give you full control over the created objects. + +. The `twistcli` utility generates YAML configuration files or Helm charts for the Defender. +. You create the required objects in your cluster with the `kubectl create` command. + +You can inspect, customize, and manage the YAML configuration files or Helm charts before deploying the Prisma Cloud Console and Defender. +You can place the files or charts under source control to track changes, to integrate them with Continuos Integration and Continuos Development (CI/CD) pipelines, and to enable effective collaboration. + +Each Prisma Cloud Defender is deployed as a `DaemonSet` to ensure that a Prisma Cloud Defender instance runs on each worker node of your cluster. + +=== Prerequisites + +To deploy your Defenders smoothly, you must meet the following requirements. + +* You have a valid Prisma Cloud license key and access token. + +* You have a valid access key and secret key created for the admin user inside Prisma Cloud + +* You provisioned a Kubernetes cluster that meets the minimum xref:../../system-requirements.adoc[system requirements] and runs a xref:../../system-requirements.adoc#orchestrators[supported Kubernetes version]. + +* You set up a Linux or macOS system to control your cluster, and you can access the cluster using the `kubectl` command-line utility. + +* The nodes in your cluster can reach Prisma Cloud's cloud registry at `registry-auth.twistlock.com`. + +ifdef::compute_edition[] +* Your cluster can create https://kubernetes.io/docs/concepts/storage/persistent-volumes/[PersistentVolumes] and https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/[LoadBalancers] from YAML configuration files or Helm charts. +endif::compute_edition[] + +* Your cluster uses any of the following runtimes. +For more information about the runtimes that Prisma Cloud supports, see the xref:../../system-requirements.adoc#container-runtimes[system requirements]. + +** Docker Engine +** CRI-O +** CRI-containerd + +* Install the xref:../../../tools/twistcli.adoc[Prisma Cloud command-line utility] called `twistcli`, which is bundled with the Prisma Cloud software. You use `twistcli` to deploy the Defenders. + +==== Required Permissions + +* You can create and delete namespaces in your cluster. + +* You can run the `kubectl create` command. + +==== Required Firewall and Port Configuration + +Open the following ports in your firewall. + +ifdef::compute_edition[] +Ports for the *Prisma Cloud Console*: + +* Incoming: 8083, 8084 +* Outgoing: 443, 53 +endif::compute_edition[] + +Ports for the *Prisma Cloud Defenders*: + +ifdef::compute_edition[] +* Incoming: None +* Outgoing: 8084 +endif::compute_edition[] + +ifdef::prisma_cloud[] +* Incoming: None +* Outgoing: 443 +endif::prisma_cloud[] + +ifdef::compute_edition[] + +To use Prisma Cloud as part of your Kubernetes deployment, you need the `twistcli` command-line utility and the Prisma Cloud Defenders. + +Use the xref:../../../tools/twistcli.adoc[`twistcli`] command-line utility to install the Prisma Cloud Console and . +The `twistcli` utility is included with every release, or you can <>. +After completing this procedure, the Prisma Cloud Console and Prisma Cloud Defenders run in your Kubernetes cluster. + +When you install Prisma Cloud on xref:install-amazon-ecs.adoc[Amazon Elastic Kubernetes Service] (EKS), Azure Kubernetes Service (AKS), or Alibaba Container Service with Kubernetes, additional configuration steps are required. + +endif::compute_edition[] + +ifdef::prisma_cloud[] +[#install-cli] +=== Install the Prisma Cloud Command-Line Utility + +To use Prisma Cloud as part of your Kubernetes deployment, you need the `twistcli` command-line utility and the Prisma Cloud Defenders. + +. Use the xref:../../../tools/twistcli.adoc[`twistcli`] command-line utility to deploy the Prisma Cloud Defenders in your Kubernetes cluster. ++ +The `twistcli` utility is included with every Prisma Cloud release. + +. Ensure that your cluster configuration allows the Defenders to connect to the Prisma Cloud Console service. +The Defenders connect to the Prisma Cloud Console service using a websocket over port `443` to retrieve policies and send data. +endif::prisma_cloud[] + +// Include reusable content fragment. +// Install Defender using 'twistcli defender export'. +// Define the :kubernetes: variable, which adds conditional content for scheduling Defender on master nodes. +:kubernetes: +include::../../fragments/install-defender-twistcli-export-kubectl.adoc[leveloffset=+1] + +[.task, #_helm] +=== Install Prisma Cloud with Helm charts + +ifdef::prisma_cloud[] +You can use `twistcli` to create Helm charts for the Prisma Cloud Console and the Defenders. +Helm is a package manager for Kubernetes, and a `chart` is a Helm package. + +Follow the <>, with the following changes. + +* Pass the `--helm_ option to _twistcli` to generate a Helm chart. +Don't change the other options passed to `twistcli` since they configure the chart. + +* Deploy your Defender with the `helm install` command instead of `kubectl create`. + +The following procedure shows the modified commands. + +[.procedure] +. Create a Defender `DaemonSet` Helm chart. + + $ ./twistcli defender export kubernetes \ + --address https://yourconsole.example.com:8083 \ + --helm \ + --user \ + --cluster-address twistlock-console \ + --container-runtime containerd + +. Install the Defender. + + $ helm install twistlock-defender-ds \ + --namespace twistlock \ + --create-namespace \ + ./twistlock-defender-helm.tar.gz + +endif::prisma_cloud[] + +ifdef::compute_edition[] +You can use `twistcli` to create Helm charts for the Prisma Cloud Console and the Defenders. +Helm is a package manager for Kubernetes, and a `chart` is a Helm package. + +Follow the <>, with the following changes. + +* Pass the `--helm_ option to _twistcli` to generate a Helm chart. +Don't change the other options passed to `twistcli` since they configure the chart. + +* Deploy your Defender with the `helm install` command instead of `kubectl create`. + +The following procedure shows the modified commands. + +[.procedure] +. xref:../../../welcome/releases.adoc#download[Download] the current recommended release. + +. Create a Console Helm chart. + + $ /twistcli console export kubernetes \ + --service-type LoadBalancer \ + --helm + +. Install the Console. + + $ helm install twistlock-console \ + --namespace twistlock \ + --create-namespace \ + ./twistlock-console-helm.tar.gz + +. <>. + +. Create a Defender `DaemonSet` Helm chart. + + $ /twistcli defender export kubernetes \ + --address https://yourconsole.example.com:8083 \ + --helm \ + --user \ + --cluster-address twistlock-console + +. Install the Defender. + + $ helm install twistlock-defender-ds \ + --namespace twistlock \ + --create-namespace \ + ./twistlock-defender-helm.tar.gz + +endif::compute_edition[] + +=== Install Prisma Cloud on a CRI (non-Docker) cluster + +// Include reusable content fragment. +// Install Defender using 'twistcli defender export' with cri option. +include::install-kubernetes-cri.adoc[leveloffset=+1] + +=== Troubleshooting + +==== Kubernetes CrashLoopBackOff Error + +**Error** + + Back-off restarting failed container + +To get the error logs, run the command: `kubectl describe pod[name]`. + +**Reason** + +This is caused due to a temporary memory resource overload. +When running WAAS Out-of-Band (OOB), the Defender automatically increases the `cgroup` memory limit to 4 GB (as OOB needs more memory). But since the Defenders' `cgroup` in K8s is hierarchically under the `cgroup` of the K8s pod with a limit of 512 MB, this results in an Out-Of-Memory error. + +[.task] +==== Increase the Defender Pod Limit + +Increase the Pod limit to 4 GB when activating WAAS OOB on K8s cluster. + +[.procedure] + +. **For running Defenders** +.. Run `kubectl edit ds twistlock-defender-ds -n twistlock` and change the value under *resources > limits > memory* to *4096Mi* in the Daemonset spec `*.yaml` file. +.. *Save* the file to restart the Defenders with the increased memory limit. + +. **When deploying Defenders** +.. *With YAML*: +... Change the value of *resources > limits > memory* to *4096Mi*. +... Deploy the `*.yaml` file. + +.. *With HELM*: +... Change the value of *limit_memory* to *4096Mi* in "values.yaml" file. + +.. *With script*: +... Deploy the Defender using the install script. +... Run `kubectl edit ds twistlock-defender-ds -n twistlock` and change the value under *resources > limits > memory* to *4096Mi*. +... *Save* the file to restart the Defenders with the increased memory limit. + +==== Pod Security Policy + +If Pod Security Policy is enabled in your cluster, you might get the following error when trying to create a Defender DaemonSet. + + Error creating: pods "twistlock-defender-ds-" is forbidden: unable to validate against any pod security policy ..Privileged containers are not allowed + +[NOTE] +==== +Kubernetes has https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/[deprecated Pod Security Policy]. +The following troubleshooting steps only apply to the deprecated `PodSecurityPolicy` custom resource. +==== + +If you get this error, then you must create a PodSecurityPolicy for the Defender and the necessary ClusterRole and ClusterRoleBinding for the twistlock namespace. +You can use the following Pod Security Policy, ClusterRole and ClusterRoleBinding: + +.PodSecurityPolicy +[source,yaml] +---- +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: prismacloudcompute-service +spec: + privileged: false + seLinux: + rule: RunAsAny + allowedCapabilities: + - AUDIT_CONTROL + - NET_ADMIN + - SYS_ADMIN + - SYS_PTRACE + - MKNOD + - SETFCAP + volumes: + - "hostPath" + - "secret" + allowedHostPaths: + - pathPrefix: "/etc" + - pathPrefix: "/var" + - pathPrefix: "/run" + - pathPrefix: "/dev/log" + - pathPrefix: "/" + hostNetwork: true + hostPID: true + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny +---- + +.ClusterRole +[source,yaml] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prismacloudcompute-defender-role +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - prismacloudcompute-service +---- + +.ClusterRoleBinding +[source,yaml] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prismacloudcompute-defender-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prismacloudcompute-defender-role +subjects: +- kind: ServiceAccount + name: twistlock-service + namespace: twistlock +---- + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/redeploy-defender.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/redeploy-defender.adoc new file mode 100644 index 0000000000..43dbd67e0d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/redeploy-defender.adoc @@ -0,0 +1,40 @@ +:topic_type: task + +[.task] +== Redeploy Defenders + +ifdef::compute_edition[] +When you redeploy the Prisma Cloud Console, the client and server certificates change. +That certificate change requires that you redeploy your Defenders. +Once redeployed, the Defenders can connect to the new console without certificate issues. +endif::compute_edition[] +[.procedure] + +. You can *Redeploy* Defenders from under *Manage > Defenders > Auto-defend > DaemonSets* on the UI. ++ +To redeploy Defenders using `twistcli`, generate a new `DaemonSet`configuration file: ++ +[source,bash] +---- +$ ./twistcli defender export kubernetes \ + --address \ + --user \ + --cluster-address \ + --container-runtime +---- ++ +`--container-runtime`: Container runtime the node uses, either of: crio, containerd, or docker. + +. Delete the old Defenders using your old daemonset config file: ++ +[source,bash] +---- +$kubectl delete -f .yaml +---- + +. To create new Defenders, apply the https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#in-place-updates-of-resources[in-place updates] to your `Defender` resources. ++ +[source,bash] +---- +$ kubectl apply -f .yaml +---- diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc new file mode 100644 index 0000000000..4a66bb8011 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/auto-defend-serverless.adoc @@ -0,0 +1,192 @@ +== Auto-defend serverless functions + +Serverless auto-defend lets you automatically add the Serverless Defender to the AWS Lambda functions deployed in your account. +Prisma Cloud uses the AWS API to deploy the Serverless Defender as a Lambda layer based on the auto-defend rules. + +It is an additional option for deploying the Serverless Defender, on top of manually adding it xref:serverless.adoc[as a dependency] or adding it xref:install-serverless-defender-layer.adoc[as a Lambda layer]. + +Serverless auto-defend supports the following runtimes: + +* Node.js 12.x, 14.x +* Python 3.6, 3.7, 3.8, 3.9 +* Ruby 2.7 + +=== Limitations + +* Auto-protect is implemented with a layer. +** AWS Lambda has a limit of https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html[five layers] per function. +If your functions have multiple layers, and they might exceed the layer limit with auto-defend, consider protecting them with the xref:serverless.adoc[embedded] option. +* Prisma Cloud doesn't support defending (or scanning) AWS Lambda functions that are https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-images.html[deployed as container images] at the time of creating a function in your AWS account. + +=== Required permissions + +Prisma Cloud needs the following permissions to automatically protect Lambda functions in your AWS account. +Add the following policy to an IAM user or role: + +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PrismaCloudComputeServerlessAutoProtect", + "Effect": "Allow", + "Action": [ + "lambda:PublishLayerVersion", + "lambda:UpdateFunctionConfiguration", + "lambda:GetLayerVersion", + "lambda:GetFunctionConfiguration", + "iam:SimulatePrincipalPolicy", + "lambda:GetFunction", + "lambda:ListFunctions", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies", + "iam:GetRolePolicy", + "iam:GetPolicy", + "lambda:ListLayerVersions", + "lambda:ListLayers", + "lambda:DeleteLayerVersion", + "kms:Decrypt", + "kms:Encrypt", + "kms:CreateGrant" + ], + "Resource": "*" + } + ] +} +---- + + +=== Serverless auto-defend rules + +To secure one or multiple AWS Lambda functions using serverless auto-defend: + +. Define a serverless protection runtime policy. + +. Define a serverless WAAS policy. + +. Add a serverless auto-defend rule. + + +[.task] +[#defining-policy] +=== Defining your runtime protection policy + +By default, Prisma Cloud ships with an empty serverless runtime policy. +An empty policy disables runtime defense entirely. + +You can enable runtime defense by creating a rule. +By default, new rules: + +* Apply to all functions (`{asterisk}`), but you can target them to specific functions by function name. +* Block all processes from running except the main process. +This protects against command injection attacks. + +When functions are invoked, they connect to Compute Console and retrieve the latest policy. +To ensure that functions start executing at time=0 with your custom policy, you must predefine the policy. +Predefined policy is embedded into your function along with the Serverless Defender by way of the `TW_POLICY` environment variable. + +// To minimize the impact on start latency, the customer's business logic is allowed to asynchronously start executing while the policy +// is downloaded in the background. The sequence of events is: +// +// 1. Start the Serverless Defender +// 2. Download policy, if necessary +// 3. Run customer's handler +// +// Steps 2 and 3 are asynchronous (3 can start before 2 finishes). For this reason, it's important to define policy before embedding +// the `TW_POLICY` env var into the function. +// +// For more info: see the discussion in https://github.com/twistlock/docs/pull/1227/files +// +// Customers will be able to select between synchronous (more secure) and ansynchronous (more performant) policy download soon. +// See: https://github.com/twistlock/twistlock/issues/16608 + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > Runtime > Serverless Policy*. + +. Click *Add rule*. + +. In the *General* tab, enter a rule name. + +. (Optional) In *Scope*, target the rule to specific functions. ++ +Create a new collection. + +. Set the rule parameters in the *Processes*, *Networking*, and *File System* tabs. + +. Click *Save*. + +[.task, #_defining_policy] +=== Defining your serverless WAAS policy + +Prisma Cloud lets you protect your serverless functions against application layer attacks by utilizing the serverless xref:../../../waas/waas.adoc[Web Application and API Security (WAAS)]. + +By default, the serverless WAAS is disabled. +To enable it, add a new serverless WAAS rule. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > WAAS > Serverless*. + +. Click *Add rule*. + +. In the *General* tab, enter a rule name. + +. (Optional) In *Scope*, target the rule to specific functions. ++ +Create a new collection. +In the *Functions* field, enter a function name. +Use xref:../../../configure/rule-ordering-pattern-matching.adoc[pattern matching] to refine how it's applied. + +. Set the protections you want to apply (*SQLi*, *CMDi*, *Code injection*, *XSS*, *LFI*). + +. Click *Save*. + + +[.task] +=== Add a serverless auto-defend rule + +The serverless auto-defend rules let you specify which functions you want to protect. +When defining a specific rule you can reference the relevant credential, regions, tags, function names and runtimes. +Each auto-defend rule is evaluated separately. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Deploy > Serverless auto-defend*. + +. Click on *Add rule*. + +. In the dialog, enter the following settings: + +.. Enter a rule name. + +.. In *Provider* - only AWS is supported. + +.. Specify the scope. ++ +The available resources for scope are: ++ +* *Functions* - either specific names or prefix. +* *Labels* - allows specifying either regions (format - region:REGION_NAME) or AWS tags (format - KEY:VALUE). + +.. Specify the Console name. + +.. Specify the runtimes. + +.. Select or xref:../../../authentication/credentials-store/credentials-store.adoc[create credentials] so that Prisma Cloud can access your account. + +.. (Optional) Specify a proxy for the Defenders to use when communicating with the Console. + +.. Click *Add*. + +. The new rule appears in the table of rules. + +. Click *Apply Defense*. ++ +NOTE: By default, the serverless auto-defend rules are evaluated every 24 hours. ++ +NOTE: When a rule is deleted, the new set of rules is evaluated and applied *immediately*. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer.adoc new file mode 100644 index 0000000000..424fc8f3d4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer.adoc @@ -0,0 +1,207 @@ +== Deploy Serverless Defender as a Lambda Layer + +Prisma Cloud Serverless Defenders protect serverless functions at runtime. +Currently, Prisma Cloud supports AWS Lambda functions. + +Lambda layers are ZIP archives that contain libraries, custom runtimes, or other dependencies. +Layers let you add reusable components to your functions, and focus deployment packages on business logic. +They are extracted to the _/opt_ directory in the function execution environment. +For more information, see the https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html[AWS Lambda layers documentation]. + +Prisma Cloud delivers Serverless Defender as a Lambda layer. +Deploy Serverless Defender to your function by wrapping the handler and setting an environment variable. + +=== Secure the Serverless Functions + +To secure an AWS Lambda function with the Serverless Defender layer: + +. Download the Serverless Defender Lambda layer ZIP file. + +. Upload the layer to AWS. + +. Define a serverless protection runtime policy. + +. Define a serverless WAAS policy. + +. Add the layer to your function, update the handler, and set an environment variable. +After completing this integration, Serverless Defender runs when your function is invoked. + + +[.task] +=== Download the Serverless Defender Layer + +Download the Serverless Defender layer from Compute Console. + +[.procedure] +. Open Console, then go to *Manage > Defenders > Deploy> Defenders > Single Defender*. + +. Choose the DNS name or IP address that Serverless Defender uses to connect to Console. + +. Set the Defender type to *Serverless Defender*. + +. Select a runtime. ++ +Prisma Cloud supports Lambda layers for *Node.js*, *Python*, *Ruby*, *C#*, and *Java*. See xref:../../system-requirements.adoc#serverless-runtimes[system requirements] for the runtimes that are supported for Serverless Defender as a Lambda layer. + +. For *Deployment Type*, select *Layer*. + +. Download the Serverless Defender layer. +A ZIP file is downloaded to your host. + + +[.task] +=== Upload the Serverless Defender layer to AWS + +Add the layer to the AWS Lambda service as a resource available to all functions. + +[.procedure] +. In the AWS Management Console, go to the Lambda service. + +. Select *Layers > Create Layer*. ++ +image::serverless_layer_layers.png[width=250] + +. In *Name*, enter *twistlock*. + +. Click *Upload*, and select the file you just downloaded, __twistlock_defender_layer.zip__ + +.. Select the compatible runtimes: *Python*, *Node.js*, **Ruby*, *C#*, or *Java*. + +.. Click *Create*. ++ +image::serverless_layer_create.png[width=700] + + +[.task, #_defining_policy] +=== Define your Runtime Protection Policy + +By default, Prisma Cloud ships with an empty serverless runtime policy. +An empty policy disables runtime defense entirely. + +You can enable runtime defense by creating a rule. +By default, new rules: + +* Apply to all functions (`{asterisk}`), but you can target them to specific functions by function name. +* Block all processes from running except the main process. +This protects against command injection attacks. + +When functions are invoked, they connect to Compute Console and retrieve the latest policy. +To ensure that functions start executing at time=0 with your custom policy, you must predefine the policy. +Predefined policy is embedded into your function along with the Serverless Defender by way of the `TW_POLICY` environment variable. + +// To minimize the impact on start latency, the customer's business logic is allowed to asynchronously start executing while the policy +// is downloaded in the background. The sequence of events is: +// +// 1. Start the Serverless Defender +// 2. Download policy, if necessary +// 3. Run customer's handler +// +// Steps 2 and 3 are asynchronous (3 can start before 2 finishes). For this reason, it's important to define policy before embedding +// the `TW_POLICY` env var into the function. +// +// For more info: see the discussion in https://github.com/twistlock/docs/pull/1227/files +// +// Customers will be able to select between synchronous (more secure) and ansynchronous (more performant) policy download soon. +// See: https://github.com/twistlock/twistlock/issues/16608 + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > Runtime > Serverless Policy*. + +. Click *Add rule*. + +. In the *General* tab, enter a rule name. + +. (Optional) Target the rule to specific functions. + +. Set the rule parameters in the *Processes*, *Networking*, and *File System* tabs. + +. Click *Save*. + +[.task, #_defining_cnaf_policy] +=== Define your Serverless WAAS Policy + +Prisma Cloud lets you protect your serverless functions against application layer attacks by utilizing the serverless xref:../../../waas/waas.adoc[Web Application and API Security (WAAS)]. + +By default, the serverless WAAS is disabled. +To enable it, add a new serverless WAAS rule. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > WAAS > Serverless*. + +. Click *Add rule*. + +. In the *General* tab, enter a rule name. + +. (Optional) Target the rule to specific functions. + +. Set the protections you want to apply (*SQLi*, *CMDi*, *Code injection*, *XSS*, *LFI*). + +. Click *Save*. + + +[.task] +=== Embed the Serverless Defender + +Embed the Serverless Defender as a layer, and run it when your function is invoked. +If you are using a deployment framework such as https://aws.amazon.com/blogs/compute/working-with-aws-lambda-and-lambda-layers-in-aws-sam/[SAM] or https://serverless.com/framework/docs/providers/aws/guide/layers#using-your-layers[Serverless Framework] you can reference the layer from within the configuration file. + +*Prerequisites:* + +* You already have a Lambda function. +* Your Lambda function is written for Node.js, Python, or Ruby. +* Your function's execution role grants it permission to write to CloudWatch Logs. +Note that the *AWSLambdaBasicExecutionRole* grants permission to write to CloudWatch Logs. + +[.procedure] +. Go to the function designer in the AWS Management Console. + +. Click on the *Layers* icon. ++ +image::serverless_layer_function_designer_layers.png[width=250] + +. In the *Referenced Layers* panel, click *Add a layer*. ++ +image::serverless_layer_add_a_layer.png[width=700] + +.. In the *Select from list of runtime compatible layers*, select *twistlock*. + +.. In the *Version* drop-down list, select *1*. + +.. Click *Add*. ++ +image::serverless_layer_add_a_layer2.png[width=700] ++ +When you return to the function designer, you'll see that your function now uses one layer. ++ +image::serverless_layer_function_designer_layers2.png[width=250] + +. Update the handler for your function to be _twistlock.handler_. ++ +image::lambda_handler.png[width=700] + +. Set the _TW_POLICY_ and _ORIGINAL_HANDLER_ environment variable, which specifies how your function connects to Compute Console to retrieve policy and send audits. + +.. In Compute Console, go to *Manage > Defenders > Deploy > Single Defender*. + +.. For *Defender type*, select *Serverless*. + +.. In *Set the Twistlock environment variable*, enter the function name and region. + +.. Copy the generated *Value*. + +.. In AWS Console, open your function in the designer, and scroll down to the *Environment variables* panel. + +.. For *Key*, enter TW_POLICY. + +.. For *Value*, paste the rule you copied from Compute Console. + +.. For _ORIGINAL_HANDLER_, this is the original value of handler for your function before your modification. + +. Click *Save* to preserve all your changes. ++ +image::lambda_env_variables.png[width=700] + diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/serverless.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/serverless.adoc new file mode 100644 index 0000000000..c67eea686f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/serverless.adoc @@ -0,0 +1,786 @@ +:toc: macro + +== Serverless Defender + +toc::[] + +Serverless Defender protects serverless functions at runtime. +It monitors your functions to ensure they execute as designed. + +Per-function policies let you control: + +* Process activity. +Enables verification of launched subprocesses against policy. + +* Network connections. +Enables verification of inbound and outbound connections, and permits outbound connections to explicitly allowed domains. + +* File system activity. +Controls which parts of the file system functions can access. + +Prisma Cloud supports AWS Lambda functions (Linux) and Azure Functions (Windows only). + +See xref:../../system-requirements.adoc#serverless-runtimes[system requirements] for the runtimes and architectures that are supported for Serverless Defenders. + +The following runtimes are supported for AWS Lambda: + +* C# (.NET Core) 6.0 +* Java 8, 11 +* Node.js 14.x, 16.x, 18.x +* Python 3.6, 3.7, 3.8, 3.9 +* Ruby 2.7 + +Serverless Defenders are not supported on ARM64 architecture. + +The following runtimes are supported for Azure Functions (Windows and 64 bit only): + +* v3 - C# (.NET Core) 3.1 +* v4 - C# (.NET Core) 6.0 + +// To be fixed. +// https://github.com/twistlock/twistlock/issues/18563 +[NOTE] +==== +Only users with the Administrator role can see the list of deployed Serverless Defenders in *Manage > Defenders > Manage*. +==== + +[#secure-serverless-functions] +=== Securing serverless functions + +To secure a serverless function, embed the Prisma Cloud Serverless Defender into it. +The steps are: + +. (Optional) If you are not using a deployment framework like SAM or Serverless Framework, download a ZIP file that contains your function source code and dependencies. + +. Embed the Serverless Defender into the function. + +. Deploy the new function or upload the updated ZIP file to the cloud provider. + +. Define a serverless protection runtime policy. + +. Define a serverless WAAS policy. + + +[.task] +[#aws-lambda-download-function-zip-file] +=== AWS Lambda - (Optional) Download your function as a ZIP file + +Download your function's source code from AWS as a ZIP file. + +[.procedure] +. From Lambda's code editor, click *Actions > Export function*. + +. Click *Download deployment package*. ++ +Your function is downloaded to your host as a ZIP file. + +. Create a working directory, and unpack the ZIP file there. ++ +In the next step, you'll download the Serverless Defender files to this working directory. + + +[.task] +[#aws-lamda-embed-serverless-defender-into-c-function] +=== AWS Lambda - Embed Serverless Defender into C# functions + +In your function code, import the Serverless Defender library and create a new protected handler that wraps the original handler. +The protected handler will be called by AWS when your function is invoked. +Update the project configuration file to add Prisma Cloud dependencies and package references. + +Prisma Cloud supports .NET Core 3.1, 6.0. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Defenders: Deployed > Manual deploy > Single Defender*. + +. In *Choose Defender type*, select *Serverless Defender - AWS*. + +ifdef::compute_edition[] +. Choose the DNS name or IP address Serverless Defender uses to connect to Console. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. The DNS name Serverless Defender uses to connect to your Compute Console is prepopulated for you. +endif::prisma_cloud[] + +. In *Runtime*, select *C#*. + +. Download the Serverless Defender package to your workstation. + +. Unzip the Serverless Defender bundle into your working directory. + +. Embed the serverless Defender into the function by importing the Prisma Cloud library and wrapping the function's handler. ++ +Function input and output can be a struct or a stream. +Functions can be synchronous or asynchronous. +The context parameter is optional in .NET, so it can be omitted. ++ +[source] +---- + using Twistlock; + + public class ... { + // Original handler + public ApplicationLoadBalancerResponse Handler(ApplicationLoadBalancerRequest request, ILambdaContext context) + { + ... + } + + // Application load balancer example + // Twistlock protected handler + public ApplicationLoadBalancerResponse ProtectedHandler(ApplicationLoadBalancerRequest request, ILambdaContext context) + { + return Twistlock.Serverless.Handler(Handler, request, context); + } + ... + } +---- + +. Add the Twistlock package as a dependency in your nuget.config file. ++ +If a nuget.config file doesn't exist, create one. + + + + + + + +. Reference the Twistlock package in your csproj file. + + + + + + + + + + . + . + . + + +. Generate the value for the TW_POLICY environment variable by specifying your function's name and region. ++ +NOTE: If *Any* is selected for region, only policies that contain *** in the region label will be matched. ++ +Serverless Defender uses TW_POLICY to determine how to connect to Compute Console to retrieve policy and send audits. ++ +Copy the value generated for TW_POLICY, and set it aside. + +. xref:upload-protected-function-to-aws[Upload the protected function to AWS, and set the TW_POLICY environment variable.] + +[#embed-serverless-defender-into-java-functions] +[.task] +=== AWS Lambda - Embed Serverless Defender into Java functions + +To embed Serverless Defender, import the Twistlock package and update your code to start Serverless Defender as soon as the function is invoked. +Prisma Cloud supports both Maven and Gradle projects. +You'll also need to update your project metadata to include Serverless Defender dependencies. + +Prisma Cloud supports https://docs.aws.amazon.com/lambda/latest/dg/java-handler-using-predefined-interfaces.html[both predefined interfaces] in the AWS Lambda Java core library: RequestStreamHandler (where input must be serialized JSON) and RequestHandler. + +AWS lets you specify handlers as functions or classes. +In both cases, Twistlock.Handler(), the entry point to Serverless Defender, assumes the entry point to your code is named handleRequest. +After embedding Serverless Defender, update the name of the handler registered with AWS to be the wrapper method that calls Twistlock.Handler() (for example, protectedHandler). + +Prisma Cloud supports both service struct and stream input (serialized struct). +Even though the Context parameter is optional for unprotected functions, it's manadatory when embedding Serverless Defender. + +Prisma Cloud supports Java 8 and Java 11. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Defenders: Deployed > Manual Deploy > Single Defender*. + +ifdef::compute_edition[] +. Choose the DNS name or IP address Serverless Defender uses to connect to Console. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. The DNS name Serverless Defender uses to connect to your Compute Console is prepopulated for you. +endif::prisma_cloud[] + +. In *Defender type*, select *Serverless Defender - AWS*. + +. Select the name that Defender will use to connect to this Console. + +. In *Runtime*, select *Java*. + +. In *Package*, select *Maven* or *Gradle*. ++ +The steps for embedding Serverless Defender differ depending on the build tool. + +. Download the Serverless Defender package to your workstation. + +. Unzip the Serverless Defender bundle into your working directory. + +.. Enter the package details and artifact id in the `defender-.pom` file: + + + 4.0.0 + com.twistlock.serverless + defender + 22.11.386 + twistlock serverless defender pom + + +. Embed Serverless Defender into your function by importing the Prisma Cloud package and wrapping the function's handler. ++ +[source] +---- +import com.twistlock.serverless.Twistlock; + +public class ... implements RequestHandler { + + // Original handler + @Override + public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent request, Context context) { + { + ... + } + + // RequestHandler example + // Twistlock protected handler + public APIGatewayProxyResponseEvent protectedHandler(APIGatewayProxyRequestEvent request, Context context) { + return Twistlock.Handler(this, request, context); + } + ... +} +} +... +---- + +. Update your project configuration file. + +.. *Maven* ++ +Update your `*pom` xml file. +Don't create new sections for the Prisma Cloud configurations. +Just update existing sections. +For example, don't create a new section if one exists already. +Just append a section to it. ++ +Add the assembly plugin to include the Twistlock package in the final function JAR. +Usually the shade plugin is used in AWS to include packages to standalone JARs, but it doesn't let you include local system packages. ++ + + + + + + maven-assembly-plugin + + false + + assembly.xml + + + + + make-assembly + package + + attached + + + + + ... + ++ + + + + ${project.basedir} + + twistlock/* + + + twistlock/com/** + + + ... + + ... + ++ + + + + + twistlock-internal + twistlock + file://${project.basedir}/twistlock + + ... + ++ + + + + com.twistlock.serverless + defender + 22.11.386 + + ... + + ... + + +.. Create an `assembly.xml` file, which packs all dependencies in a standalone JAR. + + + twistlock-protected + + jar + + false + + + + true + runtime + + + + true + system + + + + +. *Gradle* ++ +Gradle supports Maven repositories and can fetch artifacts directly from any kind of Maven repository. ++ +Update your `build.gradle` file. + +.. Add the Maven repository for this project. +.. Set the `*.jar` file as an "implementation" dependency from the filesystem. +.. Update the zip resources. ++ +[source] +---- +repositories { + maven { + url "file://$projectDir/twistlock" + } +} + +dependencies { + implementation 'com.twistlock.serverless:defender:22.11.386' +} + +task buildZip(type: Zip) { + from compileJava + from processResources + into('lib') { + from configurations.runtimeClasspath + } + // Include Twistlock resources + into ('twistlock') { + from 'twistlock' + exclude "com/**" + } +} + +build.dependsOn buildZip +---- + +. In AWS, set the name of the Lambda handler for your function to protectedHandler. + +. Generate the value for the TW_POLICY environment variable by specifying your function's name and region. ++ +NOTE: If *Any* is selected for region, only policies that contain *** in the region label will be matched. ++ +Serverless Defender uses TW_POLICY to determine how to connect to Compute Console to retrieve policy and send audits. ++ +Copy the value generated for TW_POLICY, and set it aside. + +. xref:upload-protected-function-to-aws[Upload the protected function to AWS, and set the TW_POLICY environment variable.] + + +[.task] +[#embed-serverless-defender-into-nodejs-functions] +=== AWS Lambda - Embed Serverless Defender into Node.js functions + +Import the Serverless Defender module, and configure your function to start it. +Prisma Cloud supports Node.js 14.x. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Defenders: Deployed > Manual deploy > Single Defender*. + +ifdef::compute_edition[] +. Choose the DNS name or IP address Serverless Defender uses to connect to Console. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. The DNS name Serverless Defender uses to connect to your Compute Console is prepopulated for you. +endif::prisma_cloud[] + +. In *Choose Defender type*, select *Serverless*. + +. In *Runtime*, select *Node.js*. + +. Download the Serverless Defender package to your workstation. + +. Unzip the Serverless Defender bundle into your working directory. + +. Embed the serverless Defender into the function by importing the Prisma Cloud library and wrapping the function's handler. + +.. For asynchronous handlers: + + // Async handler + var twistlock = require('./twistlock'); + exports.handler = async (event, context) => { + . + . + . + }; + exports.handler = twistlock.asyncHandler(exports.handler); + +.. For synchronous handlers: + + // Non-async handler + var twistlock = require('./twistlock'); + exports.handler = (event, context, callback) => { + . + . + . + }; + exports.handler = twistlock.handler(exports.handler); + +. Generate the value for the TW_POLICY environment variable by specifying your function's name and region. ++ +NOTE: If *Any* is selected for region, only policies that contain *** in the region label will be matched. ++ +Serverless Defender uses TW_POLICY to determine how to connect to Compute Console to retrieve policy and send audits. ++ +Copy the value generated for TW_POLICY, and set it aside. + +. xref:upload-protected-function-to-aws[Upload the protected function to AWS, and set the TW_POLICY environment variable.] +* Prisma Cloud Serverless Defender includes native node.js libraries. If you are using webpack, please refer to tools such as https://www.npmjs.com/package/native-addon-loader[native-addon-loader] to make sure these libraries are included in the function ZIP file. + + +[.task] +[#aws-lamda-python-functions] +=== AWS Lambda - Embed Serverless Defender into Python functions + +Import the Serverless Defender module, and configure your function to invoke it. +Prisma Cloud supports Python 3.6, 3.7, and 3.8. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Defenders: Deployed > Manual deploy > Single Defender*. + +ifdef::compute_edition[] +. Choose the DNS name or IP address Serverless Defender uses to connect to Console. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. The DNS name Serverless Defender uses to connect to your Compute Console is prepopulated for you. +endif::prisma_cloud[] + +. In *Choose Defender type*, select *Serverless*. + +. In *Runtime*, select *Python*. + +. Download the Serverless Defender package to your workstation. + +. Unzip the Serverless Defender bundle into your working directory. + +. Embed the serverless Defender into the function by importing the Prisma Cloud library and wrapping the function's handler. + + import twistlock.serverless + @twistlock.serverless.handler + def handler(event, context): + . + . + . + +. Generate the value for the TW_POLICY environment variable by specifying your function's name and region. ++ +NOTE: If *Any* is selected for region, only policies that contain *** in the region label will be matched. ++ +Serverless Defender uses TW_POLICY to determine how to connect to Compute Console to retrieve policy and send audits. ++ +Copy the value generated for TW_POLICY, and set it aside. + +. xref:upload-protected-function-to-aws[Upload the protected function to AWS, and set the TW_POLICY environment variable.] + + +[.task] +[#embed-serverless-defender-into-ruby-functions] +=== AWS Lambda - Embed Serverless Defender into Ruby functions + +Import the Serverless Defender module, and configure your function to invoke it. +Prisma Cloud supports Ruby 2.7. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Defenders: Deployed > Manual deploy > Single Defender*. + +ifdef::compute_edition[] +. Choose the DNS name or IP address Serverless Defender uses to connect to Console. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. The DNS name Serverless Defender uses to connect to your Compute Console is prepopulated for you. +endif::prisma_cloud[] + +. In *Choose Defender type*, select *Serverless*. + +. In *Runtime*, select *Ruby*. + +. Download the Serverless Defender package to your workstation. + +. Unzip the Serverless Defender bundle into your working directory. + +. Embed the serverless Defender into the function by importing the Prisma Cloud library and wrapping the function's handler. + +.. Option 1: ++ +---- +require_relative './twistlock/twistlock' +def handler(event:, context:) + Twistlock.handler(event: event, context: context) { |event:, context:| + # Original handler + ... + } +end +. +. +. +---- + +.. Option 2: ++ +---- +require_relative './twistlock/twistlock' +# Handler as a class method +module Module1 + class Class1 + def self.original_handler(event:, context:) + ... + end + def self.protected_handler(event:, context:) + return Twistlock.handler(event: event, context: context, &method(:original_handler)) + end + end +end +. +. +. +---- + +. Generate the value for the TW_POLICY environment variable by specifying your function's name and region. ++ +NOTE: If *Any* is selected for region, only policies that contain *** in the region label will be matched. ++ +Serverless Defender uses TW_POLICY to determine how to connect to Compute Console to retrieve policy and send audits. ++ +Copy the value generated for TW_POLICY, and set it aside. + +. xref:upload-protected-function-to-aws[Upload the protected function to AWS, and set the TW_POLICY environment variable.] + + +[#upload-protected-function-to-aws] +[.task] +=== AWS Lambda - Upload the protected function + +After embedding Serverless Defender into your function, upload it to AWS. +If you are using a deployment framework such as SAM or Serverless Framework just deploy the function with your standard deployment procedure. +If you are using AWS directly, follow the steps below: + +[.procedure] +. Upload the new ZIP file to AWS. + +.. In *Designer*, select your function so that you can view the function code. + +.. Under *Code entry type*, select *Upload a .ZIP file*. + +.. Specify a runtime and the handler. ++ +Validate that *Runtime* is a supported runtime, and that *Handler* points to the function's entry point. + +.. Click *Upload*. ++ +image::install_serverless_defender_upload_zip.png[width=800] + +.. Click *Save*. + +. Set the TW_POLICY environment variable. + +.. In Designer, open the environment variables panel. + +.. For Key, enter TW_POLICY. + +.. For Value, paste the rule you copied from Compute Console. + +.. Click Save. + + +[.task] +[#azure-functions] +=== Azure Functions - Embed Serverless Defender into C# functions + +In your function code, import the Serverless Defender library and create a new protected handler that wraps the original handler. +The protected handler will be called by Azure when your function is invoked. +Update the project configuration file to add Prisma Cloud dependencies and package references. + +Prisma Cloud supports .NET Core 3.1, 6.0 on Windows. 64 bit only. + +[.procedure] +. Open Compute Console, and go to *Manage > Defenders > Defenders: Deployed > Manual deploy > Single Defender*. + +ifdef::compute_edition[] +. Choose the DNS name or IP address Serverless Defender uses to connect to Console. +endif::compute_edition[] + +ifdef::prisma_cloud[] +. The DNS name Serverless Defender uses to connect to your Compute Console is prepopulated for you. +endif::prisma_cloud[] + +. In *Choose Defender type*, select *Serverless Defender - Azure*. + +. In *Runtime*, select *C#*. + +. Download the Serverless Defender package to your workstation. + +. Unzip the Serverless Defender bundle into your working directory. + +. Embed the serverless Defender into the function by importing the Prisma Cloud library and wrapping the function's handler. ++ +Function input and output can be a struct or a stream. +Functions can be synchronous or asynchronous. +The context parameter is optional in .NET, so it can be omitted. ++ +[source] +---- +using Twistlock; + +public class ... { +// Original handler +public static async Task Run( + [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, + ILogger log, ExecutionContext context) + { + Twistlock.Serverless.Init(log, context); + ... + } +} +---- + +. Add the Twistlock package as a dependency in your nuget.config file. ++ +If a nuget.config file doesn't exist, create one. ++ +---- + + + + + +---- + +. Reference the Twistlock package in your project configuration file. ++ +---- + + + + + + + + + ... + +---- + +. Generate the value for the TW_POLICY environment variable by specifying your function's name and region. ++ +NOTE: If *Any* is selected for region, only policies that contain a wildcard in the region label will be matched. ++ +Serverless Defender uses TW_POLICY to determine how to connect to Compute Console to retrieve policy and send audits. ++ +Copy the value generated for TW_POLICY, and set it aside. + +. Upload the protected function to Azure, and set the TW_POLICY environment variable. + + +[#define-policy] +[.task] +=== Defining your runtime protection policy + +By default, Prisma Cloud ships with an empty serverless runtime policy. +An empty policy disables runtime defense entirely. + +You can enable runtime defense by creating a rule. +By default, new rules: + +* Apply to all functions (`{asterisk}`), but you can target them to specific functions by function name. +* Block all processes from running except the main process. +This protects against command injection attacks. + +When functions are invoked, they connect to Compute Console and retrieve the latest policy. +To ensure that functions start executing at time=0 with your custom policy, predefine the policy. +Predefined policy is embedded into your function along with the Serverless Defender by way of the `TW_POLICY` environment variable. + +// To minimize the impact on start latency, the customer's business logic is allowed to asynchronously start executing while the policy +// is downloaded in the background. The sequence of events is: +// +// 1. Start the Serverless Defender +// 2. Download policy, if necessary +// 3. Run customer's handler +// +// Steps 2 and 3 are asynchronous (3 can start before 2 finishes). For this reason, it's important to define policy before embedding +// the `TW_POLICY` env var into the function. +// +// For more info: see the discussion in https://github.com/twistlock/docs/pull/1227/files + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > Runtime > Serverless Policy*. + +. Click *Add rule*. + +. In the *General* tab, enter a rule name. + +. (Optional) Target the rule to specific functions. ++ +Use collections to scope functions by name or region (label). +xref:../../../configure/rule-ordering-pattern-matching.adoc[Pattern matching] is supported. +For Azure Functions only, you can additionally scope rules by account ID. + +. Set the rule parameters in the *Processes*, *Networking*, and *File System* tabs. + +. Click *Save*. + + +[#define-cnaf-policy] +[.task] +=== Defining your serverless WAAS policy + +Prisma Cloud lets you protect your serverless functions against application layer attacks by utilizing the serverless xref:../../../waas/waas.adoc[Web Application and API Security (WAAS)]. + +By default, the serverless WAAS is disabled. +To enable it, add a new serverless WAAS rule. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > WAAS > Serverless*. + +. Click *Add rule*. + +. In the *General* tab, enter a rule name. + +. (Optional) Target the rule to specific functions. ++ +Use collections to scope functions by name or region (label). +xref:../../../configure/rule-ordering-pattern-matching.adoc[Pattern matching] is supported. +For Azure Functions only, you can additionally scope rules by account ID. + +. Set the protections you want to apply (*SQLi*, *CMDi*, *Code injection*, *XSS*, *LFI*). + +. Click *Save*. diff --git a/docs/en/compute-edition/32/admin-guide/install/deploy-defender/uninstall-defender.adoc b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/uninstall-defender.adoc new file mode 100644 index 0000000000..42fbe39627 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/deploy-defender/uninstall-defender.adoc @@ -0,0 +1,77 @@ +== Uninstall Defenders + +Prisma Cloud automatically uninstalls Defenders that haven't connected to the Prisma Cloud console for more than a day. Removing the stale Defenders helps keep your view of the environment clean, where you can see the list of connected Defenders for any given 24-hour window, and conserves licenses. +The refresh period can be configured up to a maximum of 365 days under *Manage > Defenders > Settings > Automatically remove disconnected Defenders after (days)*. + +You can uninstall the decommissioned Defenders from the Console UI or by using the Prisma Cloud API. + +[NOTE] +==== +We recommend that you let Prisma Cloud automatically uninstall stale Defenders rather than using the UI or API. +Automatic removal is recommended in large scale environments. +==== + +=== Delete Defenders Manually + +**Delete Defenders from Console** + +* Go to *Manage > Defenders: Deployed* to see a list of all the Defenders connected to Console. +* Under *Actions*, select *Delete* next to the respective Defender. + +**Delete Defenders using the API** + +The following endpoint can be used to delete a Defender. + +*Path* + + DELETE /api/v1/defenders/[hostname] + +Refer to the https://pan.dev/compute/api/delete-defenders-id/[Delete a Defender API] for more information. + +=== Force Uninstall Defender + +If a Defender instance is not connected to Prisma Cloud console, or is otherwise not manageable through the UI, you can manually remove it. + +Go to the Linux host where the Container Defender runs and use the following command: + + $ sudo /var/lib/twistlock/scripts/twistlock.sh -u + +IMPORTANT: If you run this command on the same Linux host where Prisma Cloud console is installed, it also uninstalls Prisma Cloud console. + +On the Linux host where Host Defender runs, use the following command: + + $ sudo /var/lib/twistlock/scripts/twistlock.sh -u defender-server + +On the Windows host where Defender runs, use the following command: + + C:\Program Files\Prisma Cloud\scripts\defender.ps1 -uninstall + +[.task] +=== Uninstall all Prisma Cloud Resources in a Kubernetes Environment + +To uninstall all Prisma Cloud resources from a Kubernetes-based deployment, delete the `twistlock` namespace. +Deleting this namespace deletes every resource within the namespace. + +ifdef::compute_edition[] +When you delete the `twistlock` namespace, you also delete the persistent volume (PV) in the namespace. +By default, Prisma Cloud console stores its data in that PV. +When the PV is deleted, all data is lost, and you can't restore the Prisma Cloud console. +endif::compute_edition[] + +[.procedure] +. Delete the _twistlock_ namespace. ++ +[source,bash] +---- +$ kubectl delete namespaces twistlock +---- + +. Clean up Cluster roles and role bindings ++ +[source,bash] +---- +$ kubectl delete clusterrole twistlock-view +$ kubectl delete clusterrolebinding twistlock-view-binding +---- + + diff --git a/docs/en/compute-edition/32/admin-guide/install/fragments/install-defender-twistcli-export-kubectl.adoc b/docs/en/compute-edition/32/admin-guide/install/fragments/install-defender-twistcli-export-kubectl.adoc new file mode 100644 index 0000000000..e0e5a17c41 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/fragments/install-defender-twistcli-export-kubectl.adoc @@ -0,0 +1,124 @@ +[#deploy-defender-daemonset] +[.task] +== Install the Prisma Cloud Defender + +To install the Prisma Cloud Defender, deploy the Defenders as `DaemonSet` custom resources. +This approach ensures that a Defender instance runs on every node in the cluster. +To deploy the Prisma Cloud Defender, use a macOS or Linux cluster controller with `kubectl` enabled and follow these steps: + +. Use the `twistcli` command-line utility to generate the `DaemonSet` YAML configuration file for the Defender. + +. Deploy the generated custom resource with `kubectl`. + +This approach is called declarative object management. +It allows you to work directly with the YAML configuration files. +The benefit is that you get the full source code for the custom resources you create in your cluster, and you can use a version control tool to manage and track modifications. +With YAML configuration files under version control, you can delete and reliably recreate `DaemonSets` in your environment. + +If you don't have `kubectl` access to your cluster, you can deploy Defender `DaemonSets` directly from the xref:../container/container.adoc[Console UI]. + +This procedure shows you how to deploy Defender `DaemonSets` using the `twistcli` command-line utility and declarative object management. +You can also generate the installation commands using the Prisma Cloud Console UI under *Manage > Defenders > Deploy > Defenders*. +Installation scripts are provided for Linux and MacOS workstations. +Use the `twistcli` command-line utility to generate the Defender `DaemonSet` YAML configuration files from Windows workstations. +Deploy the custom resources with `kubectl` following this procedure. + +[.procedure] + +ifdef::prisma_cloud[] + +. Get the `PRISMA_CLOUD_COMPUTE_CONSOLE_URL` value. + +.. Sign into Prisma Cloud. + +.. Go to *Compute > Manage > System > Utilities*. + +.. Copy the URL under *Path to Console*. + +. Retrieve the hostname of the Prisma Cloud Console hostname to use as the value for `PRISMA_CLOUD_COMPUTE_HOSTNAME`. ++ +The hostname can be derived from the URL by removing the protocol scheme and path. +It is simply the host part of the URL. You can also retrieve the hostname directly by following Step 3-D below. + +endif::prisma_cloud[] + +. Generate the DaemonSet custom resource for the Defender. + +.. Go to *Compute > Manage > Defenders > Defenders: Deployed > Manual deploy*. + +.. Select *Orchestrator*. + +.. Select *Kubernetes* from *Step 2: Choose the orchestrator type*. + +.. Copy the hostname from *Step 3: The name that Defender will use to connect to this Console*. + +. Generate the `defender.yaml` file using the following `twistcli` command with the described parameters. +ifdef::compute_edition[] ++ +For Defenders deployed in the cluster where Console runs, specify the service name of the Prisma Cloud Console, for example `twistlock-console`. +endif::compute_edition[] ++ +[source,bash] +---- +$ ./twistcli defender export kubernetes \ + --user \ + --address \ + --cluster-address \ + --container-runtime containerd +---- ++ +* can be `linux`, `osx`, or `windows`. +* is the access key of the Prisma Cloud user with the System Admin role. +* specifies the address of the Prisma Cloud Compute Console. +* specifies the address Defender uses to connect to Prisma Cloud Console. You can use the external IP address exposed by your load balancer or the DNS name that you manually set up. + +* Once you run the given command, after altering the fields for your environment, you will get a prompt requesting a password. The password is the secret key of the Prisma Cloud user with the System Admin role that you should have created as part of the prerequisite. ++ +[NOTE] +==== +* For provider managed clusters, Prisma Cloud automatically gets the cluster name from your cloud provider. + +* To override the cluster name used that your cloud provider has, use the `--cluster` option. + +* For self-managed clusters, such as those built with kops, manually specify a cluster name with the `--cluster` option. + +* When using the CRI-O or `containerd` runtimes, pass the `--container-runtime crio` or `--container-runtime containerd` flag to `twistcli` when you generate the YAML configuration file or the Helm chart. + +* When using an AWS Bottlerocket-based EKS cluster, pass the `--container-runtime crio` flag when creating the `YAML` file. + +* To use Defenders in *GKE on ARM*, you must https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm[prepare your workloads]. +==== + +. Deploy the Defender `DaemonSet` custom resource. ++ +[source, bash] +---- +$ kubectl create -f ./defender.yaml +---- +ifdef::compute_edition[] ++ +[NOTE] +==== +You can run both Prisma Cloud Console and Defenders in the same Kubernetes namespace, for example `twistlock`. +However, you must be careful when running `kubectl delete` commands with the YAML file generated for Defender. +The `defender.yaml` file contains the namespace declaration, so comment out the namespace section if you don't want the namespace deleted. +==== + +ifdef::kubernetes[] +. (Optional) Schedule Defenders on your Kubernetes master nodes. ++ +If you want to also schedule Defenders on your Kubernetes master nodes, change the DaemonSet's toleration spec. +Master nodes are tainted by design. +Only pods that specifically match the taint can run there. +Tolerations allow pods to be deployed on nodes to which taints have been applied. +To schedule Defenders on your master nodes, add the following tolerations to your DaemonSet spec. ++ + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" +endif::kubernetes[] + +endif::compute_edition[] + +. In Prisma Cloud Compute, go to *Manage > Defenders > Defenders: Deployed > Manual deploy* to see a list of deployed Defenders. diff --git a/docs/en/compute-edition/32/admin-guide/install/fragments/install-defender-twistcli-export-oc-3-11.adoc b/docs/en/compute-edition/32/admin-guide/install/fragments/install-defender-twistcli-export-oc-3-11.adoc new file mode 100644 index 0000000000..451bb4d96a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/fragments/install-defender-twistcli-export-oc-3-11.adoc @@ -0,0 +1,150 @@ +[#install-defender] +== Install Defender + +Defender is installed as a DaemonSet, which ensures that an instance of Defender runs on every node in the cluster. +Use _twistcli_ to generate a YAML configuration file or Helm chart for the Defender DaemonSet, then deploy it using _oc_. +You can use the same method to deploy Defender DaemonSets from both macOS and Linux. + +The benefit of declarative object management, where you work directly with YAML configuration files, is that you get the full "source code" for the objects you create in your cluster. +You can use a version control tool to manage and track modifications to config files so that you can delete and reliably recreate DaemonSets in your environment. + +If you don't have kubectl access to your cluster (or oc access for OpenShift), you can deploy Defender DaemonSets directly from the xref:../container/container.adoc[Console UI]. + +NOTE: The following procedure shows you how to deploy Defender DaemonSets with twistcli using declarative object management. +Alternatively, you can generate Defender DaemonSet install commands in the Console UI under *Manage > Defenders > Deploy > DaemonSet*. +Install scripts work on Linux hosts only. +For macOS and Windows hosts, use twistcli to generate Defender DaemonSet YAML configuration files, and then deploy it with oc, as described in the following procedure. + +[.task] +=== Get connection strings + +When calling twistcli to generate your YAML files and Helm charts, you'll need to specify a couple of addresses. + +[.procedure] +. Retrieve Console's URL (PRISMA_CLOUD_COMPUTE_CONSOLE_URL). + +.. Sign into Prisma Cloud. + +.. Go to *Compute > Manage > System > Utilities*. + +.. Copy the URL under *Path to Console*. + +. Retrieve Console's hostname (PRISMA_CLOUD_COMPUTE_HOSTNAME). ++ +The hostname can be derived from the URL by removing the protocol scheme and path. +It is simply the host part of the URL. You can also retrieve the hostname directly. + +.. Go to *Compute > Manage > Defenders > Deploy > Defenders > Orchestrator* + +.. Select *OpenShift* from *Step 2* (*Choose the orchestrator type*) + +.. Copy the hostname from *Step 3* (*The name that Defender will use to connect to this Console*) + +[.task] +=== Option #1: Deploy with YAML files + +Deploy the Defender DaemonSet with YAML files. + +The _twistcli defender export_ command can be used to generate native Kubernetes YAML files to deploy the Defender as a DaemonSet. + +[.procedure] +. Generate a _defender.yaml_ file, where: ++ +The following command connects to Console (specified in _--address_) as user (specified in _--user_), and generates a Defender DaemonSet YAML config file according to the configuration options passed to _twistcli_. +The _--cluster-address_ option specifies the address Defender uses to connect to Console. ++ + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address ++ +* can be linux, osx, or windows. +* is the name of a Prisma Cloud user with the System Admin role. + +. Deploy the Defender DaemonSet. + + $ oc create -f ./defender.yaml + + +[.task] +=== Option #2: Deploy with Helm chart + +Deploy the Defender DaemonSet with a Helm chart. + +[.procedure] +. Generate the Defender DaemonSet helm chart. ++ +A number of command variations are provided. +Use them as a basis for constructing your own working command. ++ +The following commands connects to Console (specified in _--address_) as user (specified in _--user_), and generates a Defender DaemonSet YAML config file according to the configuration options passed to _twistcli_. +The _--cluster-address_ option specifies the address Defender uses to connect to Console. ++ +*Outside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +Use the OpenShift external route for your Prisma Cloud Console, _--address \https://twistlock-console.apps.ose.example.com_. +Designate Prisma Cloud's cloud registry by omitting the _--image-name_ flag. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --helm ++ +*Outside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image from the OpenShift internal registry. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --helm ++ +*Inside the OpenShift cluster + pull the Defender image from the Prisma Cloud cloud registry.* +When generating the Defender DaemonSet YAML with twistcli from a node inside the cluster, use Console's service name (twistlock-console) or cluster IP in the _--cluster-address_ flag. +This flag specifies the endpoint for the Prisma Cloud Compute API and must include the port number. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --helm ++ +*Inside the OpenShift cluster + pull the Defender image from the OpenShift internal registry.* +Use the _--image-name_ flag to designate an image in the OpenShift internal registry. + + $ /twistcli defender export openshift \ + --user \ + --address \ + --cluster-address \ + --image-name 172.30.163.181:5000/twistlock/private:defender_ \ + --helm + +. Deploy the helm chart via the helm command + + $ helm install --namespace=twistlock twistlock-defender-helm.tar.gz + + +[.task] +=== Confirm Defenders were deployed + +Confirm the installation was successful. + +[.procedure] +. In Prisma Cloud Console, go to *Compute > Manage > Defenders > Manage* to see a list of deployed Defenders. ++ +image::install_openshift_tl_defenders.png[width=800] + +. In the OpenShift Web Console, go to the Prisma Cloud project's monitoring window to see which pods are running. ++ +image::install_openshift_ose_defenders.png[width=800] + +. Use the OpenShift CLI to see the DaemonSet pod count. + + $ oc get ds -n twistlock + + NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE + twistlock-defender-ds 4 3 3 3 3 29m ++ +NOTE: The _desired_ and _current_ pod counts do not match. +This is a job for the nodeSelector. diff --git a/docs/en/compute-edition/32/admin-guide/install/getting-started.adoc b/docs/en/compute-edition/32/admin-guide/install/getting-started.adoc new file mode 100644 index 0000000000..89262d342d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/getting-started.adoc @@ -0,0 +1,156 @@ +== Getting started + +ifdef::compute_edition[] +Prisma Cloud software consists of two components: Console and Defender. +Install Prisma Cloud in two steps. +First, install Console. +Then install Defender. +endif::compute_edition[] + +ifdef::prisma_cloud[] +Prisma Cloud software consists of two components: Console and Defender. +Palo Alto Networks hosts Console for you. +To secure your environment, deploy Defender to your environment. +endif::prisma_cloud[] + +Console is Prisma Cloud's management interface. +It lets you define policy and monitor your environment. +ifdef::compute_edition[] +Console is delivered as a container image. +endif::compute_edition[] + +Defender protects your environment according to the policies set in Console. +There are a number of xref:./deploy-defender/defender-types.adoc[Defender types], each designed to protect a specific resource type. + +ifdef::compute_edition[] +Install one Console per environment. +Here, environment is loosely defined because the scope differs from organization to organization. +Some will run a single instance of Console for their entire environment. +Others will run an instance of Console for each of their prod, staging, and dev environments. +Prisma Cloud supports virtually any topology. +endif::compute_edition[] + +The primary concern for most customers getting started with Prisma Cloud is securing their container environment. +To do this, install Container Defender on every host that runs containers. +Container orchestrators typically provide native capabilities for deploying an agent, such as Defender, to every node in the cluster. +Prisma Cloud leverages these capabilities to install Defender. +For example, Kubernetes and OpenShift, offer DaemonSets, which guarantee that an agent runs on every node in the cluster. +Prisma Cloud Defender, therefore, is deployed in Kubernetes and OpenShift clusters as a DaemonSet. + +In this section, you'll find dedicated install guides for all popular container platforms. +Each guide shows how to install Prisma Cloud for that given platform. + +As you adopt other cloud-native technologies, Prisma Cloud can be extended to protect those environments too. +Deploy the Defender type best suited for the job. +For example, today you might use Amazon EKS (Kubernetes) clusters to run your apps. +This part of your environment would be protected by Container Defender. +Later you might adopt AWS Lambda functions. +This part of your environment would be secured by Serverless Defender. +Extending Prisma Cloud to protect other types of cloud-native technologies calls for deploying the right Defender type. + +image::getting-started-resource-classes.png[width=700] + +All Defenders, regardless of their type, report back to Console, letting you secure hybrid environments with a single tool. +The main criteria for installing Defender is that it can connect to Console. +Defender connects to Console via websocket to retrieve policies and send data. +ifdef::prisma_cloud[] +In Prisma Cloud Enterprise Edition (SaaS platform for Compute), the Defender websocket connects to Console on port 443 (not configurable). +endif::prisma_cloud[] +ifdef::compute_edition[] +In Compute Edition (self-hosted), the Defender websocket connects to Console on port 8084 (configurable at install-time). +The following diagram shows the key connections in Compute Edition. + +image::console_defender_connection_flows.png[width=600] +endif::compute_edition[] + + +ifdef::compute_edition[] +=== Downloading the software + +Prisma Cloud Compute Edition software can be downloaded from the Palo Alto Networks Customer Support portal. +For more information, see xref:../welcome/releases.adoc[here]. + +endif::compute_edition[] + + +=== Install guides + +Start your install with one of our dedicated guides. + + +[cols="1,3a", frame="topbot"] +|=== +|Install procedure |Description + +ifdef::compute_edition[] +|xref:./deploy-console/console-on-onebox.adoc[Onebox] +|Simple, quick install of Prisma Cloud on a single, stand-alone host. +Installs both Console and Defender onto a host. +Suitable for evaluating Prisma Cloud in a small, self-contained environment. +You can extend the environment by xref:./deploy-defender/defender-types.adoc[installing Defender] on additonal hosts. +endif::compute_edition[] + +|xref:./deploy-defender/orchestrator/orchestrator.adoc[Kubernetes] +|Prisma Cloud runs on any implementation of Kubernetes, whether you build the cluster from scratch or use a managed solution (also known as Kubernetes as a service). +We've tested and validated the install on: + +* https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html[Amazon Elastic Kubernetes Service (Amazon EKS)] +* https://docs.microsoft.com/en-us/azure/aks/[Azure Kubernetes Service (AKS)] +* https://cloud.google.com/kubernetes-engine/docs/[Google Kubernetes Engine (GKE)] +* https://cloud.ibm.com/docs/containers?topic=containers-getting-started[IBM Kubernetes Service (IKS)] +* https://www.alibabacloud.com/help/product/85222.htm[Alibaba Cloud Container Service for Kubernetes] + +In some cases, there is a dedicated section for installing on a specific cloud provider's managed solution. +When there is no dedicated section, use the generic install method. + +|xref:./deploy-defender/orchestrator/openshift.adoc[OpenShift 4] +|Prisma Cloud offers native support for OpenShift. + +//ifdef::compute_edition[] +//|xref:./deploy-defender/orchestrator/install-vmware-tkg.adoc[VMware Tanzu Kubernetes Grid] +//|VMware Tanzu Kubernetes Grid (TKG) is built on the latest stable OSS distribution of Kubernetes. +//Prisma Cloud always supports the latest version of Kubernetes, so installing Prisma Cloud on TKG is easy. +//Follow our dedicated TKG install guide, which mirrors the Kubernetes install flow. +//endif::compute_edition[] + +ifdef::prisma_cloud[] +|xref:./deploy-defender/orchestrator/orchestrator.adoc[VMware Tanzu Kubernetes Grid] +|VMware Tanzu Kubernetes Grid is built on the latest stable OSS distribution of Kubernetes. +Prisma Cloud always supports the latest version of Kubernetes, so installing Prisma Cloud on TKG is easy. +Follow the standard Kubernetes install procedure. +endif::prisma_cloud[] + +|xref:./deploy-defender/orchestrator/install-amazon-ecs.adoc[Amazon ECS] +| +ifdef::compute_edition[] +To install Prisma Cloud, deploy Console to your cluster with a task definition. +Then configure the launch configuration for cluster members to download and run Defenders, guaranteeing that every node is protected. +endif::compute_edition[] +ifdef::prisma_cloud[] +To install Prisma Cloud, configure the launch configuration for cluster members to download and run Defenders, guaranteeing that every node is protected. +endif::prisma_cloud[] + +|xref:./deploy-defender/host/windows-host.adoc[Windows] +|Install Defender on Windows hosts running containers. +Defender is installed using a PowerShell script. +ifdef::compute_edition[] +Note that while Defenders can run on both Windows and Linux hosts, Console can only run on Linux. +Windows Defenders are designed to interoperate with the Linux-based Console to send data and retrieve policy. +endif::compute_edition[] + +|=== + + +=== Encryption + +All network traffic is encrypted with TLS (https) for user to Console communication. +Likewise, all Defender to Console communication is encrypted with TLS (WSS). + +ifdef::compute_edition[] +The Prisma Cloud database is not encrypted at rest, however all credentials and otherwise secure information is encrypted with AES 256 bit encryption. +If you require data at rest to be encrypted, then underlying persistence storage /var/lib/twistlock can be mounted with one of the many options that support this. +endif::compute_edition[] + +ifdef::prisma_cloud[] +The Prisma Cloud database is encrypted at rest with Google Cloud Storage with AES 256 bit encryption. +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/install/install.adoc b/docs/en/compute-edition/32/admin-guide/install/install.adoc new file mode 100644 index 0000000000..0681d519cb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/install.adoc @@ -0,0 +1,4 @@ +== Install + +Prisma Cloud can be deployed to almost any environment. +The guides in this section show you how to deploy Prisma Cloud to a variety of on-prem and public cloud environments. diff --git a/docs/en/compute-edition/32/admin-guide/install/system-requirements.adoc b/docs/en/compute-edition/32/admin-guide/install/system-requirements.adoc new file mode 100644 index 0000000000..89441f9c45 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/install/system-requirements.adoc @@ -0,0 +1,351 @@ +:toc: macro +== System Requirements + +Before installing Prisma Cloud, verify that your environment meets the minimum requirements. + +For information about when Prisma Cloud adds and drops support for third party software, see our xref:../welcome/support-lifecycle.adoc#third-party-software[support lifecycle] page. + +The following sections describe the system requirements in detail. + +toc::[] + +[#hardware] +=== Hardware + +Prisma Cloud supports *x86_64* and *ARM64* architectures. +Ensure that your systems meet the following hardware requirements. + +ifdef::compute_edition[] + +[#console-x86-64] +==== Prisma Cloud Console Resource Requirements on x86_64 + +The Prisma Cloud Console supports running on x86_64 systems. +Ensure your system meets the following requirements. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=hardware +|=== + + +For more than 10,000 Defenders you need 4 vCPUS and 10GB of RAM for every additional 5,000 Defenders +For example, 20,000 connected Defenders require a total of 16 vCPUs, 50GB of RAM and 500GB SSD of persistent storage. + +The Prisma Cloud Console uses `cgroups` to cap resource usage and supports `cgroups v1` and `cgroups v2`. +When more than 1,000 Defenders are connected, you should disable this cap using the `DISABLE_CONSOLE_CGROUP_LIMITS` flag in the `twistlock.cfg` configuration file. + +endif::compute_edition[] + +[#defender-resources] +==== Defender Resource Requirements + +Each Defender requires 256MB of RAM and 8GB of host storage. + +The Defender uses `cgroups` v1 or v2 to cap resource usage at 512MB of RAM and 900 CPU shares where a typical load is ~1-5% CPU and 30-70MB RAM. + +The Defender stores its data in the `/var` folder. +When allocating disk space for Defender, ensure the required space is available in the `/var` folder. +Defenders are designed to be portable containers that collect data. +Any data that must be persisted is sent to the Prisma Cloud Console for storage. +Defenders don't require persistent storage. +If you deploy persistent storage for Defenders, it can corrupt Defender files. + +If Defenders provide registry scanning they require the following resources: + +* Defenders providing registry scanning-- +* 2GB of RAM +* 20GB of storage +* 2 CPU cores +Defenders that are part of CI integrations (Jenkins, twistcli) require storage space depending on the size of the scanned images. +The required disk space is 1.5 times the size of the largest image to be scanned, per executor. +For example, if you have a Jenkins instance with two executors, and your largest container image is 500MB, then you need at least 1.5GB of storage space: `500MB x 1.5 x 2` + +[#vms] +=== Virtual Machines (VMs) + +Prisma Cloud has been tested on the following hypervisors: + +* VMware for Tanzu Kubernetes Grid Multicloud (TKGM) +* VMware for Tanzu Kubernetes Grid Integrated (TKGI) + +[#csp] +=== Cloud Platforms + +Prisma Cloud can run on nearly any cloud Infrastructure as a Service (IaaS) platform. + +Prisma Cloud has been tested on the following services: + +* Amazon Web Services (AWS) +* Google Cloud Platform +* IBM Cloud +* Microsoft Azure +* Oracle Cloud Infrastructure (OCI) +* Alibaba Cloud: You can deploy Defenders on VMs, hosts running containers, and clusters on Alibaba Cloud using the instructions for the supported host operating systems and orchestrator versions. Specific deployment instructions for Alibaba Cloud are not documented and Cloud discovery is not supported. + +[#arm] +=== ARM Architecture Requirements + +The following setups support Prisma Cloud on ARM64 architecture: + + +* Cloud provider +** *AWS* Graviton2 processors +** *GCP* GKE on ARM using the https://cloud.google.com/compute/docs/general-purpose-machines#t2a_machines[Tau T2A machine series] +* Supported Defenders: + ** Orchestrator Defenders on AWS and GCP + ** Host Defenders including auto-defend on AWS + +The `twistcli` is supported on Linux ARM64 instances. + +Learn more in the <> and <> sections. + +The Prisma Cloud Console doesn't support running on ARM64 systems. + +ifdef::compute_edition[] + +[#file-systems] +=== File Systems + +When deploying Prisma Cloud Console to AWS using the EFS file system, you must meet the following minimum performance requirements: + +* *Performance mode:* General purpose +* *Throughput mode:* Provisioned. +Provision 0.1 MiB/s per deployed Defender. +For example, if you plan to deploy 10 Defenders, provision 1 MiB/s of throughput. +endif::compute_edition[] + +[#supported-operating-systems] +=== Operating Systems for bare-metal Hosts and Virtual Machines + +Prisma Cloud is supported on both x86_64 and ARM64 + +==== Supported Operating Systems on x86_64 + +Prisma Cloud is supported on the following host operating systems on x86_64 architecture: + +ifdef::compute_edition[] +[NOTE] +==== +The container running the Prisma Cloud Console must run on a supported Linux operating system. +==== +endif::compute_edition[] + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=x86-operating-systems +|=== + +[#arm64-os] +==== Supported Operating Systems on ARM64 + +Prisma Cloud supports host Defenders on the following host operating systems on ARM64 architecture in AWS. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=arm-operating-systems +|=== + +[#kernel] +=== Kernel Capabilities + +Prisma Cloud Defender requires the following kernel capabilities. +Refer to the the Linux capabilities https://man7.org/linux/man-pages/man7/capabilities.7.html[man page] for more details on each capability. + +* CAP_NET_ADMIN +* CAP_NET_RAW +* `CAP_SYS_ADMIN +* CAP_SYS_PTRACE +* CAP_SYS_CHROOT +* CAP_MKNOD +* CAP_SETFCAP +* CAP_IPC_LOCK + +[NOTE] +==== +The Prisma Cloud App-Embedded Defender requires CAP_SYS_PTRACE only. +==== +When running on a Docker host, Prisma Cloud Defender uses the following files/folder on the host: + +* /var/run/docker.sock -- Required for accessing Docker runtime. +* /var/lib/twistlock -- Required for storing Prisma Cloud data. +* /dev/log -- Required for writing to syslog. + +[#docker-support] +=== Docker Engine + +Prisma Cloud supports only the versions of the Docker Engine supported by Docker itself. Prisma Cloud supports only the following official mainstream Docker releases and later versions. + +// Note: Starting with 18.09, Docker Engine CE and EE versions will be aligned, where EE is a superset of CE. +// They will ship concurrently with the same patch version based on the same code base. +// See https://docs.docker.com/engine/release-notes/ + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=docker +|=== + +The following storage drivers are supported: +* `overlay2` +* `overlay` +* `devicemapper` are supported. + +For more information, review Docker's guide to https://docs.docker.com/storage/storagedriver/select-storage-driver[select a storage driver]. + +The versions of Docker Engine listed apply to versions you independently install on a host. +The versions shipped as a part of an orchestrator, such as Red Hat OpenShift, might defer. +Prisma Cloud supports the version of Docker Engine that ships with any Prisma Cloud-supported version of the orchestrator. + +[#container-runtimes] +=== Container Runtimes + +Prisma Cloud supports several container runtimes depending on the orchestrator. +Supported versions are listed in the <> section + +[#podman] +=== Podman + +Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. The twistcli tool can use the preinstalled Podman binary to scan CRI images. + +Podman v1.6.4, v3.4.2, v4.0.2 + +[#helm] +=== Helm + +Helm is a package manager for Kubernetes that allows developers and operators to more easily package, configure, and deploy applications and services onto Kubernetes clusters. + +Helm v3.10, v3.10.3, and 3.11 are supported. + +[#orchestrators] +=== Orchestrators + +Prisma Cloud is supported on the following orchestrators. +We support the following versions of official mainline vendor/project releases. + +[#x86-64-orchestrators] +==== Supported Orchestrators on x86_64 + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=x86-orchestrators +|=== + +[#arm64-orchestrators] +==== Supported Orchestrators on ARM64 + +Prisma Cloud supports the official releases of the following orchestrators for the ARM64 architecture. + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=arm-orchestrators +|=== + +[#istio] +=== Istio + +Prisma Cloud supports Istio 1.16.1. + +[#jenkins] +=== Jenkins + +Prisma Cloud was tested with Jenkins 2.346.3 and the 2.361.4 container version. + +The Prisma Cloud Jenkins plugin supports Jenkins LTS releases greater than 2.319.1. +For any given release of Prisma Cloud, the plugin supports those Jenkins LTS releases supported by the Jenkins project at the time of the Prisma Cloud release. + +The Jenkins plugin is not supported on ARM64 architecture. + +[#image-base-layers] +=== Image Base Layers + +Prisma Cloud can protect containers built on nearly any base layer operating system. +Comprehensive Common Vulnerabilities and Exposures (CVE) data is provided for the following base layers for all versions except EOL versions: + +* Alpine +* http://docs.aws.amazon.com/AmazonECR/latest/userguide/amazon_linux_container_image.html[Amazon Linux container image] +* Amazon Linux 2 +* BusyBox +* CentOS +* Debian +* Red Hat Enterprise Linux +* SUSE +* Ubuntu (LTS releases only) +* Windows Server + +If a CVE doesn't have an architecture identifier, the CVE is related to all architectures. + +[#serverless-runtimes] +=== Serverless Runtimes + +Prisma Cloud offers multiple features to help you secure your serverless runtimes on AWS, Azure, and GCP. +The following sections show the supported languages for each feature available for serverless scanning in each cloud service provider. + +==== Vulnerability Scanning + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=vulnerability-scanning +|=== + +==== Compliance Scanning + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=compliance-scanning +|=== + +==== Runtime Protection with Defender + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=runtime-protection +|=== + +==== WaaS with Defender + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=waas +|=== + +==== Auto-Defend + +[format=csv, options="header"] +|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=auto-defend +|=== + +[#go] +=== Go + +Prisma Cloud can detect vulnerabilities in Go executables for Go versions 1.13 and greater. + +[#shells] +=== Shells + +For Linux, Prisma Cloud depends on the Bash shell. +For Windows, Prisma Cloud depends on PowerShell. + +The shell environment variable `DOCKER_CONTENT_TRUST` should be set to `0` or unset before running any commands that interact with the Prisma Cloud cloud registry, such as Defender installs or upgrades. + +[#browsers] +=== Browsers + +Prisma Cloud supports the latest versions of Chrome, Safari, and Edge. + +For Microsoft Edge, only the new Chromium-based version (80.0.361 and later) is supported. + +[#cortex-xdr] +=== Cortex XDR + +Prisma Cloud Defenders can work alongside Cortex XDR agents. +Currently, users need to manually add exceptions in Console for both agents to work together. +In a future release, there will be out-of-the-box support for co-existence. +Users can disable the Defender runtime defense when a Cortex XDR agent is present. + +To allow for both the solutions to co-exist: + +. Add the Cortex agent as a trustable executable. +For more information, see to xref:../configure/custom-feeds.adoc#create-a-list-of-trusted-executables[Creating a trusted executable]. + +. Suppress runtime alerts from the Cortex agent by adding custom runtime rules that allow the Cortex agent process and file path. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/attachments/full_attack_explorer_matrix.docx b/docs/en/compute-edition/32/admin-guide/runtime-defense/attachments/full_attack_explorer_matrix.docx new file mode 100644 index 0000000000..32b6f79c2f Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/runtime-defense/attachments/full_attack_explorer_matrix.docx differ diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/attachments/full_attack_explorer_matrix.pdf b/docs/en/compute-edition/32/admin-guide/runtime-defense/attachments/full_attack_explorer_matrix.pdf new file mode 100644 index 0000000000..0a77b47b82 Binary files /dev/null and b/docs/en/compute-edition/32/admin-guide/runtime-defense/attachments/full_attack_explorer_matrix.pdf differ diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/attack.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/attack.adoc new file mode 100644 index 0000000000..c62679dffa --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/attack.adoc @@ -0,0 +1,135 @@ +== ATT&CK Explorer + +Prisma Cloud's monitoring section includes an Att&CK Explorer dashboard providing a framework that helps you to contextualize runtime audits, manage them, and generate risk reports. + +ATT&CK Explorer is a knowledge base of tactics and techniques that adversaries use to attack applications and infrastructure. +It's a useful framework for threat-informed defense, where a deep understanding of adversary tradecraft can help protect against attacks. + +The ATT&CK framework has two key concepts: + +* *Tactics* - An adversary’s technical goals. +* *Techniques* - How those goals are achieved or What they acheive + +The relationship between tactics and techniques is presented as a matrix. +One tactic in the matrix is called _Persistence_. +After establishing a foothold in your environment, adversaries want to reliably return to it. +Adversaries use a number of techniques to achieve persistence, such as _Account Manipulation_ and _Event Triggered Execution_. + + +=== Cloud Native threat matrix + +Prisma Cloud protects cloud native applications running in Kubernetes clusters, serverless functions, Containers-as-a-Service offerings, and virtual machines. +The Cloud Native threat matrix covers the different techniques that impact cloud native applications across all these environments. +It's composed from ATT&CK for Linux, recent community efforts around ATT&CK for Containers and Kubernetes, and a few techniques from Prisma Labs. +The Cloud Native threat matrix is the foundation for the ATT&CK dashboard. + + +=== ATT&CK dashboard + +The ATT&CK dashboard serves as a portal to the raw events in the *Monitor > Events* view. +All Prisma Cloud audits are mapped to the tactics and techniques in the ATT&CK framework. +For example, when Defender detects a crypto miner in your environment, we map the audit to the _Resource Hijacking_ technique under the _Impact_ tactic. + +The ATT&CK dashboard collates audits, maps them to the tactics and techniques, and presents the data visually in the ATT&CK matrix. +Each card in the matrix shows a count of events. +Higher counts represent a higher severity issues. +Filters let you slice and dice the data to inspect specific segments of your environment. +The dashboard: + +* Presents a real-time view of tactics and techniques being employed by adversaries. +* Identifies weaknesses in your defenses. +Use the counts to prioritize work to fortify defenses for the techniques favored by adversaries. +* Provides raw data for risk reports for management. + +Audits from the following subsystems flow into the ATT&CK dashboard: + +* Container runtime audits. +* Host runtime audits. +* Serverless runtime audits. +* App-Embedded runtime audits. +* WAAS audits. +* Kubernetes audits. +* Admission (OPA) audits. +* Custom runtime rule audits for builtin system checks only. +Currently, you cannot specify tactic and technique for user-defined custom runtime rules. + +To see the ATT&CK dashboard, open Console, and go to *Monitor > ATT&CK*. +The following screenshot highlights the main components in the dashboard: + +image::attack_dashboard.png[width=900] + +*1. Filter* - +Filter data in the dashboard by: + +* *Impacted technique*. +* *Date*: View events that occurred in the past 24 hours, 7 days, 30 days, or 3 months. +* *Collection*: View data for just some segment of your environment (e.g., a production cluster). + +*2. Tactics* - +Tactics are listed across the top row of the matrix. +A count shows the sum of all events for all corresponding techniques in the category. +Each column lists the techniques that can be used to achieve the tactic. + +*3. Techniques* - +Lists of techniques that can be used to achieve a tactic. +The color of the card is based on the event count for a technique. +If there is one or more events for a technique, the card is colored red. +Otherwise, if there are no events, the card is gray. +All techniques are fully described https://cdn.twistlock.com/docs/attachments/full_attack_explorer_matrix.pdf[here]. + +Clicking on an impacted technique card opens a dialog that shows all relevant audits for the technique. + +The following screenshot shows the dialog for the _Privileged Container_ card. +The dialogs are organized as follows: + +* Description. +* Audit source filter (pick from the drop-down list). +* Table of relevant audits. + +image::attack_explore_card.png[width=700] + +NOTE: Syslog messages contain tactic and technique information for all relevant audits. + + +=== Investigating incidents + +As you monitor your environment, you'll see tactics and techniques are applied consistently across views. +Tactics and techniques are shown in *Monitor > ATT&CK*, *Monitor > Events*, and *Monitor > Runtime > Incident explorer*. + +image::attack_tactics_techniques.png[width=900] + + +=== Surfacing impacted techniques + +When investigating an incident, you'll want to focus on the segment of your environment that has been impacted. +Use the filter box to focus your view of the data. + +One important filter is *Impacted techniques*. +Without the filter, all technique cards are displayed. + +image::attack_unfiltered_dashboard.png[width=900] + +With the filter, only techniques that have been detected are displayed. +In the following screenshot, we've narrowed the data to: + +* Audits within the past seven days. +* Containers in the frontend collection, which are exposed to the Internet, and likely where the attack started. +* Attack techniques used by the adversary. + +image::attack_filtered_dashboard.png[width=900] + +=== Mapping audits to techniques + +Every audit (for example, runtime, admission, and so on) maps to one or more techniques. +The following table shows the mappings. + +The *Techniques* column shows the technique to which an audit is always mapped. + +The *Possible Additional Techniques* column shows the techniques that to which an audit can be optionally mapped, depending on changing information from the audit. +For example, for some audits, on new files being created, we will check if the process that created the files is a compiler. +If so, we also map the audit to the *Compile After Delivery* technique. + +[format=csv, options="header"] +|=== +include::https://docs.google.com/spreadsheets/d/e/2PACX-1vQjiQDWp4kOOzR5-TdGVX41e-jDMrBqbo8wAWW4QFzMZ8RpT42L212gZuvwgR5RiyzNkPxXbAyvG_5H/pub?output=csv[] +|=== diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/custom-runtime-rules.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/custom-runtime-rules.adoc new file mode 100644 index 0000000000..01e10eec57 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/custom-runtime-rules.adoc @@ -0,0 +1,262 @@ +== Custom runtime rules + +Prisma Cloud models the runtime behavior with machine learning to scale runtime defense in big and fluid environments. + +Machine learning reduces the effort required to manually create and maintain loads of rules to secure running software. +When machine learning doesn't fully capture the range of acceptable runtime behaviors, rules provide a way to declaratively augment models with exceptions and additions. + +Custom rules offer an additional mechanism to protect running software. +Custom rules are expressions that give you a precise way to describe and detect discrete runtime behaviors. +Runtime sensors in your environment already detect processes, file systems, and network activity, then pass those events to Prisma Cloud for processing. +Expressions let you examine various facets of an event programmatically, then take action when the expressions evaluate to true. +Custom rules can be applied to both hosts and containers. + +For example, the expression grammar supports the following logic: + + "If user Jake runs binary `netcat` with parameter -l, log an alert". + +=== Rule library + +Custom rules are stored in a central library, where they can be reused. +Besides your own rules, Prisma Cloud Labs also distributes rules via the Intelligence Stream. +These rules are shipped in a disabled state by default. +You can review, and optionally apply them at any time. +To create and manage custom rules go to *Defend > Custom Rules > Runtime*. Select *Add rule* to create a new custom rule. + +There are four types of rules, but only three are relevant to runtime: + +* Processes +* Networking-outgoing +* File system + +=== Expression grammar + +Expressions let you examine the contents of the processes, file system, and network events. + +For example, any time a process is forked on a host protected by Container Defender or Host Defender, a process event fires. +The following very simple expression looks for processes named `netcat`: + + proc.name = "netcat" + +Expressions have the following grammar: + +`expression: term (op term | in )*` + +term:: +integer | string | keyword | event | '(' expression ')' | unaryOp + +op:: +and | or | > | < | >= | <= | = | != + +in:: +'(' integer | string (',' integer | string)*)? + +unaryOp:: +not + +keyword (similar to wildcards):: +startswith | contains + + +string:: +strings must be enclosed in double quotes + +integer:: +int + +event:: +process, file system, or network + +==== Expressions examples: + + net.outgoing_ip = "169.254.169.254" or net.outgoing_ip = "169.254.170.2" + + proc.pname in ("mysql", "sqlplus", "postgres") and proc.pname != proc.name + + file.path startswith "/etc" + +==== Process events + +Process events fire when new processes are forked. +Expressions can examine the following attributes of a new process. + + +[cols="1,1,2a", options="header"] +|=== +|Attribute |Type |Description + +|proc.name +|string +|Process name. + +|proc.pname +|string +|Parent process name. + +|proc.path +|string +|Full path to the program. + +|proc.user +|string +|User to whom the process belongs. + +|proc.interactive +|bool +|Interactive process. + +NOTE: Not supported in App-Embedded runtime + +|proc.cmdline +|string +|Command line. + +|proc.service +|string +|Only for host rules. + +|=== + +==== File system events + +Any write operation to a disk fires a file system event. +All properties of the process with `write` operations are accessible from this context. +Expressions can examine the following attributes of file system `write` activity. + +[cols="1,1,2", options="header"] +|=== +|Attribute |Type |Description + +|file.path +|string +|Path of the file being written. + +|file.dir +|string +|Directory of the file being written. + +|file.type +|enum +|File type. +Supported types are: elf, secret, regular, and folder. + +|file.md5 +|string +|MD5 hash of the file. +Supported only for ELF files. For other types of files, this property will be empty. + +|=== + +==== Networking events + +Network events fire when a process tries to establish an outbound connection. +Expressions can examine the following attributes when network events fire: + +[cols="1,1,2", options="header"] +|=== +|Attribute |Type |Description + +|proc.name +|string +|Name of process initiating the outbound network connection. + +|net.outgoing_port +|string +|Outbound port. + +|net.outgoing_ip +|string +|Outgoing IP address. +The following expression looks for outbound connections to a range of IP addresses: net.outgoing_ip => "1.1.1.1" and net.outgoing_ip <= "1.1.1.9" + +|net.private_subnet +|bool +|Private subnet. + +|=== + +[.task] +==== Example expressions + +The Prisma Cloud Labs rules in the rule library are the best place to find examples of non-trivial expressions. + +[.procedure] +. In Console, go to *Defend > Custom Rules > Runtime*. + +. Filter the rules based on *Type* as processes, filesystem, or network-outgoing. + +. Additionally, add another filter as *Owner: system*. + +. Select any rule to see its implementation. + +[.task] +=== Activating custom rules + +Your runtime policy is defined in *Defend > Runtime > {Container policy | Host policy | Serverless policy | App-Embedded Policy}*, and it's made up of models and rules. +Your expressions (custom rules) can be added to runtime rules, where you further specify what action to take when expressions evaluate to true. +Depending on the event type, the following range of actions are supported: allow, alert, prevent, or block. +Also, you can determine whether you want to log the raised event as an audit or as an incident. + +Custom rules are processed like all other rules in Prisma Cloud: the policy is evaluated from top to bottom until a matching rule is found. After the action specified in the matching rule is performed, rule processing for the event terminates. + +[NOTE] +==== +Within a runtime rule, custom rules are processed first, and take precedence over all other settings. +Be sure that there is no conflict between your custom rules and other settings in your runtime rule, such as allow and deny lists. + +However, in xref:runtime-defense-hosts.adoc[host runtime defense rules], some settings are evaluated before the custom rules: + +The order of evaluation of each event type is as follows: + +* Process events: *Activities > Host activity monitoring* -> process types custom rules -> *Anti-malware* settings. +* Filesystem events: Filesystem types custom rules -> *Anti-malware* settings. +* Networking events (such as opening of a TCP listening port, outbound TCP connection, or DNS query events): +** IP connectivity: Network-outgoing type custom rules take precedence over the Outbound internet ports and Outbound IPs settings. Other networking settings are unaffected by custom rules. +==== + +[.procedure] +. Open Console, and go to *Defend > Runtime > {Container policy | Host policy | Serverless policy | App-Embedded policy}*. + +. Select *Add rule*. + +. Enter a *Rule name*. + +. Select the *Scope* of the rule on a set of collections. + +. Select *Custom Rules*. + +. Under *Select rules*, select the rules to add to the policy and select *Apply*. + +. Specify an *Effect* for each rule. ++ +image::custom_rules_effect.png[width=600] + +. Specify how to log the event for each rule. ++ +image::custom_runtime_rules_log_as.png[width=600] + +. Select *Save*. + +=== Limitations + +* The `proc.cmdline` and `file.type` fields are not supported in prevent mode. +You'll get an error if you try to attach a custom rule to a runtime rule with these fields and the action set to *Prevent*. + +// To be fixed: https://github.com/twistlock/twistlock/issues/16151 +* Prisma Cloud cannot inspect command line arguments before a process starts to run. +If you explicitly deny a process and set the effect to *Prevent* in the *Process* tab of a runtime rule, the process will never run, and Prisma Cloud cannot inspect it's command line arguments. +The same logic applies to custom rules that try to allow processes that are prevented by other policies. +For example, consider process 'foo' that is explicitly denied by a runtime rule, with the effect set to *Prevent*. +You cannot allow 'foo -bar' in a custom runtime rule by analyzing proc.cmdline for '-bar'. + +* Prisma Cloud doesn't support the action *Prevent* on `write` operations to existing files. +For example, consider the following expression: ++ + file.path = "/tmp/file" ++ +If this expression is added to a runtime rule, and the effect is set to prevent, then Prisma Cloud will prevent the creation of such a file. +If the file already exists, however, Prisma Cloud won't prevent any write operation to it, but will raise an alert. + +* App-Embedded custom rules support Processes and Outbound Connection rule types. The Block action is not supported, while Prevent is supported for both Processes and Outbound Connection rule types. + +* The *Prevent* effect isn't supported when using the `file.type` or `file.md5` properties in custom rules for App-Embedded Defenders. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/image-analysis-sandbox.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/image-analysis-sandbox.adoc new file mode 100644 index 0000000000..f772e0f37c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/image-analysis-sandbox.adoc @@ -0,0 +1,322 @@ +== Image analysis sandbox + +The image analysis sandbox lets you dynamically analyze the runtime behavior of images before running them in your development and production environments. + +The analysis mechanism collects and displays container behaviors by safely exercising the image in a sandbox machine. It also exposes risks and identifies suspicious dependencies buried deep in your software supply chain that would otherwise be missed by static analysis for vulnerabilities and compliance issues. + +Running the analysis is supported for Linux images on Docker container runtime. + +=== Setup the sandbox machine + +In order to run a sandbox analysis for an image, you first need to set up a dedicated sandbox virtual machine. + +*Prerequisites*: + +* Install xref:../tools/twistcli.adoc[twistcli tool] on your machine. +* You need `sudo` permission to run the `twistcli` command. +* The sandbox machine should have connectivity to Prisma Cloud Compute Console. +* The machine must be a Linux VM. +* Install Docker on the machine. + +When setting up the VM, follow the guidelines below to make sure potential malware doesn't exploit your sandbox: + +* Make sure that the kernel is up to date. +* Make sure that Docker and Runc are up to date. +* Make sure all the software components on the machine are up to date (to make sure there is no other vulnerable component on the machine). +* The VM should be as isolated as possible. Run the VM in a dedicated network, separate from production. If other services run alongside the sandbox VM in the same local network, set up firewall rules to ensure the sandbox VM cannot reach them. +* If the VM runs in the cloud, it shouldn't run with any service account. + +NOTE: It is recommended to avoid running a Defender on the same machine used as the sandbox VM. Running a Defender on this machine might cause the image that is being analyzed in the sandbox to also be presented under *Monitor > Vulnerabilities/Compliance > Images > Deployed images* as an image running in the environment. + +ifdef::compute_edition[] +=== Setup the sandbox user +Create a dedicated, least-privileged user for running the image analysis sandbox. + +Running the sandbox with a privileged role (Admin, Operator) is a risk in case a malware escapes (by using a zero-day, one-day, exploit misconfiguration, etc.), and can potentially use this role to take over Prisma. + +. Create a custom role under *Manage > Authentication > Roles* with Write permissions for Container Runtime Results and Read permissions for CI Results. For roles created via the API, also add write permission for the user. +. Create a sandbox user and assign it with the new custom role you created. +. When triggering the sandbox analysis via twistcli, use the sandbox user credentials. It is recommended to use a short-lived token (available under *Manage > System > Utilities*) rather than a username and password. + +endif::compute_edition[] + +=== Running the _sandbox_ command + +[.section] +==== Description + +Triggering a sandbox analysis is done by executing the `twistcli sandbox` command on an image. After the command is triggered, Prisma Cloud's sandbox mechanism runs the container, and starts tracing its behavior. The events occurring on the running container are collected and are later analyzed to discover suspicious behaviors. + +[.section] +==== Synopsis + +The usage of the `twistcli sandbox` command is very similar to running a container image using docker: + + $ sudo twistcli sandbox [OPTIONS] IMAGE [COMMAND] [ARG...] + +For example: + + $ sudo twistcli sandbox --address https://:8083 --token 'your-api-token' --analysis-duration 2m -v "$PWD":/app python:3 python3 /app/server.py + +To specify an image to scan, use either the image ID, or repository name and tag. +The image should be present on the sandbox machine, having either been built or pulled there. +If a repository is specified without a tag, `twistcli` looks for an image tagged `latest`. + +The entrypoint and arguments should be specified after the image. If an entrypoint isn't specified, the default entrypoint of the image will be used. + +[.section] +==== Options + +ifdef::prisma_cloud[] +`--address` [.underline]#`URL`#:: +Required. +URL for Console, including the protocol and port. +Only the HTTPS protocol is supported. +To get the address for your Console, go to *Compute > Manage > System > Utilities*, and copy the string under *Path to Console*. ++ +Example: --address \https://us-west1.cloud.twistlock.com/us-3-123456789 + +`-u`, `--user` [.underline]#`Access Key ID`#:: +Access Key ID to access Prisma Cloud. +If not provided, the `TWISTLOCK_USER` environment variable is used, if defined. +Otherwise, "admin" is used as the default. + +`-p`, `--password` [.underline]#`Secret Key`#:: +Secret Key for the above Access Key ID specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable is used, if defined. +Otherwise, you will be prompted for the user's password before the scan runs. + +Access Key ID and Secret Key are generated from the Prisma Cloud user interface. +For more information, see xref:../authentication/access-keys.adoc[access keys] +endif::prisma_cloud[] + +ifdef::compute_edition[] +`--address` [.underline]#`URL`#:: +Complete URL for Console, including the protocol and port. +Only the HTTPS protocol is supported. +By default, Console listens to HTTPS on port 8083, although your administrator can configure Console to listen on a different port. +Defaults to \https://127.0.0.1:8083. ++ +Example: --address \https://console.example.com:8083 + +`-u`, `--user` [.underline]#`USERNAME`#:: +Username to access Console. If not provided, the `TWISTLOCK_USER` environment variable will be used if defined, or "admin" is used as the default. + +`-p`, `--password` [.underline]#`PASSWORD`#:: +Password for the user specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable will be used if defined, or otherwise will prompt for the user's password before the scan runs. + +`--project` [.underline]#`PROJECT NAME`#:: +Interface with a specific supervisor Console to publish the results. ++ +Example: `--project "Tenant Console"` +endif::compute_edition[] + +`--output-file` [.underline]#`FILENAME`#:: +Write the results of the analysis to a file in JSON format. ++ +Example: `--output-file analysis-results.json` + +`--analysis-duration` [.underline]#`DURATION`#:: +The duration of the analysis in a https://golang.org/pkg/time/#ParseDuration[Go duration string format]. The default duration is 1 minute. ++ +Adjust the duration according to your image. A longer duration may allow detection of more behaviors. An analysis duration that is too short might cause missing some of the suspicious findings that could have been detected on the container. ++ +Example: `--analysis-duration 2m30s` ++ +[NOTE] +==== +The analysis duration can be shorter than the duration you specified, if the container exits before the analysis time ends. + +When WildFire integration is enabled, the analysis duration can be longer than specified, since the communication with WildFire may take longer than the analysis duration. When the specified duration is met, Prisma Cloud stops the container, so no more events are collected, but is waiting for WildFire verdict to publish the results. +==== + +`-e`, `--env` [.underline]#`ENVIRONMENT VAR`#:: +A key=value pair to define an environment variable in the running container. Repeat flag for each environment variable. ++ +Example: `-e "GOROOT=/usr/local/go" -e "HTTPS_PORT=4443"` + +`-v`, `--volume` [.underline]#`VOLUME`#:: +A src:dst pair to mount a volume to the running container. Repeat flag for each mount. ++ +Example: `-v "/home/developer/app:/app" -v "/var/lib/mongo:/data"` ++ +NOTE: Any volume that is shared with the sandbox will be accessible to potential malware that exists on the container. Therefore, carefully consider the usage of volumes. + +`-w`, `--workdir` [.underline]#`DIRECTORY`#:: +Working directory inside the container. ++ +Example: `-w "/usr/src/myapp"` + +`--port` [.underline]#`PORT`#:: +A host_port:container_port[/tcp|udp] pair to bind a host port the running container's port. Repeat for each port. Port ranges are not supported. ++ +Example: `--port "80:123/tcp"` + +`--third-party-cmd` [.underline]#`value`#:: +Specify the third-party script/binary and its arguments ++ +Example: `--third-party-cmd /opt/sandbox/openscap_analysis.sh` + +`--third-party-delay` [.underline]#`value`#:: +Specify the required time to wait from the container start time (to ensure initialization completion) before executing the third-party command (Optional) (default: "0") ++ +Example: `--third-party-delay 5s` + +`--third-party-output` [.underline]#`value`#:: +Specify the third party script/binary output path ++ +Example: `--third-party-output /opt/sandbox/oscap-results.txt` + +`--tlscacert` [.underline]#`PATH`#:: +Path to Prisma Cloud CA certificate file. +If no CA certificate is specified, the connection to Console is insecure. + +`--token` [.underline]#`TOKEN`#:: +Token to use for Prisma Cloud Console authentication. +Tokens can be retrieved from the API endpoint `api/v1/authenticate` or from the *Manage > System > Utilities* page in Console. + +`--exit-on-error` [.underline]#`TRUE/FALSE`#:: +Immediately exit the analysis if an error is encountered. + +`-h`, `--help`:: +Show help + +[.section] +==== Return value + +The exit code is 0 if the sandbox analysis verdict is "Passed". If the verdict is "Failed", the exit code is 1. + +The criteria for passing or failing the sandbox analysis is determined by the severity of the suspicious findings detected during the analysis. The analysis verdict is "Failed" when there is at least one finding with Critical or High severity. Otherwise, the verdict is "Passed". + +Another reason why `twistcli sandbox` might return an exit code of 1 is if the analysis failed due to an error. + +=== Sandbox analysis results + +After `twistcli` dynamically analyzes the image, `twistcli`: + +* Exits with a return value. +* Outputs a summary of the results, including a verdict. +* Outputs a link to the results report in the Console UI. + +The results report in the Console UI includes the analysis summary and verdict, a list of suspicious detections found on the image, and the entire container behavior events that occurred during container runtime. + +image::image_sandbox_main_page.png[width=800] + +image::image_sandbox_results_a.png[width=800] + +image::image_sandbox_results_b.png[width=800] + +==== Analysis summary + +The analysis summary contains the following main parts: + +* Verdict - whether the image passed or failed the analysis. ++ +The criteria for passing or failing the sandbox analysis is determined by the severity of the suspicious findings detected during the analysis. The analysis verdict is "Failed" when there is at least one finding with Critical or High severity. Otherwise, the verdict is "Passed". +* Highest severity - the severity of the most severe suspicious finding. +* Suspicious findings count - the number of suspicious findings detected. +* Analysis metadata - analysis time, duration, and the container entrypoint. +* Image details - the details of the analyzed image. ++ +The image details also include an indication of an additional scan that may have been performed on the image. If the image was scanned for vulnerabilities and compliance as a part of the CI process, registry scanning, or as a deployed image, it will be displayed in the *Additional scan* field. You will also be able to click on its value to see the scan results. Only the furthest stage is reported in the following order: CI -> Registry -> Deployed. + +==== Suspicious findings + +The sandbox analysis mechanism detects the following suspicious behaviors: + +[cols="30%, 50%, 20%", options="header"] +|=== +|Detection |Description |Severity + +|Malware +|Malware detected by WildFire. + +Detecting malware using WildFire requires the xref:../configure/wildfire.adoc[WildFire integration] to be enabled. Go to *Manage > System > WildFire* and turn on the "Enable runtime protection" toggle. You can also choose to upload files with unknown verdicts to WildFire using the matching toggle. +|Critical + +|Crypto miners +|Crypto miner was detected. +|Critical + +|Suspicious ELF headers +|ELF file with a suspicious header was detected. The binary is either incompatible with the system architecture or the ELF header was manipulated to hinder analysis. For ELF header tampering, Prisma Cloud identifies overlapping headers, deleted headers, and improperly specified section sizes as suspicious. +|High + +|Vertical port scanning +|Vertical port scanner was detected. +|High + +|Kernel module modification +|Kernel module was being loaded or unloaded. +|High + +|Dropper +|A binary that wasn't included in the original image (dropped on disk) was executed. +|High + +|Modified binary +|A process modified a binary. +|High + +|Modified binary execution +|Execution of a binary that was included in the original image but has been modified. +|High + +|Fileless Execution +|Execution from a memory file descriptor was detected. +|High + +|Fileless executable creation +|An executable was written into a memory file descriptor. +|High + +|Executable creation +|A new executable file created on the disk. +|Medium + +|=== + +==== Container behavior + +The sandbox analysis mechanism collects Processes, Networking, and Filesystem events that occurred while the container was running in the sandbox. The events are displayed in the Console UI analysis report, in order to provide you with an overview of the container behavior at runtime. + +There are two display modes for viewing the container behavior events: + +* By Type - the events are aggregated by the main event properties, to give you an overview of which process run on the container, what were the network destinations it was trying to reach, what are its listening ports, etc. For example, if a process was running three times, only a single row will appear for this process, with the common properties only (MD5), and without the properties that are changing between events (command, parent process, etc). +* By Time - all the events are presented ordered by the time they occurred. For example, if a process was running three times, three rows with the same process will appear, with different time, and with all the event details for each one of them (command, parent process, etc). + +===== Filesystem events + +For container filesystem, Prisma Cloud collects Open, Create, and Modify file events. + +===== Network events + +There are three event types collected for container networking: + +* Listening port +* Outbound connection +* DNS query + +All three types are presented together under the *Networking* tab, but each has its own properties. + +Outbound connection events are also displayed on a world map according to the country matching their IP. Clicking on a connection event will mark it on the map. Hovering a country on the map will show you how many connections were detected for this country. + +image::image_sandbox_networking.png[width=800] + +==== View sandbox results on image details + +When reviewing image details, you can look at its latest sandbox analysis results in a dedicated section. The *Anaysis sandbox* section contains an analysis summary, including the verdict and the suspicious findings counts by type. Click on the link at the top to move to the full report page. + +image::image_sandbox_dialog.png[width=800] + +=== Actions + +==== Add to trust group + +After reviewing the analysis results of an image, you can decide whether you trust this image to run in your development and production environments. Optionally, you can add the image repository to a single or multiple trust groups using the *Add to trust group* action. +This way it is possible for you to get notified or block images that are not trusted. See xref:../compliance/trusted-images.adoc[Trusted Images] to learn more. + +==== Export to JSON file + +To export the analysis results, use the *Export to JSON* action at the top of the page. This action will download a file in a JSON format with the analysis results for the image. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/import-export-individual-rules.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/import-export-individual-rules.adoc new file mode 100644 index 0000000000..84c8cc1b16 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/import-export-individual-rules.adoc @@ -0,0 +1,63 @@ +== Import and export individual rules + +Prisma Cloud lets you import and export rules from one Console to another. +Every rule created in Prisma Cloud under the *Defend* section has copy and export buttons in the *Actions* menu. +An import button is located at the bottom of every rule table. + + +[.task] +=== Copying rules + +To copy a rule: + +[.procedure] +. Go to *Defend > Runtime > {Vulnerabilities | Compliance | Access}*. + +. Click *Actions > Copy* for the rule you want to copy. ++ +A dialog box named *Edit copy of….* opens. + +. Make any desired changes to the copied rule. + +. Click *Save*. + + +=== Exporting rules + +Click *Actions > Export* next to any rule to export it in json format. + +*Example* + +[source,json] +---- +{ + "name": "Default - ignore Prisma Cloud components", + "owner": "system", + "modified": "2017-05-31T20:47:21.573Z", + "effect": "alert", + "resources": { + "hosts": [ + "*" + ], + "images": [ + "docker.io/twistlock/private:console*" + ], + "labels": [ + "*" + ], + "containers": [ + "twistlock_console" + ], + "services": [] + }, + . + . + . +} +---- + + +=== Importing rules + +A rule can be imported into Console in JSON format. +To capture a rule in JSON format, use the export function described above. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-explorer.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-explorer.adoc new file mode 100644 index 0000000000..81de1ef092 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-explorer.adoc @@ -0,0 +1,218 @@ +== Incident Explorer + +Incident Explorer elevates raw audit data to actionable security intelligence, enabling a more rapid and effective response to incidents. +Rather than having to manually sift through reams of audit data, Incident Explorer automatically correlates individual events generated by the firewall and runtime sensors to identify unfolding attacks. + +Audit events generated as a byproduct of an attack rarely occur in isolation. +Attackers might modify a configuration file to open a backdoor, establish a new listener to shovel data out of the environment, run a port scan to map the environment, or download a rootkit to hijack a node. +Each of these attacks is made up of a sequence of process, file system, and network events. +Prisma Cloud's runtime sensors generate an audit each time an anomalous event outside the allow-list security model is detected. +Incident Explorer sews these discrete events together to show the progression of a potential attack. + +// Old Twistlock webinar link - To learn more about the challenges of incident response in cloud native environments, and how Prisma Cloud can help, see this https://www.youtube.com/watch?v=TxT7k061boE[webinar recording]. + + +=== Viewing incidents + +To view incidents, go to *Monitor > Runtime > Incident Explorer*. +Click on an incident to examine the events in the kill chain. +Clicking on individual events shows more information about what triggered the audit. +After you have examined the incident, and have taken any necessary action, you can declutter your workspace by archiving the incident. + +NOTE: Only one incident from the same type (port scanning, altered binary, etc.) will be initiated for the same resource (container, host, etc.) every 24 hours. Further incidents from this type for the same resource will be automatically suppressed for 24 hours. + +image::incident_explorer.png[width=800] + +All the raw audit events that comprise the incident can be found in the audit data tab. +To see the individual events and export the data to a CSV file, go to *Monitor > Events > {Container audits | Host audits | App-Embedded audits}*. + +Incident Explorer is organized to let you quickly access the data you need to investigate an incident. +The following diagram shows the contextual data presented with each incident: + +image::incident_explorer_data.png[width=800] + +* *(1) Story* -- +Sequence of audits that triggered the incident. + +* *(2) Image, container, and host reports* -- +Scan reports for each resource type. +Scan reports list vulnerabilities, compliance issues, and so on. + +* *(3) Connections* -- +Incident-specific radar that shows all connections to/from the container involved in the incident. +Its purpose is to help you assess risk by showing you a connection graph for the compromised asset. + +* *(4) Documentation* -- +Detailed steps for investigating and mitigating every incident type. + +* *(5) Forensics* -- +Supplemental data collected and stored by Defender to paint a better picture of the events that led to an incident. + + +[#forensics] +=== Forensics + +Prisma Cloud Forensics is a lightweight distributed data recorder that runs alongside all the containers in your environment. +Prisma Cloud continuously collects detailed runtime information to help incident response teams understand precisely what happened before, during, and after a breach. + +Forensic data consists of additional supplemental runtime events that complement the data (audits) already captured by Prisma Cloud's runtime sensors. +It provides additional context when trying to root cause an incident. +Each Defender collects and stores forensic data in a fixed-sized first-in-first-out log file on the host where it runs. +Forensic data is only downloaded to Console when it's needed for an incident investigation. +This architecture enables Defender to store large amounts of data without any impact on network bandwidth or server processing (on the host where Console runs). + +Forensics data is retrieved: + +* After Prisma Cloud detects an incident. +A minute after an incident occurs, Prisma Cloud collects forensic data from the relevant Defenders, and archives the data in Console. +By default, Console stores up to 100 incident snapshots, which are managed on a FIFO basis. +* On-demand. +Forensics data can be retrieved for review at any time from the Console UI. + +==== Forensics event types + +*Containers*: + +* Process spawned -- Process was run in the container. +Fields: timestamp, container ID, PID, PPID, path, command, arguments. +* Container started -- Container was started. +Fields: timestamp, container ID. +* Binary created -- Executable file or binary blob was created (file system event). +Fields: timestamp, container ID, user, PID, path. +* Listening port -- Container is listening on a network port. +Fields: timestamp, container ID, PID, path to executable that's listening, listening start time, port. +* Connection established -- Connection was established (incoming or outgoing) between the container and another entity. +Fields: timestamp, container ID, source, destination, destination port. +* DNS query -- DNS query was sent by the container. +Fields: timestamp, container ID, domain name, domain type. Collecting DNS query events for container forensics depends on enabling DNS monitoring in the container runtime policy. +* Runtime profile -- Runtime action was allowed for the container image while it was in learning mode. +Fields: timestamp, container ID, user, PID, PPID, path, command. +* Runtime audit -- Event occurred in a container that violates your runtime policy (model + runtime rules). +Fields: timestamp, container ID, user, audit message, attack type, effect (alert or block). +* Incident -- Incidents detected in a container that violates your runtime policy. +Fields: timestamp, container ID, audit message, Category. + +*App-Embedded*: + +* Process spawned -- Process was run in the container. +Fields: timestamp, PID, PPID, path, command, arguments. +* Container started -- Container was started. +Fields: timestamp. +* Binary created -- Executable file or binary blob was created (file system event). +Fields: timestamp, container ID, user, PID, path. +* Listening port -- Container is listening on a network port. +Fields: timestamp, PID, path to executable that's listening, listening start time, port. +* Connection established -- Connection was established (incoming or outgoing) between the container and another entity. +Fields: timestamp, source, destination, destination port. +* DNS query -- DNS query was sent by the container. +Fields: timestamp, container ID, domain name. +* Runtime audit -- Event occurred in a container that violates your runtime policy (runtime rules). +Fields: timestamp, user, audit message, attack type, effect (alert or prevent). +* Incident -- Incident detected in a container that violates your runtime policy. +Fields: timestamp, audit message, category. + +//Need to update +*Hosts*: + +* Process spawned -- Process was run on the host. +Fields: timestamp, hostname, path, PID, parent PID, parent path, user, command, interactive (true or false), program name. +* Binary created -- Executable file or binary blob was created (file system event). +Fields: timestamp, app, user, PID, path. +* DNS query -- DNS query was sent from the host. +Fields: timestamp, domain name, domain type. Collecting DNS query events for host forensics depends on enabling DNS monitoring in the host runtime policy. +* Runtime profile -- Runtime action was allowed for an app while it was in learning mode. +Fields: timestamp, app, user, capabilities, command. +* Runtime audit -- Event occurred in a container that violates your runtime policy (model + runtime rules). +Fields: timestamp, app, user, audit message, attack type, effect (alert or block). + +==== Configuring data collection + +To configure Forensics, go to *Manage > System > Forensics*. +By default, forensic data collection is enabled. + +With forensic data collection enabled, Defender requires an additional 1 MB of memory and 110 MB of storage space (100 MB for containers forensics and 10 MB for host forensics). +If enabled, you can specify the desired amount of storage space allocated to each Defender, see the suggested values below: + +* Container forensics, 100 MB per Defender +* Host forensics, 10 MB per Defender +* App-Embedded forensics, 10 MB per Defender. +Note that each AWS Fargate task has one Defender that monitors all the task's containers. + +You can specify a minimum of 10 MB and a maximum of 1000 MB for each category. + +Several settings dictate what type of data is collected and for how long: + +* *Max number of incident snapshots Console can store* -- +After an incident occurs, Prisma Cloud collects and saves the relevant forensic data set in Console. +To control the amount of data Console stores, Prisma Cloud caps the number of data sets and manages them on a FIFO basis. + +* *Collect network snapshots* -- +When this option is enabled, the forensic package that you can download from Console includes a netstat-style snapshot of the current connections. + +* *Collect network firewall snapshots* -- +When this option is enabled, the forensic data includes the _Connection established_ event type, which shows incoming and outgoing connection details, including source IP, destination IP, and destination port. + + +[.task] +==== Viewing forensic data + +Forensic data is associated with incidents. + +[.procedure] +. Open Console, and go to *Monitor > Runtime > Incident Explorer*. + +. In the *Active* tab, select an incident. + +. Click on *View forensic data*. ++ +image::incident_explorer_forensics.png[width=100] ++ +NOTE: If you configure Prisma Cloud to send out alerts on channels, such as email or Slack, when incidents occur, the alert messages will contain a direct link for downloading the forensics data. + +[.task] +==== Viewing container forensic data + +While Incident Explorer presents forensic data relevant to specific incidents, you can also view all available forensic data at anytime outside the scope of an incident. + +For containers, forensic data is collected on a per-model basis. +To retrieve and review the forensic data for a container: + +[.procedure] +. Open Console, and go to *Monitor > Runtime > Container Models*. + +. In the table, click the microscope icon for the container of interest. ++ +image::incident_explorer_container_forensics.png[width=800] ++ +Events are displayed in a coordinated timeline-table interface. ++ +image::forensics_container_timeline.png[width=800] + + +[.task] +==== Viewing host forensic data + +To retrieve and view the forensic data for a host: + +[.procedure] +. Open Console, and go to *Monitor > Runtime > Host Models*. + +. Click the *Host* toggle button. + +. In the table, click the microscope button for the host of interest. ++ +image::incident_explorer_host_forensics.png[width=800] + +[.task] +==== Viewing App-Embedded forensic data + +To retrieve and view the forensic data for App-Embedded: + +[.procedure] +. Open Console, and go to *Monitor > Runtime > App-Embedded observations*. + +. In the table, click the microscope button for the App-Embedded instance of interest. ++ +image::incident_explorer_app-embedded_forensics.png[width=800] ++ +NOTE: Since the table allows querying live forensics, the App-Embedded observations table will remove inactive App-Embedded instances once an hour. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/altered-binary.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/altered-binary.adoc new file mode 100644 index 0000000000..1f9a35ea5d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/altered-binary.adoc @@ -0,0 +1,25 @@ +== Altered binary + +An altered binary incident indicates that a binary that during image scanning was found with different metadata than what is specified by its package was executed. This binary might have been maliciously replaced or altered. + +=== Investigation + +The following incident shows that the process _python2.7_ was launched, but it seems to be altered or corrupted. + +image::altered_binary_incident.png[width=800] + +Your investigation should focus on locating the source of the affected image. + +If the image was pulled from a remote repository, you should confirm the image hash is as expected given the repository image metadata. You should make sure the image repository and the author are valid. + +If the image was built locally, you must examine the build process. Inspect your supply chain to understand if any binary from signed sources (such as a package manager) is changed or modified throughout the build. + +=== Mitigation + +A full mitigation strategy for this incident begins by resolving the issues that allowed to pull or build an image including an altered binary. + +Ensure that compliance benchmarks are appropriately applied to the affected images and containers. Use xref:../../compliance/trusted-images.adoc#[Trusted Images], to avoid image pulls from untrusted sources. + +For additional protection, Enable the _block_ action in the applicable compliance check to take action when altered binaries are found in an image during a scan. + +image::altered_binary_compliance_check.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts.adoc new file mode 100644 index 0000000000..583cef5ef6 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts.adoc @@ -0,0 +1,27 @@ +== Backdoor admin accounts + +Backdoors are a method for bypassing normal authentication systems, and are used to secure remote access to a system. + +Backdoor admin account incidents surface event patterns that indicate an actor might have created or modified a configuration to enable the continued use of a privileged account. + +=== Investigation + +In the following incident, you can see that a python script was used to modify _/etc/passwd_, potentially enabling an attacker to add or change a user account. In addition, there was other suspicious network activity that was made by the same python process. + +image::backdoor_admin_access_incident.png[width=800] + +The first step in an investigation is to validate that the changes represent a bona fide security incident. +In this case, the events that led to the incident seem to indicate a valid security incident, but you should examine the changes to _/etc/passwd_ to see if they represent the potential for an attacker to maintain persistence. + +Having determined that this is a bona fide incident, then the next steps focus on determining how an attacker was able to modify the system configuration. +This would, generally, be a post-compromise approach to maintain access to the compromised systems. +Check Incident Explorer for additional incidents. +Review additional runtime audits for the source to see if there are other clues. + +Review access to the container and ensure that the affected account(s) weren’t subsequently used for further access to systems and data. + +=== Mitigation + +A full mitigation strategy for this incident begins with resolving the issues that allowed the attacker to modify the system configuration. + +Ensure that compliance benchmarks are appropriately applied to the affected resources. For example, if the critical file systems in the container are mounted read-only, it will be more difficult for an attacker to change a configuration to their advantage. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-ssh-access.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-ssh-access.adoc new file mode 100644 index 0000000000..c472453039 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-ssh-access.adoc @@ -0,0 +1,30 @@ +== Backdoor SSH access + +Backdoors give attackers a way to bypass normal authentication systems, and are used to secure remote access to a system. + +Backdoor SSH access incidents indicate that an attacker might have changed the configuration of a resource to enable remote access to the resource. + +=== Investigation + +In the following incident, you can see two audits. +The first audit is a file system event that shows a new certificate was created in _/etc/openvpn_. +An attacker could use this certificate for follow-on access to the container. + +image::backdoor_ssh_access_incident.png[width=800] + +The first step in an investigation is to validate that the changes represent a bona fide security incident. +In this example, it’s unlikely that a change in the ca cert file is a valid one, but it might not always be so clear. + +After validating that this is a security incident, the next step is determining how an attacker was able to modify the system configuration. +This would, generally, be a post-compromise approach to maintain access to the compromised systems. +Check Incident Explorer for other potentially related incidents. +Review additional runtime audits for the source to see if there are other clues. + +Review access to the container and ensure that accesses weren't subsequently used for further access to systems and data. + +=== Mitigation + +A full mitigation strategy for this incident begins with resolving the issues that allowed the attacker to modify the system configuration. + +Ensure that compliance benchmarks are appropriately applied to the affected resources. +For example, if the critical file systems in the container are mounted read-only, it will be more difficult for an attacker to change a configuration to their advantage. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/brute-force.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/brute-force.adoc new file mode 100644 index 0000000000..2945b2067e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/brute-force.adoc @@ -0,0 +1,19 @@ +== Brute force + +A Brute Force incident surfaces a combination of audit events that indicate a protected resource is potentially being affected by an attempted DoS. + +=== Investigation + +In the following incident, you can see that a container received a flood of attempted actions to the extent that the Web Application and API Security (WAAS) blocked the source. + +image::brute_force_incident.png[width=800] + +Review the WAAS audit logs to determine any further impact: + +image::brute_force_cnaf_audits.png[width=600] + +Additionally, review the logs of potentially affected applications to determine if there was any further impact. + +=== Mitigation + +Ensure that WAAS rules provide protection for exposed services. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/crypto-miners.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/crypto-miners.adoc new file mode 100644 index 0000000000..5bb0dd217c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/crypto-miners.adoc @@ -0,0 +1,62 @@ +== Cryptominers + +Cryptominers are software used to generate new coins in cryptocurrencies such as Bitcoin and Monero. +These can be used legitimately by individuals; however, in containerized environments, they are often executed by attackers as a means of monetizing compromised hosts. + +Unless you are intentionally running a cryptominer, this alert most likely indicates a security incident in which an attacker was able to introduce a cryptominer into your infrastructure and execute it. + +image::crypto_miner_incident.png[width=800] + +Our research indicates that the potential attack vectors include: + +* A Kubernetes or Docker endpoint exposed to the Internet that allows unauthenticated access, or that is protected with weak credentials. +* A registry exposed to the Internet that allows unauthenticated users, or users with weak or common passwords, to make changes to stored images. +* Vulnerable code in a containerized service that has been exploited, followed by lateral movement and remote code execution. + +=== Enable Runtime Monitoring for Detection of Cryptominers + +. Ensure *Defend > Runtime > Container policy > Enable automatic runtime learning* is set to *on.* ++ +Known cryptominers are part of the IS feed on Prisma Cloud and they detect high CPU consumption and network communications. + +. Add a new runtime rule. ++ +When you add a new rule for container policy or serverless policy, it is enabled to alert you for cryptominer detection. +You can modify this to block the activity. ++ +image::crypto_miner_action.png[width=400] + +=== Investigation + +The first step in determining how the crypto miner was introduced is to determine if this is an existing image which has had unwanted processes introduced into it or if this is an entirely unwanted image. +You can inspect the image itself in the Prisma Cloud Console. + +image::crypto_miner_image_report.png[width=600] + +We can see that this image comes from Docker Hub and that it is not an image that was developed internally. +In this case, we would want to dig deeper into how the image was pulled and the container executed. +You may have many sources of this information including the Prisma Cloud Docker access logs (Monitor/Access/Docker), which have been exported to CSV and filtered here: + +image::crypto_miner_csv.png[width=800] + +This shows that a user account, ‘alice’, was used to run ‘docker exec’ and start the container, and that the command was run locally. +From here, we would want to review authentication logs on the system to determine how ‘alice’ was able to logon and to review other data to determine what else ‘alice’ was able to accomplish. + +If the image was an existing one that the enterprise legitimately uses, the next steps in the investigation would be to determine how the image was modified to include the crypto miner. +Start by reviewing the image in any registry where it is stored and looking at a history of changes made to the image. +It may be necessary to walk through the entire CI/CD pipeline to determine if changes were made prior to being pushed to the registry. + +=== Mitigation + +As soon as the investigation is complete, remove all instances of the running container (docker stop quirky_payne | docker rm quirky_payne in this case). +If the container(s) were started with an orchestrator like Kubernetes, it may be necessary to remove any configuration that would cause them to restart. + +If the image was pushed to a registry, take steps to remove affected versions from the registry. + +Secure all access, starting with any point of entry that was found. +Ensure that only needed endpoints are exposed to the Internet and that authentication is required at each endpoint that could, directly or indirectly, result in remote code execution. +Ensure accounts have strong passwords and, where possible, two-factor authentication. + +Investigate any successful attack vectors that were found in the investigation. +This may not be the only successful attack to have used this approach; instead, it may just be the most visible one. + diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt.adoc new file mode 100644 index 0000000000..6afacfc3e8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt.adoc @@ -0,0 +1,26 @@ +[#execution-flow-hijack] +== Execution flow hijack attempt + +An execution flow hijack attempt incident indicates that a possible attempt to hijack a program execution flow was observed. Special Linux library system files, which have a system-wide effect, were altered (this is usually undesirable, and is typically employed only as an emergency remedy or maliciously). + +=== Investigation + +The following incident shows that the binary _sudo_ wrote to _ld.so.preload_ file, which is a special Linux system file that impacts the entire system. By editing the Linux dynamic loader or files relied upon by the loader such as _ld.so.preload_, the attacker can inject malicious code to any binary execution. + +For further information about these files, see the following https://man7.org/linux/man-pages/man8/ld.so.8.html[link]. + +image::execution_flow_hijack_attempt_incident.png[width=800] + +Your investigation should focus on: + +* Determining the process that opened the Special Linux file. +* If the source of the alteration was an interactive process (such as shell), determine how an attacker gained access to that process. +* Review the forensics date for the host, other entries in the Incident Explorer, and audits from the source, looking for unusual process execution, hijacked processes, and explicit execution of commands. + +=== Mitigation + +A full mitigation strategy for this incident begins by resolving the issues that allowed the attacker to access and modify the system file. + +In addition, track the change that was done to the configuration in the system file. For example, in case of detected modification to the _ld.so.preload_ file, look for the shared library that was added to the file and determine the source of this malicious shared library. + +Ensure that compliance benchmarks are appropriately applied to the affected resources. For example, if the critical file systems in the host are mounted read-only, it will be more difficult for an attacker to change system files and configurations to their advantage. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/incident-types.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/incident-types.adoc new file mode 100644 index 0000000000..d65190c3f2 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/incident-types.adoc @@ -0,0 +1,16 @@ +== Incident types + +This section describes the incident types surfaced in Incident Explorer. + +* xref:altered-binary.adoc[Altered binary] +* xref:backdoor-admin-accounts.adoc[Backdoor admin accounts] +* xref:backdoor-ssh-access.adoc[Backdoor SSH access] +* xref:brute-force.adoc[Brute force] +* xref:crypto-miners.adoc[Crypto miners] +* xref:execution-flow-hijack-attempt.adoc[Execution flow hijack attempt] +* xref:kubernetes-attack.adoc[Kubernetes attack] +* xref:lateral-movement.adoc[Lateral movement] +* xref:malware.adoc[Malware] +* xref:port-scanning.adoc[Port scanning] +* xref:reverse-shell.adoc[Reverse shell] +* xref:suspicious-binary.adoc[Suspicious binary] diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/kubernetes-attack.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/kubernetes-attack.adoc new file mode 100644 index 0000000000..0d2ce4ab90 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/kubernetes-attack.adoc @@ -0,0 +1,31 @@ +== Kubernetes attacks + +Exploiting weaknesses in the container orchestrator to manipulate cluster settings is known as a Kubernetes attack. +This incident indicates attempts to directly access Kubernetes infrastructure from within a running container. +This may be an attempt to compromise the orchestrator. + +Actions that can trigger this incident include attempts to download and use Kubernetes administrative tools within a container, in addition to any attempts to access Kubernetes metadata. + +To detect Kubernetes attacks, you must have a runtime rule with the *Detect Kubernetes attacks* option enabled. + + +=== Investigation + +The following incident shows that a container queried kubelet metric API, which might be an attempt to compromise the orchestrator. + +image::kubernetes_attack_incident.png[width=800] + +The first step in an investigation is to validate that the changes represent a bona fide security incident. +Having determined that this is a bona fide incident, then the next steps focus on determining how an attacker would have gained access to the resources with access to the Kubernetes cluster. +Also, it is important to restrict access to your cluster by following best practices regarding access control. + +Review your Kubernetes cluster to ensure that no actions were taken to compromise your cluster. +In addition, closely review the audit actions and the forensic data available through incident explorer to understand the scope of the incident. + + +=== Mitigation + +A full mitigation strategy for this incident begins with resolving the issues that allowed the attacker to attempt to access the Kubernetes infrastructure. + +For additional protection, customize your runtime rules to _prevent_ or _block_ actions that access the metadata services or the open local kubelet port. +Compliance rules should include checks set to _alert_ or _block_ to ensure your containers and hosts are following the best practices for Kubernetes. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/lateral-movement.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/lateral-movement.adoc new file mode 100644 index 0000000000..cced891b6b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/lateral-movement.adoc @@ -0,0 +1,24 @@ +== Lateral movement + +Lateral movement incidents indicate that an attacker is using tools and techniques that enable movement between resources on a network. + +=== Investigation + +The following incident shows that netcat was used to establish a listener on port 9000. + +image::lateral_movement_incident.png[width=800] + +This behavior is a probable precursor to creating a reverse shell, allowing network-based remote control of another resource. + +Your investigation should focus on: + +* Determining how the process in the alert, such as _nc.openbsd_, was executed. +Review additional entries in Incident Explorer and other audits from the source, looking for unusual process execution, and explicit execution of commands. +* Reviewing container runtime audits to determine if the target successfully connected. +* If the target did successfully connect, determine what the attacker was able to do and if they were able to move further through the network. + +=== Mitigation + +After determining the cause of the process execution, resolve the problem, whether it be an exposed vulnerability, a configuration issue, or something else. + +For additional protection, enable the _prevent_ or _block_ actions in the applicable runtime rules to take action when anomalous processes, such as _netcat_, are executed. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/malware.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/malware.adoc new file mode 100644 index 0000000000..1d3b54361b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/malware.adoc @@ -0,0 +1,27 @@ +== Malware + +A malware binary incident indicates that a malware binary was written to the file system. +A binary can be identified as malware using WildFire, Prisma Cloud advanced intelligence stream or based on a custom feed. + +=== Investigation + +File can be identified as malware by WildFire, Prisma Cloud advanced threat intelligence feed and custom feeds. + +For files identified as malware by Wildfire, the WildFire report should be examined for additional details on the malware behavior. + +A malware incident indicates an attacker has access to writing or modifying files in a container/host and might have gained full code execution. + +Therefore, for investigating this incident you must first determine the source of the file write call. +The process that called the file write is likely malicious, or a user may have downloaded the malware unaware of the risk. + +You should further investigate how this process gained execution. +Review the forensics date for the container/host, other entries in the Incident Explorer, and audits from the source, looking for unusual process execution, hijacked processes, and explicit execution of commands. + +image::incident_malware.png[width=800] + +=== Mitigation + +A full mitigation strategy for this incident begins by resolving the issues that allowed the attacker to write or modify the file. + +Ensure that compliance benchmarks are appropriately applied to the affected resources. +For example, if the critical file systems in the host are mounted read-only, it will be more difficult for an attacker to change system files and configurations to their advantage. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/others.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/others.adoc new file mode 100644 index 0000000000..c1b3fc08bf --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/others.adoc @@ -0,0 +1,14 @@ +== Other incident types + +* *Hijacked Process:* +Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. +This type of incident could be a sign that a process has been used to compromise a container. + +* *Data exfiltration:* +Indicates the unauthorized transfer of data from one system to another. +These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. +For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www..com). + +* *Cloud Provider:* +Indicates attempts to abuse a provider's service to extract sensitive information. +For example: Container A queried provider API at . diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/port-scanning.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/port-scanning.adoc new file mode 100644 index 0000000000..574c3f2e31 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/port-scanning.adoc @@ -0,0 +1,38 @@ +== Port scanning + +Port scans are a method for finding which ports on a network are open and listening. +It is a reconnaissance technique that gives attackers a map of where they can further probe for weaknesses. + +Port scanning incidents indicate that a container is attempting to make an unusual number of outbound network connections to hosts and ports to which it does not normally connect. +Port scanning could be a post-compromise attempt to use the container to find other resources on the network as a precursor to lateral movement. + +=== Investigation + +The following screenshot shows a port scanning incident. + +image::port_scanning_incident.png[width=800] + +The first step in an investigation is to determine whether the source of the outbound network activity was an otherwise-valid process that was misused or a newly introduced process. +Prisma Cloud forensics are a great place to start. +In Incident Explorer, click *View Live Forensics*. +It shows that _bin/bash_ was launched immediately before the port scan, and that the shell was used to launch nmap. +Nmap is a popular network scanning tool. + +image::port_scanning_forensics.png[width=800] + +The next step in the investigation is to determine how nmap was introduced and executed. +Some plausible scenarios include: + +* A user account was used to execute nmap via a Docker command from the host. +If enabled, Prisma Cloud access logs would show which user ran the command and when it was run. +* A remote code execution vulnerability was used to run nmap remotely. +If the Prisma Cloud Web Application and API Security (WAAS) was configured to protect this container’s inbound traffic, the WAAS logs may help with your investigation. +Additionally, logs from the services in the container, such as Apache access logs, may shed additional light on the incident. + +Once the cause has been identified, the next step in the investigation is to review the services that the actor may have discovered via port scanning and to inspect those containers to ensure that there hasn’t been additional lateral movement. +Container runtime audits may show specific connection attempts. + + +=== Mitigation + +Mitigation and remediation for a port scanning incident should focus on resolving the issue that allowed execution of the responsible process. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/reverse-shell.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/reverse-shell.adoc new file mode 100644 index 0000000000..7a7b10e000 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/reverse-shell.adoc @@ -0,0 +1,31 @@ +[#reverse-shell] +== Reverse shell + +Reverse shell is a method used by attackers for gaining access to a victim’s system. +A reverse shell is a established by a malicious payload executed on a targeted resource which connects to a pre-configured host and provides an attacker the means to execute interactive shell commands through that connection. + +=== Investigation + +In the following incident, you can see that a reverse shell was used to provide a remote user interactive shell on this host, potentially enabling an attacker to execute any command that the user used to launch the reverse shell is authorized to execute. + +image::reverse_shell.png[width=800] + +The first step in an investigation is to validate that the reverse shell represent a bona fide security incident. +While it is unlikely that a legitimate application or user is using a reverse shell for legitimate reasons, the first step should be validation that the reported application and user have not used reverse shell intentionally. + +In this case it appears that a user used nc in order to allow a remote shell via ssh. "View forensics data" can be used to gain better understanding on what was done via the shell and understand whether this was for legitimate activity. + +Having determined that this is a bona fide incident, the next steps focus on determining how an attacker managed to execute the process that allowed them to initiate the remote shell. + +Check Incident Explorer for additional incidents. +Review additional runtime audits for the source to see if there are other clues. + +Review access to the resources and ensure that the affected account(s) weren’t subsequently used for further access to systems and data. + +=== Mitigation + +A full mitigation strategy for this incident begins with resolving the issues that allowed the attacker to execute the process that initiated the remote shell. + +Ensure that compliance benchmarks and patches are appropriately applied to the affected resources. For example, an unpatched critical vulnerability can be abused to execute a process that allows for the remote shell to be triggered remotely. + + diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/suspicious-binary.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/suspicious-binary.adoc new file mode 100644 index 0000000000..fff1fa0db4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/incident-types/suspicious-binary.adoc @@ -0,0 +1,40 @@ +== Suspicious binary + +A suspicious binary incident indicates that a suspicious binary was written to the file system. +The binary is either incompatible with the system architecture or the ELF header was manipulated to hinder analysis. +These indicators are common signs of malware. + +=== Investigation + +The first indicator of a suspicious binary would be that the binary is incompatible with the system architecture. + +Attackers use automated tools frequently to download multiple binaries of different architectures when the target architecture is not known. +Process _curl_ downloading an ARM binary, for example, strongly indicates a breach had taken place. + +The following incident shows that the process _curl_ downloaded the ELF file _/dropbear-arm-32_, which is incompatible with the system architecture. + +image::suspicious_binary_incident.png[width=800] + +The second indicator of a suspicious binary would be ELF headers with non-typical content. +This indicates that the binary might have been compiled by attacking tools or otherwise hindered to avoid detection. + +The following incident shows that the ELF file _upx_ was written to the file system and is suspected as malicious. +Its ELF header indicates using anti-analysis techniques to modify the file. + +image::suspicious_binary_incident2.png[width=800] + +When triggered in a container, the suspicious binary incident indicates an attacker has access to writing or modifying files in the container and might have gained full code execution in the container. + +Therefore, for investigating this incident you must first determine the source of the file write call. +The process that called the file write is likely malicious. + +You should further investigate how this process gained execution. +Review the forensics date for the container/host, other entries in the Incident Explorer, and audits from the source, looking for unusual process execution, hijacked processes, and explicit execution of commands. + + +=== Mitigation + +A full mitigation strategy for this incident begins by resolving the issues that allowed the attacker to write or modify the file. + +Ensure that compliance benchmarks are appropriately applied to the affected resources. +For example, if the critical file systems in the host are mounted read-only, it will be more difficult for an attacker to change system files and configurations to their advantage. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-audits.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-audits.adoc new file mode 100644 index 0000000000..dfd7cf5f3b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-audits.adoc @@ -0,0 +1,616 @@ +== Runtime Audits + +This document summarizes all the runtime audits (detections) that are available in Prisma Cloud Compute. For each detection, you can learn more about what it actually detects, how to enable or disable it, avoid false positives, relevant workloads (Containers, Hosts, Serverless and App-embedded), and if the audit also generates an incident. + +[.section] +=== Runtime detections for processes + +[cols="15%, 40%a, 25%a, 10%, 15%", options="header"] +|=== +|Detection |Context |Audit message |Triggers an incident |Workloads + +|Unexpected Process +|Indicates when a process that is not part of the runtime model was spawned. + +* Avoid audits for specific known and allowed processes, by adding the process name to the runtime rules processes *Allowed* list. +* In order to add the processes to the model, navigate to the relevant model under *Monitor > Runtime > Container* models, then click on *...* and select *Extend learning* +| +* launched but is not found in the runtime model +* launched from but is not found in the runtime model +| +|Containers + +|Port Scanning +|Indicates a process was spawned, that is identified as being used for port scanning. + +| launched and is identified as a process used for port scanning +|xref:incident-types/port-scanning.adoc[Port scanning] +|Containers + +|Explicitly Denied Process +|Indicates that a process listed in the *Denied & fallback* list was spawned. + +* For App-embedded and Serverless, this indicates that a process that is not listed in the *Allowed* list was spawned + +| launched and is explicitly denied by runtime rule. Full command +| +| +Containers, +Host, +Serverless, +App-embedded + +|Modified Process +|Indicates a modified process was spawned. A modified process is a process whose binary was created or modified after the container was started. + +* Enable and disable this detection via the *Processes started from modified binaries* toggle, under the Runtime rule Processes tab +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +|A modified executable was launched +| +| +Containers, +App-embedded + +|Altered Binary +|Indicates that a package binary file was replaced during image build. This detection will generate an audit when a process is started from an altered binary. + +* Enable and disable this detection via the *Processes started from modified binaries* toggle, under the Runtime rule Processes tab +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| launched and is detected as an altered or corrupted package binary. The file metadata doesn't match what’s reported by the package manager. +|xref:incident-types/altered-binary.adoc[Altered binary] +| +Containers, +App-embedded + +|Crypto Miner Process +|Indicates a process that is identified as a crypto miner was spawned. + +* Enable and disable this detection via the *Crypto miners* toggle, under the Runtime rule Processes / Anti-malware tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| launched and is identified as a crypto miner. Full command: +|xref:incident-types/crypto-miners.adoc[Crypto miners] +| +Containers, +Hosts, +Serverless, +App-embedded + +|Lateral Movement Process +|Indicates a process that is used for lateral movement was spawned. + +* Enable and disable this detection via the *Processes used for lateral movement* toggle, under the Runtime rule Processes tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| launched and is identified as a process used for lateral movement. Full command: +|xref:incident-types/lateral-movement.adoc[Lateral movement] +| +Containers + +|Temporary File System Process +|Indicates that a process is running from a temporary file system. + +* Enable and disable this detection via the *Processes running from temporary storage* toggle, under the Runtime rule Anti-malware tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| launched from a temporary file storage, which usually indicates malicious activity. +| +| +Hosts + +|Policy Hijacked +|Indicates that the Prisma Cloud process policy was hijacked + +|Possible tampering of Defender policy detected. +| +|Serverless + +|Reverse Shell +|Indicates that a process was identified as running a reverse shell + +* Enable and disable this detection via the *Reverse shell attacks* toggle, under the Runtime rule Processes / Anti-malware tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| is a reverse shell. Full command: +|xref:incident-types/reverse-shell.adoc[Reverse shell] +| +Containers, +Hosts + +|Suid Binaries +|Indicates that a process is running with high privileges, by watching for binaries with the setuid bit that are executed. + +* Enable and disable this detection via the *Processes started with SUID* toggle, under the Runtime rule Processes tab. + +| launched and detected as a process started with SUID. Full command: +| +| +Containers + +|Unknown Origin Binary by service +|Indicates detection of binaries created by a service without a package manager. + +* Enable and disable this detection via the *Non-packaged binaries created or run by service* toggle, under the Runtime rule Anti-malware tab. +* You can also select to *Suppress detection for binaries created by compilation tools*, to ignore binaries that are created by a specific compilation tool. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| launched from a binary file which was written by that is not known OS distribution package manager. +| +| +Hosts + +|Unknown Origin Binary by user +|Indicates detection of a binary created by a user without a package manager. + +* Enable and disable this detection via the *Non-packaged binaries created or run by user* toggle, under the Runtime rule Anti-malware tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| launched from a binary file which was written by that is not known OS distribution package manager. +| +| +Hosts + +|Web Shell +|Indicates that the process was launched by a web shell + +* Enable and disable this detection via the *Webshell attacks* toggle, under the Runtime rule Anti-malware tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +| suspected to be launched by a webshell at +| +| +Hosts +|=== + +[.section] +=== Container general runtime detections + +[cols="15%, 40%a, 25%a, 15%, 15%", options="header"] +|=== +|Detection |Context |Audit message |Trigger an incident |Workloads + +|Cloud Metadata Probing +|Indicates the container is trying to access a cloud provider metadata server. + +* Enable and disable this detection via the *Suspicious queries to cloud provider APIs* toggle, under the Runtime rule Anti-malware tab + +|Container queried provider API at
+|xref:incident-types/others.adoc[Cloud Provider] +| +Containers + +|Kubelet API Access +|Indicates that a container is trying to access the Kubelet main API. + +* Enable and disable this detection via the *Kubernetes attacks* toggle, under the Runtime rule Anti-malware tab. + +|Container queried kubelet API at
+|xref:incident-types/kubernetes-attack.adoc[Kubernetes attacks] +| +Containers + +|Kubelet Readonly Access +|Indicates that a container is trying to access the Kubelet readonly API. + +* Enable and disable this detection via the *Kubernetes attacks* toggle, under the Runtime rule Anti-malware tab. + +|Container queried kubelet readonly API at
+|xref:incident-types/kubernetes-attack.adoc[Kubernetes attacks] +| +Containers + +|Kubectl Spawned +|Indicates the kubectl process was spawned from the container. + +* Enable and disable this detection via the *Kubernetes attacks* toggle, under the Runtime rule Anti-malware tab. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rules processes *Allowed* list. + +|kubelet launched inside a container +|xref:incident-types/kubernetes-attack.adoc[Kubernetes attacks] +| +Containers + + +|Kubectl Downloaded +|Indicates that the kubectl binary was downloaded and written to the disk. + +* Enable and disable this detection via the *Kubernetes attacks* toggle, under the Runtime rule Anti-malware tab. + +| downloaded kubectl to container. +|xref:incident-types/kubernetes-attack.adoc[Kubernetes attacks] +| +Containers +|=== + +[.section] +=== Runtime detections for Network activities + +[cols="15%, 25%a, 20%a, 30%, 15%", options="header"] +|=== +|Detection |Context |Audit message |Trigger an incident |Workloads + +|Horizontal Port Scanning +|Indicates horizontal port scanning detected + +* Enable and disable this detection via the *Port scanning* toggle, under the Runtime rule Networking tab. + +|Horizontal port scanning to target IP detected. Target ports +|xref:incident-types/port-scanning.adoc[Port scanning] +| +Containers + +|Vertical Port Scanning +|Indicates vertical port scanning detected + +* Enable and disable this detection via the *Port scanning* toggle, under the Runtime rule Networking tab. + +|Vertical port scanning to target IP detected. Target ports +|xref:incident-types/port-scanning.adoc[Port scanning] +| +Containers + +|Port scanning +|Indicates a process was spawned, that is identified as being used for port scanning. + +* Enable and disable this detection through the *Port scanning* effects, under the Container runtime rule for Networking. +* Avoid audits on specific known and allowed processes, by adding process names to the runtime rule processes *Allowed* list. +| launched and is identified as a process used for port scanning +|xref:incident-types/port-scanning.adoc[Port scanning] +|Containers + +|Explicitly Denied IP +|Indicates that access to an IP address listed in the *Denied & fallback* list was detected. + +For App-embedded and Serverless, this indicates that access was detected to an IP address that is not listed in the *Allowed* list + +|Outbound connection to IP is explicitly denied by a runtime rule +| +|Containers, +Hosts, +Serverless, +App-embedded + +|Custom Feed IP +|Indicates detection of a connection to a high risk IP, based on a custom feed. + +* Enable and disable this detection for *Containers* via the *Prisma Cloud advanced threat protection* toggle, under the Runtime rule Anti-malware tab. +* Enable and disable this detection for *Hosts* via the *Suspicious IPs based on custom feed* toggle, under the Runtime rule Networking tab. + +|Connect to
is high risk, based on custom IP feed. +| +|Containers, +Hosts + +|Feed IP +|Indicates a connection to a high risk IP, based on intelligence feed data. + +* Enable and disable this detection for *Containers* via the *Prisma Cloud advanced threat protection* toggle, under the Runtime rule Anti-malware tab. +* Enable and disable this detection for *Hosts* via the *Suspicious IPs based on Prisma Cloud advanced threat protection* toggle, under the Runtime rule Networking tab. + +|Connect to
is high risk. Intelligence stream categorizes
as . +| +|Containers, +Hosts + +|Unexpected Outbound Port +|Indicates detection of an outbound connection on a port that is not part of the runtime model. + +* To avoid audits on specific ports, add the port to the runtime rule's Networking *Outbound internet ports* Allowed list, under *Defend > Runtime > Container policies* rules. +* In order to add the processes to the model, navigate to the relevant model under *Monitor > Runtime > Container* models, click on *...* and select Extend learning + +|Outbound connection to an unexpected port: IP: +| +|Containers + +|Unexpected Listening Port +|Indicates a container process is listening on a port that is not part of the runtime model. + +* To avoid audits on specific ports, add the port to the runtime rule's Networking *Listening ports* Allowed list, under *Defend > Runtime > Container policies* rules. +* In order to add the processes to the model, navigate to the relevant model under *Monitor > Runtime > Container* models, click on the *...* and select Extend learning + +|Process is listening on unexpected port +| +|Containers + +|Suspicious Network Activity +|Indicates detection of a process performing raw socket usage. + +* Enable and disable this detection via the *Raw sockets* toggle, under the Runtime rule Networking tab. + +|Process performed suspicious raw network activity, + +* The could indicate an ARP spoofing attempt or a port scanning attempt +| +|Containers + +|Explicitly Denied Listening Port +|Indicates a container process is listening on a port that is explicitly listed in the *Listening ports* list, under *Denied & fallback*. + +For App-embedded, this indicates ports that are not listed in the Allowed Listening ports list, or they are on the denied list. + +|Process is listening on port explicitly denied by a runtime rule + +| +|Containers, +Hosts, +Serverless, +App-embedded + +|Explicitly Denied Outbound Port +|Indicates a container process uses an outbound port that is explicitly listed in the *Outbound internet ports* list under *Denied & fallback*. + +For App-embedded, this indicates ports that are not listed in the *Outbound ports* list under *Allowed*, or they are on the denied list. + +|Outbound connection to port (IP: ) is explicitly denied by a runtime rule. + +| +|Containers, +Hosts, +Serverless, +App-embedded + +|Listening Port Modified Process +|Indicates a container modified process is listening on an unexpected port. + +* Enable and disable this detection via the *Networking activity from modified binaries* toggle, under the Runtime rule Networking tab. +* To avoid getting such an event for an allowed port, add the port to the Runtime rule's *Allowed Listening ports* list. + +|Container process was modified and is listening on unexpected port +| +|Containers + +|Outbound Port Modified Process +|Indicates a container modified process opened an outbound port. + +* Enable and disable this detection via the *Networking activity from modified binaries* toggle, under the Runtime rule Networking tab. +* To avoid getting such an event for an allowed port, add the port to the Runtime rule's *Allowed Outbound internet ports* list. + +|Outbound connection by modified process to port: IP: +| +|Containers + +|Feed DNS +|Indicates a DNS resolution query for a high risk domain, based on an intelligence stream. + +* Enable and disable this detection for *Containers* via the *Prisma Cloud advanced threat protection* toggle, under the Runtime rule Anti-malware tab. +* Enable and disable this detection for *Hosts* via the *Suspicious domains based on Prisma Cloud advanced threat protection* toggle, under the Runtime rule Networking tab. +* Make sure that the DNS toggle in the Runtime rule Networking tab is enabled as well +* To avoid getting such an event for a known and allowed domain, add the domain name to the Runtime rule's *Domains* list under *Allowed* in the Networking tab. + +| identified as high risk. Intelligence feed categorizes this domain as +| +|Containers, +Hosts + +|Explicitly Denied DNS +|Indicates a DNS resolution query for a blacklisted domain, that is explicitly listed in the *Domains* list, under *Denied & fallback* in the Networking tab. + +For App-embedded and Serverless, this indicates domains that are not listed in the Allowed Domains list. + +* Make sure that the DNS toggle in the Runtime rule Networking tab is enabled as well. + +|DNS resolution of domain name triggered by explicitly denied by runtime rule. +| +|Containers, +Hosts, +Serverless, +App-Embedded + +|DNS Query +|Indicates a DNS resolution query of a domain name that is not part of the runtime model. + +* To avoid getting such an event for a known and allowed domain, add the domain name to the Runtime rule's *Domains* list, under *Allowed* in the Networking tab. + +|DNS resolution of suspicious name , type +| +|Containers +|=== + +[.section] +=== Runtime detections for File system activities + +[cols="15%, 45%a, 20%a, 15%, 15%", options="header"] +|=== +|Detection |Context |Audit message |Trigger an incident |Workloads + +|Administrative Account +|Indicates that an administrative account file was accessed. Changes to such files can be related to backdoor attacks. + +* Enable and disable this detection via the *Changes to SSH and admin account configuration files* toggle, under the Container/App-Embedded Runtime rule's File system tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process. + +| wrote to administrative accounts configuration file +|xref:incident-types/backdoor-admin-accounts.adoc[Backdoor admin accounts] +| +Containers, +App-Embedded + +|SSH Access +|Indicates that an ssh config file was accessed + +* Enable and disable this detection via the *Changes to SSH and admin account configuration files* toggle, under the Container/App-Embedded Runtime rule's File system tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process. + +| wrote to SSH configuration file +|xref:incident-types/backdoor-ssh-access.adoc[Backdoor SSH access] +| +Containers, +App-Embedded + +|Encrypted Binary +|Indicates that an encrypted binary was written to disk, by checking the binary entropy. + +* Enable and disable this detection via the *Detection of encrypted/packed binaries* toggle, under the *Container/App-Embedded* Runtime rule File system tab. +* Enable and disable this detection via the *Encrypted/packed binaries* toggle, under the *Host* Runtime rule Anti-malware tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process. + +| wrote a suspicious packed/encrypted binary to . Packing/encryption can conceal malicious executables. +|xref:incident-types/suspicious-binary.adoc[Suspicious binary] +| +Containers, +Hosts, +App-Embedded + +|Explicitly Denied File +|Indicates that a file listed in the File system *Denied & fallback* list was accessed. + +| changed explicitly monitored file +| +|Containers, +App-Embedded + +|Malware File Custom +|Indicates that a file that is identified as malware, based on a custom feed, was accessed. + +* Enable and disable this detection for *Containers* via the *Prisma Cloud advanced threat protection* toggle, under the Runtime rule Anti-malware tab. +* Enable and disable this detection for *Hosts* via the *Malware based on custom feed* toggle, under the Runtime rule Anti-malware tab. +* Enable and disable this detection for App-embedded via the Custom feed for malware detection toggle, under the Runtime rule File system tab. + +| created which was detected as malware in the custom malware feed +|xref:incident-types/malware.adoc[Malware] +|Containers, +Hosts, +App-Embedded + +|Malware File Feed +|Indicates that a file that is identified as malware, based on the intelligence stream, was accessed. + +* Enable and disable this detection for *Containers* via the *Prisma Cloud advanced threat protection* toggle, under the Runtime rule Anti-malware tab. +* Enable and disable this detection for *Hosts* via the Malware based on *Prisma Cloud advanced threat protection* toggle, under the Runtime rule Anti-malware tab. + +|Process created the file which was detected as malicious. Intelligence feed identifies the file as +|xref:incident-types/malware.adoc[Malware] +|Containers, +Hosts + +|Executable File Access +|Indicates that an executable file was written. + +* Enable and disable this detection via the *Changes to binaries and certificates* toggle, under the Runtime rule File system tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process + +| changed the binary +| +|Containers, +App-Embedded + +|ELF File Access +|Indicates that an ELF file, that is not part of the runtime model, was modified. + +* This detection works automatically when using a Container runtime model. +* To disable this detection, disable the *Enable automatic runtime learning* toggle under the *Defend > Runtime > Container policy* tab. + +| changed the binary +| +|Containers, +App-Embedded + +|Secret File Access +|Indicates that a file containing sensitive key material, that is not part of the runtime model, was written. + +* This detection works automatically for containers when using a Container runtime model. +* To disable this detection for containers, disable the *Enable automatic runtime learning* toggle under the *Defend > Runtime > Container policy* tab. +* Enable and disable this detection for app-embedded via the Changes to binaries and certificates toggle, under the Runtime rule File system tab. + +| created a key file at +| +|Containers, +App-Embedded + +|Regular File Access +|Indicates that a regular file, that is not part of the runtime model, was created. + +* This detection works automatically when using a Container runtime model. +* For Serverless, this works when adding the path to the *Denied & fallback* list under File System. +* To disable this detection, disable the *Enable automatic runtime learning* toggle under the *Defend > Runtime > Container policy* tab. + +|* Container: wrote suspicious file to +* Serverless: access a suspicious path of + +| +|Containers, +Serverless, +App-Embedded + +|WildFire Malware detection +|Indicates that a file detected by WildFire as malware was written to the file system. + +To enable or disable WildFire: + +* Open the *Manage > system > WildFire* page and configure the desired settings +* Open the Runtime rule for Containers, Hosts, or App-Embedded, and enable/disable *Use WildFire malware analysis*. For Container/Host policy, this option is available under *Anti-malware* tab and for App-Embedded policy it's available under *File system* tab. + +|Process created the file with MD5 . The file created was detected as malicious. Report URL: +|xref:incident-types/malware.adoc[Malware] +|Containers, +Hosts, +App-Embedded + +|Unknown Origin Binary +|Indicates that a binary file was written by a process that is not a known OS distribution package manager. + +* Enable and disable this detection via the *Non-packaged binaries created or run by user* and *Non-packaged binaries created or run by service* toggles, under the Runtime rule Anti-malware tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process + +| which is not a known OS distribution package manager wrote the binary +| +|Hosts + +|Web Shell +|Indicates that a file written to disk was detected as a web shell. + +* Enable and disable this detection via the *Webshell attacks* toggle, under the *Host* Runtime rule Anti-malware tab +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process + +| wrote the file that was detected as a web shell. +| +|Hosts + +|File Integrity +|Indicates that file integrity detection was audited. + +* To configure File integrity detections, open the Host runtime rule, navigate to the File integrity tab, and create rules to add specific detections. + +| +| +| +Hosts + +|Malware Downloaded +|Indicates when a binary that has an architecture not supported by PC Compute Defender, is written to disk by a file download utility (“wget”, “curl”, etc.). PC Compute Defender supports the x86_64 architecture. + +* Enable and disable this detection via the *Binaries with suspicious ELF headers* toggle, under the *Containers/App-Embedded* Runtime rule File system tab, or under the *Host* Runtime rule Anti-malware tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process + +|Suspected malicious ELF file downloaded by process that is spawned by service [ +For interactive audits, should include: and user ] +. Incompatible process architecture . +|xref:incident-types/suspicious-binary.adoc[Suspicious binary] +|Containers, +Hosts, +App-Embedded + +|Suspicious ELF Header +|Indicates that an ELF file with suspicious malware indicators in the header was created. The ELF header can indicate that the file was modified with anti-analysis techniques, which is used often by malware to avoid detection. + +* Enable and disable this detection via the *Binaries with suspicious ELF headers* toggle, under the *Containers/App-Embedded* Runtime rule File system tab, or under the *Host* Runtime rule Anti-malware tab. +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process + +|Suspected malicious ELF file . File headers indicate anti-analysis techniques have been used to modify the file, which is used often by malware to avoid detection. +|xref:incident-types/suspicious-binary.adoc[Suspicious binary] +|Containers, +Hosts, +App-Embedded + +|Execution Flow Hijack Attempt +|Indicates a possible attempt to hijack program execution flow. For example, an audit will be generated when a process writes to /etc/ld.so.preload. + +* Enable and disable this detection via the *Execution flow hijacking* toggle, under the Host Runtime rule Anti-malware tab +* To ignore such a detection for a known and allowed process, create a Runtime custom rule that allows these file changes by a specific process + +|Binary wrote to . File /etc/ld.so.preload is a special Linux system file that impacts the entire system. Libraries specified in this file are preloaded for all programs that are executed in the system. +|xref:incident-types/execution-flow-hijack-attempt.adoc[Execution flow hijack attempt] +|Hosts +|=== diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-aggregation.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-aggregation.adoc new file mode 100644 index 0000000000..7e79518911 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-aggregation.adoc @@ -0,0 +1,25 @@ +== Event Aggregation + +This document explains logic behind runtime event aggregation in Prisma Cloud Compute. + +When a high number of events of the same event type are reported on the same image in specific host, Prisma Cloud Compute starts aggregating them to avoid Console inflating with large number of similar audits. + +For event aggregation to start, the following conditions must take place: + +* Events are generated on the same resource. +Example: a specific image on a host. +* Events generated are the same "Event Type" category (not specific audit). +Example: Network / Unexpected Listening Port, Filesystem / Reg File Access etc. +* More than 5 events satisfying the above conditions are reported within a 15 minutes timeframe. + +When such report aggregation starts, a message with the same is recorded in the Events table. + +Example:: High rate of reg file access events, reporting aggregation started; last event: /sbin/apk wrote a suspicious file to /usr/lib/node_modules/npm/.apk.f64bd79770d6df713fa07ddeabb044bb3eb76ffb554c2dab. Command: apk add npm + +Aggregation happens for 10 minutes, after which a message with the most recent audit is displayed. + +Example:: In the past 10 minutes, container /aqsa_high_alerts had 3 events of type unexpected listening port; The most recent event was: Container process /usr/local/bin/np is listening on unexpected port 8888 + +After aggregation period is completed, any new events that occur, are identified uniquely and go through the same logic above for aggregation as applicable. + +image::runtime_defense_aggregation.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-app-embedded.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-app-embedded.adoc new file mode 100644 index 0000000000..3d6deffb23 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-app-embedded.adoc @@ -0,0 +1,268 @@ +== Runtime defense for App-Embedded + +App-Embedded Defenders monitor and protect your containers at runtime, ensuring they execute as designed, and securing them against suspicious activity. + +App-Embedded Defender runtime rules let you control: + +* Process activity. +* Network connections. +* File system activity. + +App-Embedded Defenders also support xref:../runtime-defense/custom-runtime-rules.adoc[custom runtime rules]. + +For front-end containers, deploy the xref:../waas/waas.adoc[WAAS] application firewall for additional runtime protection. + + +=== App-Embedded runtime policy + +App-Embedded Defenders have distinct process, network, and file system sensors to monitor a workload's activity at runtime. +Each sensor is implemented individually, with its own set controls and configurations. +After deploying App-Embedded Defender, customize runtime protection for the workload by creating rules. +Rules let you control process, network, and file system activity. + +App-Embedded Defenders dynamically retrieve policies from Console as they are updated. +You can embed App-Embedded Defender into a workload with a very simple initial policy, and refine it later, as needed. + +Audits can be reviewed under *Monitor > Events > App-Embedded Audits* +App-Embedded Defender generates audits and incidents when one of the following conditions applies: + +* The sensor is enabled. +For example, the following screenshot shows that the file system sensor is enabled: ++ +image::runtime_defense_app_embedded_fs_mon_enabled.png[width=600] + +* A custom rule is attached to an App-Embedded runtime rule. +For example: ++ +image::runtime_defense_app_embedded_custom_rule.png[width=600] + +NOTE: Unlike Container Defenders, App-Embedded Defenders don't support xref:../runtime-defense/runtime-defense-containers.adoc#models[learning and models]. + + +=== Effect + +App-Embedded Defender runtime protectionn can be configured to operate in one of the following modes: + +* *Disable* -- Defender doesn't provide any protection. + +* *Alert* -- Defender generates audits when it detects runtime activity that violates your defined policy. +If alerts are configured, they're also generated and sent. +Audits can be reviewed under *Monitor > Events > App-Embedded audits*. + +* *Prevent* -- Prevents the runtime activity. +For example, file system defense prevents the creation or modification of files. + +App-Embedded Defenders don't support the *Block* action, where Defender stops the entire container. +Blocking isn't feasible when workloads run on Containers-as-a-Service platforms, where neither the workload nor the embedded Defender have access to the underlying container runtime (e.g. Docker Engine). + + +=== Process monitoring + +App-Embedded Defender can detect anomalous process activity. +Each control can be independently enabled or disabled. + +* *Processes started from modified binaries* -- Detects when binaries from a container image have been modified and then subsequently executed. + +* *Crypto miners* -- Detects crypto miners and creates a xref:../runtime-defense/incident-types/crypto-miners.adoc[crypto miner incident]. + +* *Explicitly allowed and denied processes* -- Controls which processes can run. +If you specify an allow list, then everything outside the allow list is denied by default. +If you specify a deny list, then everything outside the deny list is allowed by default. +Processes can be specified by a process name. + + +=== Network monitoring + +App-Embedded Defender can monitor container networking activity for patterns that indicate an attack might be underway. +Each control can be independently enabled or disabled. + +* *Allowed* and *Denied* -- Specifies known good or bad network connections. +You can define policy for listening ports, outbound internet ports for Internet destinations, and outbound IP addresses. +If you specify an allow list, then everything outside the allow list is denied by default. +If you specify a deny list, then everything outside the deny list is allowed by default. + +==== DNS + +DNS monitoring analyzes DNS lookups from your running containers. +Dangerous domains are detected as follows: + +* *Prisma Cloud Intelligence Stream* -- +Prisma Cloud's threat feed contains a list of known bad domains. + +* *Explicit allow list:* +Runtime rules let you augment the Prisma Cloud's Intelligence Stream data with your own explicit lists of known good domains. + + +=== File system monitoring + +App-Embedded Defender's runtime defense for container file systems continuously monitors and protects containers from suspicious file system activities and malware. + +By default, App-Embedded Defender monitors both the container's root file system and any mounted data volumes. + + +==== Enabling file system monitoring + +The file system sensor evaluates changes to the file system. +File system monitoring is disabled by default because it can impact the protected workload's performance. + +When you embed App-Embedded Defender into a workload, the state of the file system monitoring subsystem is set. +Once the state is set, it cannot be changed dynamically at runtime. +You must re-embedd Defender with a different setting. + +When the file system monitoring subsystem is enabled in App-Embedded Defender, the sensor captures file system events in the background, regardless of the settings in your runtime rules. +In particular, file system forensics (binary created event) are collected and reported regardless of how your runtime policy is configured. + +Security teams can globally specify the default setting for file system monitoring. +During the Defender embed (deployment) flow, individual teams can then see and accept the organization's recommended setting. +They can also override the default setting as they see fit for the efficient operation of their own applications. + +For more information, see xref:../install/deploy-defender/app-embedded/config-app-embedded-fs-protection.adoc[configuring the default setting for file system protection]. + + +==== Detections + +Prisma Cloud can detect anomalous file system activity. +Each control can be independently enabled or disabled. + +Defender also looks for attributes that make files suspicious, including signs they've been rigged for anti-analysis. + +* *Changes to binaries or certificates* -- Detects when these types of files from a container image are modified. + +* *Detection of encrypted/packed binaries* -- Detects usage of encrypted/packed binaries. +Such files are suspicious because it's a sign they've been rigged for anti-analysis to deploy malware undetected. + +* *Changes to SSH and admin account configuration files* + +* *Binaries with suspicious ELF headers* + +* *Custom feed for malware detection* + +* *Use WildFire malware analysis* -- Use WildFire, Palo Alto Networks' malware analysis engine, to detect malware. +To use Wildfire, it must first be enabled. + +* *Explicitly allowed and denied system paths* -- Controls where files can be written. +If you specify an allow list, then everything outside the allow list is denied by default. +If you specify a deny list, then everything outside the deny list is allowed by default. + +NOTE: The *Prevent* effect is supported for "Changes to SSH and admin account configuration files" and denied system paths only. For all other detections, you are alerted with an audit but the activity is not prevented. + +==== Malware protection + +App-Embedded Defender monitors container file systems for malicious binaries and certs using data from: + +* Your xref:../configure/custom-feeds.adoc[custom malware feed]. +* xref:../configure/wildfire.adoc[Wildfire]. + +When a file is written to the container file system, Defender compares the MD5 hash of the file to the MD5 hashes configured under *Manage > System > Custom feeds > Malware signatures*. +If there is a match, Defender creates an audit. + +=== Custom rules + +Custom rules offer another mechanism to protect running software. +Custom rules are expressions that give you a precise way to describe and detect discrete runtime behaviors. +Expressions let you examine various facets of an event in a programmatic way, then take action when they evaluate to true. + +For more information, see xref:../runtime-defense/custom-runtime-rules.adoc[custom rules]. + +NOTE: The *Prevent* effect isn't supported when using the `file.type` or `file.md5` properties in custom rules for App-Embedded Defenders. + + +[#cloud-metadata] +=== Monitoring workloads at runtime + +Go to *Monitor > Runtime > App-Embedded observations* to monitor and manage workloads protected by App-Embedded Defender. +This page aggregates and reports runtime audits, forensics, and environment metadata for each workload. +You can filter the workloads in the table by a number of facets, including collections and App ID. + +App-Embedded Defenders collect and report metadata about the environment in which they run. +From the *App-Embedded observations* page, click on a protected workload to open the report, and the click on the *Environment* tab. + +image::runtime_defense_app_embedded_obvervations_metadata.png[width=800] + +The metadata App-Embedded Defenders collect depends on what's available from the underlying cloud provider. +App-Embedded Defenders can collect and report the following metadata when running on the following cloud provider services: + +[cols="1,1,1,1,1"] +|=== +|Metadata |AWS - Fargate with ECS |AWS - Fargate with EKS |Google Cloud Run |Azure ACI + +|Cloud provider +|Y +|Y +|Y +|Y + +|Region +|Y +| +|Y +| + +|Account ID +|Y +| +|Y +| + +|Cluster +|Y +| +| +| + +|Instance ID +|Y (task ID) +| +|Y +| + +|Resource name (e.g., pod name) +|Y (container name) +| +| +| + +|Image name +|Y +|Y +|Y +|Y + +|Container name +|Y +| +| +| + +|App ID +|Y +|Y +|Y +|Y + +|=== + +// See #36853 +[NOTE] +==== +When App-Embedded Defender runs in Fargate on Amazon EKS and Azure ACI, it emits an error that says Defender failed to fetch cloud metadata. +This is by design, and the error message can safely be ignored. + +For AWS Fargate on Amazon EKS, Prisma Cloud doesn't report any cloud metadata because AWS doesn't support the instance metadata service for pods that are deployed with Fargate. +Similarly for images running on ACI, no cloud metadata is available for Prisma Cloud to report. +==== + + +=== Securing your App-Embedded containers + +To secure App-Embedded containers, including Fargate tasks, embed the Prisma Cloud App-Embedded Defender into it. +The steps are: + +. Define your policy in Prisma Cloud Console under *Defend > Runtime > App-Embedded policy*. + +. Embed the App-Embedded Defender into your container or task definition using one of the following procedures: ++ +* xref:../install/deploy-defender/app-embedded/app-embedded.adoc[Install App-Embedded Defender] +* xref:../install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc[Install App-Embedded Defender for Fargate] + +. Start the service that runs your container. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-containers.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-containers.adoc new file mode 100644 index 0000000000..09d139564d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-containers.adoc @@ -0,0 +1,532 @@ +== Runtime defense for containers + +Runtime defense is the set of features that provide both predictive and threat-based active protection for running containers. +For example, predictive protection includes capabilities like determining when a container runs a process not included in the original image or creates an unexpected network socket. +Threat-based protection includes capabilities like detecting when malware is added to a container or when a container connects to a botnet. + +Prisma Cloud Compute has distinct sensors for the filesystem, network, and process activity. +Each sensor is implemented individually, with its own set of rules and alerts. +The runtime defense architecture is unified to both simplify the administrator experience and to show more detail about what Prisma Cloud automatically learns from each image. +Runtime defense has two principal object types: models and rules. + + +[#models] +=== Container Models + +Models are the results of the autonomous learning that Prisma Cloud performs every time we see a new image in an environment. +A model is the "allow list" for what a given container image should be doing, across all runtime sensors. +Models are automatically created and maintained by Prisma Cloud and provide an easy way for administrators to view and understand what Prisma Cloud has learned about their images. +For example, a model for an Apache image would detail the specific processes that should run within containers derived from the image and what network sockets should be exposed. + +Navigate to *Monitor > Runtime > Container Models*. +Click on the image to view the model. + +There is a 1:1 relationship between models and images; every image has a model and every model applies to a single unique image. +For each image, a unique model is created and mapped to the image digest. +So, even if there are multiple images with the same tags, Prisma Cloud will create unique models for each image. + +Models are built from both static analysis (such as building a hashed process map based on parsing an init script in a Dockerfile ENTRYPOINT) and dynamic behavioral analysis (such as observing actual process activity during early runtime of the container). +Models can be in one of 3 modes: Active, Archived, or Learning. + +image::runtime_defense_734302.png[width=600] + +For containers in Kubernetes clusters, Prisma Cloud considers the image, namespace, and cluster when creating models. + +* When the same image runs in multiple different clusters, Prisma Cloud creates separate models for each image in each cluster. +* When the same image runs in multiple different namespaces, Prisma Cloud creates separate models for each image in each namespace. +* When there are multiple running instances of an image in the same namespace, Prisma Cloud creates a single model. +* When clusters are not applicable, Prisma cloud considers the image and namespace to create models. + +Prisma Cloud shows you how models map to specific images. +Go to *Monitor > Runtime > Container Models*, click a model in the table, and click the *General* tab. + +image::runtime_defense_overview_model.png[width=600] + + +=== Capabilities + +Some containers are difficult to model. +For example, Jenkins containers dynamically build and run numerous processes, and the profile of those processes changes depending on what's being built. +Constructing accurate models to monitor processes in containers that build, run, test, and deploy software is impractical, although other aspects of the model can still have utility. +Prisma Cloud automatically detects known containers and overrides one more aspect of the model with _capabilities_. + +Capabilities are discrete enhancements to the model that tune runtime behaviors for specific apps and configurations. +Rather than changing what's learned in the model, they modify how Prisma Cloud acts on observed behaviors. + +For example, the following model for the Jenkins container is enhanced with the capability for writing and executing binaries. + +image::runtime_defense_overview_container_model_capabilities.png[width=600] + + +=== Learning mode + +Learning mode is the phase in which Prisma Cloud performs either static or dynamic analysis. +Because the model depends on behavioral inputs, images stay in learning mode for 1 hour to complete the model. +After this 1 hour, Prisma Cloud enters a 'dry run' period for 24 hours to ensure there are no behavioral changes and the model is complete. +If during these 24 hours, behavioral changes are observed, the model goes back to Learning mode for an additional 24 hours. +The behavioral model uses a combination of machine learning techniques and typically requires less than 1 hour of cumulative observation time for a given image (it might comprise of a single container running the entire learning period or multiple containers running for some time slice where the sum of the slices is 1 hour). +During this period, only threat-based runtime events (malicious files or connections to high-risk IPs) are logged. +Prisma Cloud automatically detects when new images are added anywhere in the environment and automatically puts them in learning mode. + +image::runtime_defense_792723.png[width=600] + +* Extend Learning: You can relearn an existing model by clicking the *Extend Learning* button in the *Actions* menu. +This is an additive process, so any existing static and behavioral modeling remain in place. + +* Manual Learning: You can manually alter the duration of learning at any time by starting and stopping the *Manual Learning* option in the *Actions* menu. +This should be done with discretion because the model may or may not complete within the time-period due to manual interruption. +There is no time limit for manual learning. +It depends on the user's selection. + + +=== Active mode + +Active mode is the phase in which Prisma Cloud is actively enforcing the model and looking for anomalies that violate it. +Active mode begins after the initial 1 hour that the learning mode takes to create a model. +Because models are explicit allow lists, in enforcing mode, Prisma Cloud is simply looking for variances against the model. +For example, if a model predicted that a given image should only run the foo process and Prisma Cloud observes the bar process has spawned, it would be an anomaly. +Prisma Cloud automatically transitions models from learning mode into enforcing mode after the model is complete. +During this period, runtime events are logged. + +NOTE: During the initial dry run period (the first 24 hours), model may switch automatically from Active mode to learning mode depending on the behavioral changes observed, as mentioned above. +This automatic switching only happens during the first 24 hours of model initiation. If violations are observed later on, they are logged as runtime alerts under Monitor > Runtime. + + +=== Archived mode + +Archived mode is a phase that models are transitioned into when a container is no longer actively running them. +Models persist in an archived mode for 24 hours after being archived, after which point they’re automatically removed. +Archived mode serves as a 'recycle bin' for models, ensuring that a given image does not need to go through learning mode again if it frequently starts and stops, while also ensuring that the list of models does not continuously grow over time. + +Models display all the learned data across each of the runtime sensors to make it easy to understand exactly what Prisma Cloud has learned about an image and how it will protect it. +However, what if you need to customize the protection for a given image, set of images, or containers? +That’s the job of rules. + + +=== Rules + +Rules control how Prisma Cloud uses autonomously generated models to protect the environment. +For example, if Prisma Cloud’s model for the Apache image includes the process httpd, but you know that process bar will eventually run, and you want to ensure that process foo never runs, you can create a rule that applies to all images named httpd, add bar to the allowed process list, and add foo to the blocked process list. + +The following screenshot shows how the scope of the rule is set with xref:../configure/collections.adoc[collections]: + +image::runtime_defense_rule_scope.png[width=350] + +The Container runtime policy rules allow individual effects per protection, such as. anti-malware, crypto miners, reverse shell attacks, etc. for each section - Processes, Networking, File System, and Anti-malware. +The effect includes the following options: Disabled/Alert/Prevent/Block according to the supported effects for each detection. + +image::containerRuntimeRule-Processes.png[width=350] + +Rules let you explicitly allow/alert/prevent/block activity by a sensor. +Rules and models are evaluated together to create a resultant policy as follows: + +*model* (which contains only allowed activity) + *allowed activity from rule(s)* - *blocked activity from rule(s)* = *resultant policy* + +The resultant policy from the previous example: + +model (*httpd*) + allowed activity from rule (*process bar*) - blocked activity from rule (*process foo*) = httpd and bar are allowed and foo always is an anomaly regardless of the model + +By default, Prisma Cloud ships with an empty container runtime policy. +An empty policy disables runtime defense entirely. +To enable runtime defense, create a rule. +New runtime rules can be created in Console in *Defend > Runtime > Container policy*. + +As with every other subsystem in Prisma Cloud, you can customize how it works by creating rules, scoping rules to desired objects with filtering and pattern matching, and xref:../configure/rule-ordering-pattern-matching.adoc[properly ordering the rules] in the policy. +Rules are evaluated sequentially from top to bottom. +Once a match is found for the scope, the actions in the rule are executed and enforced. +Only a single rule is ever enforced for a given event. +While rules work in conjunction with models as described above, rules themselves are never combined. + +Refine your policy by creating rules that target specific resources, enabling or disabling protection features, and defining exceptions to the automatically generated allow-list models. + + +==== Discrete blocking + +Prisma Cloud lets you create runtime rules that block discrete processes inside a container using the *Prevent* effect. +It is an alternative to stopping an entire container when a violation of a runtime rule is detected. + +==== Blocked containers + +// Good info here: +// https://github.com/twistlock/twistlock/issues/8521 + +Prisma Cloud's runtime defense system compares the state of a running container to the predictive model created for it during its xref:../runtime-defense/runtime-defense.adoc#learning-mode[learning period]. +When abnormal activity is detected, such as executing an unknown process, Prisma Cloud can: + +* Raise an alert by generating an audit. +Audits are shown under *Monitor > Events > Container Audits*. +If you have an alert channel configured, such as email or Slack, audits are forwarded there too. +Alert is the default action for new runtime rules. +* Block the container by stopping it altogether. +To enable blocking, create a new runtime rule. +* Prevent just the discrete process or file system write (not the entire container). + + +===== Blocking action + +Blocking stops potentially compromised containers from running in your environment. + +Prisma Cloud blocks containers under the following conditions: + +* A container violates its runtime model, and you've installed a runtime rule with the action set to block. +For example, if an attacker infiltrates a container and tries to run a port scan using nc, then the container would be blocked if nc weren't a known, allowed process. +* A newly started container violates a vulnerability or compliance rule, and those rules have the action set to block. +Prisma Cloud scans all images before they run, to enforce policies about what's allowed to execute in your environment. +For example, your policy might call for blocking any container with critical severity vulnerabilities. + +Runtime rules can be created under Defend > Runtime > Container Policy. +Vulnerability rules can be created under Defend > Vulnerabilities > Policy, and compliance rules can be created under Defend > Compliance > Policy. + + +===== Viewing blocked containers + +Blocking immediately stops a container, taking it out of service. +Blocked containers are never restarted. +To see a list of blocked containers, go to the container audits page under *Monitor > Events > Container Audits*. + +image::block_containers_audits.png[width=650] + +When a container is stopped, Prisma Cloud takes no further action to keep it stopped. +Orchestrators, such as Kubernetes and OpenShift, start a fresh container in the blocked container's place. +Orchestrators have their own mechanism for maintaining a set point, so they ignore the restart policy defined in the image's Dockerfile. + +There is an exception when you run containers in a Docker-only environment (no orchestrator) and Prisma Cloud blocks a container. +In this case, Prisma Cloud must take additional action to keep the container blocked. +To prevent the container from automatically restarting, Prisma Cloud modifies the container's restart policy to always unless stopped. +If you want to unblock a container, connect to the node with the blocked container, and manually modify the container's Docker configuration. + + +===== Blocked container artifacts + +Forensic investigators can inspect a blocked container's artifacts to determine why it was stopped. +You can capture all the container's contents, including its file system data, with the docker export command. +Go to the node with the blocked container and run: + + $ docker export [container_id] > /path/filename.tar + + +==== VMware Tanzu Application Service (TAS) + +Runtime rules for VMware TAS apps are scoped by app name and space ID. +Specify values for app name and space ID in the *Labels* field of the relevant collection. +This field is auto-populated with values from your environment. + + tas-application-name: + tas-space-id: + + +=== Best practices + +One key goal is minimizing the amount of work you're required to do to manage runtime defense. +Leverage the models that Prisma Cloud can automatically create and manage. +Because behavioral learning for model creation is a mature technology for Prisma Cloud, in most cases, you won't need to create auxiliary rules to augment model behavior. +There will be some exceptions. +For example, a long-running container that changes its behavior throughout its lifecycle might need some manually created rules to fully capture all valid behaviors. +This is atypical for most environments, however, as containers that need to be upgraded are typically destroyed and reprovisioned with new images. + +If you do need to create runtime rules, here are some best practices for doing so: + +*Minimize the number of rules* -- Creating static rules requires time and effort to build and maintain; only create rules where necessary and allow the autonomous models to provide most of the protection. + +*Precisely target rules* -- Be cautious of creating rules that apply to broad sets of images or containers. +Providing wide-ranging runtime exceptions can lower your overall security by making rules too permissive. +Instead, target only the specific containers and images necessary. + +*Name rules consistently* -- Because rule names are used in audit events, choose consistent, descriptive names for any rules you create. +This simplifies incident response and investigation. +Also, consider using Prisma Cloud’s alert profile feature to alert specific teams to specific types of events that are detected. + + +=== Container runtime policy + +==== Anti-malware + +Anti-malware provides high-level control for anti-malware capabilities for containers. More granular configuration for each runtime capability is available through each of the other tabs on the rule. + +- *Prisma Cloud advanced threat protection* -- Use Prisma Cloud advanced threat protection intelligence feed, to apply malware prevention techniques across processes, networking, and filesystem. + +- *Kubernetes attacks* -- Monitors attempts to directly access Kubernetes infrastructure from within a running container, including both usage of the Kubernetes administrative tools and attempts to access the Kubernetes metadata. + +NOTE: *Prevent* has no effect on the Kubernetes attacks originating from a network activity because prevent effect is not supported for network activities. + +- *Suspicious queries to cloud provider APIs* -- Monitors access to cloud provider metadata API from within a running container. + +==== Advanced malware analysis + +- *Use WildFire malware analysis* -- Use WildFire, Palo Alto Networks' malware analysis engine, to detect malware. Currently Wildfire analysis is provided without additional costs, but this may change in future releases. To use Wildfire, it must first be enabled. + +==== Processes + +This section discusses runtime protection for processes. + +[#effect] +===== Effect + +When behavior is detected that deviates from your runtime policy (resultant from the combination of your container model and your rules), Prisma Cloud Defender takes action. +For processes, the Defender can be set into one of four modes. + +* *Disable* -- Defender doesn't provide any protection for processes. + +* *Alert* -- Defender raises alerts when it detects process activity that deviates from your defined runtime policy. +These alerts are visible in *Monitor > Events > Container Audits*. + +* *Prevent* -- Defender stops the process (and just the process) that violates your policy from executing. +This is known as discrete blocking. ++ +Prisma Cloud runtime rules let you deny specific processes. +When you specify the *Prevent* action in a runtime rule, Prisma Cloud blocks containers from running processes that are not defined in the model or the explicitly allowed processes list. +The rest of the container continues to execute without disruption. +The alternative to discrete blocking is container blocking, which stops the entire container when a denied process is detected. ++ +NOTE: The *Prevent* action is not supported on Debian 8. + +* *Block* -- Defender stops the entire container if a process that violates your policy attempts to run. + +// https://github.com/twistlock/twistlock/issues/9380 +// https://github.com/twistlock/twistlock/issues/14782 +// https://github.com/twistlock/twistlock/wiki/Monitor-binaries-that-do-not-belong-to-the-original-image +// https://github.com/twistlock/twistlock/wiki/Modified-binaries-detection-and-prevention +Note that besides taking action on processes outside the allow-list model, Defender also takes action when existing binaries that have been modified are executed. +For example, an attacker might replace httpd (Apache) with an older version that can be exploited. +Prisma Cloud raises alerts for each of the following cases: + +* A modified binary is executed, +* A modified binary listens on a port, +* A modified binary makes an outbound connection. + +==== Allowed activities + +- *Learned models*: As part of the model, Prisma Cloud learns what processes are invoked, and the parent processes that triggered the invocation. + +- Enable *Allow learned processes only from parents identified in the model* to validate if the process itself is in the model, and also that the process was started by the same parent that is present in the model. + +- *Processes list* - Enter a list of allowed processes. + +- *Allow all activity in attached sessions* -- Bypass runtime rules when attaching to running containers or pods. +This control lets developers and DevOps engineers troubleshoot and investigate issues in containers and pods without generating spurious audits or being stymied by block/prevent controls. +It applies to all types of attach sessions, including `kubectl exec` and `docker exec`. +Only Linux containers are supported; Windows containers aren't supported. ++ +NOTE: This feature is not applicable for Tanzu Application Service Defender (Windows and Linux). ++ +Note that this control bypasses all runtime activity - process, network, and file system - even though it's situated in the process tab. ++ +The following event types can't be bypassed by this control: DNS queries, listening ports, and raw sockets. +For these types of events, activity in the attached session won't be allowed if set in your policy. + +===== Detections + +Prisma Cloud can detect anomalous process activity. You can independently set different effects for each feature. + +- *Processes started from modified binaries* -- Detect when binaries from a container image have been modified and executed. + +- *Crypto miners* -- Prisma Cloud can detect crypto miners. +If detected, a xref:../runtime-defense/incident-types/crypto-miners.adoc#[crypto miner incident type] is created in Incident Explorer. +When this option is enabled, Defender takes action on this type of incident according to the configured <>. + +- *Reverse shell attacks* -- Detect usage of xref:../runtime-defense/incident-types/reverse-shell.adoc[reverse shell]. + +- *Detect processes used for lateral movement* -- Prisma Cloud can detect processes, such as netcat, known to facilitate lateral movement between resources on a network. +If detected, a xref:../runtime-defense/incident-types/lateral-movement.adoc#[lateral movement incident type] is created in Incident Explorer. +When this option is enabled, Defender takes action on this type of incident according to the configured <>. + +- *Processes started with SUID* -- Detect suspicious privilege escalation by watching for binaries with the setuid bit. ++ +Explicitly allowed processes from your runtime policy and learned processes from your runtime models bypass this control. +For example, if `ping` is added to the container's runtime model during the learning period, `ping` is permitted to run regardless of how this control is set. +However, if `ls` is explicitly permitted by your policy, but `sudo ls` is detected, this control flags the privilege escalation. +If you explicitly allow `sudo`, and then run `sudo ls`, this control is bypassed. + +- *Explicitly denied processes* - Enter a denied *Processes list* to tailor your runtime model, and choose the *Processes effect*. +Processes can be listed by a process name. + + +===== Runtime container models + +Container models are the product of an autonomous learning process initiated when Prisma Cloud detects new containers in your environment. +A model is an ‘allow list’ of known good activity for a container, built and maintained on a per-image basis. +You can see the domains in the model by going to *Monitor > Runtime > Container Models*, clicking on a model, then opening the *Process* tab. + +* *Static container models* -- processes that were scanned in the first scan during the container loading. + +* *Behavioral container models* -- processes that were scanned in the learning period that are not static. + +* *Extended behavioral container models* -- processes detected after the learning period, where Prisma Cloud identifies them as "low severity". +These types of processes will also be added to the model. +An alert is raised only once with a message saying there is a low likelihood that this process is malicious and no further alerts for this type of event will be raised. +Extended behavioral processes are added to the extended behavioral table in *Monitor > Runtime > Container Models* in the process tab in the extended behavioral section. + + +==== Networking + +Prisma Cloud can monitor container networking activity for patterns that indicate an attack might be underway. These features can be independently set to different effects. +The final policy that's enforced is the sum of the container model and your runtime rules. + +image::containerRuntimeRule-Networking.png[width=350] + + +===== IP connectivity + +When Prisma Cloud detects an outgoing connection that deviates from your runtime policy, Prisma Cloud Defender can take action. +Networking rules let you put Defender into one of three modes: + +* *Disable* -- +The defender does not provide any networking protection. + +* *Alert* -- +Defender raises alerts when targeted resources establish connections that violate your runtime policy. +The corresponding audits can be reviewed under *Monitor > Events > Container Audits*. + +* *Block* -- +The defender stops the container if it establishes a connection that violates your runtime policy. +The corresponding audit can be reviewed under *Monitor > Events > Container Audits*. + +The fields for *Explicitly allowed* and *Explicitly denied* let you tailor the runtime models for known good and known bad network connections. +These rules define the policy for listening ports, outbound internet ports for Internet destinations, and outbound IP addresses. +Defining network policy through runtime rules lets you specify permitted and forbidden behavior for given resources, and instruct the defender on how to handle the traffic that deviates from the resultant policy. + +- *Port scanning* -- Port scans are used by attackers to find which ports on a network are open and listening. +If enabled, Defenders detect network behavior indicative of port scanning. +The events generated from *Port scanning* can have alert or block effects. +If detected, a xref:../runtime-defense/incident-types/port-scanning.adoc#[port scanning incident] is created in Incident Explorer. + +- *Raw sockets* -- Prisma Cloud can monitor your environment for raw sockets, which can indicate suspicious activity. +Raw sockets let programs manipulate packet headers and implement custom protocols to do things such as port scanning. +Raw socket detection is enabled by default in new rules. + + +===== DNS + +Modern attacks, particularly coordinated, long-running attacks, use short-lived DNS names to route traffic from the victim's environment to command and control systems. +This is common in large-scale botnets. +When DNS monitoring is enabled (Alert, Prevent, or Block) in your runtime rules, Prisma Cloud analyzes DNS lookups from your running containers. +By default, DNS monitoring is disabled in new rules. + +Dangerous domains are detected as follows: + +* *Prisma Cloud Intelligence Stream* -- +Prisma Cloud's threat feed contains a list of known bad domains. + +* *Behavioral container models* -- +When learning a model for a container, Prisma Cloud records any DNS resolutions that a container makes. +When the model is activated, Defender monitors network traffic for DNS resolutions that deviate from the learned DNS resolutions. ++ +You can see the domains in the model by going to *Monitor > Runtime > Container Models*, clicking on a model, then opening the *Networking* tab. Known good domains are listed under *Behaviorally learned domains*. + +* *Extended behavioral container models* -- network traffic detected after the learning period, which Prisma Cloud identifies as "low severity". +This traffic will also be added to the model. +An alert is raised only once with a message saying there is a low likelihood that this event is malicious and no further alert for this type of event will be raised. + +* *Explicit allow and deny lists:* +Runtime rules let you augment the Prisma Cloud's Intelligence Stream data and models with your own explicit lists of known good and bad domains. +Define these lists in your runtime rules. + +In your runtime rules, set *Effect* in the DNS section to configure how Defender handles DNS lookups from containers: + +* *Disable:* +DNS monitoring is disabled. +DNS lookups are not modeled in learning mode. +DNS lookups aren't analyzed when models are active. + +* *Alert:* +DNS monitoring is enabled. +DNS lookups are modeled in learning mode. +DNS lookups are analyzed when models are active. +Anomalous activity generates audits. + +* *Prevent:* +DNS monitoring is enabled. +DNS lookups are modeled in learning mode. +DNS lookups are analyzed when models are active. +Anomalous activity generates audits. +Anomalous DNS lookups are dropped. + +* *Block* +DNS monitoring is enabled. +DNS lookups are modeled in learning mode. +DNS lookups are analyzed when models are active. +Anomalous activity generates audits. +When anomalous DNS lookups are detected, the entire container is stopped. + +==== File system + +Prisma Cloud's runtime defense for container file systems continuously monitors and protects containers from suspicious file system activities and malware. + +Prisma Cloud monitors and protects against the following types of suspicious file system activity: + +* Changes to any file in folders _not_ in the xref:../runtime-defense/runtime-defense.adoc#models[runtime model]. +* Changes to binaries or certificates anywhere in the container. +* Changes to SSH administrative account configuration files anywhere in the container. +* Presence of malware anywhere in the container. + +NOTE: File location change activity does not generate a runtime audit event. + +===== Malware protection + +Defender monitors container file systems for malicious certs and binaries using data from the Prisma Cloud Intelligence Stream. +Console receives the Prisma Cloud feed, and then distributes it to all deployed Defenders. +You can optionally supplement the Prisma Cloud feed with your own custom data. + +When a file is written to the container file system, Defender compares the MD5 hash of the file to the MD5 hash of known malware. +If there is a match, Defender takes the action specified in your rules. +Defender also looks for attributes that make files suspicious, including signs they've been rigged for anti-analysis. + +By default, new rules configure Defender to monitor both the container root file system and any data volumes. +Container root file systems reside on the host file system. +In this diagram, the running container also has a data volume. +It mounts the db/ directory from the host file system into its own root file system. +Both locations are monitored by Defender. + +The following diagram shows how Prisma Cloud protects containers from malicious files: + +image::runtime_defense_fs_584208.png[width=650] + +===== Effect + +When behavior is detected that deviates from your runtime policy (resultant from the combination of your container model and your rules), Prisma Cloud Defender takes action. +For processes, the Defender can be set into one of four modes. + +* *Disable* -- Defender doesn't provide any protection for file system. + +* *Alert* -- Defender raises alerts when it detects file system activity that deviates from your defined runtime policy. +These alerts are visible in *Monitor > Events > Container Audits*. + +* *Prevent* -- Defender stops the process (and just the process) that violates your policy from executing. +This is known as discrete blocking. +Prisma Cloud also lets you deny file system writes to specific directories. +Like the process rule, file system rules can be configured with the *Prevent* action, which blocks the creation and modification of any files in the specified directories. +This mechanism is designed to prevent bad actors from writing certificates or binary attack tools to disk, all without killing the process that initiated the write or stopping the entire container. ++ +NOTE: The *Prevent* action in file system rules is not supported for some kernel types. +If you specify a *Prevent* action, but the kernel does not support it, you will be alerted with an audit but the activity will not be prevented. The audit message will state that Prevent is not supported. ++ +NOTE: The *Prevent* action in file system rules is not supported when the Docker storage driver is set to aufs. +It is supported for other storage drivers, such as devicemapper and overlay2. +If you specify a *Prevent* action, but the storage driver does not support it, Prisma Cloud will respond with an alert and log the following message in Defender's log: _Docker storage driver on host doesn't support discrete file blocking_. ++ +NOTE: For the "Changes to binaries", "Detection of encrypted/packed binaries", and "Binaries with suspicious ELF headers" detections, the *Prevent* effect is only supported for existing files that are being modified. This is because these detections rely on the file content. When the file is new, it is empty, so it cannot be identified by one of these detections. In such cases, you are alerted with an audit but the activity is not prevented. The audit message will state that 'prevent' is not supported. + +* *Block* -- Defender stops the entire container if a process that violates your policy attempts to run. + +===== Detections + +Prisma Cloud can detect anomalous file system activity. +These features can be independently enabled or disabled. + +- *Changes to binaries* -- Detect when binaries from a container image are modified. + +- *Detection of encrypted/packed binaries* -- Detect usage of encrypted/packed binaries. Such files are alerted on as encrypted and packed binaries may be used as a method to deploy malware undetected. + +- *Changes to SSH and admin account configuration files* + +- *Binaries with suspicious ELF headers* + +- *Explicitly allowed and denied system paths* -- The fields for *Explicitly allowed paths* and *Explicitly denied paths* let you tailor your runtime models, by explicitly denying paths in the model or explicitly allowing paths that aren't in the model. + +- *Extended behavioral container models* -- Suspicious file system activities that are detected after the learning period, which Prisma Cloud algorithm identifies as "low severity". +These activities are also added to the model. +An alert will be only raised once with a message saying there is a low likelihood that this event is malicious, and no further alerts for this type of event will be raised. + +==== Custom rules + +For details on custom rules policy refer to xref:../runtime-defense/custom-runtime-rules.adoc[this] section. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-hosts.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-hosts.adoc new file mode 100644 index 0000000000..82531786bd --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-hosts.adoc @@ -0,0 +1,242 @@ +== Runtime defense for hosts + +Without secure hosts, you cannot have secure containers. +Host machines are a critical component in the container environment, and the hosts must also be secured like containers. +Prisma Cloud defender collects data about your hosts for monitoring and analysis. + +Runtime host protection is designed to continuously report an up-to-date context for your hosts. +You can set detection for malware, network, log inspection, file integrity, activities, and custom events. Some detected events can only be alerted on, while others can be prevented. + +[.task] +=== Host runtime policy + +By default, Prisma Cloud ships with an empty host runtime policy. An empty policy disables runtime defense entirely. + +To enable runtime defense, create a new rule. + +*Prerequisites:* +Install a xref:../install/deploy-defender/defender-types.adoc[host defender]. + +[.procedure] + +. Go to *Defend > Runtime > Host Policy* and select *Add rule*. ++ +image::host_runtime_rule.png[width=700] + +. Enter a *Rule name* to indicate the target of each rule. + +. The *Scope* of each rule is determined by the xref:../configure/collections.adoc[collection] assigned to that rule. ++ +Prisma Cloud uses xref:../configure/rule-ordering-pattern-matching.adoc[rule order and pattern matching] to determine which rule to apply for each workload. ++ +NOTE: The *Prevent* action for detection of file system events requires a Linux kernel version 4.20 or later. + +==== Anti-malware + +Anti-malware provides a set of capabilities that let you alert or prevent malware activity and exploit attempts. + +===== Global settings + +- *Alert/prevent processes by path* -- Provides the ability to alert on or prevent execution of specific processes based on the processes name or the full path of binary from which the process is executed. Some of the common tools are available for easy addition by selecting their category. + +- *Allow processes by path* -- Provides the ability to mark processes as safe to use based on the process name or full path. Processes added to this list will not be alerted on or prevented by any of the Malware runtime capabilities. + ++ +If a process is included in both the allow list and in the deny list, the process will still be allowed by the host runtime policy. + +===== Anti-malware and exploit prevention settings + +- *Crypto miners* -- Apply specific techniques for detection of crypto miners, alert on file creation, and alert or prevent their execution. + +- *Non-packaged binaries created or run by service* -- Detect binaries created by a service without a package manager. +Alert on file creation, and alert or prevent their execution. ++ +[NOTE] +==== +You need a running Defender, to detect the source when there is a `write` operation on a file. + +To detect binaries that have been deployed without a package manager, Prisma Cloud depends on the package manager on the host. Currently, the `apt`, `yum`, and `dnf` package managers are supported. +==== + +- *Non-packaged binaries created or run by user* -- Detect binaries created by a user without a package manager. +Alert on file creation, and alert or prevent their execution. + +- *Processes running from temporary storage* -- Detect processes running from temporary storage (unexpected behavior for legitimate processes). +Alert/prevent on file creation or execution. + +- *Webshell attacks* -- Detect abuse of web servers vulnerabilities to create a webshell. +Alert on webshell creation and alert or prevent execution of linux command line tools from web servers. + +- *Reverse shell attacks* -- Detect usage of xref:../runtime-defense/incident-types/reverse-shell.adoc[reverse shell] and generate an alert. + +- *Execution flow hijack* -- Detect xref:../runtime-defense/incident-types/execution-flow-hijack-attempt.adoc[execution flow hijack attempt] and generate an alert. + +- *Encrypted/packed binaries* -- Detect usage of encrypted/packed binaries and generate an alert. +Such files are alerted on as encrypted and packed binaries may be used as a method to deploy malware undetected. + +- *Binaries with suspicious ELF headers* -- Detect suspicious binaries for ELF headers and generate an alert. + +- *Malware based on custom feeds* -- Generate alerts for files classified as malware by their MD5. + +- *Malware based on Prisma Cloud Advanced Threat Protection* -- Generate alerts for files classified as malware by Prisma Cloud advanced intelligence feed. + +- +[NOTE] +==== +On operating systems where the defender supports identifying files of unknown origin (a file that wasn't installed by a known OS package manager) and an intercepted filesystem operation was performed on a file of a known origin, the following host runtime protection rules are skipped: + +- Writes of a crypto miner binary to disk +- Webshell attacks +- Execution flow hijacking +- Encrypted/packed binaries +- Binaries with suspicious ELF headers +- WildFire malware analysis +==== + +===== Advanced malware analysis + +- *Malware based on WildFire analysis* -- Use WildFire, the malware analysis engine of Palo Alto Networks, to detect malware and generate alerts. +Currently Wildfire analysis is provided without additional costs, but this may change in future releases. To use Wildfire, enable it under xref:../configure/wildfire.adoc[Wildfire settings]. + +===== Host observations + +- *Track SSH events* -- As part of the host observation capability, you can completely track all the SSH activities on the host. This feature is enabled by default in new rules and you can choose to disable this feature under host observations. + +==== Networking + +Networking provides a high level of granularity in controlling network traffic based on IP, port, and DNS. +You can use your custom rules or use Prisma Cloud Advanced Threat Protection to alert on or prevent access to malicious sites. + +[.section] +===== IP connectivity + +- *Allowed IPs*: -- create an approved list of IPs which when accessed, will not generate an alert. + +- *Denied IPs and ports* -- Create a list of listening ports, outbound internet ports, and outbound IPs which when accessed will generate an alert. + +- *Suspicious IPs based on custom feed* -- Generate alerts based on entries added to the list of suspicious or high-risk IP endpoints under *Manage > System > Custom feeds > IP reputation lists* + +- *Suspicious IPs based on Prisma Cloud advanced threat protection* -- Generate alerts based on the Prisma Cloud advanced threat protection intelligence stream. + +[.section] +===== DNS + +When DNS monitoring is enabled, Prisma Cloud filters DNS lookups. +By default, DNS monitoring is disabled in new rules. + +- *Allowed domains* -- Create an approved list of domains which when accessed will not generate an alert or be prevented. + +- *Denied domains* -- Create a list of denied domains which when accessed will be alerted or prevented. + +- *Suspicious domains based on Prisma Cloud Advanced Threat Protection* -- Generate alerts or prevent access to domains based on Prisma Cloud Advanced Threat Protection Intelligence Stream. + +==== Log inspection + +Prisma Cloud lets you collect and analyze logs from operating systems and applications for security events. +For each inspection rule, specify the log file to parse and any number of inspection expressions. +Inspection expressions support the https://github.com/google/re2/wiki/Syntax[RE2 regular expression syntax]. + +A number of predefined rules are provided for apps such as `sshd`, `mongod`, and `nginx`. + +Regardless of the specified inspection expression, log inspection has the following boundaries. + +* The maximum amount of bytes read per second is `100`. + +* The maximum amount of bytes in a chunk read per second is `2048`. + +These boundaries are non-customizable. + +==== File integrity management (FIM) + +Changes to critical files can reduce your overall security posture, and they can be the first indicator of an attack in progress. +The Prisma Cloud FIM from Prisma Cloud continuously monitors your files and directories for changes. +You can configure FIM to detect: + +* Read or write operations on sensitive files, such as certificates, secrets, and configuration files. + +* Binaries written to the file system. + +* Abnormally installed software. +For example, FIM can detect files written to a file system by programs other than `apt-get`. + +A monitoring profile consists of rules, where each rule specifies the path to monitor, the file operation, and the exceptions to the rule. + +image::runtime_defense_hosts_fim_rule.png[width=600] + +The file operations supported are: + +* Writes to files or directories +When you specify a directory, recursive monitoring is supported. + +* Read +When you specify a directory, recursive monitoring isn't supported. + +* Attribute changes +The attributes watched are permissions, ownership, timestamps, and links. +When you specify a directory, recursive monitoring isn't supported. + +==== Activities + +Set up rules to audit xref:../audit/host-activity.adoc[host events]. + +==== Custom rules + +For details on the custom rules policy refer to xref:./custom-runtime-rules.adoc[this] section. + +=== Monitoring + +To view the data collected about each host, go to *Monitor > Runtime > Host observations*, and select a host from the list. + +==== Apps + +The *Apps* tab lists the running programs on the host. +New apps are added to the list only on a network event. + +NOTE: Prisma Cloud automatically adds some important apps to the monitoring table even if they don't have any network activity, including `cron` and `systemd`. + +image::host_runtime_apps.png[width=700] + +For each app, Prisma Cloud records the following details: + +* Running processes (limited to 15). +* Outgoing ports (limited to 5). +* Listening ports (limited to 5). + +Prisma Cloud keeps a sample of spawned processes and network activity for each monitored app, specifically: + +* Spawned process -- Processes spawned by the app, including observation timestamps, username, process (and parent process) paths, and the executed command line (limited to 15 processes). +* Outgoing ports -- Ports used by the app for outgoing network activity, including observation timestamps, the process that triggered the network activity, IP address, port, and country resolution for public IPs (limited to 5 ports). +* Listening ports -- Ports used by the app for incoming network activity, including the listening process and observation timestamps (limited to 5 ports). + +Proc events will add the proc only to existing apps in the profile. The defender will cache the runtime data, saving timestamps for each of the 15 processes' last spawn time. + +Limitations: + +* Maximum of 50 apps. +* Last 10 spawned processes for each app. + +==== SSH session history + +The *SSH events* tab shows `ssh` commands run in interactive sessions, limited to 100 events per hour. + +image::host_runtime_ssh_history.png[width=700] + +==== Security updates + +Prisma Cloud periodically checks for security updates. +It's implemented as a compliance check. +This feature is supported only for Ubuntu/Debian distributions with the "apt-get" package installer. + +Prisma Cloud probes for security updates every time the scanner runs (every 24 hours, by default). +The check is enabled by default in *Defend > Compliance > Hosts* in the *Default - alert on critical and high* rule. + +image::host_runtime_update_compliance_check.png[width=700] + +The *Security Updates* show the pending security updates (based on a new compliance check that was added for this purpose). +Supported for Ubuntu and Debian. + +On each host scan, Prisma Cloud checks for available package updates marked as security updates and lists such updates under *Security Updates*. + +=== Audits + +You can view audits about host runtime events under *Monitor > Events > Host audits*. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-serverless.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-serverless.adoc new file mode 100644 index 0000000000..5718f8f44d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-serverless.adoc @@ -0,0 +1,76 @@ +== Runtime defense for serverless functions + +Prisma Cloud lets you monitor process, network and filesystem activity within your serverless functions and enforce policies to allow or deny these activities. +Policies let you define: + +* Process activity - enables specifying specific whitelisted processes, blocking all processes except the main process and detecting cryptomining attempts. +* Network activity - enables monitoring and enforcement of DNS resolutions, inbound and outbound network connections. +* Filesystem activity - enables defining specific paths in an allowed or denied list. + +In addition to runtime policy, you can also configure multiple xref:../waas/waas.adoc[WAAS] application firewall protections to defend your functions from application layer attacks. + + +=== Securing serverless functions + +To secure Serverless functions: + +. Verify that you have installed Serverless Defenders on your functions. ++ +You must install Serverless Defenders before you can create serverless runtime policy. + +. Log in to the Prisma Cloud Console and select *Defend > Runtime > Serverless policy* to add policies. +. Embed the Serverless Defender into your function either manually or with Auto-defend: ++ +* xref:../install/deploy-defender/serverless/serverless.adoc[Manually embed a Serverless Defender] +* xref:../install/deploy-defender/serverless/install-serverless-defender-layer.adoc[Use a Lambda layer to embed a Serverless Defender] +* xref:../install/deploy-defender/serverless/auto-defend-serverless.adoc[Use Auto-defend to deploy Serverless Defenders] + + +[.task] +=== Defining your policy + +Add runtime protection for your serverless function by defining a runtime rule for it in the Prisma Cloud Console. + +NOTE: Prisma Cloud ships without a Serverless runtime policy. +Serverless Defenders fetch the policy from the TW_POLICY environment variable and dynamically during runtime from the console (every 2 minutes). + +By default, new rules apply to all functions (`{asterisk}`), but you can target them to specific functions and/or regions using xref:../configure/rule-ordering-pattern-matching.adoc[pattern matching]. +For Azure Functions only, you can additionally scope rules by account ID. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > Runtime > Serverless Policy*. + +. Click *Add rule*. + +.. Enter a rule name. + +.. By default, the rule applies to all functions in all regions and accounts. ++ +Target the rule to specific functions. + +.. Click the *Networking* tab. + +.. Enable *DNS* toggle + +.. Set *Effect* to *Prevent*. + +.. Add _*amazon.com_ to the *DNS allow list* ++ +NOTE: By default, rules are set to allow traffic. +When adding a domain to the allow list, then everything outside the allow list is denied by default. +The above rule will block all traffic except to *amazon.com. + +.. Click *Save*. + + +=== View runtime audits + +To view the security audits, go to *Monitor > Events > Serverless Audits*. +You should see audits with the following messages: + + DNS resolution of domain name yahoo.com triggered by /usr/bin/wget explicitly denied by a runtime rule. + +To refine the view, use filters. +For example, to see Azure Functions only, use the `Provider: Azure` filter. diff --git a/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense.adoc b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense.adoc new file mode 100644 index 0000000000..4289060073 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense.adoc @@ -0,0 +1,7 @@ +== Runtime defense + +Runtime defense is the set of features that provide predictive protection for containers and threat based active protection for running containers, hosts and serverless functions. + +Predictive protection includes capabilities like determining when a container runs a process not included in the origin image or creates an unexpected network socket. + +Threat based protection includes capabilities like detecting when malware is added to a workload or when a workload connects to a botnet. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/inject-secrets-example.adoc b/docs/en/compute-edition/32/admin-guide/secrets/inject-secrets-example.adoc new file mode 100644 index 0000000000..90e4ff599a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/inject-secrets-example.adoc @@ -0,0 +1,126 @@ +== Injecting secrets: end-to-end example + +This article presents a step-by-step guide for testing Prisma Cloud's secret manager. +You will set up HashiCorp Vault, store a secret in it, inject the secret into a running container, then validate that it can be seen from within the container. + + +[.task] +=== Setting up Vault + +Set up HashiCorp Vault in development mode. + +[.procedure] +. Download Vault from https://www.vaultproject.io/downloads.html. + +. Unzip the package, then copy the vault executable to a directory in your `PATH`. + +. Verify that vault is installed. Run the following command: ++ + $ vault -help + +. Start Vault in development mode. ++ +---- +$ vault server -dev -dev-listen-address=':8200' + +==> WARNING: Dev mode is enabled! + +In this mode, Vault is completely in-memory and unsealed. +Vault is configured to only have a single unseal key. The root +token has already been authenticated with the CLI, so you can +immediately begin using the Vault CLI. + +The only step you need to take is to set the following +environment variables: + + export VAULT_ADDR='http://10.240.0.53:8200' + +The unseal key and root token are reproduced below in case you +want to seal/unseal the Vault or play with authentication. + +Unseal Key: Hb0dBfYh3ieHRmf28ohu5xh0DKfmP4aNa8JS5/jNsWQ= +Root Token: 29e3e12b-09b4-af6c-6e87-cbd9fbcb51bd +---- + + +[.task] +=== Storing a secret in HashiCorp Vault + +Store a secret in Vault. + +[.procedure] +. Open a shell and ssh to the host running Vault. + +. Set the Vault address in your environment. ++ + $ export VAULT_ADDR='http://:8200' + +. Create a secret. ++ +For Vault 0.10 or later: ++ + vault kv put secret/mySecret1 "pass=1234567" ++ +For Vault 0.9.x or older: ++ + $ vault write secret/mySecret1 "pass=1234567" + +. Read the secret back to validate it was properly stored. ++ +For Vault 0.10 or later: ++ + $ vault kv get secret/mySecret1 ++ +For Vault 0.9.x or older: ++ + $ vault read secret/mySecret1 + + +=== Integrating Prisma Cloud and Vault + +Follow the steps in xref:../secrets/secrets-stores/hashicorp-vault.adoc[Integrating Prisma Cloud with HashiCorp Vault]. + + +=== Creating a rule in Console + +Follow the steps in xref:../secrets/inject-secrets.adoc[Injecting secrets into containers]. + + +[.task] +=== Validating the secret is injected + +Start a container and verify that your secret is properly injected. ++ +The same procedure can be followed for injecting secrets in Kubernetes cluster. +Make sure Kubernetes uses dockerd and Prisma Cloud runs in local socket mode. + +*Prerequisites:* Defender must be running on the machine where you start your container. + +[.procedure] +. Start a container: ++ + $ docker run -ti ubuntu /bin/bash + +. Validate your secrets have been injected into this container. ++ +If you injected your secrets as environment variables, run: ++ + # printenv ++ +If you injected your secrets as files, run: ++ + # ls /run/secrets + # cat /run/secrets/ + +. Exit the shell inside the container. ++ + # exit + +. If your secrets are injected as environment variables, validate that they are encrypted when you run docker inspect. ++ +Start a container, and run it in the background: ++ + $ docker run -dit ubuntu /bin/bash + ++ + $ docker inspect diff --git a/docs/en/compute-edition/32/admin-guide/secrets/inject-secrets.adoc b/docs/en/compute-edition/32/admin-guide/secrets/inject-secrets.adoc new file mode 100644 index 0000000000..1704ca516d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/inject-secrets.adoc @@ -0,0 +1,85 @@ +== Inject secrets into containers + +To inject secrets into your containers, first xref:../secrets/integrate-with-secrets-stores.adoc#[integrate Prisma Cloud with your secrets manager], and then set up rules for injecting specific secrets into specific containers. + +Use the same procedure for injecting secrets in a Kubernetes cluster. +Set up your rules to target specific containers, images, or labels. +Make sure Kubernetes uses dockerd and Prisma Cloud is running in local socket mode. + + +[.task] +=== Injecting secrets into containers + +After integrating your secrets store with Prisma Cloud, specify which secrets should be injected into which containers. +To do this, create the appropriate rules in Console. + +Secrets can be injected as environment variables or as files. + +For secrets injected as environment variables: if there is a collision between a predefined environment variable and an injected secret, the value of the environment variable will always be the value of the secret. + +NOTE: For security reasons, secrets injected as environment variables are only exposed to the container's main process and children of the main process. + +For secrets injected as files: they can be found in _/run/secrets/_, where the contents of the file contain the secret’s value. +By default, secrets can only be read by root users in the container space. +If you run your containers as non-root users, configure the injection rule to make the secrets readable by all users. +Prisma Cloud can set the access permissions of the injected secrets file to read-only for the 'others' class of users. +For more information about access permissions and 'others', see the chmod man page. + +NOTE: Secrets injection currently only works with image labels, not container or host labels. + +*Prerequisite:* You've already created a secret in your store or vault. + +[.procedure] +. In Console, go to *Defend > Access > Secrets*. + +. Click *Add new secrets rule*. + +. Specify a name for your rule. + +. Specify how your secret(s) should be injected. +You can choose between environment variables and files. ++ +If you choose files, you can select how the files are injected into the container. +By default, the files are readable by root users only. +If your containers run as non-root users, select *All Users*. +The *All Users* option makes the files readable by any user by setting read permission for the others class of users. + +. Create a list of secrets from your store that you want to inject into your container(s). +Under *Add secret*: + +.. Specify a secret name. ++ +When you inject secrets as environment variables, this field specifies the environment variable name. ++ +When you inject secrets as files, this field specifies the file name. + +.. Specify the store where the secret is stored. +The drop-down list contains any store that you integrated with Prisma Cloud. + +.. Specify the secret's path and key. + +.. Click *Add Secret*. +It is added to the list of secrets. + +.. Repeat steps a through d for as many secrets that must be included in your rule. + +. Specify a scope for your rule with one or more xref:../configure/collections.adoc[collections]. +By default, the *All* collection is selected, which injects all secrets into all containers on all hosts. + +. Click *Add*. + +. Verify that your secrets are properly injected. ++ +For example, assuming your rule targets the alpine container and secrets are injected as environment variables, run the following commands: ++ +NOTE: Default rules target all resources in the environment. +The *Containers*, *Images*, *Hosts*, and *Labels* fields are set to wildcards. +If your rule is set up this way, then your secrets will be injected into the alpine container. ++ + $ docker run -it alpine:latest /bin/sh + / # printenv ++ +If your secrets are injected as files, and you left *Target directory* unspecified in your rule, then your secrets are injected into _/run/secrets/_, where is the name of the injected file, as specified in your rule. ++ + $ docker run -it alpine:latest /bin/sh + / # cat /run/secrets/ diff --git a/docs/en/compute-edition/32/admin-guide/secrets/integrate-with-secrets-stores.adoc b/docs/en/compute-edition/32/admin-guide/secrets/integrate-with-secrets-stores.adoc new file mode 100644 index 0000000000..8c50e29a5d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/integrate-with-secrets-stores.adoc @@ -0,0 +1,22 @@ +== Integrate with secrets stores + +To inject secrets into your containers, you must first integrate Prisma Cloud with your secrets manager, and then set up rules for injecting specific secrets into specific containers. + +Prisma Cloud can integrate with the following secrets managers: + +* xref:../secrets/secrets-stores/aws-secrets-manager.adoc#[AWS Secrets Manager] +* xref:../secrets/secrets-stores/aws-systems-manager-parameters-store.adoc#[AWS Systems Manager Parameters Store] +* xref:../secrets/secrets-stores/azure-key-vault.adoc#[Azure Key Vault] +* xref:../secrets/secrets-stores/cyberark-enterprise-password-vault.adoc#[CyberArk Enterprise Password Vault] +* xref:../secrets/secrets-stores/hashicorp-vault.adoc#[HashiCorp Vault] (versions 0.9.x and older, and versions 0.10 and later) + + +=== Refresh interval + +By default, the refresh interval is disabled. +That means if you change a secret’s value in the secrets store, you must force Prisma Cloud to update its list of values. +In Console, go to *Defend > Access > Secrets* and click *Refresh secrets* to force Prisma Cloud to fetch the latest values of all secrets from their configured stores. + +You can also configure Prisma Cloud to periodically retrieve the latest values of all the secrets from their stores. +In Console, go to *Manage > Authentication > Secrets*, click *Edit* next to the *Secrets refresh interval* field, and specify an integer value in hours. +Setting the refresh interval to 0 disables automatic periodic refreshes. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-manager.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-manager.adoc new file mode 100644 index 0000000000..0b4eaf8e6d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-manager.adoc @@ -0,0 +1,70 @@ +== Secrets manager + +Containers often require sensitive information, such as passwords, SSH keys, encryption keys, and so on. +You can integrate Prisma Cloud with many common secrets management platforms to securely distribute secrets from those stores to the containers that need them. + +Enterprise secret stores reduce the risk of data breaches that could occur when sensitive information is littered across an organization, often in places where they should not be, such as email inboxes, source code repositories, developer workstations, and Dropbox. +Secret stores provide a central and secure location for managing and distributing secrets to the apps that need them. +They give you a way to account for all the secrets in your organization with audit trails that show how they are being used. + +Orchestrators such as kubernetes and openshift, offer their own built-in secret stores with support for creating secrets, listing them, deleting them, and injecting them into containers. +However, if you already have an enterprise secrets store, then you probably want to extend it to handle to your container environment. +Utilizing the orchestrator’s built-in secrets management capabilities when you already have an enterprise secrets store is unappealing because it represents another silo of sensitive information that needs to be carefully secured. +It undermines the principal benefit of a secrets store, which is managing all sensitive data in a single location. + + +=== Theory of Operation + +When a user or orchestrator starts a container, Defender injects the secrets you specify into the container. +In order for secret injection to work, all Docker commands must be routed through Defender. Refer to xref:inject-secrets.adoc[Inject Secrets into Containers]. +There are several moving parts in the solution: + +image::secrets_manager_791688.png[width=400] + +*A*. +Secret values are fetched, encrypted, and stored in Console's database when a rule is created or modified. +Secret values in Console's database are periodically synced with the secrets store to provide resiliency in the case of connectivity outages and to optimize performance. All secrets cached on disk, both in Defender and in Console, are protected with 256 bit AES encryption. +If you change a secret's value in the secrets store and you need it synced immediately, you can click the refresh button in the Console UI to refetch all secrets from their configured stores. + +*1*. +Operator (or orchestrator) starts a container with docker run. + +*2*. +Defender assesses the command against the policy installed in Console. + +*3*.The secret is returned to Defender. +Defender starts the container using the Docker API, which is exposed through the Docker daemon's local UNIX socket, and injects the secret into the container. + + +=== Capabilities + +The Prisma Cloud secrets manager has the following capabilities: + +* Supports integration with common secrets management platforms. +* Manages the distribution of secrets from the secret store to your containers through policies. +In Console, you create the rules that control which secrets get injected into which containers. +* Injects secrets into containers as either environment variables or files. +* Secrets injected as environment variables are presented in-the-clear from within the container. +They are redacted from the outside to prevent exposure by the docker inspect command. +* Secrets injected as files are provided from an in-memory filesystem (on /run/secrets/) that is mounted into the container when it is created. +When the container is stopped, the secrets directory is unmounted and deleted. + + +=== Best practices + +There are a number of ways that secrets can be compromised. + +*Defender is bypassed.* +If Defender is bypassed, an attacker can execute Docker commands directly against the Docker daemon's local UNIX socket, and he will be able to expose your secrets. +Be sure that your hosts are secured with least privilege access so that users can only run docker commands through Defender. + +image::secrets_manager_790254.png[width=600] + +*Limit lower privileged users to monitoring commands, such as docker ps and docker inspect.* +Prisma Cloud automatically encrypts secrets injected as environment variables when accessed from docker inspect. +Restrict commands such as docker exec and docker run to just the operators that need them because these commands can reveal secrets injected into a container by giving the user shell access inside the container, where variables are in the clear. +For example, docker exec printenv on a running container, or docker run printenv on an image, can reveal environment variables that are otherwise encrypted with docker inspect. +The following diagram shows one way to grant access to Docker functions based on a user's role. +This is the way that Docker Datacenter Universal Control Plane (UCP) grants permissions, and you can implement the same scheme with Prisma Cloud's access control rules. + +image::secrets_manager_790256.png[width=700] diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-secrets-manager.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-secrets-manager.adoc new file mode 100644 index 0000000000..c46edb28ab --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-secrets-manager.adoc @@ -0,0 +1,42 @@ +:topic_type: task + +[.task] +== AWS Secrets Manager + +You can integrate Prisma Cloud with AWS Secrets Manager. +First, configure Prisma Cloud to access AWS Secrets Manager, then create rules to inject the relevant secrets into the relevant containers. + + +*Prerequisites:* + +* The service account Prisma Cloud uses to access the secrets store must have the following permissions: +** secretsmanager:GetSecretValue +** secretsmanager:ListSecrets +* You have https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html[created a secret] in AWS Secrets Manager. +Automatic rotation must be disabled. +Prisma Cloud supports the key-value secret type only. +When storing a new secret, select *Other type of secrets*, then *Secret key/value*. ++ +image::aws_secrets_manager_secret_type.png[width=400] + +[.procedure] +. Open Prisma Cloud Console. + +. Integrate Prisma Cloud with the secrets store. + +.. Go to *Manage > Authentication > Secrets*, and click *Add store*. + +.. Enter a name for the store. +This name is used when you create rules to inject secrets into specific containers. + +.. For *Type*, select *AWS Secrets Manager*, then fill out the rest of the form, including your credentials. + +.. Fill out the rest of the form, specifying how to connect to the Secrets Manager. + +.. Click *Add*. ++ +After clicking *Add*, Prisma Cloud tries connecting to your secrets manager. +If successful, the dialog closes, and an entry is added to the table. +Otherwise, connection errors are displayed directly in the configuration dialog. ++ +Next, xref:../../secrets/inject-secrets.adoc#[inject a secret into a container]. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store.adoc new file mode 100644 index 0000000000..3aab7f0764 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store.adoc @@ -0,0 +1,46 @@ +:topic_type: task + +[.task] +== AWS Systems Manager Parameters Store + +You can integrate Prisma Cloud with AWS Systems Manager Parameters Store. +First configure Prisma Cloud to access the Parameters Store, then create rules to inject the relevant secrets into the relevant containers. + +*Prerequisites:* + +* The service account Prisma Cloud uses to access the Parameters Store must have the following permissions. +These permissions are part of pre-existing policy named AmazonSSMReadOnlyAccess. +For more information, see https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-access-user.html[Configure User Access for Systems Manager]. +** ssm:Get* +** ssm:List* + +* You have https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-console.html[created a secret] in your Parameters Store. +Prisma Cloud supports all parameter types. +Note, however, that StringList is injected "as-is". +For example, if the value you specify for parameter of type StringList is `twistlock,test,value`, then the injected environment variable would look like this: ++ + ENV_VAR=twistlock,test,value ++ +image::aws_systems_manager_parameter_store_param_type.png[width=400] + +[.procedure] +. Open Prisma Cloud Console. + +. Integrate Prisma Cloud with the store. + +.. Go to *Manage > Authentication > Secrets*, and click *Add store*. + +.. Enter a name for the store. +This name is used when you create rules to inject secrets into specific containers. + +.. For *Type*, select *AWS Systems Manager Parameters Store*. + +.. Fill out the rest of the form, specifying how to connect to the store. + +.. Click *Add*. ++ +After clicking *Add*, Prisma Cloud tries conecting to your store. +If it is successful, the dialog closes, and an entry is added to the table. +Otherwise, any connection errors are displayed directly in the configuration dialog. ++ +Next, xref:../../secrets/inject-secrets.adoc#[inject a secret into a container]. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/azure-key-vault.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/azure-key-vault.adoc new file mode 100644 index 0000000000..f17a0a2180 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/azure-key-vault.adoc @@ -0,0 +1,75 @@ +:topic_type: task + +[.task] +== Azure Key Vault + +You can integrate Prisma Cloud with Azure Key Vault. +First configure Prisma Cloud to access your Key Vault, then create rules to inject the relevant secrets into their associated containers. + +*Prerequisites:* You have https://docs.microsoft.com/en-us/azure/key-vault/quick-create-portal#add-a-secret-to-key-vault[created a secret] in Key Vault. + +[.procedure] +. Create an Azure servicePrincipal in your Azure AD Tenant + +.. Use https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[AZ CLI] to create a servicePrincipal and obtain the json credential file. + +.. Authenticate to your Azure tenant. + + $ az login + +.. Create a servicePrincipal + + $ az ad sp create-for-rbac + +.. Save the resulting json output.+ + + { + "appId": "xxxxxxxx-xxxxx-xxxx-xxxxxxxx", + "displayName": "azure-cli-2018-11-01-xx-xx-xx", + "name": "http://azure-cli-2018-11-01-xx-xx-xx", + "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "tenant": "xxxxxxxxxxxxxxxxxxxxxxxxxxx" + } + +.. In the Azure Key Vault, add the servicePrincipal to the *Access Policies* with the following permissions: ++ + secrets/get permission + secrets/list permission + +. In the Prisma Cloud Console, go to *Manage > Authentication > Secrets*. + +. Click *Add store*. + +.. Enter a name for the vault. +This name is used when you create rules to inject secrets into specific containers. + +.. For *Type*, select *Azure Key Vault*. + +.. For *Address*, enter *\https://.vault.azure.net*. +This address can be found in the Azure Key Vault's properties in the _DNS Name_ element. + +.. In *Credential*, click *Add new*. ++ +[NOTE] +==== +If you create a credential in the credentials store (*Manage > Authentication > Credentials store*), your service principal authenticates with a password. +ifdef::prisma_cloud[] +To authenticate with a certificate, xref:../../cloud-service-providers/use-cloud-accounts.adoc[create a cloud account]. +endif::prisma_cloud[] +==== + +.. Enter a name for the credentials. + +.. In *Type*, select *Azure*. + +.. In *Service Key*, enter the JSON credentials returned from the _az ad sp create-for-rbac_ command. + +.. Click *Save*. + +.. Click *Add*. ++ +After adding the new store, Prisma Cloud tries conecting to your vault. +If it is successful, the dialog closes, and an entry is added to the table. +Otherwise, any connection errors are displayed directly in the configuration dialog. ++ +Next, xref:../../secrets/inject-secrets.adoc#[inject a secret into a container]. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault.adoc new file mode 100644 index 0000000000..64765ecc39 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault.adoc @@ -0,0 +1,33 @@ +:topic_type: task + +[.task] +== CyberArk Enterprise Password Vault + +You can integrate Prisma Cloud with CyberArk Enterprise Password Vault (EPV). +To retrieve passwords from the vault, Prisma Cloud uses the CyberArk Central Credential Provider (CCP) web service. +Prisma Cloud supports CyberArk CCP version 12.1.0 with Digital Vault version 12.2.0. +To integrate with CyberArk EPV, first configure Prisma Cloud to access CyberArk Enterprise Password Vault, then create rules to inject the relevant secrets into the relevant containers. + +[.procedure] +. In Console, go to *Manage > Authentication > Secrets*. + +. Click *Add store*. + +.. Enter a name for the vault. +This name is used when you create rules to inject secrets into specific containers. + +.. For *Secret type*, select *CyberArk Enterprise Password Vault*. + +.. In *Settings*, fill out the form as follows: +... Address: the address and port of the Central Credential Provider web service. +... Application ID: The application ID that Prisma Cloud should use to issue each password request. To configure this for CCP 12.1, see https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/12.1/en/Content/Common/Adding-Applications.htm?tocpath=Administration%7CManage%20applications[here]. +... CA certificate (Optional): for an application configured to authenticate using a client certificate, the certificate of the CA that signed the CyberArk server's certificate in PEM format. For more information about this authentication method for CCP 12.1 see https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/12.1/en/Content/CP%20and%20ASCP/Application-Authentication-Methods-general.htm?tocpath=Administration%7CManage%20applications%7CApplication%20authentication%7CApplication%20authentication%20methods[here]. +... Client certificate (Optional): for an application configured to authenticate using a client certificate, the client certificate in PEM format. + +.. Click *Add*. ++ +After clicking *Add*, Prisma Cloud tries conecting to your vault. +If it is successful, the dialog closes, and an entry is added to the table. +Otherwise, any connection errors are displayed directly in the configuration dialog. ++ +Next, xref:../../secrets/inject-secrets.adoc#[inject a secret into a container]. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/hashicorp-vault.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/hashicorp-vault.adoc new file mode 100644 index 0000000000..9b8cdcbd94 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/hashicorp-vault.adoc @@ -0,0 +1,30 @@ +:topic_type: task + +[.task] +== HashiCorp Vault + +You can integrate Prisma Cloud with HashiCorp Vault. +Prisma Cloud supports the K/V Secrets Engine v2 in Vault 0.10.x, and K/V Secrets Engine v1 in Vault 0.9.x and older. Prisma Cloud does not support K/V Secrets Engine v1 in Vault 0.10.x. + +First configure Prisma Cloud to access HashiCorp Vault, then create rules to inject the relevant secrets into the relevant containers. + +[.procedure] +. In Console, go to *Manage > Authentication > Secrets*. + +. Click *Add store*. + +.. Enter a name for the vault. +This name is used when you create rules to inject secrets into specific containers. + +.. For *Type*, select *HashiCorp Vault*. +Choose the version that matches the version of Vault installed in your environment. + +.. Fill out the rest of the form, specifying how to connect to your vault. + +.. Click *Add*. ++ +After clicking *Add*, Prisma Cloud tries conecting to your vault. +If it is successful, the dialog closes, and an entry is added to the table. +Otherwise, any connection errors are displayed directly in the configuration dialog. ++ +Next, xref:../../secrets/inject-secrets.adoc#[inject a secret into a container]. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/secrets-stores.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/secrets-stores.adoc new file mode 100644 index 0000000000..db6cee87ce --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets-stores/secrets-stores.adoc @@ -0,0 +1,3 @@ +== Secrets Stores + +Integrate Prisma Cloud with the supported secrets management stores. diff --git a/docs/en/compute-edition/32/admin-guide/secrets/secrets.adoc b/docs/en/compute-edition/32/admin-guide/secrets/secrets.adoc new file mode 100644 index 0000000000..eed18cf07d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/secrets/secrets.adoc @@ -0,0 +1,4 @@ +== Secrets + +Prisma Cloud integrates with the secrets management tools, such as Hashicorp Vault, CyberArk Enterprise Password Vault, AWS Secrets Manager, and Microsoft Azure Key Vault, to ensure the safe distribution of secrets. +Compliance checks let you detect and prevent unsafe usage of secrets. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/app-specific-network-intelligence.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/app-specific-network-intelligence.adoc new file mode 100644 index 0000000000..d54cb254d4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/app-specific-network-intelligence.adoc @@ -0,0 +1,57 @@ +== App-specific network intelligence + +Prisma Cloud can learn about the settings for your apps from their configuration files, and use this knowledge to detect runtime anomalies. +No special configuration is required to enable this feature. + +In addition to identifying ports that are exposed via the EXPOSE directive in a Dockerfile, or the -p argument passed to docker run, Prisma Cloud can identify port settings from an app’s configuration file. +This enables Prisma Cloud to detect, for example, if the app has been commandeered to listen on an unexpected port, or if a malicious process has managed to listen on the app’s port to steal data. + +Consider the following scenario: + +. You create an Apache image. +The default port for httpd, specified in _/etc/apache2/apache2.conf_, is 80. +In your _Dockerfile_, you use `EXPOSE` to bind port 80 in the container to port 80 on the host. + +. A user runs your Apache image with the `-P` option, mapping port 80 in the container to a random ephemeral port on the host. + +. The running container is compromised. +An attacker kills the Apache process, spawns a new process that listens on that port, and harvests data from other containers on the same subnet. + +. Prisma Cloud detects the runtime anomaly, and either alerts you or blocks the container. + +Prisma Cloud protects your containers by combining static analysis of the image with runtime analysis of the container. +The Prisma Cloud Intelligence Stream delivers app-specific knowledge so that Defender can inspect an image and: + +* Identify processes that the container will execute. +* Correlate the processes with their configuration files. +* Parse the configuration files to extract information such as port assignments. + +Runtime analysis completes the picture. +Some information can only be determined at runtime. +For example, MongoDB might be deployed to a container without a configuration file. +At runtime, MongoDB is launched with the `--port` parameter, dynamically specifying the port it will listen on. +Static analysis tells us that MongoDB is part of the container image, but in this case, only dynamic analysis tells us which port it listens on. + +Additional apps will be added periodically, and your installation will be automatically updated via the Prisma Cloud Intelligence Stream. + + +=== Supported Apps + +Prisma Cloud Intelligence Stream currently delivers app-specific knowledge for: + +* Apache +* Elasticsearch +* HAProxy +* Kibana +* MariaDB +* MongoDB +* MySQL +* Nginx +* PostgreSQL +* RabbitMQ +* Redis +* Tomcat +* WordPress +* BusyBox + +If you would like to see coverage for a specific app, open a support ticket and make a request. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/container-runtimes.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/container-runtimes.adoc new file mode 100644 index 0000000000..a22aace4f9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/container-runtimes.adoc @@ -0,0 +1,12 @@ +== Container Runtimes + +Docker Engine is a general purpose container runtime. +Docker can run containers from images, but it can also build images from Dockerfiles. +Docker supports multiple different environments and orchestrators, including Kubernetes. + +Container Runtime Interface (CRI) is a plugin interface that lets Kubernetes use a wide variety of container runtimes, including Docker Engine. +The interface implements only the features needed to run containers from images. +Its goal is to be as simple as possible to complete its given task. +Since its range of capabilities is tightly scoped, it can be more easily secured. + +image::docker_cri.png[width=700] diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/defender-architecture.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/defender-architecture.adoc new file mode 100644 index 0000000000..afb7a99e14 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/defender-architecture.adoc @@ -0,0 +1,118 @@ +ifdef::compute_edition[] +:port-api: 8083 +:port-ws: 8084 +endif::compute_edition[] + +ifdef::prisma_cloud[] +:port-api: 443 +:port-ws: 443 +endif::prisma_cloud[] + +== Defender architecture + +Customers often ask how Prisma Cloud Defender really works under the covers. +Prisma Cloud leverages Docker's ability to grant advanced kernel capabilities to enable Defender to protect your whole stack, while being completely containerized and utilizing a least privilege security design. + +=== Defender design + +Because we’ve built Prisma Cloud expressly for cloud native stacks, the architecture of our agent (what we call Defender) is quite different. +Rather than having to install a kernel module, or modify the host OS at all, Defender instead runs as a Docker container and takes only those specific system privileges required for it to perform its job. +It does not run as --privileged and instead takes the specific system capabilities of net_admin, sys_admin, sys_ptrace, mknod, and setfcap that it needs to run in the host namespace and interact with both it and other containers running on the system. +You can see this clearly by inspecting the Defender container: + +[source,bash] +---- +# docker inspect twistlock_defender_ | grep -e CapAdd -A 7 -e Priv + "CapAdd": [ + "NET_ADMIN", + "SYS_ADMIN", + "SYS_PTRACE", + "MKNOD", + "SETFCAP" + ], +-- + "Privileged": false, +---- + +//Comments from the DS file +//- NET_ADMIN # NET_ADMIN - Required for process monitoring +//- SYS_ADMIN # SYS_ADMIN - Required for filesystem monitoring +//- SYS_PTRACE # SYS_PTRACE - Required for local audit monitoring +//- MKNOD # A capability to create special files using mknod(2), used by docker-less registry scanning +//- SETFCAP # A capability to set file capabilities, used by docker-less registry scanning + +This architecture allows Defender to have a near real time view of the activity occurring at the kernel level. +Because we also have detailed knowledge of the operations of each container, we can correlate the kernel data with the container data to get a comprehensive view of process, file system, network, and system call activity from the kernel and all the containers running on it. +This access also allows us to take preventative actions like stopping compromised containers and blocking anomalous processes and file system writes. + +Critically, though, Defender runs as a user mode process. +If Defender were to fail (and if that were to happen, it would be restarted immediately), there would be no impact on the containers on the host, nor the host kernel itself. +Additionally, we can and do apply `cgroups` to set hard limits on CPU and memory consumption, guaranteeing it will be a ‘good neighbor’ on the host and not interfere with host performance or stability. + +In the event of a communications failure with Console, Defender continues running and enforcing the active policy that was last pushed by the management point. +Events that would be pushed back to Console are cached locally until it is once again reachable. + +=== Why not a kernel module? + +Given the broad range of security protection Prisma Cloud provides, not just for containers, but also for the hosts they run on, you might assume that we use a kernel module - with all the associated baggage that goes along with that. +However, that’s not actually how Prisma Cloud works. + +Kernel modules are compiled software components that can be inserted into the kernel at runtime and typically provide enhanced capabilities for low level functionality like process scheduling or file monitoring. +Because they run as part of the kernel, these components are very powerful and privileged. +This allows them to perform a wide range of functions but also greatly increases the operational and security risks on a given system. +The kernel itself is extensively tested across broad use cases, while these modules are often created by individual companies with far fewer resources and far more narrow test coverage. + +Because kernel modules have unrestricted system access, a security flaw in them is a system wide exposure. +A single unchecked buffer or other error in such a low level component can lead to the complete compromise of an otherwise well designed and hardened system. +Further, kernel modules can introduce significant stability risks to a system. +Again, because of their wide access, a poorly performing kernel module that’s frequently called can drag down performance of the entire host, consume excessive resources, and lead to kernel panics. +For these reasons, many modern operating systems designed for cloud native apps, like Google Container-Optimized OS, explicitly prevent the usage of kernel modules. + +=== Defender-Console communication + +By default, Defender connects to Console with a websocket on TCP port {port-ws}. +ifdef::compute_edition[] +This port number can be customized to meet the needs of your environment. +endif::compute_edition[] +All traffic between Defender and Console is TLS encrypted. + +Defender has no privileged access to Console or the underlying host where Console is installed. +By design, Console and Defender don't trust each other and Defender mutual certificate-based authentication is required to connect. For more information about the Console-Defender communication certificates, see the xref:../configure/certificates.adoc[certificates article]. +Pre-auth, connections are blocked. +Post-auth, Defender's capabilities are limited to getting policies from Console and sending event data to Console. + +If Defender were to be compromised, the risk would be local to the system where it is deployed, the privilege it has on the local system, and the possibility of it sending garbage data to Console. +Console communication channels are separated, with no ability to jump channels. + +Defender has no ability to interact with Console beyond the websocket. +Both Console's API and web interfaces, served on port {port-api} (HTTPS), require authentication over a different channel with different credentials (e.g. username and password, access key, and so on), none of which Defender holds. + +[#blocking-rules] +=== Blocking rules + +Defender is responsible for enforcing vulnerability and compliance blocking rules. +When a blocking rule is created, Defender moves the original runC binary to a new path and inserts a Prisma Cloud runC shim binary in its place. + +When a command to create a container is issued, it propagates down the layers of the container orchestration stack, eventually terminating at runC. +Regardless of your environment (Docker, Kubernetes, or OpenShift, etc) and underlying CRI provider, runC does the actual work of instantiating a container. + +image::defender_runc.png[width=350] + +When starting a container in a Prisma Cloud-protected environment: + +. The Prisma Cloud runC shim binary intercepts calls to the runC binary. + +. The shim binary calls the Defender container to determine whether the new container should be created based on the installed policy. ++ +* If Defender replies affirmatively, the shim calls the original runC binary to create the container, and then exits. +* If Defender replies negatively, the shim terminates the request. +* If Defender does not reply within 60 seconds, the shim calls the original runC binary to create the container and then exits. + +The last step guarantees that Defender always fails open, which is important for the resiliency of your environment. +Even if the Defender process terminates, becomes unresponsive, or cannot be restarted, a failed Defender will not hinder deployments or the normal operation of a node. + +=== Firewalls + +Defender enforces WAAS policies and monitors layer 4 traffic (CNNS). +In both cases, Defender creates iptables rules on the host so it can observe network traffic. +For more information, see xref:../waas/waas.adoc[WAAS architecture]. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/host-defender-architecture.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/host-defender-architecture.adoc new file mode 100644 index 0000000000..b23484e85f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/host-defender-architecture.adoc @@ -0,0 +1,6 @@ +== Host Defender architecture + +Because we’ve built Prisma Cloud expressly for cloud native stacks, the architecture of our agent (what we call Defender) is quite different. +Rather than having to install a kernel module, or modify the host OS at all, Defender instead runs as a systemd or system module (not a kernel module) in user space, intercepting every syscall interaction and file changes, and actively blocking or alerting according to the rules defined in Console. + +image::host_defender_architecture.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/intel-stream.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/intel-stream.adoc new file mode 100644 index 0000000000..c899d9f524 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/intel-stream.adoc @@ -0,0 +1,15 @@ +== Intelligence Stream + +The Prisma Cloud Intelligence Stream (IS) is a real-time feed that contains vulnerability data and threat intelligence from a variety of certified upstream sources. Prisma Cloud continuously pulls data from known vulnerability databases, official vendor feeds and commercial providers to provide the most accurate vulnerability detection results. + +The console automatically connects to the intelligence server and downloads updates without any special configuration required. The IS is updated several times per day, and consoles continuously check for updates. + +ifdef::compute_edition[] +You can update Console vulnerability and threat data even if it runs in an offline environment. +For more information, see xref:../tools/update-intel-stream-offline.adoc[Update Intelligence Stream in offline environments]. +endif::compute_edition[] + +In addition to the information collected from official feeds, Prisma Cloud feeds are enriched with vulnerability data curated by a dedicated research team. Our security researchers monitor cloud and open source projects to identify security issues through automated and manual means. As a result, Prisma Cloud can detect new vulnerabilities that were only recently disclosed, and even vulnerabilities that were quietly patched. + + + diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/radar.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/radar.adoc new file mode 100644 index 0000000000..955f6d9285 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/radar.adoc @@ -0,0 +1,279 @@ +:toc: macro +[#radar] +== Radar + +Radar is the primary interface for monitoring your environment. +Radar enables you to identify and block known and unknown traffic moving laterally through your environment. + +Radar is the default view when you first log into the console. +Radar helps you visualize and navigate through all the data across Prisma Cloud. +For example, On the Radar canvas, you can visualize the connectivity between microservices, instantly drill into the per-layer vulnerability analysis tool, assess compliance, and investigate the incidents. + +image::radar_general.png[width=800] + +Radar makes it easy to conceptualize the architecture and connectivity of large environments, identify risks, and zoom in on incidents that require a response. +Radar provides a visual depiction of inter-network and intra-network connections between containers, apps, and cluster services across your environment. +It shows the ports associated with each connection, the direction of traffic flow, and internet accessibility. +When Cloud Native Network Segmentation (CNNS) is enabled, Prisma Cloud automatically generates the mesh shown in Radar based on what it has learned about your environment. + +Radar's pivot has a container view, a host view, and a serverless view. +In the container view, each image with running containers is depicted as a node in the graph. +In the host view, each host machine is depicted as a node in the graph. +As you select a node, an overlay shows vulnerability, compliance, and runtime issues. +The serverless view in Radar, visualize and inspect the attack surface of the serverless functions. + +Radar refreshes its view every 24 hours. +The Refresh button has a red marker when new data is available to be displayed. +To get full visibility into your environment, install a Defender on every host in your environment. + +toc::[] + +[#cloud-pivot] +=== Cloud Pivot + +You can't secure what you don't know about. +Prisma Cloud discovery finds all cloud-native services deployed in AWS, Azure, and Google Cloud. +Cloud Radar helps you visualize what you've deployed across different cloud providers and accounts using a map interface. +The map tells you what services are running in which data centers, which services are protected by Prisma Cloud, and their security posture. + +Select a marker on the map to see details about the services deployed in the account/region. +You can directly secure both the registries and the serverless functions by selecting *Defend* next to them. + +image::radar_cloud_pivot.png[scale=15] + +You can filter the data based on an entity to narrow down your search. +For example, filters can narrow your view to just the serverless functions in your Azure development team accounts. + +By default, there's no data in Cloud Radar. + +ifdef::compute_edition[] +To populate Cloud Radar, configure xref:../cloud-service-providers/cloud-accounts-discovery-pcce.adoc[cloud discovery scans]. +endif::compute_edition[] + +ifdef::prisma_cloud[] +To populate Cloud Radar, configure xref:../cloud-service-providers/cloud-accounts-discovery-pcee.adoc[cloud discovery scans]. +endif::prisma_cloud[] + +[#image-pivot] +==== Image pivot + +Radar lays out nodes on the canvas to promote easy analysis of your containerized apps. +Interconnected nodes are laid out so network traffic flows from left to right. +Traffic sources are weighted to the left, while destinations are weighted to the right. +Single, unconnected nodes are arranged in rows at the bottom of the canvas. + +Nodes are color-coded based on the highest severity vulnerability or compliance issue they contain, and reflect the currently defined vulnerability and compliance policies. + +NOTE: Manually rescan your environment if you edit an existing compliance/vulnerability policy to update the compliance/vulnerability issues in the radar view. + +Color coding lets you quickly spot trouble areas in your deployment. + +* Dark Red -- High risk. +One or more critical severity vulnerabilities detected. +* Red -- High severity vulnerabilities detected. +* Orange -- Medium vulnerabilities detected. +* Green -- Denotes no vulnerabilities detected. + +image::radar_overlay.png[scale=10] + +The numeral encased by the circle indicates the number of containers represented by the node. +For example, a single Kubernetes DNS node may represent five services. +The color of the circle specifies the state of the container's runtime model. +A blue circle means the container's model is still in learning mode. +A black circle means the container's model is activated. +A globe symbol indicates that a container can access the Internet. + +Connections between running containers are depicted as arrows in Radar. +Click on an arrow to get more information about the direction of the connection and the port. + +image::radar_connections.png[scale=10] + +The initial zoomed out view gives you a bird's-eye view of your deployments. +Deployments are grouped by namespace. +A red pool around a namespace indicates an incident occurred in a resource associated with that namespace. + +image::radar_zoomed_out.png[width=800] + +You can zoom-in to get details about each running container. +Select an individual pod to drill down into its vulnerability report, compliance report, runtime anomalies, and WAAS events. + +image::radar_zoomed_in.png[width=800] + +[#service-account-monitor] +==== Service account monitoring + +Kubernetes has a rich RBAC model based on the notion of service and cluster roles. +This model is fundamental to the secure operation of the entire cluster because these roles control access to resources and services within namespaces and across the cluster. +While these service accounts can be manually inspected with `kubectl`, it's difficult to visualize and understand their scope at scale. + +Radar provides a discovery and monitoring tool for service accounts. +Every service account associated with a resource in a cluster can easily be inspected. +For each account, Prisma Cloud shows detailed metadata describing the resources it has access to and the level of access it has to each of them. +This visualization makes it easy for security staff to understand role configuration, assess the level of access provided to each service account, and mitigate risks associated with overly broad permissions. + +Clicking on a node opens an overlay, and reveals the service accounts associated with the resource. + +image::radar_k8s_service_account.png[width=600] + +Clicking on the service accounts lists the service roles and cluster roles. + +image::radar_k8s_service_account_details.png[width=600] + +Service account monitoring is available for Kubernetes and OpenShift clusters. +When you install the Defender DaemonSet, enable the 'Monitor service accounts' option. + +[#istio-monitor] +==== Istio monitoring + +When Defender DaemonSets are deployed with Istio monitoring enabled, Prisma Cloud can discover the service mesh and show you the connections for each service. +Services integrated with Istio display the Istio logo. + +image::radar_map_istio.png[width=600] + +Istio monitoring is available for Kubernetes and OpenShift clusters. +When you install the Defender DaemonSet, enable the 'Monitor Istio' option. + +[#waas-connectivity-monitor] +==== WAAS connectivity monitor + +xref:../waas/waas-intro.adoc[WAAS] connectivity monitor monitors the connection between WAAS and the protected application. + +WAAS connectivity monitor aggregates data on pages served by WAAS and the application responses. + +In addition, it provides easy access to WAAS-related errors registered in the Defender logs (Defenders sends logs to the Console every hour). +a +WAAS monitoring is only available when you select an image or host protected by WAAS. + +image::waas_radar_monitor.png[width=1000] + +* *Last updated* - Most recent time when WAAS monitoring data was sent from the Defenders to the Console (Defender logs are sent to the Console on an hourly basis). By clicking on the *refresh* button users can initiate sending of newer data. + +* *Aggregation start time* - Time when data aggregation began. By clicking on the *reset* button users can reset all counters. + +* *WAAS errors* - To view recent errors related to a monitored image or host, click the *View recent errors* link. + +* *WAAS statistics:* + +** __Incoming requests__ - Count of HTTP requests inspected by WAAS since the start of aggregation. + +** __Forwarded requests__ - Count of HTTP requests forwarded by WAAS to the protected application. + +** __Interstitial pages served__ - Count of interstitial pages served by WAAS (interstitial pages are served once xref:../waas/waas-advanced-settings.adoc#prisma-session[Prisma Sessions Cookies] are enabled). + +** __reCAPTCHAs served__ - Count of reCAPTCHA challenges served by WAAS (when enabled as part of xref:../waas/waas-bot-protection.adoc[bot protection]). + +** __Blocked requests__ - Count of HTTP requests blocked by WAAS since the start of aggregation. + +** __Inspection limit exceeded__ - Count of HTTP requests since the start of aggregation, in which the body content length exceeded the inspection limit set in the xref:../waas/waas-advanced-settings.adoc[advanced settings]. + +** __Parsing errors__ - Count of HTTP requests since the start of aggregation, where WAAS encountered an error when trying to parse the message body according to the `Content-Type` HTTP request header. + +* *Application statistics* + +** Count of server responses returned from the protected application to WAAS grouped by HTTP response code prefix + +** Count of timeouts (a timeout is counted when a request is forwarded by WAAS to the protected application with no response received within the set timeout period). + + +NOTE: Existing WAAS and application statistics counts will be lost once users reset the aggregation start time. *`Reset`* will *not* affect WAAS errors and will not cause recent errors to be lost. + +For more details on WAAS deployment, monitoring and troubleshooting, refer to the xref:../waas/deploy-waas/deploy-waas.adoc[WAAS deployment page]. + +[#host-pivot] +=== Host pivot + +The Radar view shows the hosts in your environment, how these hosts communicate with each other over the network, and their security posture. + +Each node in the host pivot represents a host machine. +The mesh shows host-to-host communication. + +The color of a node represents the most severe issue detected. + +* Dark Red -- High risk. +One or more critical severity issues detected. +* Red -- High severity issues detected. +* Orange -- Medium issues detected. +* Green -- No issues detected. + +When you click on a node, an overlay shows a summary of all the information Prisma Cloud knows about the host. +Use the links to drill down into scan reports, audits, and other data. + +image::radar_host_pivot.png[width=800] + +[#cluster-pivot] +=== Containers pivot + +Radar segments your environment by cluster. +The main view lists all clusters in your environment. You can view information about each cluster such as its cloud provider, number of namespaces, and number of hosts in the cluster. +Clicking a card open the image pivot, which shows you all the namespaces and containers in the cluster. + +image::radar_clusters_pivot.png[width=800] + +Defenders report which resources belong to which cluster. +For managed clusters, Prisma Cloud automatically retrieves the name from the cloud provider. +As a fallback, Prisma Cloud can retrieve the name from your `kubeconfig` file. +Finally, you can manually specify the cluster name. + +The cluster pivot is currently supported for Kubernetes, OpenShift, and ECS clusters only. +All other running containers in your environment are collected in the *Non-Cluster Containers* view. + +[#radar-settings] +[.task] +=== Radar Settings + +As a Cloud network security measure, you can visualize how your network resources communicate with each other, by enabling *Container network monitoring* and *Host network monitoring* under *Compute > Radars > Settings* and add network objects. + +NOTE: If you have enabled Container/Host Network monitoring under *Compute > Radars > Settings* and are on kernel `v4.15.x` you must upgrade the kernel version to `v5.4.x` or later. + +[.procedure] +. Log in to Prisma Cloud Console. + +. Select *Compute > Radars > Settings*. + +. Enable CNNS for hosts and containers. ++ +Enable *Container network monitoring* and *Host network monitoring*. ++ +image::cnns-enable.png[width=400] + +[#add-network-objects] +[.task] +==== Add Network Objects + +A network object is an entity or resource that your host or application interacts with and these can be internal or external entities including non-containerized services. +For example, a payment gateway might pass information to an external service to verify transactions. + +For hosts:: You can configure network objects to enforce traffic destined from a host to a subnet or another host. +For containers:: You can configure network objects to enforce traffic destined from a container (referred to as an image) to a DNS, subnet, or to another container. + +[.procedure] + +. Log in to Prisma Cloud Console. + +. Create a network object. ++ +After you create a network object, Radar shows any connection established to the network object. ++ +.. Select *Compute > Radars > Settings > Add Network Object*. +.. Enter a Name. +.. Select the Type. ++ +For containers (referred to as an image) and hosts, you must select the scope from a Collection. +Some example network objects are: ++ +* Type: Subnet; Value: 127.0.0.1/32 +* Type: Subnet; Value: 151.101.0.0./16 +* Type: DNS; Value: google.com +* Type: Host; Value: Name of the host from a xref:../configure/collections.adoc[collection] you have already defined. +* Type: Image; Value: Name of the containerimage from a collection you have already defined. ++ +A subnet network object can reference a range of IP addresses or a single IP address in a CIDR format. + +[#view-connections-radar] +=== View Connections on Radar + +Radar helps you visualize the connections for a typical microservices app and view your microsegmentation policy, which is an aggregation of all your rules. + +image::cnns-container-radar.png[width=600] + +When a connection is observed, the dotted line becomes a solid line. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/serverless-radar.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/serverless-radar.adoc new file mode 100644 index 0000000000..caa0da1a88 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/serverless-radar.adoc @@ -0,0 +1,192 @@ +== Serverless Radar + +Serverless Radar helps you to visualize and inspect the attack surface of the serverless functions in your environment. +Although Prisma Cloud supports multiple serverless environments, currently serverless radar supports AWS Lambda only. + +Serverless functions use different interconnect patterns than containers. +Serverless apps are highly decomposed and interact with services using cloud provider-specific gateways, rather than directly with each other or through service meshes. +Security teams can have difficulty conceptualizing these interactions, identifying which functions interface with which high value assets, and pinpointing unacceptable exposure. + +Even though cloud providers secure the underlying infrastructure that enables Functions as a Service (including isolating functions from each other), it’s still easy to deploy functions with vulnerabilities, insecure configurations, and overly permissive roles. +The underlying platform might be secure, but sensitive data can still be lost when an insecure function with read access to an S3 bucket is compromised. + +Prisma Cloud offers a serverless-specific view in Radar. +Serverless Radar uses a three panel view to show the invocation methods for each function, the services they use, and the permissions granted to access those services. + + +=== Layout + +Serverless Radar shows you how functions interface with other services in their environment. + +image::serverless_radar_flow.png[width=800] + +The left-most column shows how functions are invoked. +This is known as the _trigger_ or _event source_. +Triggers publish events, and Lambda functions are the custom code that process those events. + +The middle column shows all the functions in your environment. +Functions are colored maroon, red, orange, yellow, or green to let you quickly assess their security posture. +By default, functions are colored by their most severe vulnerabilities, but you can view functions by highest severity compliance issue or runtime events. +For vulnerability results, you must configure Prisma Cloud to scan your functions. +For runtime issues, you must embed xref:../install/deploy-defender/serverless/serverless.adoc#[Serverless Defender] into your functions. + +The right-most column shows the services with which each function interfaces. +Drilling into the function data reveals the permissions each function has been granted to access those services. + +Lines connect triggers to functions to services, letting security teams to visualize the entire connectivity flow and access rights. +Clicking on individual functions highlights their interconnects in the radar, and opens a pop-up that lets you drill into the details. + + +=== Exploring the data + +Prisma Cloud finds, scans, and displays the $LATEST version and all published versions of your functions. +Clicking a node in Serverless Radar lets you inspect a function's configuration and explore all the security-related data that Prisma Cloud has indexed about it. + +For example, clicking on the or-test2:$LATEST function opens a popup with summary findings. +This particular function has two high risk compliance issues. +Clicking on the compliance link takes you to a list of compliance issues for the function. + +image::serverless_radar_explore.png[width=800] + +Compliance issue 437 indicates overly permissive access to one or more services. +Expanding the issue reveals the reason why this compliance issue was raised, with a list of non-compliant service access configurations. +One of the misconfigured access policy is for S3. + +image::serverless_radar_explore_compliance.png[width=800] + +Returning to the first pop-up window, and clicking into the S3 service, you can see that all the actions for the function's execution role are tightly scoped, except for the last one. +It allows all actions on all resources, and could easily be an erroneous configuration overlooked when it was pushed into production. + +image::serverless_radar_explore_permissions.png[width=800] + + +=== Icons and colors + +Nodes are color coded based on the highest severity vulnerability or compliance issue they contain, and reflect the currently defined vulnerability and compliance policies. +Color coding lets you quickly spot trouble areas in your deployment. +Use the drop-down list at the top of the view to choose how you want nodes colored. + +* Maroon -- High risk. +One or more critical severity issues detected. ++ +image::serverless_radar_critical.png[width=100] + +* Red -- High severity issues detected. ++ +image::serverless_radar_high.png[width=100] + +* Orange -- Medium severity issues detected. ++ +image::serverless_radar_medium.png[width=100] + +* Yellow -- Low severity issues detected. + +* Green -- Denotes no issues detected. ++ +image::serverless_radar_clean.png[width=100] + +* Gray -- Prisma Cloud hasn't been configured to scan this function for vulnerability and compliance issues. ++ +image::serverless_radar_configure_scan.png[width=100] ++ +To configure Prisma Cloud to scan the function, click on the node, and then click *Protect* in the pop-up. ++ +image::serverless_radar_configure_scan2.png[width=500] + +* Alias annotation -- +AWS lets you create https://docs.aws.amazon.com/lambda/latest/dg/versioning-aliases.html[aliases] to manage the process of promoting new function versions into production. +They're conceptually similar to symbolic links in the UNIX file system. +Prisma Cloud uses a marker to indicate that an alias points to a specific version of a function. ++ +image::serverless_radar_alias.png[width=100] ++ +Clicking on the node reveals the aliases that point to the function. ++ +image::serverless_radar_alias_detail.png[width=750] + + +=== Notes + +There can be a discrepancy between what the AWS Lambda designer shows your function can do and its effective permissions when https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html[IAM permission boundaries] are considered. + +For example, if a role is set with permission boundary for DynamoDB, then even though the function's execution role has permission to access DynamoDB, it still might be blocked by the permission boundary. +The function designer in AWS's console shows that the function has permission to DyanmoDB, but it might not be accurate. + +image::serverless_radar_permission_boundary.png[width=600] + + +[.task] +=== Setting up Serverless Radar + +Serverless Radar uses the AWS APIs to discover and inspect the functions in your environment. +Create an IAM user or role for Prisma Cloud, provide the credentials to Console, and then enable Serverless Radar. +With this basic setup, Prisma Cloud will show the triggers, services, and permissions for each function. + +*Prerequisites:* + +* Prisma Cloud needs an AWS service account to scan your serverless functions. +In AWS, you've created an IAM user or role with the following permission policy: ++ +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PrismaCloudComputeServerlessRadar", + "Effect": "Allow", + "Action": [ + "apigateway:GET", + "cloudfront:ListDistributions", + "cloudwatch:GetMetricData", + "cloudwatch:DescribeAlarms", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeListenerCertificates", + "events:ListRules", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "lambda:GetFunction", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListEventSourceMappings", + "lambda:ListFunctions", + "logs:DescribeSubscriptionFilters", + "s3:GetBucketNotification", + "kms:Decrypt" + ], + "Resource": "*" + } + ] +} +---- + +[.procedure] +. Open Console. + +. Go to *Manage > Cloud accounts*. + +. Click *Add account*, and configure an xref:~/authentication/credentials-store/AWS-credentials.adoc[AWS account]. + +. Select the checkbox for the credential. + +. Click *Add*. + +. For the account just added, select the *Serverless Radar* checkbox. ++ +image::serverless_radar_configure.png[width=800] + +. Click the "Add account" button. ++ +After Prisma Cloud finishes scanning your environment, you should see your functions in Serverless Radar. ++ + + +=== What's next? + +To see vulnerability and compliance information in Serverless Radar, configure Prisma Cloud to xref:../vulnerability-management/serverless-functions.adoc[scan] the contents of each function. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/technology-overviews.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/technology-overviews.adoc new file mode 100644 index 0000000000..98a477eca0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/technology-overviews.adoc @@ -0,0 +1,3 @@ +== Technology overviews + +This section describes how key Prisma Cloud components work. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/telemetry.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/telemetry.adoc new file mode 100644 index 0000000000..c2a07e2f34 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/telemetry.adoc @@ -0,0 +1,29 @@ +== Telemetry + +To drive product improvements, Prisma Cloud captures anonymous data about how our product is used. +By default, telemetry is enabled. + +NOTE: No information that is collected can be used to uniquely identify you or your deployment. + +NOTE: Telemetry can be disabled any time. + +We never collect IP addresses, host names, user names, container labels, or image tags. + +Our telemetry is designed to help us understand how customers use our product at an aggregate level. +For example, we detect which features are enabled, the number of containers and images in an environment, and so on. + +The legal terms governing telemetry can be found in the Prisma Cloud License Agreement. +The Prisma Cloud License Agreement is included with the installation package. + + +[.task] +=== Disabling telemetry + +Disable telemetry in Console's settings page. + +[.procedure] +. Open Console. + +. Go to *Manage* > *System* > *General*. + +. Under *Telemetry*, set *Share telemetry on product usage with Palo Alto Networks* to *Off*. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/tls-v12-cipher-suites.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/tls-v12-cipher-suites.adoc new file mode 100644 index 0000000000..aabb435c55 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/tls-v12-cipher-suites.adoc @@ -0,0 +1,217 @@ +== TLS v1.2 cipher suites + +Prisma Cloud Compute uses the Go programming language cryptographic libraries to protect all network communications via the Transport Layer Security (TLS) v1.2 protocol. +ifdef::compute_edition[] +NOTE: The Lagrange release's (22.12+) Console, Defender and twistcli Compute components can run using FIPS140-2 Level 1 validated cryptographic modules. +See xref:../howto/deploy-in-fips-mode.adoc[Deploy in FIPS mode] for more information. +endif::compute_edition[] + +=== Prisma Cloud Compute Self-Hosted + +The User Interface (UI) and API access is protected using server side TLS v1.2 authentication. +The cipher suites offered by the Console adhere to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf[NIST SP800-52r2] guidance. + +* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + +The Console enforces HTTP Strict Transport Security (HSTS). + +[.task] +==== Validating Console's UI and API TLS cipher suites + +Use https://nmap.org/[nmap] to confirm the cipher suites supported by the Console. + +[.procedure] +. Install https://nmap.org/[nmap] + +. Call the Console's UI/API endpoint (default TCP port 8083) to enumerate the ciphers suites supported by the Console. ++ +---- +$ nmap -sV --script ssl-enum-ciphers -p 8083 172.17.0.2 +---- ++ +The following is an abbreviated return from the nmap command: ++ +---- +Starting Nmap 7.60 ( https://nmap.org ) at 2022-02-16 21:32 UTC +Nmap scan report for 172.17.0.2 +Host is up (0.000046s latency). + +PORT STATE SERVICE VERSION +8083/tcp open ssl/us-srv? +| fingerprint-strings: + +.. +.. +.. + +| ssl-enum-ciphers: +| TLSv1.2: +| ciphers: +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A +| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A +| compressors: +| NULL +| cipher preference: server +|_ least strength: A +---- + +==== Console to Defender communication + +The Console and Defenders communication using a mutual TLS v1.2 web-socket session (default TCP 8084). +The allowed cypher suites used for this communication adhere to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf[NIST SP800-52r2] guidance. + +* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + +The certificate/keys used for the Console to Defender mutual TLS v1.2 web socket session are generated during the Console's initiation process. +The reason for this is to ensure the Console is only communicating with the Defenders it has deployed and the Defenders only communicate with its controlling Console. + +[.task] +==== Validating Console to Defender communication + +Use https://nmap.org/[nmap] to confirm the cipher suites supported by the Console. + +[.procedure] +. Install https://nmap.org/[nmap] + +. Call the Console's Defender communications endpoint (default TCP port 8084) to enumerate the ciphers suites supported by the Console for Defender communications. ++ +---- +$ nmap -sV --script ssl-enum-ciphers -p 8084 172.17.0.2 +---- ++ +Following is a return from the nmap command ++ +---- +Starting Nmap 7.60 ( https://nmap.org ) at 2022-02-16 22:30 UTC +Nmap scan report for 172.17.0.2 +Host is up (0.000048s latency). + +PORT STATE SERVICE VERSION +8084/tcp open ssl/unknown +| ssl-enum-ciphers: +| TLSv1.2: +| ciphers: +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A +| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A +| compressors: +| NULL +| cipher preference: server +|_ least strength: A +---- + +=== Prisma Cloud Compute Enterprise (SaaS) + +The Compute Console runs within a Google Cloud Platform’s Google Kubernetes Engine (GKE). The GKE Console containers are fronted by GCP Load Balancers that have been configured to use the https://cloud.google.com/load-balancing/docs/ssl-policies-concepts[Modern] pre-configured profile. The Modern profile supports a wide set of SSL features, allowing modern clients to negotiate SSL. + +[.task] +==== Validating Console's UI and API TLS cipher suites (SaaS) + +Use https://nmap.org/[nmap] to confirm the cipher suites supported by the Console. + +[.procedure] +. Install https://nmap.org/[nmap] + +. Call the Console's UI/API endpoint (default TCP port 443) to enumerate the ciphers suites supported by the Console. The Console's URL can be found within the Compute Module's *Manage > System > Utilities > Path to Console*. ++ +---- +$ nmap -sV --script ssl-enum-ciphers -p 443 us-west1.cloud.twistlock.com +---- ++ +The following is an abbreviated return from the nmap command: ++ +---- +Starting Nmap 7.70 ( https://nmap.org ) at 2022-02-28 22:44 UTC +Nmap scan report for us-west1.cloud.twistlock.com (34.82.51.12) +Host is up (0.073s latency). + +PORT STATE SERVICE VERSION +443/tcp open ssl/http nginx 1.17.10 +|_http-server-header: nginx/1.17.10 +| ssl-enum-ciphers: +| TLSv1.2: +| ciphers: +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A +| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A +| compressors: +| NULL +| cipher preference: server +|_ least strength: A +---- + +==== Console to Defender communication (SaaS) + +The SaaS Console and Defender communication uses the same TCP port (i.e. 443) and cipher suites as the UI/API endpoint. + + +=== Credential store's secrets storage + +Local username/password accounts within a local database table using HMAC256. +This is in compliance with https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-107r1.pdf[NIST SP800-107r1]. +Currently, there are seven approved hash algorithms specified in FIPS 180-4: SHA-1, SHA-224, *SHA-256*, SHA-384 SHA-512, SHA-512/224 and SHA-512/256. + +=== Industrial guidance + +==== NIST SP800-52r2 + +https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf[NIST Special Publication 800-52r2] provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. +Prisma Cloud Compute's cipher suites adhere to SP800-52r2 guidance. + +[cols="1,1", options="header"] +|=== +|NIST SP800-52r2 approved suites +|Compute cipher suites + +|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + +|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + +|TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +|TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + +|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + +|=== + +==== NSA approved + +The https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm[NSA’s Commercial National Security Algorithm Suite] provides cryptographic guidance for replacement of Suite B algorithms prior to the availability of quantum resistant algorithms. +"For those customers who are looking for mitigations to perform while the new algorithm suite is developed and implemented into products, there are several things they can do." +These recommendations have been implemented within Prisma Cloud’s cryptographic settings. + +[cols="1,1,1,1", options="header"] +|=== +|Function +|NSA recommendation +|Compute cipher +|Guidance + +|Key establishment +|RSA - 3072 key +ECDHE - Curve P-384 +|**TLS_ECDHE_RSA**_WITH_AES_256_GCM_SHA384 +**TLS_ECDHE_RSA**_WITH_AES_256_CBC_SHA +**TLS_RSA**_WITH_AES_256_GCM_SHA384 +**TLS_RSA**_WITH_AES_256_CBC_SHA +**TLS_ECDHE_ECDSA**_WITH_AES_256_GCM_SHA384 +**TLS_ECDHE_ECDSA**_WITH_AES_256_CBC_SHA +|xref:../configure/certificates.adoc[Generate the appropriate certificate and key size for Console TLS UI and API endpoint] + +|Symmetric block cipher used for information protection +|AES 256 +|TLS_ECDHE_RSA_WITH_**AES_256_GCM_SHA384** +TLS_ECDHE_RSA_WITH_**AES_256_CBC_SHA** +TLS_RSA_WITH_**AES_256_GCM_SHA384** +TLS_RSA_WITH_**AES_256_CBC_SHA** +TLS_ECDHE_ECDSA_WITH_**AES_256_GCM_SHA384** +TLS_ECDHE_ECDSA_WITH_**AES_256_CBC_SHA** +|All cipher suites enforce the AES 256 block cipher. Both GCM and CBC modes are supported. + +|=== diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/twistlock-advanced-threat-protection.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/twistlock-advanced-threat-protection.adoc new file mode 100644 index 0000000000..bb04228376 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/twistlock-advanced-threat-protection.adoc @@ -0,0 +1,39 @@ +== Prisma Cloud Advanced Threat Protection + +Prisma Cloud Advanced Threat Protection (ATP) is a collection of malware signatures and IP reputation lists aggregated from commercial threat feeds, open source threat feeds, and Prisma Cloud Labs. +It is delivered to your installation via the Prisma Cloud Intelligence Stream. + +The data in ATP is used by Prisma Cloud's runtime defense system to detect suspicious activities, such as a container communicating with a botnet herder or Tor entry node. +You can augment ATP by xref:../configure/custom-feeds.adoc#import-malware-signatures[importing custom malware data] and xref:../configure/custom-feeds.adoc#import-ip-reputation-lists[importing IP reputation lists]. +ATP is the combination of both the Prisma Cloud-provided data set and your own custom data set. + +The following hypothetical scenario illustrates how ATP protects your cloud workloads: + +. An attacker exploits a vulnerability in an app running in a container. + +. The attacker attempts to download malware into a workload from a distribution point. + +. Based on the ATP feed, Prisma Cloud runtime defense detects both the connection to the malware server and the write of the malicious file to the workload file system. + +. Alerts/prevention is applied based on the runtime configuration. + + +=== Enabling ATP + +ATP is enabled in the default rules that ship with the product, with the effect set to alert. +You can impose more stringent control by setting effect to prevent or block. +xref:../runtime-defense/runtime-defense-containers.adoc[Runtime defense for file systems] lets you actively stop (block) any container that tries to download malware. +To disable ATP, create or modify a runtime rule, select the *General* tab, and set *Enable Prisma Cloud Advanced Threat Protection* to *Off*. +When ATP is disabled, container interaction with malicious files or IP endpoints does not trigger a runtime event. + + +=== Serverless ATP + +In Serverless, Prisma Cloud Advanced Threat Protection (ATP) has a slightly different functionality. +It's a collection of paths (researched by Prisma Cloud Labs) that define which file system and process activity is allowed within the function. +Activities that do not match these paths will raise a security audit. +When enabled, it creates an automatic hardening for the function in runtime, without the need to manually configure the runtime policy. + +Serverless ATP is enabled by default when creating a new runtime rule. +It's effect is similar to the effects configured under the Processes/File System tabs. +To disable ATP, create or modify a runtime rule, select the *General* tab, and set *Prisma Cloud advanced threat protection* to *Off*. diff --git a/docs/en/compute-edition/32/admin-guide/technology-overviews/twistlock-rules-guide-docker.adoc b/docs/en/compute-edition/32/admin-guide/technology-overviews/twistlock-rules-guide-docker.adoc new file mode 100644 index 0000000000..0bf0a0d3b5 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/technology-overviews/twistlock-rules-guide-docker.adoc @@ -0,0 +1,844 @@ +== Prisma Cloud Rules Guide - Docker + +This article provides a list of all rules and their intended behavior in Prisma Cloud Console UI. +The purpose of this article is to help users better understand the intention of each rule in the Console and it’s corresponding effect on the host environment. + +=== Running Docker commands through Defender + +To access Docker daemon through Defender, you must explicitly specify Defender's host and port. +For example: + + $ docker -H :9998 run alpine + +It is possible to make the management traffic between the Docker client and the Docker daemon flow through Defender by default via two environment variables. +Those can be configured on a remote machine that accesses Docker daemon on some host (such as dev laptop), or the host itself for users who do not have root privileges (which should be the majority of users). + + $ export DOCKER_HOST=tcp://:9998 + + $ export DOCKER_TLS_VERIFY=1 + +Once set, default calls to Docker flow through Defender (e.g., docker ps, docker run alpine). +Throughout this guide however, in this guide, we have followed the default command without setting environment variables. + +==== Containers + +For more information about the Docker API for containers, see https://docs.docker.com/engine/api/v1.30/#tag/Container. + +[.section] +===== container_list - List containers + +Affects docker ps command on host which is used to list all running containers. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify ps + +Response: + + [Prisma Cloud] The command container_list denied for user admin by rule Deny + + +[.section] +===== container_create - Create a container + +Affects docker create command used to create a new container. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify create morello/docker-whale + +Response: + + [Prisma Cloud] The command container_create denied for user admin by rule Deny + + +[.section] +===== container_inspect - Inspect a container + +Affects docker inspect command used for returning information about the container. + +Command: + + docker -H 10.0.0.1 --tlsverify inspect ubuntu_bash2 + +Response: + + [Prisma Cloud] The command container_inspect denied for user admin by rule inspect + + +[.section] +===== container_top - List processes running inside a container + +Affects docker top command used to display the running processes of a container + +Command: + + docker -H 10.0.0.1:9998 --tlsverify top ubuntu_bash + +Response: + + [Prisma Cloud] The command container_top denied for user admin by rule Deny + + +[.section] +===== container_logs - Get container logs + +Affects docker logs command used for returning logs from the container present at the time of execution. + +Command: + + docker -H 10.0.0.1 --tlsverify logs ubuntu_bash2 + +Response: + + [Prisma Cloud] The command container_logs denied for user admin by rule logs + + +[.section] +===== container_changes - Inspect changes on a container’s filesystem + +Affect docker commit command and restricts any changes to the container. + +Command: + + docker -H 10.0.0.1 --tlsverify commit --change "ENV DEBUG true" cc2d57988b aqsa/testimage:version3 + +Response: + + [Prisma Cloud] The command container_commit denied for user admin by rule commit + + +[.section] +===== container_export - Export a container + +Affects docker export command that exports a container’s filesystem as a tar archive + +Command: + + docker -H 10.0.0.1:9998 --tlsverify export twistlock_console -o saved.tar + +Response: + + [Prisma Cloud] The command container_export denied for user admin by rule export + + +[.section] +===== container_stats - Get container stats based on resource usage + +Affects docker stats command on host which returns live data stream for running containers. + +Command: + + docker -H 10.0.0.1 --tlsverify stats silly_stallman + +Response: + + [Prisma Cloud] The command container_stats denied for user admin by rule status + + +[.section] +===== container_resize - Resize a container + +Affects docker logs command used for returning logs from the container present at the time of execution. This related to the size of the window of how output is returned from the container. It is called TTY. + +Command: + +Response: + +[.section] +===== container_start - Start a container + +Affects docker start command used to start one or more stopped containers + +Command: + + docker -H 10.0.0.1:9998 --tlsverify start ubuntu_bash + +Response: + + [Prisma Cloud] The command container_start denied for user admin by rule Deny all + + +[.section] +===== container_stop - Stop a container + +Affects docker stop command used to stop running container + +Command: + + docker -H 10.0.0.1:9998 --tlsverify stop ubuntu_bash + +Response: + + [Prisma Cloud] The command container_stop denied for user admin by rule Deny + + +[.section] +===== container_restart - Restart a container + +Affects docker restart command on host, used to restart a container. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify restart ubuntu_bash + +Response: + + [Prisma Cloud] The command container_restart denied for user admin by rule Deny + + +[.section] +===== container_kill - Kill a container + +Affects docker kill command used to kill a running container. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify kill ubuntu_bash + +Response: + + [Prisma Cloud] The command container_kill denied for user admin by rule Deny + + +[.section] +===== container_rename - Rename a container + +Affects docker rename command on host that is used to rename a container. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify rename ubuntu_bash unbuntu + +Response: + + [Prisma Cloud] The command container_rename denied for user admin by rule Deny + Error: failed to rename container named ubuntu_bash + + +[.section] +===== container_pause - Pause a container + +Affects docker pause command on host which is used to pause all processes within one or more containers. + +Command: + + docker -H 10.0.0.1 --tlsverify pause focused_cori + +Response: + + [Prisma Cloud] The command container_pause denied for user admin by rule Deny + + +[.section] +===== container_unpause - Unpause a container + +Affects docker unpause command on host which is used to un-suspend all processes in a container. + +Command: + + docker -H 10.0.0.1 --tlsverify unpause silly_stallman + +Response: + + [Prisma Cloud] The command container_unpause denied for user admin by rule unpause + + +[.section] +===== container_attach - Attach to a container + +Affects docker attach command on host where defender is deployed. + +Command: + + docker -H 10.0.0.1 --tlsverify attach mycontainer + +Response: + + [Prisma Cloud] The command container_attach denied for user admin by rule attach persistent connection closed + + +[.section] +===== container_attachws - Attach to a container (websocket) + +Affects docker attach command on host where defender is deployed. Attach to the container id via websocket. Implements websocket protocol handshake according to RFC 6455 + +Command: + + docker -H 10.0.0.1 --tlsverify attach mycontainer + +Response: + + [Prisma Cloud] The command container_attach denied for user admin by rule attach persistent connection closed + + +[.section] +===== container_wait - Wait a container + +Affects docker wait command used to block until a container stops, then print its exit code. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify wait ubuntu_bash + +Response: + + [Prisma Cloud] The command container_wait denied for user admin by rule Deny + + +[.section] +===== container_delete - Remove a container + +Affects docker rm command used for deleting a container. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify rm + +Response: + + [Prisma Cloud] The command container_delete denied for user admin by rule delete + + +[.section] +===== container_archive - Gets an archive of filesystem resource in a container + +Get a tar archive of a resource in the filesystem of container id. Affects docker cp command + +Command: + + docker -H 10.0.0.1:9998 --tlsverify cp > latest.tar + + +Response: + + [Prisma Cloud] The command container_copy denied for user admin by rule delete + + +[.section] +===== container_extract - Extract an archive of files or folders to a directory in a container + +Affects docker export command. Uploads a tar archive to be extracted to a path in the filesystem of container id + +Command: + + docker -H 10.0.0.1:9998 --tlsverify cp > latest.tar + +Response: + + [Prisma Cloud] The command container_exec_start denied for user admin by rule exec + + +==== Images + +For more information about the Docker API for images, see https://docs.docker.com/engine/api/v1.30/#tag/Image. + +[.section] +===== image_list - List images + +Affects docker images command used to list all images + +Command: + + docker -H 10.0.0.1:9998 --tlsverify images + +Response: + + [Prisma Cloud] The command image_list denied for user admin by rule Deny + + +[.section] +===== image_build - Build image from a Dockerfile + +Affects docker build command that is used to build an image from a Dockerfile. + +Command: + + docker -H 172.18.0.1:9998 --tlsverify build -t aqsa/testimage:v2 . + +Response: + + [Prisma Cloud] The command image_build denied for user admin by rule Default - deny all + + +[.section] +===== image_create - Create an image + +Affects docker pull command which is used to pull an image + +Command: + + docker -H 10.0.0.1:9998 --tlsverify pull ubuntu:latest + +Response: + + [Prisma Cloud] The command image_create denied for user admin by rule Deny + + +[.section] +===== image_inspect - Inspect an image + +Description + +Affects docker inspect command used for returning information about the container. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify inspect 28e7d49f8e6d + +Response: + + [Prisma Cloud] The command image_inspect denied for user admin by rule images + +[.section] +===== image_history - Get the history of an image + +Affects docker history command. + +Command: + + docker -H 172.18.0.1:9998 --tlsverify history twistlock + +Response: + + [Prisma Cloud] The command image_history denied for user admin by rule Default - deny all + +[.section] +===== image_push - Push an image on the registry + +Affects command docker push for pushing an image to repository + +Command: + + docker -H 10.0.0.1:9998 --tlsverify push ubuntu:latest + +Response: + + [Prisma Cloud] The command image_push denied for user admin by rule Deny + + +[.section] +===== image_tag - Tag an image into a repository + +Affects docker tag command used to tag an image in the repository + +Command: + + docker -H 10.0.0.1:9998 --tlsverify tag ubuntu:latest aqsa:tag + +Response: + + [Prisma Cloud] The command image_tag denied for user admin by rule Deny + + +[.section] +===== image_delete - Remove an image + +Affects docker rmi command used to delete an image + +Command: + + docker -H 10.0.0.1:9998 --tlsverify rmi aqsa/testimage:version3 + +Response: + + [Prisma Cloud] The command image_delete denied for user admin by rule Deny + + +[.section] +===== images_search - Search images + +Affects docker search command which gives a list of available images matching the search item. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify search twistlock + +Response: + + [Prisma Cloud] The command images_search denied for user admin by rule deny + + +==== MISC + +Misc other docker commands. + +[.section] +===== docker_check_auth - Check auth configuration + +Validates credentials for a registry and get identity token, if available, for accessing the registry without password. Affects docker login on the host. + +Command: + + docker -H 172.18.0.1:9998 --tlsverify login + +Response: + + [Prisma Cloud] The command docker_info denied for user admin by rule Default - deny all + +[.section] +===== docker_info - Display system-wide information + +Affects docker info command used to display system-wide information + +Command: + + docker -H 10.0.0.1:9998 --tlsverify info + +Response: + + [Prisma Cloud] The command docker_info denied for user admin by rule Deny + + +[.section] +===== docker_version - Show the docker version information + +Affects docker version command on host which is used to find docker version. + +Command: + + docker -H 10.0.0.1 --tlsverify version + +Response: + + [Prisma Cloud] The command docker_version denied for user admin by rule version + + +[.section] +===== docker_ping - Ping the docker server + +The goal of this api is to ping the Docker server and make sure it is up and running. + +Command: + +It is intended to be called by an external monitoring system. It does not have a direct docker CLI command. + +[.section] +===== container_commit - Create a new image from a container’s changes + +Affects docker commit command used for committing container’s file changes etc into a new image. + +Command: + + docker -H 10.0.0.1 --tlsverify commit --change "ENV DEBUG true" cc2d57988b aqsa/testimage:version3 + +Response: + + [Prisma Cloud] The command container_commit denied for user admin by rule commit + + +[.section] +===== docker_events - Monitor docker’s events + +Affects docker events command on host which is used to return real time events from the server. + +Command: + + docker -H 10.0.0.1 --tlsverify events + +Response: + + [Prisma Cloud] The command docker_events denied for user admin by rule events + + +[.section] +===== images_archive - Get a tarball containing all images + +Affects docker save command to save images to a tar archive + +Command: + + docker -H 172.17.0.1:9998 --tlsverify save $(docker images -q) -o home/aqsa/mydockersimages.tar + +Response: + + [Prisma Cloud] The command images_archive denied for user admin by rule Default - deny all + + +[.section] +===== images_load - Load a tarball with a set of images and tags into docker + +Affects docker load command to load an image from a tar archive or STDIN + +Command: + + docker -H 172.17.0.1:9998 --tlsverify load -i /home/aqsa/twistlock_1_6_81.tar.gz + +Response: + [Prisma Cloud] The command images_load denied for user admin by rule Default - deny all + + +[.section] +===== container_exec_create - Exec Create + +Affects docker_exec command to create any new container. + +Command: + + docker -H 10.0.0.1 --tlsverify exec -d ubuntu_bash2 touch /tmp/execWorks + +Response: + + [Prisma Cloud] The command container_exec_start denied for user admin by rule exec + + +[.section] +===== container_exec_start - Exec Start + +Affects docker exec command used for running a command in a running container. + +Command: + + docker -H 10.0.0.1 --tlsverify exec -d ubuntu_bash2 touch /tmp/execWorks + +Response: + + [Prisma Cloud] The command container_exec_start denied for user admin by rule exec + + +[.section] +===== container_exec_inspect - Exec Inspect + +Affects docker exec command used for running a command in a running container. + +Command: + + docker -H 10.0.0.1 --tlsverify exec -d ubuntu_bash2 touch /tmp/execWorks + +Response: + + [Prisma Cloud] The command container_exec_start denied for user admin by rule exec + +[.section] +===== container_archive_head + +Command: + + docker -H 10.0.0.1 --tlsverify unpause silly_stallman + +Response: + + [Prisma Cloud] The command container_unpause denied for user admin by rule unpause + +[.section] +===== container_copyfiles + +Affects docker cp command used to copy files from and to containers and local file system on host. + +Command: + + docker -H 10.0.0.1 --tlsverify cp file mycontainer:~ + +Response: + + [Prisma Cloud] The command container_copyfiles denied for user admin by rule unpause + + +==== Volumes + +For more information about the Docker API for volumes, see https://docs.docker.com/engine/api/v1.30/#tag/Volume. + +[.section] +===== volume_list - List volumes + +Affects docker volume ls command to list all volumes + +Command: + + docker -H 10.0.0.1:9998 --tlsverify volume ls + +Response: + + [Prisma Cloud] The command volume_list denied for user admin by rule Deny + + +[.section] +===== volume_create - Create a volume + +Affects docker volume create command to create a volume + +Command: + + docker -H 10.0.0.1:9998 --tlsverify volume create + +Response: + + [Prisma Cloud] The command volume_create denied for user admin by rule Deny + + +[.section] +===== volume_inspect - Inspect a volume + +Affects docker volume inspect command to display detailed information on one or more volumes + +Command: + + docker -H 10.0.0.1:9998 --tlsverify volume inspect f1c7 + +Response: + + [Prisma Cloud] The command volume_inspect denied for user admin by rule Deny + +[.section] +===== volume_remove - Remove a volume + +Affects docker volume rm command to remove one or more volumes + +Command: + + docker -H 10.0.0.1:9998 --tlsverify volume rm f671 + +Response: + + [Prisma Cloud] The command volume_remove denied for user admin by rule Deny + + +==== Networks + +For information about the Docker API for networks, see https://docs.docker.com/engine/api/v1.30/#tag/Network. + +[.section] +===== network_list - list networks + +Affects docker network ls to list networks + +Command: + + docker -H 172.17.0.1:9998 --tlsverify network ls + +Response: + + [Prisma Cloud] The command network_list denied for user admin by rule Default - deny all + +[.section] +===== network_inspect - Inspect network + +Affects docker network inspect to display detailed information on one or more networks + +Command: + + docker -H 172.17.0.1:9998 --tlsverify network inspect 82b1c + +Response: + + [Prisma Cloud] The command network_inspect denied for user admin by rule Default - deny all + +[.section] +===== network_create - Create a network + +Affects docker network create to create a network + +Command: + + docker -H 172.17.0.1:9998 --tlsverify network create new-network + +Response: + + [Prisma Cloud] The command network_create denied for user admin by rule Default - deny all + +[.section] +===== network_connect - Connect a container to a network + +Affects docker network connect to connect a container to a network + +Command: + + docker -H 172.17.0.1:9998 --tlsverify network connect new-network container1 + +Response: + + [Prisma Cloud] The command network_connect denied for user admin by rule Default - deny all + +[.section] +===== network_disconnect - Disconnect a container from a network + +Affects docker network disconnect to disconnect a container from a network + +Command: + + docker -H 172.17.0.1:9998 --tlsverify network disconnect new-network container1 + +Response: + + [Prisma Cloud] The command network_disconnect denied for user admin by rule Default - deny all + +[.section] +===== network_remove - Remove a network + +Affects docker network rm to remove one or more networks + +Command: + + docker -H 172.17.0.1:9998 --tlsverify network rm new-network + +Response: + + [Prisma Cloud] The command network_remove denied for user admin by rule Default - deny all + + +==== Secrets + +Secrets are added in Prisma Cloud 2.0 in accordance with Docker Engine API v1.26. + +For more information about the Docker API for secrets, see https://docs.docker.com/engine/api/v1.30/#tag/Secret. + +[.section] +===== secret_list - List secrets + +Affects docker secret ls command used to list secrets. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify secret ls + +Response: + + [Prisma Cloud] The command secret_ls denied for user admin by rule Default - deny all + +[.section] +===== secret_create - Create secrets + +Affects docker secret create command used to create secrets. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify secret create my-secret ./aqsa.json + +Response: + + [Prisma Cloud] The command secret_create denied for user admin by rule Default - deny all + +[.section] +===== secret_inspect - Inspect secrets + +Affects docker secret inspect command used to inspect secrets. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify secret inspect + +Response: + + [Prisma Cloud] The command secret_inspect denied for user admin by rule Default - deny all + +[.section] +===== secret_remove - Delete secrets + +Affects docker secret rm command used to remove one or more secrets. + +Command: + + docker -H 10.0.0.1:9998 --tlsverify secret rm aqsa.json + +Response: + + [Prisma Cloud] The command secret_rm denied for user admin by rule Default - deny all + +[.section] +===== secret_update - Update a secret + +Affects POST /secrets/{id}/update command used to remove one or more secrets. + +Command: + +Response: diff --git a/docs/en/compute-edition/32/admin-guide/tools/tools.adoc b/docs/en/compute-edition/32/admin-guide/tools/tools.adoc new file mode 100644 index 0000000000..47c3b45e1b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/tools.adoc @@ -0,0 +1,5 @@ +== Tools + +Prisma Cloud ships a command-line configuration and control tool called twistcli. +It lets you deploy Prisma Cloud components, run scans, and more. +It is supported on Linux, macOS, and Windows. diff --git a/docs/en/compute-edition/32/admin-guide/tools/twistcli-console-install.adoc b/docs/en/compute-edition/32/admin-guide/tools/twistcli-console-install.adoc new file mode 100644 index 0000000000..ad84d1d404 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/twistcli-console-install.adoc @@ -0,0 +1,30 @@ +== Install Console with twistcli + +When twistcli installs Console into a Kubernetes or OpenShift cluster, it executes a series of steps. +To help you troubleshoot issues when twistcli fails, the steps in the install flow are described here: + +When you run `twistcli console install`, it: + +. Loads the Console image on localhost, and tags it with the registry address. + +. Deletes the old Console replication controller, if it exists, and waits for Console deletion. + +. Deletes the config map, if it exists. + +. Creates Prisma Cloud namespace, if it does not exist. + +. If the service does not exist, twistcli resolves the service template to a file and creates a new service. + +. If persistent volume claim (PVC) does not exist, twistcli resolves the PVC template to a file and creates a new PVC. + +. Waits to the PVC to bind to a persistent volume resource. +twistcli expects that the persistent volume has already been created by the user. +Note that the PVC is not deleted and recreated because once the PVC is be deleted, it cannot bind again to the persistent volume without recreating the persistent volume. + +. Retrieves the service IPs (Cluster IPs, and adds them to the SAN. + +. Creates a config map. + +. Resolves Console template to a file, and creates a Console replication controller. + +. Deletes the working directory. diff --git a/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-code-repos.adoc b/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-code-repos.adoc new file mode 100644 index 0000000000..e5fce16682 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-code-repos.adoc @@ -0,0 +1,66 @@ +== Scan code repos with twistcli + +Prisma Cloud ships a command-line scanner for scanning code repos. +It is supported on Linux, macOS, and Windows. + +twistcli scans repositories locally and sends a bill of materials to Console for evaluation. +Console assesses the components in the BoM against the latest threat data, and replies back to twistcli with the scan results. + +The policy Console uses to assess a code repo is set in *Defend > Vulnerabilities > Code repositories > CI* and *Defend > Compliance > Code repositories > CI*. + +By default, twistcli publishes scan results to Console. +Scan results can viewed in Console under *Monitor > Vulnerabilities > Code repositories > CI*. + +Many developers don't have access to Prisma Cloud directly, but may want to run twistcli to evaluate a repo before code is submitted and a build job is initiated. +twistcli has can print detailed results locally and optionally suppress publishing scan results to Console (which they might not be able to access anyway). + + +=== Basic command line format and options + +The basic command format is as follows: + + twistcli coderepo scan --repository + +Where: + +* REPO_PATH can be an absolute or relative path +* REPO_NAME is the unique key that Console to identify the repo. +If `--repository` isn't specified, the repository's path is used as the repository name. + + +=== Print detailed scan results + +Detailed result contain all dependencies files and a vulnerability distribution summary. +For each dependency file that has any vulnerabilities, a table with information about the vulnerability is printed. + + twistcli coderepo scan --repository rowan --details + + +=== Excluding files from a scan + +To exclude files from the scan, use the `--excluded-paths` argument. +Attach only a single value to the argument. +The value should be a relative path from the root of the repository. + +To exclude a file: + + twistcli coderepo scan --repository rowan --excluded-paths + +To exclude multiple files, specify the `--excluded-paths` argument multiple times: + + twistcli coderepo scan --repository rowan --excluded-paths --excluded-paths + + +=== Scanning specific files + +To explicitly scan files scan use the `--explicit-files` argument. +Specify one file per argument. +For multiple files, specify multiple `--explicit-files` arguments. + + +=== Suppress publishing results + +Using--publish=false to avoid publishing the result to the console. + + twistcli coderepo scan --repository rowan --publish=false + diff --git a/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-iac.adoc b/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-iac.adoc new file mode 100644 index 0000000000..9d6f1f5034 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-iac.adoc @@ -0,0 +1,3 @@ +== Scan Infrastructure as Code (IaC) + +To scan your IaC templates for misconfiguration or to detect drift in your templates and resource configuration, see the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/get-started[Code Security capabilities on Prisma Cloud]. diff --git a/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-images.adoc b/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-images.adoc new file mode 100644 index 0000000000..11ee018a07 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/twistcli-scan-images.adoc @@ -0,0 +1,893 @@ +== Scan Images with `twistcli` + +You can use the Prisma Cloud `twistcli` command-line tool to scan container images and serverless functions. +Scanning with `twistcli` is supported on Linux, macOS, and Windows. + +=== Command + +The `twistcli` command-line tool has several subcommands. +To scan, use the following subcommand. + +[source,bash] +---- +twistcli images scan +---- + +The command scans an image for vulnerabilities and compliance issues. +The image must be on the system running the `twistcli` command-line tool. +If not and if you are using Docker, you can retrieve the image with the `docker pull` before scanning it. +The `twistcli` tool does not pull images. + +==== Syntax + +When using `twistcli images scan`, the image or tarball to scan must be the last parameter. +If you specify options after the image or tarball, they are ignored. +If scanning a tarball, use the `--tarball` option. + +[source,bash] +---- +twistcli images scan [OPTIONS] [IMAGE] +---- + +==== Description + +The `twistcli images scan` tool collects information about the packages and binaries in the container image, and sends the information to the Prisma Cloud Console for analysis. + +The `twistcli` tool collects data including the following items. + +* Packages in the image. +* Files installed by each package. +* Hashes for files in the image. + +After the Prisma Cloud Console analyzes the image for vulnerabilities, `twistcli` performs the following tasks. + +* Outputs a summary report. +* Exits with a pass or fail return value. + +To specify an image to scan, use either the image ID, or repository name and tag. +If you are using Windows with `containerd`, provide a full image ID because short IDs aren't supported. +Get the full image ID using the following command. + +[source] +---- +ctr -n images ls +---- + +The image should be present on the system, having either been built or pulled there. +If a repository is specified without a tag, `twistcli` looks for an image tagged `latest`. + +==== Options + +ifdef::prisma_cloud[] +`--address` [.underline]#`URL`#:: +Required. +URL for Console, including the protocol and port. +Only the HTTPS protocol is supported. +To get the address for your Console, go to *Compute > Manage > System > Utilities*, and copy the string under *Path to Console*. ++ +Example: --address \https://us-west1.cloud.twistlock.com/us-3-123456789 + +`-u`, `--user` [.underline]#`Access Key ID`#:: +Access Key ID to access Prisma Cloud. +If not provided, the `TWISTLOCK_USER` environment variable is used, if defined. +Otherwise, "admin" is used as the default. + +`-p`, `--password` [.underline]#`Secret Key`#:: +Secret Key for the above Access Key ID specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable is used, if defined. +Otherwise, you will be prompted for the user's password before the scan runs. + +Access Key ID and Secret Key are generated from the Prisma Cloud user interface. +For more information, see xref:../authentication/access-keys.adoc[access keys] + +endif::prisma_cloud[] + + +ifdef::compute_edition[] +* *`--address URL`* ++ +Complete URL for Console, including the protocol and port. +Only the HTTPS protocol is supported. +By default, Console listens to HTTPS on port 8083, although your administrator can configure Console to listen on a different port. +Defaults to \https://127.0.0.1:8083. ++ +Example: --address \https://console.example.com:8083 + +* *`-u`, `--user USERNAME`* ++ +Username to access Console. If not provided, the `TWISTLOCK_USER` environment variable will be used if defined, or "admin" is used as the default. + +* *`-p`, `--password PASSWORD`* ++ +Password for the user specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable will be used if defined, or otherwise will prompt for the user's password before the scan runs. + +* *`--project PROJECT NAME`* ++ +Interface with a specific supervisor Console to retrieve policy and publish results. ++ +Example: `--project "Tenant Console"` +endif::compute_edition[] + +* *`--output-file FILENAME`* ++ +Write the results of the scan to a file in JSON format. ++ +Example: `--output-file scan-results.json` + +* *`--details`* ++ +Show all vulnerability details. + +* *`--containerized`* ++ +Run the scan from inside the container. + +* *`--custom-labels`* ++ +Include the image custom labels in the results. + +* *`--docker-address DOCKER_CLIENT_ADDRESS`* ++ +Docker daemon listening address (default: `unix:///var/run/docker.sock`). +Can be specified with the `DOCKER_CLIENT_ADDRESS` environment variable. + +* *`--docker-tlscacert PATH`* ++ +Path to Docker client CA certificate. + +* *`--docker-tlscert PATH`* ++ +Path to Docker client Client certificate. + +* *`--docker-tlskey PATH`* ++ +Path to Docker client Client private key. + +* *`--containerd`* ++ +Scans images in a containerd environment. + +* *`--containerd-address value`* ++ +Containerd daemon listening address (default: "/var/run/containerd/containerd.sock"). + +* *`--containerd-namespace value`* ++ +Containerd target namespace (default: "default"). + +* *`--docker-runtime`* ++ +Specifies that the running host uses a Docker container runtime, to evaluate the Docker image Compliance benchmark (supported with --tarball). + +* *`--project value`* ++ +Target project + +* *`--exit-on-error TRUE/FALSE`* ++ +Immediately exit the scan if an error is encountered (not supported with the --containerized flag). + +* *`--tlscacert PATH`* ++ +Path to Prisma Cloud CA certificate file. +If no CA certificate is specified, the connection to Console is insecure. + +* *`--podman-path PATH`* ++ +Forces twistcli to use Podman. +To use the default installation path, set as `podman`. +Otherwise, provide the appropriate path. + +* *`--include-js-dependencies`* ++ +Evaluates packages listed only in manifests. + +* *`--include-purl`* ++ +Adds package URLs for packages and vulnerabilities. + +* *`--token TOKEN`* ++ +Token to use for Prisma Cloud Console authentication. +Tokens can be retrieved from the API endpoint `api/v1/authenticate` or from the *Manage > System > Utilities* page in Console. + +* *`--publish TRUE/FALSE`* ++ +Publishes scan results to the Console (default: --publish=true) + +* *`--tarball`* ++ +Boolean flag that specifies the image to scan is a tar archive. +The tarball scan requires enhanced privileges, and must be executed as sudo or as a root user. +Prisma Cloud supports tar archives in the https://github.com/moby/moby/tree/00d8a3bb516ad1e14c56ccdfeb70736bbeb0ba49/image/spec[Docker Image Specification] format, v1.1 and later. + +The `tarball` option is supported on Linux only; macOS and Windows versions of twistcli do not support it. + +The last parameter in the twistcli command should always be the path to the tarball. +The `--tarball` option is simply a boolean flag. +It doesn't accept a corresponding value (e.g. a path to a tarball). +For clarity, see the following examples: + +Correct usage: +---- + ./twistcli images scan --tarball --user ted image.tar +---- +Incorrect usage: +---- + ./twistcli images scan --tarball image.tar --user ted +---- + +==== Return Value + +The exit code is 0 if `twistcli images scan` finds no vulnerabilities or compliance issues. +Otherwise, the exit code is 1. + +The criteria for passing or failing a scan is determined by the CI vulnerability and compliance policies set in Console. +The default CI vulnerability policy alerts on all CVEs detected. +The default CI compliance policy alerts on all critical and high compliance issues. + + +[NOTE] +==== +The `twistcli` images scan returns an exit code of 1 in the following scenarios: + +* The scan failed because the scanner found issues that violate your CI policy. +* Twistcli failed to run due to an error. + +Although the return value is ambiguous -- you cannot determine the exact reason for the failure by just examining the return value -- this setup supports automation. +From an automation process perspective, you expect that the entire flow will work. +If you scan an image, with or without a threshold, either it works or it does not work. +If it fails, for whatever reason, you want to fail everything because there is a problem. +==== + + +=== Scan Results + +To view scan reports in Console, go to *Monitor > Vulnerabilities > Images > CI* or *Monitor > Compliance > Images > CI*. + +The scan reports includes the image vulnerabilities, compliance issues, layers, process info, package info, and labels. + +When scanning images in the CI pipeline with twistcli or the xref:../continuous-integration/jenkins-plugin.adoc[Jenkins plugin], Prisma Cloud collects the environment variable `JOB_NAME` from the machine the scan ran on, and adds it as a label to the scan report. + +You can also retrieve scan reports in JSON format using the Prisma Cloud API, see the <> section. + + +==== Output + +The twistcli tool can output scan results to several places: + +* stdout. +* JSON file. +* Console. +Scan results can be viewed under *Monitor > Vulnerabilities > Images > CI* and *Monitor > Compliance > Images > CI*. + +By passing certain flags, you can adjust how the twistcli scan output looks and where it goes. +By default, twistcli writes scan results to stdout and sends the results to Console. + +To write scan results to stdout in tabular format, pass the `--details` flag to twistcli. +This does not affect where the results are sent. + +To write scan results to a file in JSON format, pass the `--output-file` flag to twistcli. The file schema is being kept for backwards compatibility. + +Following is the output file schema: +[source,json] +---- +{ + "results": [ + { + "id": "image id", + "name" : "image name", + "distro": "image OS distro", + "distroRelease": "image OS release", + "digest": "image digest", + "collections": [ + "collectionA", + "collectionB" + ], + "packages": [ + { + "type": "package type", + "name": "package name", + "version": "package version", + "path": "package path, if exists", + "licenses": [ + "licenseA", + "licenseB" + ], + "purl": "pkg:deb/debian/base-files@11.1+deb11u1" + }, + { + ... + } + ], + "applications": [ + { + "name": "app name", + "version": "app version", + "path": "app path, if exists" + }, + { + ... + } + ], + "compliances": [ + { + "id": "compliance issue ID", + "title": "compliance issue title", + "severity": "compliance issue severity", + "description": "compliance issue description", + "cause": "compliance issue cause, if exists", + "layerTime": "layer time of the image layer to which the compliance issue belongs", + "category": "compliance category", + "pass": "true/false" + }, + { + ... + } + ], + "complianceDistribution": { + "critical": 0, + "high": 1, + "medium": 0, + "low": 0, + "total": 1 + }, + "complianceScanPassed": true/false, + "vulnerabilities": [ + { + "id": "CVE ID", + "status": "CVE fix status", + "cvss": CVSS, + "vector": "CVSS vector", + "description": "CVE description", + "severity": "CVE severity", + "packageName": "package name", + "purl": "pkg:golang/golang.org/x/net@v0.0.0-20210405180319-a5a99cb37ef4", + "packageVersion": "package version", + "link": "link to the CVE as provided in the Console UI", + "riskFactors": [ + "Attack vector: network", + "High severity", + "Has fix" + ], + "tags": [ + "ignored", + "in review" + ], + "impactedVersions": [ + "impacted versions phrase1", + "impacted versions phrase2" + ], + "publishedDate": "publish date", + "discoveredDate": "discovered date", + "graceDays": "grace days", + "fixedDate": "vendor fixed date, if exists", + "layerTime": "layer time of the image layer to which the vulnerability belongs" + }, + { + ... + } + ], + "vulnerabilityDistribution": { + "critical": 0, + "high": 1, + "medium": 0, + "low": 19, + "total": 20 + }, + "vulnerabilitiesScanPassed": true/false, + "history": [ + { + "created": "time when the image layer was created", + "instruction": "Dockerfile instruction and arguments used to create the layer" + }, + { + ... + } + ], + "scanTime": "the image scan time", + "scanID": "the image scan ID" + } + ], + "consoleURL": "url of the scan results in the Console UI" +} +---- + +=== Projects + +When users from a tenant project run twistcli, they must set the `--project` option to specify the proper context for the command. + +`twistcli images scan --project ""` + + +[#api] +==== API + +You can retrieve scan reports in JSON format using the Prisma Cloud Compute API. +The API returns comprehensive information for each scan report, including the full list of packages, files, and vulnerabilities. + +The following example `curl` command calls the API with Basic authentication. +You'll need to apply some filtering with tools like `jq` to extract specific items from the response. +For more information on accessing the API, see the https://pan.dev/compute/api/[API reference]. + +---- +$ curl \ + -u \ + -o scan_results.json \ + 'https:///api/v1/scans?type=ciImage' +---- + +If you are using assigned collections, then specify the collection in a query parameter: + +---- +$ curl \ + -u \ + -o scan_results.json \ + 'https:///api/v1/scans?type=ciImage&collections=' +---- + + +=== Dockerless Scan + +By default, twistcli is run from outside the container image. + + +==== Podman Twistcli Scans + +Twistcli can run scans on Podman hosts. +Use `--podman-path PATH` to specify the path to podman and force the twistcli scanner to use podman. +For additional information, see the <> section. + + +==== Running from inside a Container + +In some cases, you might need to copy twistcli to the container's file system, and then run the scanner from inside the container. + +One reason you might want to run the scanner this way is when your build platform doesn't give you access to the Docker socket. +CodeFresh is an example of such a platform. + +There are some shortcomings with scanning from inside a container, so you should only use this approach when no other approach is viable. +The shortcomings are: + +* Automating the scan in your continuous integration pipeline is more difficult. + +* Image metadata, such as registry, repository, and tag aren't available in the scan report. +When twistcli is run from outside the container, this information is retrieved from the Docker API. + +* The image ID isn't available in the scan report because it cannot be determined when the scan is run from inside a container. + +* The scan report won't show a layer-by-layer analysis of the image. + +NOTE: To run a `twistcli` image scan within a container and without passing the `--containerized` flag, you need to run the container as a privileged container. + +===== Usage + +When running the scanner from inside a container, you need to properly orient it by passing it the `--containerized` flag. +There are a couple of ways to run twistcli with the `--containerized` flag: build-time and run-time. + +For security reasons, Prisma Cloud recommends that you create a user with the _CI User_ xref:../authentication/user-roles.adoc[role] for running scans. + + +===== Build-time Invocation + +After building an image, run it. +Mount the host directory that holds the twistcli binary, pass the Prisma Cloud Console user credentials to the container with environment variables, then run the scanner inside the container. +The `` is a user defined string that uniquely identifies the scan report in the Console UI. + +---- +$ docker run \ + -v /PATH/TO/TWISTCLIDIR:/tools \ + -e TW_USER= \ + -e TW_PASS= \ + -e TW_CONSOLE= \ + --entrypoint="" \ + \ + /tools/twistcli images scan \ + --containerized \ + --details \ + --address $TW_CONSOLE \ + --user $TW_USER \ + --password $TW_PASS \ + +---- + +Rather than username and password, twistcli can also authenticate to Console with a token. +Your API token can be found in Console under *Manage > System > Utilities > API token*. +ifdef::compute_edition[] +For security reasons, API xref:../configure/logon-settings.adoc[tokens expire]. +endif::compute_edition[] + +---- +$ docker run \ + -v /PATH/TO/TWISTCLI_DIR:/tools \ + -e TW_TOKEN= \ + -e TW_CONSOLE= \ + --entrypoint="" \ + \ + /tools/twistcli images scan \ + --containerized \ + --details \ + --address $TW_CONSOLE \ + --token $TW_TOKEN \ + +---- + +===== Run-time Invocation + +If you have access to the orchestrator, you can exec into the running container to run the twistcli scanner. +Alternatively, you could SSH to the container. +Once you have a shell on the running container, invoke the scanner: + +---- +$ ./twistcli images scan \ + --address \ + --user \ + --password \ + --containerized \ + +---- + +To invoke the scanner with an API token: + +---- +$ ./twistcli images scan \ + --address \ + --token \ + --containerized \ + +---- + +[.task] +=== Simple Scan + +Scan an image with twistcli and print the summary report to stdout. + +[.procedure] +. Scan an image named `nginx:latest`. ++ +---- +$ twistcli images scan \ + --address \ + --user \ + --password \ + nginx:latest +---- ++ +Command output: ++ +image::simple_scan.png[scale=15] + + +[.task] +=== Scan with Detailed Report + +You can have twistcli generate a detailed report for each scan. +The following procedure shows you how to scan an image with twistcli, and then retrieve the results from Console. + +[.procedure] +. Scan an image named `nginx:latest`. ++ +---- +$ twistcli images scan \ + --address \ + --user \ + --password \ + --details \ + nginx:latest +---- ++ +Sample command output (results have been truncated): ++ +image::detailed_scan.png[scale=15] + +. This outputs a tabular representation of your scan results to stdout. +If you need to retrieve the results of your scan in JSON format, this can be done using the API. +For more information on the API, see the https://pan.dev/compute/api/[API reference]. + +.. Call the API with authentication (demonstrated here using Basic authentication) to fetch the results of the scan. ++ +---- +$ curl \ + -o scan_results.json \ + -H 'Authorization: Basic YXBpOmFwaQ==' \ + 'https:///api/v1/scans?search=myimage&limit=1&reverse=true&type=ciImage' +---- +.. Format the scan results into human-readable format. ++ +---- +$ python -m json.tool scan_results.json > scan_results_pp.json +---- +.. Inspect the results. ++ +Open `scan_results_pp.json` to view the results. Vulnerability information can be found in the `vulnerabilities` array, and compliance results can be found in the `complianceIssues` array. ++ +[source,json] +---- +[ + { + "entityInfo": { + "_id": "", + "type": "ciImage", + ... + "complianceIssues": [ + { + "text": "", + "id": 41, + "severity": "high", + "cvss": 0, + "status": "", + "cve": "", + "cause": "", + "description": "It is a good practice to run the container as a non-root user, if possible. Though user\nnamespace mapping is now available, if a user is already defined in the container image, the\ncontainer is run as that user by default and specific user namespace remapping is not\nrequired", + "title": "(CIS_Docker_CE_v1.1.0 - 4.1) Image should be created with a non-root user", + "vecStr": "", + "exploit": "", + "riskFactors": null, + "link": "", + "type": "image", + "packageName": "", + "packageVersion": "", + "layerTime": 0, + "templates": [], + "twistlock": false, + "published": 0, + "discovered": "0001-01-01T00:00:00Z" + } + ], + ... + "vulnerabilities": [ + { + "text": "", + "id": 46, + "severity": "medium", + "cvss": 9.8, + "status": "deferred", + "cve": "CVE-2018-20839", + "cause": "", + "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", + "title": "", + "vecStr": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "exploit": "", + "riskFactors": { + "Attack complexity: low": {}, + "Attack vector: network": {}, + "Medium severity": {} + }, + "link": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20839", + "type": "image", + "packageName": "systemd", + "packageVersion": "237-3ubuntu10.39", + "layerTime": 1587690420, + "templates": [], + "twistlock": false, + "published": 1558067340, + "discovered": "0001-01-01T00:00:00Z", + "binaryPkgs": [ + "libnss-systemd", + "libsystemd0", + "libpam-systemd", + "udev", + "systemd-sysv", + "libudev1", + "systemd" + ] + }, + ... + ], + ... + }, + ... + } +] +---- + +[.task] +=== Scan Images Built with Jenkins in an OpenShift Environment + +// For help understanding the Jenkins infrastructure on OCP, see: +// https://blog.openshift.com/jenkins-slaves-in-openshift-using-an-external-jenkins-environment/ +// http://blog.andyserver.com/2016/01/jenkins-cluster-openshift/ +// https://docs.openshift.com/container-platform/3.7/using_images/other_images/jenkins.html#using-images-other-images-jenkins + +If you are building and deploying images on OpenShift Container Platform (OCP), and you are utilizing their Jenkins infrastructure, then invoke a scan with the `twistcli hosts scan` command, not the `twistcli images scan` command. + +You can scan images generated by Jenkins with the OpenShift plugin by invoking twistcli from a +https://docs.openshift.com/container-platform/3.7/dev_guide/builds/build_hooks.html[build hook]. +Build hooks let you inject custom logic into the build process. +They run your commands inside a temporary container instantiated from build output image. +Build hooks are called when the last layer of the image has been committed, but before the image is pushed to a registry. +An non-zero exit code fails the build. +A zero exit code passes the build, and allows it to proceed to the next step. + +To call twistcli from a build hook: + +[.procedure] +. Download twistcli into your build environment. +Depending on your build strategy, one option is to download it as an https://docs.openshift.com/container-platform/3.7/dev_guide/builds/build_inputs.html#using-external-artifacts[external artifact] using a `save-artifacts` https://docs.openshift.com/container-platform/3.7/creating_images/s2i.html#s2i-scripts[S2I script]. + +. In your `BuildConfig`, call twistcli as a `script` from the `postCommit` hook. ++ +---- +$ twistcli hosts scan \ + --address \ + --user \ + --password \ + --skip-docker \ + --include-3rd-party +---- ++ +Where the `--skip-docker` option skips all Docker compliance checks such as the Docker daemon configuration and the `--include-3rd-party` option scans application-specific files such as JARs. + + +=== Scan Images when the Docker Docket Isn't in the Default Location + +The twistcli scanner uses the Docker API, so it must be able to access the socket where the Docker daemon listens. +If your Docker socket isn't in the default location, use the `--docker-address` option to tell twistcli where to find it: + +`--docker-address` [.underline]#`PATH`#:: +Path to the Docker socket. +By default, twistcli looks for the Docker socket `unix:///var/run/docker.sock`. + +---- +$ ./twistcli images scan \ + --address \ + --user \ + --password \ + --docker-address unix:////docker.sock \ + +---- + + +[#podman] +=== Scan Podman/CRI Images + +Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. +The twistcli tool can use the preinstalled Podman binary to scan CRI images. +//https://redlock.atlassian.net/browse/PCSUP-8724 and https://redlock.atlassian.net/browse/PCSUP-10502) +NOTE: To run a `twistcli` image scan within a container using podman and without passing the `--containerized` flag, you need to run the container as a privileged container. + +`--podman-path` [.underline]#`PATH`#:: +Forces twistcli to use Podman. +To call podman from its default install path, specify `podman`. +Otherwise, specify an explicit path. + + $ ./twistcli images scan \ + --address \ + --user \ + --password \ + --podman-path podman \ + + +=== CI/CD Automation + +Twistcli images scan can be used to shift-left security scans inside of your build pipeline. +Plugins are available for Jenkins and other CI/CD tools, but twistcli can also be used from a CI pipeline in order to initiate vulnerability and compliance scans on images. + +The exit status code can be verified inside of your pipeline to determine pass and fail status of the image scan. +A zero exit code signals the scan passes, and any non-zero exit code signals a failure. + +In order to automate the download and version sync of twistcli, reference the sample Jenkins code below: + +---- +stage('Check twistcli version') { + + def TCLI_VERSION = sh(script: "./twistcli | grep -A1 VERSION | sed 1d", returnStdout:true).trim() + def CONSOLE_VERSION = sh(script: "curl -k -u \"$TL_USER:$TL_PASS\" https://$TL_CONSOLE/api/v1/version | tr -d \'\"'", returnStdout:true).trim() + + println "TCLI_VERSION = $TCLI_VERSION" + println "CONSOLE_VERSION = $CONSOLE_VERSION" + + if ("$TCLI_VERSION" != "$CONSOLE_VERSION") { + println "downloading twistcli" + sh 'curl -k -u $TL_USER:$TL_PASS --output ./twistcli https://$TL_CONSOLE/api/v1/util/twistcli' + sh 'sudo chmod a+x ./twistcli' + } +} + +stage('Scan with Twistcli') { + sh './twistcli images scan --address https://$TL_CONSOLE -u $TL_USER -p $TL_PASS --details $IMAGE' +} +---- + + +ifdef::prisma_cloud[] + +[.task] +=== Using twistcli with Prisma Cloud Compute in Enterprise Edition + +The following procedure is true even if IP whitelisting feature is enabled in Prisma Cloud. +You can use your username:password from PC or Access Key / Secret Key created by a user as username:password in twistcli calls. + +[.procedure] +. Go to Settings > Access Keys page under Prisma Cloud + +. Create an Access Key with desired expiration time. Make sure you keep this secure by downloading or copying for future use. + +. Get Compute Console URL from Compute tab - Manage > System > Utilities. + +. Use Access Key as username and Secret key as password for your twistcli calls ++ +---- +./twistcli images scan --address --username --password ubuntu:latest +---- + +endif::prisma_cloud[] + + +=== Scan Image Tarballs + +`twistcli` can scan image tarballs. +This capability is designed to support the following workflows: + +* Integration with Kaniko. +Kaniko is a tool that builds images in a Kubernetes cluster from a Dockerfile without access to a Docker daemon. +* Vendors deliver container images as tar files, not through a registry. + +twistcli supports the https://github.com/moby/moby/tree/00d8a3bb516ad1e14c56ccdfeb70736bbeb0ba49/image/spec[Docker Image Specification] v1.1 and later. +Currently, twistcli doesn't support the Open Container Initiative (OCI) https://github.com/opencontainers/image-spec/blob/main/spec.md[Image Format Specification]. + +Both Kaniko and the `docker save` command output tarballs using the Docker Image Specification. + +To scan an image tarball, specify the `--tarball` option: + + twistcli images scan --tarball + +For example: + + docker pull vulnerables/web-dvwa:1.9 + docker save vulnerables/web-dvwa:1.9 | gzip > vulnerables_web_dvwa19.tar.gz + twistcli images scan --tarball vulnerables_web_dvwa19.tar.gz + +NOTE: +To scan image tarballs in an unprivileged container, pass the following capabilities: CAP_SYS_CHROOT and CAP_MKNOD. + +=== Scan Windows Images on Windows Hosts with `containerd` + +You can use `twistcli` to scan Windows images on Windows hosts with `containerd` installed. + + .\twistcli images scan \ + --address \ + --user \ + --containerd \ + --containerd-namespace \ + + +[NOTE] +==== +Windows requires the host OS version to match the container OS version. +If you want to run a container based on a newer Windows build, make sure you have an equivalent host build. +Otherwise, you can use Hyper-V isolation to run older containers on new host builds. +For more information, see https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-11-21H2[Windows containers version compatibility]. +==== + +=== Scan Images on Linux Hosts with `containerd` + +You can use `twistcli` to scan images on Linux hosts with `containerd` installed. + + .\twistcli images scan \ + --address \ + --user \ + --containerd \ + --containerd-namespace \ + + +[NOTE] +==== +// twistlock/twistlock#37836 +The image ID passed to `twistcli` must be the https://docs.docker.com/engine/reference/commandline/images/#list-the-full-length-image-ids[full length image ID]. +Short IDs aren't supported. +Get full-length image IDs using the following command. + +[source,bash] +---- +ctr -n images ls +---- + +https://github.com/containerd/containerd/releases[Download] the https://github.com/projectatomic/containerd/blob/master/docs/cli.md[ctr] utility. +==== + +=== Limitations + +// twistlock/twistlock#37074 +Due to a https://github.com/GoogleContainerTools/kaniko/issues/699[bug] in Kaniko, twistcli can't map vulnerabilities to layers when scanning image tarballs built by Kaniko. diff --git a/docs/en/compute-edition/32/admin-guide/tools/twistcli.adoc b/docs/en/compute-edition/32/admin-guide/tools/twistcli.adoc new file mode 100644 index 0000000000..9c89c16f53 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/twistcli.adoc @@ -0,0 +1,368 @@ +== twistcli + +Prisma Cloud ships a command-line configuration and control tool known as _twistcli_. +It is supported on Linux, macOS, and Windows. + +ifdef::compute_edition[] + +When users from a tenant xref:../deployment-patterns/projects.adoc[project] run _twistcli_, they must set the _--project_ option to specify the proper context for the command. + +endif::compute_edition[] + + +=== Installing twistcli + +The _twistcli_ tool is delivered with every Prisma Cloud release. +It is statically compiled, so it does not have any external dependencies, and it can run on any Linux host. +No special installation is required. +To run it, simply copy it to a host, and give it executable permissions. +You need `sudo` privileges to run the `twistcli` command. + +The _twistcli_ tool is available from the following sources. + +ifdef::compute_edition[] +* You find it in the release tarball. +endif::compute_edition[] +* You can download _twistcli_ from the Prisma Cloud Console UI. +Go to *Manage > System > Utilities*. ++ +image::twistcli-download.png[width=600] ++ +Choose the correct architecture and OS when downloading the `twistcli` command-line utility. + +* You can download it from the API, which is a typical use case for automated workflows. +For more information, see the `/api/v1/util` endpoint. + +The requirements for running _twistcli_ are: + +* The host running _twistcli_ must be able to connect to the Prisma Cloud Console over the network. +* For image scanning, Docker Engine must be installed on the executing machine. + + +=== Connectivity to Console + +Most _twistcli_ functions require connectivity to Console. +All example commands specify a variable called COMPUTE_CONSOLE, which represents the address for your Console. + +ifdef::compute_edition[] +The address for your Console depends on how you installed it. + +For Onebox installs, where you install Console on a stand-alone host, the value for COMPUTE_CONSOLE is the IP address or DNS name of the host. +HTTPS access to Console is on port 8083, so the full address is + +\https://:8083 + +For the default Kubernetes installation procedure, the Console service is exposed by a LoadBalancer, and so the address for COMPUTE_CONSOLE is + +\https://:8083 +endif::compute_edition[] + +ifdef::prisma_cloud[] +To get the address for your Console, go to *Compute > Manage > System > Utilities*, and copy the string under *Path to Console*. +endif::prisma_cloud[] + + +=== Functions + +The _twistcli_ tool supports the following functions: + +* _console_ -- +Installs and uninstalls Console into a cluster. +Kubernetes and OpenShift are supported. +You can also export Kubernetes or OpenShift deployment files in YAML format. + +* _defender_ -- +Installs and uninstalls Defender into a cluster. +Kubernetes and OpenShift are supported. +Defender is installed as a daemon set (Kubernetes, OpenShift) which means one Defender is always automatically deployed to each node in the cluster. +You can also export a Kubernetes or OpenShift deployment file in YAML format. + +* _hosts_ -- +Scans hosts for vulnerabilities and compliance issues. ++ +// twistcli hosts scan support for Windows: +// https://github.com/twistlock/twistlock/issues/14992 + +* _images_ -- +Scans container images for vulnerabilities and compliance issues. +Because it runs from the command line, you can easily integrate Prisma Cloud’s scanning capabilities into your CI/CD pipeline. + +* _intelligence_ -- +Retrieves the latest threat data from the Prisma Cloud Intelligence Stream, and push those updates to a Prisma Cloud installation running in an air-gapped environment. + +* _tas_ -- +Scans VMware Tanzu droplets. + +* _app-embedded_ -- +Embed the App Embedded Defender into a Dockerfile. + +* _restore_ -- +Restore Console to the state stored in the specified backup file. +An automated backup system (enabled by default) creates and maintains daily, weekly, and monthly backups. +Additional backups can be made at any point in time from the Console UI. + +* _serverless_ -- +Scans serverless functions for vulnerabilities. + +* _support_ -- +Streamlines the process of collecting and sending debug information to Prisma Cloud's support team. +Collects log data from a node and uploads it to Prisma Cloud's support area. + + +=== Capabilities + +The _twistcli_ tool offers feature parity across all supported operating systems, with a few exceptions. +The following table highlights where functions are disabled, or work differently, on a given platform. + +[cols=".^2,2,1,1,1,1,1", frame="topbot"] +|==== +2+^| twistcli 5+^| Platform + +|Command +|Subcommand +|Linux +|Linux ARM64 +|macOS +|macOS ARM64 +|Windows + +.3+|`console` {set:cellbgcolor:#fff} +|`export` +|Yes +|No +|Yes +|Yes +|Yes + +|`install` +|Yes +|No +|No +|No +|No + +|`uninstall` {set:cellbgcolor:#fff} +|Yes +|No +|No +|No +|No + +.3+|`defender` {set:cellbgcolor:#fff} +|`export` +|Yes +|Yes +|Yes +|Yes +|Yes + +|`install` +|Yes +|Yes +|No +|No +|No + +|`uninstall` {set:cellbgcolor:#fff} +|Yes +|Yes +|No +|No +|No + +|`hosts` {set:cellbgcolor:#fff} +|`scan` +|Yes +|Yes +|No^1^ +|No +|No + +|`images` {set:cellbgcolor:#fff} +|`scan` +|Yes +|Yes +|Yes^2^ +|Yes +|Yes^3^ + +.2+|`intelligence` +|`upload` +|Yes +|No +|Yes +|No +|Yes + +|`download` +|Yes +|Yes +|Yes +|Yes +|Yes + +|`pcf` +|`scan` +|Yes +|No +|No +|No +|No + +|`app-embedded` {set:cellbgcolor:#fff} +|`embed` +|Yes +|No +|Yes +|No +|Yes + +|`restore` {set:cellbgcolor:#fff} +| +|Yes +|No +|No +|No +|No + +|`serverless` {set:cellbgcolor:#fff} +|`scan` +|Yes +|No +|Yes +|No +|Yes + +.2+|`support` +|`dump` +|Yes +|No +|No^4^ +|No +|No^4^ + +|`upload` {set:cellbgcolor:#fff} +|Yes +|Yes +|Yes +|Yes +|Yes + +|`tas` +|`scan` +|Yes +|Yes +|No +|No +|No + +|`waas` +|`openapi-scan` +|Yes +|Yes +|Yes +|Yes +|Yes + +|==== + +^1^ +Prisma Cloud doesn't support deployment to macOS hosts, so there is no support for scanning macOS hosts. + +^2^ +Scans Linux images on macOS hosts. +Docker for Mac must be installed. + +^3^ +Twistcli can scan Windows images on Windows Server 2016 and Windows Server 2019 hosts. +To scan Linux images on Windows, install https://docs.docker.com/machine/overview/[Docker Machine on Windows] with the Microsoft Hyper-V driver. +Twistcli does not support scanning Linux images on Windows hosts with https://docs.docker.com/docker-for-windows/[Docker for Windows]. + +^4^ +The _support dump_ function collects Console's logs when Console malfunctions. +Copy _twistcli_ to host where Console runs, then execute _twistcli support dump_. +Defender logs can be retrieved directly from the Console UI under *Manage > Defenders > Manage*. + +ifdef::prisma_cloud[] +^5^ +IaC scanning is only available with *Prisma Cloud Enterprise Edition*. +endif::prisma_cloud[] + +For a comprehensive list of supported options for each subcommand, run: + + $ twistcli --help + + +=== Install support + +Support for installing Console and Defender via _twistcli_ is supported on several cluster types. +The following table highlights the available support: + + +[cols=".^2,2,1,1,1,1,1", frame="topbot"] +|==== +2+^| twistcli {set:cellbgcolor:#f5f5f5} 5+^| Platform + +.^h|Command +.^h|Subcommand +.^h|Stand-alone^1^ +.^h|Kubernetes +.^h|OpenShift +.^h|Amazon ECS +.^h|Windows + +.3+|`console` {set:cellbgcolor:#fff} +|`export` +|No +|Yes {set:cellbgcolor:#D0FAEE} +|Yes +|No +|No + +|`install` +|No +|Yes {set:cellbgcolor:#D0FAEE} +|Yes +|No {set:cellbgcolor:#fff} +|No + +|`uninstall` +|No +|Yes {set:cellbgcolor:#D0FAEE} +|Yes +|No {set:cellbgcolor:#fff} +|No + +.3+|`defender` +|`export` +|No +|Yes {set:cellbgcolor:#D0FAEE} +|Yes +|No {set:cellbgcolor:#fff} +|No + +|`install` +|Yes {set:cellbgcolor:#D0FAEE} +|Yes +|Yes +|No {set:cellbgcolor:#fff} +|No + +|`uninstall` +|No +|Yes {set:cellbgcolor:#D0FAEE} +|Yes +|No {set:cellbgcolor:#fff} +|No + +|==== + +^1^ +Stand-alone refers to installing an instance of Console or Defender onto a single host that isn't part of a cluster. +For stand-alone installations of Console, use the _twistlock.sh_ script to install Onebox. + +The _twistcli console install_ command for Kubernetes and OpenShift combines two steps into a single command to simplify how Console is deployed. +This command internally generates a YAML configuration file and then creates Console's resources with _kubectl create_ in a single shot. +This command is only supported on Linux. +Use it when you don't need a copy of the YAML configuration file. +Otherwise, use _twistcli console export_. diff --git a/docs/en/compute-edition/32/admin-guide/tools/twistcli_scan_iac.adoc.orig b/docs/en/compute-edition/32/admin-guide/tools/twistcli_scan_iac.adoc.orig new file mode 100644 index 0000000000..b085b8b17c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/twistcli_scan_iac.adoc.orig @@ -0,0 +1,167 @@ +== Scan Infrastructure as Code (IaC) with twistcli + +Scan Terraform, Cloud Formation or Kubernetes files with `twistcli` + + +=== Command reference + +The `twistcli` command has several subcommands. +Use the `twistcli iac scan` subcommand to invoke the scanner. + +[.section] +==== NAME + +`twistcli iac scan` -- + +Scan an IaC file for compliance issues. The file must reside on the system where twistcli runs. + + + +[.section] +==== SYNOPSIS + +`twistcli iac scan [OPTIONS] [FILE]` + +[.section] +==== DESCRIPTION + +The `twistcli iac scan` function will evaluate the file against the policies in Prisma Cloud. These policies have a type of _build_ attached to them. + +//TODO: INsert link for IaC scanning + +NOTE: When invoking `twistcli`, the last parameter should be the file to scan. +If you list options after the filename, they will be ignored. + + +[.section] +==== OPTIONS + +`--address` [.underline]#`URI`#:: +Required. +Complete URI for Console, including the protocol and port. +Only the HTTPS protocol is supported. ++ +Example: --address https://us-west1.cloud.twistlock.com/us-3-123456789 + +To get the address for your Console, go to *Compute > Manage > System > Utilities*, and copy the string under *Path to Console*. + +`-u`, `--user` [.underline]#`Access Key ID`#:: +_Access Key ID_ to access Prisma Cloud. +If not provided, the `TWISTLOCK_USER` environment variable is used, if defined. +Otherwise, "admin" is used as the default. + +`-p`, `--password` [.underline]#`Secret Key`#:: +_Secret Key_ for the above _Access Key ID_ specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable is used, if defined. +Otherwise, you will be prompted for the user's password before the scan runs. + +_Access Key ID_ and _Secret Key_ are generated from the Prisma Cloud user interface. +For more information, see xref:../authentication/access_keys.adoc[access keys] + +`--output-file` [.underline]#`FILENAME`#:: +Write the results of the scan to a file in JSON format. ++ +Example: --output-file examplescan + +`--token` [.underline]#`TOKEN`#:: +Token to use for Prisma Cloud Console authentication. + +`--compliance-threshold` [.underline]#`THRESHOLD`#:: +Compliance severity threshold ("high","medium","low") +(default: "high") + + +[.section] +==== RETURN VALUE + +The exit code is 0 if `twistcli` finds no violating policies +Otherwise, the exit code is 1. + +The criteria for passing or failing a scan is determined by the compliance policies set in the command line. + +[NOTE] +==== +There are two reasons why `twistcli` might return an exit code of 1. + +* The scan failed because the scanner found issues that violate your policy. +* Twistcli failed to run due to an error. + +Although the return value is ambiguous -- you cannot determine the exact reason for the failure by just examining the return value -- this setup supports automation. +From an automation process perspective, you expect that the entire flow will work. +==== + + +==== Output + +The twistcli tool can output scan results to several places: + +* stdout. +* File. + +Scan results are saved in JSON format. + +You can simultaneously output scan results to a file and to Console by passing the appropriate flags to twistcli. +By default, twistcli writes scan results to stdout. + +To write scan results to stdout in tabular format, pass the `--details` flag to twistcli. + +To write scan results to a file in JSON format, pass the `--output-file` flag to twistcli. + + +==== Usage + +For security reasons, Prisma Cloud recommends that you create a user with the _Build and Deploy Security_ for running scans. + + +=== Simple scan + +Scan a file with _twistcli_ and print the summary report to stdout. +For example, scan a file named s3.json: + + $ twistcli iac scan \ + -u \ + -p \ + --address \ + + +Command output: + +---- +File : s3.json ++--------------------------------------+---------------------------------------------------+----------+ +| POLICY ID | NAME | SEVERITY | ++--------------------------------------+---------------------------------------------------+----------+ +| 7913fcbf-b679-5aac-d979-1b6817becb22 | AWS S3 buckets do not have server side encryption | medium | ++--------------------------------------+---------------------------------------------------+----------+ +Compliance threshold check results: PASS +---- + +The return code is 0, which you can check: + + echo $? + +Scan another file named s3.json, but set the compliance threshold to medium. + + $ twistcli iac scan \ + -u \ + -p \ + --address \ + --compliance-threshold medium + + +Command output: + +---- +File : s3.json ++--------------------------------------+---------------------------------------------------+----------+ +| POLICY ID | NAME | SEVERITY | ++--------------------------------------+---------------------------------------------------+----------+ +| 7913fcbf-b679-5aac-d979-1b6817becb22 | AWS S3 buckets do not have server side encryption | medium | ++--------------------------------------+---------------------------------------------------+----------+ +Compliance threshold check results: FAIL +---- + +The return code is 1, because the severity of the findings meet the specified threshold. + + echo $? + diff --git a/docs/en/compute-edition/32/admin-guide/tools/update-intel-stream-offline.adoc b/docs/en/compute-edition/32/admin-guide/tools/update-intel-stream-offline.adoc new file mode 100644 index 0000000000..be5b06a072 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/tools/update-intel-stream-offline.adoc @@ -0,0 +1,229 @@ +== Update the Intelligence Stream in offline environments + +Prisma Cloud lets you update Console's vulnerability and threat data even if it runs in an offline environment. + +The Prisma Cloud Intelligence Stream (IS) is a real-time feed that contains vulnerability data and threat intelligence from commercial providers, Prisma Cloud Labs, and the open source community. + +When you install Prisma Cloud, Console is automatically configured to connect to intelligence.twistlock.com to download updates. +The IS is updated several times per day, and Console continuously checks for updates. + +If you run Prisma Cloud in an offline environment, where Console does not have access to the Internet to download updates from the IS, then you can manually download and install IS updates. + + +=== Update strategies for offline environments + +There are a number of update strategies. +The right strategy for you depends on the size of your deployment, and in particular, the number of air-gapped Consoles in your environment. + + +[#basic-strategy] +==== Basic strategy + +Use the basic strategy when you've got one or two air-gapped Consoles. +The basic strategy for updating the threat data for an isolated, air-gapped Console is: + +* <> from an Internet-connected machine. +* Move the archived data to a location accessible by the air-gapped environment. +* <> into the offline Console. + +Both the download and upload operations use twistcli, so the process can be automated. + +If you've got a large number of air-gapped Consoles, individually updating each one can be challenging and brittle, especially in dynamic environments. +As such, Prisma Cloud lets you scale the basic strategy to any number of Consoles. +Each deployed Console can be configured to look for the latest threat data in a central location. +From there, each Console will update itself every 24 hours. +Your job is to ensure that the central location always serves the latest threat data. + +For example, consider how the U.S. Navy would keep a fleet of submarines up-to-date with the latest threat data. +When a submarine surfaces and establishes brief connection to its command's network, the submarine's Console needs to pull the latest Intelligence Stream updates. +For this type of setup, see <> and <>. + + +[#scale-approach1] +==== Scale approach 1 + +Distribute the latest Intelligence Stream data from an HTTP/S server. +Use the <> to keep the data at the endpoint up-to-date. +To configure your Console for this approach, see <>. + + +[#scale-approach2] +==== Scale approach 2 + +Distribute the latest Intelligence Stream data from a so-called "relay" Console. +Downstream Consoles connect to the relay Console to pull the latest threat data. +To keep the relay Console up-to-date: + +* Use the <> when the relay Console is also isolated in an air-gapped environment. +* Let the relay Console update itself by connecting to the Intelligence Stream over the Internet. + +To configure your Console for this approach, see <>. + + +==== Projects + +By default, xref:../deployment-patterns/projects.adoc[projects] utilize the distribution mechanism described in <>. +Central Console connects to \https://intelligence.twistlock.com to retrieve the latest threat data. +All tenant projects connect to Central Console to get the latest threat data. +Central Console itself can be configured for <>, <>, or <>. + +To force Central Console to push Intelligence Stream updates down to all tenants, go to *Manage > System > Intelligence* in the Central Console and click *Update Now*. + + +[#twistcli-download] +[.task] +=== Download the IS data with twistcli + +Before starting, ensure the Internet-connected host to where you will initially download the data can access the Intelligence Stream. +The most reliable way to test connectivity is to ping the Intelligence Stream. +This following curl command verifies that name resolution and any intermediary HTTP proxies are functioning properly. + + $ curl -k \ + --silent \ + --output /dev/null \ + --write-out "%{http_code}\n" \ + https://intelligence.twistlock.com/api/v1/_ping + +If you've got connectivity, you'll get back a 200 (Successful) response code. + + 200 + +[.procedure] +. Open Console. + +. Go to *Manage > System > Intelligence*. + +. Copy the access token. + +. Download twistcli. +You have several options: ++ +* Download twistcli from the Console UI. +Go to *Manage > System > Utilities*. +* Download twistcli from the API. +Use `/api/v1/util/twistcli` for the Linux binary or `/api/v1/util/osx/twistcli` for the macOS binary.. +* Get a copy from the release tarball. + +. Download the the Intelligence Stream data. ++ +Open a shell window, and run the following command: ++ + $ ./linux/twistcli intelligence download --token ++ +All data is downloaded and saved in a file named __twistlock_feed_.tar.gz__ + + +[#twistcli-upload] +[.task] +=== Upload IS data to Console with twistcli + +Use the _twistcli_ tool to upload the Intelligence Stream archive to your Prisma Cloud Console. + +*Prerequisite:* You've disabled over-the-Internet updates for your air-gapped Console. +Go to *Manage > System > Intelligence* and set *Update the Intelligence Stream from Prisma Cloud over the Internet* to *Off*. + +[.procedure] +. Download twistcli. +You have several options: ++ +* Download twistcli from the Console UI. +Go to *Manage > System > Utilities*. +* Download twistcli from the API. +Use `/api/v1/util/twistcli` for the Linux binary or `/api/v1/util/osx/twistcli` for the macOS binary.. +* Get a copy from the release tarball. + +. Run the following command: ++ + $ ./linux/twistcli intelligence upload \ + --address \https://:8083 \ + --user \ + --password \ + --tlscacert \ + ++ +Where: ++ +``:: URL for the air-gapped Console. +`, `:: Credentials for a user with a minimum xref:../authentication/user-roles.adoc[role] of Vulnerability Manager. +``:: (Optional) Path to to Prisma Cloud's CA certificate file. +With the CA cert, a secure connection is used to upload the intelligence data to Console. +For example, `/var/lib/twistlock/certificates/console-cert.pem`. +``:: File generated from <>. +For example, `twistlock_feed_1524655717.tar.gz`. ++ +IMPORTANT: Sometimes after Console is restarted, you might see an error on the login page that says "failed to query license". +This is by design, and it's not a bug. +It happens because a Console restart triggers a user auth token renewal. +For more information, see xref:../configure/logon-settings.adoc[long-lived tokens]. + + +[#distribution-https] +[.task] +=== Download the IS from an HTTP server + +Configure Console to download the IS archive file from a custom HTTPS location. + +When enabled, Console downloads the file from this location every 24 hours. +If the download fails, Console retries every 1 hour until it's successful, then waits for 24 hours until the next download. + +In this strategy, you must get the latest IS data with twistcli and copy the archive file to the HTTP/S server, where the air-gapped Console(s) will retrieve it. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Intelligence*. + +. Set *Update the Intelligence Stream from a custom location* to *On*. + +. In *Address*, specify the full URL to the HTTP/S endpoint where the archive is served. + +. If credentials are required to access this endpoint, create them. + +. (Optional) Configure a certificate chain for trusting the HTTPS endpoint. + +. Click *Save*. ++ +Console immediately attempts to load the IS data from the specified endpoint. +Assuming, Console is successful, it schedules subsequent updates every 24 hours. +Click *Update Now* to force an immediate update. + + +[#distribution-console] +[.task] +=== Download the IS from another Console + +You can configure a Console to retrieve the latest Intelligence Stream data from another Console. +In this configuration, you have a single relay Console, and all other deployed Consoles connect to it to retrieve the latest Intelligence Stream data. + + +When enabled, Console downloads the file from this location every 24 hours. +If the download fails, Console retries every 1 hour until it's successful, then waits for 24 hours until the next download. + +In this strategy, you must implement a method for the relay Console to get a copy of the latest Intelligence Stream data. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Intelligence*. + +. Set *Update the Intelligence Stream from a custom location* to *On*. + +. In *Address*, specify the full URL to the relay Console. ++ +\https://:8083/api/v1/feeds/bundle ++ +Where: ++ +``:: URL for the relay Console. + +. In *Credential*, create basic auth credentials for a user that has a minimum role of Vulnerability Manager. + +. Enter a certificate to trust the HTTPS endpoint. + +.. Copy the relay Console's certificate from _/var/lib/twistlock/certificates/ca.pem_, and paste it here. + +. Click *Save*. ++ +Console immediately attempts to load the IS data from the specified endpoint. +Assuming, Console is successful, it schedules subsequent updates every 24 hours. +Click *Update Now* to force an immediate update. diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-daemonset-console.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-daemonset-console.adoc new file mode 100644 index 0000000000..8a2dc4fc9c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-daemonset-console.adoc @@ -0,0 +1,19 @@ +[.task] +== Upgrade the Defender DaemonSets from Console + +Upgrade the Defender DaemonSets directly from the Console UI. + +If you can't access your cluster with kubectl or oc, then you can upgrade Defender DaemonSets directly from the Console UI. + +*Prerequisites:* You've created a xref:~/authentication/credentials-store/kubernetes-credentials.adoc[kubeconfig credential] for your cluster so that Prisma Cloud can access it to upgrade the Defender DaemonSet. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Manage > Defenders > Manage*. + +. Click *DaemonSets*. + +. For each cluster in the table, click *Actions > Upgrade*. ++ +The table shows a count of deployed Defenders and their new version number. diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-daemonset-twistcli.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-daemonset-twistcli.adoc new file mode 100644 index 0000000000..2f4c8c633b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-daemonset-twistcli.adoc @@ -0,0 +1,131 @@ +// This fragment requires the following variables (aka attributes) be set for content substition: +// {orchestrator-cmd} : Either kubectl or oc +// {orchestrator} : Either kubernetes or openshift +// {orchestrator-title} : Either Kubernetes or OpenShift + +[.task] +== Upgrade the Defender DaemonSets with twistcli ({orchestrator-title}) + +Delete the Defender DaemonSet, then rerun the original install procedure. + +*Prerequisites:* You know all the parameters passed to _twistcli_ when you initially deployed the Defender DaemonSet. +You'll need them to recreate a working configuration file for your environment. + +[.procedure] +. Delete the Defender DaemonSet. ++ +[source,sh,subs="normal,attributes"] +---- +$ {orchestrator-cmd} -n twistlock delete ds twistlock-defender-ds +$ {orchestrator-cmd} -n twistlock delete sa twistlock-service +$ {orchestrator-cmd} -n twistlock delete secret twistlock-secrets +---- + +ifdef::compute_edition[] +. Determine the Console service's external IP address. ++ +[source,sh,subs="normal,attributes"] +---- +$ {orchestrator-cmd} get service -o wide -n twistlock +---- + +. Generate a _defender.yaml_ file. +Pass the same options to _twistcli_ as you did in the original install. +The following example command generates a YAML configuration file for the default install. ++ +The following command connects to Console's API (specified in _--address_) as user (specified in _--user_), and retrieves a Defender DaemonSet YAML config file according to the configuration options passed to _twistcli_. +In this command, there is just a single mandatory configuration option. +The _--cluster_address_ option specifies the address Defender uses to connect to Console, and the value is encoded in the DaemonSet YAML file. +ifeval::["{orchestrator}" == "kubernetes"] ++ +[source] +---- +$ /twistcli defender export kubernetes \ + --address https://yourconsole.example.com:8083 \ + --user \ + --cluster-address twistlock-console +---- +endif::[] +ifeval::["{orchestrator}" == "openshift"] ++ +[source] +---- +$ /twistcli defender export openshift \ + --address https://yourconsole.example.com:8083 \ + --user \ + --cluster-address twistlock-console \ + --selinux-enabled +---- +endif::[] ++ +* can be linux or osx. +* is the name of an admin user. + +. Deploy the Defender DaemonSet. ++ +[source,sh,subs="normal,attributes"] +---- + $ {orchestrator-cmd} create -f defender.yaml +---- + +. Open a browser, navigate to Console, then go to *Manage > Defenders > Manage* to see a list of deployed Defenders. + +endif::compute_edition[] + +ifdef::prisma_cloud[] +. Retrive Console's API address (PRISMA_CLOUD_COMPUTE_CONSOLE_URL). + +.. Sign into Prisma Cloud. + +.. Go to *Compute > Manage > System > Utilities*. + +.. Copy the URL under *Path to Console*. + +. Retrieve Console's hostname (PRISMA_CLOUD_COMPUTE_HOSTNAME). ++ +The hostname can be derived from the URL by removing the protocol scheme and path. +It is simply the host part of the URL. You can also retrieve the hostname directly. + +.. Go to *Compute > Manage > Defenders > Deploy > Defenders > Orchestrator* + +.. Copy the hostname from *Step 3* (*The name that Defender will use to connect to this Console*) + +. Generate a _defender.yaml_ file, where: ++ +The following command connects to Console (specified in _--address_) as user (specified in _--user_), and generates a Defender DaemonSet YAML config file according to the configuration options passed to _twistcli_. +The _--cluster-address_ option specifies the address Defender uses to connect to Console. +ifeval::["{orchestrator}" == "kubernetes"] ++ +[source] +---- +$ /twistcli defender export kubernetes \ + --user \ + --address https://yourconsole.example.com:8083 \ + --cluster-address twistlock-console +---- +endif::[] +ifeval::["{orchestrator}" == "openshift"] ++ +[source] +---- +$ /twistcli defender export openshift \ + --user \ + --address https://yourconsole.example.com:8083 \ + --cluster-address twistlock-console \ + --selinux-enabled +---- +endif::[] ++ +* can be linux, osx, or windows. +* is the name of a Prisma Cloud user with the System Admin role. + +. Deploy the Defender DaemonSet. ++ +[source,sh,subs="normal,attributes"] +---- + $ {orchestrator-cmd} create -f defender.yaml +---- + +. In Prisma Cloud, go to *Compute > Manage > Defenders > Manage > DaemonSets* to see a list of deployed Defenders. + +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-single-container.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-single-container.adoc new file mode 100644 index 0000000000..2a418a06c0 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/frag-upgrade-defender-single-container.adoc @@ -0,0 +1,26 @@ +[.task, #_upgrade_defenders] +== Upgrade the Single Container Defenders + +The Console user interface lets you upgrade all Defenders in a single shot. +This method minimizes the effort required to upgrade all your deployed Defenders. + +Alternatively, you can select which Defenders to upgrade. +Use this method when you have different maintenance windows for different deployments. +For example, you might have an open window on Tuesday to upgrade thirty Defenders in your development environment, but no available window until Saturday to upgrade the remaining twenty Defenders in your production environment. +In order to give you sufficient time to upgrade your environment, older versions of Defender can coexist with the latest version of Defender and the latest version of Console. + +*Prerequisites:* You have already upgraded Console. + +[.procedure] +. Open Console. + +. On the left menu bar, go to *Manage > Defender > Manage* and click *Defenders* to see a list of all your deployed stand-alone Container Defenders. + +. Upgrade your stand-alone Defenders. +You can either: ++ +* Upgrade all Defenders at the same time by clicking *Upgrade all*. +* Upgrade a subset of your Defenders by clicking the individual *Actions > Upgrade* button in the row that corresponds to the Defender you want to upgrade. ++ +NOTE: The *Restart* and *Decommission* buttons are not available for DaemonSet Defenders. +They are only available for stand-alone Defenders. diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/support-lifecycle.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/support-lifecycle.adoc new file mode 100644 index 0000000000..27af0585e2 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/support-lifecycle.adoc @@ -0,0 +1,52 @@ +== Support lifecycle for connected components + +To simplify upgrades, older versions of Defenders, Jenkins plugins, and twistcli can interoperate with newer versions of Console. +With this capability, you have a larger window to plan upgrades for connected components. + + +=== Window of support + +Any supported version of Defender, twistcli, and the Jenkins plugin can connect to Console. +Prisma Cloud supports the latest release and the previous two releases (n, n-1, and n-2). + +*There are some exceptions to this policy as explained here.* + +For Defenders: + +* 21.08 supports n and n-1 (21.04) only. +* 22.01 and later supports n, n-1, and n-2. + +For twistcli and the Jenkins plugin: + +* 21.08 supports itself (n) only. +* 22.01 (Joule), Console support is for n and n-1. +* 22.06 and later (Kepler and later), Console support is for n, n-1, n-2. + +For example, if Console runs version 30.xx, it will support Defenders, twistcli, and the Jenkins plugin running either version 22.12 or 22.06: + +image::timeline_supported_versions.png[width=800] + +Defender's connection status on the Defender management page indicates how it interoperates with Console. +Defenders that match Console's version show the status of Connected. +Defenders still supported, but running a previous version, show the connected status with a message that upgrade is available (but not mandatory). + +image::defenders_connected_diff_versions.png[width=800] + +Twistcli and the Jenkins plugin function as normal, with an indictor that an upgrade is available shown in the scan reports in the Console web UI. + + +=== End of support + +Once a version is no longer supported, any Defenders based on that version must be upgraded (mandatory). +For example, if Console runs 30.xx, it will support Defenders running either 22.12 or 22.06, but will no longer support Defenders running on 22.01. + +image::timeline_unsupported_version.png[width=800] + +Defenders which are no longer within the support lifecycle will not be able to connect to the Console. +That state will be reflected on the Defender management page, with a status of *Disconnected* and an associated message that upgrade is required: + +image::defenders_diconnected.png[width=800] + +Versions of twistcli and Jenkins plugin outside of the support lifecycle fail open. +Their requests to Console will be refused, but builds will pass. +Console returns a status of 400 Bad Request, which indicates an error due to the fact that the plugin version is no longer supported. diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-amazon-ecs.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-amazon-ecs.adoc new file mode 100644 index 0000000000..fda1b67f9e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-amazon-ecs.adoc @@ -0,0 +1,107 @@ +== Amazon ECS + +Upgrade Prisma Cloud running on Amazon ECS. + +ifdef::compute_edition[] +First upgrade Console. +Then, upgrade your Defenders. +endif::compute_edition[] + +When you upgrade Defenders, for any unsuccessful upgrades you can review the error messages in *Manage > Defenders > Manage* . +And, if you’ve created an alert for Defender health events, you also receive a notification to the configured alert provider. + + +ifdef::compute_edition[] +=== Upgrade Console + +To upgrade Console, update the service with a new task definition that points to the latest image. + +This procedure assumes you're using images from Prisma Cloud's registry. +If you're using your own private registry, push the latest Console image there first. + + +[.task] +==== Copy the Prisma Cloud config file into place + +[.procedure] +. xref:../welcome/releases.adoc#download[Download] the latest recommended release to your local machine. + + $ wget + +. Unpack the Prisma Cloud release tarball. + + $ mkdir twistlock + $ tar xvzf twistlock_.tar.gz -C twistlock/ + +. Upload the _twistlock.cfg_ files to the host that runs Console. + + $ scp twistlock.cfg :/twistlock_console/var/lib/twistlock-config + + +[.task] +==== Create a new revision of the task definition + +Create a new revision of the task definition. + +[.procedure] +. Log into the https://console.aws.amazon.com/ecs/[Amazon ECS console]. + +. In the left menu, click *Task Definitions*. + +. Check the box for the Prisma Cloud Console task definition, and click *Create new revision*. + +. Scroll to the bottom of the page and click *Configure via JSON*. + +.. Update the _image_ field to point to the latest Console image. ++ +For example, if you were upgrading from Prisma Cloud version 2.4.88 to 2.4.95, simply change the version string in the image tag. ++ + "image": "registry-auth.twistlock.com/tw_/twistlock/console:console_2_4_95" + +.. Click *Save*. + +. Click *Create*. + + +[.task] +==== Update the Console service + +Update the Console service. + +[.procedure] +. In the left menu of the Amazon ECS console, click *Clusters*. + +. Click on your cluster. + +. Select the *Services* tab. + +. Check the box next the Console service, and click *Update*. + +. In *Task Definition*, select the version of the task definition that points to the latest Console image. + +. Validate that *Cluster*, *Service name*, and *Number of tasks* are correct. +These values are set based on the values for the currently running task, so the defaults should be correct. +The number of tasks must be 1. + +. Set *Minimum healthy percent* to *0*. ++ +This lets ECS safely stop the single Console container so that it can start an updated Console container. + +. Set *Maximum percent* to *100*. + +. Click *Next*. + +. In the *Configure network* page, accept the defaults, and click *Next*. + +. In the *Set Auto Scaling* page, accept the defaults, and click *Next*. + +. Click *Update Service*. ++ +It takes a few moments for the old Console service to be stopped, and for the new service to be started. +Open Console, and validate that the UI shows new version number in the bottom left corner. + +. Go to *Manage > Defenders > Manage* and validate that Console has upgraded your Defenders. ++ +If Console fails to upgrade any Defender, upgrade it xref:../upgrade/upgrade-defender-single-container.adoc[manually]. + +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-daemonset.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-daemonset.adoc new file mode 100644 index 0000000000..dfc321657c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-daemonset.adoc @@ -0,0 +1,26 @@ +== Upgrade Defender DaemonSets + +Upgrade the Defender DaemonSets in your environment. + +// == Upgrade Defender DaemonSets with twistcli (Kubernetes) +// +// Reusable content fragment. +:orchestrator: kubernetes +:orchestrator-title: Kubernetes +:orchestrator-cmd: kubectl +include::frag-upgrade-defender-daemonset-twistcli.adoc[leveloffset=1] + + +// == Upgrade Defender DaemonSets with twistcli (OpenShift) +// +// Reusable content fragment. +:orchestrator: openshift +:orchestrator-title: OpenShift +:orchestrator-cmd: oc +include::frag-upgrade-defender-daemonset-twistcli.adoc[leveloffset=1] + + +// == Upgrade Defender DaemonSets from Console +// +// Reusable content fragment. +include::frag-upgrade-defender-daemonset-console.adoc[leveloffset=1] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-helm.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-helm.adoc new file mode 100644 index 0000000000..51ff805326 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-helm.adoc @@ -0,0 +1,39 @@ +:topic_type: task + +[.task] +== Upgrade Defender DaemonSets (Helm) + +Generate an updated Helm chart for the Defender DaemonSet, and then upgrade to it. + +[.procedure] +. Create an updated Defender DaemonSet Helm chart. + + $ ./twistcli defender export kubernetes \ + --address \ + --user \ + --cluster-address .cloud.twistlock.com \ + --helm + ++ +Get the value for "--address" from "Compute > Manage > System > Utilities > Path to Console". ++ +The value for "--cluster-address" will be only the region, with .cloud.twistlock.com appended. ++ +Example command for the app4, us-west1 stack: ++ +---- +./twistcli defender export kubernetes \ + --address https://us-west1.cloud.twistlock.com/us-4-xxxxxx \ + --user serviceAccountUsername \ + --cluster-address us-west1.cloud.twistlock.com \ + --helm +---- ++ +For Prisma Cloud Enterprise Edition, the user is either an access key, or a service account username. + +. Install the updated chart. + + $ helm upgrade twistlock-defender-ds \ + --namespace twistlock \ + --recreate-pods + ./twistlock-defender-helm.tar.gz diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-single-container.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-single-container.adoc new file mode 100644 index 0000000000..f997601375 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-single-container.adoc @@ -0,0 +1,6 @@ +:topic_type: task + +// == Upgrading Container Defenders +// +// Reusable content fragment. +include::frag-upgrade-defender-single-container.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-helm.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-helm.adoc new file mode 100644 index 0000000000..8e05e42532 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-helm.adoc @@ -0,0 +1,36 @@ +== Helm charts + +If you installed Prisma Cloud into your Kubernetes or OpenShift cluster with Helm charts, you can upgrade with the _helm upgrade_ command. + +First upgrade Console. +Console will then automatically upgrade all deployed Defenders for you. + +If you've disabled Defender auto-upgrade or if Console fails to upgrade one or more Defenders, manually upgrade your Defenders. + +NOTE: You must manually upgrade App-Embedded Defenders. + + +ifdef::compute_edition[] +[.task] +=== Upgrading Console + +Generate an updated Helm chart for Console, and then upgrade to it. + +[.procedure] +. xref:../welcome/releases.adoc#download[Download] the latest recommended release. + +. Create an updated Console Helm chart. + + $ /twistcli console export kubernetes \ + --service-type LoadBalancer \ + --helm + +. Install the updated chart. + + $ helm upgrade twistlock-console \ + --namespace twistlock \ + --recreate-pods \ + ./twistlock-console-helm.tar.gz + +. Go to *Manage > Defenders > Manage* and validate that Console has upgraded your Defenders. +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-kubernetes.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-kubernetes.adoc new file mode 100644 index 0000000000..11ddb10b56 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-kubernetes.adoc @@ -0,0 +1,37 @@ +== Kubernetes + +Upgrading Prisma Cloud running in your Kubernetes cluster requires the following steps. + +. Upgrade the Prisma Cloud Console. *Only required for the Prisma Cloud Compute Edition (self-hosted).* +. Upgrade your xref:./upgrade-defender-daemonset.adoc[Defenders deployed in your cluster]. + +ifdef::compute_edition[] +[.task] +=== Upgrading Console + +Since Prisma Cloud objects can be specified with configuration files, we recommend https://kubernetes.io/docs/concepts/overview/object-management-kubectl/declarative-config/[declarative object management] for both install and upgrade. + +You should have kept good notes when initially installing Prisma Cloud. +The configuration options set in _twistlock.cfg_ and the parameters passed to _twistcli_ in the initial install are used to generate working configurations for the upgrade. + +*Prerequisites:* You know how you initially installed Prisma Cloud, including all options set in _twistcli.cfg_ and parameters passed to _twistcli_. + +[.procedure] +. xref:../welcome/releases.adoc#download[Download] the latest recommended release to the host where you manage your cluster with _kubectl_. + +. If you customized _twistlock.cfg_, port those changes forward to _twistlock.cfg_ in the latest release. +Otherwise, proceed to the next step. + +. Generate new YAML configuration file for the latest version of Prisma Cloud. +Pass the same options to _twistcli_ as you did in the original install. +The following example command generates a YAML configuration file for the default basic install. + + $ /twistcli console export kubernetes --service-type LoadBalancer + +. Update the Prisma Cloud objects. + + $ kubectl apply -f twistlock_console.yaml + +. Go to *Manage > Defenders > Manage* and validate that Console has upgraded your Defenders. + +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-onebox.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-onebox.adoc new file mode 100644 index 0000000000..50aaeacf06 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-onebox.adoc @@ -0,0 +1,48 @@ +== Upgrade Onebox + +Upgrade Prisma Cloud Onebox. +First upgrade Console. +Console will then automatically upgrade all deployed Defenders for you. + +If Console fails to upgrade one or more Defenders, manually upgrade your Defenders. + +NOTE: You must manually upgrade App-Embedded Defenders. + + +[.task, #_upgrade_console_onebox] +=== Upgrading Console + +To upgrade Console, rerun the install script for the latest version of Prisma Cloud. +Use this method for any Console that was originally installed with the _twistlock.sh_ script. + +[.procedure] +. xref:../welcome/releases.adoc#download[Download] the latest recommended release. + +. Unpack the downloaded tarball. ++ +Optional: you may wish to unpack the tarball to a different folder than any previous tarballs. ++ + $ mkdir twistlock_ + $ tar -xzf prisma_cloud_compute_edition_.tar.gz -C twistlock_/ ++ +The setup package contains updated versions of _twistlock.sh_ and _twistlock.cfg_. + +. Check the version of Prisma Cloud that will be installed: ++ + $ grep DOCKER_TWISTLOCK_TAG twistlock.cfg + +. Upgrade Prisma Cloud while retaining your current data and configs by using the _-j_ option. +The _-j_ option merges your current configuration with any new configuration settings in the new version of the software. ++ +You must use the same install target in your upgrade as your original installation. +There are two install targets: `onebox` and `console`, where `onebox` installs both Console and Defender onto a host and `console` just installs Console. ++ +To upgrade your `onebox` install, run: ++ + $ sudo ./twistlock.sh -syj onebox ++ +To upgrade your `console` install, run: ++ + $ sudo ./twistlock.sh -syj console + +. Go to *Manage > Defenders > Manage* and validate that Console has upgraded your Defenders. diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-openshift.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-openshift.adoc new file mode 100644 index 0000000000..624e37c01f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-openshift.adoc @@ -0,0 +1,79 @@ +== OpenShift + +Upgrade Prisma Cloud running in your OpenShift cluster. + +First upgrade Console. +Console will then automatically upgrade all deployed Defenders for you. + +If you've disabled Defender auto-upgrade or if Console fails to upgrade one or more Defenders, manually upgrade your Defenders. + +[NOTE] +==== +You must manually upgrade App-Embedded Defenders. +==== + +ifdef::compute_edition[] + +[.task] +=== Upgrading Console + +[.procedure] +. xref:../welcome/releases.adoc#download[Download] the latest recommended release to the host where you manage your cluster with _oc_. + +. If you customized _twistlock.cfg_, port those changes forward to _twistlock.cfg_ in the latest release. +Otherwise, proceed to the next step. + +. (Optional) If you're storing Twistlock images in the cluster's internal registry, pull the latest images from Twistlock's cloud registry and push them there. +Otherwise, proceed to the next step. + +.. Pull the latest Prisma Cloud images using xref:../install/deploy-console/container-images.adoc[URL auth]. + + $ sudo docker pull registry-auth.twistlock.com/tw_/twistlock/defender:defender_ + $ sudo docker pull registry-auth.twistlock.com/tw_/twistlock/console:console_ + +.. Retag the images so that they can be pushed to your + + $ sudo docker tag \ + registry-auth.twistlock.com/tw_/twistlock/defender:defender_ \ + docker-registry.default.svc:5000/twistlock/private:defender_ + $ sudo docker tag \ + registry-auth.twistlock.com/tw_/twistlock/console:console_ \ + docker-registry.default.svc:5000/twistlock/private:console_ + +.. Push the Prisma Cloud images to your cluster's internal registry. + + $ sudo docker push docker-registry.default.svc:5000/twistlock/private:defender_ + $ sudo docker push docker-registry.default.svc:5000/twistlock/private:console_ + +. Generate new YAML configuration file for the latest version of Twistlock. +Pass the same options to _twistcli_ as you did in the original install. +The following example command generates a YAML configuration file for the default basic install. ++ + $ /twistcli console export openshift \ + --persistent-volume-labels "app-volume=twistlock-console" \ + --service-type "ClusterIP" ++ +If you want to pull the image from the internal registry: ++ + $ /twistcli console export openshift \ + --persistent-volume-labels "app-volume=twistlock-console" \ + --image-name "docker-registry.default.svc:5000/twistlock/private:console_" \ + --service-type "ClusterIP" ++ +For other command variations, see the xref:../install/deploy-console/console-on-openshift.adoc[OpenShift 4] deployment guide. + +. Update the Twistlock objects. + + $ oc apply -f twistlock_console.yaml + +. Go to *Manage > Defenders > Manage* and validate that Console has upgraded your Defenders. + + +// == TBD +// +// The upgrade procedure for Console blows away the Twistlock service account and creates a new one. +// The service account holds an image pull secret used to scan the internal registry. +// If you use the standard upgrade procedure, you need to manually reconfigure the registry scan settings with the new secret. +// This section should show how to do that. + +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-process-saas.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-process-saas.adoc new file mode 100644 index 0000000000..e414751a0c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-process-saas.adoc @@ -0,0 +1,36 @@ +== Upgrade process + +Palo Alto Networks manages and maintains your Prisma Cloud Console. +For email notifications about Prisma Cloud Compute's maintenance schedules and upgrade notifications, subscribe to the Prisma Cloud service on the https://status.paloaltonetworks.com/[Palo Alto Networks status page]. + +=== Console + +Palo Alto Networks periodically upgrades your Prisma Cloud Compute Console. +The changes for each release are always published in the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-release-notes/prisma-cloud-compute-release-information.html[Release Notes]. +Ensure that you have read through all 'Breaking Changes' in the release notes for each major release, for any action items from the users. + +The currently installed version of the Console is displayed in the bell menu. + +image::update_bell.png[scale=15] + +We support the current and previous two major releases with our defenders and plugins. +Prisma Cloud console is backward compatible with up to two (N-2) major releases back (including all minor versions) with the following: + +- All types of Defenders. +- Twistcli/Jenkins plugin. + +=== Defender and Prisma Cloud components upgrade process + +After the Console has been upgraded, check and upgrade any of the Defenders that have reached the end of their support lifecycle (Defenders are backward compatible for N-2 releases). The Defender release image is built from the UBI8-minimal base image and on upgrade it is a full container image upgrade, which means that the old Defender container is replaced with a new container. +Then, upgrade all other Prisma Cloud components, such as the Jenkins plugin. + +The steps in the upgrade process are: + +. Go to *Manage > Defenders > Defenders: Deployed* and filter by *Upgrade Required* to upgrade all the listed Defenders. + +. Validate that all deployed Defenders have been upgraded. + +. To download the latest version of all other Prisma Cloud Compute components (such as the Jenkins plugin) either go to *Manage > System > Utilities* to download the latest version of these or directly pull from the API. ++ +NOTE: You cannot upgrade an App-Embedded Defender for Fargate, and must redeploy a new task definition. + diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-process-self-hosted.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-process-self-hosted.adoc new file mode 100644 index 0000000000..b2bee93a8b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade-process-self-hosted.adoc @@ -0,0 +1,64 @@ +== Prisma Cloud Backward Compatibility and Upgrade Process + +// We support the current and previous two major releases with our defenders and plugins. +Prisma Cloud Console is backward compatible with up to two (n-2) major releases back (including all minor versions) for the following: + +* All types of Defenders. +* Twistcli/Jenkins plugin. + +NOTE: When using projects, the same versions of `master` and `tenant` consoles are required. + +=== Upgrade and Notifications + +The currently installed version of the Console is displayed in the bell menu. The Console notifies you when new versions of Prisma Cloud are available, and these notifications are displayed in the top right corner of the Console. + +image::upgrade_compute_version.png[scale=10] + +The versions of your deployed Defenders are listed under *Manage > Defenders > Defenders: Deployed*: + +image::upgrade_defender_version.png[scale=10] + + +=== Upgrade Process + +The release images for Console and Defender are built from the UBI8-minimal base image, the upgrade is a full container image upgrade and the old container is replaced with a new container. You can upgrade the Console without losing any of your data or configurations because Prisma Cloud stores state information outside the container, all your rules and settings are immediately available to the upgraded Prisma Cloud containers. + +Prisma Cloud state information is stored in a database in the location specified by DATA_FOLDER, which is defined in _twistlock.cfg_. +By default, the database is located in the _/var/lib/twistlock_ path. + +The steps in the upgrade process are: + +. Upgrade Console. ++ +When upgrading Console, if you are on two versions previous (n-2) to the latest (n), you must first upgrade to the most recent (n-1) version, and then upgrade to the latest version. ++ +If you are on (n-1) version, then you can upgrade to the latest (n) version. + +. Go to *Manage > Defenders > Defenders: Deployed* and filter by *Upgrade Required* to upgrade all the listed Defenders. ++ +After you upgrade Console, upgrade Defenders that have reached the end of the support lifecycle. +You must first + +. Validate that all deployed Defenders have been upgraded. + +. Upgrade the Jenkins plugin, if required. ++ +To download the latest version of all other Prisma Cloud Compute components (such as the Jenkins plugin), either go to *Manage > System > Utilities* to download the latest versions or retrieve them using the API. + + +=== Upgrading Console when Using Projects + +When you have one or more xref:../deployment-patterns/projects.adoc[tenant projects], upgrade all Supervisor Consoles before upgrading the Central Console. +During the upgrade process, there may be times when the supervisors appear disconnected. +This is normal because supervisors are disconnected while the upgrade occurs and the central console will try to reestablish connectivity every 10 minutes. +Within 10 minutes of upgrading all supervisors and the Central Console, all supervisors should appear healthy. + +NOTE: Except during the upgrade process, the Central Console and all Supervisor Consoles must run the same product version. Having different product versions is not supported and may lead to instability and connectivity problems. + +Upgrade each Supervisor and then the Central Console using the appropriate procedure: + +* xref:upgrade-onebox.adoc[Console - Onebox] +* xref:upgrade-kubernetes.adoc[Console - Kubernetes] +* xref:upgrade-openshift.adoc[Console - OpenShift] +* xref:upgrade-helm.adoc[Console - Helm] +* xref:upgrade-amazon-ecs.adoc[Console - Amazon ECS] diff --git a/docs/en/compute-edition/32/admin-guide/upgrade/upgrade.adoc b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade.adoc new file mode 100644 index 0000000000..cdbd8aa69d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/upgrade/upgrade.adoc @@ -0,0 +1,12 @@ +== Upgrade + +ifdef::compute_edition[] +Console notifies you when new versions of Prisma Cloud are available. +You can upgrade Prisma Cloud without losing any of your data or configurations. +After upgrading Console, upgrade all of your deployed Defenders. +endif::compute_edition[] + +ifdef::prisma_cloud[] +Palo Alto Networks manages and maintains your Prisma Cloud Console. +For email notifications about Prisma Cloud Compute's maintenance schedules and upgrade notifications, subscribe to the Prisma Cloud service on the https://status.paloaltonetworks.com/[Palo Alto Networks status page]. +endif::prisma_cloud[] diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/app-embedded-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/app-embedded-scanning.adoc new file mode 100644 index 0000000000..cd00d6bae1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/app-embedded-scanning.adoc @@ -0,0 +1,178 @@ +== Scan App-Embedded workloads + +App-Embedded Defenders can scan their workloads for vulnerabilities. + +To see the scan reports, go to *Monitor > Vulnerabilities > Images > Deployed* +You can filter the table by: + +* *App-Embedded: Select* -- Narrows the results to just images protected by App-Embedded Defender. +* *App ID* -- Narrows the list to specific images. +App IDs are listed under the table's *Apps* column. ++ +For ECS Fargate tasks, the xref:../install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc#app-id-fargate[App ID] is partially constructed from the task name. +AWS Fargate tasks can run multiple containers. +All containers in a Fargate task have the same App ID. ++ +For all other workloads protected by App-Embedded Defender, the xref:../install/deploy-defender/app-embedded/app-embedded.adoc#app-id[App ID] is partially constructed from app name, which is a deploy-time configuration set in the App ID field of the embed workflow. + +You can use wildcards to filter the table by app/image name. +For example, if the app name is `dvwa`, then you could find all deployments with `Repository: dvwa*`. +This filter would show `dvwa:0438dc81a9144fab8cf09320b0e1922b` and `dvwa:538359b5f7f54559ab227375fe68cd7a`. + + +[.task] +=== Create vulnerability rules + +Create a vulnerability rule for a segment of App-Embedded workloads. + +[.procedure] +. Login to the Console. + +. Go to *Defend > Vulnerabilities > Images > Deployed*. + +. Click *Add rule*. + +. Entar a rule name. + +. Click on *Scope* to select a relevant collection, or create a new collection. ++ +Workloads are scoped by App ID. +App ID is specified when you embed the App-Embedded Defender into a workload, and it's a unique identifier for the Defender/task pair. + +.. If creating a collection, click *Add collection*. + +.. Enter collection name. + +.. In the *App ID* field, enter one or more App IDs. ++ +Postfix wildcards are supported. + +.. Click *Save*. + +.. Select the new collection. + +.. Click *Select collection*. + +. Select an alert threshold. ++ +Thresholds select, by severity, which vulnerabilities Prisma Cloud should report. ++ +NOTE: App-Embedded Defenders don't support the block action. + +. Click *Save*. + + +=== Deploy an example Fargate task + +Deploy the `fargate-vulnerability-compliance-task` Fargate task. +Follow the steps in xref:../install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc[embed App-Embedded Defender into Fargate tasks]. + +You can use the following task definition to test Prisma Cloud's App-Embedded Defender. +It's based on an Ubuntu 18.04 image. + +[source,json] +---- +{ + "containerDefinitions": [ + { + "command": [ + "/bin/sh -c 'cp /bin/sleep /tmp/xmrig && echo \"[+] Sleeping...\" && while true; do sleep 1000 ; done'" + ], + "entryPoint": [ + "sh", + "-c" + ], + "essential": true, + "image": "ubuntu:18.04", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group" : "/ecs/fargate-task-definition", + "awslogs-region": "us-east-1", + "awslogs-stream-prefix": "ecs" + } + }, + "name": "Fargate-vul-comp-test", + "portMappings": [ + { + "containerPort": 80, + "hostPort": 80, + "protocol": "tcp" + } + ] + } + ], + "cpu": "256", + "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole", + "family": "fargate-vulnerability-compliance-task", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ] +} +---- + + +[.task] +=== Review vulnerability scan reports + +Review the scan results in Console. + +[NOTE] +==== +// twistlock/twistlock#38342 and twistlock/twistlock#26967 +If an App-Embedded Defender protects a container where the user isn't root, the vulnerability and compliance scanning procedure will encounter permission denied errors that you can see in the Defender logs (*Manage > Defenders > Manage > Defenders > Actions > Logs*). + +If an App-Embedded Defender protects a Fargate task with a container where the user isn't root, the vulnerability and compliance scanning procedure will also encounter permission denied errors. +However, the errors won't be visible unless you download and inspect the Defender logs. + +In both cases, the scan flow continues even though errors are encountered. +==== + +[NOTE] +==== +For Fargate version 1.3.0 and older, Prisma Cloud shows only a single scan report if the same image is run simultaneously as: + +* A task on ECS Fargate, protected by App-Embedded Defender. +* A container on a host, protected by Container Defender. + +In this case, the image is categorized as "App-Embedded". +As a result, when the scan report table is filtered by *App-Embedded: Select*, a scan report will be shown. +When the table is filtered by *App-Embedded: Exclude*, it will be hidden. +And when filtering by *Hosts*, it will be hidden, even if the host matches, because the image is considered as App-Embedded. + +For Fargate version 1.4.0, two separate scan reports are shown, one for App-Embedded and one for Container Defender. +==== + +[.procedure] +. Navigate to *Monitor > Vulnerabilities > Images > Deployed* and validate that the deployed image appears and contains vulnerabilities. + +. To see all images that are related to Fargate tasks, filter the image table by *App-Embedded: Select*. ++ +You can also filter the results by a specific task name or postfix wildcards. +For example, `fargate-task` or `fargate-task*`. + +. Search for the `fargate-vulnerability-compliance-task` Fargate task. + +. Click on the image to see more details. ++ +NOTE: The *Apps* column shows a count of the number of running containers protected by App-Embedded Defender. ++ +NOTE: The *Layers*, *Processes info*, *Labels*, *Runtime*, and *Trust groups* tabs aren't supported for images scanned by App-Embedded Defenders. + +.. Click the *Vulnerabilities* tab to review all findings. ++ +image::fargate_image_scan_result.png[width=600] + +.. Review runtime information for the container. ++ +Go to the *Environment > Apps* tab, and then click on the app in the table to open the App-Embedded observations. +You can bring up the same view by going directly to *Monitor > Runtime > App-Embedded observations*, and clicking on the same app. ++ +image::app_embedded_scanning_observations.png[width=800] ++ +The *Environment* tab shows cloud-provider metadata that App-Embedded Defender collected about the running container. +For more information about the type of cloud-provider metadata App-Embedded Defender can collect, see xref:../runtime-defense/runtime-defense-app-embedded.adoc#cloud-metadata[Monitoring workloads at runtime]. ++ +image::app_embedded_scanning_metadata.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/base-images.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/base-images.adoc new file mode 100644 index 0000000000..bc5a33fe7f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/base-images.adoc @@ -0,0 +1,65 @@ +== Base images + +Prisma Cloud lets you filter out base image vulnerabilities from your scan reports. + +A base image is a starting point or an initial step for the image. Dockerfile usually starts from a base image. +Filtering out vulnerabilities, whose source is the base image, can help your teams focus on the vulnerabilities relevant for them to fix. + +NOTE: Excluding base image vulnerabilities is currently not supported for Windows images and images built by kaniko. + +[.task] +=== Define base images + +For Prisma Cloud to be able to exclude base image vulnerabilities, first identify the base images in your environment. + +The base images you define must reside in your registry, and they must be scanned to exclude their vulnerabilities from scan reports. + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > Images > Base images*. + +. Select *Add New*. + +. Specify the base image and enter a *Description* for it. ++ +The base image should be specified in the following format: _registry/repo:tag_. +You can use wildcards for the tag definition. + +. Select *Add*. ++ +image::base_images_add.png[width=800] + +. You can view the specific base image digests of the base image you created using the *View images* action. ++ +These are the digests found in the registry scanning that are matching the base image you defined. ++ +image::base_images_view.png[width=800] + + +[.task] +=== Exclude base images vulnerabilities in the Monitor view + +When reviewing the health of the images in your environment, whether they are deployed images, registry images, or images scanned in a CI process, you can exclude the base image's vulnerabilities from the scan results. + +NOTE: If you enabled "Exclude base images vulnerabilities" under *Defend > Vulnerabilities > Images > Deployed/CI*, the filter will not yield any results on the scan results monitor. + +[.procedure] +. Open the Console, then go to *Monitor > Vulnerabilities > Images > Deployed images/Registries/CI*. + +. Use the *Exclude base images vulns* filter to exclude the vulnerabilities coming from base images. You will see the vulnerability counters changing. ++ +image::base_images_before_filter.png[width=800] ++ +image::base_images_after_filter.png[width=800] + +. Click on an image report to open a detailed report. + +. Review the filtered vulnerabilities. For reviewing the base image, use the link at the top of the page. ++ +image::base_images_vulnerabilities_tab.png[width=800] + +. In the *Layers* tab, the vulnerabilities counters will also exclude base image vulnerabilities, and you'll see an indication for the base image's layers. ++ +image::base_images_layers_tab.png[width=800] + diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/code-repo-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/code-repo-scanning.adoc new file mode 100644 index 0000000000..5158ea0e6c --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/code-repo-scanning.adoc @@ -0,0 +1,231 @@ +== Configure code repository scanning + +Prisma Cloud can scan GitHub repositories and identify vulnerabilities in your software's dependencies. +Modern apps are increasingly composed of external, open-source dependencies, so it's important to give developers tools to assess those components early in the development lifecycle. +Repository scanning gives you early insight into the software as it's being developed, and long before apps are packaged (e.g. as a container) and deployed by CI/CD pipelines. + +Currently, Prisma Cloud supports Python, Java, JavaScript (Node.js), and Go. + + +=== Prerequisites + +Prisma Cloud authenticates with the GitHub API using user-generated API tokens. +The following scopes are required for scanning private repos. +Prisma Cloud doesn't modify or write to your repos. + +* repo -- Full control of private repositories +** repo:status -- Access commit status +** repo_deployment -- Access deployment status +** public_repo -- Access public repositories +** repo:invite -- Access repository invitations +** security_events -- Read and write security events + +If you’re scanning public repos only, select just the public_repo scope. +The benefit of creating an access token for scanning public repos is that GitHub grants you a higher rate limit to their API, which Prisma Cloud utilizes for scanning. + + +=== Deployment + +Prisma Cloud selects the repositories to scan according to a user-defined _scope_. +For example, you might want to scan all repositories in your organization or just a subset of them. +For each repo in scope, Prisma Cloud searches for well-known package manifest files, and enumerates the dependencies listed in them. +Those dependencies are assessed against the latest threat data in the Intelligence Stream. + +Code repository scans are handled by Console. + +The following table lists the manifest files known to the scanner. + +[cols="1,1a", options="header"] +|=== +|Package manager +|File name + +|Go +|go.sum + +|Java (Gradle) +|build.gradle, build.gradle.kts, gradle.properties + +|Java (Maven) +|pom.xml + +|JavaScript (NPM) +|package.json, package-lock.json, npm-shrinkwrap.json, bower.json + +|Python (pip) +|req{asterisk}.txt + +|=== + +Finally, Prisma Cloud can continuously monitor your code repositories for vulnerabilities by rescanning on every push event. +Prisma Cloud integrates with GitHub using webhooks, which notify the scanner when there are changes in the repository. + +NOTE: Prisma Cloud uses the GitHub API. +The GitHub API is https://developer.github.com/v3/#rate-limiting[rate-limited]. +For unauthenticated requests, which can be used to scan public repositories, the cap is very low (60 requests/hour). +Here the rate limit is gauged by IP address. +For authenticated requests, which can scan either public or private repositories, the cap is 5000 requests/hour. +Here the rate limit is gauged per account. + + +[.task] +=== Set up your credentials + +Generate a personal access token in GitHub, and then save it in the Prisma Cloud Credentials Store so that the scanner can access your repositories for scanning. + +[.procedure] + +. Generate a GitHub access token. + +.. Log into your GitHub account. + +.. Go to *Settings > Developer Settings > Personal access tokens*. + +.. Click *Generate new token*. + +.. Set the scope to *repo*. ++ +image::code_repo_scanning_creds.png[width=700] ++ +If you're scanning public repos only, select just the *public_repo* scope. + +.. Click *Generate token*. +If your account requires SSO, enable it. + +.. Copy the generated token. ++ +image::code_repo_scanning_token.png[width=550] + +. Save the token in Prisma Cloud's credentials store. + +.. Log into Prisma Cloud Console. + +.. Go to *Manage > Authentication > Credentials Store*. + +.. Click *Add Credential*. + +.. Enter a *Name* for the credential. + +.. In *Type*, select 'GitHub Cloud' or 'GitHub Enterprise Server' access token. ++ +NOTE: For GitHub Enterprise Server, specify the Server URL. +If you use a self-signed certificate, specify it, or choose 'Skip Verify' to skip certificate validation. + +.. In *Access Token*, paste the access token you generated in GitHub. + +.. Click *Save*. + + +[.task] +=== Configure the repos to scan + +Specify the repositories to scan. +If your repository specifies dependencies in non-standard package manifest files, specify them here so the scanner can parse them. +If there are manifests the scanner should ignore, specify them here as well. + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > Code Repositories*. + +. Click *Add Scope*. +If this is your first repository, click *Add the first item*. ++ +Each scope spec has the following parameters: ++ +[cols="20%,80%a", options="header"] +|=== +|Field +|Description + +|Provider +|Select the appropriate GitHub deployment. +GitHub Cloud and GitHub Enterprise are currently the only supported providers. + +NOTE: For other Git repositories, use twistcli's xref:../tools/twistcli-scan-code-repos.adoc[coderepo scan] option + +|Type +|To scan all repos in an organization, including both public and private repos, set the type to *Private*. +You'll need to set up an access token so that Prisma Cloud can access your repos. + +To scan public repositories not related to your account or organization, set the type to *Public*. +When type is *Public*, credentials are not required, although API access to GitHub is capped to a very low value. +Even if you're only scanning public repos, we recommend that you set up an access token for authenticated access. + +|Credential +|Specify credentials for the repository owner. +If the credentials have already been created in the Prisma Cloud credentials store, select it. +If not, click *Add New*. + +|Repositories +|Specify the repositories to scan in the format: owner/name +When you've selected a credential, the drop-down lists all repositories in the owner's account. + +Wildcards are supported when the repo type is *Private*. +They aren't supported when the type is *Public*. + + +|Excluded manifest paths +|Specify paths to be excluded for analysis. +Wildcards are supported. For example, to exclude all files under `data/data/` sub-directory use `data/data/*`, or to exclude a specific file use `data/data/`. + +|Advanced settings > Explicit manifest names +|Supported for Python only. +Specify any additional file names that should be included for analysis. +If you have a custom naming scheme for your manifest files, specify them here so that the scanner can find and parse them. + +|Advanced settings > Python version +|For a more accurate analysis of your app's dependencies, specify the version of Python you deploy in production. +Otherwise, the scanner assumes the latest available version of Python. + +|=== + +. Click *Add*. + +. Click *Save*. + + +[.task] +=== Scan repos on push events + +Configure GitHub webhooks to rescan your repositories on push events. + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > Code Repositories*. + +. In *Webhook settings*, select the publicly accessible name or IP address GitHub will use to notify Prisma Cloud that a push event occurred. + +. Copy the URL. + +. Configure GitHub. + +.. Log into GitHub, select a repo, and go to *Settings > Webhooks*. + +.. Click *Add webhook*. + +.. In *Payload URL*, paste the URL you copied from Prisma Cloud Console. + +.. In *Content type*, select *application/json*. + +.. Select *Disable SSL verification*. ++ +For Compute Edition, you can enable SSL verification if your Console runs under a domain with a valid certificate signed by a known authority. ++ +For Prisma Cloud Enterprise Edition, select *Enable SSL verification*. + +.. Leave all other settings in their default state. + +.. Click *Add webhook*. + +.. Verify that the ping webhook was delivered successfully. + + +=== Policy + +Prisma Cloud ships with a default rule that alerts on vulnerabilities. +In *Defend > Vulnerabilities > Code Repositories*, create vulnerability rules to tailor what's reported. + +Additional scan settings can be found under *Manage > System > Scan*, where you can set the xref:../configure/configure-scan-intervals.adoc#[scan interval]. +By default, it's 24 hours. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/configure-vuln-management-rules.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/configure-vuln-management-rules.adoc new file mode 100644 index 0000000000..15c63f03a6 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/configure-vuln-management-rules.adoc @@ -0,0 +1,234 @@ +== Vulnerability management rules + +Vulnerability policies are composed of discrete rules that enable you to target segments of your environment and specify actions to take when vulnerabilities of a given type are found. +For example: + +{nbsp} _Block images with critical severity vulnerabilities from being deployed to prod environment hosts_ + +There are separate vulnerability policies for containers, hosts, and serverless functions. +Host and serverless rules offer a subset of the capabilities of container rules, the big difference being that container rules support blocking. + + +[.task] +=== Configure vulnerability rules + +Prisma Cloud ships with a simple default vulnerability policy for containers, hosts, and serverless functions. +These policies have a rule named _Default - alert all components_, which sets the alert threshold to low. +With this rule, all vulnerabilities in images, hosts, and functions are reported. + +As you build out your policy, you'll create rules that filter out insignificant information, such as low severity vulnerabilities, and surface vital information, such as critical vulnerabilities. + +xref:../configure/rule_ordering_pattern_matching.adoc#_rule_order[Rule order] is important. +Prisma Cloud evaluates the rule list from top to bottom until it finds a match based on the object filters. + +To create a vulnerability rule: + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > {Images | Hosts | Functions}*. + +. Click *Add rule*. + +. Enter a rule name and configure the rule. ++ +Use the configuration options are discussed in the following sections. + +. Click *Save*. + +. View the impact of your rule. +Go to *Monitor > Vulnerabilities* to view the scan reports. + + +[.task] +=== Scan All Images in Your Environment +By default, Prisma Cloud optimizes resource usage by only scanning images with running containers. +Therefore, you might not see a scan report for an image when it's first pulled into your environment unless it's been run. Also, images for short-lived containers are not scanned. + +[.procedure] +. Select *Manage > System > Scan*. + +. Set *Only scan images with running containers* to *Off*. ++ +This enables you to scan all images on the hosts in your environment. + +. *Save* your changes. + + + +=== Customize Terminal Output + +Prisma Cloud lets you create rules that block access to resources or block the deployment of vulnerable containers. +For example, you might create a rule that blocks the deployment of any image that has critical severity vulnerabilities. +By default, when you try to run a vulnerable image, Prisma Cloud returns a terse response: + + $ docker run -it ubuntu:14.04 sh + docker: Error response from daemon: [Prisma Cloud] Image operation blocked by policy: (sdf), has 44 vulnerabilities, [low:25 medium:19]. + +To help the operator better understand how to handle a blocked action, you can enhance Prisma Cloud’s default response by: + +* Appending a custom message to the default message. +For example, you could tell operators where to go to open a ticket. + +* Configuring Prisma Cloud to return an itemized list of compliance issues rather than just a summary. +This way, the operator does not need to contact the security team to determine which issues are preventing deployment. +They are explicitly listed in the response. + +When terminal output verbosity is set to *Detailed*, the response looks as follows: + + $ docker run -it ubuntu:14.04 sh + docker: Error response from daemon: [Prisma Cloud] Image operation blocked by policy: (sdf), has 44 vulnerabilities, [low:25 medium:19]. + Image ID CVE Package Version Severity Status + ===== == === ======= ======= ======== ====== + ubuntu:14.04 4333f1 CVE-2017-2518 sqlite3 3.8.2-1ubuntu2.1 medium deferred + ubuntu:14.04 4333f1 CVE-2017-6512 perl 5.18.2-2ubuntu1.1 medium needed + . + . + . + + +[.task] +==== Configure grace period + +The following procedure describes how to configure grace periods for blocking actions: + +[.procedure] +. In Console, go to *Defend > Vulnerabilities > Images > Deployed*. + +. Select an existing rule or create a new rule with the *Add rule* button. + +. Enter a rule name, notes, and scope. + +. Under *Severity based actions*: + +.. Select the desired *Alert threshold* + +.. Select the desired *Block threshold*. ++ +The block threshold must be equal to or greater than the alert threshold. +You must define a block threshold in order to configure grace period. + +.. Configure the *Block grace period*: + +... Select whether you would like to define the same grace period for *All severities* or grace period *By severity*. + +... Specify the number of days. +Note that in case of *By severity* grace period you will be able to specify the number of days only for the severities that can be blocked. +Values that are not set will be set to 0. ++ +image::vuln_management_rules_grace_period_by_severity.png[width=700] ++ +NOTE: Use the same procedure to configure grace periods to fail builds in your CI/CD pipeline. +To configure CI/CD pipeline vulnerability scanning rules, go to *Defend > Vulnerabilities > Images > CI*. + +[.task] +=== Configuring the severity of reported CVEs + +By default, Prisma Cloud reports all vulnerabilities. +Setting the minimum reported severity lets you clean up the reported vulnerabilities to an actionable set. + +To configure a minimum severity, install a new vulnerability rule, which overrides the default rule. +Note that Prisma Cloud maps the Common Vulnerability Scoring System (CVSS) to a +xref:../vulnerability_management/cvss_scoring.adoc#[grading system that ranges from Low to Critical.] + +[.procedure] +. Open Console, and go to *Defend > Vulnerabilities > Images > Deployed > Add rule*. + +. Click *Add rule*. + +. Give your rule a name. + +. In the table of *Severity based actions*, set the *Severity* in each row to an appropriate level. +For example, if you want to concentrate on just the most severe issues, set every row to *Critical*. + +. Click *Save*. + +. View the scan reports for all the entities in your system. ++ +Go to *Monitor > Vulnerabilities*. +All reported vulnerabilities match or exceed the severity setting in your custom rule. + +[.task] +=== Block based on vulnerability severity + +This example shows you how to create and test a rule that blocks the deployment of images with critical or high severity vulnerabilities. + +[.procedure] +. In Console, go to *Defend > Vulnerabilities > Images*. + +. Click *Add rule*. + +.. Enter a rule name, such as *my-rule*. + +.. In the *Severity based actions* table, set both the *Alert threshold* and *Block threshold* to *High*. + +.. Target the rule to a very specific image. +In the *Images* filter, delete the wildcard, and enter *nginx{asterisk}*. + +.. Click *Save*. + +. Validate your policy by pulling down the nginx image and running it. + +.. SSH to a host protected by Defender. + +.. Pull the nginx:1.14 image. + + $ docker pull nginx:1.14 + +.. Run the nginx image. + + $ docker run -it nginx:1.14 /bin/sh + docker: Error response from daemon: oci runtime error: [Prisma Cloud] Image operation blocked by policy: my-rule, has 7 vulnerabilities, [high:7]. + +.. Review the scan report for nginx:1.14. +Go to *Monitor > Vulnerabilities > Images*, and click on the entry for nginx:1.14. +You'll see a number of high severity vulnerabilities. ++ +By default, Prisma Cloud optimizes resource usage by only scanning images with running containers. +Therefore, you won't see a scan report for ngninx until it's run. ++ +image::vuln_management_rules_scan_report.png[width=700] + +.. Review the audit (alert) for the block action. +Go to *Monitor > Events*, then click on *Docker*. ++ +image::vuln_management_rules_block_audit.png[width=700] + + +[.task] +=== Block specific CVEs + +This example shows you how to create and test a rule that blocks images with a specific CVE. + +[.procedure] +. In Console, go to *Defend > Vulnerabilities > Images*. + +. Click *Add rule*. + +.. Enter a rule name, such as *my-rule2*. + +.. Click *Advanced settings*. + +.. In *Exceptions*, click *Add Exception*. + +.. In *CVE*, enter *CVE-2018-8014*. ++ +NOTE: You can find specific CVE IDs in the image scan reports. +Go to *Monitor > Vulnerabilities > Images*, select an image, then click *Show details* in each row. + +.. In *Effect*, select *Block*. + +.. Click *Add*. + +.. Click *Save*. + +. Try running an image with the CVE that you've explicitly denied. + + $ docker run -it imiell/bad-dockerfile:latest /bin/sh + docker: Error response from daemon: oci runtime error: [Prisma Cloud] Image operation blocked by policy: my-rule2, has specific CVE CVE-2018-8014 + + +=== Ignore specific CVEs + +Follow the same procedure as above, but set the action to *Ignore* instead of *Block*. +This will allow any CVE ID that you've defined in the rule, and lets you run images containing those CVEs in your environment. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/cvss-scoring.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/cvss-scoring.adoc new file mode 100644 index 0000000000..2dd0f0d6d7 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/cvss-scoring.adoc @@ -0,0 +1,96 @@ +== CVSS scoring + +Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema. + +Prisma Cloud leverages the https://www.first.org/cvss/v3.1/specification-document[CVSS 3.1] scoring system. +The CVSS framework captures the principal characteristics of a vulnerability and produces a numerical score that reflects the severity of the vulnerability. +CVSS scores range from 0.0 to 10.0. +The higher the number, the higher the degree of severity. + +* For known vulnerabilities with a CVE, Prisma Cloud relies on the most authoritative source. +* For OS packages (packages that are maintained by the OS vendor, marked as type “package” in Compute), the CVE details are from the specific vendor feed. +* For other CVEs, the information is from official sources like NVD and vendor-specific security advisories. +* If the affected package is maintained by an OS vendor, the severity as indicated by the vendor is used and not the severity determined by NVD. +Furthermore, for new vulnerabilities missing analysis, or undocumented vulnerabilities (such as PRISMA-IDs), Prisma Cloud uses the severity rating as determined by our threat researchers. + + +[.section] +=== Mappings + +We only normalize vulnerability ratings for the purpose of creating rules. +Console's Monitoring section shows vendor terminology, not Prisma Cloud's normalized scores (low, medium, high, critical). + +The following table maps popular vendor terminology to Prisma Cloud normalized scores: + +[cols="1,1", options="header"] +|=== +|Vendor terminology +|Prisma Cloud score + +|Unimportant +|Low + +|Unassigned +|Low + +|Negligible +|Low + +|Not yet assigned +|Low + +|Low +|Low + +|Medium +|Medium + +|Moderate +|Medium + +|High +|High + +|Important +|High + +|Critical +|Critical + +|=== + + +In the absence of project-specific terminology, Prisma Cloud normalizes using the CVSS base scores defined by NIST. +In addition to the numeric CVSS scores, https://nvd.nist.gov/cvss.cfm[NVD] provides severity rankings of Low, Medium, High, and Critical. +These qualitative grades are simply derived from the numeric CVSS scores: + +[cols="1,1", options="header"] +|=== +|CVSS base score +|Prisma Cloud severity + +|0.0 - 3.9 +|Low + +|4.0 - 6.9 +|Medium + +|7.0 - 8.9 +|High + +|9.0 -10.0 +|Critical + +|=== + +[NOTE] +==== +In some cases, the OS vendor's CVSS scoring and severity rating can differ from NVD's rating. +This is based on the vendor's analysis of the impact of the CVE specific to their OS and distro, which is the more accurate view of the vulnerability. +Prisma Cloud shows the vendor's rating when reporting findings from workloads running the vendor's OS, and falls back to NVD's rating where applicable. + +*Example:* +https://nvd.nist.gov/vuln/detail/CVE-2021-33574[CVE-2021-33574] has a CVSS 3.0 score of 9.8 and it's graded as 'critical' by NVD. +The same CVE is graded as 'low' by https://ubuntu.com/security/CVE-2021-33574[Ubuntu] and 'medium' with different CVSS score by https://access.redhat.com/security/cve/cve-2021-33574[Redhat]. +For workloads running Ubuntu, Prisma Cloud shows Ubuntu's rating, rather than NVD's rating. +==== diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/malware-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/malware-scanning.adoc new file mode 100644 index 0000000000..fe874c5cc4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/malware-scanning.adoc @@ -0,0 +1,35 @@ +== Malware scanning + +Besides detecting software vulnerabilities (CVEs) and compliance issues (such as images configured to run as root), Prisma Cloud also detects malware in your container images. +No special configuration is required to enable this feature. + +To perform malware analysis, Prisma Cloud uses the inputs from: + +* xref:prisma-cloud-vulnerability-feed.adoc[Intelligence Stream]—Searches the feed for a match against the hash for the executable. +* xref:../configure/wildfire.adoc[Wildfire service]—Queries the WildFire service for a match against the hash for the executable. If there is no match and upload is enabled, the file is uploaded for analysis. ++ +NOTE: WildFire is only supported for image scanning when used in CI. +* Custom feeds—Searches for a match for the executable hash against any xref:../configure/custom-feeds.adoc#malware-signatures[custom malware data you import] for image scanning. + +NOTE: Malware scanning and detection is supported for Linux container images only. +Windows containers are not supported. + + +[.task] +=== Detecting malware + +The image scanner looks for malware in binaries in the image layers, including the base layer. When Prisma Cloud detects malware in an image, it includes the malware information as a compliance violation in the image scan report. + +To review the results of an image scan: + +[.procedure] +. Open Console, then go to *Monitor > Vulnerabilities > Images*. + +. Click on an image to get a detailed report from the last image scan. + +. In the detailed report, click on the *Compliance* tab. ++ +Issues with vulnerability ID 422 means that your image contains a file with an md5 signature of known malware. + + + diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc new file mode 100644 index 0000000000..8ffab5ecf9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed.adoc @@ -0,0 +1,217 @@ +== Prisma Cloud Vulnerability Feed + +Information on threat intelligence and vulnerability data on Prisma Cloud is available through the Prisma Cloud xref:../technology-overviews/intel-stream.adoc[Intelligence Stream](IS) feed. You can search for specific CVE on the xref:search-cves.adoc[CVE Viewer]. + +=== Pre-filled CVEs + +On Prisma Cloud, you may find vulnerabilities with a CVE identifier that neither https://cve.mitre.org/[MITRE] nor https://nvd.nist.gov/vuln[NVD] is reporting or is actively analyzing. +A pre-filled CVE is the result of an analysis conducted by Palo Alto Networks Unit 42 researchers. +The researchers manually review the details of each vulnerability, identify the correct range of affected releases and deliver the data to IS. + +Many vulnerabilities in open-source software are assigned with a CVE ID and promptly analyzed by NVD and Linux distribution vendors. +However, some vulnerabilities take a long time to be analyzed, sometimes weeks or even months. +Having a CVE but no analysis means users have no information on the severity, affected releases, or description of the vulnerability and thereby making it impossible to defend against these vulnerabilities. + +Consider the following example scenario - Security researchers find a vulnerability in an open-source project. The vulnerability details are publicly discussed in the project's bug tracker, such as in a GitHub issue. Following the discussion, the issue is fixed and a CVE ID is assigned to the issue. At this stage, NVD analysis takes place, and it may take multiple days for the NVD site to be updated with a description and the affected releases range (CPE). Instead of waiting for the official analysis to complete, our researchers evaluate the vulnerability and insert the data into Prisma Cloud feeds quickly, preventing any delay in remediation of the vulnerability. When the NVD entry is fully updated, Prisma Cloud uses the official data from NVD. + + +=== PRISMA-* IDs + +You may also find vulnerabilities marked with a PRISMA-* identifier. These vulnerabilities lack a CVE ID. +Many vulnerabilities are publicly discussed or patched without a CVE ever being assigned to them. While monitoring open-source vulnerabilities, our team identifies vulnerabilities you need to be aware of and assigns PRISMA IDs to them whenever applicable. + +For example, let's review "PRISMA-2021-0020". +A user found a bug in the Python package and opened an issue through its open-source repository on GitHub. +Our research team found this issue and determined it explains a valid security vulnerability. +Although no CVE was assigned to this vulnerability, our team promptly assigned it a PRISMA identifier and analyzed the correct range of affected releases. +Affected customers were alerted to this vulnerability despite the lack of any public vulnerability identifier. +If a CVE is ever assigned to the same vulnerability that has a Prisma ID, the CVE takes over and the PRISMA ID entry is fully replaced. +Read more about the correlation between PRISMA IDs and CVEs in this https://www.paloaltonetworks.com/blog/prisma-cloud/open-source-vulnerabilities/[blog post]. + +The following diagram shows the PRISMA ID and Pre-filled CVEs assignment flow: + +image::prisma_id_cve_assignment_flow.png[scale=15] + +=== PRISMA-* ID Syntax + +PRISMA ID syntax consists of the PRISMA prefix, year of release, and a sequence of four digits. +For example, "PRISMA-2020-1234". +This format is intentionally similar to that used by CVE IDs. +There is absolutely no correlation between the sequence used for PRISMA IDs to that of CVEs released the same year. +There is also no grouping of PRISMA IDs. +That is, there is no correlation between adjacent PRISMA ID sequences. + +=== Investigating PRISMA-* Vulnerabilities + +The vulnerability description includes the necessary information required to understand the vulnerability. +The severity is carefully determined by our team based on CVSS scoring. +You may also access the ID link to find the original source that resulted in the assignment of the PRISMA ID. +This will likely be an external advisory, a GitHub (or another bug tracker) issue, or it may directly lead you to the fix commit (pull request) when there is no correlating informational page. + +=== Supported Packages and Languages + +The following list shows the application types that are currently supported. You can view all the packages installed on an image or host in scan reports under *Monitor > Vulnerabilities > Images/Hosts*. + +* *Package* - supported Operating Systems packages. + +** *RPM* - Red Hat and derived distributions +** *dpkg/deb* - Debian and derived distributions +** *apk* - Alpine Linux packages. +** *OpenShift* - RedHat non-RPM artifacts which are layered, containerized products. +** *NuGet* - Microsoft-supported packages containing compiled code (DLLs), other files related to that code, and a descriptive manifest that includes information like the package's version number. + +* *Jar* - the Java Archive format, which is a zip file with a standard structure. The war file format, or web app archive, is also supported. +* *Python* - a Python library. +* *Nodejs* - a Node.js library. +* *Gem* - a Ruby gem library. +* *Go* - a GoLang library. +* *App* - a binary associated with a well-known application, such as Nginx or PostgreSQL. + +[NOTE] +==== +* For an application that originates from an OS package, the vulnerability data for CVEs are sourced from the relevant feed for the OS package. In some cases, like with Amazon Linux and Photon OS, this CVE information is provided in security advisories such as Amazon Linux Security Advisories (ALAS) for Amazon, and PHSA for Photon. In such cases, the correlation for the relevant vulnerabilities is limited. As an example, when the application "Python" is sourced from an Amazon Python package, CVEs found for the python application (as a binary) will not be correlated with the relevant Amazon CVEs from the ALAS. + +* Prisma Cloud Intelligence Stream uses Red Hat's image analysis to accurately flag the vulnerable images with the same data such as Severity, Fix Status, and impacted versions as detected in https://catalog.redhat.com/software/containers/search[Red Hat Ecosystem Catalog]. +==== + +==== Unpackaged Software + +Typically, the software is added to container images and hosts with a package manager, such as `apt`, `yum`, and `npm`. +//Prisma Cloud has a diverse set of upstream vulnerability data sources covering many different package managers across operating systems, including coverage for `Go`, `Java`, `Node.js`, `Python`, and `Ruby` components. +Prisma Cloud typically uses the package manager's metadata to discover installed components and versions, and compares this data against a real-time CVE feed in the Intelligence Stream(IS). + +Sometimes, you might install software without a package manager. +For example, the software might be built from a source and then added to an image with the Dockerfile `ADD` instruction, or your developers might unzip software from a tarball to a location on a host, and utilize the application. +In these cases, there is no package manager data associated with the application. + +Prisma Cloud uses a variety of analysis techniques to detect metadata about software not installed by package managers. These are purpose-built differently for images and hosts. + +This analysis augments existing vulnerability detection and blocking mechanisms, giving you a single view of all vulnerabilities, regardless of how the software is installed (distro's package manager, language runtime package manager, or without a package manager). + +==== Supported apps + +The type of applications supported in the IS are: + +* .NET Core +* ASP.NET Core +* BusyBox +* Consul +* CRI-O +* Docker Enterprise +* GO +* Istio +* OMI +* Vault +* Websphere Application Server +* Websphere Open Liberty +* Kubernetes +* OpenShift +* Jenkins +* Envoy +* Hashicorp Vault +* Hashicorp Consul +* WordPress +* Redis +* Nginx +* Mongo +* MySQL +* Httpd +* Java- Oracle, openJDK, IBM +* Apache +* Postgres +* Node +* Ruby +* Python +* PHP + +You can view the CVEs detected for each application type in *Manage > System > Intelligence*. + +=== Prisma ID FAQs + +* *Why use PRISMA-IDs?* ++ +We are committed to ensuring that the Prisma Cloud Intelligence Stream provides the most accurate and up-to-date vulnerability information. ++ +Through the Intelligence Stream, Prisma Cloud should be able to alert on any relevant vulnerabilities that exist in scanned environments, regardless of having a CVE or not. Our researchers monitor open-source code repositories continuously to detect publicly discussed but undisclosed vulnerabilities that are not tracked under a CVE record. Upon finding such a vulnerability, the researchers complete a full analysis of the vulnerability including assessing its severity and describing its impact, and finally assign a PRISMA ID. The Intelligence Stream is shortly thereafter updated with the new entry, and users immediately benefit from the detection of the vulnerability by Prisma Cloud. ++ +This process allows Prisma Cloud users to be better informed and secure from vulnerabilities that are otherwise not detected by regular vulnerability management tools. + +* *Why not wait for a CVE-ID?* ++ +Although most vulnerabilities in open-source are assigned CVEs quickly after being discovered, some vulnerabilities are not assigned a CVE for various reasons. In some cases, maintainers are unaware of the process to assign CVEs, ignorant of the importance of having a CVE, or may even refuse to have CVE IDs assigned to their projects. ++ +Prisma Cloud researchers actively encourage all maintainers to assign CVE IDs to security vulnerabilities in their projects. We partner with NVD and MITRE to ensure that information regarding known vulnerabilities is public and available to everyone in the industry. PRISMA IDs are not meant to be a replacement for CVEs – PRISMA IDs are assigned to ensure our users are protected from any known threat regardless of whether a CVE was assigned to it or not. ++ +Palo Alto Networks is a CVE Numbering Authorities (CNA); we assign CVE IDs to any zero-day vulnerability we discover. The purpose of PRISMA IDs is to track vulnerabilities that were already in public knowledge at the time we identified them, but were not tracked under a CVE ID. + +* *Why not all PRISMA-IDs get assigned with a CVE ID?* ++ +As mentioned above, although we do encourage all maintainers to assign CVEs to the vulnerabilities found in their projects, we keep seeing a lot of undisclosed vulnerabilities that are publicly discussed. We would be happy to see all PRISMA IDs be replaced with a CVE ID, however, we do have limited resources - and simply cannot assign a CVE for each vulnerability. For zero-day vulnerabilities found by our research team, we follow the responsible disclosure process and ask the vendor to assign a CVE or offer the assistance of Palo Alto Networks as a CNA. + +* *Can PRISMA-IDs be found on NVD or MITRE?* ++ +Public vulnerabilities identified by our researchers, before a CVE is associated with them, are assigned a PRISMA-* identifier. +You may access the reference link to get more information about the source through which our researchers discovered the vulnerability. + +* *Do you have a way to correlate PRISMA-ID to CVE when it is assigned a CVE?* ++ +Through an ongoing maintenance process, PRISMA-IDs are replaced with a corresponding CVE ID when it is created. + +* *PRISMA-XXXX disappeared, what happened?* ++ +When a vulnerability with a Prisma ID is assigned a CVE ID, the PRISMA ID is replaced with the new CVE. Findings will display the official CVE ID instead. + +* *What is the "Published Date" in Console?* ++ +The Published date is the date that the CVE was published by the feed source or by NVD. +This information is taken from the relevant feed - either the vendor feed or NVD. ++ +[NOTE] +==== +The date a CVE is published in NVD is not the date it was analyzed. The CVE can be published in NVD and only later updated with the analysis. +==== + +* *Why do I see a newly added CVE with an old published/fixed date?* ++ +The Published Date of the CVE is the date when the vendor published it first. The CVE may have been added to the IS after the published date because the feed is constantly updated. ++ +[NOTE] +==== +When a PRISMA ID or a Pre-Filled CVE is replaced with a CVE entry from NVD or a vendor's feed, the *Published Date* of the CVE will reflect what was published in the official CVE. +==== + +* *I have set a grace period and my builds were passing. Now “all of a sudden” they fail on a CVE/PRISMA ID that wasn't there before. What happened?* ++ +See the answer above. + +* *The severity assigned to a vulnerability is different between the IS and NVD, how is that possible?* ++ +For known vulnerabilities with a CVE, we rely on the most authoritative source. For OS packages (packages that are maintained by the OS vendor, marked as type "package" in Compute), the CVE details are from the specific vendor feed. +For other CVEs, the information is from official sources like NVD and vendor-specific security advisories. +If the affected package is maintained by an OS vendor, the severity as indicated by the vendor is used and not the severity determined by NVD. +Furthermore, for new vulnerabilities missing analysis, or undocumented vulnerabilities (such as PRISMA-IDs), we rely on severity determined by our researchers. + +* *How do I check if my Intelligence Stream is up to date?* ++ +. Navigate to *Manage > System > Intelligence*. +. Verify that the Status is *Connected*. +. Check the *Last streams update*. + +* *How can I know which OS releases are supported?* ++ +Prisma Cloud can protect containers built on nearly any base layer operating system. +We update our feed with the vendor's data only for supported versions. CVE information is provided for the base layers detailed in the system requirements for all versions except EOL versions. +While our feed could still contain vulnerability data for EOL versions, it is not complete and is potentially inaccurate because of missing details on the vulnerability. +If there are no vulnerabilities in our feed for a specific distro release, the version will be tagged with the following message: *OS not supported and may be missing vulnerability data. Please use a supported version of the OS.* + +* *Does the Intelligence Stream include CVE information for EOL versions?* ++ +See the answer above. + +* *I have seen an open CVE/PRISMA vulnerability that I believe has a fix. What should I do?* ++ +The IS uses the automated maintenance process for any updates to existing vulnerabilities. If you believe new information regarding a vulnerability is missing from our feed, please report it through the https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[support channels]. + +* *Where can I find more information on troubleshooting?* ++ +See the xref:troubleshoot-vuln-detection.adoc[Troubleshooting] section. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning.adoc new file mode 100644 index 0000000000..0fc58511c3 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning.adoc @@ -0,0 +1,418 @@ +== Configure Registry Scans + +Prisma Cloud can scan container images in public and private repositories on public and private registries. + +A registry is a system that stores and distributes container images. +You can use Prisma Cloud to scan registries from different public registry providers such as DockerHub, Amazon, Google, and your internal private registries. + +After you configure repository scanning, Prisma Cloud automatically scans images for vulnerabilities. +By default, scans occur once every 24 hours, but you can configure periodic scans at specific intervals specified in *Manage > System > Scan*. + +You can scan all registries or select multiple registries to scan in parallel, thus reducing the scan time. +By default, the registry scan limit is set to scan 4 registries at a time. + +ifdef::compute_edition[] +Prisma Cloud can scan upto 9 registries in parallel. The new registry scans wait in a queue, until the previous scan completes. + +Note: You can configure this default registry scan limit from 4 to scan up to 9 registries by editing the `REGISTRY_SCANNERS` variable in the `twistlock.cfg` file. +endif::compute_edition[] + +//If you use the `/settings/registry` API to manage registry scanning, you can use the `scanLater` flag when using the `PUT` or `POST` methods to decide whether to initiate a scan after saving or not. By default, Prisma Cloud initiates a scan. + +[.task, #_registry_scan_settings] +=== Configure Prisma Cloud to Scan a Registry + +To scan images in a registry, create a new registry scan rule. + +*Prerequisites:* You have xref:../../install/deploy-defender/defender-types.adoc[deployed at least one Defender in your environment]. + +[.procedure] +. On the Prisma Cloud console, go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Review the available <>. + +. If the default values don't fit your scenario, select *Add registry*. + +. Enter the registry fields, then select *Add and scan*. ++ +This triggers a registry scan and you can view the progress notification at the top right corner with a list of registries (`/repository:tag`) being scanned. +//+ +//If a registry scan is already in progress, you can stop the in-progress scan and start scanning for the latest changes using *Scan now*. +//+ +//Or, you can select *Save only* to continue with the in-progress scan and save the latest changes. Once the current scan is complete, you can either manually trigger the latest scan or wait for the next scheduled scan. ++ +image::new-registry-add-and-scan.png[] + +[.task] +=== Registry Scan Results + +Verify that the images in the repository are being scanned. + +NOTE: You can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +[.procedure] +. Go to *Monitor > Vulnerabilities > Images > Registries*. ++ +You can choose to *Scan all registries* or *Select registries* (multiple registries) to *Scan*. ++ +As the scan of each image is completed, its findings are added to the results table. + +. Select an image to get details about the vulnerabilities in an image. ++ +To force a specific repository to be scanned again, select *Scan* from the top right of the results table, then select a specific registry to re-scan. Alternatively, you can also scan an individual registry by selecting *Scan* next to the registry. ++ +If the registry scans are already in progress, the newly added registry is queued until the previous registry scan finishes, the available Defender is then assigned to scan the very next registry in the queue. ++ +The *Last scan time* of a registry is updated under *Registry details > General info*. + +==== On-demand Registry Scans + +You can trigger an on-demand scan for individual images with the https://pan.dev/compute/api/post-registry-scan/[Scan Registry API]. This feature allows you to scan the images immediately and not wait for the next periodic scan. You can trigger multiple on-demand image scans without interrupting the main registry scanning process. +However, every trigger is for a single image only. + +NOTE: For an on-demand scan, you must pre-define the image registry scope in the xref:registry-scanning.adoc[registry scanning configuration]. + +[#deployment-patterns] +=== Deployment Patterns + +Defenders handle registry scanning. +When you configure registry scanning, you can select the scope of Defenders used to perform the scans. + +Any xref:../../install/deploy-defender/defender-types.adoc[Container Defender] running on a host with the Docker Engine container runtime or container runtime interface (CRI) can scan a registry, and any number of them can simultaneously operate as registry scanners. +This flexibility gives you a lot of options when trying to determine how to cover disparate environments. + +You can use host names or AWS tags to select a collection of Defenders to distribute the scanning job between them, and use the *Number of scanners* setting to control how many Defenders are included in the collection. +When you select *All* collection, Prisma Cloud automatically distributes the scan job across all available Defenders. + +Configuring Prisma Cloud to use a large number of Defenders reduces operational complexity and improves resiliency. +During a scan, Prisma Cloud lists the available Defenders based on the configured scope, manages the resource pool, and handles issues such as restarting partially completed jobs. +If you explicitly select one or two Defenders to handle the registry scan, the hosts running those Defenders become a single point of failure. If that host fails or gets destroyed, you have to reconfigure your scan settings with different Defenders. + +The type of operating system (OS) scopes registry scanning. +Windows Defenders only scan Windows images, and Linux Defenders only scan Linux images. + +When you remove an image from the registry or the registry becomes unavailable, Prisma Cloud maintains the scan results for a specific number of days. +You can configure the number of days under *Manage > System > Scan > Registry scan results*. +After the specified number of days, the scan results are purged. + +[#registry-scan-steps] +=== Registry Scan Steps + +At a high level, Defenders scan your registries following these steps. + +//. Scan registry settings one by one in sequential order. +. Scan multiple registries in parallel, the default value is set to scan 4 registries at a time. +ifdef::compute_edition[] +Note: You can configure this default registry scan limit from 4 to scan up to 9 registries by editing the `REGISTRY_SCANNERS` variable in the `twistlock.cfg` file. +endif::compute_edition[] +. Discover the repositories based on your registry configuration. +. Discover the images using tags within each configured repository. +. Scan the discovered images. + +In more detail, Defenders scanning your registries follow this sequential flow to collect the metadata. + +. Get a list of all repositories in the registry. + +. For each repository, scanning Defenders perform the following tasks. + * Get a list of all image tags. + * For each image tag, they get the image manifest containing the date the image was last modified. + +. Once the metadata of all images is discovered, scanning Defenders perform the following tasks. + * Sort the images by the last modified date. + * Cap the list of images based on the configured value. By default, lists are capped at five. + * Scan the images. + +//https://redlock.atlassian.net/browse/PCSUP-11741 - Maxwell Update 1 +The Console manages the current scan state and distributes the work to Defenders. + +* If a Defender is disconnected during the scan, the Console assigns the scan task to another Defender and continues to scan the resources. + +* When the Console is updated, the periodic scan restarts. + +* When the Console loses communication with the Defender, the Defender continues to defend the nodes and reports the results to the Console when the communication with the Console resumes. + +[#registry-scan-settings] +=== Registry Scan Settings + +You can set the following parameters for each rule, but the parameters can vary between registry types. +If you use a specific registry provider, follow the appropriate step-by-step instructions in xref:registry-scanning.adoc[our guides]. + +[cols="15%,85%a", options="header"] +|=== +|Field +|Description + +|Version +|Specify the type of registry to scan. + +If you do not find your vendor's registry in the drop-down list, use *Docker Registry v2*. +Most vendors comply with the Docker Registry version 2 API. +[NOTE] +==== +Container and registry images built on https://docs.docker.com/docker-hub/api/deprecated/[Docker Registry v1] are no longer supported, you must upgrade to Docker Registry v2. +==== + +|Registry +|Specify the URL for the registry. + +*Docker Hub:* leave this field blank. + +*Harbor*: specify the FQDN of your Harbor registry (\https://). + +*Nexus Registry:* +*:* + +Example: *https://ec2-100-25-223-135.compute-1.amazonaws.com:18079* + +*JFrog Artifactory:* Enter the Artifactory registry URL for JFrog Cloud (ending in `*.io`) or JFrog self-hosted whichever is applicable. + +|Repository name +|Specify the repository to scan. +This field supports xref:../../configure/rule-ordering-pattern-matching.adoc#[pattern matching]. +To scan all repositories, leave this field blank or enter a wildcard (`{asterisk}`). + +*Docker Hub:* +To specify an official Docker repository, enter library/, followed by the short string used to designate the repo. +For example, to scan the images in the official Alpine Linux repository, enter library/alpine. + +To specify non-official repositories, enter the username or organization name, followed by a slash, followed by the name of the repo. +For example, to specify the alpine repository in onescience's account, enter onescience/alpine. + +To scan all repos from a user or organization, enter the user or organization name, followed by a wildcard (`{asterisk}`). +For example, to scan all repos created by onescience, enter onescience*. + +*Google Cloud Platform Container Registry:* +Enter your project ID and image name in the following format: project-id/image-name. To scan all images, follow the repository name with `/\*`. (for example, `company-sandbox/*`). + +*Harbor:* +Enter the name of the repository, followed by a wildcard (`{asterisk}`). +For example, to scan the repository library, enter library*. + +*Any Docker V2 API compliant registry:* +Docker Hub, Docker Registry, and Alibaba Container Registry all support the Docker Registry version 2 API. + +*Nexus Registry:* Leave blank or include a pattern to match the Docker repositories inside the Nexus registry. For example: To scan all the images under a path, include the *path/to* string. + +|Repositories to exclude (Optional) +|Specify repository names to exclude. +Enter the repository name or pattern to exclude that repository from being scanned. Leave this field blank to scan all repositories. + +|Tag (Optional) +|Specify an image tag. +Leave this field blank to scan all tags (limited by the value in Cap). + +|Tags to exclude (Optional) +|Specify tags to exclude. +Leave blank to exclude all image tags (default). + +|Credentials +|Specify the credentials required to access the registry. +If the credentials have already been created in the Prisma Cloud credential store, select it. +If not, click *Add New*. + +*Public repositories on public registries (such as Docker Hub):* +Leave this field blank. +No credentials are required. + +*AWS EC2 Container Registry:* +Use the IAM access keys for authentication. +For more information, see xref:scan-ecr.adoc[Amazon Elastic Container Registry (ECR).] + +*Google Container Registry:* +Use the service account and `JSON` token. +For more information, see xref:scan-gcr.adoc[Google Container Registry (GCR).] + +*Harbor Registry:* +Create a *Basic authentication* credential. +Credentials for Harbor can be a *Limited Guest*. + +*Registries that support token authentication (such as, Quary, and GitLab):* +Create a *Basic authentication* credential. +_Username_ is the name of the token and the token value is entered into the _password_ field. +[NOTE] +==== +To scan a *GitLab* registry, configure the registry in Prisma Cloud as a *GitLab Container Registry*. + +You can use GitLab personal access token to scan a GitLab registry. +==== + +|CA certificate (Optional) +|Enter a CA certificate in PEM format to allow Prisma Cloud to validate the registry. + +Custom CA certificate validation is supported only for non-docker nodes (for example, OpenShift), and for the following Cloud providers: + +- Docker registry v2 +- JFrog Artifactory (On-prem) +- Harbor +- Sonatype Nexus ++ +**Note:** Certificate revocation checking for the registry's certificate is your responsibility to ensure that the certificate is not revoked by the issuing authority. ++ +Only Defenders running with CRI runtime support custom CA certificate configuration. ++ +[NOTE] +==== +Place the CA certificate (`ca.cert`) file in any of the following paths. The Defender searches for the certificate files in the below directories in the following precedence: + +`/etc/docker/certs.d//` + +`/etc/containers/certs.d//` + +`/etc/containerd/certs.d//` +==== + +|OS Type +|Specify whether the image is built on a Windows or Linux-based OS. + +|Scanners scope +|Select collections of Defenders to scan this registry. + +Only Linux Defenders can scan Linux container images, and only Windows Defenders can scan Windows container images. +App-Embedded Defenders can't be used for registry scanning. + +|Number of scanners +|Number of Defenders from the scope across which the scan job can be distributed. +Increase the number of Defenders to increase throughput and reduce scan time. + +|Cap (Capacity) +|Specify the maximum number of images to scan in the given repository, sorted according to the last modified date. A repository is a collection of different docker images with the same name, that have different tags. That is, the most recently modified image in each repository is scanned first, followed by the image next most recently modified, and so on. + +With a cap of five, scanning Defenders fetch the five most recently modified images from each repository in the registry. In other words, for each image in the registry, we will include the 5 latest versions. + +The Docker Registry API does not support directly querying for the most recently updated images. +To handle your CAP setting, Prisma Cloud first polls the registry for all tags and manifests in the given repository to discover the last updated dates. +This is a low-overhead operation because images do not need to be downloaded. +Prisma Cloud then sorts the results by date and then scans the most recently updated images in each repository up to the limit specified by CAP. +Even when CAP is set to a low number, you might still notice the Prisma Cloud UI polling the registry for data about the images in the repository. + +To scan all images in a repository, set CAP to 0. + +|Version matching pattern +|Customize sort order by values in the image tag. +Specify a pattern from which a version or date can be extracted from the image tag. +There are two use cases for specifying version-matching patterns: + +* You want to reduce the total time it takes to complete the scan for very large registries. +Rather than fetching the metadata from the registry required to sort images, you specify how the scanner can extract the metadata directly from the image tag. +* You want to order and cap the images to be scanned by some value other than the last modified date. + +Specify patterns with strings, wildcards, time/date elements, and integers. + +* `%d` - version number +* `%Y` - 4 digit year +* `%M` - 2 digit month +* `%D` - 2 digit day +* `%H` - 2 digit hour +* `%m` - 2 digit minute +* `%s` - 2 digit second + +For image tags that match the pattern, the tag is split into its constituent parts. +After all image tags are parsed, they're ordered and capped according to the value set in Cap. + +Ordering is the best-effort. +Tags that don't conform to the pattern are ignored. + +If both date and version are specified in your pattern, the date takes precedence. + +If the version matching pattern is left unspecified, Prisma Cloud orders images by the last modified date. + +|=== + +To scan a small set of registries that contain a small set of images, use a VM host with a single container Defender optimized to scan the target registries. + +=== Registries with a Large Scale + +For larger registries, optimize your scan configuration to maximize throughput and minimize scan time. +Defenders scan registries parallely following <>. +The following best practices help you improve your registry scanning speed. + +* If you have large registries or need aggressive scan intervals, increase the number of scanners in the scope. ++ +The number of scanning Defenders should increase with the registry size. As the number of images in the registry increases, so does the number of Defenders scanning this registry. + +* Use the default cap value of five in your registry scan configuration. ++ +The cap value impacts the duration of the scan. Large-cap values lead to longer scan times since more images are scanned. + +* Use a version-matching pattern in your registry scan configuration. Only use version pattern matching for deployments with very large registries containing tens of thousands of repositories and millions of images. ++ +If you specify a version matching pattern, the scanner looks to the image tag for sort order. +Without a version-matching pattern, images are sorted by the last modified date. +With a version-matching pattern, you configure how image tags are sorted. +Using semantic versioning in your image names, you can specify the following version pattern: ++ +[source] +---- +*-%d.%d.%d +---- ++ +This optimized flow to collect metadata eliminates the sorting loop and substantially reduces the number of requests. Then, Defenders can start scanning the registry sooner. +The simplified flow is as follows. ++ + . Get a list of all repos in the registry. ++ + . For each repository, scanning Defenders perform the following tasks. + * Get a list of all image tags ++ + . Once the metadata of all images is discovered, scanning Defenders perform the following tasks. + * Sort the images by last modified date. + * Cap the list of images based on the configured value. By default, lists are capped at five. + * Scan the images. ++ +A repository with three images, configured with a cap of `2`, and a version pattern of `*-%d.%d.%d`, produces the following set of images to be scanned. ++ +[source] +---- + myimage-3.0.0 <<<--- Image scanned + myimage-2.0.1 <<<--- Image scanned + myimage-2.0.0 (Not scanned) +---- + +//* When you have multiple registries, create multiple collections of defender scanners. +//+ +//Each registry should have dedicated Defenders to perform the scanning. +//If a 1:1 ratio of collections to registries isn't feasible, create as many collections as possible to split the load. +//Don't reuse the same collection for all registries. +//+ +//This best practice prevents the scenario where a single Defender performs too many queries to the registry provider API. +//If too many queries are made during repository or tag discovery, providers could throttle the Defender. +* When you have multiple registries to scan, create a dedicated collection of Defenders with the scope for each registry scan profile. Ensure that the Defenders are able to reach the defined registry. To improve throughput and reduce scan time, you can increase the number of Defenders in the collection. +ifdef::compute_edition[] ++ +This dedicated collection of Defenders will target all the registries and scan them in parallel as per the registry scan limit configured in the `twistlock.cfg` file. +endif::compute_edition[] ++ +This dedicated collection of Defenders will target all the registries and scan them in parallel as per the registry scan limit configured in `twistlock.cfg` file. + +* Properly dimension the hardware running your Defenders. ++ +Ensure the xref:../../install/system-requirements.adoc#hardware[hardware system requirements] for Defenders scanning registries are met. + +* Colocate scanning Defenders in the same region as the registry. ++ +This best practice minimizes network latency since the Defenders run in the same region as your registries. + +=== Additional Scan Settings + +You can find additional scan settings under *Manage > System > Scan*, where you can set the xref:../../configure/configure-scan-intervals.adoc#[registry scan interval]. + +The *Manage > System > Scan* page has an option called *Only scan images with running containers*. +This option does not apply to registry scanning. All images included in your registry scanning rule are scanned regardless of the setting to *Only scan images with running containers*. + +=== CRI and containerd-only Environments + +Prisma Cloud fully supports scanning CRI and containerd-only environments. + +=== Registry Scanning Limitations + +When scanning registries, consider the following constraints. + +* Defenders only scan the operating system images that match the OS of the system running them. ++ +For example, a Defender running on a Linux host can only scan Linux images and won't scan Windows images. + +* Defenders running on Linux only scan images suited for the hardware architecture that matches the architecture of the system running them. ++ +For example, a Defender running on x86_64 architecture with Linux can only scan images for x86_64 systems with Linux. +Similarly, a Defender running on ARM64 architecture with Linux can only scan images for ARM64 systems with Linux. +You can't mix Linux ARM64 and Linux x86_64 Defenders within the same registry scanning scope. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/frag-results.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/frag-results.adoc new file mode 100644 index 0000000000..587f66ec28 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/frag-results.adoc @@ -0,0 +1,11 @@ +[.procedure] +. Verify that the images in the repository are being scanned. + +.. Go to *Monitor > Vulnerabilities > Images > Registries*. ++ +A progress indicator at the top right of the window shows the status of the current scan. +As the scan of each image is completed, its findings are added to the results table. + +.. To get details about the vulnerabilities in an image, click on it. ++ +To force a specific repository to be scanned again, select *Scan* from the top right of the results table, then click on the specific registry to rescan. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/nexus-registry.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/nexus-registry.adoc new file mode 100644 index 0000000000..bc32050504 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/nexus-registry.adoc @@ -0,0 +1,111 @@ +== Scan Images in Sonatype Nexus Registry + +To scan a repository in Sonatype Nexus Registry, create a new registry scan setting. + +[#nexus-repo-connector] +=== Prerequisites + +* You have xref:../../install/deploy-defender/defender-types.adoc#[installed a Container Defender] somewhere in your environment. + +* Configure the connector port for the Docker engine to connect to the Nexus registry. ++ +NOTE: The Docker client needs the Docker registry exposed at the root of the host together with the port that it is accessing. Nexus offers several methods to overcome this limitation, one of which is the connector port method, which Prisma Cloud supports. + +.. From the Nexus web portal, select the Administration screen. + +.. Select the Nexus Repository. + +.. Select *Online* to allow the Nexus repository to accept the incoming requests. + +.. Configure the Docker repository connector to use an HTTP or HTTPS port. + ++ +image::./nexus-repo-connector.png[scale=30] + +* The Defender can establish a connection with the Nexus registry over the connector port that you configured in the Nexus registry. ++ +Ensure that the port is open for the image to be accessed successfully. + +ifdef::prisma_cloud[] +* To view the registry scan results, you must have the Administrator role or a custom role with access to registry settings and ability to view the registry scan results. +endif::prisma_cloud[] + +[.task] +[#add-nexus-registry] +=== Configure a Nexus Registry in Prisma Cloud + +[.procedure] +. Log in to Console, and select *Compute > Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In the *Add New Registry Setting Specification*, enter the following values: + +.. In the *Version* drop-down list, select *Sonatype Nexus*. + +.. In *Registry*, enter the hostname, or Fully Qualified Domain Name (FQDN), and the connector port for the Nexus registry's login server. ++ +The format for the FQDN is *:*, where ** is a unique value specified when the registry was created, and the ** is the one you configured in the Nexus repository administration. ++ +Example: +*:*. ++ +*https://ec2-100-25-223-135.compute-1.amazonaws.com:8083* + +.. Leave the *Repository* blank or include a pattern to match the Docker repositories inside the Nexus registry. ++ +For example: To scan all the images under a path, include the *path/to* string. + +.. Optionally enter the Repositories to exclude them from being scanned. + +.. In *Tag*, enter an image tag. +Leave this field blank to scan all images, regardless of their tag. + +.. Optionally, enter Tags to exclude, to avoid scanning images with specified tags. + +.. In *Credential*, configure how Prisma Cloud authenticates with Nexus registry. ++ +Select a credential from the drop-down list. ++ +If there are no credentials in the list, *Add* new credentials and select the Basic authentication. + +.. You can optionally enter a custom *CA certificate* in PEM format for Prisma Cloud to validate the Nexus registry. ++ +Custom CA certificate validation is supported only for non-Docker nodes (e.g. OpenShift). ++ +NOTE: Ensure that the Custom CA certificate that you use is not revoked by the issuing authority. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. In *Cap*, limit the number of images to scan. ++ +Set *Cap* to *5* to scan the five most recent images, or enter a different value to increase or decrease the limit. +Set *Cap* to *0* to scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. + +[.task] +=== Troubleshooting + +*Prisma Cloud failed to pull images from the Nexus repository* + +*Monitor > Vulnerabilities > Images > Registries* shows the following error: + +`ERRO 2022-06-07T06:55:39.046 scanner.go:110 Failed to pull image cybersecurity/conjur/test-app:latest, error Error initializing source docker://nexus.nedigital.sg/cybersecurity/conjur/test-app:latest: error pinging docker registry nexus.nedigital.sg: invalid status code from registry 400 (Bad Request)` + +image::./prisma-cloud-nexus-registry-error.png[scale=20] + +[.procedure] +. Ensure that you have installed Defender on the host on which the Nexus registry is installed. +. Verify that you can https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/pulling-images[pull the nexus registry] using the docker command. +. Create a Nexus repository connector port as mentioned in the <>. +. <> using the connector port in the Registry URL. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/registry-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/registry-scanning.adoc new file mode 100644 index 0000000000..b4103cac83 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/registry-scanning.adoc @@ -0,0 +1,18 @@ +== Registry scanning + +Configure Prisma Cloud to scan your registries. + +* xref:nexus-registry.adoc[Scan images in Sonatype Nexus Registry] +* xref:scan-alibaba-container-registry.adoc[Scan images in Alibaba Cloud Container Registry] +* xref:scan-ecr.adoc[Scan images in Amazon Elastic Container Registry (ECR)] +* xref:scan-acr.adoc[Scan images in Azure Container Registry (ACR)] +* xref:scan-docker-registry-v2.adoc[Scan images in Docker Registry v2] +* xref:scan-gitlab.adoc[Scan Images in GitLab Container Registry] +* xref:scan-google-artifact-registry.adoc[Scan images in Google Artifact Registry] +* xref:scan-gcr.adoc[Scan images in Google Container Registry (GCR)] +* xref:scan-harbor.adoc[Scan images in Harbor Registry] +* xref:scan-ibm-cloud-container-registry.adoc[Scan images in IBM Cloud Container Registry] +* xref:scan-artifactory.adoc[Scan images in JFrog Artifactory Docker Registry] +* xref:scan-openshift.adoc[Scan Images in OpenShift integrated Docker Registry] +* xref:scan-coreos-quay.adoc[Scan Images in CoreOS Quay] +* xref:webhooks.adoc[Trigger Registry scans with webhooks] diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-acr.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-acr.adoc new file mode 100644 index 0000000000..673bb62533 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-acr.adoc @@ -0,0 +1,65 @@ +== Scan images in Azure Container Registry (ACR) + +To scan a repository in Azure Container Registry (ACR), create a new registry scan setting. + +[.task] +=== Configure an ACR Registry Scan + +*Prerequisites:* + +* You have xref:../../install/deploy-defender/defender-types.adoc#[installed a Defender] somewhere in your environment. +* The Defender can establish a connection with the ACR over port 443. Ensure that the port is open for the image to be accessed successfully. +* The Azure Service Principle is assigned the *Contributor* role. xref:../../authentication/credentials-store/azure-credentials.adoc[Azure Credentials] for details. + +[.procedure] + +. Log in to Console, and select *Defend > Vulnerabilities > Images > Registry settings*. + +. *Add registry*. + +. In *Add New Registry*, enter the following values: + +.. In *Version*, select *Azure Container Registry*. + +.. Under *Registry*, enter the Fully Qualified Domain Name (FQDN) for the registry's ACR login server. ++ +The format for the FQDN is *.azurecr.io*, where ** is a unique value specified when the registry was created. +Example: *example.azurecr.io*. + +.. In *Repository*, enter the name of the repository to scan. +Example: *library/alpine*. + +.. Enter *Tag* numbers to scan, leave blank, or enter a wildcard (*) to scan all the tags. + +.. Optionally, enter *Tags to exclude*, to avoid scanning images with specified tags. + +.. In *Credential*, configure how Prisma Cloud authenticates with ACR. ++ +Select a credential from the drop-down list. ++ +If there are no credentials in the list, click *Add new* to xref:../../authentication/credentials-store/azure-credentials.adoc[create an Azure credential] where the service principal authenticates with a password. ++ +ifdef::prisma_cloud[] +To authenticate with a certificate, xref:../../cloud-service-providers/use-cloud-accounts.adoc[create a cloud account]. +endif::prisma_cloud[] +ifdef::compute_edition[] +To scan the ACR registry in Compute, Prisma Cloud needs your Azure account credentials. Create an Azure account under *Compute > Manage > Cloud Accounts* with the permissions required to access the ACR registry, and select the same Azure credentials while configuring the registry scan for ACR. +endif::compute_edition[] + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. In *Cap*, limit the number of images to scan. ++ +Set *Cap* to *5* to scan the five most recent images, or enter a different value to increase or decrease the limit. +Set *Cap* to *0* to scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being xref:configure-registry-scanning.adoc[scanned] under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry.adoc new file mode 100644 index 0000000000..d3ba5ec123 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry.adoc @@ -0,0 +1,77 @@ +== Scan Images in Alibaba Cloud Container Registry + +Configure Prisma Cloud to scan your Alibaba Cloud Container Registry. +First, create a service account, and then specify the scan parameters. + + +[.task] +=== Create a Service Account + +Create a service account so Prisma Cloud can access your registry. +Prisma Cloud needs the *AliyunContainerRegistryReadOnly* permission policy to query, download, and scan the images in your registry. + +[.procedure] +. In Alibaba Cloud, create a RAM account. ++ +Go to *RAM > Users*, and click *Create User*. ++ +image::scan_alibaba_create_user.png[width=600] + +. Select *Add Permissions*. ++ +image::scan_alibaba_set_perms.png[width=600] + +. Search for *registry*, and then select *AliyunContainerRegistryReadOnly*. + + +[.task] +=== Configure an Alibaba Cloud Container Registry Scan + +To scan a repository in Alibaba Cloud Container Registry, create a new registry scan setting. + +*Prerequisites:* + +* xref:../../install/deploy-defender/defender-types.adoc[Install a Defender] somewhere in your environment. +* Create an Alibaba Cloud Container Registry. +* You have the service account credentials. + +[.procedure] +. Open Console, and go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In *Add New Registry Setting Specification*, enter the following values: + +.. In *Version*, select *Docker Registry v2*. + +.. In *Registry*, enter the Fully Qualified Domain Name (FQDN) for the registry. +For example, *registry-intl.cn-hangzhou.aliyuncs.com*. + +.. In *Repository*, enter the name of the repository to scan. +Example: *library/alpine*. + +.. In *Tag*, enter an image tag. +Leave this field blank to scan all images, regardless of their tag. + +.. In *Credential*, configure how Prisma Cloud authenticates with Alibaba Cloud Container Registry. ++ +Select a credential from the drop-down list. +If there are no credentials in the list, click *Add new*, and create a *Basic authentication* credential with the service account username and password. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. In *Cap*, limit the number of images to scan. ++ +Set *Cap* to *5* to scan the five most recent images, or enter another value to increase or decrease the limit. +Set *Cap* to *0* to scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-artifactory.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-artifactory.adoc new file mode 100644 index 0000000000..8b652984ab --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-artifactory.adoc @@ -0,0 +1,217 @@ +== Scan Images in JFrog Artifactory Docker Registry + +An https://www.jfrog.com/confluence/display/JFROG/Docker+Registry[Artifactory Docker registry] is a hosted collection of Docker repositories, that you can access transparently with https://www.jfrog.com/confluence/display/JFROG/Docker+Registry[Docker client]. JFrog Artifactory provides both Cloud (SaaS) and Self-hosted (On-prem) versions. + +Artifactory lets you configure how images in the repository are accessed with a setting called the Docker Access Method. + +Prisma Cloud supports the subdomain method and the repository method. +The ports method is not supported. + +NOTE: Artifactory recommends that the subdomain method be used for production environments. The repository model is suitable for small test setups and proof of concepts. + +In the subdomain model, the repository is accessed through a reverse proxy. +Each Docker repository is individually addressed by a unique value, known as the repository key, positioned in the subdomain of the registry's URL. + +For example, `$ docker {pull|push} .art.example.com/:` + +In the repository path model, each repository can be directly addressed. +The repository key is part of the path to the image repo. + +For example, `$ docker {pull|push} art.example.com:443//:` + +Create a new registry scan setting to scan images in the Artifactory Docker registry. + +[.task] +=== Configure a JFrog Artifactory Docker Registry Scan + +*Prerequisites:* + +* You have xref:../../install/deploy-defender/defender-types.adoc#[installed a container Defender] somewhere in your environment. +* You can connect to the Docker client and pull an image from your Artifactory registry. +* Set up JFrog credentials with basic authentication in xref:../../authentication/credentials-store/credentials-store.adoc[Credentials store] and grant Prisma Cloud access to your repository in JFrog Artifactory. + +[.procedure] +. Log in to Console, and select *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. ++ +image::jfrogArtifactory-ca.png[scale=10] + +. In *Add New Registry*, enter the following values: + +.. In *Version*, select one of: ++ +*JFrog Artifactory* - Auto-discover and scan all images in all repos across the Artifactory service for versions of Artifactory greater than or equal to 6.2.0. ++ +image::scan_artifactory_subdomain_all.png[scale=5] ++ +*Docker Registry v2* - Scan all images in all repos under a specific repository key for the subdomain method. Repository keys effectively subdivide the Artifactory service into stand-alone fully compliant Docker v2 registries. ++ +image::scan_artifactory_subdomain_single.png[scale=5] + +.. In *Registry*, specify the address to scan. ++ +If you selected *JFrog Artifactory*, enter the FQDN of the reverse proxy for the on-prem or Cloud registry URL of JFrog Cloud. ++ +If you selected *Docker Registry v2*, enter the FQDN, including subdomain, of the sub-registry, for example: `\https://.example.com/`. + +.. In *Repository*, specify the repository to scan. ++ +If you leave this field blank or enter a wildcard, Prisma Cloud finds and scans all repositories in the registry. ++ +If you specify a partial string that ends with a wildcard, Prisma Cloud finds and scans all repositories that start with the partial string. ++ +If you specify an exact match, Prisma Cloud scans just the specified repository. + +.. Optionally enter the *Repositories to exclude* them from being scanned. + +.. In *Repository types*, select the repository types that Prisma Cloud should scan. ++ +This setting is available only when *Version* is set to *JFrog Artifactory*. +Specify at least one of the repository types (local, remote, virtual) hosted by JFrog. ++ +NOTE: To scan only cached images in a repo, use *virtual repo*. + +.. Enter *Tag* numbers to scan, leave blank, or enter a wildcard (*) to scan all the tags. + +.. Optionally, enter *Tags to exclude*, to avoid scanning images with specified tags. + +.. In *Credential*, select the JFrog Artifactory credentials you created in the prerequisites section. + +.. You can optionally enter a custom *CA certificate* in PEM format for Prisma Cloud to validate the registry only for JFrog On-prem. A custom CA certificate is not applicable for JFrog Cloud, as the certificates are managed by the provider. ++ +However, for the JFrog Cloud webhook to trigger a registry scan for the images in JFrog Cloud, you must enter a valid and trusted certificate and not a self-signed certificate. ++ +Custom CA certificate validation is supported only for non-Docker nodes (such as, OpenShift). ++ +[NOTE] +==== +Only Defenders installed on CRI runtime with containerd can scan and validate the custom CA certificate. +Ensure that the Custom CA certificate that you use is not revoked by the issuing authority. + +Place the CA certificate (`ca.cert`) file in any of the following paths. The defender searches for the certificate files in the below directories in the following precedence: ++ +`/etc/docker/certs.d//` ++ +`/etc/containers/certs.d//` ++ +`/etc/containerd/certs.d//` +==== + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of Defenders to use for the scan. ++ +The Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. For more information, see xref:configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. *Cap* the number of images to scan. ++ +*Cap* specifies the maximum number of images to scan in the given repository, sorted according to the last modified date. ++ +To scan all images in a repository, set *Cap* to 0. ++ +For a complete explanation of *Cap*, see the table in xref:registry-scanning.adoc[registry scan settings]. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. + +[.task] +=== Scan Cached Images in a Repo + + +[.procedure] +. To only scan the cached images in a repo, use *Repository type* as *virtual repo*. +. Edit `$JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties` file for configuration changes: +.. `artifactory.docker.cache.remote.repo.tags.and.catalog=`, where, `` is a single URL or a list of repository URLs that you want to configure as a remote repository. +.. `artifactory.docker.catalogs.tags.fallback.fetch.remote.cache=true`. This enables all repositories that fail to get a response from the upstream to retrieve results from the cache. +. Restart the artifactory for the changes to take effect. Refer to the JFrog documentation https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory[here]. +. Refresh/delete the `repository.catalog` file from the remote cache before running any scans. ++ +NOTE: Starting with jFrog server > 7.41.2, new images will get updated automatically in the `repository.catalog` file, so there is no need to delete the file to update it. +. Scan the virtual repo with Prisma Cloud registry scanning. + +=== Last Downloaded Date + +JFrog Artifactory lets security tools download image artifacts without impacting the value for the *Last Downloaded* date. +This is especially important when you depend on artifact metadata for purge/clean-up policies. + +The Prisma Cloud scanning process no longer updates the *Last Downloaded* date for all images and manifest files of all the images in the registry. + +*Requirements*: + +JFrog Artifactory version 7.21.3 and later. + +In your Prisma Cloud registry scan settings, the version must be set to *JFrog Artifactory*. +If you set the version to *Docker V2*, Prisma Cloud uses the Docker API, which doesn't offer the same support. + +"Transparent security tool scanning" is *not* supported for anything other than *Local* repositories. +If you select anything other than *Local* in your scan configuration, including virtual repos backed by local repos, then Prisma Cloud automatically uses the Docker API to scan all repositories (local, remote, and virtual). +When using Docker APIs, the *Last Downloaded* field in local JFrog Artifactory registries will be impacted by scanning. + +The following screenshot shows the supported configuration for this capability: + +image::jfrogArtifactory-ca.png[scale=10] + +If you've got a mix of local, remote, and virtual repositories, and you want to ensure that the *Last Downloaded* date isn't impacted by Prisma Cloud scanning, then create separate scan configurations for local repositories and remote/virtual repositories. + +NOTE: The *Last Downloaded* date of the image and manifest files of the images that are eventually pulled for scanning, based on your registry scan policy, will be updated. +The scan process first evaluates which images to scan by retrieving all manifest files for all images. +In this phase of the scan, the *Last Downloaded* date will no longer be impacted. +In the next phase, where Prisma Cloud pulls an image to be scanned, the manifest file's *Last Downloaded* date will be updated. +Often, the number of images scanned will be a subset of all images in the registry, but that's based on your scan policy. + +NOTE: Just because an image has been selected for scanning, doesn't mean that it will actually be pulled. +If an image's hash hasn't changed, it won't be pulled for scanning, so the *Last Downloaded* date will be unchanged. + +=== Troubleshooting + +If Artifactory is deployed as an insecure registry, Defender cannot pull images for scanning without first configuring an exception in the Docker daemon configuration. +Specify the URL of the insecure registry on the machine where the registry scanning Defender runs, then restart the Docker service. +For more information, see the https://docs.docker.com/registry/insecure/[Docker documentation]. + +*Failed to create docker client* + +You might see the following error in the screenshot if you try to scan JFrog Cloud with the Defender version earlier than 22.12.415. + +image::failed-to-create-docker-client.png[width=250] + +To fix this error, update your Console and Defender equal to or higher than 22.12.415. + +*Remote repository scan would either pull all images or no images* + +When scanning a remote repository configured in JFrog, one of the two scenarios may occur: + +Scanning the remote repository returns and downloads the entire list of images - which results in an Out-Of-Memory error on the host. +Scanning the remote repository returns no images - which returns a null list of images. + +A sample log output from the Defender logs with repository "discovered: 0": + +``` +DEBU 2022-02-16T21:34:44.215 ws.go:432 Received message with type discoverRegistryRepos +DEBU 2022-02-16T21:34:44.215 scanner.go:246 Discovering repositories in registry [https://jm-jfrog:443]( https://jm-jfrog/) +DEBU 2022-02-16T21:34:49.354 scanner.go:277 Repository discovery completed (completed: true, discovered: 0, time: 5.14) +``` + +[.task] +==== Fix Out-Of-Memory or no Images Found Error + +[.procedure] +. Create a https://www.jfrog.com/confluence/display/JFROG/Virtual+Repositories[virtual repo in JFrog] that points to the remote repository that you want to scan. +. Edit system parameters in `$JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties` file. +.. `artifactory.docker.catalogs.tags.fallback.fetch.remote.cache=true` ++ +Setting this to "true" means that all repositories that fail to get a response from the upstream should retrieve results from the cache. +.. `artifactory.docker.cache.remote.repo.tags.and.catalog=`. Where, `` is a single URL or a list of repository URLs that you want to configure as a remote repository. ++ +For example: `+artifactory.docker.cache.remote.repo.tags.and.catalog=https://registry1.docker.io/, https://gcr.io, https://mcr.microsoft.com+`. +. Restart the artifactory for the changes to take effect. Refer to the JFrog documentation https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory[here]. +. Refresh/delete the `repository.catalog` file from the remote cache before running any scans. +. Go to *Prisma Cloud Compute > Defend > Vulnerabilities > Images > Registry Settings > Registries > Add registry*. +. Enter the *Registry* URL. +. Enter the *Repository* URL of the virtual repository that you created in JFrog. +. Select the *Repository types* as *Virtual*. + + diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay.adoc new file mode 100644 index 0000000000..969b2ac04b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay.adoc @@ -0,0 +1,43 @@ +== Scan Images in CoreOS Quay Registry + +To scan a repository in *CoreOS Quay*, configure the registry. + +*Prerequisites* + +* You have https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-admin-compute/install/deploy-defender/defender_types.html[installed a Defender] somewhere in your environment. + +[.task] +=== Configure a CoreOS Quay Registry Scan + +[.procedure] +. Log in to Console, and select *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry* and enter the details: + +.. In *Version*, select *CoreOS Quay*. +.. In *Registry (Optional)* enter the Fully Qualified Domain Name (FQDN) for the CoreOS Quay registry server. ++ +To configure a self-hosted registry, enter an IP address, while for the SaaS version, provide the registry URL. + +.. In *Repository*, enter the name of the repository to scan. +.. Optionally enter the *Repositories to exclude* them from being scanned. +.. Enter *Tag* numbers to scan, leave blank, or enter a wildcard (*) to scan all the tags. +.. Optionally, enter *Tags to exclude*, to avoid scanning images with specified tags. +.. In *Credential*, configure how Prisma Cloud authenticates with CoreOS Quay. ++ +Select the credential for CoreOS Quay from the drop-down list. ++ +If there are no credentials in the list, click *Add new* to create new credentials under *Manage > Authentication > Credentials Store*. +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. +.. In *Scanners scope*, specify the collections of defenders to use for the scan. +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. +.. In *Cap*, limit the number of images to scan. ++ +Set *Cap* to *5* to scan the five most recent images, or enter a different value to increase or decrease the limit. +Set *Cap* to *0* to scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. + + diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2.adoc new file mode 100644 index 0000000000..42b9efd423 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2.adoc @@ -0,0 +1,75 @@ +== Scan Images in Docker Registry v2 (including Docker Hub) + +Most vendors' registries comply with the Docker Registry version 2 API, including Docker Hub. + +[.task] +=== Configure Docker Registry v2 Scan + +For Docker Hub repositories: + +* To specify an official Docker Hub repository, enter library/, followed by the short string used to designate the repo. +For example, to scan the images in the official Alpine Linux repository, enter library/alpine. + +* To specify non-official repositories, enter the user name or organization name, followed by a slash, followed by the name of the repo. +For example, to specify the alpine repository in onescience’s account, enter onescience/alpine. + +* To scan all repos from a user or organization, simply enter the user or organization name, followed by a wildcard (`{asterisk}`). +For example, to scan all repos created by onescience, enter onescience*. + +*Prerequisites:* You have xref:../../install/deploy-defender/defender-types.adoc#[installed a Defender] somewhere in your environment. + +[.procedure] +. Open Console, and then go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In the dialog, enter the following information: + +.. In *Version*, select *Docker Registry v2*. + +.. Leave *Registry* field blank. An empty field specifies Docker Hub (hub.docker.com). + +.. In *Repository name*, enter the name of the repo to scan. +For example, enter *library/alpine* to scan the official Alpine image. +If the repo is part of an organization, use the organization/repository format. +For example, *bitnami/nginx*. + +.. Optionally enter the Repositories to exclude them from being scanned. + +.. In *Tag*, enter an image tag. +Leave this field blank to scan all images, regardless of their tag. + +.. Optionally, enter Tags to exclude, to avoid scanning images with specified tags. + +.. In *Credential*, select the credentials to use. ++ +If you are scanning a public repository, leave this field blank. ++ +If you are scanning a private repository, and Console doesn't have your credentials yet, click *Add New*. +Select either *Basic authentication* or *Certificate-based authentication*, and fill out the rest of the fields. +For certificate-based authentication, provide a client certificate with private key, and an optional CA certificate. ++ +If there are no credentials in the list, *Add* new credentials and select the Basic authentication. + +.. You can optionally enter a custom *CA certificate* in PEM format for Prisma Cloud to validate the Docker registry v2. ++ +Custom CA certificate validation is supported only for non-Docker nodes (e.g. OpenShift). ++ +NOTE: Ensure that the Custom CA certificate that you use is not revoked by the issuing authority. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/scan-docker-registry-v2.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. Set *Cap* to the number of most recent images to scan. +Leaving *Cap* set to the default value of *5* will scan the most recent 5 images. +Setting this field to *0* will scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ecr.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ecr.adoc new file mode 100644 index 0000000000..57260092c1 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ecr.adoc @@ -0,0 +1,74 @@ +== Scan Images in Amazon Elastic Container Registry (ECR) + +To scan a repository, Prisma Cloud has to authenticate with Amazon ECR using either an IAM user (service account) or IAM role. +The minimum permissions policy required is *AmazonEC2ContainerRegistryReadOnly*. +It is a managed, predefined policy. +AWS managed policies grant the minimum set of permissions required for common use cases so you don't need to spend a lot of time investigating permissions yourself. + +[.task] +=== Authenticate Prisma Cloud to ECR + +The *AmazonEC2ContainerRegistryReadOnly* permissions policy is currently defined as follows: + +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PrismaCloudComputeECRScanning", + "Effect": "Allow", + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages" + ], + "Resource": "*" + } + ] +} +---- + +*Prerequisites:* You have xref:../../install/deploy-defender/defender-types.adoc[installed a Defender] somewhere in your environment. + +[.procedure] +. Open Console and go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In the dialog, enter the following information: + +.. In *Version*, select *Amazon EC2 Container Registry*. + +.. In *Registry*, enter the URL for the registry. This should be of format: *.dkr.ecr..amazonaws.com* + +.. In *Repository*, enter the name of the repository to scan. + +.. In *Tag*, enter an image tag. +Leave this field blank to scan all tags. + +.. Configure how xref:../../authentication/credentials-store/credentials-store.adoc[Prisma Cloud authenticates with AWS]. ++ +You can use an IAM user, IAM role, or AWS STS. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. Set *Cap* to the number of most recent images to scan. +Leaving *Cap* set to *5* will scan the 5 most recent images. +Setting this field to *0* will scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gcr.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gcr.adoc new file mode 100644 index 0000000000..11bab399a9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gcr.adoc @@ -0,0 +1,73 @@ +== Scan Images in Google Container Registry (GCR) + +[.task] +=== Configure a GCR Registry Scan + +*Prerequisites:* + +* xref:../../install/deploy-defender/defender-types.adoc#[Install a Defender] somewhere in your environment. + +// Stroage view role discussion from https://panw-global.slack.com/archives/CL11MD99Q/p1572381568427500 +* GCR access is governed by Google's storage permissions. +For Prisma Cloud to scan GCR, your service account must have the GCP IAM *Storage Object Viewer* role (see https://cloud.google.com/container-registry/docs/access-control#permissions_and_roles[Permissions and roles]). + +* Grant Prisma Cloud access to your registry with a https://cloud.google.com/container-registry/docs/advanced-authentication[service account JSON key file]. +Your JSON token blob will look something like this: ++ +[source,yaml] +---- +{ + "type": "service_account", + "project_id": "my_project_id", + "private_key_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "private_key": "-----BEGIN PRIVATE KEY-----\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==\n-----END PRIVATE KEY-----\n", + "client_email": "XXXXXXXXXXXXXXX@XXXXXXXXXXXXXX.iam.gserviceaccount.com", + "client_id": "XXXXXXXXXXXXXXXXXXXXXXXXX", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.iam.gserviceaccount.com" +} +---- + +[.procedure] +. Open Console, then go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In *Version*, select *Google Container Registry*. + +. Enter the registry address in the *Registry* field (e.g. `gcr.io`). + +. Enter the repository name followed by `/{asterisk}` in the *Repository* field (e.g. `company-sandbox/*`). + +. In *Credential*, enter the credentials required to access the registry. If the credentials have already been created in the Prisma Cloud credential store, select it. If not, click *Add* to create new credentials. ++ +image::gcr_add_registry.png[width=800] + +.. Select the *GCP* credential type and credential level, then paste the JSON token blob from your service account into the *Service Account* field. +Leave the *API Token* field blank. ++ +image::gcr_create_new_credential.png[width=800] ++ +NOTE: For GCP organizations with hundreds of projects, scanning GCR using organization level credentials might affect the scanning performance due to long query time from GCP. Therefore, the best approach to reduce scan time and to avoid potential timeouts, is to divide the projects within your organization into multiple GCP folders. Then, create a service account and credential for each one of them, and use these credentials for GCR scanning. + +.. Save your credentials. + +. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +. Set *Cap* to the number of most recent images to scan. ++ +Leaving *Cap* set to *5* will scan the 5 most recent images. +Setting this field to *0* will scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gitlab.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gitlab.adoc new file mode 100644 index 0000000000..dfa55255c3 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gitlab.adoc @@ -0,0 +1,70 @@ +== Scan Images in GitLab Container Registry + +Configure Prisma Cloud to scan your GitLab Container Registry on GitLab without using administrator credentials. +You can use GitLab Personal access token method to authenticate Prisma to access the GitLab Container Registry to manage and get a full list of all container registries/images. + +[.task] +=== Create a New Registry Scan + +*Prerequisites* + +* xref:../../install/deploy-defender/defender-types.adoc[Install a Defender] somewhere in your environment. +* Enable the GitLab Container Registry under your GitLab project settings if it's not enabled already. See the https://docs.gitlab.com/ee/administration/packages/container_registry.html[GitLab administrator documentation] to enable GitLab Container Registry across your GitLab instance. +* Create a https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#personal-access-token-scopes[GitLab Personal access token] with at least "read_api" scope permission. +* Create xref:../../authentication/credentials-store/gitlab-credentials.adoc[GitLab credentials using API token]. + +[.procedure] +. Log in to Console, and select *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. ++ +image::gitlab-container-registry.png[scale=60] + +. In *Add New Registry*, enter the following values: + +.. In *Version*, select *GitLab Container Registry*. + +.. In *Registry*, enter your custom domain URL address to scan. If you don't have a custom GitLab domain, enter the URL as "https://registry.gitlab.com". + +.. In *Repository*, enter the name of the repository to scan, or leave this blank to scan all repositories. + +.. Optionally enter the *Repositories to exclude* them from being scanned. + +.. In *Repository types*, select the repository types that Prisma Cloud should scan. + +.. Enter *Tag* numbers to scan, leave blank, or enter a wildcard (*) to scan all the tags. + +.. Optionally, enter *Tags to exclude*, to avoid scanning images with specified tags. + +.. Enter the details for at least one of the fields based on your GitLab configuration: +... *User ID*: GitLab user account. The user ID is used to get all registries associated with the user. +... *Group ID*: Enter a single group ID, or a list of group IDs. The group ID is used to locate all the registries within a specific group. +... *Project ID*: Enter a GitLab Project ID, or a list of project IDs. The project ID is used to locate all the registries located within a specific project. ++ +[NOTE] +==== +* To trigger a full scan, including all repositories associated with the User ID you provided, enter the User ID. +* When you enter all 3 IDs, Prisma Cloud uses the Project ID and the Group ID to query the GitLab registry. The User ID is not used. +* When you enter any of the following two choices, the ID used to query is +** User ID and Group ID, Prisma Cloud uses the Group ID to query the registry. +** User ID and Project ID, the Project ID is used. +** Group ID and Project ID, both IDs (AND logic) are used. +==== + +.. *Group IDs to exclude* - Only top-level groups should be set here. When user set top-level group to exclude, sub-groups will also be excluded. + +.. In *Credential*, select the GitLab access token credentials that you created in the prerequisites section. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of Defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. For more information, see xref:scan-docker-registry-v2.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. Set *Cap* to the number of most recent images to scan. Leaving *Cap* set to the default value of *5* will scan the most recent 5 images. Setting this field to *0* will scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry.adoc new file mode 100644 index 0000000000..a9501865d8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry.adoc @@ -0,0 +1,77 @@ +== Scan images in Google Artifact Registry + +Although Artifact Registry supports a number of content types (for example, Java, Node.js, and Python language packages), Prisma Cloud only supports discovering and scanning Docker images. + +NOTE: Prisma Cloud doesn't support scanning Helm charts saved as OCI images and stored in Artifact Registry. +Helm charts saved as OCI images have a single layer that contains the Helm package. +It is only a way to store a Helm chart, but it has no meaning in terms of a container. +Therefore, Prisma Cloud can't scan it. + +[.task] +=== Create a new registry scan + +*Prerequisites:* + +* xref:../../install/deploy-defender/defender-types.adoc[Deploy a Defender] somewhere in your environment. + +* Create GCP credentials (service account) with, at minimum, the https://cloud.google.com/artifact-registry/docs/access-control#roles[Artifact Registry Reader role(`roles/artifactregistry.reader`)]. + +* Add the service account credentials to the Prisma Cloud Compute Console credentials store under *Manage > Cloud accounts*. + +[.procedure] +. Open Console, then go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In *Version*, select *Google Artifact Registry*. + +. In *Registry*, enter the registry address. ++ +The format for the address is -docker.pkg.dev. ++ +For example, europe-north1-docker.pkg.dev ++ +Multi-region registry addresses are also supported, -docker.pkg.dev. +For example, us-docker.pkg.dev, europe-docker.pkg.dev, and asia-docker.pkg.dev. + +. In *Credential*, select the service account you created in *Manage > Cloud accounts*. ++ +If the credentials haven't been created already, click *+* to create them now. +If creating credentials: + +.. In *Cloud accounts onboarding*, select *GCP* for the cloud provider. + +.. Enter a credential name. + +.. Select the credential level. + +.. Paste the JSON token blob from your service account into the *Service Account* field. +Leave the *API Token* field blank. + +.. Select *Next*. + +.. Disable agentless scanning, then select *Next*. + +.. Disable cloud discovery, then select *Add account*. + +. (Optional) Refine which images Prisma Cloud should scan with the *Repositories*, *Repositories to exclude*, *Tags*, and *Tags to exclude* fields. ++ +xref:../../configure/rule-ordering-pattern-matching.adoc[Pattern matching] is supported. + +. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +. In *Scanners scope*, select the Defenders to use for the scan. ++ +Console selects the available Defenders from this scope to execute the scan job. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +. Set *Cap* to the number of most recent images to scan. ++ +Leaving *Cap* set to *5* will scan the 5 most recent images. +Setting this field to *0* will scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-harbor.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-harbor.adoc new file mode 100644 index 0000000000..05ab8b12bb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-harbor.adoc @@ -0,0 +1,104 @@ +== Scan Images in Harbor Registry + +Configure Prisma Cloud to scan your Harbor registry. + +[.task] +=== Create a new registry scan + +To scan a repository in Harbor, create a new registry scan setting. + +[.procedure] +. Open Console + +. Go to *Defend > Vulnerabilities > Images > Registry Settings*. + +. Select *Add Registry*. + +. In the dialog, enter the following information: + +.. In *Version*, select *Harbor*. + +.. In *Registry*, enter the FQDN of your Harbor registry. + +.. In *Repository*, enter the name of the repository to scan, or leave this blank to scan all repositories. + +.. Optionally enter the Repositories to exclude them from being scanned. + +.. In *Tag*, enter an image tag. +Leave this field blank to scan all images, regardless of any tags. + +.. Optionally, enter Tags to exclude, to avoid scanning images with specified tags. + +.. In *Credential*, select the credentials to use. ++ +If Console doesn't have a copy of your credentials yet, click *Add New*. +Select *Basic authentication*, and fill out the rest of the fields. +The minimum required credentials for each repository is *Limited Guest*. + +.. The *Bypass deployment security* toggle is applicable only when using Prisma Cloud Compute pluggable scanner. ++ +To scan Harbor projects with the deployment security setting enabled, Harbor requires additional permissions that can not be granted with a regular user credentials. ++ +When the toggle is ON, Prisma Cloud Compute scans the registry using a temporary token provided by Harbor in the scanning request, instead of the credentials provided in the settings. +This token has sufficient permissions to bypass the deployment security setting, and it's the mechanism Harbor provides to allow external security scanners to scan these projects. ++ +When the toggle is OFF, Prisma Cloud Compute uses the credentials provided in the setting to scan the registry. +It will not be able to scan images in Harbor projects with the deployment security setting enabled. ++ +NOTE: Harbor's token expiration time must be at least 30 minutes so that it won't expire during the Prisma Cloud scanning process. +If you set the expiration period to less than 30 minutes, registry scanning might fail. + +.. You can optionally enter a custom *CA certificate* in PEM format for Prisma Cloud to validate the Harbor registry. ++ +Custom CA certificate validation is supported only for non-Docker nodes (e.g. OpenShift). ++ +NOTE: Ensure that the Custom CA certificate that you use is not revoked by the issuing authority. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. Set *Cap* to the number of most recent images to scan. +Leaving *Cap* set to the default value of *5* will scan the most recent 5 images. +Setting this field to *0* will scan all images. + +. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. + +[.task] +=== Integrate Compute as pluggable scanner + +Configure Compute as a pluggable scanner to view vulnerability scan results in Harbor Console itself, in addition to Compute Console. +To add Compute as a vulnerability scanner in Harbor, follow steps outlined above for adding Harbor registry in Compute Console. +Thereafter, follow the steps below in Harbor: + +[.procedure] +. In Harbor, go to the Administration > Interrogation Services page and click New Scanner. + +. In the pop up, enter your Compute Console details. + +.. In *Name*, provide a name for the scanner. + +.. In *HTTP Endpoint*: ++ +Login to your Compute Console, navigate to Defend > Vulnerabilities > Registry page. +Under *Harbor scanner adapter* section, copy the URL from field b: "Use the following URL as the Harbor Scanner endpoint". ++ +NOTE: This section only becomes visible after adding Harbor Registry in Compute Console as a registry as per steps outlined in section above. + +.. *Authorization: None*: ++ +NOTE: Due to a current bug in all Harbor versions other types of authentication methods result in error messages. +See https://github.com/goharbor/harbor/issues/12919 + +. Test Connection and select *Save*. ++ +You can now go to Vulnerability tab under Interrogation services and hit Scan Now for vulnerability scanning reports. ++ +Note that when a scan is revoked from Harbor Console using Compute as a vulnerability scanner, Harbor pulls scan from Compute Console. In order to receive faster results, make sure you scan the registry on Compute Console as well. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry.adoc new file mode 100644 index 0000000000..7f6b34e7eb --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry.adoc @@ -0,0 +1,84 @@ +== Scan Images in IBM Cloud Container Registry + +To scan a repository on IBM Cloud Container Registry, create a new registry scan setting. + +[.task] +=== Create a new registry scan + +*Prerequisites:* + +* xref:../../install/deploy-defender/defender-types.adoc#[Install a Defender] somewhere in your environment. + +* Set up IBM credentials with basic authentication in xref:../../authentication/credentials-store/credentials-store.adoc[Credentials store] and grant Prisma Cloud access to your repository in IBM Cloud. + +** In *Account GUID*, enter the GUID for your IBM Cloud account. +See the IBM Cloud Docs to learn https://cloud.ibm.com/docs/account?topic=account-accountfaqs&interface=cli#account-details[how to get the GUID of an account] + +** In *API Key*, enter your API key. +See the IBM Cloud Docs to learn how to create a service ID for Prisma Cloud, and then https://cloud.ibm.com/docs/account?topic=account-serviceidapikeys&interface=ui#create_service_key[create an API key for the service ID]. + +** Select *Save*. + +[.procedure] + +. Go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In the dialog, enter the following information: + +.. From the *Version* drop-down list, select *IBM Cloud Container Registry*. + +.. In *Registry*, enter the registry address for your +https://cloud.ibm.com/docs/Registry?topic=Registry-registry_overview#registry_regions[region]. ++ +For example, if you use the us-south registry, enter *us.icr.io*. + +.. In *Namespace*, enter the namespace for your image. ++ +For images in private registries, this field is mandatory. +For images in IBM's public registry, leave this field blank. +Wildcards are not supported for this field. ++ +IBM provides +https://cloud.ibm.com/docs/Registry?topic=Registry-registry_overview#overview_elements_namespace[namespaces] +to help you organize your registries. +Namespaces are appended to the registry URL as follows: _registry..icr.io/_ + +.. In *Repository*, enter the repository to scan. ++ +If you leave this field blank or enter a wildcard, Prisma Cloud finds and scans all repositories in the registry. ++ +If you specify a partial string that ends with a wildcard, Prisma Cloud finds and scans all repositories that start with the partial string. ++ +If you specify an exact match, Prisma Cloud scans just the specified repository. + +.. In *Tag*, enter an image tag. ++ +If you leave this field blank or enter a wildcard, Prisma Cloud finds and scans all images in the repository. ++ +If you specify a partial string that ends with a wildcard, Prisma Cloud finds and scans all images that match the partial tag. ++ +If you specify an exact match, Prisma Cloud scans just the specified image with specified tag. + +.. In *Credential*, select the credential you created for IBM Cloud. + +.. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +.. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +.. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +.. *Cap* the number of images to scan. ++ +Specify the maximum number of images to scan in the given repository, sorted according to last modified date. +To scan all images in a repository, set *Cap* to 0. +For a complete explanation of *Cap*, see the table in +xref:../../vulnerability-management/registry-scanning/registry-scanning.adoc[registry scan settings]. + +.. Select *Add and scan*. ++ +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-openshift.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-openshift.adoc new file mode 100644 index 0000000000..b6ab957d8b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-openshift.adoc @@ -0,0 +1,99 @@ +== Scan images in OpenShift integrated Docker registry + +To scan an OpenShift integrated registry, create a new registry scan setting. + +[.task] +=== Create a new registry scan + +*Prerequisites:* + +* xref:../../install/deploy-defender/defender-types.adoc[Install a Defender] and make sure that the defender can access the OpenShift registry. +ifdef::compute_edition[] +* xref:../../install/deploy-defender/defender-types.adoc[Install a Defender] within in your OpenShift cluster. +endif::compute_edition[] + +* Use the `twistlock-service` service account to authenticate to the internal registry. The Defender authenticates to the OpenShift registry using this service account. +** Add the cluster role permission of registry-viewer to the `twistlock-service` account. ++ +---- +oc adm policy add-cluster-role-to-user registry-viewer system:serviceaccount::twistlock-service +---- +** Obtain the password for the twistlock-service account. +*** To get the secret used by the service account run the command - `oc describe sa twistlock-service -n `. +*** Use the *Image pull secrets* value (`twistlock-service-dockercfg-64jtt`) in the following command, for example: ++ +---- +oc get secret twistlock-service-dockercfg-64jtt -n twistlock --output=json|grep openshift.io/token-secret.value +---- +*** Copy the openshift.io/token-secret.value to be used later in the workflow. +*** If you use the OpenShift UI to obtain the token, select *view-all* to see the full token. + +* Place the CA certificate (`ca.cert`) file in any of the following paths. As soon as the certificate is found in a path, the search stops and doesn't go the next path. ++ +`/etc/docker/certs.d//` ++ +`/etc/containers/certs.d//` ++ +`/etc/containerd/certs.d//` +* Set up OpenShift credentials with basic authentication in xref:../../authentication/credentials-store/credentials-store.adoc[Credentials store] and grant Prisma Cloud access to your repository in OpenShift. + +[.procedure] +. Open Console, then go to *Defend > Vulnerabilities > Images > Registry settings*. + +. Select *Add registry*. + +. In *Version*, select *Red Hat OpenShift*. + +. In *Registry*, enter the registry address. ++ +The internal address to access the OpenShift registry is `image-registry.openshift-image-registry.svc:5000`. + +. In *Repository* , specify the repository to scan. ++ +If you leave this field blank or enter a wildcard, Prisma Cloud finds and scans all repositories in the registry. ++ +If you specify a partial string that ends with a wildcard, Prisma Cloud finds and scans all repositories that start with the partial string. ++ +If you specify an exact match, Prisma Cloud scans just the specified repository. + +. Enter *Tag* numbers to scan, leave blank, or enter a wildcard (*) to scan all the tags. + +. Optionally, enter *Tags to exclude*, to avoid scanning images with specified tags. + +. In *Credential*, select OpenShift credentials that you created in the prerequisites section. ++ +In *Password*, enter your service account token. + +. In *OS type*, specify whether the repo holds *Linux* or *Windows* images. + +. In *Scanners scope*, specify the collections of defenders to use for the scan. ++ +Console selects the available Defenders from the scope to execute the scan job according to the *Number of scanners* setting. +For more information, see xref:../../vulnerability-management/registry-scanning/configure-registry-scanning.adoc#deployment-patterns[deployment patterns]. + +. In *Number of scanners*, enter the number of Defenders across which scan jobs can be distributed. + +. Set *Cap* to the number of most recent images to scan. +Leaving *Cap* set to *5* will scan the 5 most recent images. +Setting this field to *0* will scan all images. + +. Select *Add and scan*. +Verify that the images in the repository are being scanned under *Monitor > Vulnerabilities > Images > Registries*. + +=== Troubleshooting + +[.task] +==== x509: certificate signed by unknown authority + +[.procedure] +. Check if the defender can access the OpenShift registry. +ifdef::compute_edition[] +. Ensure that the defender is installed in the same cluster as the OpenShift registry. +endif::compute_edition[] +. Make sure that you have installed the `ca.cert` file in any one of the following locations: ++ +`/etc/docker/certs.d//` ++ +`/etc/containers/certs.d//` ++ +`/etc/containerd/certs.d//` diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/webhooks.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/webhooks.adoc new file mode 100644 index 0000000000..182a9a296a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/webhooks.adoc @@ -0,0 +1,111 @@ +== Trigger Registry Scans with Webhooks + +You can use webhooks to trigger a scan when images in your registry's repositories are added or updated. + +Prisma Cloud supports webhooks for: + +* https://docs.docker.com/docker-hub/webhooks/[Docker Hub] +* https://docs.docker.com/registry/notifications/[Docker Registry] +* https://docs.microsoft.com/en-us/azure/container-registry/container-registry-webhook/[Azure Registry] +* https://help.sonatype.com/repomanager3/integrations/webhooks#:~:text=Webhooks%20are%20defined%20as%20an,events%20happening%20within%20Nexus%20Repository[Nexus Repository] +* https://www.jfrog.com/confluence/display/JFROG/Webhooks[JFrog Artifactory] + +[NOTE] +==== +Prisma Cloud requires Docker Registry 2.4 or later. +// https://stackoverflow.com/questions/32660206/docker-registry-vs-docker-trusted-registry + +Google Container Registry and Amazon Elastic Container Registry do not currently support webhooks. +==== + +For Docker Hub, you must have Automated Builds enabled for your repository. +Docker Hub webhooks are called when an image is built or a new tag is added to your automated build repository. + +For Docker Private Registry, webhooks are called when manifests are pushed or pulled, and layers are pushed or pulled. +Prisma Cloud scans images in response to layer push events. + +For Azure Registry, you can configure webhooks for your container registry that generate events when certain actions are performed against it. See https://docs.microsoft.com/en-us/azure/container-registry/container-registry-webhook-reference/[Azure's documentation] for more information. + +The Console needs a valid and trusted certificate for the webhook to work on JFrog Cloud. + +To trigger a webhook for JFrog Cloud registry, enter a valid and trusted certificate while xref:./scan-artifactory.adoc[configuring your self-hosted JFrog Artifactory]. + +Prisma Cloud also supports xref:../../configure/configure-scan-intervals.adoc#[scheduled registry scans], with support for most of the registry types, including Google Container Registry and Amazon Elastic Container Registry. + + +=== Securing Console's Management Port + +Webhooks call the Prisma Cloud API on Console's management ports over either HTTP or HTTPS. + +ifdef::compute_edition[] +Although it is convenient to test webhooks with HTTP, we strongly recommend that you set up webhooks to call Console over HTTPS. +To call webhooks over HTTPS, you must install a certificate trusted by the registry. +For more information about securing Console's management port with a custom certificate, see +xref:../../configure/certificates.adoc[certificates customization for Console TLS communication]. +endif::compute_edition[] + +NOTE: By default, Prisma Cloud uses self-signed certificates to secure HTTP traffic. +Self-signed certificates are not supported (trusted) by Docker Hub, and Docker Registry would require you to configure Prisma Cloud as a trusted CA certificate (not supported, and not recommended). +Instead install a certificate signed by a trusted certificate authority (CA), such as Comodo or Symantec. + + +[.task] +=== Setting up Webhooks + +To set up webhook-initiated scans, configure your registry's webhook with the URL provided in Console. +The following procedure shows you how to set up webhooks in Docker Hub. + +*Prerequisites:* Docker Hub, with Automated Builds enabled. + +[.procedure] +. Open Console. + +. Go to *Compute > Defend > Vulnerabilities > Images > Registry settings*. + +ifdef::compute_edition[] +. Go to *Defend > Vulnerabilities > Images > Registry settings*. +endif::compute_edition[] + +ifdef::compute_edition[] +. In *Webhooks*, select the DNS name or IP address that the registry uses to reach Prisma Console. This generates a URL that you can use to configure the registry. +endif::compute_edition[] + +. In *Webhooks*, copy the URL to your webhook configuration. + +. Configure your repository. ++ +The following sections show how to configure Docker Hub and Nexus Repository. +For other repositories, consult the vendor's documentation. ++ +* <> +* <> + +. Test the integration by triggering a build. ++ +image::trigger_registry_scan_webooks_706509.png[width=800] + +. Go to *Monitor > Vulnerabilities > Images > Registries* to view the scan report. +Prisma Cloud scans the image as soon as it is built. + +[.task, #_configure_docker_hub] +=== Create a Webhook in Docker Hub + +[.procedure] +. Log in to Docker Hub. + +. In your chosen repository, select *Webhooks*. + +.. Enter a name for the webhook. + +.. Paste the webhook URL that you copied from Prisma Console. + +.. Select *Create*. ++ +image::trigger_registry_scan_webhooks_docker_hub.png[scale=20] + +[#configure-nexus-repository] +=== Create a Webhook in Nexus Repository + +When setting up webhooks in Nexus Repository, select the "component" event type for triggering the webhooks. + +image::trigger_registry_scan_webhooks_nexus.png[width=800] diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/risk-tree.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/risk-tree.adoc new file mode 100644 index 0000000000..5f646c5854 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/risk-tree.adoc @@ -0,0 +1,27 @@ +== Vulnerability risk tree + +Because Prisma Cloud knows the state of all the images in your environment, it can show you all the places you might be at risk to a given set of vulnerabilities. +To generate a risk tree, provide a CVE, and Prisma Cloud returns: + +* A list of images that contain packages affected by the specified CVE. +* A list of running containers (created from the images listed above) that are affected by the specified CVE. +* A list of namespaces where the containers affected by the specified CVE reside. +* A list of hosts where the images affected by the specified CVE reside. +* A list of serverless functions that are affected by the specified CVE. + +The risk tree lets you create a detailed map of your exposure to a vulnerability, and can help you identify the best way to resolve it in your upstream images. + + +=== Generating a risk tree + +Prisma Cloud's +xref:vuln_explorer.adoc[Vulnerability Explorer] +shows you risk trees for the top ten vulnerabilities in your container ecosystem. +To see the risk tree for any arbitrary CVE, use the search tool at the top of the "Top Ten lists" table or Prisma Cloud API. + +To generate a risk tree, submit a CVE to the API. +The API returns an ordered tree of the images that contain those vulnerabilities, containers that are derived from those images, namespaces where these containers reside, and hosts where those images live. +This allows you to automate, with a single API call, the creation of a detailed map of your exposure to the vulnerabilities. + +For complete details about the response object, see the +https://pan.dev/compute/api/get-stats-vulnerabilities-impacted-resources/[API reference] image:ext-link-icon-small.png[scale=100] diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities.adoc new file mode 100644 index 0000000000..9b9988bb09 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities.adoc @@ -0,0 +1,80 @@ +== Scan Images for Custom Vulnerabilities + +Prisma Cloud lets you scan for insecure versions of proprietary software components. + +First, augment the Intelligence Stream of Prisma Cloud with your custom data that specifies a package type, name, and version number. +Then configure Prisma Cloud to take action (alert or block) when the scanner finds this package in an image. +By default, Prisma Cloud raises an alert when it detects a vulnerability in a custom component. + +Prisma Cloud supports the following package types: + +* Distro packages (deb, rpm) +* App packages +* Nodejs packages +* Python packages +* Ruby gems +* Java artifacts (JAR files) + +For cases where Prisma Cloud does not offer built-in support for a package type, you can specify an MD5 hash for the file. + +[.task] +=== Add a Custom Vulnerability + +Define a custom vulnerability. + +[.procedure] +. Open Console. + +. Go to *Manage > System > Custom Feeds > Custom Vulnerabilities*. + +. Select *Add*. + +.. Enter a *Name* for your vulnerability. + +.. Select a package *Type*. ++ +For Debian packages, RPM packages, and shared libraries, select *package*. ++ +If your package type is not supported, select *app*. + +.. Enter a name for your package or app. ++ +Package names must be specific for matching. For example, `containerd` is valid, `containerd*` is not. + +.. Specify the range of package versions for which your rule applies. ++ +The following formats can be used to specify versions: ++ +[cols="25%,50%,25%", options="header"] +|=== +|Rule +|Format +|Example + +|Specific version +|Enter a single multi-dot number. +|1.1 + +|Range of versions: Min and max are known. +|Enter two multi-dot numbers, separated by a dash. +|5.4-5.5 + +|Range of versions: Only min version is known. +|Specify a multi-dot number for the minimum version, followed by a dash, then a wild card. +|0.22.4.1-* + +|Range of versions: Only max version is known. +|Specify a wild card (*) for the minimum version, followed by a dash, then a multi-dot number for the maximum version. +|*-0.22.4.1 +|=== ++ +If package type is set to app, the version fields are not visible. +Instead, enter the MD5 hash for your file or binary. + +. Select *Save*. ++ +Your custom vulnerability is now available to the scanner. ++ +By default, an alert is logged if an image scan detects a component that you have designated as vulnerable. +To see the default rule, go to *Defend > Vulnerabilities > Images*, and click on the *Default - alert all components* rule. To change the default rule, select a different Alert or Block threshold. +To take a different action, create a new vulnerability rule. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-procedure.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-procedure.adoc new file mode 100644 index 0000000000..4b55c1afda --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-procedure.adoc @@ -0,0 +1,98 @@ +== Scanning Procedure + +This article describes the vulnerability image scanning flow for deployed containers, registries, and CI. +The scanning flow is similar for both Docker and Dockerless images, except for a single difference, described in <>. + +=== Image scanning procedure + +Prisma Cloud uses a variety of approaches that are purpose-built differently for detecting packages on images and hosts. + +The Host Defender only scans applications, as well as language-based packages, if the processes are running. + +The Windows Defender only scans packages that are installed with a package manager, missing Microsoft hotfixes, and .net framework applications. + + +The following diagram (Chart 1) shows the Defender scanning flow: + +image::scanning-flow-chart-defender.png[width=400] + +The following diagram (Chart 2) shows the `twistcli` scanning flow: + +image::scanning-flow-chart-twistcli.png[width=400] + +The steps in the scanning flow are: + +. An image scanning request is initiated. +This can be done by one of the following: ++ +* Console - generates periodic scan requests (see Chart 1) +* Defender - when a new container starts (in this step we skip step 1 in Chart 1 since the Defender initiates the scan) +* twistcli - triggered manually or in the CI pipeline (see Chart 2) + +. Defender harvests the image components versions to create the image manifest by scanning the image, and the Defender looks for: + +.. Component and version details from OS package managers. + +.. Executables (identified by magic signatures on the file system) *not* installed by the package manager: + +... Selects the executables that are xref:../vulnerability-management/prisma-cloud-vulnerability-feed.adoc[supported by Prisma Cloud]. + +... Identifies each executable's version details from the binary metadata. + +. Based on the information from step 2, Defender generates an *image manifest* and sends it to the Console. + +. The Console identifies the vulnerabilities in each image by correlating the image manifest with the Intelligence Stream: + +.. The intelligence CVE stream is composed of xref:../install/system-requirements.adoc#image-base-layers[per-distro] CVEs (such as Red Hat and Ubuntu), un-packaged software CVEs (see xref:../vulnerability-management/prisma-cloud-vulnerability-feed.adoc[supported packages and languages]), and various open-source library CVEs (such as Node.js and python). +The Console is continually updated by the Intelligence Stream to provide the most up-to-date results. ++ +The following table lists the manifest files known to the scanner. + +[cols="1,1a", options="header"] +|=== +|Package manager +|File name + +|Go +|go.sum + +|Java (Gradle) +|build.gradle, build.gradle.kts, gradle.properties + +|Java (Maven) +|pom.xml + +|JavaScript (NPM) +|package.json, package-lock.json, npm-shrinkwrap.json, bower.json + +|Python (pip) +|req{asterisk}.txt + +|=== + +.. The correlation results are calculated, stored in a database, and displayed in the Console UI. + +The Console manages the current scan state and distributes the work to Defenders. + + + +=== Scan reports for CRI environments + +*Deployed images* -- The scanning logic is the same for Dockers and Dockerless environments, +the only difference lies in the scanned object. +In Docker environments, Prisma Cloud scans images by running the image with Defender as the entrypoint. +Dockerless doesn't support this method, so for Dockerless environments, Prisma Cloud scans the running container. +As a result, when scanning deployed images in Dockerless environments, the Defender detects the packages added to a running container only when the packages are added before the initial scan. + +NOTE: The Console stores the CI image scan and registry scan results. An image previously scanned as a registry image will not be re-scanned by the Defender at the runtime. + +*Registry scan* -- The scanning logic is the same for Docker and Dockerless environments +Any Container Defender running on a host with the Docker Engine container runtime or container runtime interface (CRI) can scan a registry. +Learn more about xref:registry-scanning/configure-registry-scanning.adoc[registry scanning]. + +NOTE: When a scan result for an image with a certain `SHA-ID` exists, the Console checks if there is a version of the Defender that is newer than the one that scanned the image. If there is a newer Defender available, then the Console sends a scan request to the Defender to re-scan the image with the same `SHA-ID`, if not this image is not re-scanned. + +*Twistcli scans* -- Scans conducted by twistcli are similar for Docker and Dockless (CRI). +In both environments, twistcli scans run from outside the container image. +For Dockerless environments, Podman must be installed on the host, to allow scans to run from outside the container image. Learn more in the xref:../tools/twistcli-scan-images.adoc#dockerless-scan[twistcli scan images document]. + diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-reports.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-reports.adoc new file mode 100644 index 0000000000..872b9ce75d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/scan-reports.adoc @@ -0,0 +1,251 @@ +== Vulnerability Scan Reports + +Prisma Cloud scans images, hosts, and functions to detect vulnerabilities. +The Prisma Cloud Intelligence Stream keeps Console up to date with the latest vulnerabilities. +The data in this feed is used for agentless scanning and is also distributed to your Defenders for scanning purposes. +The initial scan is triggered when a Defender is installed, or when you enable agentless scanning, the scans check for: + +* Published Common Vulnerabilities and Exposures (CVEs) +* Vulnerabilities from misconfigurations +* Malware +* Zero-day vulnerabilities +* Compliance issues +* Secrets +After the initial scan, subsequent scans are triggered: + +* Periodically, according to the xref:../configure/configure-scan-intervals.adoc[scan interval] configured in Console. By default, images are scanned every 24 hours. +* When new images are deployed onto the host. +* When scans are forced with the *Scan* button in Console. + +Through Console, Defender can be extended to scan images for custom components. +For example, you can configure Defender to scan an internally developed library named `libexample.so`, and set a policy to block a container from running if `libexample.so` version `1.9.9` or earlier is installed. +For more information, see Scanning custom components. + +[.task] +=== View Image Scan Reports + +Review the health of all images in your environment. + +// See: https://github.com/twistlock/twistlock/issues/16987 +NOTE: Sorting the table on vulnerability severity based on data from the last scan. +If you update your vulnerability policy with a different alert threshold, rescan your images if you want to be able to sort based on your new settings. + +[.procedure] +. Open Console, then go to *Monitor > Vulnerabilities > Images*. ++ +The table summarizes the state of each image in your environment. ++ +All vulnerabilities identified in the last image scan can be exported to a CSV file by clicking the *CSV* button in the top left of the page. ++ +NOTE: In case multiple images share the same image ID, but with different tags on different hosts, then these will be shown using + in the Tag column, as can be seen in the screenshot below. ++ +image::image_scan_reports_summary_with_multiple_tags.png[width=800] + +. Click on an image report to open a detailed report. + +. Click on the *Vulnerabilities* tab to see all CVE issues. ++ +CVE vulnerabilities are accompanied by a brief description. +Click *Show details* for more information, including a link to the report on the National Vulnerability Database. ++ +[NOTE] +==== +The *Fix Status* column contains terms such as 'deferred', 'fixed in...', and 'open'. +These strings are imported directly from the vendors' CVE databases. +They are not Prisma Cloud-specific. + +image::image-scan-reports.png[scale=20] +==== + +=== Tagging Vulnerabilities + +To help you manage and fix the vulnerabilities in your environment, you can assign tags to each vulnerability. The list of available tags is defined under *Manage > Collections and Tags > Tags > Tag definition* (see xref:../configure/tags.adoc#[Tag definition]). To assign a tag to a vulnerability, click on the *Add Tags to CVE* action in the *Tags* column. + +//image::scan_reports_add_tag.png[width=800] The above image is sufficient to show the feature. + +Tagging a vulnerability will apply by default to the CVE ID, package, and resource you assigned the tag from. You can granularly adjust and extend the tag scope under *Manage > Collections and Tags > Tags > Tag assignment* (see xref:../configure/tags.adoc#[Tag assignment]). + +For example, assigning a tag from the following scan report will apply to _CVE-2020-16156_, package _perl_, and image _ubuntu:20.04_. + +image::scan_reports_tag_scope.png[width=800] + +You can also add comments to each tag assignment, for example, to explain the reason this tag was added. +Do it by clicking the comment icon on the left side of the tag. + +//image::scan_reports_tag_comment.png[width=800] Unnecessary, the above image is sufficient + +By default, all vulnerabilities, according to your policy, are listed. +However, you can also examine vulnerabilities only with specific tags. +Use the drop-down list to filter by tags. + +image::scan_reports_tags_filter.png[width=800] + +Remove a tag from a vulnerability using the close action available on the tag. + +When removing a tag from the scan report, the entire tag assignment is removed, which may be wider than just the single place you remove it from. For example, removing a tag that is applied to image _ubuntu:20.04_ by a tag assignment defined for images _ubuntu:*_, will remove the entire tag assignment, which means the tag will be removed from all _ubuntu_ images. + +For more granular tag removal, go to the *Manage > Collections and Tags > Tags > Tag assignment*, and adjust the relevant tag scope. + +=== Per-layer Vulnerability Analysis + +To make it easier to understand how images are constructed and what components have vulnerabilities, Prisma Cloud correlates vulnerabilities to layers. +This tool helps you assess how vulnerabilities were introduced into an image, and pick a starting point for remediation. + +To see the layer analysis, click on an image to open the scan report, then click the *Layers* tab. + +image::image_scan_reports_layers_tool.png[scale=20] + +NOTE: There are differences in the scan results between an image created by a Dockerfile and an image pulled by a registry. +This is because the times in the image created by Dockerfile are more accurate. Therefore the vulerability scan results from the Dockerfile are more accurate. + +[.section] +==== RHEL Images + +The Prisma Cloud layers tool shows the instructions used to create each layer in an image. +RHEL images, however, don't contain the necessary metadata, so the Prisma Cloud layers tool shows an empty black box. + +image::image_scan_reports_rhel_image.png[width=800] + +To validate that the required metadata is absent, run _docker history IMAGE-ID_ on a non-RHEL image. +The _CREATED BY_ column is fully populated. + +image::image_scan_reports_docker_history_normal.png[width=600] + +Next, run _docker history IMAGE-ID_ on an RHEL image. +Notice that the _CREATED BY_ column is empty. + +image::image_scan_reports_docker_history_rhel.png[width=600] + + +=== Packages Information + +Prisma Cloud uses risk scores to calculate the severity of vulnerabilities in your environment. + + +Scan reports have a *Package info* tab, which lists all the packages installed in an image or host. +It also shows all active packages, which are packages used by running software. + +To see these active packages, open a scan report, open the *Package info* tab, and look at the *Binaries* column (see the *App* column in host scan reports). +This column shows what's actually running in the container. +For example, the fluent/fluentd:latest container in the following screenshot runs _/usr/bin/ruby_. +One of the packages utilized by the Ruby runtime is the bigdecimal gem. +If you were prioritizing mitigation work, and there was a severe vulnerability in bigdecimal, bigdecimal would be a good candidate to address first. + +image::scan_reports_packages_in_use.png[width=600] + +=== Process Information + +Prisma Cloud scan reports provide visibility over the startup processes of the image. +To see the image startup processes, open a scan report and go to the *Process info* tab. + +The processes list is created by a static analysis of the image, which first parses the image history to get the list of startup binaries. +The algorithm then iterates over the image binaries and tries to find these startup binaries on the disk (in the file system). +Those which were found are displayed under the *Process info* tab. + +image::scan_reports_process_info.png[width=600] + + +=== Per-finding Timestamps + +The image scan reports of Prisma Cloud show the following per-vulnerability timestamps: + +* Age of the vulnerability based on the discovery date. +This is the first date that the Prisma Cloud scanner found the vulnerability. + +* Age of the vulnerability based on its published date. +This represents the date the vulnerability was announced to the world. + +Registry scan reports show the published date only. + +image::scan_reports_timestamped_findings.png[width=600] + +Timestamps are per-image, per-vulnerability. +For example, if CVE-2019-1234 was found in image foo/foo:3.1 last week and image bar/bar:7.8 is created from foo/foo:3.1 today, then the scan results for foo show the discovery date for CVE-2019-1234 to be last week and for bar it shows today. + +Timestamped findings are useful when you have time-based SLAs for remediating vulnerabilities (e.g. all critical CVEs must be fixed within 30 days). +Per-finding timestamp data makes it possible to track compliance with these SLAs. + + +=== Host and VM Image Scanning + +Prisma Cloud also scans your hosts and VM images for vulnerabilities. +To see the scan report for your hosts and VM images, go to *Monitor > Vulnerabilities > Hosts*. + +By default, all vulnerable packages, according to your policy, are listed. +However, you can also examine vulnerabilities specific to an app (systemd service). +Use the drop-down list to select an app. +Clear the selection to see all vulnerabilities for a host/VM image. + +image::scan_reports_host_apps.png[width=400] + +The *Package Info* tab lists all packages installed on the host/VM image. +If a package has a component utilized by a running app, the affected running apps are listed in the *Apps* column. + + +Prisma Cloud also collects and displays package license details. +License information is available at all places where package details are displayed, +such as *Monitor > Vulnerabilities > Images* (under the *Package Info* tab), +*Monitor > Vulnerabilities > Hosts* and *Monitor > Vulnerabilities > Registry*, as well as the corresponding API endpoints. + +image::image_scan_reports_761336.png[width=400] + +NOTE: Licensing compliance is supported only for viewing purposes and cannot be included in policies for alert/block capabilities. + + +=== Scan Status + +The initial scan can take substantial time when you have a large number of images. Subsequent scans are much faster. + +To see the status of the image scans, go to *Monitor > Vulnerabilities > Images*. + +Each row in the table represents an image in your environment. + +If an image is being scanned, a progress bar shows the status of the scan. +If there is no progress bar, the scan has been completed. + + +=== Package Types + +Prisma Cloud uses compliance identification numbers to designate the package type when reporting vulnerabilities in images. +Compliance IDs can be found in the CSV export files and API responses. + +To download image reports in CSV format, go to *Monitor > Vulnerabilities > Images*, and click the *CSV* button at the top of the table. +The *Compliance ID*, *Type*, and *Packages* fields report the package ID, package type, and package name respectively. +The API output reports compliance IDs only. + +image::scan_reports_csv_packages.png[width=850] + +The following table shows how compliance IDs map to package type. + +[cols="1,1", options="header"] +|=== +|Compliance ID number +|Package type + +|46 +|Operating system/distro packages + +|47 +|JAR files + +|48 +|Gem files + +|49 +|Node.js + +|410 +|Python + +|411 +|Binary + +|412 +|Custom (set by customer) + +|415 +|Nuget + +|416 +|Go +|=== diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/search-cves.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/search-cves.adoc new file mode 100644 index 0000000000..e82fab65fe --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/search-cves.adoc @@ -0,0 +1,42 @@ +== CVE Viewer + +Common Vulnerabilities and Exposures (CVE) is a system for referencing publicly known vulnerabilities by identifiers. +The goal of the system is to make it easier to share vulnerability data across stakeholders, including software vendors, tool vendors, security practitioners, and end users. + +A _CVE entry_ describes a specific known vulnerability. +Each CVE entry has an identifier, such as CVE-2020-1234. +A _CVE entry_ is colloquially known as a _CVE_, and it's security practitioner parlance for a publicly disclosed vulnerability. + + +[.task] +=== Search for a specific CVE + +You can determine if Prisma Cloud offers coverage for a specific CVE by using the search interface in Console. +The CVE ID syntax is: + + CVE-YYYY-NNNN + +Where: + +[horizontal] +CVE:: CVE-ID prefix. +YYYY:: Calendar year. +NNNN:: Numeric digits. This field has a variable length, but the minimum length is four digits. + +To search for a specific vulnerability: + +[.procedure] +. Open Console, then go to *Monitor > Vulnerabilities > CVE Viewer*. + +. Enter a CVE ID in the search box. ++ +For example, enter *CVE-2022-23806*. ++ +If Prisma Cloud has coverage for the queried vulnerability, details are listed in the results table. ++ +image::search_cves_results.png[width=800] + + +=== Allow a CVE + +Allowing CVEs is done directly as a policy. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/serverless-functions.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/serverless-functions.adoc new file mode 100644 index 0000000000..e1116d405e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/serverless-functions.adoc @@ -0,0 +1,350 @@ +:toc: macro +[#serverless-scanning] +== Serverless Functions Scanning + +toc::[] + +Prisma Cloud can scan serverless functions for visibility into vulnerabilities and xref:../compliance/serverless.adoc[compliance issues]. +For runtime protection, you must deploy a xref:../install/deploy-defender/serverless/serverless.adoc[serverless Defender]. +Prisma Cloud supports AWS Lambda, Google Cloud Functions, and Azure Functions. + +Serverless computing is an execution model in which a cloud provider dynamically manages the allocation of machine resources and schedules the execution of functions provided by users. +Serverless architectures delegate the operational responsibilities, along with many security concerns, to the cloud provider. In particular, your app itself is still prone to attack. +The vulnerabilities in your code and associated dependencies are the footholds attackers use to compromise an app. +Prisma Cloud can show you a function's dependencies, and surface the vulnerabilities in those dependent components. + +=== Capabilities + +For serverless, Prisma Cloud can scan Node.js, Python, Java, C#, Ruby, and Go packages. +For a list of supported runtimes see xref:../install/system-requirements.adoc[system requirements]. + +Prisma Cloud scans are triggered by the following events: + +* When the settings change, including when new functions are added for scanning. +* When you explicitly click the *Scan* button in the *Monitor > Vulnerabilities > Functions > Scanned Functions* page. +* Periodically. +By default, Prisma Cloud rescans serverless functions every 24 hours, but you can configure a custom interval in *Manage > System > Scan*. + +=== The Scanning Process for Serverless Functions + +Configure Prisma Cloud to periodically scan your serverless functions. +Unlike image scanning, the Prisma Cloud console handles all function scanning. +Once you onboarded your cloud accounts, the Prisma Cloud console can give you visibility into vulnerabilities and xref:../compliance/serverless.adoc[compliance issues] in your serverless functions. +For runtime protection, you must deploy a xref:../install/deploy-defender/serverless/serverless.adoc[serverless Defender]. + +The Prisma Cloud console performs the following steps to scan serverless functions. + +. Validates that the Prisma Cloud role for the onboarded cloud account has the appropriate permissions and that those permissions are not blocked by an organizational policy. +. Identifies all serverless functions. +. Extracts a function using the appropriate `GET` method sending it to the Prisma Cloud console. +. Scans the function's code using Palo Alto Networks proprietary methods. +. Writes the scan results to the the Prisma Cloud console. You can see the results under *Monitor > Vulnerabilities > Functions > Scanned functions*. +. Deletes the function code after the scan is completed. +. Validates that the function code is deleted from the Prisma Cloud console. + +image::serverless-scan-process.png[width=300] + +[.task] +=== Scan Lambda Layer Serverless Functions + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > Functions > Functions*. + +. Click on *Add scope*. In the dialog, enter the following settings: + +.. (AWS only) Select *Scan only latest versions* to only scan the latest version of each function. +Otherwise, the scanning will cover all versions of each function up to the specified *Limit* value. + +.. (AWS only) Select *Scan Lambda Layers* to enable scanning function layers as well. + +.. (AWS only) Specify which regions to scan in *AWS Scanning scope*. +By default, the scope is applied to *Regular regions*. +Other options include *China regions* or *Government regions*. + +.. Specify a *Limit* for the number of functions to scan. ++ +[NOTE] +==== +Prisma Cloud scans the X most recent functions, where X is the limit value. +Set this value to '0' to scan all functions. + +For scanning Google Cloud Functions with GCP organization level credentials, the limit value is for the entire organization. Increase the limit as needed to cover all the projects within your GCP organization. +==== + +.. Select the accounts to scan by credential. +If you wish to add an account, click on *Add credential*. ++ +[NOTE] +==== +If you create a credential in the credentials store (*Manage > Authentication > Credentials store*), your service principal authenticates with a password. +ifdef::prisma_cloud[] +To authenticate with a certificate, xref:../cloud-service-providers/use-cloud-accounts.adoc[create a cloud account]. +endif::prisma_cloud[] +==== + +.. Click *Add*. + +. Click the green save button. + +. View the scan report. ++ +Go to *Monitor > Vulnerabilities > Functions > Scanned functions*. + ++ +All vulnerabilities identified in the latest serverless scan report can be exported to a CSV file by clicking on the CSV button in the top right of the table. + + +[.task] +=== View AWS Lambda Layers scan report + +Prisma Cloud can scan the AWS Lambda Layers code as part of the Lambda function's code scanning. +This capability can help you determine whether the vulnerability issues are associated with the function or function Layers. +Follow the steps below to view the Lambda Layers scan results: + +[.procedure] +. Open Console. + +. Make sure you selected the *Scan Lambda layers* in the *Defend > Vulnerabilities > Functions > Functions > Serverless Accounts > Function scan scope* ++ +image::function_scan_scope.png[width=700] + +. Go to *Monitor > Vulnerabilities > Functions > Scanned functions*. + +. Filter the table to include functions with the desired Layer by adding the *Layers* filter. ++ +You can also filter the results by a specific layer name or postfix wildcards. +Example: `Layers:* OR Layers:arn:aws:lambda:*` ++ +image::function_vuls_layers_filter.png[width=700] + +. Open the *Function details* dialog to view the details about the Layers and the vulnerabilities associated with them: + +.. Click on a specific function + +.. See the Function's vulnerabilities, compliance issues and package info in the related tabs. Use the *Found in* column to determine if the component is associated with the Function or with the Function's Layers. ++ +image::vul_function_details.png[width=700] + +.. Use the *Layers info* tab to see the full list of the Function's Layers, and aggregated information about the Layers vulnerabilities. In case that there are vulnerabilities associated with the layer you will be able to expand the layer raw to list all the vulnerabilities. ++ +image::vuls_functions_layers_info.png[width=700] + + +=== Authenticating with AWS + +The serverless scanner is implemented as part of Console. +The scanner requires the following permissions policy: ++ +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PrismaCloudComputeServerlessScan", + "Effect": "Allow", + "Action": [ + "lambda:ListFunctions", + "lambda:GetFunction", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "lambda:GetLayerVersion", + "kms:Decrypt" + ], + "Resource": "*" + } + ] +} +---- + + +*IAM User* + +If authenticating with an IAM user, use the Security Token Service (STS) to temporarily issue security credentials to Prisma Cloud to scan your Lambda functions. +AWS STS is considered a best practice for IAM users per the AWS Well-Architected Framework. +Learn how to use xref:../authentication/credentials-store/aws-credentials.adoc#aws-security-token-service-sts[AWS STS]. + +When authenticating with an IAM user, Console can access and scan functions across multiple regions. + +NOTE: Prisma Cloud doesn't support scanning Serverless functions with IAM policies containing `NotAction` and/or `NotResource` elements. + +*IAM Role* + +ifdef::compute_edition[] +The Prisma Cloud serverless scanner can also authenticate with AWS using an IAM role. +If Console authenticates with AWS using an IAM role, it can assume roles using STS to assume roles in other regions. +endif::compute_edition[] + +ifdef::prisma_cloud[] +IAM roles cannot be used in Prisma Cloud serverless scanning as the Console is not hosted within AWS for Enterprise Edition. +endif::prisma_cloud[] + +[.task] +=== Scanning Azure Functions + +Azure Functions are architected differently than AWS Lambda and Google Cloud Functions. +Azure function apps can hold multiple functions. +The functions are not segregated from each other. +They share the same file system. +Rather than separately scanning each function in a function app, download the root directory of the function app, which contains all its functions, and scan them as a bundle. + +NOTE: Prisma Cloud supports scanning both Windows and Linux functions. For Linux functions, the support is only for functions that use *External package URL* as the deployment technology. +For more information, see https://docs.microsoft.com/en-us/azure/azure-functions/functions-deployment-technologies[Deployment technologies in Azure Functions]. + +To do this, you must know the Region, Name (of the function), and Service Key. +To get the Service Key, download and https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[install the Azure CLI], then: + +[.procedure] +. Within your Azure portal, create a custom role with the following permissions: + + { + "permissions": [ + { + "actions": [ + "Microsoft.Web/sites/Read", + "Microsoft.Web/sites/config/list/Action", + "Microsoft.web/sites/functions/action", + "Microsoft.web/sites/functions/read", + "Microsoft.Web/sites/publishxml/Action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ] + } + +. Using the CLI, log into your account with a user that has the https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#user-administrator[User Administrator] role. + + $ az login + +. Get the service key. + + $ az ad sp create-for-rbac --sdk-auth --name twistlock-azure-serverless-scanning --role CUSTOM_ROLE_NAME ++ +Sample output from the previous command: ++ + { + "clientId": "f8e9de2o-45bd-af94-ae11-b9r8c5tfy3b6", + "clientSecret": "4dfds482-6sdd-4dsb-b5ff-56123043c4dc", + "subscriptionId": "ea19322m-z2bd-501c-dd11-234m547a944e", + "tenantId": "c189c61a-6c27-41c3-9949-ca5c8cc4a624", + "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", + "resourceManagerEndpointUrl": "https://management.azure.com/", + "activeDirectoryGraphResourceId": "https://graph.windows.net/", + "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", + "galleryEndpointUrl": "https://gallery.azure.com/", + "managementEndpointUrl": "https://management.core.windows.net/" + } + +. Copy the JSON output, which is your secret key, and paste it into the *Service Key* field for your Azure credentials in Prisma Cloud Console. + + +=== Scanning Google Cloud Functions + +To scan Google Cloud Functions, you must create an appropriate xref:../authentication/credentials-store/gcp-credentials.adoc[credential] to authenticate with GCP. The service account should include the following custom permissions: + +[source] +---- +cloudfunctions.functions.sourceCodeGet +cloudfunctions.functions.get +cloudfunctions.functions.list +cloudfunctions.locations.get +cloudfunctions.locations.list +cloudfunctions.operations.get +cloudfunctions.operations.list +cloudfunctions.runtimes.list +---- + +NOTE: Prisma Cloud currently supports scanning functions that are packaged with local dependencies. + +=== Scanning functions at build time with twistcli + +You can also use the `twistcli` command line utility to scan your serverless functions. +First download your serverless function as a ZIP file, then run: + + $ twistcli serverless scan + +To view scan reports in Console, go to *Monitor > Vulnerabilities > Functions > CI* or *Monitor > Compliance > Functions > CI*. + +==== Twistcli Options + +ifdef::prisma_cloud[] +`--address` [.underline]#`URI`#:: +Required. +Complete URI for Console, including the protocol and port. +Only the HTTPS protocol is supported. ++ +Example: --address https://https://us-west1.cloud.twistlock.com/us-3-123456789 + +To get the address for your Console, go to *Compute > Manage > System > Utilities*, and copy the string under *Path to Console*. + +`-u`, `--user` [.underline]#`Access Key ID`#:: +_Access Key ID_ to access Prisma Cloud. +If not provided, the `TWISTLOCK_USER` environment variable is used, if defined. +Otherwise, "admin" is used as the default. + +`-p`, `--password` [.underline]#`Secret Key`#:: +_Secret Key_ for the above _Access Key ID_ specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable is used, if defined. +Otherwise, you will be prompted for the user's password before the scan runs. + +_Access Key ID_ and _Secret Key_ are generated from the Prisma Cloud user interface. +For more information, see xref:../authentication/access-keys.adoc[access keys] + +endif::prisma_cloud[] + + +ifdef::compute_edition[] +`--address` [.underline]#`URI`#:: +Required. +Complete URI for Console, including the protocol and port. +Only the HTTPS protocol is supported. +By default, Console listens to HTTPS on port 8083, although your administrator can configure Console to listen on a different port. ++ +Example: --address https://console.example.com:8083 + +`-u`, `--user` [.underline]#`USERNAME`#:: +Username to access Console. If not provided, the `TWISTLOCK_USER` environment variable will be used if defined, or "admin" is used as the default. + +`-p`, `--password` [.underline]#`PASSWORD`#:: +Password for the user specified with `-u`, `--user`. +If not specified on the command-line, the `TWISTLOCK_PASSWORD` environment variable will be used if defined, or otherwise will prompt for the user's password before the scan runs. + +`--project` [.underline]#`PROJECT NAME`#:: +Interface with a specific supervisor Console to retrieve policy and publish results. ++ +Example: --project "Tenant Console" +endif::compute_edition[] + +`--details`:: +Show all vulnerability details. + +`--tlscacert` [.underline]#`PATH`#:: +Path to Prisma Cloud CA certificate file. +If no CA certificate is specified, the connection to Console is insecure. + +`--include-js-dependencies`:: +Include javascript package dependencies. + +`--token` [.underline]#`TOKEN`#:: +Token to use for Prisma Cloud Console authentication. +Tokens can be retrieved from the API endpoint _api/v1/authenticate_ or from the *Manage > Authenticate > User Certificates* page in Console. + +`--cloudformation-template` [.underline]#`PATH`#:: +Path to the CloudFormation template file in JSON or YAML format. Prisma Cloud scans the function source code for AWS service APIs being used, compares the APIs being used to the function permissions, and reports when functions have permissions for APIs they don't need. + +`--function` [.underline]#`NAME`#:: +Function name to be used in policy detection and Console results. When creating policy rules in Console, you can target specific rules to specific functions by function name. If this field is left unspecified, the function zip file name is used. + +`--output-used-apis`:: +Report APIs used by the function + +`--publish`:: +Publish the scan result to the Console. True by default. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/troubleshoot-vuln-detection.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/troubleshoot-vuln-detection.adoc new file mode 100644 index 0000000000..4c441d1f6a --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/troubleshoot-vuln-detection.adoc @@ -0,0 +1,328 @@ +== Troubleshoot Vulnerability Detection + +Prisma Cloud offers a comprehensive Intelligence Stream for vulnerability management that draws on threat intelligence from commercial providers, and the open-source community, as well as distinctive vulnerability intelligence curated by Prisma Cloud vulnerability researchers. + +Use this troubleshooting section to verify the accuracy of Prisma Cloud scan results, understand the logic behind scan reports, and provide the details requested in the template when you submit a support request for further analysis. + +This section answers some common questions related to CVE scan reports: + +. Whether a CVE reported by Prisma Cloud is suspected to be a false positive (meaning there is an assumption that the CVE doesn't exist on a package/image, but it displays on the Prisma Cloud Console) + +. Whether a CVE in Prisma Cloud is suspected to be a false negative (meaning there is an assumption that a CVE does exist on package/image, but it does not display on Prisma Cloud Console) + +=== Prerequisites + +. Ensure you are running the https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-admin/welcome/releases.html[latest] version of Prisma Cloud Compute Console. + +. Ensure you are running a supported version of Prisma Cloud Compute Defenders. +Prisma Cloud Defender version is https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-admin/upgrade/upgrade_process_self_hosted.html[backward compatible] for up to two major releases of Console. + +. Ensure that the image or OS is supported. + +.. If the problem is in a container, ensure that the image is based on a https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-admin/install/system_requirements.html[supported OS]. + +.. If the problem is in a host, ensure it is running a https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-admin/install/system_requirements.html[supported OS]. + +. The connection to Intelligence Stream is up-to-date. + +.. Navigate to *Manage > System > Intelligence*. + +.. Verify that the *status* is *Connected*. ++ +image::troubleshooting_scan_reports_connected.png[scale=60] + +=== Troubleshooting Steps + +After you complete the prerequisite checks, continue to troubleshoot further. The commands below are for Linux distributions but you can use the same process for Windows distributions. + +==== Step 1: Running the Image in a Container + +Whether troubleshooting for a false positive or a false negative scenario, the image should be searched for signs of the given package or file that has been associated with the CVE. +Running the image in a container is a good way to proceed. As a best security practice, always run these experiments in a sandbox environment instead of production. + +Download the image or load it from `tar` archive on a host protected by a container Defender environment: + + docker pull OR docker load -i + +Instantiate a container from the image: + + docker run --rm --detach --name vuln_testing + +[TIP] +==== +If the image exits immediately, the entrypoint or CMD associated with it most likely doesn't spawn a long-running process. In this case, append the `docker run` command with `sleep infinity` command to run the container indefinitely. + + $ docker run --rm --detach --name vuln_testing sleep infinity +==== + +==== Step 2: Investigate the Container + +Get the ID of the running container then `exec` into the running container: + + $ docker ps | grep vuln_testing + $ docker exec -ti /bin/bash + +TIP: If the bash shell isn't installed in the image, try alternate shells such as, /bin/sh or /bin/zsh. + +==== Step 3: Find the Linux Distribution of the Image + +Match the detected OS type in the Console against the listed OS inside the running container to ensure that it was correctly identified. + + $ cat /etc/os-release + +TIP: If the os-release file is not found, look for /etc/redhat-release, /etc/lsb-release, or other files matching /etc/*-release. + +==== Step 4: Locate the Package associated with the CVE + +Locate the package or file that is associated with the CVE that was listed, or that was not detected despite the expectations. +Additionally, confirm the version of the package detected inside the container with the one shown in Prisma Cloud Console or, in case of a false negative, which is shown in the other source confirming the CVE. + +Use the `find` command to look for the package in the filesystem: + + $ find / -name + +Example: + + abc@3f61f8497e23:/# find / -name console + /dev/console + /sys/devices/virtual/tty/console + /sys/class/tty/console + +Run the package binary with --version tag if available. +You can also search for the version in Console. +Go to *Monitor > Vulnerabilities*, then click on an image, and select the *Package Info* tab. + +Example: + + abc@3f61f8497e23:/# /usr/bin/wget --version + GNU Wget 1.20.3 built on linux-gnu. + +Some other ways to find the package, depending on the type of package are - + +[cols="1,3a"] +|=== +|Package Type |Command + +|jar +| +---- +find / -iname '*.jar' \| grep +---- + +Get the version from the jar name. + +Example output: + +---- +/opt/amq/webapps/hawtio/WEB-INF/lib/httpcore-4.4.4.jar +---- + +|Npm/node packages +| +---- +npm list \| grep -i +---- + +---- +sh-4.2$ cd +sh-4.2$ cat package.json \| grep -i version +---- + +If investigating false positives, find the package path from image details in Console. +Select *Monitor > Vulnerabilities > Images*, click on the image, and select the *Package Info* tab. + +|OS +| +For OS packages, use the OS package manager to find the installed package and version. + +For example, you can use the following for RHEL/CentOS/SUSE packages (here searching for the curl package): + +* `rpm -qa {vbar} grep curl` +* `yum list installed {vbar} grep -i curl` +* `dnf list installed {vbar} grep -i curl` + +Another example for Debian/Ubuntu: + +* `apt list --installed {vbar} grep -i curl` +* `dpkg --list {vbar} grep -i curl` + +|python +| +For python packages, you can run the following command in the package path (if already known) + + $ cat __init__.py \| grep -i __version__ + +(OR) in the .dist-info directory. + + $ cat METADATA \| grep -i version + +|=== + +=== Analyzing Results + +The above steps should help answer whether the vulnerable package exists in the image or not, and answer if a CVE is truly a false positive. +If you found the package and the vulnerable version in the image but have questions about the report's accuracy, you can search the vendor's official feeds to confirm the source of the CVE report. + +==== 1. "I found the package, but I'm not sure if it's truly vulnerable." + +Navigate to *Monitor > Vulnerabilities > CVE Viewer*, type the CVE ID, and verify the source matching OS of your image, or look for the reference with empty *Distro* and *Release* if it's a specific language library. + +image::troubleshooting_scan_reports_cve_viewer.png[scale=30] + +You can then directly search vendor feeds to confirm CVE's authenticity. +For OS packages, the relevant vendor site should be consulted. +For specific language libraries, the site of that project should be visited. +https://nvd.nist.gov/[The National Vulnerability Database (NVD)] should be used for locating CVE information that is not available on official vendor feeds. + +[CAUTION] +==== +Vendor vulnerability data may differ between feeds and NVD analysis. +For example, in severity, description, or affected versions. +Prisma Cloud gives more weight to specific vendor analysis to provide accurate vulnerability data. + +Example 1: A vulnerability was determined to be high severity per NVD analysis, but Red Hat Linux analysis determined the vulnerability to be of high severity on RHEL releases. +Prisma Cloud should display high severity in this case. + +Example 2: A vulnerability was discovered in an open-source package and was fixed in the latest release. +NVD analysis mentioned the vulnerability affects all releases earlier than the latest release. +At the same time, the vulnerability could be fixed on earlier releases on RHEL, with maintainers having backported the patch to earlier releases of the package for RHEL. +==== + +==== 2. "I found the vulnerable package, but Prisma Cloud doesn't show it's CVE." + +When looking into a false negative, it is important to confirm the type of the vulnerability (that is anticipated to be "missing" from scan results), where type equals one of the supported formats that Compute currently detects when interrogating an image. + +Supported types: + +* package - an OS package, such as an RPM (Red Hat and derived distributions), dpkg/deb (Debian and derived distributions), or apk (Alpine Linux). +* jar - the Java Archive format, which is a zip file with a standard structure. +The war file format, or web app archive, is also supported. +* python - a Python library, sometimes consisting of zip archives with varying structures and names (eggs, wheels) or plain text files on disk with supporting metadata text files. +* nodejs - a NodeJS library, primarily consisting of text files on disk with supporting metadata text files. +* gem - a Ruby library, consisting of text files on disk with supporting metadata text files. +* go - a Golang binary, which typically contains dependencies that are statically compiled into it. +Where most C programs make use of dynamically linked libraries/shared-objects that are present on the host and pulled in at runtime, Golang binaries usually have their dependencies embedded within them at compile time. +* app - a binary associated with a well-known application, such as Nginx or PostgreSQL. + +If it is one of the above supported types yet missing in Prisma Cloud Compute's scan report, verify that the package in question is not installed through an OS package. +If a detected Third-party package is sourced from an OS package, and the CVE exists on the official feed of the OS distribution - only the CVE information for the OS package will be shown. For example, if there is a "python" application that was installed through the "python-2.7.5-92.el7_9" rpm package for RHEL7, and CVE-XXX-XXX exists in RHEL feed, the scan will not mark the CVE as vulnerable to the "python" application. Only the relevant information from the official feed will be reflected for the "python-2.7.5-92.el7_9" rpm. + +In some cases, like with Amazon Linux and Photon OS, this CVE information is provided in security advisories such as Amazon Linux Security Advisories (ALAS) for Amazon, and PHSA for Photon. In such cases, the correlation for the relevant vulnerabilities is limited. As an example, when the application "Python" is sourced from an Amazon Python package, CVEs found for the python application (as a binary) will not be correlated with the relevant Amazon CVEs from the ALAS. +As an example, when the application “python” is sourced from an Amazon Python package, CVEs found for the python application (as a binary) will not be correlated with the relevant Amazon CVEs from the ALAS. + +You can check if a third-party package is sourced in an OS package by running the following with the path where the package is installed: + +* Debian/Ubuntu: `dpkg -S ` +* RPM package-based systems (e.g. RHEL/CentOS/SUSE): `rpm -qf ` +* Alpine: `apk info --who-owns ` + +If none of the above resolved the issue, then open a support case and provide the following information, so our teams can investigate further. + +=== Submit a Support Request + +When submitting a technical support request with Palo Alto Networks, provide the following information to help our teams identify the root cause quickly. +This information is required to review escalations. + +. Debug logs: Provide full debug logs through *Manage > System > View Logs > Upload/Download Debug logs*. +You can also use twistcli to upload logs: + + $ ./linux/twistcli support upload --help + +.. The debug log option is only available on self-hosted Consoles. +In the event that you have a SaaS Console, gather the console.log (from *Manage > System > View Logs*) and the defender.log (under /var/lib/twistlock/log directory on host) from the host where the image was first scanned. + +. *Image details*: If the issue is in a container image, provide the affected container image (image.tar). +You may also check if the image can be downloaded from Docker Hub and share a link to pull the image. +Always validate the Image ID SHA to ensure it's the same image. +If you are unable to share the image, please provide an image where the issue reproduces that we can analyze. + +. *Scan discrepancy report sheet*: Ensure you have a spreadsheet with the following columns info filled out from your prior analysis. ++ +[cols="1,1,1,1,1,1,1,1"] +|=== +|CVE ID |Package Type |Package Name |Package Version |Path where package is found in image |CVE Reported in Console? Yes/No |CVE Reported by any other vendor/source? |Your explanation/comments + +|Example: CVE-2021-38297 +|OS +|gnutls28 +|3.6.7-4+deb10u5 +|/usr/bin/gnutls +|Yes. Suspect it to be a false positive +|Yes, NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-38297 +|I don't believe this CVE should be reported for this version of package because I don't see version in NVD. + +|=== + +=== Frequently Asked Questions + +==== I see a CVE in the scan, but it does not appear on NVD or is still under analysis. What is the information I'm seeing? + +When a CVE is assigned to a vulnerability, usually NVD analysis takes place, and it may take multiple days for the NVD site to update with a description and the affected release range. +Instead of waiting for the official analysis to complete, our researchers manually review the details of the CVE and add it as a pre-filled CVE to our Intelligence Stream, so you can know you are vulnerable and mitigate the vulnerability before the official analysis is done. +See the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/prisma_cloud_vulnerability_feed.html[Prisma Cloud vulnerability feed] page for more information. + +==== What are PRISMA-* Vulnerabilities? + +Our researchers assign a PRISMA-* identifier for vulnerabilities that lack a CVE ID. +Many vulnerabilities are publicly discussed or patched without a CVE ever being assigned to them. +Our researchers find those vulnerabilities, analyze them and assign a PRISMA ID whenever applicable, so you can know what you need to be aware of. +See the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/prisma_cloud_vulnerability_feed.html[Prisma Cloud vulnerability feed] page for more information. + +==== I see CVEs with the Fix status "affected". What are these? Are they false positives? + +CVEs with the status "affected" are CVEs that don't have a fix yet, and the vendor marked them as affecting the current OS release. +Some other vulnerability scanners don't show them, but these are not false positives. +You can also decide to hide the vulnerabilities with no fix under *Defend > Vulnerabilities*, edit a vulnerability policy and enable *Apply rule only when vendor fixes are available*. + +image::troubleshooting_scan_reports_vendor_fixes.png[scale=30] + +==== I see a lot of low-severity CVEs. What are these? Are they false positives? + +You can decide if you want to see vulnerabilities that have negligible severity or "will not fix" status. +These CVEs have already been reviewed by the vendor and are not going to be fixed. +Although they are not truly false positives, Prisma Cloud Compute doesn't show these CVEs by default, since the vendor decided a fix is not necessary. +You can change this configuration under *Manage > System > Scan > Unactionable vulnerabilities*. + +image::troubleshooting_scan_reports_unactionable_vulns.png[scale=40] + +==== Where do you take CVE information such as severity and fixed version from? + +For known vulnerabilities with a CVE, we rely on the most authoritative source - for OS packages (packages that are maintained by the OS vendor, marked as type "package" in Compute), the CVE details are taken from the specific vendor feed. +For other CVEs, the information is taken from official sources like NVD and vendor-specific Security Advisories. +For new vulnerabilities missing analysis or undocumented vulnerabilities (such as PRISMA-IDs), we rely on severity determined by our researchers. + +==== Do all CVEs reported by Prisma Cloud rely on information from NVD? + +The National Vulnerability Database (NVD) is one of the major sources on which the Intelligence Stream relies for accurate CVE information. In addition to using NVD and other vendor sources, Prisma Cloud security researchers analyze vulnerabilities on a daily basis. In case we find any discrepancies between our analysis to that of NVD or any other vendor, we partner with them to correct any missing or inaccurate information. We strive to contribute to the security of the open-source community. + +==== I see on the Red Hat security page that a CVE affects my OS release, but it doesn't show up in Prisma Cloud scan. What happened? + +Our Intelligence Stream is drawing CVE information from Red Hat API - using https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/red-hat-oval-v2-streams[OVAL v2 streams]. +While the HTML CVE page is already updated, there could be a delay in the API update. + +==== Why does Prisma Cloud show more vulnerabilities than what I see in the Red Hat catalog? + +The Red Hat Container Health Index analysis is based on RPM packages signed and created by Red Hat, and does not grade other software that may be included in a container image. +Thus, non-OS vulnerabilities like jar, python, and others will not be listed on Red Hat Catalog. +Furthermore, the Red Hat catalog only shows CVEs that have a fix, meaning there is a security advisory with the fix. +"Affected" CVEs (see above) don't have a fix, and they won't appear in the Red Hat catalog. + +==== What is the "Published Date" in Console? + +The published date is the date that the CVE was published by the vendor/project or by NVD. +This information is taken from the relevant feed - either the vendor feed or NVD. +Please note that the date a CVE is published in NVD is not the date it was analyzed. +The CVE can be published in NVD and only later updated with the analysis. + +==== What is the "Fix Date" in Console? + +The fix date is the date the vulnerability data was fixed by the vendor. +When we can't find the relevant fix date in the official feeds, the published date in NVD is considered as the fix date. + +==== A new vulnerability is affecting Compute - what should I do? + +If the vulnerability affects Compute that has not yet been addressed, please report it through support channels or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT]. + +==== A CVE exists in NVD, but I don't see it in the CVE viewer, what should I do? + +If you believe a CVE that was fully analyzed by NVD is missing from our feeds, please https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[report it through the support channels]. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/vm-image-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vm-image-scanning.adoc new file mode 100644 index 0000000000..b31e578084 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vm-image-scanning.adoc @@ -0,0 +1,317 @@ +== Configure VM image scanning + +Prisma Cloud supports scanning VM images on AWS, Azure, and GCP. + +On AWS, Prisma Cloud can scan Linux Amazon Machine Images (AMIs). +On Azure, Prisma Cloud supports Managed, Gallery, and Marketplace images. +On GCP, Prisma Cloud supports Public and Custom images (including Premium images). + +VM image scanning is handled by the Console and does not require Defenders. The Prisma Cloud Console scans a VM image by launching or creating a VM instance that is running the VM image that you want to scan. +When you set up Prisma Cloud to scan VM images, you can choose how many scanners to use. For scanning a large number of VM images, increase the number of scanners to scan multiple VM images simultaneously for improved throughput and reduced scan time. +The VM instances created for scanning VM Images come with default tags: +Key - Name, +Value - prismacloud-scan-* + + + +=== AWS + +The following AMIs aren't supported: + +* ARM64 AMI VM images; only x86 AMI VM Images are supported +* Images that don't use cloud-init for bootstrapping, such as Red Hat Enterprise Linux CoreOS (CoreOS for OpenShift). +RHCOS uses Ignition. +* Images that use paravirtualization. +* Images that only support old TLS protocols (less than TLS 1.1) for utilities such as curl. +For example, Ubuntu 12.10. + +==== Prerequisites + +* Access from the VPC to the Prisma Cloud Compute Console. ++ +ifdef::compute_edition[] +For the VMs to send scan results back to the Console, the default port used for communication is 8084. Note that this port is used for communication although Defenders are not used for VM image scanning. +If you use a different port for enabling Defender to Console communication, make sure that the port is allowed access. +endif::compute_edition[] + +* The service account Prisma Cloud uses to scan AMIs must have at least the following policy: ++ +[source,json] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PrismaCloudComputeAMIScanning", + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteSecurityGroup", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:TerminateInstances" + ], + "Resource": "*" + } + ] +} +---- ++ +[NOTE] +==== +* Prisma Cloud requires the permissions listed above for VM image scanning. +To restrict permissions for creating and deleting resources, you can use conditional clauses in AWS IAM policy for the security groups and instances that have the prefix "prismacloud-scan". + +* It is strongly recommended to make sure the images scanned have DeleteOnTermination attribute enabled. +==== + + +=== Azure + +Prisma Cloud supports the following image types: + +* Marketplace images (publicly available images) +* Managed (custom) images +* Shared image galleries +* Encrypted images +* Azure Linux images + +Prisma Cloud doesn't support the following image types: + +* Azure paid images + +==== Prerequisites + +* The service account Prisma Cloud uses to scan Azure images must have at least the following policy: ++ +[source] +---- +Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/versions/read +Microsoft.Compute/images/read +Microsoft.Compute/galleries/read +Microsoft.Compute/galleries/images/read +Microsoft.Compute/galleries/images/versions/read +Microsoft.Resources/subscriptions/resourceGroups/read +Microsoft.Resources/subscriptions/resourceGroups/write +Microsoft.Resources/subscriptions/resourceGroups/delete +Microsoft.Network/networkSecurityGroups/read +Microsoft.Network/networkSecurityGroups/write +Microsoft.Network/networkSecurityGroups/join/action +Microsoft.Network/networkSecurityGroups/delete +Microsoft.Network/networkInterfaces/read +Microsoft.Network/networkInterfaces/write +Microsoft.Network/networkInterfaces/join/action +Microsoft.Network/networkInterfaces/delete +Microsoft.Compute/disks/write +Microsoft.Compute/disks/delete +Microsoft.Network/virtualNetworks/subnets/read +Microsoft.Network/virtualNetworks/subnets/join/action +Microsoft.Compute/virtualMachines/read +Microsoft.Compute/virtualMachines/write +Microsoft.Compute/virtualMachines/start/action +Microsoft.Compute/virtualMachines/delete +Microsoft.KeyVault/vaults/keys/read +Microsoft.KeyVault/vaults/keys/wrap/action +Microsoft.KeyVault/vaults/keys/unwrap/action +---- + +To scan encrypted images, use the Azure `Key Vault Crypto Service Encryption User` built-in role. + +If you have managed and gallery images limited to specific regions, Prisma Cloud skips the scan when the region defined in the scope doesn't match the region defined for the image. + +=== GCP + +Prisma Cloud supports the following image types: + +* Public images (including Premium images) +* Custom images +* Encrypted images + +==== Prerequisites + +You can only scan encrypted images that use a customer-managed encryption key (CMEK). Customer-supplied encryption keys (CSEK) are not supported. + +* The service account Prisma Cloud uses to scan GCP VM images must have at least the following policy: ++ +[source] +---- +compute.disks.create +compute.images.get +compute.images.list +compute.images.useReadOnly +compute.instances.create +compute.instances.delete +compute.instances.get +compute.instances.list +compute.instances.setMetadata +compute.instances.setTags +compute.networks.updatePolicy +compute.networks.use +compute.networks.useExternalIp +compute.subnetworks.use +compute.subnetworks.useExternalIp +---- + +* Verify that the Compute Engine Service Agent service account in the target image project has the `Cloud KMS CryptoKey Decrypter` role or equivalent. +* If you use a shared VPC, verify that the service account in the target image project has the `compute.subnetworks.use` permission in the project containing the subnetwork. For a shared VPC, the project containing the shared VPC is the host project. ++ +This https://cloud.google.com/iam/docs/service-agents[built-in service account] ends with `compute-system.iam.gserviceaccount.com`. +The service agent has these permissions by default since it used these permissions to encrypt the images. + + +[.task, #_vm_images_scan_settings] +=== VM Image Scans + +If you remove a VM image, or it becomes unavailable, Prisma Cloud maintains the scan results for 30 days. +After 30 days, the scan results are automatically deleted. +When a scan is canceled, it might take a few minutes for the scan to stop completely. + +NOTE: On Console upgrade, VM image scanning results from the previous Console version are deleted. + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities/Compliance > Hosts > VM Images*. + +. Select *Add Scope*. ++ +Define the scan settings. ++ +[cols="15%,85%a", options="header"] +|=== +|Field +|Description + +|Provider +|Specify the cloud provider. +The supported providers are AWS, Azure, and GCP. + +|Credential +|Specify the credential required to access the VM images and launch the VM instance on the Cloud Service Provider. + +ifdef::compute_edition[] +Select a credential from the drop-down or *Add New*. +If you create a credential in the credentials store (*Manage > Authentication > Credentials store*), your service principal authenticates with a password. +endif::compute_edition[] + +ifdef::prisma_cloud[] +As a best practice, https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-account-onboarding[onboard the cloud account on Prisma Cloud] and select the credential associated with that cloud service provider from the drop-down. Ensure that either the Agentless Workload Scanning or the Agent-Based Workload Protection capability is enabled for the service account or role to have adequate permissions for VM Image scanning. To scan VM Images, Prisma Cloud requires permissions to create a VM instance, along with the networking components to communicate the scan results back to the Console. + +If you choose to add the credentials on Compute> Manage > Cloud Account: + +* For AWS you can use Access Keys for authentication: IAM role is not supported. +* For Azure, you can use the Service Key or Certificate. +* For GCP, you can use the Service Account credentials. + +endif::prisma_cloud[] + +|Project ID (GCP only) +|Specify the project ID where the service account was created. + +|Image type (Azure only) +|Specify the relevant image type. +Prisma Cloud supports three image types: Managed, Gallery, and Marketplace. + +|Images +|Specify the VM images to scan. +Leave * to scan all images. + +[NOTE] +==== +ON AWS: +When the image field contains a string and a wildcard (e.g. Amazo*), only private AMIs are scanned. +When using explicit image names, AWS Marketplace, and community AMIs are scanned as well. +Only the AMI names are permitted in the image field. AMI IDs are not supported. +==== + +Use the label field in the referenced collection to restrict the scan for the specified label on the VM Image. +Use the key-value pattern 'key:value'. + +All supported resource fields support xref:../configure/rule-ordering-pattern-matching.adoc[pattern matching]. + +|Excluded VM images +|Specify VM images to exclude from the scan. +This field supports xref:../configure/rule-ordering-pattern-matching.adoc[pattern matching]. + +|Region (AWS and Azure) +|Specify the region to scan. + +|Console address +|Specify the Console URL for the scanner VM instance to use. + +ifdef::compute_edition[] +|API communication port +|If your Console listens on a port other than the default port, specify the port number. +By default, Console listens on port 8083. +endif::compute_edition[] + +|Zone (GCP only) +|Specify the Zone where scan instances will be deployed. + +|Number of scanners +|Specify the number of VM images to concurrently scan. +Increase the number of scanners to increase throughput and reduce scan time. + +|Cap +|Choose the maximum number of VM images you want to scan, and they will be sorted based on their 'Creation Date.' Scanning begins with the most recently created VM images and proceeds in descending order of creation date. + +In the case of Azure Marketplace and Managed images, the images are scanned according to their resource ID, in descending lexicographic order (i.e., ID3, then ID2, then ID1). + +To scan all VM images, set value to 0. + +ifdef::compute_edition[] +|VPC Name (GCP only) +|If you want a custom VPC for the scanner VM instance, specify the VPC name. +endif::compute_edition[] + +|VPC ID and Subnet ID (AWS only) +|If you want a custom VPC for the scanner VM instance, specify the VPC id to use (e.g., vpc-xxxxx). +If you want a custom subnet for the scanner VM instance, specify the subnet id to use (e.g., subnet-xxxxx). +[NOTE] +==== +VPC ID and subnet ID are mapped 1:1. +You can only scope one VPC and subnet for a rule. +==== + +|Subnet (GCP only) +|If you want a custom subnet for the scanner VM instance, specify the subnet name. + +|Subnet Resource ID (Azure only) +|Specify the Resource ID of the subnet where scan instances should be deployed. + +|Instance Type +|For AWS, the default is m4.large. For Azure, the default is standard_D2s_v4. For GCP, the default is e2-standard-2. + +|Enable Secure boot (GCP only) +|Enable the option to verify the digital signature with secure boot for the temporary VM instance created for VM image scanning. + +|=== + + +[.task, #_vm_images_rules] +=== Add Rule for Scanning VM Images + +To define which VM images to scan, create a new VM images scan rule. + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities/Compliance > Hosts > VM Images*. + +. Select *Add Rule*. + +. Specify the thresholds for vulnerabilities or compliance. + +. Select *Save*. + + +=== Additional scan settings + +Additional scan settings can be found under *Manage > System > Scan*, where you can set the xref:../configure/configure-scan-intervals.adoc[VM images scan interval]. + diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/vmware-tanzu-blobstore.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vmware-tanzu-blobstore.adoc new file mode 100644 index 0000000000..2f1e9ded1b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vmware-tanzu-blobstore.adoc @@ -0,0 +1,97 @@ +== VMware Tanzu Blobstore Scanning + +Prisma Cloud for TAS can scan the droplets in your blobstores for vulnerabilities. +Prisma Cloud can be configured to scan your blobstores periodically. +Defenders are the entities that perform the scanning. + +NOTE: When you install Tanzu Application Service (TAS) Defender in your environment, it automatically scans the running apps and hosts in your environment without any special configuration required. + +Tanzu stores large binary files in blobstores. +Blobstores are roughly equivalent to registries. +One type of file stored in the blobstore is the droplet. + +Droplets are archives that contain ready to run applications. +They are roughly equivalent to container images. +Droplets contain the OS stack, a buildpack (which contains the languages, libraries, and services used by the app), and custom app code. +Before running an app on your infrastructure, the Cloud Controller stages it for delivery by combining the OS stack, buildpack, and source code into a droplet, then storing the droplet in a blobstore. + +The _twistcli_ command line tool also lets you scan droplet files directly. +You can integrate _twistcli_ into your CLI to pass or fail builds based on vulnerability thresholds. + + +[.task] +=== Configure Prisma Cloud to scan a blobstore + +Prisma Cloud can scan both internal and external blobstores, and blobstores configured to use the Fog Ruby gem or WebDAV protocol. + +*Prequisite:* You've already xref:../install/deploy-defender/orchestrator/install-tas-defender.adoc[installed TAS Defender] in your environment. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Defend > Vulnerabilities > VMware Tanzu blobstore*. + +. Click *Add blobstore*. + +. In *Blobstore location*, select if scanning is Local or Remote. ++ +Prisma Cloud allows you to scan a blobstore by a Defender within the same TAS environment, or to scan it by a Defender in a remote TAS environment. If the Defender (the Scanner) runs in the same TAS environment as the blobstore, select *Local*. If you want a Defender to scan a blobstore in a different TAS environment, select *Remote*. + +. In *Blobstore's cloud controller*, specify the cloud controller address of the blobstore you want to scan. + +. For *Remote* scanning: + +.. (Optional) In *Foundation*, specify the foundation of the blobstore to scan. The foundation name will then be added as a label to the droplets scanned on this blobstore, which allows you to use it as a criteria for xref:../configure/collections.adoc[Collections]. + +.. In *Credentials*, enter the credentials required to access the remote blobstore. If the credentials have already been created in the Prisma Cloud credential store, select it. If not, click *Add* to create new credentials. ++ +The user role of the credentials you use should be one of the following: Admin, Admin Read-Only, Global Auditor, Org Manager, Space Auditor, Space Developer, or Space Manager. For non-admin users, the _cloud_controller.read scope_ is also required. + +.. (Optional) In *CA certificate*, enter a CA certificate in PEM format. + +.. In *Scanner's cloud controlles*, specify the cloud controller address of the TAS environment where the scanning Defender is located. + +. In *Scanner*, specify a Defender to execute the scanning. ++ +Prisma Cloud lists all the agentIDs where Defender is installed. +To correlate the agentID to the Diego cell's IP address, and determine which host runs a Defender, log into any Diego cell, and inspect _/var/vcap/instance/dns/records.json_. +This file shows the correlation between agentID and host IP address. + +. In *Application name*, specify the droplets to scan. +Wildcards are supported only at the beginning and at end of the application name. To scan all droplets, enter a single wildcard (`{asterisk}`). + +. In *Cap*, specify the maximum number of droplets to scan. +To scan all droplets, enter 0. + +. Click *Add*. + +. Click *Save*. + + +[.task] +=== Review scan reports + +Scan reports show all vulnerabilities found in the droplets in your blobstores. +By default, droplets are rescanned every 24 hours. + +A droplet, which is an artifact of the app staging process, contains the minimum required data to specify an app (binaries/libraries). +Droplets are stored in blobstores. +Review scan reports for droplets in *Monitor > Vulnerabilities > VMware Tanzu blobstore*. + +When an application is run in a Diego cell, it's run on top of a stack, currently cflinuxfs3, which is derived from Ubuntu Bionic 18.04. +Defender automatically scans all running applications (buildpack and docker). +Review the scan reports for running apps in *Monitor > Vulnerabilities > Images*. + +If you compare the findings for a buildpack app in *Monitor > Vulnerabilities > VMware Tanzu blobstore* and *Monitor > Vulnerabilities > Images*, you'll notice a difference in the number of findings. +Remember that *Monitor > Vulnerabilities > Images* reports any additional findings in the app's underlying stack that would not be found in the droplet alone. + +NOTE: When TAS stages Docker-based apps, it doesn't stage an associated droplet in the blobstore. +Therefore, blobstore scanning alone won't cover Docker-based apps. +If you're running Docker containers in TAS, and you want to scan the images before they run, then configure Prisma Cloud to xref:../vulnerability-management/registry-scanning/scan-docker-registry-v2.adoc[scan the container registry]. + +[.procedure] +. Log into Prisma Cloud Console. + +. Go to *Monitor > Vulnerabilities > VMware Tanzu blobstore* to see a list of summary reports for each droplet. + +. To drill into a specific scan report, click on a row in the table. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/vuln-explorer.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vuln-explorer.adoc new file mode 100644 index 0000000000..2e8ec9c70f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vuln-explorer.adoc @@ -0,0 +1,258 @@ +== Vulnerability Explorer + +Most scanners find and list vulnerabilities, but Vulnerability Explorer takes it a step further by analyzing the data within the context of your environment. +Because Prisma Cloud can see how the containers run in your environment, we can identify the biggest risks and prioritize them for remediation. + +To view Vulnerability Explorer, open Console, then go to *Monitor > Vulnerabilities > Vulnerability Explorer*. + + +=== Roll-ups + +The charts at the top of the Vulnerability Explorer help you answer two questions: + +_1. How many CVEs do you have?_ + +image::vulnex_trend_by_vulns.png[width=800] + +For each object type (image, host, function), the chart reports a count of vulnerabilities in each object class in your environment as a function of time. +Consider an environment that has just a single image, where that image has three vulnerabilities: one high, one medium, and one low. +Then at time=today on the *Images vulnerabilities* chart, you could read the following values: + +{nbsp}{nbsp}{nbsp} Critical - 0 + +{nbsp}{nbsp}{nbsp} High - 1 + +{nbsp}{nbsp}{nbsp} Medium - 1 + +{nbsp}{nbsp}{nbsp} Low - 1 + +Note: The CVE statistics listed in the Vulnerability Explorer are per CVE-ID and not a total count of all CVEs under all resources. + +_2. How many images do you need to fix?_ + +image::vulnex_trend_by_resources.png[width=800] + +For each object type (image, host, function), the chart reports a count of the highest severity vulnerability in each object class in your environment as a function of time. +Consider an environment that has just a single image, where that image has three vulnerabilities: one high, one medium, and one low. +Then at time=today on the *Impacted images* chart, you could read the following values: + +{nbsp}{nbsp}{nbsp} Critical - 0 + +{nbsp}{nbsp}{nbsp} High - 1 + +{nbsp}{nbsp}{nbsp} Medium - 1 + +{nbsp}{nbsp}{nbsp} Low - 1 + +Let's look at it another way with a different set of data. +Assume the reading at t=today reports the following values, where t is some point on the x-axis of the chart. + +{nbsp}{nbsp}{nbsp} Critical - 1 + +{nbsp}{nbsp}{nbsp} High - 1 + +{nbsp}{nbsp}{nbsp} Medium - 0 + +{nbsp}{nbsp}{nbsp} Low - 2 + +If your policy calls for addressing all critical vulnerabilities, then the chart tells you that there is precisely one image in your environment that has at least one critical vulnerability. +Therefore, your work for today is to fix one image. +That image might also have two high vulnerabilities and twenty low vulnerabilities, which you will see when you open the image's scan report, but this chart is not designed to give you a count of a total number of vulnerabilities. + +=== Filter tool + +The filter tool at the top of the page allows you to search for a CVE ID to determine if any image, function, or host in your environment is impacted by a specific vulnerability (whether it is in the critical vulnerabilities list or not). + +The filter tool also allows you to filter vulnerabilities based on CVSS threshold, Severity threshold, or Collections in your environment. For example, the CVE matches the filter if its highest severity is equal to or higher than the severity specified. + +=== Vulnerabilities (CVE) results + +Vulnerability Explorer gives you a ranked list of the most critical vulnerabilities in your environment based on the risk score. +The ranked list consists of CVEs that are affecting the environment. Each CVE includes data about its risk factors, severity, CVSS, impacted packages, and impacted resources. + +There are separate top ten lists for the container images, registry images, hosts, and functions in your environment. + +image::vulnex_results_top_10.png[width=800] + +You can export the full list of CVEs affecting your environment in a CSV format. +You can also download a detailed CSV report on impacted resources for a CVE ID from the *Actions* column. + +The most important factor in the risk score is the vulnerability's severity. +But additional factors are taken into account, such as: + +* Is a fix available from the vendor? +* Is the container exposed to the Internet? +* Are ingress ports open? +* Is the container privileged? +* Is an exploit available? + +The underlying goal of the risk score is to make it actionable (should you address the vulnerability, and with what urgency). +Factors that contribute to the risk score are shown in the Highest risk factor columns. + +image::vulnex_results_filtered.png[width=800] + +Running containers can introduce additional environmental factors that increase the calculated score for a vulnerability. +For example, when the container runs as root, it could exacerbate the problem. +A list of container traits that heighten the risk is listed in the detailed information dialog when you click on a row in the top ten tables. + +Consider the following guidelines: + +* The data for each CVE ID that consists of the highest risk score, highest CVE risk factors, highest environmental risk factors, highest severity, and highest CVSS for all impacted packages display the highest value for the CVE based on your entire environment. +This is irrespective of the applied filters, collections, or accounts that you are assigned to. +* The vulnerability (CVE) results hide the *impacted resources* if you use a filter or have an assigned collection or account as the percentage refers to the entire environment. This is supported for the System Admin role only. +* The exported CSV displays an empty column of *impacted resources* if you use a filter or have an assigned collection or account as this percentage refers to the entire environment. +* If a filter returns more than 100 results, only the top 100 results are shown. You can download the full data in a CSV format. +* You cannot combine the filters *CVSS threshold* and *Severity threshold* with *Collections*. Also, filtering by *CVSS threshold* and *Severity threshold* is not supported for users with assigned collections or accounts. +* The vulnerability (CVE) results display vulnerabilities based on a set filter threshold or higher. + +==== CVE ID details + +The vulnerability explorer CVE dialog appears when you click on a row in the Vulnerabilities (CVE) results. + +The vulnerability explorer CVE dialog displays the following: + +* CVE description and its impacted packages. +* A list of all impacted resources such as deployed images, registry images, hosts, and functions filtered based on the severity threshold, CVSS threshold, or collections if specified in the *Filter tool* of the vulnerability explorer. +* The highest risk profile for a CVE ID based on the highest risk in an environment. ++ +For each resource type, the highest risk profile includes the risk score and risk factors found in the entire environment and is regardless of the filters and assigned collections or accounts. + +In the risk profile section, you can see the percentage of the impacted resources along with the risk score. ++ +The *impacted resources percentage* is not displayed if you use a filter or have assigned collections or accounts as it reflects the value based on the entire environment. + +You can export a list of impacted resources in a CSV format from here or from the *Actions* column as described earlier. + +For each impacted resource, you can hover over the *Vulnerability* tag next to the resource name to see the specific package, severity, and CVSS of the CVE for a resource. + +image::vuln_explorer_CVE_dialog.png[width=500] + +==== Image details +The image details also show the Start time when the image was first deployed within the container. + +image::vuln_explorer_image_details.png[width=500] + +Also, you can see the time duration that has elapsed since the deployment. This helps in determining how long a vulnerable image has been running. + +NOTE: In **Prisma Cloud Compute > Manage > System > Scan > Scan settings > Running images**, when the option *Only scan images with running containers* is turned off, the image details show the Start time when the Defender first reads the image. This is applicable for all images (deployed and not deployed). + +=== Risk factors + +//https://github.com/twistlock/twistlock/blob/4310557802dad6a1503e776c6dd97ff6a1de220d/pkg/shared/vulnerabilities.go + +Risk factors are combined to determine a vulnerability's risk score. +Vulnerabilities with the highest risk scores are surfaced in the top ten lists. + +Risk factors can also be used to prioritize individual vulnerabilities for mitigation. +For example, if your cluster runs containers from disparate business groups, a major concern might be container breakouts. +DoS vulnerabilities would likely be much less important than remote code execution vulnerabilities, particularly if exploit code were available, you were running as root, and you didn't have AppArmor or SELinux applied. + +To filter vulnerabilities based on risk factors: open the image, host, or function scan report; open the *Vulnerabilities* tab; and select one or more risk factors. + +image::vuln_explorer_risk_factors.png[width=700] + +Prisma Cloud supports the following risk factors: + +* *{Critical | High | Medium} severity* -- +Vulnerability severity. + +* *Has fix* -- +Fix is available from the distro, vendor, or package maintainer. + +* *Remote execution* -- +Vulnerability can be exploited to run arbitrary code. + +* *DoS {High/Low}* -- +Component is vulnerable to denial of service attacks, such as buffer overflow attacks, and ICMP floods. The risk is categorized as high or low based on impact. + +* *Recent vulnerability* -- +Vulnerability was reported in the current or previous year. + +* *Exploit PoC* -- +Code and procedures to exploit the vulnerability are publicly available. + +* *Exploit in the wild* -- +Exploit attempts of this vulnerability that have been seen in the wild. All vulnerabilities are from the https://www.cisa.gov/known-exploited-vulnerabilities-catalog)[CISA KEV Catalog]. + +* *Attack complexity: low* -- +Vulnerability is easily exploited. + +* *Attack vector: network* -- +Vulnerability is remotely exploitable. +The vulnerable component is bound to the network, and the attacker's path is through the network. + +* *Reachable from the internet* -- +Vulnerability exists in a container exposed to the internet. + +* *Listening ports* -- +Vulnerability exists in a container that is listening on network ports. + +* *Container is running as root* -- +Vulnerability exists in a container running with elevated privileges. + +* *No mandatory security profile applied* -- +Vulnerability exists in a container running with no security profile. + +* *Running as privileged container* -- +Vulnerability exists in a container running with --privileged flag. + +* *Sensitive information* -- +Vulnerability exists in a container or a serverless function that stores private keys or has environment variables that provide sensitive information. + +* *Root Mount* -- +Vulnerability exists in a container with access to the host filesystem. + +* *Runtime socket* -- +Vulnerability exists in a container with access to the host container runtime socket. + +* *Host Access* -- +Vulnerability exists in a container with access to the host namespace, network, or devices. + +* *Package in use* -- +Vulnerability exists in a component that is actually running. +For example, if Redis is running in a container or on a host as a service, then all the following (hypothetical) vulnerabilities could be surfaced by filtering on this risk factor: ++ + redis (main process) CVE-XXX, CVE-XXX + |- libssl (dependent package) CVE-XXX, CVE-XXX + |- libzip (dependent package) CVE-XXX, CVE-XXX + ++ +NOTE: The 'package in use' risk factor is only supported for Java JARs ++ +For more details, see xref:scan-reports.adoc[scan reports]. + +=== Risk trees + +Risk trees lists all the images, namespaces, containers, and hosts that are vulnerable to a specific CVE. +Risk trees are useful because they show you how you are exposed to a given vulnerability. +Because Prisma Cloud already knows which vulnerabilities impact which packages, which packages are in which images, which containers are derived from which images, which containers run in which namespaces, and which hosts run which containers, we can show you the full scope of your exposure to a vulnerability across all objects in your environment. + +For each top ten vulnerability, Prisma Cloud shows you a vulnerability risk tree. +To see the vulnerability tree for a given CVE, click on the corresponding row in the top ten table to open a detailed CVE assessment dialog. + +image::vulnex_risk_tree.png[width=650] + +You can also generate a risk tree for any arbitrary CVE in your environment by entering the CVE ID into the search bar at the top of the page, then clicking on the result in the table to open a detailed CVE assessment dialog. + +// Copied over from the risk_tree.adoc + +// Because Prisma Cloud knows the state of all the images in your environment, it can show you all the places you might be at risk to a given set of vulnerabilities. +// To generate a risk tree, provide a CVE, and Prisma Cloud returns: + +//* A list of images that contain packages affected by the specified CVE. +//* A list of running containers (created from the images listed above) that are affected by the specified CVE. +//* A list of namespaces where the containers affected by the specified CVE reside. +//* A list of hosts where the images affected by the specified CVE reside. +//* A list of serverless functions that are affected by the specified CVE. + +//The risk tree lets you create a detailed map of your exposure to a vulnerability, and can help you identify the best way to resolve it in your upstream images. + + +=== Recalculating statistics + +Statistical data is calculated every 24 hours. +You can force Console to recalculate the statistics for the current day with the latest data by clicking the *Refresh* button in the top right of Vulnerability Explorer. +You must rescan each resource such as deployed images, registries, hosts, and functions before a refresh. +The *Refresh* button has a red marker when new data is available to be crunched. + +NOTE: The Vulnerability Explorer can not be refreshed when filters are applied. To continue with the *Refresh* option, you need to remove the filters. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/vuln-management-rules.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vuln-management-rules.adoc new file mode 100644 index 0000000000..e714aa73dc --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vuln-management-rules.adoc @@ -0,0 +1,353 @@ +== Vulnerability Management Policies + +Vulnerability policies are composed of discrete rules. +Rules declare the actions to take when vulnerabilities are found in the resources in your environment. +They also control the data surfaced in Prisma Cloud Console, including scan reports and Radar visualizations. + +Rules let you target segments of your environment and specify actions to take when vulnerabilities of a given type are found. +For example, + +{nbsp}{nbsp}{nbsp} _Block images with critical severity vulnerabilities from being deployed to prod environment hosts_ + +When there is no matching rule for vulnerability scanning on specific resources such as an image or a function, Prisma Cloud generates alerts on all vulnerabilities that are found. + +There are separate vulnerability policies for containers, hosts, and serverless functions. +Host and serverless rules offer a subset of the capabilities of container rules, the big difference being that container rules support blocking. + +You can scope the vulnerabilities policies by collections and by package types. + +[.task] +=== Create Vulnerability Rules + +Prisma Cloud ships with a simple default vulnerability policy for containers, hosts, and serverless functions. +These policies have a rule named _Default - alert all components_, which sets the alert threshold to low. +With this rule, all vulnerabilities in images, hosts, and functions are reported. + +As you build your policy, you create rules that filter out insignificant information, such as low-severity vulnerabilities, and surface vital information, such as critical vulnerabilities. + +xref:../configure/rule-ordering-pattern-matching.adoc#rule-order[Rule order] is important. +Prisma Cloud evaluates the rule list from top to bottom until it finds a match based on the object filters. + +By default, Prisma Cloud optimizes resource usage by only scanning images with running containers. +Therefore, you might not see a scan report for an image when it is first pulled into your environment unless it's been run. Note that images for short-lived containers are not scanned. +To scan all images on the hosts (except CRI-O and containerd images) in your environment, go to *Manage > System > Scan*, set *Only scan images with running containers* to *Off*, and *Save*. + +NOTE: When **Only scan images with running containers** is turned off, the image details show the start time when the Defender first reads the image. This is applicable for all images (deployed and not deployed), except CRI-O and containerd images. + +To create a vulnerability rule: + +[.procedure] +. Open Console. + +. Go to *Defend > Vulnerabilities > {Images | Hosts | Functions}*. + +. Select *Add rule*. + +. Enter a *Rule name* and configure the rule. Configuration options are discussed in the following sections. + +. *Save* the configuration. + +. Go to *Monitor > Vulnerabilities* to view the scan reports. ++ +image:vulnerability-scan-reports.png[scale=10] + +=== Severity-based Actions + +Vulnerability rules let you specify alert, block, or fail triggers based on severity thresholds. +You can scope these rules based on collections and per-package type for granularity. + +For the package type, you can only set alert or block severity thresholds. + +The Severity-based actions let you establish quality gates in the CD segment of your continuous integration (CI) continuous deployment (CD) pipeline. + +The Severity threshold can be set at different values. + +image::risk-factors.png[width=350] + +Setting the alert threshold to off allows all vulnerabilities for the resources in scope (as defined by your filters). +Practically, resource nodes in Radar turn green (no issues to report), and scan reports are empty (no issues to report). + +When you create a xref:../technology-overviews/defender-architecture.adoc#blocking-rules[blocking rule], Defender automatically installs itself as the final arbiter of all container lifecycle commands. +This way, the Defender can assess a Docker command, your current policy, and the status of an image before either forwarding the command to runC for execution or blocking it altogether. + +In *Rule type*, you can define the severity threshold for *Generic* collection or per-package type when you select *Package type specific* rule. +When you define vulnerabilities policies by package type, you can monitor alerts at a granular level and focus on vulnerabilities in specific packages. + +* You can add any of the available package types: `Jar`, `Python`, `Nodejs`, `Gem`, `Go`, and `App`. +* The package type severity thresholds apply to all workload types - deployed images, CI Images, hosts, VM images, functions, and CI Functions. +* You can select all, multiple, or a single package type. The default rule applies to all package types. +* Each package type should have a unique threshold, you cannot define different thresholds for the same package type. + +image::package-type-specific-severity.png[scale=15] + +=== Risk Factors-based Actions + +For deployed and CI images, you can trigger different actions such as alert, block, and fail based on risk factors - "Exploit in the wild" and "Exploit POC". +All the vulnerabilities that match any severity threshold or the risk factors will be listed in the scan results under *Monitor > Vulnerabilities > Images > Deployed/Registries/CI*. +For example, you can set an alert on the vulnerabilities with severity high and critical, and choose "exploit in the wild" so you will be also alerted on any vulnerability with this risk factor. + +image::risk-factors.png[width=350] + +Image scan failed due to vulnerability policy violations by severity or by risk factors: + +image::vulnerability-blocked-severitiy-risk-factor.png[width=350] + +[NOTE] +==== +* Each risk factor can be selected once per alert or block notification. +* Setting the alert threshold to off allows all vulnerabilities for the resources in scope (as defined by your filters). Practically, resource nodes in Radar turn green (no issues to report), and scan reports are empty (no issues to report). +==== + +=== Exclude Base Image Vulnerabilities + +Enable *Exclude base image vulnerabilities* to ignore the vulnerabilities introduced by base images from being displayed on the monitor scan results. To use this feature, you need to first specify the base image under *Monitor > Vulnerabilities > Images > Base images*. + +image::exclude-base-image-vulnerabilities.png[width=350] + +NOTE: Prisma Cloud does not support base image filtering for the images that are built using kaniko, owing to an issue in kaniko that filters out the vulnerabilities from the whole application. + +=== Scope + +The scope field lets you target the rule to specific resources in your environment. +The scope of a rule is defined by referencing one or more collections. +By default, the scope is set to *All* collection, which applies the rule globally. +For more information about creating and managing collections, see xref:../configure/collections.adoc[here]. + +image::vuln_management_rules_filters.png[width=700] + +=== Vendor Fixes + +Rules can be applied conditionally, depending on whether vendor fixes are available. +For example, you could tune your policy to block the deployment of containers with a critical vulnerability only if the vulnerable package has an update that resolves the issue. +Otherwise, the deployment would be allowed to proceed. + +Some vulnerabilities have a vendor status of "Will not fix". +This status is applied when vendors don't intend to resolve a vulnerability because it poses no significant risk to your environment. + +=== Rule Exceptions + +You can configure Prisma Cloud to: + +* Alert, block, or fail on specific CVEs or tags (deny). +* Ignore specific CVEs or tags (allow). + +Under *Advanced settings*, create a list of vulnerabilities and tags and specify how the scanner should handle them. +Leaving the expiration date blank enforces the action until the CVE or tag is removed from the list. +If you set an expiration date, and the current date is later than the expiration date, the scanner ignores the directive. +The CVE or tag remains on the list even if it's expired. It must be manually removed. +Notice that for tag exceptions, in case of a conflict (a vulnerability with two tags or more that have different actions in the rule exceptions) there's no guarantee what action will apply. + +image::vuln_management_rules_exceptions.png[width=700] + +=== Custom Terminal Output + +Prisma Cloud lets you create rules that block access to resources or block the deployment of vulnerable containers. +For example, you might create a rule that blocks the deployment of any image that has critical severity vulnerabilities. +By default, when you try to run a vulnerable image, Prisma Cloud returns a terse response: + + $ docker run -it ubuntu:14.04 sh + docker: Error response from daemon: [Prisma Cloud] Image operation blocked by policy: (sdf), has 44 vulnerabilities, [low:25 medium:19]. + +To help the operator better understand how to handle a blocked action, you can enhance Prisma Cloud's default response by: + +* Appending a custom message to the default message. +For example, you could tell operators where to go to open a ticket. + +* Configuring Prisma Cloud to return an itemized list of compliance issues rather than just a summary. +This way, the operator does not need to contact the security team to determine which issues are preventing deployment. +They are explicitly listed in the response. + +When terminal output verbosity is set to *Detailed*, the response looks as follows: + + $ docker run -it ubuntu:14.04 sh + docker: Error response from daemon: [Prisma Cloud] Image operation blocked by policy: (sdf), has 44 vulnerabilities, [low:25 medium:19]. + Image ID CVE Package Version Severity Status + ===== == === ======= ======= ======== ====== + ubuntu:14.04 4333f1 CVE-2017-2518 sqlite3 3.8.2-1ubuntu2.1 medium deferred + ubuntu:14.04 4333f1 CVE-2017-6512 perl 5.18.2-2ubuntu1.1 medium needed + . + . + . + +=== Grace Period + +Grace periods temporarily override the blocking action of a rule when new vulnerabilities are found. +Grace periods give you time to address a vulnerability without compromising the availability of your app. +You can configure a uniform grace period for all severities or provide different settings for each severity. + +When grace periods are configured, alerts trigger as normal, notifying you that a vulnerability exists in your environment. +The block action is suppressed for the number of days specified, giving you time to mitigate the vulnerability. + +The start time for the grace period is the date the vulnerability was identified by the Intelligence Stream (IS), known as the "fix date". The end time is the fixed date plus the number of days configured for the grace period. +For any feed collected by IS that does not provide a fix date for CVE, Prisma Cloud Compute will determine the fix date as the date when the fix for the CVE was first seen by the Intelligence Stream. Therefore, the calculation for the grace period will now start with the date on which the CVE fix was seen on the Intelligence Stream and not the CVE publish date. + +For example, if a CVE was first discovered without a fix, and a fix was released later, the grace period for fixing the CVE would start from the date the fix was published, even though the vendor feed didn't provide us with an explicit fix date. + +image::cve-fix-status.png[scale=15] + +NOTE: For the feeds that do provide a fix date for the CVEs (such as RHEL), the fix date will always be determined as the fix date provided by the vendor, and the grace period will be calculated using this fix date. + +//There will be no change in the fix date for the existing CVEs in the IS, only the fix date for the new CVE fixes starting from Lagrange will change. + +The Consoles from older versions will also support the change for CVEs with no fix date provided by the vendor, since the change is done on the Intelligence Stream (IS) side which supports all the Consoles. + +The following diagram shows how Prisma Cloud Defender responds to a vulnerability discovered in your environment. +Assume you have a vulnerability rule that blocks the deployment of any image with critical vulnerabilities, and the grace period is 30 days. + +image::vuln_management_rules_grace_period.png[scale=15] + +* T~1~ -- The image has passed the security gates in your CI pipeline. +It has no critical vulnerabilities, so it's pushed to the registry. +* T~1~ - T~2~ -- The orchestrator runs the image in your cluster. +The image has no critical vulnerabilities, so Defender allows it to run. +* T~2~ -- Prisma Cloud Intelligence Stream acquires new threat data that identifies a critical vulnerability in the image. +The package vendor released a fix as soon as the vulnerability was disclosed. +In the next scan (by default, scans run every 24 hours), Prisma Cloud reports the vulnerability, and raises an alert if alerts are configured in the vulnerability rule. +* T~2~ - T~grace_period~ -- Prisma Cloud temporarily overrides the block rule, while the dev team addresses the vulnerability. +The orchestrator can continue to pull copies of the image into your environment and run it. +* T~grace_period~ -- Grace period expires. +If the vulnerability has not been fixed yet, Prisma Cloud blocks any new deployments of the image from this time forward. + +Grace periods are a policy setting that's available for all components that enforce vulnerability policy, namely Defender, twistcli, and the Jenkins plugin. +In order to surface the issue as early as possible in the development lifecycle, you can specify a grace period in the CI pipeline. +For example, this control would let you fail image builds that have critical vulnerabilities that were fixed over 30 days ago. + +//image:grace-period-disabled-with-risk-factors.png[width=250] + +NOTE: The Grace period is disabled when the vulnerabilities are blocked by risk factors. + +[.task] +==== Configure Grace Period + +You can configure grace periods for block actions (deployed images) and fail builds (CI images). + +[.procedure] +. In Console, go to *Defend > Vulnerabilities > Images > Deployed/CI*. + +. Select an existing rule or select *Add rule* to create a new rule. + +. Enter a *Rule name*, *Notes*, and *Scope*. + +. Select the *Rule type* to be *Generic* or *Package type specific*. + +. Select the desired Alert/Block/Failure threshold based on Severity/Risk factors. ++ +The failure or block threshold must be equal to or greater than the alert threshold. +You must define a failure/block threshold to configure grace period. + +.. Configure *Block grace period*: + +... Select if you want to define a common grace period for *All severities* or define different grace periods *By severity* (Critical, High, Medium, and Low) type. + +... Enter the number of grace period days. ++ +Note: In *By severity* grace period you can specify the number of days only for the severities that are configured to be failed or blocked in the severity threshold. +The default value is 0. ++ +image::risk-factors.png[width=350] ++ +Note: The Grace period is disabled when the vulnerabilites are blocked by risk factors. + +==== Elapsed Time + +All scan reports show whether a vulnerability has been fixed (fix status) and when it was fixed (fix date), and the time remaining in the grace period. +Scan reports are available from the: + +* Console UI. +* Console UI as a CSV download. +* API (JSON or CSV). +* Jenkins plugin. +* twistcli. + +The following example screenshot shows how the status of grace periods is displayed. +Grace periods are either still in force or expired. +For grace periods in force, the number of days remaining in the grace period is displayed. +For grace periods that have expired, the number of days since they expired is displayed. +Scan reports for running images can be retrieved from *Monitor > Vulnerabilities > Images > Deployed*. + +image::vuln_management_rules_grace_period_remaining_time.png[width=350] + +The following screenshot shows how the data is represented in the CSV scan report: + +image::vuln_management_rules_grace_period_csv_scan_report.png[width=800] + +[.task] +=== Blocking Based on Vulnerability Severity + +This example shows you how to create and test a rule that blocks the deployment of images with critical or high-severity vulnerabilities. + +[.procedure] +. In Console, go to *Defend > Vulnerabilities > Images > Deployed*. + +. Select *Add rule* and configure the rule. + +.. Target the rule to a specific image. In *Scope*, for example, select a collection with *Images* *nginx{asterisk}*. + +.. Set both *Alert* and *Block* *Severity threshold* to *High*. + +. Select *Save*. + +. Validate your policy by pulling down the nginx image and running it. + +.. SSH to a host protected by Defender. + +.. Pull the nginx:1.14 image. + + $ docker pull nginx:1.14 + +.. Run the nginx image. + + $ docker run -it nginx:1.14 /bin/sh + docker: Error response from daemon: oci runtime error: [Prisma Cloud] Image operation blocked by policy: my-rule, has 7 vulnerabilities, [high:7]. + +.. Review the scan report for nginx:1.14. +Go to *Monitor > Vulnerabilities > Images*, and click on the entry for nginx:1.14. +You'll see several high-severity vulnerabilities. ++ +By default, Prisma Cloud optimizes resource usage by only scanning images with running containers. +Therefore, you won't see a scan report for nginx until it's run. ++ +image::vuln_management_rules_scan_report.png[width=700] + +.. Review the audit (alert) for the block action. +Go to *Monitor > Events*, then click on *Docker*. ++ +image::vuln_management_rules_block_audit.png[width=700] + +[.task] +=== Blocking Specific CVEs + +This example shows you how to create and test a rule that blocks images with a specific CVE. + +[.procedure] +. In Console, go to *Defend > Vulnerabilities > Images*. + +. Click *Add rule*. + +.. Enter a *Rule name, such as *my-rule2*. + +.. Click *Advanced settings*. + +.. In *Exceptions*, click *Add Exception*. + +.. In *CVE*, enter *CVE-2018-8014*. ++ +NOTE: You can find specific CVE IDs in the image scan reports. +Go to *Monitor > Vulnerabilities > Images*, select an image, then click *Show details* in each row. + +.. In *Effect*, select *Block*. + +.. Click *Add*. + +.. Click *Save*. + +. Try running an image with the CVE that you've explicitly denied. + + $ docker run -it imiell/bad-dockerfile:latest /bin/sh + docker: Error response from daemon: oci runtime error: [Prisma Cloud] Image operation blocked by policy: my-rule2, has specific CVE CVE-2018-8014 + + +=== Ignoring Specific CVEs + +Follow the same procedure as above, but set the action to *Ignore* instead of *Block*. +This will allow any CVE ID that you've defined in the rule, and lets you run images containing those CVEs in your environment. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/vulnerability-management.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vulnerability-management.adoc new file mode 100644 index 0000000000..8a3cffd985 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/vulnerability-management.adoc @@ -0,0 +1,5 @@ +== Vulnerability management + +Identify and prevent vulnerabilities across the entire application lifecycle while prioritizing risk for your cloud native environments. +Integrate vulnerability management into any CI process, while continuously monitoring, identifying, and preventing risks to all the hosts, images, and functions in your environment. +Prisma Cloud combines vulnerability detection with an always up-to-date threat feed and knowledge about your runtime deployments to prioritize risks specifically for your environment. diff --git a/docs/en/compute-edition/32/admin-guide/vulnerability-management/windows-image-scanning.adoc b/docs/en/compute-edition/32/admin-guide/vulnerability-management/windows-image-scanning.adoc new file mode 100644 index 0000000000..0f0851150d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/vulnerability-management/windows-image-scanning.adoc @@ -0,0 +1,24 @@ +== Windows container image scanning + +ifdef::compute_edition[] +// The Windows Intelligence Stream is enabled by default in SaaS. +// As such, there's no toggle in the SaaS UI. +To scan Windows images, the Windows Intelligence Stream must be enabled. +You can find the setting under *Manage > System > Intelligence*. +By default, the Windows Intelligence Stream is disabled. +endif::compute_edition[] + +There are a number of things to consider when scanning Windows container images: + +* Prisma Cloud Console only runs on Linux hosts. +Prisma Cloud Defender, which does the actual scanning work, comes in xref:../install/deploy-defender/defender-types.adoc[a number of flavors]. +On Windows, Prisma Cloud supports Container Defender and Host Defender. + +* The container OS version must match the host OS version where Defender runs. +For example, Defender on Windows Server 1803 can scan nanoserver:1803, but it can't scan nanoserver:1809. +Conversely, Defender on Windows Server 1809 can scan nanoserver:1809, but it can't scan nanoserver:1803. + +* Prisma Cloud requires a privileged user inside the container to scan it. +In more recent versions of Windows (Windows Server, version 1803 or higher, build 17134 or higher), Prisma Cloud uses the ContainerAdministrator account. +This account has complete access to the whole file system and all of the resources in the container. +In older versions of Windows, specifically Windows Server 2016 (version 1607, build 14393), ContainerAdministrator does not exist, so Prisma Cloud uses the default user. diff --git a/docs/en/compute-edition/32/admin-guide/waas/api-def-scan.adoc b/docs/en/compute-edition/32/admin-guide/waas/api-def-scan.adoc new file mode 100644 index 0000000000..4ed5afa4c8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/api-def-scan.adoc @@ -0,0 +1,79 @@ +== API definition scan + +Prisma Cloud scans the API definition files and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. +API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats. + +You can use the following methods to scan an API definition file: + +* Upload API definition file to Console +* Run twistcli, a CLI tool aimed for CI/CD. +Twistcli scans the API definition file and returns a full report with issues. +* Import an OpenAPI definition file into a WAAS app: +When you import an OpenAPI definition file into a WAAS app, the Console automatically scans for issues. +You can view the full report of the scan by navigating to *Monitor* > *WAAS* > *API definition scan*. + + +=== twistcli reference for scanning API definition files + +Run the following command: + + $ ./twistcli waas openapi-scan + +*Syntax*: + + twistcli waas openapi-scan [command options] [arguments...] + +*OPTIONS*: + +* address value: Prisma Cloud Console URL. This is the value twistcli uses to connect to Console (required) (default: "https://127.0.0.1:8083") + +* exit-on-error: Immediately exits scan if an error is encountered (not supported with --containerized) + +* password value, -p value: Password for authenticating with Prisma Cloud Console. +For Prisma Cloud Enterprise Edition, specify the secret key associated with the access key ID passed to --user [$TWISTLOCK_PASSWORD] + +* project value: Target project + +* tlscacert value: Path to Prisma Cloud CA certificate file + +* token value: Token for authenticating with Prisma Cloud Console + +* user value, -u value: User for authenticating with Prisma Cloud Console. +For Prisma Cloud Enterprise Edition, specify an access key ID (default: "admin") [$TWISTLOCK_USER] + + +[.task] +=== Upload API definition file + +To import an API definition file, follow the steps below: + +[.procedure] +. Open the Console, and go to *Monitor > WAAS > API definition scan*. + +. *Upload* an API definition scan file. ++ +The following screenshot shows the API definition scan files: ++ +image::api_def_scan_list.png[width=700,align="left"] ++ +You can also filter the API definition files by using the scan date, import source, or file name. + +[.task] +=== View API definition scan report details + +[.procedure] +. Open the Console, and go to go to *Monitor > WAAS > API definition scan*. ++ +API definition scan reports are available along with the description of the file source such as twistcli scan, upload to the console, or WAAS app (where the file was imported). + +. In the *Actions* column, click *View*. ++ +The following screenshot shows the severity of issues and their related categories: ++ +image::api_def_scan_issues.png[width=700,align="left"] + +. To view detailed information such as reference to the file, issue link, and so on for a specific issue, click on an issue under the *Findings* column. ++ +The following screenshot shows a preview of various locations and details in the Openapi spec file for a selected issue: ++ +image::api_def_scan_issue_number.png[width=700,align="left"] diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-containers.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-containers.adoc new file mode 100644 index 0000000000..a07379eaf6 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-containers.adoc @@ -0,0 +1,41 @@ +== Deploy WAAS Out-Of-Band for Containers + +Create a new rule to deploy WAAS xref:../waas-intro.adoc#waasoob[Out-Of-Band] for Containers. + +=== Prerequisites + +* You have xref:../../install/deploy-defender/defender-types.adoc#[installed a Container Defender] in your workload environment. +* A TLS certificate in PEM format. + +[.task] +=== Create a WAAS rule for Out-Of-Band network traffic + +To deploy WAAS for Out-Of-Band network traffic, create a new rule, define application endpoints, and select protections. + +[.procedure] +:waas_containers: +:waas_oob: +:waas_oob_containers: +include::fragments/create-waas-rule.adoc[leveloffset=0] + +[.task] +=== Add an App (policy) to the rule + +[.procedure] +:waas_oob: +include::fragments/add-app-policy.adoc[leveloffset=0] + +[#actions] +=== WAAS Actions for Out-Of-Band traffic + +The following actions are applicable for the HTTP requests or responses related to the *Out-Of-Band traffic*: + +* *Alert* - An audit is generated for visibility. + +* *Disable* - The WAAS action is disabled. + +=== Troubleshooting + +*No inspection generated by WAAS Out-Of-Band for TLS protocol* + +Ensure that the requests use a supported TLS protocol and cipher suite, and respect the limitations listed in the Limitations section. diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-hosts.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-hosts.adoc new file mode 100644 index 0000000000..5136e34061 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-hosts.adoc @@ -0,0 +1,43 @@ +== Deploy WAAS Out-Of-Band for Hosts + +Create a new rule to deploy WAAS xref:../waas-intro.adoc#waasoob[Out-Of-Band] for Hosts for Linux Operating System. +//This is a technical limitation as of 22.12.xxx (Lagrange Update3) version. +Out-Of-Band for hosts is not supported for Windows. + +=== Prerequisites + +* You have xref:../../install/deploy-defender/defender-types.adoc[installed a Host Defender] in your workload environment. +* A TLS certificate in PEM format. + +[.task] +=== Create a WAAS Rule for Out-Of-Band Network Traffic + +To deploy WAAS for Out-Of-Band network traffic, create a new rule, define application endpoints, and select protections. + +[.procedure] +:waas_oob_hosts: +:waas_oob: +:waas_hosts: +include::fragments/create-waas-rule.adoc[leveloffset=0] + +[.task] +=== Add an App (policy) to the Rule + +[.procedure] +:waas_oob: +include::fragments/add-app-policy.adoc[leveloffset=0] + +[#actions] +=== WAAS Actions for Out-Of-Band traffic + +The following actions are applicable for the HTTP requests or responses related to the *Out-Of-Band traffic*: + +* *Alert* - An audit is generated for visibility. + +* *Disable* - The WAAS action is disabled. + +=== Troubleshooting + +*No inspection generated by WAAS Out-Of-Band for TLS protocol* + +Ensure that the requests use a supported TLS protocol and cipher suite, and respect the limitations listed in the Limitations section. diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-waas.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-waas.adoc new file mode 100644 index 0000000000..f0df8a97db --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-waas.adoc @@ -0,0 +1,108 @@ +== Deploy WAAS + +WAAS (Web-Application and API Security) can secure both containerized and non-containerized web applications. +To deploy WAAS, create a new rule, and declare the entity to protect. + +Although the deployment method varies slightly depending on the type of entity you're protecting, the steps, in general, are: + +. Define rule resource. +. Define application scope. +. Enable relevant protections. + + +=== Understanding WAAS rule resources and application scope + +The WAAS rule engine is designed to let you tailor the best-suited protection for each part of your deployment. Each rule has two scopes: + +* Rule resources. +* Application list. + + +==== Rule Resources + +This scope defines, for each type of deployment, a combination of one or more elements to which WAAS should attach itself to protect the web application: + +* *_For containerized applications_* - Containers, images, namespaces, cloud account IDs, hosts. +* *_For non-containerized applications_* - Host on which the application is running. +* *_For containers protected with App-Embedded Defender_* - App ID. +* *_For serverless functions_* - Function name. + +NOTE: In the event of scope overlap (when multiple rules are applied to the same resource scope), the first rule by order will apply and all others will not apply. You can reorder rules via the `Order` column in WAAS rule tables by dragging and dropping rules. + +==== Application List + +This scope defines the protected application's endpoints within the deployment as a combination of one or more of the following: + +* *_Port (Required)_* - For containerized applications, the internal port on which the application is listening. For all other types, the externally facing port. +* *_HTTP hostname_* - The default setting is set to `*` (wildcard indicating all hostnames) +* *_Base path_* - Lets you apply protection policy on certain paths of the application (e.g. "/admin", "/admin/*", etc.) +* *_TLS_* - TLS certificate to be used when expecting encrypted inbound traffic. + +To better illustrate, consider the following deployment scenario for a web application running on top of an NGINX cluster: + +image::cnaf_deployment_example.png[width=650] + +In this example, different policies apply for different parts of the application. +The steps for deploying a WAAS rule to protect the above-described web application would be as follows: + +. *Define rule resources* - Specify the resource collection the rule applies to. Collections are comprised of image names and one or more elements to which WAAS should attach itself to protect the web application. In the following example, the rule will apply to all containers created by the Nginx image.  ++ +image::waas_nginx_scope.png[width=550] + +. *Define protection policy for 'login', 'search', and 'product' endpoints* - Set OWASP Top 10 protection to "Prevent" and geo-based access control to "Alert". + +. *Define protection policy for the application's API endpoints* - Set OWASP Top 10 and API protection to "Prevent" and HTTP header-based access control to "Alert". + +Once the policy is defined, the rule overview shows the following rule resource and application definitions: + +image::waas_rule_example.png[width=650] + +* *_Rule Resources_* - Protection is applied to all NGINX images +* *_Apps List_* - We deployed two policies each covering a different endpoint in the application (defined by HTTP hostname, port, and path combinations). + + +==== Protection evaluation flow + +WAAS offers a range of protection targeted at different attack vectors. +Requests inspected by WAAS will be inspected in the following order of protection: + +* Bot protection +* App firewall (OWASP Top-10) +* API protection +* DoS protection + +WAAS Inline proxy will continue to inspect a request until "Prevent" or "Ban" actions are triggered, at which point the request will be blocked, and the evaluation flow will be halted. In the case of WAAS Out-of-band, the requests will be inspected and alerts will be sent to the Console. + +For example, in the WAAS Inline proxy setup, assume all protections in bot protection are set to "Prevent". An incoming request originating from a bot and containing a SQL injection payload would be blocked by the bot protection (since it precedes the app firewall in the evaluation flow), and the SQL injection payload will not be assessed by the app firewall. + +In a different scenario, suppose that all bot protections are set to "Alert" and all app firewall protections are set to "Prevent". A request originating from a bot containing a command injection payload will generate an alert event by bot protection and will be blocked by the app firewall protection. + +[#recommended-deployment-phases] +[.task] +=== Recommended WAAS Deployment Phases + +It is recommended that WAAS is first deployed in non-production environments, and then promoted and implemented in production environments gradually. +Below are the guidelines for each of the recommended phases and their prerequisites. + +*Prerequisites:* + +* A way to test the application before deploying WAAS and verify that it's working properly, e.g., a working cURL command with the expected outcome. +* A certificate (public certificate and private key files in PEM format) is required if the application employs TLS. +* If you are planning to protect API endpoints, please provide API specification files if available (Swagger or OpenAPI 3) + +[.procedure] +. Deploy WAAS in a test environment (preferably one that is as similar to production as possible). ++ +All protections will be set to "Alert". + +. Allow WAAS to inspect traffic to the test environment for a few days, then regroup to examine triggers and findings. It is recommended to generate traffic to the test environment preferably requests that simulate real user messages. ++ +The goal here is to fine-tune protections so that they correspond with the design of the protected application. ++ +This would also be a good way to assess the performance impact introduced by WAAS and compare it to the performance of the application before the deployment of WAAS. + +. Following the successful completion of phases 1 and 2, deploy WAAS on a small portion of production with the same configuration that you tested in the test environment. ++ +Next, examine the findings after a few days and make any necessary adjustments to the policies. + +. Deploy WAAS across the entire production deployment of the application. diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-app-embedded.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-app-embedded.adoc new file mode 100644 index 0000000000..dbd0e4b77d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-app-embedded.adoc @@ -0,0 +1,48 @@ +== Deploy WAAS for Containers Protected By App-Embedded Defender + +In some environments, Prisma Cloud Defender must be embedded directly inside the container it is protecting. This type of Defender is known as an App-Embedded Defender. +App-Embedded Defender can secure these types of containers with all WAAS protection capabilities. + +The only difference is that App-Embedded Defender runs as a reverse proxy to the container it's protecting. +As such, when you set up WAAS for App-Embedded, you must specify the exposed external port where App-Embedded Defender can listen, and the port (not exposed to the Internet) where your web application listens. +WAAS for App-Embedded forwards the filtered traffic to your application's port - unless an attack is detected and you set your WAAS for App-Embedded rule to *Prevent*. + +When testing your Prisma Cloud-protected container, be sure you update the security group's inbound rules to permit TCP connections on the external port you entered in the WAAS rule. This is the exposed port that allows you to access your web application's container. +To disable WAAS protection, disable the WAAS rule, and re-expose the application's real port by modifying the security group's inbound rule. + +To embed App-Embedded WAAS into your container or Fargate task: + +[.task] +=== Create a Rule for App-Embedded + +[.procedure] +. Open Console, and go to *Defend > WAAS > App-Embedded*. ++ +image::waas_deployment_types_app_embedded.png[width=400] + +. Select *Add rule*. + +. Enter a *Rule name* and *Notes* (Optional) for describing the rule. + +. Choose the rule *Scope* by specifying the resource collection(s) to which it applies. ++ +image::waas_select_scope.png[scale=20] ++ +Collections define a combination of App IDs to which WAAS should attach itself to protect the web application: ++ +image::waas_define_app_embedded_collection.png[width=550] + +. (Optional) Enable *API endpoint discovery*. ++ +When enabled, the Defender inspects the API traffic to and from the protected API. +Defender reports a list of the endpoints and their resource path in *Compute > Monitor > WAAS > API discovery*. + +. *Save* the rule. + +=== Add an App (policy) to the rule + +:waas-app-embedded: +:waas_port: +:response_headers: +:advanced_tls: +include::fragments/add-app-policy.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-containers.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-containers.adoc new file mode 100644 index 0000000000..6d4cbc07ec --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-containers.adoc @@ -0,0 +1,16 @@ +== Deploy WAAS In-Line for Containers + +[.task] +=== Create a WAAS In-Line rule for Containers + +[.procedure] +:waas_containers: +include::fragments/create-waas-rule.adoc[leveloffset=0] + +[.task] +=== Add an App (policy) to the rule + +[.procedure] +:response_headers: +:advanced_tls: +include::fragments/add-app-policy.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-hosts.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-hosts.adoc new file mode 100644 index 0000000000..146dccde5e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-hosts.adoc @@ -0,0 +1,20 @@ +== Deploy WAAS In-Line for Hosts + +To deploy WAAS to protect a host running a non-containerized web application, create a new rule, specify the host(s) where the application runs, define protected HTTP endpoints, and select protections. + +[.task] +=== Create a WAAS In-Line rule for Hosts + +[.procedure] +:waas_inline_hosts: +:waas_hosts: +include::fragments/create-waas-rule.adoc[leveloffset=0] + +[.task] +=== Add an App (policy) to the rule + +[.procedure] +:waas_port: +:response_headers: +:advanced_tls: +include::fragments/add-app-policy.adoc[leveloffset=0] diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-sanity-tests.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-sanity-tests.adoc new file mode 100644 index 0000000000..f0c0c06d48 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-sanity-tests.adoc @@ -0,0 +1,72 @@ +== WAAS Sanity Tests + +Below are curl-based tests that can be used to verify endpoints have been properly defined. +Make sure all changes are saved before running these tests. +The method for verifying test results differs according to the selected action: + +* *Alert* - Go to *Monitor > Events* to see alerts logged by Prisma Cloud relating to this policy violation. +* *Prevent* - Commands return output similar to the following: ++ + HTTP/1.1 403 Forbidden + Date: Wed, 15 Jul 2020 12:51:50 GMT + Content-Type: text/html; charset=utf-8 + +[#sanity-tests] +=== cURL Test Commands + +In the following examples, replace `` with your endpoint's hostname and `` with the web-facing port of your application. +For testing HTTP header access control, also replace `` with the header name set in the rule and `` with set values. + +SQL injection: + +---- +curl -I http://:/\?id\=%27%20OR%20%271 +---- + +Cross-site scripting: + +---- +curl -I http://:/\?id\=\alert\(\1\)\ +---- + +OS command injection: + +---- +curl -I http://:/\?id\=%3B+%2Fsbin%2Fshutdown +---- + +Code injection: + +---- +curl -I http://:/\?id\=phpinfo\(\) +---- + +Local file inclusion: + +---- +curl -I http://:/\?id\=../etc/passwd +---- + +Attack tools and vulnerability scanners: + +---- +curl -I -H 'User-Agent: sqlmap' http://:/ +---- + +Shellshock protection: + +---- +curl -I -H "User-Agent: () { :; }; /bin/eject" http://:/ +---- + +Malformed HTTP request: + +---- +curl -s -i -X GET -o /dev/null -D - -d '{"test":"test"}' http://:/ +---- + +HTTP header access controls: + +---- +curl -H ': ' http://:/ +---- diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-serverless.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-serverless.adoc new file mode 100644 index 0000000000..552da73cae --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-serverless.adoc @@ -0,0 +1,43 @@ +== Deploy WAAS for serverless functions + +[.task] +=== Create a WAAS rule for serverless + +When Serverless Defender is embedded in a function, it offers built-in web application firewall (WAF) capabilities, including protection against: + +* SQL injection (SQLi) attacks +* Cross-site scripting (XSS) attacks +* Command injection (CMDi) attacks +* Local file system inclusion (LFI) attacks +* Code injection attacks + +NOTE: Some xref:../waas-app-firewall.adoc[protections] are not available for WAAS serverless deployment. + +*Prerequisites:* You already xref:../../install/deploy-defender/serverless/serverless.adoc[embedded Serverless Defender] into your function. + +[.procedure] +. Open Console and go to *Defend > WAAS > Serverless*. ++ +image::waas_deployment_types_serverless.png[width=400] + +. Click *Add rule*. + +. Enter a rule name. + +. Choose the rule *Scope* by specifying the resource collection(s) to which it applies. ++ +Collections define a combination of functions to which WAAS should attach itself to protect the web application: ++ +Use xref:../../configure/rule-ordering-pattern-matching.adoc[pattern matching] to precisely target your rule. ++ +image::waas_serverless_collections.png[width=550] + +. Select the protections to enable. ++ +image::waas_serverless_protections_view.png[width=550] + +. Select *Alert* or *Prevent*. + +. If necessary, adjust the *Proxy timeout* ++ +NOTE: The maximum duration in seconds for reading the entire request, including the body. A 500 error response is returned if a request is not read within the timeout period. For applications dealing with large files, adjusting the proxy timeout is necessary. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-troubleshooting.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-troubleshooting.adoc new file mode 100644 index 0000000000..ba6af6d9c4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-troubleshooting.adoc @@ -0,0 +1,217 @@ +== WAAS Troubleshooting + +[.task] +=== Troubleshooting Container or Host Rules + +Follow these steps to troubleshoot WAAS issues using the table below: + +[.procedure] +. Ensure the protected container or host is protected by WAAS - a green firewall icon should appear next to the workload's radar entity and a "WAAS" tab should appear when clicked. +. Click on the workload in the radar and open xref:./deployment-troubleshooting.adoc#connectivity-monitor[`WAAS connectivity monitor`] by clicking on the WAAS tab. +. Click on `Reset` to reset all counters. +. Send one or more HTTP requests to the protected application +. Click on `Refresh` and match changes in the request counters to the `Connectivity Monitor Indications` column in the table below +. If the `WAAS errors` counter has been incremented, click on `View recent errors` to view errors. +. A section of xref:./deployment-troubleshooting.adoc#outcomes[`troubleshooting potential outcomes`] is provided below, along with possible causes and solutions. + + +[#connectivity-monitor] +=== WAAS connectivity monitor + +xref:../waas-intro.adoc[WAAS] connectivity monitor monitors the connection between WAAS and the protected application. + +WAAS connectivity monitor aggregates data on pages served by WAAS and the application responses. + +In addition, it provides easy access to WAAS related errors registered in the Defender logs (Defenders sends logs to the Console every hour). + +The monitor tab becomes available when you click on an image or host protected by xref:../waas-intro.adoc[WAAS]. + +image::waas_radar_monitor.png[width=1000] + +* *Last updated* - Most recent time when WAAS monitoring data was sent from the Defenders to the Console (Defender logs are sent to the Console on an hourly basis). By clicking on the *refresh* button users can initiate sending of newer data. + +* *Aggregation start time* - Time when data aggregation began. By clicking on the *reset* button users can reset all counters. + +* *WAAS errors* - To view recent errors related to a monitored image or host, click the *View recent errors* link. + +* *WAAS statistics:* + +** __Incoming requests__ - Count of HTTP requests inspected by WAAS since the start of aggregation. + +** __Forwarded requests__ - Count of HTTP requests forwarded by WAAS to the protected application. + +** __Interstitial pages served__ - Count of interstitial pages served by WAAS (interstitial pages are served once xref:../waas-advanced-settings.adoc#prisma-session[Prisma Sessions Cookies] are enabled). + +** __reCAPTCHAs served__ - Count of reCAPTCHA challenges served by WAAS (when enabled as part of xref:../waas-bot-protection.adoc[bot protection]). + +* *Application statistics* + +** Count of server responses returned from the protected application to WAAS grouped by HTTP response code prefix + +** Count of timeouts (a timeout is counted when a request is forwarded by WAAS to the protected application with no response received within the set timeout period). + + +NOTE: Existing WAAS and application statistics counts will be lost once users reset the aggregation start time. *`Reset`* will *not* affect WAAS errors and will not cause recent errors to be lost. + +NOTE: For further details on WAAS deployment, monitoring and troubleshooting please refer to the xref:./deploy-waas.adoc[WAAS deployment page]. + +[#outcomes] +=== Troubleshooting Potential Outcomes + +==== Application is not responding + +[cols="2,3,4", options="header"] +|=== +|Possible reasons +|Connectivity Monitor Indications +|Solution + +|A problem with the protected application +|- `Incoming requests` is incremented. +- `Forwarded requests` is incremented. +- `Timeouts` is incremented. +|Not a WAAS issue, check the application error logs. +Disable WAAS rule and check if the problem persists. + +|TLS related issues: +- Expired certificate +- Protected application is using TLS, but TLS was not enabled in app +|- None of the counters is getting incremented. +- `WAAS Errors` counter incremented. +|Click on `View recent errors` in the xref:./deployment-troubleshooting.adoc#connectivity-monitor[`WAAS connectivity monitor`] to view errors. +If the application is communicating over TLS: +- Ensure TLS toggle is enabled +- Ensure certificates are valid + +|`Prisma Session Cookies` is enabled and the client accessing the application does not support both cookies and Javascript. +|- `Incoming requests are incremented. +- `Interstitial pages served` counter is incremented. +- None of the Application Statistics counters is incremented. +|Disable `Prisma Session Cookies` and validate the issue is resolved. +Ensure clients accessing the protected application support both cookies and Javascript before re-enabling `Prisma Session Cookies`. +Please see xref:../waas-advanced-settings.adoc#prisma-session[`Prisma Session Cookies`] section for more details. + +|`reCAPTCHA` is enabled and clients and preventing clients from reaching the protected application. +|- `Incoming requests` is incremented. +- `reCAPTCHAs served` is incremented. +- None of the Application Statistics counters is incremented. +|Disable `reCAPTCHA` and validate the issue is resolved. +Verify that all legitimate clients accessing the protected application are able to solve the challenge presented. +Please see xref:../waas-bot-protection.adoc#recaptcha[`reCAPTCHA`] section for more details. + +|=== + +==== Application is responding as expected yet WAAS protections do not trigger + +[cols="2,3,4", options="header"] +|=== +|Possible reasons +|Connectivity Monitor Indications +|Solution + +|Minimum version requirements of Defenders for a protection or a feature are not met. +| - For new deployment methods (e.g. Out-of-band, VPC traffic mirroring) - WAAS will not get deployed and the WAAS tab will not be available on the radar view. +- For new features added to existing deployment methods, WAAS operations will continue as usual while new features will not function +|Verify that all Defenders meet the minimum requirement stated in the feature documentation before enabling it. + +|WAAS port is not properly configured. +|`Incoming requests` is not incremented +|The `App port` should be set to the port on which the protected application is listening. For containers the app port should be set to the exposed port on the container (not necessarily the same as the publicly exposed port). + +|Workload is not included in rule scope. +|The workload radar entity does not have a firewall icon next to it, and the WAAS tab is not available when clicked. +|Navigate to the relevant WAAS rule (*Defend -> WAAS*) and click on `Show` in the `Entities in scope` column. +Verify the workload is not in scope and adjust scope to include it. + +|Workload is included in the scope of two WAAS rules (only first by order will match). +|The workload radar entity does not have a firewall icon next to it, and the WAAS tab is not available when clicked. +|Navigate to the relevant WAAS rule (*Defend -> WAAS*). +Click the `Show` link under the `Entities in scope` column of each rule to check whether the protected workload is included in the scope of two or more rules. +Whenever several rules apply to the same scope, only the first rule by order will match. +Ensure that the desired rule matches first by altering rule scope collections or reordering rules. + +|HTTP hostname is included in the scope of two or more apps under the same WAAS rules (only first app by order will match). +|- `Incoming requests` is incremented. +- `Forwarded requests` is incremented. +- `Application statistics` counters are incremented. +|Navigate to the relevant WAAS rule (*Defend -> WAAS*) and select the relevant WAAS rule. +Check the order of the apps (policies) in the rule. +Whenever multiple apps are defined in the same rule only the first app by order will match. + +|Request URL is not included in the list of protected endpoints. +|Green firewall icon should appear next to the workload's radar entity +None of the counters is getting incremented +|Navigate to the relevant WAAS rule (*Defend -> WAAS*) and select the relevant WAAS rule. +Open the app and ensure the request URL is listed under protected endpoints: +- Verify base path ends with an `*` to include all subpaths +- Verify HTTP hostname in the request matches the listed HTTP hostnames +- Verify scheme in the request matches the scheme in the protected endpoints list (TLS is enabled/disabled accordingly) + +|=== + +==== Application is responding with HTTP errors (3XX, 4XX, 5XX) + +[cols="2,3,4", options="header"] +|=== +|Possible reasons +|Connectivity Monitor Indications +|Solution + + +|Errors are generated by WAAS (requests are not forwarded to the protected application) +|- None of the Application Statistics counters is incremented. +- `WAAS Errors` counter incremented. +|Click on `View recent errors` in the xref:./deployment-troubleshooting.adoc#connectivity-monitor[`WAAS connectivity monitor`] to view errors. + +|Errors are generated by the protected application +|- `Incoming requests` is incremented. +- `Forwarded requests` is incremented. +- `Application statistics` 3XX, 4XX or 5XX counters are incremented. +|Check the protected application logs for errors. + +|Multiple servers configured in NGINX +|- Application statistics 3XX, 4XX or 5XX counters are incremented. +|Create a PCSUP to get engineering guidance on how to resolve this issue. To the ticket please attach the Nginx configs and output of the `netstat` command for port 80, `sudo netstat -nlp \| grep 80`. + +|=== + + +==== WAAS is blocking legitimate requests + +[cols="2,3,4", options="header"] +|=== +|Possible reasons +|Connectivity Monitor Indications +|Solution + + +|False positive +|- `Incoming requests` is incremented. +- `Forwarded requests` is incremented. +- `Application statistics` counters are incremented. +|Navigate to xref:../waas-analytics.adoc[WAAS analytics] (*Monitor -> Events -> WAAS for containers/hosts*) and review audits generated. +Add xref:../waas-app-firewall.adoc#firewall-exceptions[exceptions] to protections causing false triggers. + +|=== + + +==== WAAS events all have the same attacker IP (private IP) + +[cols="2,3,4", options="header"] +|=== +|Possible reasons +|Connectivity Monitor Indications +|Solution + + +|Ingress controller is not set as a transparent proxy +|- `Incoming requests` is incremented. +- `Forwarded requests` is incremented. +- `Application statistics` counters are incremented. +|Configure ingress controller as transparent proxy (enable “X-Forwarded-For” and “X-Forwarded-Host” HTTP headers). + +|=== + +==== WaitCondition received failed message: 'Defender deployment failed' for uniqueid: i-xxxx. + +include::fragments/defender-deployment-failed-troubleshoot.adoc[] diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-vpc-mirroring.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-vpc-mirroring.adoc new file mode 100644 index 0000000000..4d3f46c707 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-vpc-mirroring.adoc @@ -0,0 +1,281 @@ +== Deploy WAAS Agentless + +WAAS agentless rules inspect HTTP requests and responses through a mirror of the traffic to provide WAAS detections. +To optimize the CPU utlization while using WAAS, Prisma Cloud scanner samples only a subset of the mirrored data to discover just the APIs and the scanner does not inspect the request body field, the sensitive request, and the response data. + +WAAS can observe a mirror of HTTP traffic flowing to and from CSP (AWS) instances, even if they are not protected by a Prisma Cloud Compute Defender. + +NOTE: VPC Observer is an EC2 instance running a Host defender for VPC Traffic Mirroring. +The target instance is configured on a separate instance within the same VPC to receive Out-Of-Band traffic from the unprotected applications on the source instance. These Observers on the target instance inspect Out-Of-Band traffic and send audits of any events they identify to Prisma Cloud console. + +To set up WAAS agentless with VPC traffic mirroring, specify the EC2 instances to mirror (exact names or using wildcards or tags) in a VPC, the ports to mirror, and other AWS parameters in a VPC traffic mirroring rule. +For each VPC traffic mirroring rule, a VPC Observer will be created in a VPC machine to receive the mirrored traffic (the VPC Observer is an EC2 instance running a host Defender). + +Monitoring applications with WAAS agentless through VPC traffic mirroring is subject to limitations, quotas, and checksum offloading as defined in the https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-limits.html[AWS documentation]. + +=== Prerequisites + +* To configure WAAS agentless with AWS VPC traffic mirroring, apply the permission template ending in https://redlock-public.s3.amazonaws.com/waas/aws/agentless_app_firewall_permissions_template.yaml[agentless_app_firewall_permissions_template.yaml] to AWS CloudFormation console for your account. For detailed instructions on how to apply cloud formation templates, refer to the https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-stack.html[AWS documentation]. ++ +Amazon EC2 Auto Scaling is integrated with this AWS CloudFormation permission template. ++ +Edit the template and replace the "USER-agentless-app-firewall" value with the actual username that you want to grant these permissions. ++ +WAAS agentless permissions policies created in AWS: ++ +image::aws_agentless_permissions_stack.png[width=250] ++ +WAAS agentless resources stack deployed in AWS: ++ +image::aws_agentless_setup_stack.png[width=250] + +* Create an AWS Cloud account under *Compute > Manage > Cloud accounts* using the `Access key` from your AWS account. ++ +NOTE: Cloud accounts require *Cloud discovery* to be enabled to discover the EC2 instances to mirror. + +[.task] +=== Create a WAAS Agentless Rule for VPC Traffic Mirroring + +To deploy WAAS agentless with VPC traffic mirroring, create a new rule, configure VPC, define application endpoints, and select protections. + +[.procedure] +. Create a WAAS rule under *Defend > WAAS > Agentless > Add rule*. +. Enter a *Rule Name* and *Notes* (Optional) for describing the rule. +. Add *VPC Configuration* to allow the mirrored traffic to flow from the source instance to the Prisma Cloud Observer deployed on the target instance. +.. Select *Console address* as the hostname of the Console to connect to. +.. Select the credentials for the AWS *Cloud account* that you configured under *Manage > Cloud accounts*. +.. Choose the AWS *Region* where the mirrored VMs are located in. +.. Enter the *VPC ID* to look for instances to mirror and to deploy the Observer in. +.. Enter the *VPC Subnet ID* to look for instances to be mirrored only in the selected Subnet ID, and to deploy the Observer in. +.. Specify the *Tags* or wildcards identifying the EC2 instances to mirror in any of the following format: +... `` = Match tags by key and value pair. +... `` = Match tags with key and empty value (for example, AWS tags allow just a key, with no value (empty string)). +... `*` = Match all tags. +.. Enter *Instance names* or wildcards to identify the EC2 instances to mirror. ++ +The instance to mirror is mapped by machine tags:instance names. +.. Enter the *Ports* to mirror. ++ +You can enter a maximum of 5 ports. Port ranges are not supported. +.. Select the *Observer Instance type* to use for the VPC Observer instance. +.. Enable *Auto scaling* to automatically scale WAAS Observers to handle a large amount of traffic volume or sudden decrease in traffic volume. You can set a limit of maximum instances between 1 and 10. +.. Select *Add*. ++ +image::create-vpc-configuration.png[scale=15] ++ +The Deployment will be done using a dynamically constructed AWS CloudFormation template, programmatically with CloudFormation API. The WAAS rule is not immediately applied, there will be stages of the rules as the VPC configuration is being deployed in AWS. You can track the status of the deployment in the AWS CloudFormation stack, and also on Prisma Cloud Console. + +. (Optional) Toggle to enable *API endpoint discovery*. ++ +When enabled, the Observer inspects the mirrored traffic to and from the remote applications. +The Observer reports a list of the endpoints and their resource path in *Compute > Monitor > WAAS > API discovery*. +. *Save* the rule. ++ +A scheduled scan runs every hour to check for new and deleted EC2 instances based on the VPC configurations instance names and tags. If a change is found in the list of EC2 instances to mirror, the AWS VPC traffic mirroring setup will be updated. ++ +To force a scan, you can click *Update*. + +[.task] +=== Add an App (policy) to the Rule + +[.procedure] +. Select a WAAS rule to add an App in. + +. Select *Add app*. + +. In the *App Definition* tab, enter an *App ID*. ++ +NOTE: The combination of *Rule name* and *App ID* must be unique across In-Line and Out-Of-Band WAAS policies for Containers, Hosts, and App-Embedded. ++ +If you have a Swagger or OpenAPI file, click *Import*, and select the file to load. ++ +If you do not have a Swagger or OpenAPI file, manually define each endpoint by specifying the host, port, and path. + +.. In *Endpoint Setup*, select *Add endpoint*. + +.. Specify an endpoint in your web application that should be protected. Each defined application can have multiple protected endpoints. ++ +image::add-an-app-vpc-traffic-mirroring.png[scale=15] + +.. Enter *HTTP host* (optional, wildcards supported). ++ +HTTP hostnames are specified in the form of [hostname]:[external port]. ++ +The external port is defined as the TCP port on the host, listening for inbound HTTP traffic. If the value of the external port is "80" for non-TLS endpoints or "443" for TLS endpoints, it can be omitted. Examples: "*.example.site", "docs.example.site", "www.example.site:8080", etc. + +.. Enter *Base path* (optional, wildcards supported) for WAAS to match. ++ +Examples: "/admin", "/" (root path only), "/*", /v2/api", etc. + +.. Enable *TLS* if your application uses the TLS protocol. + +.. Select *Create*. + +.. To facilitate inspection, after creating all endpoints, select *View TLS settings* in the endpoint setup menu. ++ +WAAS TLS settings: ++ +* *Certificate* - Copy and paste your server's certificate and private key into the certificate input box (e.g., `cat server-cert.pem server-key > certs.pem`). + +.. If your application requires xref:../waas-api-protection.adoc[API protection], select the "API Protection" tab and define for each path the allowed methods, parameters, types, etc. See detailed definition instructions in the xref:../waas-api-protection.adoc[API protection] help page. + +. Continue to *App Firewall* tab, and select the protections as shown in the screenshot below: ++ +image::waas_out_of_band_app_firewall.png[width=750] +For more information, see xref:../waas-app-firewall.adoc[App Firewall settings]. + +. Continue to *DoS protection* tab and select <<../waas-dos-protection.adoc#,DoS protection>> to enable. + +. Continue to *Access Control* tab and select <<../waas-access-control.adoc#,access controls>> to enable. + +. Continue to *Bot protection* tab, and select the protections as shown in the screenshot below: ++ +image::waas_out_of_band_bot_protection.png[width=750] +For more information, see xref:../waas-bot-protection.adoc[Bot protections]. + +. Continue to *Custom rules* tab and select <<../waas-custom-rules.adoc#,Custom rules>> to enable. + +. Continue to *Advanced settings* tab, and set the options shown in the screenshot below: ++ +image::waas_out_of_band_advanced_settings.png[width=750] +For more information, see xref:../waas-advanced-settings.adoc[Advanced settings]. + +. Select *Save*. + +. You should be redirected to the *Rule Overview* page. ++ +Select the created new rule to display *Rule Resources* and for each application a list of *protected endpoints* and *enabled protections*. ++ +image::waas_out_of_band_rule_overview.png[scale=20] + +. Test protected endpoint using the following xref:../waas-app-firewall.adoc#sanity-tests[sanity tests]. + +. Go to *Monitor > Events > WAAS for Agentless* to observe the events generated. ++ +NOTE: For more information, see the <<../waas-analytics.adoc#,WAAS analytics help page>> + +=== VPC Configuration Status + +Once the VPC configuration is saved, a CloudFormation template will be created and deployed in the selected region. You can track the stack deployment stages through Prisma Console. + +* *Deploying*: The WAAS rule is getting ready as the Observer is being deployed in the AWS instance and the session is being established between the Observer and the resources. ++ +*Refresh* to view the updated deployment status. + +* *Ready*: The WAAS rule is ready to be protecting the selected resources. The Observer will check for new instances (based on the selected tags or instance names) once every hour. + +* *Error*: The rule is in error and the deployment failed. Fix the error, and click *Update* to reapply the configuration. + +* *Deletion in progress*: The Observer deployment is being torn down, and the session is being terminated. + +* *Deletion error*: Error in tearing down the Observer setup on AWS VPC. + +image::waas-agentless-rules.png[width=200] + +Use *Refresh* to see the updated status of the rules on the UI. + +When the VPC configuration is in *Error* status, an *Update* is allowed to reapply the configuration. + +You can *Delete* an Agentless rule, that will tear down the entire VPC stack configuration and resources. Once the rule deletion is complete, the rule will disappear from the Console and the Observer will be uninstalled. + +The VPC Observer is installed under *Manage > Defenders > Defenders: Deployed*. A VPC observer can only be deleted if you delete the rule from the Console. + +=== Update VPC Configurations + +You can edit the VPC configurations only to update the Tags, Instance names, Ports, and Observer instance type. This will update the AWS CloudFormation template, and AWS will create/destroy only the updated AWS resources. + +If you update the instance type of the VPC Observer, then AWS will recreate the EC2 instance and there will be a downtime. + +image::vpc-configuration.png[scale=10] + +Edit the fields and *Save* to reapply the configurations. + +[#actions] +=== WAAS Actions for Out-Of-Band Traffic + +The following actions are applicable for the HTTP requests or responses related to the *Out-Of-Band traffic*: + +* *Alert* - An audit is generated for visibility. + +* *Disable* - The WAAS action is disabled. + +=== Limitations + +*Limitations for setting traffic mirroring imposed by AWS* + +* Not all AWS instance types support traffic mirroring, for example, T2 is not supported (relevant for both source and target EC2 instances). +* Some regions don't currently support the 'm5n.2xlarge' and 'm5n.4xlarge' instance types, so these types cannot be used for VPC Observer (For example, Paris). + +*TLS Limitations* + +* TLS settings for agentless support TLS 1.0, 1.1, and 1.2. +* Only the following RSA Key Exchange cipher suites are supported: + +** TLS_RSA_WITH_AES_128_CBC_SHA256 +** TLS_RSA_WITH_3DES_EDE_CBC_SHA +** TLS_RSA_WITH_RC4_128_SHA + +* TLS connections using extended_master_secret(23) in the negotiation are not supported as part of this feature. +* Out-Of-Band does not support HTTP/2 protocol. +* DHKE is not supported due to a lack of information required to generate the encryption key. +* The full handshake process must be captured. Partial transmission or session resumption process inspection won't be decrypted. +* Same VPC configuration cannot be used to inspect both HTTP and HTTPS traffic, you must create two different Agentless rules, one for each HTTP and HTTPS traffic monitoring. ++ +NOTE: You must upgrade the VPC Observer through *Manage > Defenders*. + +*WAAS Agentless Limitations* + +* An EC2 instance can only be attached to one agentless rule. +* An agentless rule can only inspect machines from one VPC and Subnet combination. +* Each agentless rule can only have a maximum of 5 ports in the VPC configuration. +* Changing the VPC observer instance types involves downtime. +* Once the AWS setup is created/updated in the agentless rule, the Observer status is only available on *Manage > Defenders > Defenders: Deployed* page. + +=== Troubleshoot VPC Traffic Mirroring Errors + +`Failed to set up VPC traffic mirroring: failed creating AWS stack, status ROLLBACK_COMPLETE`. + +When the configuration status shows the following error, as shown in the screenshot below, check the AWS CloudFormation stack events for the error. + +image::err1-failed-to-setup-vpc.png[width=350] + +Some scenarios in the AWS CloudFormation that may lead to the above error are as follows: + +[.task] +==== You are not authorized to perform this operation + +This is because the selected AWS cloud account doesn't have enough permissions for deployment. + +image::err2-not-authorized.png[width=350] + +[.procedure] +. Modify the account with the correct permissions as mentioned in the https://redlock-public.s3.amazonaws.com/waas/aws/agentless_app_firewall_permissions_template.json[agentless_app_firewall_permissions_template.json] file, and select *Update* to retry the deployment. +. Delete the rule in error and create a new rule in the AWS Cloud account with the permissions as mentioned in the https://redlock-public.s3.amazonaws.com/waas/aws/agentless_app_firewall_permissions_template.json[agentless_app_firewall_permissions_template.json] file to AWS CloudFormation console for your account. + +[.task] +==== SessionNumber 1 already in use for eni-* + +Trying to mirror an already mirrored EC2 instance (either by WAAS or another product). + +image::err3-session-already-in-use.png[width=350] + +[.procedure] +. Edit the VPC configuration and remove the instance from the tags or instance names list, and click *Update* to retry the deployment. +. Remove the mirroring from the machine from the other rule/other product, and click *Update* to retry the deployment. + +==== WaitCondition received failed message: 'Defender deployment failed' for uniqueid: i-xxxx. + +include::fragments/defender-deployment-failed-troubleshoot.adoc[] + +[.task] +==== Failed to find VMs to mirror + +The security token included in the request is invalid. + +image::err5-failed-to-find-vms.png[width=350] + +[.procedure] +. *Edit Configuration* to ensure that the AWS cloud account exists for the user, and also ensure that a correct secret key is used, *Save* the configuration. +. Click *Update* to reapply the configuration. + + diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/add-app-policy.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/add-app-policy.adoc new file mode 100644 index 0000000000..6966b912ae --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/add-app-policy.adoc @@ -0,0 +1,132 @@ +. Select a WAAS rule to add an App in. + +. Select *Add app*. + +. In the *App Definition* tab, enter an *App ID*. ++ +NOTE: The combination of *Rule name* and *App ID* must be unique across In-Line and Out-Of-Band WAAS policies for Containers, Hosts, and App-Embedded. ++ +If you have a Swagger or OpenAPI file, click *Import*, and select the file to load. ++ +If you do not have a Swagger or OpenAPI file, manually define each endpoint by specifying the host, port, and path. + +.. In *Endpoint Setup*, click *Add Endpoint*. ++ +Specify endpoint in your web application that should be protected. Each defined application can have multiple protected endpoints. + +.. Enter *HTTP host* (optional, wildcards supported). ++ +HTTP hostnames are specified in the form of [hostname]:[external port]. ++ +The external port is defined as the TCP port on the host, listening for inbound HTTP traffic. If the value of the external port is "80" for non-TLS endpoints or "443" for TLS endpoints it can be omitted. Examples: "*.example.site", "docs.example.site", "www.example.site:8080", etc. + +.. Enter *App ports* as the internal port your app listens on. +ifndef::waas-app-embedded[] ++ +(You can skip to enter App ports, if you selected *Automatically detect ports* while creating the rule). ++ +When *Automatically detect ports* is selected, any ports specified in a protected endpoint definition will be appended to the list of protected ports. +endif::waas-app-embedded[] +Specify the TCP port listening for inbound HTTP traffic. ++ +NOTE: If your application uses *TLS* or *gRPC*, you must specify a port number. + +.. Enter *Base path* (optional, wildcards supported): ++ +Base path for WAAS to match when applying protections. ++ +Examples: "/admin", "/" (root path only), "/*", /v2/api", etc. +ifdef::waas_port[] +.. Enter *WAAS port (only required for Windows, App-Embedded or when using xref:../waas-advanced-settings.adoc#remote-host["Remote host"] option)* as the external port WAAS listens on. The external port is the TCP port for the App-Embedded Defender to listen on for inbound HTTP traffic. ++ +image::cwp-42473-add-app-waas-port-windows.png[scale=15] +endif::waas_port[] +ifdef::waas_hosts[] ++ +NOTE: Protecting Linux-based hosts does not require specifying a *`WAAS port`* since WAAS listens on the same port as the protected application. Because Windows has its own internal traffic routing mechanisms, WAAS and the protected application cannot use the same *`App port`*. Consequently, when protecting Windows-based hosts the *`WAAS port`* should be set to the port end-users send requests to, and the *`App port`* should be set to a *different* port on which the protected application will listen and to which WAAS will forward traffic. +endif::waas_hosts[] + +.. If your application uses TLS, set *TLS* to *On*. ++ +You can select the TLS protocol (1.0, 1.1, 1.2, and 1.3 for WAAS In-Line, and 1.0, 1.1, and 1.2 for WAAS Out-Of-Band) to protect the API endpoint and enter the TLS certificate in PEM format. ++ +ifdef::waas_oob[] +*Limitations* ++ +... TLS connections using extended_master_secret(23) in the negotiation are not supported as part of this feature. + +... DHKE is not supported due to a lack of information required to generate the encryption key. + +... Out-of-Band does not support HTTP/2 protocol. + +... TLS inspection for Out-of-Band WAAS is not supported on earlier versions of Console and Defender. ++ +* If your application uses HTTP/2, set *HTTP/2* to *On*. ++ +WAAS must be able to decrypt and inspect HTTPS traffic to function properly. ++ +* If your application uses gRPC, set *gRPC* to *On*. +endif::waas_oob[] +ifdef::response_headers[] +.. You can select *Response headers* to add or override HTTP response headers in responses sent from the protected application. ++ +image::waas_response_headers.png[width=550] +endif::response_headers[] +.. Select *Create response header*. + +.. To facilitate inspection, after creating all endpoints, click *View TLS settings* in the endpoint setup menu. ++ +WAAS TLS settings: ++ +ifndef::waas_oob[] +image::waas-inline-app-embedded-tls.png[scale=15] +endif::waas_oob[] + +ifdef::waas_oob[] +image::waas-oob-tls.png[scale=15] +endif::waas_oob[] + +* *Certificate* - Copy and paste your server's certificate and private key into the certificate input box (e.g., `cat server-cert.pem server-key > certs.pem`). ++ +ifdef::advanced_tls[] +* *Minimum TLS version* - A minimum version of TLS can be enforced by WAAS In-Line to prevent downgrading attacks (the default value is TLS 1.2). ++ +* *HSTS* - The https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security[HTTP Strict-Transport-Security (HSTS)] response header lets web servers tell browsers to use HTTPS only, not HTTP. +When enabled, WAAS would add the HSTS response header to all HTTPS server responses (if it is not already present) with the preconfigured directives - `max-age`, `includeSubDomains`, and `preload`. ++ +... `max-age=` - Time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS. ++ +... `includeSubDomains` (optional) - If selected, HSTS protection applies to all the site's subdomains as well. ++ +... `preload` (optional) - For more details, see the following https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security#preloading_strict_transport_security[link]. +endif::advanced_tls[] + +.. If you application requires xref:../waas-api-protection.adoc[API protection], for each path define the allowed methods and the parameters. + +. Continue to *App Firewall* settings, select the xref:../waas-app-firewall.adoc[protections] to enable and assign them with xref:../waas-intro.adoc#actions[actions]. + +. Configure the xref:../waas-dos-protection.adoc[DoS protection] thresholds. + +. Continue to *Access Control* tab and select xref:../waas-access-control.adoc[access controls] to enable. + +. Select the xref:../waas-bot-protection.adoc[bot protections] you want to enable. + +. Select the required xref:../waas-custom-rules.adoc[Custom rules]. + +. Proceed to xref:../waas-advanced-settings.adoc[Advanced settings] for more WAAS controls. + +. Select *Save*. + +. The *Rule Overview* page shows all the WAAS rules created. ++ +Select a rule to display the *Rule Resources*, and for each application a list of protected endpoints and the protections enabled for each endpoint are displayed. +//+ +//image::waas_out_of_band_rule_overview.png[scale=20] + +. Test protected endpoint using the following xref:../waas-app-firewall.adoc#sanity-tests[sanity tests]. + +. Go to *Monitor > Events*, click on *WAAS for containers/hosts/App-Embedded*, and observe the events generated. ++ +NOTE: For more information, see the xref:../waas-analytics.adoc[WAAS analytics help page]. + + diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/create-waas-rule.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/create-waas-rule.adoc new file mode 100644 index 0000000000..ed7e21bd8b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/create-waas-rule.adoc @@ -0,0 +1,70 @@ +ifndef::waas_oob[] +. Open Console, and go to *Defend > WAAS > {Container|Host} > In-Line*. +endif::waas_oob[] + +ifdef::waas_oob[] +. Open Console, and go to *Defend > WAAS > {Container|Host} > Out-of-Band*. +endif::waas_oob[] +. Select *Add rule*. + +.. Enter a *Rule Name* + +.. Enter *Notes* (Optional) for describing the rule. + +ifdef::waas_inline_hosts[] +.. Select *Operating system*. + +.. If necessary, adjust the *Proxy timeout* ++ +NOTE: The maximum duration in seconds for reading the entire request, including the body. A 500 error response is returned if a request is not read within the timeout period. For applications dealing with large files, adjusting the proxy timeout is necessary. +endif::waas_inline_hosts[] + +. Choose the rule *Scope* by specifying the resource collection(s) to which it applies. ++ +image::waas_select_scope.png[scale=20] ++ +ifdef::waas_containers[] +Collections define a combination of image names and one or more elements to which WAAS should attach itself to protect the web application: ++ +image::waas_define_collection.png[width=250] ++ +NOTE: Applying a rule to all images using a wild card (`*`) is invalid - instead, only specify your web application images. +endif::waas_containers[] + +ifdef::waas_hosts[] +Collections define a combination of hosts to which WAAS should attach itself to protect the web application: ++ +image::waas_define_host_collection.png[width=250] +ifdef::waas_oob_hosts[] +image::waas_define_collection_oob_hosts.png[width=250] +endif::waas_oob_hosts[] ++ +NOTE: Applying a rule to all hosts/images using a wild card (`*`) is invalid and a waste of resources. +WAAS only needs to be applied to hosts that run applications that transmit and receive HTTP/HTTPS traffic. +endif::waas_hosts[] +ifdef::waas_oob_containers[] ++ +NOTE: When deploying WAAS OOB on K8s cluster, increase the `cgroup` limit to 4 GB to avoid +xref:../../install/deploy-defender/orchestrator/orchestrator.adoc[Kubernetes CrashLoopBackOff Error]. +endif::waas_oob_containers[] + +. (Optional) Enable *API endpoint discovery* ++ +When enabled, the Defender inspects the API traffic to and from the protected API. +Defender reports a list of the endpoints and their resource path in *Compute > Monitor > WAAS > API discovery*. + +. (Optional) Enable *Automatically detect ports* for an endpoint to deploy WAAS protection on ports identified in the unprotected web apps report in *Monitor > WAAS > Unprotected web apps* for each of the workloads in the rule scope. ++ +[NOTE] +==== +As an additional measure, you can specify additional ports by specifying them in the protected HTTP endpoints within each app to also include the ports that may not have been detected automatically. + +By enabling both *Automatically detect ports* and *API endpoint discovery*, you can monitor your API endpoints and ports without having to add an application and without configuring any policies. + +ifdef::waas_inline_hosts[] +*Automatically detect ports* is not available for Windows Operating System. +endif::waas_inline_hosts[] +==== + +. *Save* the rule. + diff --git a/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc new file mode 100644 index 0000000000..e404cc5683 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc @@ -0,0 +1,11 @@ +AWS CloudFormation stack failed to deploy the WAAS agentless resources because Prisma Console is not accessible from AWS. + +image::err4-failedcondition-received.png[width=350] + +. Make sure that the IP address of Prisma Console in the VPC configuration is public. +. Check if the Defender instance has a public IP address. +. Check if xref:../../agentless-scanning/onboard-accounts/onboard-aws.adoc[AWS account can connect with the Prisma Cloud Console] with Console URL that you selected in the VPC configuration. +.. If the Console is not reachable, delete the rule and create a new rule with a valid Prisma Cloud Console URL. +.. If the Console is not reachable due to a firewall rule or other blocking rules, fix the rule to allow the connectivity to the Console, and click *Update* to retry the deployment. +.. Ensure that the Console's IP address and the ports are reachable by the Defender. Also, the firewall is open with the relevant port and source IPs. + diff --git a/docs/en/compute-edition/32/admin-guide/waas/log-scrubbing.adoc b/docs/en/compute-edition/32/admin-guide/waas/log-scrubbing.adoc new file mode 100644 index 0000000000..4e39fed698 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/log-scrubbing.adoc @@ -0,0 +1,74 @@ +== WAAS Sensitive Data + +There may be sensitive data captured when WAAS events take place, such as access tokens, session cookies, PII, or other information considered to be personal by various laws and regulations. + +By using WAAS sensitive data rules, users can mark *Sensitive data* and enable *Log scrubbing* based on regex patterns or its location in the HTTP request. +The data marked as sensitive will be flagged in API discovery, but will not be automatically scrubbed in the Logs. +To scrub the sensitive data in addition to marking it as sensitive, enable *Log scrubbing*, the data is scrubbed and replaced with placeholders in the logs before events are recorded. + +//Scrubbing logs based on patterns only affect HTTP requests and not the responses. + +[NOTE] +==== +* The data from HTTP responses that appear in WAAS audits will not be scrubbed and replaced by the placeholder. + +* To optimize the CPU utilization when using WAAS sensitive data, Prisma Cloud scanner samples only a subset of the mirrored data to discover just the APIs and the scanner does not inspect the request body field, the sensitive request, and the response data. +We sample the API traffic to limit the sensitive data body response size to less than 128k. +==== + +=== Add/Edit WAAS Scrubbing Rule + +. Open the Console, and go to *Defend > WAAS > Sensitive data*. ++ +image::./waas-sensitive-data.png[width=350] + +. Click on *Add rule* or select an existing rule. + +. Enter a rule *Name*. + +. Select the rule *Type* as *Pattern-based* or *Location-based*. + +. The pattern-based rule will match the given regex pattern by either "Request Parameter keys", "Request Parameter Values", or "Response (Keys + Values)". ++ +image::cwp-42645-waas-sensitive-data-new-rule.png[width=200] + +.. Provide the pattern name to be matched in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^sessionID$`, `key-[a-zA-Z]{8,16}`. + +.. Provide a placeholder string, e.g. `[scrubbed sessionID]`. ++ +NOTE: Placeholder strings indicating the nature of the scrubbed data should be used as users will not be able to see the underlying scrubbed data. + +. For Location-based rules ++ +image::./waas_log_scrubbing_new_rule_dialog_location.png[width=200] + +.. Select the location of the data to be scrubbed. + +.. Provide location details: + +... For `query` / `cookie` / `header` / `form/multipart` - provide a match pattern in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^SCookie.*$`, `item-[a-zA-Z]{8,16}`. + +... For `XML (body)` / `JSON (body)` - provide the path using Prisma Cloud's custom format e.g. `/root/nested/id`. + +.. Provide a placeholder string to indicate the nature of the scrubbed data, for example: `[Scrubbed Session Cookie]`. + +. Click *Save*. ++ +*Sensitive Data & Log Scrubbing* ++ +The location-based rule for sensitive data works by searching for the key value in the location, for example, query, cookie, header, form/multipart, XML, and JSON body. +For log scrubbing, WAAS replaces the value with the placeholder that you enter. +Data will now be scrubbed from any WAAS event before it is written (either to the Defender log or syslog) and sent to the console. ++ +For example, the email ID is redacted in the below WAAS event audit. ++ +image::waas-events-email-redacted.png[scale=15] ++ +image::./waas_log_scrubbing_scrubbed_event.png[width=200] ++ +[NOTE] +==== +If sensitive data triggers events, both the forensic message and the recorded HTTP request are scrubbed. + +image::./waas_log_scrubbing_scrubbed_payload.png[width=250] +==== diff --git a/docs/en/compute-edition/32/admin-guide/waas/unprotected-web-apps.adoc b/docs/en/compute-edition/32/admin-guide/waas/unprotected-web-apps.adoc new file mode 100644 index 0000000000..26bcc38978 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/unprotected-web-apps.adoc @@ -0,0 +1,81 @@ +== Detecting unprotected web apps + +Prisma Cloud scans your environment for containers and hosts that run web apps and reports any that aren't protected by WAAS. + +During the scan, Prisma Cloud detects HTTP servers listening on exposed ports and flags them if they are not protected by WAAS. + +Unprotected web apps are flagged on the radar view and are also listed in *Monitor > WAAS > Unprotected web apps*. + +The following screenshot shows how Radar shows an unprotected web app: + +image::./waas_unprotected_web_apps_radar.png[width=700,align="left"] + +=== Report for unprotected web apps + +The following screenshot shows how unprotected web apps are reported in *Monitor > WAAS > Unprotected web apps*: + +image::./waas_unprotected_web_apps_report.png[width=1000,align="left"] + +In the `Containers` tab, the report lists the images containing unprotected web apps, the number of containers running those images, and the ports exposed in the running containers. + +In the `Hosts` tab, the report lists the hosts on which unprotected web apps are running, the number of processes running those apps, process names and the ports exposed in the hosts. + +This information can be used when adding new WAAS rules to protect containers and hosts. + +Above the table is the date of the latest scan. +The report can be refreshed by clicking the refresh button. + +Users can export the list in CSV format. +The CSV file has the following fields: + +* *Containers* - Image, Host, Container, ID, Listening ports +* *Hosts* - ID, Unprotected processes + +=== Filtered processes + +The following list of processes is not included in the WAAS unprotected web apps detections: + +*Kubernetes/Docker* + +* coredns +* kube-proxy +* docker +* docker-proxy +* kubelet +* openshift +* dcos-metris +* dcos-metris-agent +* containerd + +*Databases* + +* mysql +* mysqld +* mongod +* postgres +* influxd +* redis-server +* asd +* rethinkdb + +*Proxies* + +* haproxy +* envoy +* squid +* traefik + +*SSH binaries* + +* sshd +* ssh + +*WAAS proxy process* + +* defender + +=== Disabling scans for unprotected web apps + +By setting the `Scan for unprotected web applications` toggle to the *Disabled* position, users are able to disable periodic scanning for unprotected web applications and APIs. + +NOTE: The toggle in either the `Containers` or `Hosts` tabs will disable scanning of containers and hosts simultaneously when disabled. diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-access-control.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-access-control.adoc new file mode 100644 index 0000000000..50597ad5ec --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-access-control.adoc @@ -0,0 +1,104 @@ +[#access-control] +== WAAS Access Controls + +WAAS allows for control over how applications and end-users communicate with the protected web application. + +image::./waas-access-control-exception.png[width=350] + +[#network-lists] + +=== Network Lists + +*Network Lists* allow administrators to create and maintain named IP address lists e.g. "Office Branches", "Tor and VPN Exit Nodes", "Business Partners", etc. +List entries are composed of IPv4 addresses or IP CIDR blocks. + +To access *Network Lists*, open Console, go to *Defend > WAAS* and select the *Network List* tab. + +image::./waas_network_lists.png[width=350] + +Lists can be updated manually or via batch importing of entries from a CSV file. +Once defined, *Network Lists* can be referenced and used in <>, xref:./waas-bot-protection.adoc#user-defined-bot[user-defined bots] and xref:./waas-dos-protection.adoc[DoS protection]. + +To export lists in CSV format, click *export CSV*. + +[NOTE] +==== +* When importing IP addresses or IP CIDR blocks from a CSV file, first record value should be set to "ip" (case sensitive). +* IPv6 addresses are currently not supported. +==== + +=== Network Controls + +image::./waas-access-control-exception.png[width=350] + +[#ip-network-controls] +==== IP-based access control +Network lists can be specified in: + +* *_Denied inbound IP Sources_* - WAAS applies selected action (Alert or Prevent) for IP addresses in network lists. +* *_IP Exception List_* - Traffic originating from IP addresses listed in this category will not be inspected by any of the protections defined in this policy. + +[NOTE] +==== +* When the X-Forwarded-For HTTP header is included in the request headers, actions will apply based on the first IP listed in the header value (true client IP). +* Practice caution when adding network lists to the IP Exception List because protections will not be applied for traffic originating from these IP addresses. +==== + +==== Geo access control + +With *Geo access control* enabled, you can allow or block the traffic originating from the given Geolocation, and also opt to add an exception to this rule under *Exception > Network Controls*. +For example, you can allow/blocklist all IPs from a given location, except for the IPs listed in a network list that you create under *Defend > WAAS > Network lists*. +Specifying a network list under *Exceptions > All WAAS Detections* will bypass all the WAAS detections, for example for App definition, App firewall, Dos protection, Bot protection, and Custom rules. + +==== Country-Based Access Control + +Specify country codes, https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements[ISO 3166-1 alpha-2] format, in one of the following categories (mutually exclusive): + +* *_Denied Inbound Source Countries_* - WAAS applies selected action (Alert or Prevent) for requests originating from the specified countries. +* *_Allowed Inbound Source Countries_* - Requests originating from specified countries will be forwarded to the application (pending inspection). WAAS will apply action of choice (Alert or Prevent) on all other requests not originating from the specified countries. + +NOTE: Country of origin is determined by the IP address associated with the request. When the X-Forwarded-For HTTP header is included in the request headers, Country of origin is determined based on the first IP address listed in the header value (true client IP). + +=== HTTP Header Controls + +image::./cnaf_http_headers.png[width=750] + +WAAS lets you block or allow requests which contain specific strings in HTTP headers by specifying a header name and a value to match. The value can be a full or partial string match. +Standard xref:../configure/rule-ordering-pattern-matching.adoc#pattern-matching[pattern matching] is supported. + +If the *Required* toggle is set to *On* WAAS will apply the defined action on HTTP requests in which the specified HTTP header is missing. +When the *Required* toggle is set to *Off* no action will be applied for HTTP requests missing the specified HTTP header. + +HTTP Header fields consist of a name, followed by a colon, and then the field value. +When decoding field values, WAAS treats all commas as delimiters. For example, the `Accept-Encoding` request header advertises which compression algorithm the client supports. + + Accept-Encoding: gzip, deflate, br + +WAAS rules do not support exact matching when the value in a multi-value string contains a comma because WAAS treats all commas as delimiters. To match this type of value, use wildcards. +For example, consider the following header: + + User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 + +To match it, specify the following wildcard expression in your WAAS rule: + + Mozilla/5.0* + + +=== File Upload Controls + +image::./cnaf_file_upload.png[width=750] + +Attackers may try to upload malicious files (e.g. malware) to your systems. WAAS protects your applications against malware dropping by restricting uploads to just the files that match any allowed content types. All other files will be blocked. + +Files are validated both by their extension and their +https://en.wikipedia.org/wiki/Magic_number_(programming)[magic numbers]. +Built-in support is provided for the following file types: + +* Audio: aac, mp3, wav. +* Compressed archives: 7zip, gzip, rar, zip. +* Documents: odf, pdf, Microsoft Office (legacy, Ooxml). +* Images: bmp, gif, ico, jpeg, png. +* Video: avi, mp4. + +WAAS rules let you explicitly allow additional file extensions. These lists provide a mechanism to extend support to file types with no built-in support, and as a fallback in case Prisma Cloud's built-in inspectors fail to correctly identify a file of a given type. +Any file with an allowed extension is automatically permitted through the firewall, regardless of its 'magic number'. diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-advanced-settings.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-advanced-settings.adoc new file mode 100644 index 0000000000..11106d54b2 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-advanced-settings.adoc @@ -0,0 +1,132 @@ +== Advanced Settings + +Advanced settings control various aspects of WAAS features. + +image::waas_advanced_settings.png[scale=40] + +[#prisma-session] + +=== Prisma Sessions + +image::waas_prisma_sessions.png[scale=40] + +Prisma sessions are intended to address the problem of "Cookie Droppers" by validating clients support of cookies and Javascript before allowing them to reach the origin server. + +Once enabled, WAAS serves an interstitial page for any request that does not include a valid Prisma Session Cookie. The interstitial page sets a cookie and redirects the client to the requested page using Javascript. + +A client that doesn't support cookies and Javascript will keep receiving the interstitial page. Browsers can easily proceed to the requested page, and once they possess a valid cookie they will not encounter the interstitial page. + +NOTE: When you enable Prisma Session Cookies along with WAAS API protection, remember that APIs are often accessed by "primitive" automation clients. Avoid enabling Prisma Session Cookies on such endpoints unless you are certain all clients accessing the protected API endpoints support both cookies and Javascript. +You can allow "primitive" clients by adding them as xref:./waas-bot-protection.adoc#user-defined-bot[user-defined bots] and setting the bot action to `Allow`. +Allowed xref:./waas-bot-protection.adoc#user-defined-bot[user-defined bots] will not be served with an interstitial page and their requests will be forwarded to the protected application. + +Prisma Session Cookies set by WAAS are encrypted and signed to prevent cookie tampering. In addition, cookies include advanced protections against cookie replay attacks where cookies are harvested and re-used in other clients. + +[#ban-settings] + +=== Ban + +image::waas_ban_settings.png[scale=40] + +Ban action is available in the `App firewall`, `DoS protection` and `Bot protection` tabs. +If triggered the ban action prevents access to the protected endpoints of the app for a time period set by you (the default is set to 5 minutes). + +If Prisma Session Cookies are enabled, you can apply the `ban` action by either `Prisma Session Id` or by IP address. + +NOTE: When the X-Forwarded-For HTTP header is included in the request headers, actions will apply based on the first IP listed in the header value (true client IP). + +=== Body Inspection + +image::waas_body_inspection.png[scale=50] + +Body inspection can be disabled or limited up to a configurable size (in Bytes). + +WAAS body inspection limit is 131,072 Bytes (128Kb). WAAS protection is subject to one of the following actions when the body inspection limit exceeds: + +* *Disable* - The request is passed to the protected application. +* *Alert* - The request is passed to the protected application and an audit is generated for visibility. +* *Prevent* - The request is denied from reaching the protected application, an audit is generated and WAAS responds with an HTML page indicating the request was blocked. +* *Ban* - Can be applied on either IP or Prisma Session IDs. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack. + +NOTE: To enable ban by Prisma Session ID, enable the Prisma Session Cookies in WAAS Advanced Settings. + +=== Remote Host + +image::waas_remote_proxy.png[scale=40] + +This option is intended to defend web applications running on remote hosts which can not be protected directly by WAAS (for example, Windows Servers). + +NOTE: Remote host option is only available for WAAS host rules. + +Use-case scenario: + +. A "middle-box" host instance with WAAS supported OS should be set up. +. Traffic to the web application should be directed to the "middle-box" host. +. Ports on the "middle-box" host to which traffic is directed to should be unused (WAAS will listen on these ports for incoming requests). +. WAAS host rule with `Remote host` settings should be deployed to protect the "middle-box" host. +. Incoming traffic to the "middle-box" host will be forwarded to the specified address (resolvable hostname or IP address) by WAAS. + +NOTE: WAAS sets the original `Host` HTTP header value in the `X-Forwarded-Host` HTTP header of the forwarded request. The `Host` header is set to the hostname or IP mentioned in the WAAS settings. + +Use of TLS and destination port is determined by the endpoint configuration in the `App definition` tab. + +Example: + +The following protected endpoints are defined in the `App definition` tab: + +image::waas_forward_example.png[scale=50] + +Remote host has been configured as follows: + +image::waas_remote_proxy_example.png[scale=40] + +Expected result is as follows: + +- HTTPS traffic to www.example1.com on port 443 would be forwarded via HTTPS to www.remotehost.com +- HTTP traffic to www.example1.com on port 80 would be forwarded via HTTP to www.remotehost.com + +[NOTE] +==== +Protected endpoints with TLS enabled will not forward non-TLS HTTP requests. + +Enter the host address without 'http' or 'https' string. For example, enter `www.example.com` and not http://www.example.com. + +Enter the host address without 'http' or 'https' string. For example, enter "www.example.com" and not "http://www.example.com". +Enter the host address without 'http' or 'https' string. For example, enter "www.example.com" and not "http://www.example.com". +==== + +[#custom-responses] + +=== Customize WAAS Response Message + +image::waas_custom_response.png[width=750] + +You can customize the response HTML and HTTP status code that are returned by WAAS when a *`Prevent`* or *`Ban`* effect occurs: + +* *Prevent response code* - HTTP response code +* *Custom WAAS response message* - HTML code to be served. +Click on image::waas_preview_HTML.png[scale=10] for a preview of the rendered HTML code. + +You can include Prisma Event IDs as part of customized responses by adding the following placeholder in user-provided HTML: `#eventID`. + +[NOTE] +==== +User-provided HTML must start and end with HTML tags. + +Javascript code will not be rended in the preview window. +==== + +[#event-ids] +=== Prisma Event IDs + +By default, responses sent to end users by WAAS are assigned an Event ID that may later be searched in the event monitor. +An event ID is included in the response header *X-Prisma-Event-Id* and is also included in the default WAAS block message: + +image::waas_eventid_response.png[scale=30] + +You can include Prisma Event IDs as part of customized responses by adding the following placeholder in user-provided HTML: `#eventID`. + +Prisma Event IDs can be referenced in WAAS Event Analytics using the `Event ID` filter: + +image::waas_eventid_filter.png[width=300] + diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-analytics.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-analytics.adoc new file mode 100644 index 0000000000..9ed5432d27 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-analytics.adoc @@ -0,0 +1,113 @@ +== WAAS Analytics + +WAAS analytics provide users a way to investigate events and rule triggers. + +image::./waas_analytics.png[width=750] + +* For container WAAS events go to *Monitor > Events > WAAS for containers* +* For host WAAS events go to *Monitor > Events > WAAS for hosts* +* For App-Embedded WAAS events go to *Monitor > Events > WAAS for App-Embedded* +* For serverless WAAS events go to *Monitor > Events > WAAS for Serverless* + +NOTE: WAAS retains up to 200,000 events for each type (container, hosts, app-embedded and serverless) or or a total of 200MB in log size. Once the limit is reached, oldest events will get over-written by new ones. + +NOTE: Similar audits are aggregated and grouped into a single event when received in close succession (less than 5 minutes apart). Audits are aggregated by a combination of IP, HTTP hostname, path, HTTP method, User-Agent and attack type. + +=== Analytics workflow + +image::./waas_analytics_cycle.png[width=500] + +WAAS analytics allows for the review of incidents by analyzing events across various dimensions, inspecting individual requests, and applying filtering to focus on common characteristics or trends. + +=== Event graph + +image::./waas_timeline.png[width=750] + +A timeline graph shows the total number of events. +Each column on the timeline graph represents a dynamic period - hover over a column to reveal its start, end and event count. + +NOTE: The date filter can be adjusted by holding and selecting sections on the timeline graph. + +=== Filters +Filter can be adjusted by using the filtering line: + +image::./waas_analytics_filters.png[width=500] + +The filter line uses auto-complete for filter names and filter values. +Once set, the filters would apply on the graph and aggregation view. + +You can dynamically update the date filter by selecting an area in the chart. +Click in the chart area, hold the mouse button down, and draw a rectangle over the time frame of interest. +The date filter is automatically updated to reflect your selection. + +=== Aggregation view + +image::./waas_analytics_aggregated_view.png[width=750] + +The aggregation view can be altered to group audits based on various data dimensions by clicking on the image:./waas_add_column.png[width=60] button. + +Users can add up to 6 dimensions to the aggregation and the Total column will be updated dynamically. + +By default, aggregation view is sorted by the "Total" column. Sorting can be changed by clicking a column name. + +Click on a line in the aggregation view to inspect the requests group by it. + +=== Request view + +image::./waas_analytics_sample_view.png[width=750] + +Request view details all of the requests group by each line of the aggregated view. + +Clicking on a column name will sort the table in the upper section and using the image:./waas_change_columns.png[width=75] button will add/remove columns. + +For each request the following data points are available: + +*Audit data:* + +* *Time* - timestamp of the audit. +* *Effect* - effect set by policy. +* *Request Count* - If audits are received in close succession (less than 5 minutes apart) they are aggregated and grouped into one event. This field specifies the number of aggregated requests. +* *Rule Name* - name of the WAAS rule that matched the request and generated the event. Navigate to the configuration of the rule by clicking on the link. +* *Rule app ID* - corresponding app ID in the WAAS rule which triggered the event. Navigate to the configuration of the app ID by clicking on the link. +* *Attack Type* - attack type. +* *ATT&CK technique* - mapping to the techniques in the ATT&CK framework. +* *Container / Host / App / Function Details* - These fields include the id and name of the protected entity. + +*Forensics:* + +* *Forensic Message* - details on what caused the rule to trigger - payload content, location and additional relevant information. +* *Add as exception* - By clicking on the link, you can add an exception in the rule app ID for the attack type that triggered. The exception will be based on the location of the matched payload. ++ +image::./waas_analytics_add_exception.png[width=400] + +[NOTE] +==== +The "Add as exception" link may not be available for events created by rules and apps that no longer exist, as well as for events created in releases earlier than 21.08. + +For App-Embedded WAAS events, the *Add as exception" button does not allow you to add an exception directly from an event. +You can manually add exceptions to rules. Click the *Rule app ID* on the "Aggregated WAAS Events" page and edit the relevant detection. + +image::./cwp-44743-app-embedded-add-exception.png[scale=15] +==== + +*HTTP request:* + +* *Method* - HTTP method used in the request. +* *User-Agent* - value of the User-Agent HTTP header. +* *Host* - hostname specified in the `Host` HTTP header or the host part of the URL. +* *URL* - full request urls (host and path) shown in a URL decoded or encoded form. +* *Path* - path element from the request URI. +* *Query* - query string. +* *Header Names* - list of the HTTP header names included in the request (sorted alphabetically). + +*Attacker:* + +* *Add IPs to Network List* - Adds the attacker IP either to a new network list or to an existing one. To access *Network Lists*, open Console, go to *Defend > WAAS* and select the *Network List* tab. +* *Source IP* - IP address from which the request originated. If an `X-Forwarded-For` header was included in the HTTP headers, source IP field will detail the first IP listed in the header value (true client IP). +* *Source Country* - source country associated with the source IP. +* *Connecting IPs* - entire connectivity chain, including true client IP and any transparent proxies listed in the HTTP request. + + +Users can user the `Raw` button to view the HTTP request in it's raw form: + +image::./waas_analytics_raw_demo.png[width=500] diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-api-discovery.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-api-discovery.adoc new file mode 100644 index 0000000000..fced900d66 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-api-discovery.adoc @@ -0,0 +1,90 @@ +== API Discovery + +WAAS can automatically learn the API endpoints in your app, show an endpoint usage report, and let you export all discovered endpoints as an OpenAPI 3.0 spec file. + +When API discovery is enabled, the Defender inspects API traffic routed to the protected app. +Defenders learn the endpoints in your API by analyzing incoming requests and generating a tree of API paths. +Every 30 minutes, Defender sends the Console a diff of what it has learned since its last update. +The Console merges the update with what it already knows about the API. + +The API discovery subsystem attempts to ignore all HTTP traffic that doesn't resemble an API call. +The Defender uses some criteria for identifying which requests to inspect: + +* Requests must have non-error response codes. +* Requests must not have extensions (like .css, and .html). +* Requests Content-Type must be textual (`text/`), application (`application/`), or empty. + +On the API discovery database, when new path entries for images or API endpoints are added, the Console uses the 'Last Observed' date to delete the older entries to optimize the available resources. +When an image or API endpoint is deleted from the database, an alert is generated, and the details are written to the Console logs. + +[.task] +=== Enable API Discovery + +API discovery is enabled by default when you create a WAAS policy. +To enable API discovery for a protected app after the rule is created: + +[.procedure] +. Log in to the Console, and go to *Defend > WAAS > {Container (Inline/Out-Of-Band) | Host (Inline/Out-Of-Band) | App-Embedded | Serverless | Agentless}*. + +. Select an existing rule and enable *API endpoint discovery*. + +=== Inspect discovered endpoints + +The endpoint report under *Monitor* > *WAAS* > *API discovery* > enumerates discovered APIs per path, HTTP method, app, and on an image basis. It shows information such as Path, HTTP method, Hits, API protection status, Path risks, Workload that's running these resources, Image Risk factors, Resource Vulnerabilities, App ID, and last seen date. + +image::waas-api-discovery.png[scale=20] + +*Path risks profiling* + +The *Path risks* indicate critical path risks identified in the endpoints: + +* Endpoints accessible from the internet. +* Endpoints that do not require authentication to be accessed. +* Endpoints with sensitive data such as Credit card, PII, ID query parameter, Session cookies, and so on. The xref:log-scrubbing.adoc[sensitive data] is defined under *Defend > WAAS > Sensitive data*. +* Endpoints with OWASP risks. + +For example, some of the path risks detect the resource path with vulnerable API endpoints that are exposed to the internet, APIs with sensitive data, and APIs that allow unauthenticated access to them. + +Select an endpoint to view the sidecar with additional statistics in the `JSON` structure, such as request and response size ranges, the sum of each specific returned status code, and the API change history. + +The statistics also show the `JSON` payload that was sent with the API request. + +image::waas-api-discovery-sidecar1.png[scale=15] + +//image::waas-api-discovery-sidecar2.png[scale=10] The JSON payload already shown in the above screenshot +//New suggestion comment from Elad on PR#877 +API *Change History* logs detect changes in API observations such as authentication, query parameters, path risks, or any new sensitive data matches, but not changes to the body of API messages. + +image::waas-api-discovery-api-change-history.png[scale=15] + +Under *Actions*, you can protect a path in an app, export the discovered endpoints for an app as an OpenAPI spec file, and also delete what WAAS has learned about the API for an app so far. + +NOTE: If a rule with an app is deleted from the WAAS policy, its learned endpoints are also deleted. + +*Protecting endpoints* + +Select *Protect* next to a resource to protect a path, set effects for all API endpoints discovered in the App, and select *Protect all*. +This enables you to protect all the API endpoints in the resource path identified within an app to the WAAS policy rule, not just the selected path. +When there is an event generated from a new endpoint, you have to explicitly *Protect* it. + +image::waas-protecting-policy.png[width=150] + +*Export API specifications* + +Select *Export OpenAPI* next to the resource path to export all the API endpoints, HTTP method, and the Server name discovered by the app for the given WAAS policy rule as OpenAPI 3.0 JSON. + +image::export-api-specifications.png[width=150] + +=== Limitations + +* Click to Protect/Delete/Download openAPI actions apply to all paths in the app, and not possible to select individual paths. +* The amount of APIs that we can discover per image is limited to a size < 1k, and query parameters size is < 20k. +* Filtering/sorting the API discovery endpoints by *API Protection* status is not applicable, as the protection status is calculated at the time of fetch (based on current policy). + +=== Troubleshooting + +* If a path is not learned on the *API discovery* page, it could be because the endpoint is not a valid path (the endpoint didn't return a status code of '200 OK'). The request had a WAF violation in it (The requests that trigger firewall rules are not learned). + +* Public API flagged as an error. If the source IP of an endpoint does not belong to a known internet IP address, the API containing this endpoint is flagged as an error. This is because the IP addresses are stored in a static database, which could be outdated. + +* Some of the endpoints are not flagged as unauthenticated. This is because for authentication we use a list of known headers and replies (401 response code) to learn, so if you are using some non-standard header for authentication, your endpoint will not be flagged. \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-api-protection.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-api-protection.adoc new file mode 100644 index 0000000000..d888b39d26 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-api-protection.adoc @@ -0,0 +1,121 @@ +== API Protection + +WAAS can enforce API security based on specifications provided in the form of https://swagger.io/[Swagger] or https://www.openapis.org/[OpenAPI] files. +Alternatively, you can manually define your API (e.g., paths, allowed HTTP methods, parameter names, input types, value ranges, and so on). +Once defined, you can configure the actions WAAS applies to requests that do not comply with the API's expected behavior. + +NOTE: Users should be careful when enabling <<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>> along with API protection. +<<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>> mandates client's support of cookies and javascript in order for them to reach the protected application. +As APIs are often accessed by "primitive" automation clients, avoid enabling <<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>> unless you are certain all clients accessing the protected API support BOTH cookies AND Javascript. + + +=== Import API definition from Swagger or OpenAPI files + +. Click the *App definition* tab. ++ +image::./waas_app_definition.png[width=650] + +. Click *Import*. ++ +image::./waas_import_api.png[width=650] + +. Select a file to load. + +. Click the *API protection* tab. ++ +image::./waas_api_protection_tab.png[width=650] + +. Review path and parameter definitions listed under *API Resources*. + +. Click the *Endpoint setup* tab. ++ +image::./waas_endpoint_setup_tab.png[width=650] + +. Review protected endpoints listed under *Protected Endpoints* and verify configured base paths all end with a trailing `*`. ++ +NOTE: Base path in the endpoint definition should always end with a `{asterisk}` e.g. _"/{asterisk}"_, _"/api/v2/{asterisk}"_. +If not configured that way, API protection will not apply to sub-paths defined in the API protection tab. + +. Go back to the *API protection* tab. ++ +image::./waas_api_protection_config_actions.png[width=650] + +. Configure an *API protection* <> for the resources defined under *API resources*, and an <> for all other resources. ++ +image::./waas_api_protection_action.png[width=650] + + +=== Define an API manually + +. Click the *App definition* tab. ++ +image::./waas_app_definition.png[width=650] + +. Click the *Endpoint setup* tab. ++ +image::./waas_endpoint_setup_tab.png[width=650] + +. Add protected endpoints under *Protected endpoints* and verify configured base paths all end with a trailing `*`. ++ +NOTE: Base path in the endpoint definition should always end with a `{asterisk}` e.g. _"/{asterisk}"_, _"/api/v2/{asterisk}"_. +If not configured that way, API protection will not apply to sub-paths defined in the API protection tab. + +. Click the *API protection* tab. ++ +image::./waas_api_protection_tab_empty.png[width=650] + +. Click *Add path* + +. Enter *Resource path* (e.g. _/product_ - resource paths should not end with a trailing _"/"_). ++ +image::./waas_api_protection_path_methods.png[width=650] ++ +Paths entered in this section are additional subpaths to the base path defined in the previous endpoint section. +For example, if in the endpoint definition hostname was set to _"www.example.com"_, base path set to _"/api/v2/{asterisk}"_ and in the *API Protection* tab resource path set to _"/product"_ - full protected resource would be `www.example.com/api/v2/product`. + +. Select allowed methods. ++ +image::./waas_select_methods.png[width=350] + +. For each allowed HTTP method, define parameters by selecting the method from *Parameters for* drop-down list. ++ +image::./cnaf_api_protection_select_method.png[width=350] + +.. Select an HTTP method from drop-down list. + +.. Click *Add parameter*. + +.. Enter parameter http://spec.openapis.org/oas/v3.0.3#parameter-object[definition]. ++ +image::./cnaf_api_add_parameter.png[width=550] + +. Configure an *API protection* <> for the resources defined under *API resources*, and an <> for all other resources. ++ +image::./waas_api_protection_action.png[width=650] ++ +* *Parameter violation* -- +Action to be taken when a request sent to one of the specified paths in the API resource list does not comply with the parameter provided definitions. ++ +* *Unspecified path(s)/method(s)* -- +Action to be taken in one of the following cases: ++ +** Request sent to a resource path that is not specified in the API resources list. +** Request sent using an unsupported HTTP method for a resource path in the API list. + +[#actions] +=== API Actions +HTTP requests that trigger API protections are subject to one of the following actions: + +* *Alert* - Request is passed to the protected application and an audit is generated for visibility. +* *Prevent* - Request is denied from reaching the protected application, an audit is generated, and WAAS responds with an HTML banner indicating the request was blocked. +* *Ban* - Can be applied on either IP addresses or <<./waas-advanced-settings.adoc#prisma-session,Prisma Session IDs>>. +All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack. ++ +To enable ban by Prisma Session ID, you must enable <<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>>. For more information on enabling Prisma Sessions and configuring ban definitions, see xref:./waas-advanced-settings.adoc[Advanced Settings]. + +[NOTE] +==== +* When the X-Forwarded-For HTTP header is included in the request headers, ban will apply based on the first IP listed in the header value (true client IP). +* WAAS implements state, which is required for banning user sessions by IP address. +Because Defenders do not share state, any application that is replicated across multiple nodes must enable IP address stickiness on the load balancer. +==== diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-app-firewall.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-app-firewall.adoc new file mode 100644 index 0000000000..8082d83232 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-app-firewall.adoc @@ -0,0 +1,300 @@ +[#protections] +== App Firewall Settings + +WAAS Firewall settings control the application firewall's protections, actions and exceptions. + +image::./waas_firewall_protections.png[width=750] + +NOTE: The following protections are available for Container, Host and App-Embedded rules. Serverless rules have a limited set of protections focusing mostly on OWASP Top-10 attacks. + +=== OWASP Top 10 Protection + +WAAS offers protection for the critical security risks described in the OWASP Top Ten list. + +==== SQL injection + +An SQL injection (SQLi) attack occurs when an attacker inserts an SQL query into the input fields of a web application. A successful attack can read sensitive data from the database, modify data in the database, or run arbitrary commands. + +WAAS parses and tokenizes input streams (request data) and then detects malicious attempts to inject unauthorized SQL queries. + + +==== Cross Site Scripting + +Cross-Site Scripting (XSS) is a type of injection attack, in which malicious JavaScript snippets are injected into otherwise benign and trusted web sites. Attackers try to trick the browser into switching to a Javascript context, and executing arbitrary code. + +WAAS parses and tokenizes input streams (request data) and then searches for matching fingerprints of known malicious attack patterns. + + +==== Command & Code Injection + +Command injection is a form of attack in which attackers attempt to run arbitrary commands on the web application's host. +Code injection is a form of attack in which code is injected and interpreted by the application or other runtimes. +Command and code payloads are either injected as part of HTTP requests or included from local or remote files (also known as File Inclusion). + +WAAS inspects all HTTP requests sent to the application and protects against all types of injection attacks as well as local file inclusions. + +NOTE: Prisma Cloud architecture facilitates defense in-depth via multiple protection layers. Enabling xref:../runtime-defense/runtime-defense.adoc[Runtime Protection] in addition to WAAS would allow profiling of the application and identifying any anomalies resulting from command or code injections (e.g. unexpected new processes or DNS queries) + + +==== Local File Inclusion + +Local File Inclusion is a form of attack in which attackers attempt to gain unauthorized access to locally stored sensitive files on the web application host. Such access attempts are often made using directory traversal attacks or exploiting file inclusion vulnerabilities in the application. + +WAAS inspects all HTTP requests sent to the application for local file inclusion attacks aiming at sensitive system files as well as other various traversal attempts. + + +==== Attack Tool & Vulnerability Scanners + +Vulnerability scanners are automated tools that scan web applications for known security vulnerabilities and misconfiguration. + +Web crawlers are automated tools designed to systematically access and enumerate the content of web applications. Crawling can lead to data breaches by exposing resources that should not be publicly available, or revealing opportunities for hacking by exposing software versions, environment data, and so on. + +WAAS is continuously updated with new signatures of widely used web attack arsenal, crawlers and penetration testing tools. + + +[#api-protection] +=== API Protection + +WAAS is able to enforce API security based on specifications provided in the form of https://swagger.io/[Swagger] or https://www.openapis.org/[OpenAPI] files. +WAAS also allows for manual API definition. E.g. paths, allowed HTTP methods, parameter names, input types, value ranges, etc. +Once defined, users can choose WAAS actions to apply for requests which do not comply with the API's expected behavior. + +For further detail on configuring API protection please refer to the xref:./waas-api-protection.adoc[API Protection] help page. + + +=== Security Misconfigurations + +==== Shellshock + +Shellshock is a unique privilege escalation vulnerability that permits remote code execution. +In unpatched versions of the bash shell interpreter, the Shellshock vulnerability lets attackers create environment variables with specially crafted values that contain code. As soon as the shell is invoked, the attacker's code is executed. + +WAAS checks for requests that are crafted to exploit the Shellshock vulnerability. + +For more information about Shellshock, see +https://en.wikipedia.org/wiki/Shellshock_(software_bug)#Initial_report_(CVE-2014-6271)[CVE-2014-6271]. + + +==== Malformed Request Protection + +WAAS validates the structure of HTTP requests, automatically blocking those that are malformed. + +Examples of malformed requests include: + +* HTTP GET requests with a body. +* HTTP POST requests without a `Content-Length` header. + + +==== Cross-site Request Forgery + +Cross-site request forgery (CSRF) attacks trick the victim's browser into executing unwanted actions on a web application in which the victim is currently authenticated. +WAAS mitigates CSRF attacks by intercepting responses and setting the 'SameSite' cookie attribute value to 'strict'. +The 'SameSite' attribute prevents browsers from sending the cookie along with cross-site requests. +It only permits the cookie to be sent along with same-site requests. + +There are several techniques for mitigating CSRF, including synchronizer (anti-CSRF) tokens, which developers must implement as part of your web application. +The synchronizer token pattern generates random challenge tokens associated with a user's session. +These tokens are inserted into forms as a hidden field, to be submitted along with your forms. +If the server cannot validate the token, the server rejects the requested action. + +The SameSite cookie attribute works as a complementary defense against CSRF, and helps mitigate against things such as faulty implementation of the synchronizer token pattern. + +- When the SameSite attribute is not set, the cookie is always sent. + +- With SameSite attribute set to strict, the cookie is never sent in cross-site requests. + +- With SameSite attribute set to lax, the cookie is only sent on same-site requests or top-level navigation with a safe HTTP method, such as GET. + +It is not sent with cross-domain POST requests or when loading the site in a cross-origin frame. +It is sent when you navigate to a site by clicking on a link that changes the URL in your browser's address bar. + +Currently, the +https://caniuse.com/#feat=same-site-cookie-attribute[following browsers support the SameSite attribute]: + +* Chrome 61 or later. +* Firefox 58 or later. + +For more information about the SameSite attribute, see https://tools.ietf.org/html/draft-west-first-party-cookies-07 + + +==== Clickjacking + +Web applications that permit their content to be embedded in a frame are at risk of clickjacking attacks. Attackers can exploit permissive settings to invisibly load the target website into their own site and trick users into clicking on links which they never intended to click. + +WAAS modifies all response headers, setting the `X-Frame-Options` response header value to `SAMEORIGIN`. The `SAMEORIGIN` directive only permits a page to be displayed in a frame on the same origin as the page itself. + + +=== Intelligence Gathering + +Error messages give attackers insight into the inner workings of your application. It is therefore important to prevent information leakage. + +The following controls limit the exposure of sensitive information. + +[.section] +==== Remove Server Fingerprints + +By gathering information about the software type and version used by the web application, attackers may learn about potentially known weaknesses and bugs and exploit them. + +Eliminating unnecessary headers makes it more difficult for attackers to identify the frameworks that underpin your application. + +Response headers that advertise your application's web server and other server details should be scrubbed. WAAS automatically removes unnecessary headers, such as `X-Powered-By`, `Server`, `X-AspNet-Version`, and `X-AspNetMvc-Version`. + +[.section] +==== Detect Information Leakage + +WAAS detects situations where the contents of critical files, such as _/etc/shadow_, _/etc/passwd_, and private keys, are contained in responses. WAAS will also detect when responses contain directory listings, output from php_info() function calls, and other similar data leakage cases of potentially risky information. + +[.section] +==== Prisma Cloud Advanced Threat Protection + +Prisma Cloud Advanced Threat Protection (ATP) is a collection of malware signatures and IP reputation lists aggregated from commercial threat feeds, open source threat feeds, and Prisma Cloud Labs. It is delivered to your installation via the Prisma Cloud Intelligence Stream. +The data in ATP is used by WAAS to detect suspicious communication with attacker controlled clients such as a botnet herders or C2 servers. +For more details please click xref:../technology-overviews/twistlock-advanced-threat-protection.adoc[here]. + +NOTE: Prisma Cloud Advanced Threat Protection is not available when protecting Windows-based hosts. + +[#firewall-actions] +=== Firewall Actions + +Requests that trigger a WAAS protection are subject to one of the following actions: + +* *Alert* - The request is passed to the protected application and an audit is generated for visibility. +* *Prevent* - The request is denied from reaching the protected application, an audit is generated and WAAS responds with an HTML page indicating the request was blocked. +* *Ban* - Can be applied on either IP or <<./waas-advanced-settings.adoc#prisma-session,Prisma Session IDs>>. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack. + +NOTE: A message at the top of the page indicates the entity by which the ban will be applied (IP or Prisma Session ID). When the X-Forwarded-For HTTP header is included in the request headers, ban will apply based on the first IP listed in the header value (true client IP). + +NOTE: To enable ban by Prisma Session ID, <<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>> has to be enabled in the Advanced Settings tab. for more information please refer to the xref:./waas-advanced-settings.adoc#prisma-session[Advanced Settings] help page. + +NOTE: WAAS implements state, which is required for banning user sessions by IP address or Prisma Sessions. +Because Defenders do not share state, any application that is replicated across multiple nodes must enable IP stickiness on the load balancer. + + +[#firewall-exceptions] +=== Firewall Exceptions + +WAAS allows for fine-tuning to reduce false positive and tailor its protection to the application needs. +Firewall exception will instruct WAAS to ignore a the value of a parameter or HTTP Header when inspecting an HTTP request e.g. WAAS can ignore a query parameter named `comments` when inspecting a request for SQL injection attacks. + +WAAS supports the following locations: + +* *path* - requests sent to the specified path will be excluded from inspection by the protection. +* *query* - specify the name of a query parameter to be excluded in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^id$`. +* *query values* - specify a payload pattern to be excluded in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^.*test[1-9]{1,6}$`. +* *form/multipart* - specify the name of a body parameter (of type application/x-www-form-urlencoded or sent via a multipart HTTP request) to be excluded in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^comment$` +* *header* - specify the name of an HTTP header to be excluded in the form of a regular expression (re2), e.g. `^X-API-.{3,5}$` or `^Host$`. +* *user-Agent* - specify the User-Agent HTTP header value to be excluded in the form of a regular expression (re2), e.g. `^X-API-.{3,5}$` or `^Host$`. +* *cookie* - specify the name of cookie to be excluded in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^sessionID$`. +* *XML (body)* - specify an XML element to be excluded. Object can be of any data type. Path to the object should be specified in a custom path format - define an absolute path to the element, notation supports word characters (a-z, A-Z, 0-9, `_`, `-`) separated by `/` character. e.g: `/root/nested`, `/root/nested/id`. Excluding all objects by specifying only `/` is not supported. +* *JSON (body)* - specify an object path to be excluded. Object can be of any data type. Path to the object should be specified in a custom path format - define an absolute path to the element, notation supports word characters (a-z, A-Z, 0-9, `_`, `-`) separated by `/` character. e.g: `/root/nested`, `/root/nested/id`. Excluding all objects by specifying only `/` is not supported. +* *body* - specify a payload pattern to be excluded in the form of a regular expression (https://github.com/google/re2/wiki/Syntax[re2]), e.g. `^.*test[1-9]{1,6}$`. + +NOTE: *Body* exception type will match the provided pattern on the raw inspected body (based on the inspection size limit) even when not parsed. Other firewall exceptions are based on parameter names and will only be applied on requests that WAAS was able to parse correctly. + +NOTE: Every protection will have different locations available for exclusion based on the nature of threats. + + +[.task] +==== Adding a new exception + +[.procedure] +. In the *App firewall* menu click on the image:./waas_manage_exceptions.png[] icon for one of the OWASP Top-10 protection. + +. Click on the image:./waas_add_exception.png[] button + +. Select the location and name of the parameter / HTTP header to be excluded ++ +image::./waas_add_new_exception.png[width=500] + +. Select the location and name of the parameter / HTTP header to be excluded. ++ +NOTE: Every protection will have different locations available for exclusion based on the nature of threats. + +. Click on *Save Exception*. + + +[.task] +==== Managing exceptions + +[.procedure] +. In the *App firewall* menu click on the image:./waas_manage_exceptions.png[] icon for one of the OWASP Top-10 protection. + +. In the table, click on the exception you'd like to edit. + +. Edit the location and name of the parameter / HTTP header to be excluded. ++ +NOTE: Every protection will have different locations available for exclusion based on the nature of threats. + +. Click on *Done Editing*. + + +[#sanity-tests] +=== cURL Test Commands + +Below are curl-based tests that can be used to verify endpoints have been properly defined. +Make sure all changes are saved prior to running these tests. +The method for verifying test results differs according to the selected action: + +* *Alert* - Go to *Monitor > Events* to see alerts logged by Prisma Cloud relating to this policy violation. +* *Prevent* - Commands return output similar to the following: ++ + HTTP/1.1 403 Forbidden + Date: Wed, 15 Jul 2020 12:51:50 GMT + Content-Type: text/html; charset=utf-8 + +In the following examples, replace `` with your endpoint's hostname and `` with the web facing port of your application. +For testing HTTP header access control, also replace `` with the header name set in the rule and `` with set values. + +SQL injection: + +---- +curl -I http://:/\?id\=%27%20OR%20%271 +---- + +Cross-site scripting: + +---- +curl -I http://:/\?id\=\alert\(\1\)\ +---- + +OS command injection: + +---- +curl -I http://:/\?id\=%3B+%2Fsbin%2Fshutdown +---- + +Code injection: + +---- +curl -I http://:/\?id\=phpinfo\(\) +---- + +Local file inclusion: + +---- +curl -I http://:/\?id\=../etc/passwd +---- + +Attack tools and vulnerability scanners: + +---- +curl -I -H 'User-Agent: sqlmap' http://:/ +---- + +Shellshock protection: + +---- +curl -I -H "User-Agent: () { :; }; /bin/eject" http://:/ +---- + +Malformed HTTP request: + +---- +curl -s -i -X GET -o /dev/null -D - -d '{"test":"test"}' http://:/ +---- + +HTTP header access controls: + +---- +curl -H ': ' http://:/ +---- diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-bot-protection.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-bot-protection.adoc new file mode 100644 index 0000000000..aaae35c7c4 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-bot-protection.adoc @@ -0,0 +1,219 @@ +== Bot Protection + +WAAS bot protection provides visibility into bots and other automation frameworks accessing protected web applications and APIs. + +image::./waas_bot_protection.png[width=750] + +=== Bot Categories + +WAAS detects known good bots as well as other bots, headless browsers, and automation frameworks. WAAS is also able to fend off cookie-dropping clients and other primitive clients by mandating the use of cookies and javascript in order for the client to reach the protected origin. + +Bots are categorized into the following Categories: + +.Known bots +* *Search Engine Crawlers* - Bots systematically crawling and indexing the World Wide Web to index pages for online searching. Also known as spider bots or web crawlers. +* *Business Analytics Bots* - Bots that crawl, extract, and index business related information. +* *Educational Bots* - Bots that crawl, extract and index information for educational purposes, such as academic search engines. +* *News Bots* - Bots that crawl, extract and index the latest news articles, usually for news aggregation services. +* *Financial Bots* - Bots that crawl, extract and index financial related data. +* *Content Feed Clients* - Automated tools, services or end-user clients that fetch web contents for feed readers. +* *Archiving Bots* - Bots that crawl, extract, and archive website information. +* *Career Search Bots* - Automated tools or online services that extract and index job-related postings. +* *Media Search Bots* - Bots that crawl, extract and index media contents for search engine purposes. + + +.Unknown bots +This category contains various bots and other automation frameworks which cannot be classified by their activity or origin + +* *Generic Bots* - Clients with attributes that indicate an automated bot. +* *Web Automation Tools* - Scriptable headless web browsers and similar web automation tools. +* *Web Scrapers* - Automated tools or services that scrape website contents. +* *API Libraries* - Software code libraries for Web API communications. +* *HTTP Libraries* - Software code libraries for HTTP transactions. +* *Request Anomalies* - HTTP requests with anomalies that are not expected from common web browsers. +* *Bot Impersonators* - Bots and automation tools impersonating as known good bots to evade rate limitation and other restrictions. +* *Browser Impersonators* - Automated tools or services that impersonate common web browser software. + +.User-defined bots +Users can create custom signatures to be used based on HTTP headers and source IPs. +User-defined signatures are useful for tracking customer specific bots, self-developed automation clients and traffic that appears suspicious. + +=== Detection methods + +WAAS uses static and active methods for detecting bots. + +.Static detections +Static detection examines each incoming HTTP request and analyzes it to determine whether it was sent by a bot. + +.Active detections +Active detections make use of javascript and xref:./waas-advanced-settings.adoc#prisma-session[Prisma Sessions Cookies] to detect and classify bots. + +When enabled, WAAS will set a Prisma Session cookie in each client. +Prisma Session Cookies set by WAAS are encrypted and signed to prevent cookie tampering. In addition, cookies include advanced protections against cookie replay attacks where cookies are harvested and re-used in other clients. + +NOTE: Prisma sessions are intended to address the problem of "Cookie Droppers" by validating clients support of cookies and Javascript before allowing them to reach the origin server. Once enabled, WAAS serves an interstitial page for any request that does not include a valid Prisma Session Cookie. The interstitial page sets a cookie and redirects the client to the requested page using Javascript. A client that doesn't support cookies and Javascript will keep receiving the interstitial page. Browsers can easily proceed to the requested page, and once they possess a valid cookie they will not encounter the interstitial page. + +In addition to xref:./waas-advanced-settings.adoc#prisma-session[Prisma Sessions Cookies], active detections also include javascript-based detections. +When enabled, javascript will be injected periodically in server responses to collect browser attributes and flag anomalies typical to various bot frameworks. Javascript fingerprint results are received and processed asynchronously and are used to classify session for future requests. + +==== Detection workflow + +image::./waas_bot_flowchart.png[] + +=== Deploying Bot Protection + +==== Known bots + +. Go to *Bot protection > Known bots*. ++ +image::./waas_known_bots.png[width=500] + +. Choose <> for each bot category. + +==== Unknown bots + +. Go to *Bot protection > Unknown bots*. ++ +image::./waas_unknown_bots.png[width=500] + +. Choose <> for each bot category. + +.. If `Request anomalies` are enabled, choose sensitivity threshold ++ +image::./waas_request_anomalies.png[width=300] + +... *Strict enforcement* - high sensitivity (a few anomalies suffice for classifying as bot). + +... *Moderate enforcement* - medium sensitivity. + +... *Lax enforcement* - low sensitivity. + +[#user-defined-bot] + +==== User-defined bots + +. Go to *Bot protection > User defined bots*. ++ +image::./waas_user_defined_bots.png[width=500] + +. Select *Define new bot*. + +. Create bot signature by using a combination of the following fields: ++ +image:./waas_add_user_bot.png[width=500] + +.. *HTTP Header name* - specify HTTP header name to include in the signature + +.. *Header Values* - comma-separated list of values to be matched on in the HTTP header. Wildcard is allowed. + +.. *Inbound IP sources* - specify xref:./waas-advanced-settings.adoc#network-lists[Network list] of IP addresses from which the bot originates. + +. Choose an <> to apply. + + +==== Enabling active detections + +. Go to *Bot protection > Active bot detection*. ++ +image::./waas_active_bot_detections.png[width=500] ++ +NOTE: Active Bot detection requires xref:./waas-advanced-settings.adoc#prisma-session[Prisma Sessions Cookies] to be enabled in the `advanced settings` tab. + +[start=3] +. Choose <> to apply. + +.. *Session Validation* - action to apply when WAAS is unable to validate the session, either due to cookie tampering or cookie replay. + +.. *Javascript-based detection* - enable periodic injection of javascript to collect browser attributes and flag anomalies typical to various bot frameworks. + +.. *Javascript injection timeout* - once javascript is enabled, choose action to apply when the browser does not send a response to the javascript injection on time. + +.. *reCAPTCHA v2 integration* - enable https://developers.google.com/recaptcha/intro[Google's reCAPTCHA v2] integration by specifying the site key, secret key and challenge type. +For more details please refer to the elaborated <> on reCAPTCHA below. + + +[#recaptcha] +=== reCAPTCHA v2 integration + +WAAS Users can enable https://developers.google.com/recaptcha/intro[Google's reCAPTCHA v2] integration by specifying the site key, secret key and challenge type. +According to the user's preference and settings, WAAS will serve a reCAPTCHA challenge at the beginning of each new session, or when a request is suspected of being sent by an unknown bot. + +NOTE: Only reCAPTCHA v2 is supported. + +[.task] +==== Deploy reCAPTCHA + +Deploy reCAPTCHA. + +[.procedure] +. Enter the *Site key* provided during the site registration + +. Enter the *Secret key* provided during the site registration + +. Select the *Challenge type* specified during the site registration ++ +[NOTE] +==== +Challenge type MUST match the challenge type selected on the reCAPTCHA site registration form (invisible or checkbox) for the reCAPTCHA integration to function properly. + +WAAS reCAPTCHA v2 integration does not support "reCAPTCHA Android" type +==== + +. Choose a preferred *friction*. ++ +NOTE: reCAPTCHA will ONLY be served for GET HTTP requests. +WAAS will block requests sent using other methods until a reCAPTCHA challenge is solved and the success result is encoded into the Prisma Session Cookie. ++ +* *By policy (reCAPTCHA as an action)* - when selected, a new effect will be available in the `Unknown bot` category ++ +image::./waas_captcha_action.png[width=500] ++ +When the reCAPTCHA is selected, WAAS will serve an interstitial page with a reCAPTCHA challenge whenever the protection is triggered.  ++ +image::./waas_captcha_page.png[width=200] ++ +If the end-user successfully passes the challenge, it will be recorded in the Prisma Session Cookie for the duration of the `Success Expiration` setting (default is 24 hours). + +* *Each new session* - Every new session will start with an interstitial page containing the reCAPTCHA challenge. +If the end-user successfully passes the challenge, it will be recorded in the Prisma Session Cookie for the duration of the `Success Expiration` setting (default is 24 hours). + +. Set the *Success Expiration* (in hours). ++ +This field determines how long a successful solution to a reCAPTCHA challenge will remain valid. +Once the expiration date has passed, a new reCAPTCHA challenge will be presented (based on the selected friction settings). + +. Enable *Custom reCAPTCHA page* option to enter a customized HTML reCAPTCHA. The minimum required defender version is v30.00. + +=== Bot protection events + +* *Known bots* - if a known bot is detected, the event message and attack type will provide details regarding the bot classification. +* *Unknown bots* - if an unknown bot is detected, the event message and attack type would provide details regarding the bot classification +* *User-defined bots* - a used-defined bot has been detected. +* *Session Validation* - The web client failed to pass the bot-detection session validation checks (e.g. prisma session cookie has been tampered with etc.). +* *Javascript Injection Timeout* - the web client failed to pass the bot-detection JavaScript injection check in reasonable time (timeout). +* *Missing Cookie* - client made a non GET request without a cookie. +* *Failed reCAPTCHA verification: * - Google's reCAPTCHA verification API has responded with an error message. +* * request when a reCAPTCHA page is required* - As mentioned in the <>, reCAPTCHA will ONLY be served for GET HTTP requests. +WAAS will block requests sent using other methods until a reCAPTCHA challenge is solved and an event carrying this message will be registered. + +[#bot-actions] + +=== Bot Protection Actions + +Requests that trigger a WAAS bot protection are subject to one of the following actions: + +* *Alert* - The request is passed to the protected application and an audit is generated for visibility. +* *Prevent* - The request is denied from reaching the protected application, an audit is generated and WAAS responds with an HTML page indicating the request was blocked. +* *Ban* - Can be applied on either IP or <<./waas-advanced-settings.adoc#prisma-session,Prisma Session IDs>>. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack. +* *Allow (available for user-defined bots)* - request is forwarded to the protected application and no audit is generated. +* *reCAPTCHA* - a page will be served with a reCAPTCHA v2 challenge to be solved before proceeding to the website. + +[NOTE] +==== +A message at the top of the page indicates the entity by which the ban will be applied (IP or Prisma Session ID). When the X-Forwarded-For HTTP header is included in the request headers, ban will apply based on the first IP listed in the header value (true client IP). + +To enable ban by Prisma Session ID, <<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>> has to be enabled in the Advanced Settings tab. for more information please refer to the xref:./waas-advanced-settings.adoc#prisma-session[Advanced Settings] help page. + +WAAS implements state, which is required for banning user sessions by IP address or Prisma Sessions. +Because Defenders do not share state, any application that is replicated across multiple nodes must enable IP stickiness on the load balancer. +==== \ No newline at end of file diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-custom-rules.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-custom-rules.adoc new file mode 100644 index 0000000000..a7a2b2785f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-custom-rules.adoc @@ -0,0 +1,447 @@ +== WAAS custom rules + +WAAS custom rules offer an additional mechanism to protect your running web apps. +Custom rules are expressions that give you a precise way to describe and detect discrete conditions in requests and responses. +WAAS intercepts layer 7 traffic, passes it to Prisma Cloud for evaluation. +Expressions let you inspect various facets of requests and responses in a programmatic way, then take action when they evaluate to true. +Custom rules can be used in container, host, and app-embedded WAAS policies. + +Besides your own custom rules, Prisma Labs ships and maintains rules for newly discovered threats. +These system rules are distributed via the Intelligence Stream. +By default, they are shipped in a disabled state. +You can review, and optionally activate them at any time. +System rules cannot be modified. +However, you can clone and customize them to fit your own specific needs. + +NOTE: Before using custom rules, ensure Console and Defender run the same version of Prisma Cloud Compute. +The minimum required version for a Defender appears when you add a custom rule to a policy. +For example, if a Console runs a newer version, but Defenders have not been upgraded, using functionality only available in the newer version will result in a WAAS error. +If this occurs, upgrade Defenders to match their Console's version. + +=== Expression grammar + +Expressions let you examine the contents of requests and responses. +The grammar lets you inspect various properties in an event. +For example, you could write an expression that determines if an IP address falls inside a specific CIDR block. + +Expressions support the following types: + +* String. +* String list. +* String map. +* Integer. +* IP address (e.g. "192.168.0.1") +* CIDR block (e.g. "192.168.0.0/16") + +Expressions have the following grammar: + +`term (op term | in | )*` + +term:: +`integer | string | keyword | event | '(' expression ')' | unaryOp` + +op:: +`and | or | > | < | >= | <= | = | !=` + +in:: +`'(' integer | string (',' integer | string)*)?` ++ +Can also be used to determine if an IP address is in a CIDR block: +For example: ++ +`req.ip in "192.168.0.0/16"` + +unaryOp:: +`not` + +keyword (similar to wildcards):: +`startswith | contains` ++ +`contains` can be used for: ++ +* Equality. +For example: `req.header_names contains "X-Forwarded-For"` +* Regular expression match for string lists. +For example: `req.header_names contains /^X-Forwarded.*/` +* Regular expression match for strings. +For example: `req.body contains /^some-regex-text.*/` + +string:: +Strings must be enclosed in double-quotes. + +integer:: +`int` + +event:: +`req | resp` + +[ ]:: +Selector operator. +Selects a specific value by key from a map. +Headers, cookies, body params, and query params are maps. +The selection operation template is as following: ++ +`req.[""]` ++ +For example: ++ +`req.headers["Content-Type"] contains "text/html"` + + +==== Request events + +Expressions can examine the following attributes of a request: + +[cols="2,1,2,3", options="header"] +|=== +|Attribute +|Minimum Defender version +|Type +|Example + +|req.host +|22.06 +|Map of String +|`req.host contains /^.*ACME[1-9]{1,6}$/` + +|req.headers +(for matching on "Host" header use req.host) +|21.04 +|Map of String +|`req.headers["User-Agent"] contains /^.*ACME[1-9]{1,6}$/` + +|req.header_names +|21.04 +|String List +|`req.header_names contains /^X-Forwarded.*/` + +|req.header_values +|21.04 +|String List +|`req.header_values contains "secretkey"` + +|req.cookies +|21.04 +|Map of String +|`req.cookies["yummy-cookie"] contains "flour"` + +|req.cookie_names +|21.04 +|String List +|`req.cookie_names contains "ga"` + +|req.cookie_values +|21.04 +|String List +|`req.cookie_values contains "admin"` + +|req.query_params +|21.04 +|Map of String +|`req.query_params["id"] contains "admin"` + +|req.query_param_names +|21.04 +|String List +|`req.query_param_names contains "ssn"` + +|req.query_param_values +|21.04 +|String List +|`req.query_param_values contains /\d{3}-?\d{2}-?\d{4}/` + +|req.body_param_values +|21.04 +|String List +|`req.body_param_values contains "username"` + +|req.http_method +|21.04 +|String +|`req.http_method = "POST"` + +|req.file_extension +|21.04 +|String +|`req.file_extension contains /pdf$/` + +|req.path +|21.04 +|String +|`req.path startswith "/admin/"` + +|req.ip +|21.04 +|IP +(written as string, parsed as IP if IP is valid) +|`req.ip in "2.2.2.0/24" or req.ip = "8.8.8.8"` + +|req.country_code +|21.04 +|String +|`req.country_code = "US"` + +|req.body +|21.04 +|String +|`req.body contains /password/` + +|req.http_version +|21.04 +|String +|`req.http_version = "1.0"` + +|req.http_scheme +|21.04 +|String +|`req.http_scheme = "HTTPS"` + +|=== + + +NOTE: When gRPC is enabled, the `req.body` attribute may not be able to properly match on the body content if it is sent in binary form. + +==== Response events + +Expressions can examine the following attributes of a response. + +[NOTE] +==== +To examine server responses in custom rules, the rule type must be set to `waas-response` + +image::waas_response_custome_rule_type.png[width=350] +==== + +[cols="2,1,2,3", options="header"] +|=== +|Attribute +|Minimum Defender version +|Type +|Example + +|resp.status_code +|21.04 +|Integer +|`resp.status_code = 200` + +|resp.content_type +|21.08 +|String +|`resp.content_type = "application/json"` + +|resp.body +|21.08 +|String +|`resp.body contains /^somesecret$/` + +|resp.headers +|21.08 +|Map of String +|`resp.headers["Set-Cookie"] contains /SESSIONID/` + +|resp.header_names +|21.08 +|String List +|`resp.header_names contains "Set-Cookie"` + +|resp.header_values +|21.08 +|String List +|`resp.header_values contains "ERROR"` + +|=== + + +NOTE: When gRPC is enabled, the `resp.body` attribute may not be able to properly match on the body content if it is sent in binary form. + +==== Transformation functions + +The following transformations are available to users creating custom rules: + +* *lowercase* - converts all characters to lowercase. +* *compressWhitespace* - converts whitespace characters (32, \f, \t, \n, \r, \v, 160) to spaces (32) and then compresses multiple space characters into only one. +* *removeWhitespace* - removes all whitespace characters. +* *urlQueryDecode* - decodes URL query string. +* *urlPathDecode* - decodes URL path string (identical to *urlQueryDecode* except that it does not unescape `+` to space). +* *unicodeDecode* - normalizes unicode characters to their closest resemblance in ASCII format. +* *htmlEntityDecode* - decodes HTML components in a given string. +* *base64Decode* - decodes a base64-encoded string. +* *replaceComments* - replaces each occurrence of a C-style comments (/* ... */) with a single space (multiple consecutive occurrences of a space will not be compressed). +* *removeCommentSymbols* - removes each comment symbol (/*, */) from a string. +* *removeTags* - replaces encoded tag entities (`\<`, `\>`) with a single whitespace. + +==== JWT parsing functions + +* `jwtPayload()` - returns a string representing the payload section of the JWT (simply the whole second part of the token, base64url decoded). + +`jwtPayload(req.headers["Authorization"]) contains /pattern/` + +* `jwtPayloadValue(, )` - returns the string value associated with a key inside the payload section of the given JWT. + +To inspect if a string value associated with a key say "email_verified" is set to "false", use the following expression: +`jwtPayloadValue(req.headers["Authorization"], "email_verified") contains /^false$/` + +* `jwtHeader()` - returns a string representing the header section of the JWT. + +* `jwtHeaderValue(,
)` - returns the string value associated with a key inside the header section of the given JWT. + +For example, to check if the key "kid" contains the value matching a pattern: +`jwtHeaderValue(req.headers["Authorization"], "kid") contains /\.\.[\\\/]/` + +* `jwtValid()` - returns a boolean value which is true only if the input argument represents a JWT, and this JWT passed the following checks: + +For example: `(not jwtValid(req.headers["Authorization"])) or jwtHeaderValue(req.headers["Authorization"], "alg") contains /^none$/` + +** If the JWT is signed with a standard algorithm with a fixed-length output, the signature of the JWT should be of that known length. + +** If the JWT is signed with a standard symmetric-key algorithm, the header of the JWT does not contain a parameter that is meant to be used only with asymmetric algorithms (e.g. parameters used to identify a public key that is used to verify the JWT's signature). + +** The JWT has not expired - check when the 'exp' (Expiration Time) claim is present. + +** The JWT's has already been issued (issue time < current time) - checked when the 'iat' (Issued At) claim is present. + +** The JWT has already become valid ("not valid before" time < current time) - checked when the 'nbf' (Not Before) claim is present. + +The WAAS events for JWT custom rule violations are generated under *Monitor > Events > WAAS for containers/hosts*, with the attack type as *Custom Rule*. + +image::waas-events-jwt.png[width=350] + +*Limitations*: + +* *No signature verifications*: The signature part of JWT is not verified. This verification should be handled by the application receiving the token. +* *Encrypted JWTs are not supported*: The Encrypted Java Webtokens (JWEs) are not handled. + +==== Effects + +The following effects may be applied on HTTP requests/responses that match a WAAS custom rule: + +* *Allow* - The request is passed to the protected application, all other detections are not applied (e.g app firewall, bot protection, API protection, etc.). No audit is generated. +* *Alert* - The request is passed to the protected application and an audit is generated for visibility. +* *Prevent* - The request is denied from reaching the protected application, an audit is generated and WAAS responds with an HTML page indicating the request was blocked. +* *Ban* - Can be applied on either IP or <<./waas-advanced-settings.adoc#prisma-session,Prisma Session IDs>>. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time-period (default is 5 minutes) following the last detected attack. + +NOTE: A message at the top of the page indicates the entity by which the ban will be applied (IP or Prisma Session ID). When the X-Forwarded-For HTTP header is included in the request headers, the ban will apply based on the first IP listed in the header value (true client IP). +For custom rules defined in *Out-of-Band*, only *Allow* and *Alert* effects are allowed. + +[#examples] +==== Example expressions + +The following examples show how to use the expression grammar: + +* Special expression to determine if an IP address falls within a CIDR block: + +`req.ip in "192.168.0.0/16"` + +* Example of using a regular expression: + +`req.header_names contains /^X-Forwarded.*/` + +* Determine if the request method matches a method in the array. +Currently, you can only create custom arrays as part of the `in` operator. + +`req.http_method in ("POST", "PUT")` + +* Example of using `contains`: + +`req.header_values contains "text/html"` + +* Example using a selector: + +`req.cookies["yummy-cookie"] contains "flour"` + +* Example of an expression with three conditions. +All conditions must evaluate to true for there to be a match. + +`req.http_method = "POST" and resp.status_code >= 400 and resp.status_code <= 599` + +* Example for detecting HTTP 1.0 requests sent to a path starting with /api/control/ with an "admin" cookie whose Base64 decoded value is set to "True". + +`req.http_version = "1.0" and lowercase(req.path) startswith "/api/control/" and base64Decode(req.cookies["admin"]) contains /^True$/`` + +* Example for detecting successful login requests by checking the Set-Cookie header value using chained transformation functions. + +`req.http_method = "POST" and resp.status_code = 200 and compressWhitespace(base64Decode(resp.headers["Set-Cookie"])) contains /SESSIONID/`` + + +[.task] +=== Write a WAAS custom rule + +Expression syntax is validated when you save a custom rule. + +[.procedure] +. Open Console, and go to *Defend > WAAS* > *{Container | Host | App-Embedded | Agentless} > {In-line | Out-Of-Band}*. + +. Click *Add rule*. + +. Enter a name for the rule. + +. In *Message*, enter an audit message to be emitted when an event matches the condition logic in this custom rule. ++ +Use the following syntax to view the matched groups: +: %regexMatches ++ +Refer to the following screenshot: ++ +image::waas_custom_rule_regex_match_group.png[width=350] + +. Select the rule type. ++ +You can write expressions for requests or responses. +What you select here scopes the vocabulary available for your expression. + +. Enter your expression logic. ++ +Press `OPTION` + `SPACE` to get a list of valid terms, expressions, operators, etc, for the given position. ++ +Use the example expressions <> as a starting point for your own expression. + +. Click *Save*. ++ +Your expression logic is validated before it is saved to the Console's database. + + +[.task] +=== Activate WAAS custom rules + +A custom rule is made up of one or more conditions. +Attach a custom rule to a WAAS policy rule to activate it. + +Custom rules are defined in *Defend > Custom rules > WAAS*. +WAAS policy rules are defined in *Defend > WAAS > {Container | Host | App-Embedded | Agentless} > {In-line | Out-Of-Band}*. + +When attaching a custom rule to a WAAS policy rule, you specify the action to be taken when the expression evaluates to true (i.e. the expression matches). +Supported actions for In-line WAAS policy are Disable, Allow, Alert, Prevent, and Ban. For Out-Of-Band/Agentless the only actions available are Disable, Allow, and Alert. + +Custom rules have priority over all other enabled WAAS protections. +WAAS evaluates all custom rules that are attached, so you can get more than one audit if more than one custom rule matches. + +*Prerequisites:* You have already set up WAAS to protect an app, and there's a rule for it under *Defend > WAAS > {Container | Host | App-Embedded | Agentless} > {In-line | Out-Of-Band}*. +For more information about setting up an app, see xref:../waas/deploy-waas/deploy-waas.adoc[Deploy WAAS]. + +[.procedure] +. Open Console, and go to *Defend > WAAS > {Container | Host | App-Embedded | Agentless} > {In-line | Out-Of-Band}*. + +. Select a rule under *App list*. + +. *Add app* and then go to *Custom rules*. + +. Select the effects to *Auto-apply virtual patches* to known CVEs vulnerabilities as detected by Prisma Cloud. The effect will be applied on HTTP requests/responses that match a WAAS custom rule. ++ +In addition to selecting the global effect for applying the virtual patch, you can also override the default effects by selecting *user-selected custom rules* that are always applied regardless of the global auto-apply virtual patch under *Defend > WAAS > Container/Host/Agentless/App-embedded > {In-Line/Out-Of-Band}*. ++ +NOTE: The *Auto-apply virtual patches* are only applicable if the minimum Defender version is Kepler or greater. + +. *Select rules* from the predefined list of custom rules and click *Apply*. Alternatively, you can also create your own custom rules, with *Add rule*. + +.. A list of available WAAS custom rules is displayed. Whenever a user creates a rule, the *owner* column is populated with the username. The owner column of virtual patches provided by Unit-42 researchers will have the value `system`. + +.. The minimum supported Defender version appears when you add the custom rule to a policy. ++ +image::./waas_custom_rules_min_defender.png[width=350] + +. Configure the effect for each custom rule. ++ +By default, the effect is set to *Alert*. + +. Click *Save*. + diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-dos-protection.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-dos-protection.adoc new file mode 100644 index 0000000000..07467a4cd9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-dos-protection.adoc @@ -0,0 +1,75 @@ +== DoS protection + +WAAS is able to enforce rate limit on IPs or sessions to protect against high-rate and "low and slow" application layer DoS attacks. + +image::./waas_dos_protection.png[width=750] + +=== DoS protection Overview + +WAAS is able to limit the rate of requests to the protected endpoints within each app based on two configurable request rates: + +* *Burst Rate* - Average rate of requests per second calculated over a 5 seconds period +* *Average Rate* - Average rate of requests per second calculated over a 120 seconds period + +Users are able to specify match conditions for qualifying requests to be included in the count. Match conditions are based on HTTP methods, File Extensions and HTTP response codes. + +Users are also able to specify <<./waas-access-control.adoc#network-lists,Network lists>> to be excluded from the DoS protection rate accounting. + +NOTE: If no match conditions are specified - all requests to the protected endpoints would be included in the rate accounting. + + +[.task] +=== Enabling DoS protection + +[.procedure] +. Enter *DoS Protection* tab and set the `DoS Protection` toggle to `On` ++ +image::./waas_dos_protection_toggle.png[width=650] +. Set the effect with the <> to apply once a threshold is reached. ++ +image::./waas_dos_action.png[width=650] ++ +NOTE: A message at the top of the page indicates the entity by which the ban will be applied (IP or Prisma Session ID). ++ +NOTE: To enable ban by Prisma Session ID, <<./waas-advanced-settings.adoc#prisma-session,Prisma Session Cookies>> has to be enabled in the Advanced Settings tab. for more information please refer to the xref:./waas-advanced-settings.adoc#prisma-session[Advanced Settings] help page. + +. Apply rate limitation thresholds (requests per second) for `Burst rate` (calculated over 5 seconds) and for `Average rate` (calculated over 120 seconds) + +. To apply the rate limitation on a subset of requests click on image:./waas_dos_add_match_conditions.png[] button. ++ +image::./waas_dos_new_condition.png[width=650] ++ +Conditions can be specified as a combination (*AND*) of the following: ++ +* *HTTP Methods* +* *File Extensions* - multiple extensions are allowed (e.g. `.jpg, .jpeg, .png`). +* *HTTP Response Codes* - specify either a single response code, a range or a combination of them (e.g. `302, 400-410, 500-599`). + +. Multiple match conditions are allowed (*OR* relation between them). ++ +image::./waas_dos_multi.png[width=650] ++ +In the above example the following request would be counted against the rate limitation thresholds: ++ +* `HEAD` HTTP requests +* `POST` HTTP requests with file extension of `.tar.gz` +* `GET` or `PUT` HTTP requests with file extension of `.jpg, .jpeg, .png` to which the origin responded with and HTTP response code of `302` or in the range of `400-410` or in the range of `500-599` + +. Specify <<./waas-access-control.adoc#network-lists,Network lists>> of IP addresses to be excluded from the rate accounting. ++ +image::./waas_dos_excluded.png[width=650] + +[#dos-actions] +=== DoS actions + +Requests that exceed the rate limitation thresholds are subject to one of the following actions: + +* *Alert* - The request is passed to the protected application and an audit is generated for visibility. +* *Ban* - Can be applied on either IP or Prisma Session. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack. + +NOTE: A message at the top of the page indicates the entity by which the ban will be applied (IP or Prisma Session ID). When the X-Forwarded-For HTTP header is included in the request headers, ban will apply based on the first IP listed in the header value (true client IP). + +NOTE: For more information on enabling Prisma Sessions and configuring ban definitions please refer to the xref:./waas-advanced-settings.adoc#ban-settings[Advanced Settings] help page. + +NOTE: WAAS implements state, which is required for banning user sessions by IP address or Prisma Sessions. +Because Defenders do not share state, any application that is replicated across multiple nodes must enable IP stickiness on the load balancer. diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-explorer.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-explorer.adoc new file mode 100644 index 0000000000..c7368ebe81 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-explorer.adoc @@ -0,0 +1,42 @@ +== WAAS Explorer + +WAAS explorer provides an overview of web application's security posture, protection coverage, usage stats and insights. +This dashboard is not intended to replace WAAS built in analytics for investigating incidents and request details. + +NOTE: To use the WAAS Explorer, your Defenders must be running version 22.01 or later. With earlier versions of Defender, the WAAS Explorer dashboard may have errors due to incomplete or missing data. + +image::waas_explorer_overview.png[scale=10] + +=== Web protection coverage + +Web protection coverage provides an overview of the web application and API currently running in the deployment with the following breakdowns: + +* Protection coverage +* Vulnerabilities in unprotected web apps + +Enable WAAS protection on vulnerable web apps to detect threats and mitigate exploitation attempts. + +=== Activity overview + +image::./waas_explorer_activity_overview.png[scale=10] + +The Activity overview shows daily counts of requests and protection triggers. Policy changes to WAAS are also noted on the date they occurred. + +=== WAAS overview + +WAAS overview provides more information about the value WAAS provided - the total amount of traffic inspected, the protections currently in use, and the overall count of triggers, according to type and effect. + +=== Event traffic sources + +Using this section, users are able to easily identify attacked images and hosts in their deployment as well as where legitimate traffic and attacks originate from. +Users can filter the results based on countries or image names, to obtain a comprehensive overview of attacked images - WAAS events, identified vulnerabilities, and runtime forensics. + +=== OWASP top 10 summary + +WAAS explorer displays event summaries for OWASP Top-10 and OWASP Top-10 API risks. + +=== Insights + +image::./waas_explorer_insights.png[scale=10] + +Waas Explorer insights reveal security posture gaps that need to be addressed. diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas-intro.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas-intro.adoc new file mode 100644 index 0000000000..7768e175f3 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas-intro.adoc @@ -0,0 +1,132 @@ +== Web-Application and API Security (WAAS) + +WAAS enhances the traditional WAF protection model by deploying closer to the application, easily scaling up or down, and allowing for inspection of "internal" traffic (east-to-west) from other microservices as well as inbound traffic (north-to-south). + +* For containerized web applications, WAAS binds to the application's running containers, regardless of the cloud, orchestrator, node, or IP address where it runs, and without the need to configure any complicated routing. +* For non-containerized web applications, WAAS simply binds to the host where the application runs. +* WAAS monitors the remote applications by monitoring the mirrored traffic generated from the network interfaces attached to your instances. + +Highlights of WAAS's capabilities: + +* *OWASP Top-10 Coverage* - Protection against most critical https://owasp.org/www-project-top-ten/[security risks] to web applications, including injection flaws, broken authentication, broken access control, security misconfigurations, etc. +* *API Protection* - WAAS can enforce API traffic security based on definitions/specs provided in the form of https://swagger.io/[Swagger] or https://www.openapis.org/[OpenAPI] files. +* *Access Control* - WAAS controls access to protected applications using Geo-based, IP-based, or HTTP Header-based user-defined restrictions. +* *File Upload Control* - WAAS secures application file uploads by enforcing file extension rules. +* *Detection of Unprotected Web Applications* - WAAS detects unprotected web applications and flags them in the radar view. +* *Penalty Box for Attackers* - WAAS supports a 5 minutes ban of IPs triggering one of its protections to slow down vulnerability scanners and other attackers probing the application. +* *Bot Protection* - WAAS detects good-known bots and other bots, headless browsers, and automation frameworks. WAAS is also able to fend off cookie droppers and other primitive clients by mandating the use of cookies and Javascript for the client to reach the protected origin. +* *DoS Protection* - WAAS is able to enforce rate limitation on IPs or xref:./waas-advanced-settings.adoc#prisma-session[Prisma Sessions] to protect against high-rate and "low and slow" layer-7 DoS attacks. + +[#architecture] +=== How to deploy WAAS? + +WAAS is deployed with Prisma Compute Defenders. +The Defenders can operate as a transparent HTTP proxy as well as monitor the traffic from an Out-Of-Band network for the remote applications that do not have any Defenders installed. + +The Inline Defenders evaluate client requests against security policies before relaying the requests to your application. The Out-Of-Band Defenders only send out alerts from the read-only copy of the network traffic. + +image::./CNAF-architecture.png[width=650] + +Defenders are deployed into the environment in which the web applications run, and you can view the data on the Prisma Cloud management console. + +=== How does WAAS work? + +WAAS inspects the incoming and outgoing traffic to and from your application for discovery, monitoring, and protection. +Once you deploy WAAS you get visibility into your attack surfaces such as the host, containers, and serverless functions. WAAS API observations list the endpoints of the APIs and the methods used by the APIs for communication. +The WAAS discovery and API observations help in risk assessment and placing policies to protect your workflow. + +image::./cnaf_791990.png[width=550] + +Requests triggering one or more WAAS protections generate a WAAS "event audit" and action is taken based on the preconfigured action (see "WAAS Actions" below). +WAAS's event audits can be further explored in the "Monitor" section of Prisma Compute's management console (*Monitor > Events*). +In addition, event audits are registered in the Defender's xref:../audit/logging.adoc[syslog] thus allowing for integration with third-party analytics engines or SIEM platforms of choice. + +=== How does WAAS inspection work on Prisma Cloud? + +WAAS can inspect the traffic as an Inline proxy as well as an Out-Of-Band network. + +image::./waas_network_management.png[scale=10] + +==== WAAS Inline proxy + +WAAS inspects all incoming requests and forwards them to the protected application if there are no malicious activities. The response from the application is in turn inspected by WAAS and sent to the user if it's not violating any rules. + +An Inline proxy provides the highest level of security for web applications and APIs because it has the ability to block incoming and outgoing traffic flows in real-time. However, real-time traffic monitoring may require more resources than Out-Of-Band monitoring. Configuration of Inline proxy should be tested in QA or staging environments before deploying in production to avoid application outages if not configured properly. + +The Inline proxy needs a Defender to be deployed in the environment. + +[#waasoob] +==== WAAS Out-Of-Band + +Out-Of-Band monitors both protected and unprotected workloads by inspecting the mirrored traffic. WAAS Out-Of-Band doesn't interfere with client-server communications, nor does it impact the application performance. + +You can use the TLS protocol (1.0, 1.1, 1.2) over HTTP/1.1 with the following RSA Key Exchange cipher suites to protect the API endpoints: + +* TLS_RSA_WITH_AES_128_CBC_SHA256 +* TLS_RSA_WITH_3DES_EDE_CBC_SHA +* TLS_RSA_WITH_RC4_128_SHA + +The full handshake process must be captured as partial transmission or session resumption process inspection are not (or cannot be) decrypted. + +WAAS can be deployed with Defender or with CSP traffic mirroring. + +. *WAAS Out-Of-Band with Defender* needs a Defender to be deployed in your workload environment to monitor the protected applications by using Out-Of-Band network communication. + +. *WAAS Agentless with VPC traffic mirroring* is used in cases where it's not possible to install Defender for each microservice. VPC traffic mirroring extends WAAS monitoring to instances regardless of whether they have Defenders deployed or not. ++ +This setup requires you to install an agent called Observer on the target instance outside your workload environment, to remotely monitor the unprotected applications on your source instance by using the in-built traffic mirroring provided by CSP. ++ +For example, AWS VPC traffic mirroring feature copies the traffic from the source EC2 instance (with no Defender) to the target EC2 instance that has a host Observer installed within the same VPC. + +WAAS Out-Of-Band setup has no latency cost. But as WAAS can't control the traffic, it can only send out alerts to the Prisma Console. + +=== Where do I begin with WAAS? + +WAAS is enabled by xref:./deploy-waas/deploy-waas.adoc[adding a new WAAS rule]. +Whenever new policies are created, or existing policies are updated, Prisma Cloud immediately pushes them to all the resources to which they apply. + +To deploy WAAS, create a new WAAS rule, select the resources on which to apply the rule, define your web application and select the protections to enable. +For containerized web applications, Prisma Cloud creates a firewall instance for each container instance. +For legacy (non-containerized web applications), Prisma Cloud creates a firewall for each host specified in the configuration. + +NOTE: Prisma Cloud can also protect Fargate-based web containers. ++See xref:../install/deploy-defender/app-embedded/install-app-embedded-defender-fargate.adoc#waas-for-fargate[WAAS for Fargate]. + +[#actions] +==== WAAS Actions + +Requests that trigger a WAAS protection are subject to one of the following actions: + +* *Alert* - The request is passed to the protected application (where, the deployed Defender has complete visibility on your workload) or unprotected application (where, there is no Defender deployed on the workload instance but on a remote instance, for example, in v with VPC mirroring), and an audit is generated for visibility. ++ +Both In-line and Out-Of-Band WAAS deployment generate alerts to the Console. +* *Prevent* - The request is denied from reaching the protected application, an audit is generated and WAAS responds with an HTML page indicating the request was blocked. ++ +Supported only in WAAS Inline proxy setup. +* *Ban* - Can be applied on either IP or <<./waas-advanced-settings.adoc#prisma-session, Prisma Session IDs>>. All requests originating from the same IP/Prisma Session to the protected application are denied for the configured time period (default is 5 minutes) following the last detected attack. ++ +Supported only in WAAS Inline proxy setup. ++ +NOTE: WAAS implements state, which is required for banning user sessions by IP address. +Because Defenders do not share state, any application replicated across multiple nodes must enable IP stickiness on the load balancer. +* *Disable* - The WAAS action is disabled. ++ +Supported for both WAAS Inline and WAAS Out-Of-Band setups. + +=== Supported Protocols, Message Parsers, and Decoders + +==== Supported Protocols + +* HTTP 1.0, 1.1, 2.0 - full support of all HTTP methods +* TLS 1.0, 1.1, 1.2, and 1.3 for WAAS In-line +* TLS 1.0, 1.1, and 1.2 for WAAS Out-Of-Band +* gRPC +* WebSockets Passthrough + +==== Supported Message Parsers, and Decoders + +* GZip, deflate content encoding +* HTTP Multipart content type +* URL Query, x-www-form-urlencoded, JSON and XML parameter parsing +* URL, HTML Entity, JS, BASE64 decoding +* Overlong UTF-8 diff --git a/docs/en/compute-edition/32/admin-guide/waas/waas.adoc b/docs/en/compute-edition/32/admin-guide/waas/waas.adoc new file mode 100644 index 0000000000..7dba42dd8d --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/waas/waas.adoc @@ -0,0 +1,3 @@ +== WAAS + +WAAS (Web-Application and API Security, formerly known as CNAF, Cloud Native Application Firewall) is a web application firewall (WAF) designed for HTTP-based web applications deployed directly on hosts, as containers, application embedded or serverless functions. WAFs secure web applications by inspecting and filtering layer 7 traffic to and from the application. diff --git a/docs/en/compute-edition/32/admin-guide/welcome/announcements.adoc b/docs/en/compute-edition/32/admin-guide/welcome/announcements.adoc new file mode 100644 index 0000000000..b22a0aad9e --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/announcements.adoc @@ -0,0 +1,62 @@ +== Prisma Cloud Compute Console upgrade announcements + +This section contains release notes and upgrade announcements for Compute Console in Prisma Cloud Enterprise Edition. +As we roll out upgrades, we will update this page with new announcements and information. +To prepare for upcoming upgrades, please carefully review the breaking changes highlighted for each release. + +NOTE: In 2H2021 (second half of calendar year 2021 release) we are adding major changes to Defender - Console backward compatibility. Please refer to this doc for more details: https://docs.twistlock.com/docs/compute_edition/welcome/upcoming_support_lifecycle_changes.html + +=== Upgrade plan for 21.04 Update 2 + +This section highlights the upgrade schedule and plan for the upcoming 21.04 update 2 Compute release. + +All Compute Consoles in Prisma Cloud Enterprise Edition are scheduled to be automatically upgraded on Sunday, June 27 between 12am-3am PST. You may experience intermittent service interruptions during this time, due to the upgrade. + +**Some important links to review in preparation of the upgrade:** + +* 21.04 update 2 fixes: https://docs.prismacloudcompute.com/docs/releases/release-information/latest.html + +--- +--- + +The announcements below are related to previous releases for historical purposes. + +**Upgrade plan for 21.04 update 1 (Hamilton, Update 1)** + +This section highlights the upgrade schedule and plan for the upcoming 21.04 update 1 Compute release. + +All Compute Consoles in Prisma Cloud Enterprise Edition are scheduled to be automatically upgraded on Sunday, May 30 between 12am-5am PST. You may experience intermittent service interruptions during this time, due to the upgrade. + +IMPORTANT: This is a major upgrade for Prisma Cloud Compute and will contain significant new features and breaking changes. Please read through release notes and breaking changes carefully in preparation for the update. + +**Some important links to review in preparation of the upgrade:** + +* 21.04 Release Notes and Breaking Changes: https://docs.prismacloudcompute.com/docs/releases/release-information/release-notes-21-04.html +* 21.04 update 1 fixes: https://docs.twistlock.com/docs/releases/release-information/latest.html +* New Integration Feature (will go live on June 1): Introduces ability to assign granular RBAC to users in Prisma Cloud via Resource Lists. Learn more about this feature here - https://docs.prismacloudcompute.com/docs/enterprise_edition/authentication/assign_roles.html + + +**20.12 update 2** + +All Compute Consoles in Prisma Cloud Enterprise Edition are scheduled to be automatically upgraded on Sunday, February 21st between 12am - 5am PST. You may experience intermittent service interruptions during this time, due to the upgrade. + +Please read through the important updates and breaking changes corresponding to the Prisma Cloud Compute 20.12 update 2 release. + +Some important links to review in preparation of the upgrade: + +Release Notes: https://docs.twistlock.com/docs/releases/release-information/latest.html + +**20.12 update 1** + +All Compute Consoles in Prisma Cloud Enterprise Edition are scheduled to be automatically upgraded on Sunday, January 31st between 12am - 5am PST. You may experience intermittent service interruptions during this time, due to the upgrade. + +Please read through the important updates and breaking changes corresponding to the Prisma Cloud Compute 20.12 release. + +Some important links to review in preparation of the upgrade: + +* Upgrade considerations and breaking changes: https://docs.twistlock.com/docs/releases/release-information/release-notes-20-12.html#upgrade-considerations +* 20.12 API breaking changes and porting guide: https://docs.twistlock.com/docs/compute_edition/api/porting_guide.html#overview +* 20.12 Update 1 release notes: https://docs.twistlock.com/docs/releases/release-information/latest.html + + + diff --git a/docs/en/compute-edition/32/admin-guide/welcome/getting-started.adoc b/docs/en/compute-edition/32/admin-guide/welcome/getting-started.adoc new file mode 100644 index 0000000000..1c7940cdec --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/getting-started.adoc @@ -0,0 +1,50 @@ +== Getting started + +// The articles here to show you how to: +// +// * Install and deploy Prisma Cloud. +// * Configure and use Prisma Cloud features and functions. +// * Apply Prisma Cloud to secure your container and cloud-native computing environments. + +Welcome to the Prisma Cloud product documentation site. +Start exploring how our technology can secure your environment. + +[.section] +=== Preinstall check +Ensure your environment meets the minimum xref:../install/system-requirements.adoc[system requirements]. + +[.section] +=== Install the software + +ifdef::compute_edition[] +Download the xref:../welcome/releases.adoc[latest Prisma Cloud release] to your Prisma Cloud Console server or cluster controller. +Then xref:../install/getting-started.adoc[install] Prisma Cloud using one of the dedicated guides. +endif::compute_edition[] + +ifdef::prisma_cloud[] +Deploy Defenders to secure your environment. +endif::prisma_cloud[] + +ifdef::compute_edition[] +[.section] +=== Register your license key +Open a browser and navigate to the Prisma Cloud Console. +Create an initial admin user, then enter your license key. + +Your Prisma Cloud Console is available on \https://:8083 +endif::compute_edition[] + +[.section] +=== Install a test application +Use your own app or check out the https://microservices-demo.github.io/[Sock Shop]. + +[.section] +=== Explore Prisma Cloud's core features +The following articles will get you started with Prisma Cloud's core features: + +* xref:../vulnerability-management/registry-scanning/registry-scanning.adoc[Scan and monitor Docker registries] +* xref:../vulnerability-management/scan-reports.adoc[Review image scan reports] +* xref:../compliance/manage-compliance.adoc[Create compliance rules] +* xref:../vulnerability-management/vuln-management-rules.adoc[Create vulnerability rules] +* xref:../runtime-defense/runtime-defense.adoc[Learn about runtime protection] +* xref:../waas/waas.adoc[Set up a cloud native application firewall] diff --git a/docs/en/compute-edition/32/admin-guide/welcome/licensing.adoc b/docs/en/compute-edition/32/admin-guide/welcome/licensing.adoc new file mode 100644 index 0000000000..cf73e2b0e9 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/licensing.adoc @@ -0,0 +1,154 @@ +== Licensing + +Licensing on Prisma Cloud uses a metering system based on credits. You must procure a license for each resource that Prisma Cloud protects and renew the license before the expiry term. Refer to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/prisma-cloud-licenses[license types]. + +This section is specifically for Prisma Cloud Compute capabilities that protects your hosts, containers, and serverless functions using a security agent called Defender, and using an agentless method. +The number of credits you consume directly correlates with the type and mix of Defenders you deploy and the agentless security option. If you exceed the license count, Palo Alto Networks will notify you with a prominent banner that displays at the top of the Prisma Cloud web console. Exceeding the license count does not disable any security functions nor prevent the deployment of additional Defenders. + +Prisma Cloud also offers twistcli, a command-line configuration tool for which there is no additional credit usage. The credit usage is for the resources that are being protected using an agent or an agentless method. + +ifdef::compute_edition[] +[cols="2,1,1a", options="header"] +|=== + +|Resource +|Credits per resource +|What's counted? + +|Hosts that don’t run containers +|1 credit +|Host Defender/Agentless Scan + +|Hosts that run containers +|7 credits +|Container Defender/Agentless Scan + +|Hosts that run applications +|7 credits +|Tanzu Application Service Defender + +|On-demand containers (such as AWS Fargate, Google Cloud Run) +|1 credits +|App-Embedded Defender + +|Serverless functions (such as AWS Lambda, Azure Functions, Google Cloud Functions) +|1 credits per 6 defended functions +|Defended functions: + +* Functions (only latest version) with a Serverless Defender - including Runtime & WAAS +* Functions scanned for vulnerabilities and compliance (only latest version) + +|Web Application and API Security (WAAS) +|30 credits per Defender agent associated with protected web-application nodes (container/pod/host/AppID) +| +* Host Defender +* Container Defender +* App-Embedded Defender +|=== + +=== Workload fluctuation + +Credit consumption is measured hourly and the hourly samples are averaged to create daily samples. +To determine if you’re within your licensed coverage, the rolling average is compared to the number of credits in your license. + +The credit usage for a specified time range uses the appropriate hourly, daily or monthly average. +If there is less than 30 days of data available, the average is calculated using the days available. + +*Example*: Assume you've licensed 700 credits to cover 100 container hosts, and usage fluctuates from week to week: + +Nov 1-7: Lower demand, uses 90 nodes (630 credits) +Nov 8-15: Uses 100 nodes (700 credits) +Nov 16-22: Uses 100 nodes (700 credits) +Nov 23-30: High demand, uses 110 nodes (770 credits) + +Even though you used 770 credits for a short period of time, you're still properly licensed because the 30 day rolling average is 700: + +(630 + 700 + 700 + 770) / 4 = 700 credits + + +=== Example scenarios + +For hosts and containers, the number of credits you need to procure depends on the number of Defenders you intend to deploy. + +*Example*: Assume you have a Kubernetes cluster with 100 nodes (hosts). +You deploy a Container Defender to each node. +You would procure a license with 700 credits: + +100 container hosts * 7 credits per container host = 700 credits + +Serverless functions are licensed based on the number of defended functions, and averaged over the period of a month. +Every 6 defended functions count as 1 credit. +A defended function is either (a) a function with a Serverless Defender embedded or (b) a function scanned for vulnerabilities and compliance. + +*Example*: Assume you have 180 functions, 180 functions are scanned for vulnerabilities and compliance while only 80 functions are defended in runtime (i.e., have a Serverless Defender embedded). +Since we count each function only once: + +180 defended functions / 6 credits per defended function = 30 credits + +*Example*: Assume you have a web application running over 50 containers in a 5 node cluster. +The containers running the images protected by WAAS rules are running on 2 out of the 5 nodes. +You would procure a license with 60 credits. + +2 Defenders protected nodes with WAAS protected containers * 30 credits per Defender = 60 credits + +endif::compute_edition[] + + +ifdef::prisma_cloud[] +[cols="2,1,1a", options="header"] +|=== + +|Resource +|Credits per resource +|What's counted? + +|Hosts that don’t run containers +|0.5 credit +|Host Defender/Agentless Scan + +|Hosts that run containers +|5 credits +|Container Defender/Agentless Scan + +|Hosts that run applications +|7 credits +|Tanzu Application Service Defender + +|On-demand containers (such as AWS Fargate, Google Cloud Run) +|1 credits +|App-Embedded Defender + +|Serverless functions (such as AWS Lambda, Azure Functions, Google Cloud Functions) +|1 credits per 6 defended functions +|Defended functions: + +* Functions (only latest version) with a Serverless Defender - including Runtime & WAAS +* Functions scanned for vulnerabilities and compliance (only latest version) + +|Web Application and API Security (WAAS) +|2 credits per Defender agent associated with protected web-application nodes (container/pod/host/AppID) +| +* Host Defender +* Container Defender +* App-Embedded Defender +|=== + +endif::prisma_cloud[] + +=== Defender types + +The type of Defender you deploy depends on the resource you’re securing. + +* *Host Defender* -- Secures legacy hosts (Linux or Windows) that don’t run containers. + +* *Container Defender* -- Secures hosts (Linux or Windows) that run containers. +These types of hosts have a container runtime installed, such as Docker Engine or CRI-O. +Container Defender protects both the underlying host and any containers it runs, and the license (7 credits) includes coverage for both. +A container host consumes 7 credits whether it runs one container or a hundred containers. + +* *Container Defender - App Embedded* -- Secures containers which are run by a managed service, where the service provider maintains all infrastructure required to run the container, including the underlying host and container runtime. +For this type of deployment, a Container App Embedded Defender is embedded into each container to be secured. + +* *Serverless Defender* -- Secures serverless functions. +For this type of deployment, a Serverless Defender is embedded into each function to be secured. + diff --git a/docs/en/compute-edition/32/admin-guide/welcome/nat-gateway-ip-addresses.adoc b/docs/en/compute-edition/32/admin-guide/welcome/nat-gateway-ip-addresses.adoc new file mode 100644 index 0000000000..d369d416dd --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/nat-gateway-ip-addresses.adoc @@ -0,0 +1,6 @@ +== NAT gateway IP addresses + +To ensure that Prisma Cloud Defenders can communicate with the Prisma Cloud Compute Console, and that you can access Prisma™ Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, you may need to update the IP addresses in your allow lists. + +Refer to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/enable-access-prisma-cloud-console[access the Prisma Cloud console], for a comprehensive list of NAT gateway IP addresses and domains for all Prisma Cloud modules and capabilities. + diff --git a/docs/en/compute-edition/32/admin-guide/welcome/pcee-vs-pcce.adoc b/docs/en/compute-edition/32/admin-guide/welcome/pcee-vs-pcce.adoc new file mode 100644 index 0000000000..ad9847ba6b --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/pcee-vs-pcce.adoc @@ -0,0 +1,160 @@ +== Prisma Cloud Enterprise Edition vs Compute Edition + +This article describes the key differences between Compute in Prisma Cloud Enterprise Edition and Prisma Cloud Compute Edition. +Use this guide to determine which option is right for you. + +image::pcee_vs_pcce_overview.png[width=800] + + +=== How is Compute delivered? + +Compute is delivered in one of two packages: + +* *Prisma Cloud Enterprise Edition (SaaS)* -- +Single pane of glass for both CSPM (Cloud Security Posture Management) & CWPP (Cloud Workload Protection Platform). +Compute (formerly Twistlock, a CWPP solution) is delivered as part of the larger Prisma Cloud system. +Palo Alto Networks runs, manages, and updates Compute Console for you. +You deploy and manage Defenders in your environment. +You access the Compute Console from a tab within the Prisma Cloud user interface. + +* *Prisma Cloud Compute Edition (self-hosted)* -- +Stand-alone, self-operated version of Compute. +Download the entire software suite, and run it in any environment. +You deploy and manage both Console and Defenders. + + +//=== What are the similarities between editions? +//Both Enterprise Edition (SaaS) and Compute Edition (self-hosted) are built on the same source base. +//The Console container image we run for you in Enterprise Edition is the exact same container image we give to you in Compute Edition to run in your environment. +//We are committed to supporting and developing both versions without any feature divergence. ++++ +++ + + +=== When should you use Enterprise Edition? + +Prisma Cloud Enterprise Edition is a good choice when: + +* You want a single platform that protects both the service plane (public cloud resource configuration) and the compute plane. +* You want convenience. +We manage your Console for you. +We update it for you. +You get the Prisma Cloud uptime SLA. + + +=== When should you use Compute Edition? + +Prisma Cloud Compute Edition is a good choice when: + +* You want full control over your data. +* You're operating in an air-gapped environment. +* You want to implement enterprise-grade multi-tenancy with one Console per tenant. +For multi-tenancy, Compute Edition offers a feature called Projects. + + +//=== What advantages does Prisma Cloud Enterprise Edition offer over Compute Edition? + +//When the Prisma Cloud CSPM and CWPP tools work together, Palo Alto Networks can offer economies of scale by sharing data (so called "data overlays"). +//The Prisma Cloud CSPM tool has always offered the ability to integrate with third party scanners, such as Tenable, to supplement configuration assessments with host vulnerability data. +//Starting with the Nov 2019 release of Enterprise Edition, the CSPM tool can utilize the host vulnerability data Compute Defender collects as part of its regular scans. +//Customers that have already licensed one workload for a host can leverage that single workload for configuration assessments by the CSPM tool, host vulnerability scanning (via Compute Defender), and host runtime protection (via Compute Defender). + +//Customers can expect additional "data overlays" in future releases, including better ways to gauge security posture with combined dashboards. + + +=== What are the differences between Prisma Cloud Enterprise Edition and Compute Edition? + +The following table summarizes the key differences between Enterprise Edition (SaaS) and Compute Edition (self-hosted). Consider these differences when deciding which edition is right for you. +//For gaps, we provide a date we intend to deliver a solution. + +[cols="2,1", options="header"] +|=== + +|Capability +|Compute SaaS support + +|Projects +|If you need Projects, use Compute Edition. +Projects will not be ported to Prisma Cloud Enterprise Edition. +However, PCEE does offer alternatives that support Project's primary use cases. +The use case for projects is isolation, where each team has a dedicated Console so that other teams can't see each other's data. +PCEE supports isolation with multiple independent Prisma Cloud tenants, one per team, with one Compute Console per tenant. +Within a single PCEE tenant, Compute Console also offers isolation to data access based on cloud account filtering. + +|Syslog +|Supported for Defenders only. For more details, see the article on xref:../audit/logging.adoc[logging] + +|User management +|Available centrally in the platform for Prisma Cloud Enterprise Edition. +ifdef::prisma_cloud[] +For more information about user role mapping in Prisma Cloud Enterprise Edition, see xref:../authentication/prisma-cloud-user-roles.adoc[Prisma Cloud User Roles] +endif::prisma_cloud[] + +|Assigned collections +|Available via Resource Lists. Read more about xref:../authentication/assign-roles.adoc[assigning roles]. + +|Defender backward compatibility +|Yes + +|Compute Edition to Enterprise Edition migration +|Available - Must go through Customer Success team. +|=== + +//*Projects:* + +//There is no support for Compute projects in the Prisma Cloud Enterprise Edition (PCEE). +//However, Enterprise Edition (EE) does offer alternatives that support Project's primary use cases. + +//The use case for projects is isolation, where each team has a dedicated Console so that other teams can't see each other's data. +//Prisma Cloud EE supports isolation with multiple independent Prisma Cloud tenants, one per team, with one Compute Console per tenant. +//Within a single PCEE tenant, Compute Console also offers isolation to data access based on cloud account filtering. + +//Contact Customer Success to create multiple tenants. +//Note that the license count shown in the Prisma Cloud UI is per tenant, not the aggregate across multiple tenants. + +//If you want to control tenant deployments yourself, use Compute Edition. + +//*Syslog:* + +//* Prisma Cloud Enterprise Edition Consoles do not emit syslog events for customer consumption. +//Since we operate the Console service for you, we monitor Console on your behalf. +//* Prisma Cloud Enterprise Edition Defenders still emit syslog events that you can ingest. +//Syslog messages from Defender cover runtime and firewall events. +//For more details, see the article on xref:../audit/logging.adoc[logging]. + + +//*User management:* + +//* In Prisma Cloud Enterprise Edition, user and group management, as well as authemtication for SSO, is handled by the platform. +//* As such, Compute Console in SaaS mode disables AD, OpenLDAP, and SAML integration in the Compute tab. +//* In Prisma Cloud Enterprise Edition, you can assign roles to users to control their level of access to Prisma Cloud. +//These roles are mapped to Compute roles internally. +//* For the CI/CD use case (i.e. using the Jenkins plugin or twistcli to scan images in the CI/CD pipeline), there's a new permission group called "Build and Deploy Security". +ifdef::prisma_cloud[] +//For more information about user role mapping in Prisma Cloud Enterprise Edition, see xref:../authentication/prisma-cloud-user-roles.adoc[Prisma Cloud User Roles] +endif::prisma_cloud[] + +//*Assigned Collections:* + +//* Prisma Cloud Enterprise Edition supports this via Resource Lists. Read more about xref:../authentication/assign-roles.adoc[assigning roles]. + +=== How do Defender upgrades work? + +Upgrades work a little differently in each edition. + +* *Prisma Cloud Enterprise Edition* -- +Console is automatically upgraded by PANW with notification posted in our status page at least 2 weeks in advance of upgrade. For more details, refer to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/upgrade/upgrade_process_saas[this article]. +Auto-upgrade function for Defenders is always turned ON ensuring that Defenders stay compatible with Console in each release. + +* *Prisma Cloud Compute Edition (self-hosted)* -- +You fully control the upgrade process. +When an upgrade is available, customers are notified via the bell icon in Console. +Clicking on it directs you to the latest software download. +Deploy the new version of Console first, then manually upgrade all of your deployed Defenders. + +=== Can you migrate from Compute Edition to Enterprise Edition (SaaS)? + +Yes. + +ifdef::compute_edition[] +See xref:../deployment-patterns/migrate-to-saas.adoc[Migrate to SaaS]. +endif::compute_edition[] diff --git a/docs/en/compute-edition/32/admin-guide/welcome/product-architecture.adoc b/docs/en/compute-edition/32/admin-guide/welcome/product-architecture.adoc new file mode 100644 index 0000000000..10c0995d35 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/product-architecture.adoc @@ -0,0 +1,95 @@ +== Product architecture + +Prisma Cloud offers a rich set of cloud workload protection capabilities. +Collectively, these features are called _Compute_. +Compute has a dedicated management interface, called _Compute Console_, that can be accessed in one of two ways, depending on the product you have. + +* *Prisma Cloud Enterprise Edition* -- +Hosted by Palo Alto Networks. +Prisma Cloud Enterprise Edition is a SaaS offering. +It includes both the Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) modules. +Access the Compute Console, which contains the CWPP module, from the *Compute* tab in the Prisma Cloud UI. + +* *Prisma Cloud Compute Edition* - +Hosted by you in your environment. +Prisma Cloud Compute Edition is a self-hosted offering that's deployed and managed by you. +It includes the Cloud Workload Protection Platform (CWPP) module only. +Download the Prisma Cloud Compute Edition software from the Palo Alto Networks Customer Support Portal. +Compute Console is delivered as a container image, so you can run it on any host with a container runtime (e.g. Docker Engine). + +The following table summarizes the differences between the two offerings: + +[cols="1,2,2", options="header"] +|=== +|Capabilities +|Prisma Cloud Enterprise Edition +|Prisma Cloud Compute Edition + +|*Management interface* +|Hosted by Palo Alto Networks (SaaS). +|Deployed and managed by you in your environment (self-hosted). + +|*Modules* +|CSPM and CWPP. +|CWPP only. + +|*Security agents* +|Deployed and managed by you. +|Deployed and managed by you. + +|*User management* +|Configure single sign-on in Prisma Cloud. +|Configure single sign-on in Prisma Cloud Compute Edition. +Compute Console exposes additional views for Active Directory and SAML integration when it's run in self-hosted mode. + +|*Multi-tenancy* +|Supported by Palo Alto Networks https://apps.paloaltonetworks.com[Hub]. +|Supported by a feature called Projects. +Projects are enabled in Compute Edition only. +It's disabled in Enterprise Edition. + +|=== + + +=== Accessing Compute in Prisma Cloud Enterprise Edition + +In Prisma Cloud, click the *Compute* tab to access Compute. + +You must have the Prisma Cloud System Admin role. +Access is denied to users with any other role. + +The following screenshot shows the Prisma Cloud administrative console. +The format of the URL is: + + https://app..prismacloud.io + +image::prisma_cloud_arch1.png[width=800] + +The following screenshot shows the Compute tab on Prisma Cloud. +To access the Compute tab, you must log in to the Prisma Cloud administrative console; it cannot be directly addressed in the browser. +image::prisma_cloud_arch2.png[width=800] + +You can find the address of Compute Console in Prisma Cloud under *Compute > Manage > System > Utilities*. +The address for Compute Console has the following format: + + https://.cloud.twistlock.com/ + +The following Compute components directly connect to the Compute console address provided above: + +* Defender, for Defender to Compute Console connectivity. +* twistcli +* Jenkins plugin +* Compute API + +=== Accessing Compute in Prisma Cloud Compute Edition + +In Compute Edition, Palo Alto Networks gives you the management interface to run in your environment. +In this setup, you deploy Compute Console directly. +There's no outer or inner interface; there's just a single interface, and it's Compute Console. +Compute Console's address, whether an IP address or DNS name, is used for all interactions, namely: + +* GUI access from a web browser. +* Defender to Compute Console connectivity. +* twistcli +* Jenkins plugin +* Compute API diff --git a/docs/en/compute-edition/32/admin-guide/welcome/releases.adoc b/docs/en/compute-edition/32/admin-guide/welcome/releases.adoc new file mode 100644 index 0000000000..3dc0bf911f --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/releases.adoc @@ -0,0 +1,116 @@ +== Releases + +In general, you should stay on the latest major release unless you require a feature or fix from a subsequent maintenance release. +We recommend that you upgrade to new major releases as they become available. +For more information, see the xref:../welcome/support-lifecycle.adoc[Prisma Cloud support lifecycle]. + +The bell icon in Console automatically notifies you when new releases are available: + +image::update_bell.png[width=800] + + +[.task] +=== Downloading the software [[download]] + +Download the software from the Palo Alto Networks https://support.paloaltonetworks.com/[Customer Support portal]. + +IMPORTANT: If you don't see *Prisma Cloud Compute Edition* in the drop-down list, contact customer support. +They'll send you a direct link to the download. +We are currently working on fixing all accounts that have this issue. + +[.procedure] +. Log into the https://support.paloaltonetworks.com/[Customer Support portal]. + +. Go to *Updates > Software Updates*. + +. From the drop-down list, select *Prisma Cloud Compute Edition*. +All releases available for download are displayed. ++ +image::releases_csp.png[width=800] + + +[.task] +=== Downloading the software programmatically [[download-link]] + +Besides hosting the download on the Customer Support Portal, we also support programmatic download (e.g., curl, wget) of the release directly from our CDN. +The link to the tarball is published in the release notes. + +IMPORTANT: If you don't see *Prisma Cloud Compute Edition* in the drop-down list, contact customer support. +They'll send you a direct link to the download. +We are currently working on fixing all accounts that have this issue. + +[.procedure] +. Log into the https://support.paloaltonetworks.com/[Customer Support portal]. + +. Go to *Updates > Software Updates*. + +. From the drop-down list, select *Prisma Cloud Compute Edition*. +All releases available for download are displayed. + +. Open the releases notes PDF. ++ +image::releases_pdf.png[width=400] + +. Scroll down to the release information to get the link. ++ +image::releases_direct_link.png[width=800] + + +=== Open-source components + +Prisma Cloud includes various open-source components, which may change between releases. +Before installing Prisma Cloud, review the components and licenses listed in _prisma-oss-licenses.pdf_. +This document is included with every release tarball. +Changes to components or licenses between releases are highlighted. + +A full listing of the open-source software and their licenses is also embedded in the Defender image. +For example, to extract the listing from Defender running in a Kubernetes cluster, use the following command: + + kubectl exec -ti -n twistlock -- cat /usr/local/bin/prisma-oss-licenses.txt + + +=== Code names + +We often use code names when referring to upcoming releases. +They're convenient to use in roadmap presentations and other forward-looking communications. +Code names tend to persist even after the release ships. + + +==== Version to code name mapping + +Version numbers indicate the date a release first shipped, along with the build number, as follows: + +.. + +For example, 22.01.840 is the Joule release, which first shipped in January 2022. + +The following table maps versions to code names. +The table is sorted from the newest (top) to the oldest release. + +[cols="1,1", options="header"] +|=== +|Version +|Code name + +|Next Major release +|O'Neal + +|31.xx.xxx +|Newton + +|30.xx.xxx +|Maxwell + +|`22.12.xxx` +|Lagrange + +|`22.06.XXX` +|Kepler + +|`22.01.XXX` +|Joule + +|`21.08.XXX` +|Iverson + +|=== diff --git a/docs/en/compute-edition/32/admin-guide/welcome/saas-maintenance.adoc b/docs/en/compute-edition/32/admin-guide/welcome/saas-maintenance.adoc new file mode 100644 index 0000000000..798d666938 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/saas-maintenance.adoc @@ -0,0 +1,7 @@ +== Compute SaaS maintenance updates + +To ensure that you get email notifications of maintenance updates for Compute Console in Prisma Cloud Enterprise Edition, please subscribe to the status page at: https://status.paloaltonetworks.com/ + +See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/upgrade/upgrade_process_saas.html[upgrade process]. + + diff --git a/docs/en/compute-edition/32/admin-guide/welcome/security-assurance-policy.adoc b/docs/en/compute-edition/32/admin-guide/welcome/security-assurance-policy.adoc new file mode 100644 index 0000000000..f8d5de4f77 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/security-assurance-policy.adoc @@ -0,0 +1,76 @@ +== Security Assurance Policy on Prisma Cloud Compute + +Prisma Cloud adheres to the guidelines outlined in the https://www.paloaltonetworks.com/product-security-assurance[Palo Alto Networks Product Security Assurance Policy]. + +In accordance with this policy, Prisma Cloud Compute may have security releases outside of the regular release schedule. + +Security releases are used for the sole purpose of remediating vulnerabilities that affect Prisma Cloud Compute, whether in its codebase or its dependencies. + +We frequently analyze new vulnerabilities between releases to determine if any issue warrants a security release before the next scheduled release. This section outlines which issues are addressed in security releases. + + +With each new release of Prisma Cloud Compute, software dependencies are kept up-to-date to eliminate any known and confirmed vulnerabilities in third-party dependencies. + +When new vulnerabilities are discovered in Prisma Cloud Compute dependencies after an official release, these vulnerabilities are addressed in the newer releases with the exceptions noted below. + +Therefore, as a best practice, always upgrade to the latest release of Prisma Cloud Compute. + + +=== Vulnerability Triage + +New releases of Prisma Cloud Compute are signed off with up-to-date dependencies. Vulnerabilities that meet the below criteria are analyzed between releases: + +==== Vulnerabilities Analyzed +* Any vulnerability with severity high and above, regardless of having a fix or not. +* Any vulnerability with moderate severity when a fix is available. + +==== Vulnerabilities Not Analyzed +* Any vulnerability with severity lower than high that does not have an existing fix. +* Any vulnerability with severity low; this includes vulnerabilties that the vendor will not fix as they are considered as having negligible impact. + +==== Exceptions +We also review vulnerabilities of any other severity when there is a known exploit or proof-of-concept that is affects Prisma Cloud Compute. +Including product vulnerabilities identified during development, reported by customers or third-party researchers. +To report a vulnerability in Prisma Cloud Compute, submit the vulnerability details to our https://www.paloaltonetworks.com/product-security-assurance[PSIRT] team. + +==== Frequently Asked Questions + +* Which Prisma Cloud Compute releases receive security updates? + +Prisma Cloud has an 'n-2' support policy that means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. Security fixes will be backported only for supported releases. End of Life (EOL) releases will not receive security fixes. +For more information, see xref:../welcome/support-lifecycle.adoc[support lifecycle]. + +*Are security fixes provided for both Prisma Cloud Enterprise and Compute editions?* + +Yes, security vulnerabilities are addressed in both the editions. + +*Do I have to upgrade my console/defender to get security updates?* + +If security fixes are released, you may be required to upgrade either or both the Console and Defender. We recommend that all security releases are adopted immediately. +For the full details of which vulnerabilities were fixed in a release, refer to the + +ifdef::compute_edition[] +https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-release-notes/release-information.html[release notes]. +endif::compute_edition[] + +ifdef::prisma_cloud[] +https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-release-notes/prisma-cloud-compute-release-information.html[release notes]. +endif::prisma_cloud[] + +*What is the minimum severity for vulnerabilities to warrant a security release?* + +See triage criteria above. + +*What is the frequency of security releases for Prisma Cloud Compute?* + +There is no schedule for security releases. +Security releases happens anytime a new vulnerability that meets the criteria outlined above is discovered in Prisma Cloud Compute. + +*Where do you take information on severity and fix details when triaging?* + +Console and Defender images are based on Red Hat Universal Base Images (ubi8/ubi-minimal). +For known vulnerabilities that are assigned a https://www.cve.org/About/Overview[CVE identifier], we rely on severity ratings and fixes released by Red Hat. +For zero-days or undocumented vulnerabilities (such as PRISMA-IDs), we rely on severity determined by our researchers. + +*A new vulnerability is affecting Prisma Cloud Compute, but a security release was not issued.* +If the vulnerability affects the latest release, meets the criteria for a security release outlined above, but it has not yet been addressed: please report it through to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0[Palo Alto Networks Support] or to https://www.paloaltonetworks.com/product-security-assurance[PSIRT]. diff --git a/docs/en/compute-edition/32/admin-guide/welcome/support-lifecycle.adoc b/docs/en/compute-edition/32/admin-guide/welcome/support-lifecycle.adoc new file mode 100644 index 0000000000..e9f1699a95 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/support-lifecycle.adoc @@ -0,0 +1,58 @@ +== Support lifecycle + +Because the container ecosystem is rapidly evolving, understanding supportability policies is an important part of keeping your environment supportable and secure. +This article describes not only the support policy for Prisma Cloud itself but also for other software you may integrate it with. + +ifdef::compute_edition[] +You can always find the most up-to-date information on available releases on the xref:../welcome/releases.adoc[Releases] page. +endif::compute_edition[] + +=== Definitions + +Major Releases (X.yy.zzz):: +A major release includes significant new features and changes and is typically released approximately every four months. It includes all applicable fixes made in previous releases. + +The numbering format indicates the subsequent major release. For example, `30.00` (for Maxwell), `31.00` (for the next), and `32.00` (for the one after). + +Maintenance Releases (x.YY.zzz):: +A maintenance release includes features, enhancements, and additional fixes; it is smaller in scale than a major release and incorporates all the applicable fixes made in previous maintenance releases. + +The numbering format of numbers starts with 00 (major release), 01 (minor 1), and 02 (minor 2). For example, Maxwell's major release is `30.00.build`, the next maintenance release will be `30.01.build`, and maintenance update 2 will be `30.02.build`. + +End of Life (EOL):: +Versions that are no longer supported by Prisma Cloud. +Updating to a later version is recommended. + +Support:: +Includes not only resolution of technical issues through interactive assistance, but also fixes delivered in maintenance releases to correct problems. + + +=== Prisma Cloud supported versions policy + +Prisma Cloud has an 'n-2' support policy, which means the current release ('n') and the previous two releases ('n-1' and 'n-2') receive support. + +Note that in some cases, the resolution of a problem in the n-1 or n-2 version may require upgrading to a current build. +Prisma Cloud will make commercially reasonable efforts to work with customers that require porting fixes back to the n-1 or n-2 versions, but sometimes architectural changes are significant enough between versions that this is practically impossible without making the n-1 or n-2 versions essentially the same as the n version. + +There will be version-specific https://pan.dev/compute/api/stable-endpoints/[API endpoints]. With API versioning, as your Console is upgraded to newer versions, you can continue to use older versioned APIs with stability and migrate to newer version APIs at your convenience within the n-2 support lifecycle. +As a best practice, update your scripts to use the version-specific API endpoints to ensure that your implementation is fully supported. For the version-specific APIs, you will have access to the https://pan.dev/compute/api/[API Reference] and Release Notes documentation for changes or updates that may impact you. + + +=== Third-party software + +Customers use a diverse set of technologies in the environments that Prisma Cloud Compute protects, including host operating systems, orchestrators, registries, and container runtimes. +As the vendors and projects responsible for these technologies evolve, newly introduced versions and deprecated older versions can impact the scope of what Prisma Cloud supports. +For example, Prisma Cloud cannot effectively support third-party software that the vendor (or project) itself no longer supports. +Conversely, as new versions of 3rd party software are released, Prisma Cloud must comprehensively test them to be able to provide official support for them. + +For each major and maintenance release of Prisma Cloud Compute, we begin testing by evaluating the versions of 3rd party software we list as officially supported in our xref:../install/system-requirements.adoc[system requirements]. +When new supported versions of this software are available, we perform our testing for the release using them. +For example, if Red Hat were to release a new version of OpenShift before we begin testing an upcoming Prisma Cloud release, we'll include that new OpenShift release in our testing. +If the new version of OpenShift is released after we've begun our testing, we'll instead do this validation in the subsequent Prisma Cloud release. +Depending on where we are in the development cycle, this next release may be a maintenance release or the next major release. +Typically, new 3rd party releases can be supported with no or minor changes in Prisma Cloud. +However, there may be circumstances where a new version of 3rd party software introduces significant breaking changes that require more significant work within Prisma Cloud to maintain compatibility. +In these cases, we'll update the system requirements page to clearly note this and will communicate a roadmap for supporting this software in a later release of Prisma Cloud. + +While Prisma Cloud does not actively prevent interoperability with unsupported software, with each release we evaluate the versions of software supported by vendors and projects. +As older versions are deprecated, Prisma Cloud support will similarly deprecate support for them as well. diff --git a/docs/en/compute-edition/32/admin-guide/welcome/upcoming-support-lifecycle-changes.adoc b/docs/en/compute-edition/32/admin-guide/welcome/upcoming-support-lifecycle-changes.adoc new file mode 100644 index 0000000000..fd66cea8f8 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/upcoming-support-lifecycle-changes.adoc @@ -0,0 +1,38 @@ +== Upcoming support lifecycle changes for Prisma Cloud Compute Edition and modules + +As our customers’ usage of containers and cloud native technology continues to mature, they often need longer product support lifecycles to accommodate enterprise class operational cadences. +We’re announcing the following changes, effective in Prisma Cloud Compute "Iverson", which will ship in the second half of calendar year 2021: + + +=== Extending support lifecycle to N-2 + +* Currently, the Compute xref:../welcome/support_lifecycle.adoc[support lifecycle] is the current major version and the previous major version ("N-1"). +* Beginning in Iverson, support will extend to the previous 2 major versions ("N-2"). +* Given our ~4 month major release cadence, this is effectively a full year of support for any given major release. + + +=== Defender +<->+ Console backwards compatibility + +* Defenders from any supported version will be able to connect to Consoles of the same or greater version. +* This will be phased in, beginning with the Iverson release, which will support Defenders running either Iverson or Hamilton. +* Joule Consoles will support Defenders running either Joule or Iverson or Hamilton. +* twistcli and the Jenkins plugin will also provide this same backwards compatibility model. +* Once a customer upgrades Defenders to Hamilton, they will not need to upgrade them again for 1 year, even as they upgrade their Consoles. + + +=== Versioned API with guaranteed reliable endpoint behaviors + +* Currently, the Compute API is not versioned between releases, though there are a set of APIs which very rarely change documented in our https://pan.dev/compute/api/stable-endpoints/[API stability guide]. +* Beginning in Iverson, each release of Console will include versioned API endpoints for the prior supported releases, with a guarantee that the included endpoint behaviors will remain constant for a given version. +* Only APIs covered in the Stability Guide are included in these versioned endpoints; access to other APIs will not be actively prevented but they will be unsupported, undocumented, and may change at any time. +* This will be phased in, beginning with the Iverson release, which will include a `/v-Iverson` endpoint as well as the existing `/v1` endpoint. +* Joule will include a `/v-Joule` and a `/v-Iverson` endpoint, and the existing `/v1` endpoint; Kepler will include `/v-Kepler`, `/v-Joule`, and `/v-Iverson`. + + +=== Removal of Defender auto-upgrade feature + +* Given lengthened supportability lifecycle and the introduction of Defender +<->+ Console version compatibility throughout it, customers will now have much longer times between required Defender upgrades (approximately only once per year). +* Accordingly, to simplify upgrade flows and enable thorough testing of upgrade scenarios, Defender auto-upgrade will be removed from the product beginning in Iverson. +* This change impacts both SaaS customers (Enterprise Edition) and self-host (Compute Edition) customers. +* Customers that currently have auto-upgrade enabled will simply no longer have Defenders automatically upgraded after this change and no action is required on their part to decommission the feature. +* Customers can take advantage of the wide variety of deployment and upgrade options already available in the product to upgrade Defenders at their own pace to keep them within the new N-2 support lifecycle. diff --git a/docs/en/compute-edition/32/admin-guide/welcome/utilities-and-plugins.adoc b/docs/en/compute-edition/32/admin-guide/welcome/utilities-and-plugins.adoc new file mode 100644 index 0000000000..d2f41bfe72 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/utilities-and-plugins.adoc @@ -0,0 +1,13 @@ +== Utilities and plugins + +All Prisma Cloud utilities and plugins can be downloaded directly from the Console UI +ifdef::compute_edition[] +They are also bundled with the release tarball you download from the xref:../welcome/releases.adoc[Customer Support Portal] +endif::compute_edition[] + +To download the utilities from Prisma Cloud Console, go to *Manage > System > Utilities*. +From there, you can download: + +* Jenkins plugin. +* Linux Container Defender image. +* twistcli for Linux, macOS, and Windows. diff --git a/docs/en/compute-edition/32/admin-guide/welcome/welcome.adoc b/docs/en/compute-edition/32/admin-guide/welcome/welcome.adoc new file mode 100644 index 0000000000..204bbb0659 --- /dev/null +++ b/docs/en/compute-edition/32/admin-guide/welcome/welcome.adoc @@ -0,0 +1,14 @@ +== Welcome + +ifdef::compute_edition[] +Welcome to Prisma Cloud Compute Edition. +endif::compute_edition[] + +ifdef::prisma_cloud[] +Welcome to Prisma Cloud. +endif::prisma_cloud[] + +Prisma Cloud Compute is a cloud workload protection platform (CWPP) for the modern era. +It offers holistic protection for hosts, containers, and serverless deployments in any cloud, and across the software lifecycle. +Prisma Cloud Compute is cloud-native and API-enabled. +It can protect all your workloads, regardless of their underlying compute technology or the cloud in which they run. diff --git a/docs/en/compute-edition/32/rn/_graphics/releases_csp.png b/docs/en/compute-edition/32/rn/_graphics/releases_csp.png new file mode 100644 index 0000000000..8ea7a509c7 Binary files /dev/null and b/docs/en/compute-edition/32/rn/_graphics/releases_csp.png differ diff --git a/docs/en/compute-edition/32/rn/_graphics/releases_direct_link.png b/docs/en/compute-edition/32/rn/_graphics/releases_direct_link.png new file mode 100644 index 0000000000..4760de2386 Binary files /dev/null and b/docs/en/compute-edition/32/rn/_graphics/releases_direct_link.png differ diff --git a/docs/en/compute-edition/32/rn/_graphics/releases_pdf.png b/docs/en/compute-edition/32/rn/_graphics/releases_pdf.png new file mode 100644 index 0000000000..7f4f37d628 Binary files /dev/null and b/docs/en/compute-edition/32/rn/_graphics/releases_pdf.png differ diff --git a/docs/en/compute-edition/32/rn/_graphics/update_bell.png b/docs/en/compute-edition/32/rn/_graphics/update_bell.png new file mode 100644 index 0000000000..000b6d61ae Binary files /dev/null and b/docs/en/compute-edition/32/rn/_graphics/update_bell.png differ diff --git a/docs/en/compute-edition/32/rn/book.yml b/docs/en/compute-edition/32/rn/book.yml new file mode 100644 index 0000000000..0594923e1d --- /dev/null +++ b/docs/en/compute-edition/32/rn/book.yml @@ -0,0 +1,39 @@ +--- +kind: book +title: Prisma Cloud Compute Edition Release Notes +author: Prisma Cloud team +version: 32 +ditamap: prisma-cloud-compute-edition-release-notes +dita: techdocs/en_US/dita/prisma/prisma-cloud/32/prisma-cloud-compute-edition-release-notes +graphics: techdocs/en_US/dita/_graphics/32/prisma-cloud-compute-edition-release-notes +github: + owner: PaloAltoNetworks + repo: prisma-cloud-docs + bookdir: compute/rn + branch: master +--- +kind: chapter +name: Prisma(TM) Cloud Compute Edition Release Information +dir: release-information +topics: + - name: Prisma(TM) Cloud Compute Edition Release Information + file: release-information.adoc + - name: 32.02 Release Notes + file: release-notes-32-02.adoc + - name: 32.01 Release Notes + file: release-notes-32-01.adoc + - name: 32.00 Release Notes + file: release-notes-32-00.adoc + - name: 32.xx Known Issues + file: known-issues-32.adoc +--- +kind: chapter +name: Get Help +dir: get-help +topics: + - name: Get Help + file: get-help.adoc + - name: Related Documentation + file: related-documentation.adoc + - name: Request Support + file: request-support.adoc diff --git a/docs/en/compute-edition/32/rn/book_point_release.yml b/docs/en/compute-edition/32/rn/book_point_release.yml new file mode 100644 index 0000000000..7ed7072dca --- /dev/null +++ b/docs/en/compute-edition/32/rn/book_point_release.yml @@ -0,0 +1,27 @@ +--- +kind: book +title: Prisma Cloud Compute Edition Release Notes +author: Prisma Cloud team +version: 32.02 +ditamap: prisma-cloud-compute-edition-release-notes +dita: techdocs/en_US/dita/prisma/prisma-cloud/32/prisma-cloud-compute-edition-release-notes +--- +kind: chapter +name: Prisma(TM) Cloud Compute Edition Release Information +dir: release-information +topics: + - name: Prisma(TM) Cloud Compute Edition Release Information + file: release-information.adoc + - name: 32.02 (Build 32.02.127) + file: release-notes-32-01.adoc +--- +kind: chapter +name: Get Help +dir: get-help +topics: + - name: Get Help + file: get-help.adoc + - name: Related Documentation + file: related-documentation.adoc + - name: Request Support + file: request-support.adoc diff --git a/docs/en/compute-edition/32/rn/get-help/get-help.adoc b/docs/en/compute-edition/32/rn/get-help/get-help.adoc new file mode 100644 index 0000000000..01351194e5 --- /dev/null +++ b/docs/en/compute-edition/32/rn/get-help/get-help.adoc @@ -0,0 +1,3 @@ +== Get Help + +The following topics provide information on where to find more about this release and how to request support: diff --git a/docs/en/compute-edition/32/rn/get-help/related-documentation.adoc b/docs/en/compute-edition/32/rn/get-help/related-documentation.adoc new file mode 100644 index 0000000000..2610dd5a1c --- /dev/null +++ b/docs/en/compute-edition/32/rn/get-help/related-documentation.adoc @@ -0,0 +1,21 @@ +== Related Documentation + +Refer to the following documentation on the https://docs.paloaltonetworks.com[Technical Documentation portal] or https://docs.paloaltonetworks.com/search.html[search] the documentation for more information on our products: + +//* *Prisma Cloud Administrator's Guide (Compute)* -- +//Provides the concepts and workflows to get the most out of the Compute service in Prisma Cloud Enterprise Edition. +The http://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-guide-compute/[Prisma Cloud Administrator’s Guide (Compute)] also takes you through the initial onboarding and basic set up for securing your hosts, containers, and serverless functions. + +* *Prisma Cloud Compute Edition Administrator's Guide* -- +Provides the concepts and workflows to get the most out of the Prisma Cloud Compute Edition, the self-hosted version of Prisma Cloud's workload protection solution. +The http://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-admin/[Prisma Cloud Administrator’s Guide (Compute)] also takes you through the initial onboarding and basic set up for securing your hosts, containers, and serverless functions. + +* *Prisma Cloud Administrator's Guide* -- +Provides the concepts and workflows to get the most out of the Prisma Cloud service including information on the IAM Security, Network Security and Data Security capabilities. +The https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin.html[Prisma Cloud Administrator’s Guide] also takes you through the initial onboarding and basic set up for securing your public cloud deployments. + +* *Prisma Cloud RQL Reference* -- +Describes how to use the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference.html[Resource Query Language (RQL)] investigate incidents and then create policies based on the findings. + +* *Prisma Cloud Code Security Administrator's Guide* -- +Use the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security.html[Code Security Guide] to scan and secure your Iac templates and identify misconfiguration before you go from code to cloud. diff --git a/docs/en/compute-edition/32/rn/get-help/request-support.adoc b/docs/en/compute-edition/32/rn/get-help/request-support.adoc new file mode 100644 index 0000000000..da50b2e636 --- /dev/null +++ b/docs/en/compute-edition/32/rn/get-help/request-support.adoc @@ -0,0 +1,23 @@ +== Request Support + +For contacting support, for information on support programs, to manage your account, or to open a support case, go to the https://live.paloaltonetworks.com/t5/Prisma-Cloud/ct-p/PrismaCloud[Prisma Cloud LIVE community page]. + +To provide feedback on the documentation, please write to us at: documentation@paloaltonetworks.com. + + +[.section] +=== Contact Information + +*Corporate Headquarters:* + +*Palo Alto Networks* + +3000 Tannery Way + +Santa Clara, CA 95054 + +https://www.paloaltonetworks.com/company/contact-support + +Palo Alto Networks, Inc. + +https://www.paloaltonetworks.com[www.paloaltonetworks.com] diff --git a/docs/en/compute-edition/32/rn/release-information/download.adoc b/docs/en/compute-edition/32/rn/release-information/download.adoc new file mode 100644 index 0000000000..a2f12c7d48 --- /dev/null +++ b/docs/en/compute-edition/32/rn/release-information/download.adoc @@ -0,0 +1,62 @@ +== Download the software + +In general, you should stay on the latest major release unless you require a feature or fix from a subsequent maintenance release. +We recommend that you upgrade to new major releases as they become available. +For more information, see the xref:../welcome/support_lifecycle.adoc[Prisma Cloud support lifecycle]. + +The bell icon in Console automatically notifies you when new releases are available: + +image::update_bell.png[width=800] + + +[.task] +=== Downloading the software [[download]] + +Download the software from the Palo Alto Networks https://support.paloaltonetworks.com/[Customer Support portal]. + +IMPORTANT: If you don't see *Prisma Cloud Compute Edition* in the drop-down list, contact customer support. +They'll send you a direct link to the download, and initiate the process to fix the permissions for your account. + +[.procedure] +. Log into the https://support.paloaltonetworks.com/[Customer Support portal]. + +. Go to *Updates > Software Updates*. + +. From the drop-down list, select *Prisma Cloud Compute Edition*. +All releases available for download are displayed. ++ +image::releases_csp.png[width=800] + + +[.task] +=== Downloading the software programmatically [[download-link]] + +Besides hosting the download on the Customer Support Portal, we also support programmatic download (e.g., curl, wget) of the release directly from our CDN. +The link to the tarball is published in the release notes. + +IMPORTANT: If you don't see *Prisma Cloud Compute Edition* in the drop-down list, contact customer support. +They'll send you a direct link to the download, and initiate the process to fix the permissions for your account. + +[.procedure] +. Log into the https://support.paloaltonetworks.com/[Customer Support portal]. + +. Go to *Updates > Software Updates*. + +. From the drop-down list, select *Prisma Cloud Compute Edition*. +All releases available for download are displayed. + +. Open the releases notes PDF. ++ +image::releases_pdf.png[width=800] + +. Scroll down to the release information to get the link. ++ +image::releases_direct_link.png[width=800] + + +=== Open source components + +Prisma Cloud includes various open source components, which might change between releases. +The list of open source components is documented in _prisma-oss-licenses.txt_. +This document is included with every release tarball. +Before installing Prisma Cloud, review the components and licenses in _prisma-oss-licenses.txt_. diff --git a/docs/en/compute-edition/32/rn/release-information/known-issues-32.adoc b/docs/en/compute-edition/32/rn/release-information/known-issues-32.adoc new file mode 100644 index 0000000000..91ed2c9e39 --- /dev/null +++ b/docs/en/compute-edition/32/rn/release-information/known-issues-32.adoc @@ -0,0 +1,14 @@ +== 32.00 Known Issues + +Review the list of known issues on the 32.00 release. + +// Note that when we add a known issue, you have to then update this page to include the "Fixed in xx.xx.xxx" for the known issue when it is fixed subsequently. Fixed issues in a given release are documented in the 31.xx adoc file and indicated as fixed on this page (if it was identified as a known issue earlier). + +//CWP-53375 +* In *Inventory > Compute Workloads*, for users logged in with a role other than the built-in system admin role, currently only data about cloud provider managed registry images and VM instances can be viewed. ++ +In particular, for such roles currently data about the following types of assets is not displayed: +** Run stage images +** Private registry images +** Build stage images +** On-premises hosts/hosts managed by cloud providers unsupported by Compute diff --git a/docs/en/compute-edition/32/rn/release-information/release-information.adoc b/docs/en/compute-edition/32/rn/release-information/release-information.adoc new file mode 100644 index 0000000000..6e03931699 --- /dev/null +++ b/docs/en/compute-edition/32/rn/release-information/release-information.adoc @@ -0,0 +1,7 @@ +== Prisma Cloud Compute Edition Release Information + +Prisma Cloud Compute Edition secures your hosts, containers, and serverless functions. + +To view the current operational status of Palo Alto Networks cloud services, see https://status.paloaltonetworks.com/. + +Before you begin using Prisma Cloud, make sure you review the following information: diff --git a/docs/en/compute-edition/32/rn/release-information/release-notes-32-00.adoc b/docs/en/compute-edition/32/rn/release-information/release-notes-32-00.adoc new file mode 100644 index 0000000000..acf548aaf2 --- /dev/null +++ b/docs/en/compute-edition/32/rn/release-information/release-notes-32-00.adoc @@ -0,0 +1,138 @@ +:toc: macro +== 32.00 Release Notes + +The following table outlines the release particulars: + +[cols="1,4"] +|=== +|Build +|32.01.128 + +|Code name +|O'Neal + +|Release date +|December 3, 2023 + +|Type +|Major release + +|SHA-256 +|39d1f808550f7491dcc63e392b5eb55e8f9068494b4f49c07c71da17433f7396 +|=== + +Review the https://docs.paloaltonetworks.com/prisma/prisma-cloud/31/prisma-cloud-compute-edition-admin/install/system_requirements[system requirements] to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators. + +//You can download the release image from the Palo Alto Networks Customer Support Portal, or use a program or script (such as curl, wget) to download the release image directly from our CDN: + +//LINK + +toc::[] + +[#upgrade] +=== Upgrade from Previous Releases + +[#upgrade-defender] +==== Upgrade Defender Versions 22.06 and Earlier + +With the `v32.00` release, https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/welcome/support_lifecycle[Defender versions supported (n, n-1, and n-2)] are `v32.00`, `v31.00`, and `v30.00`. + +To prepare for this update, you must upgrade your Defenders from version `v22.06` (Kepler) or earlier to a later version. +Failure to upgrade Defenders will result in disconnection of any Defender version below `v22.12` such as `v22.06`. + +[#upgrade-console] +==== Upgrade the Prisma Cloud Console + +With the `v32.00` release, the https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/welcome/support_lifecycle[supported Console versions (n, n-1, and n-2)] are `v32.00`, `v31.00`, and `v30.00`. + +You can upgrade the Prisma Cloud console directly from any version for n-1 to n. +With `v30.00` as n-1 and `v31.00` as n, you can for example go directly from `v30.01.153` to `v31.00.129`. + +You have to upgrade any version of `v22.00` to `v30.00` before upgrading to `v31.00`. +For example, you can upgrade from `v22.12.693` to `v30.02.123` and then upgrade to `v32.00.159`. + +//[#cve-coverage-update] +//=== CVE Coverage Update + +[#enhancements] +=== Enhancements + +//CWP-47397 +==== Added the Agentless Scanning Report + +The agentless scanning report is now available under *Runtime Security > Cloud Accounts*. +This report provides you with complete visibility of all hosts in your cloud account at the account and regional level. +It includes clear reporting of each host, the corresponding scan status, and further details. + + +//CWP-52883 +==== Added the Ability to Scan all Supported Binaries + +Agentless malware scanning detects all supported binaries and shared libraries on both Linux and Windows operating systems. +For example, malicious ELF files on Windows machines are now detected. + +//[#new-features-agentless-security] +// === New Features in Agentless Security + +// [#new-features-core] +// === New Features in Core + +// [#new-features-host-security] +// === New Features in Host Security + +// [#new-features-serverless] +// === New Features in Serverless + +// [#new-features-waas] +// === New Features in WAAS + +[#api-changes] +=== API Changes and New APIs + + +[#addressed-issues] +=== Addressed Issues + +//CWP-52436 +* Fixed an issue with agentless scanning that in some conditions failed scanning encrypted volumes when using hub mode in AWS. + +//CWP-52777 CWP-52736 +* In `v31.02.133`, the new 81 out-of-box admission control rules in Rego were not available by default. This is now fixed. With the `v32.00` Console, you now get all the 81 OOB admission control rules. + +//CWP-51754 +* Fixed an issue where "sourceType" field was missing for Splunk alert messages. Users can now add "sourceType" field to the custom alert JSON of Splunk and prisma cloud will define the external field based on the custom one. + +//CWP-50983 +* Fixed an issue where the progress bar while scanning deployed images was not reported correctly. + +//CWP-50312 +* Fixed an issue where Nuget vulnerabilities of same the package with different path appear with the same path. + +// CWP-48205, PCSUP-15977 +* Fixed an issue that stopped the registry scan due to an invalid credentials error. The registry scan now completes on credential fetch errors. + +// CWP-45971 +* Custom rule names are now populated for runtime custom rule incidents. Also, labels are reported for when the incident occurred in a Kubernetes cluster. + +[#end-of-support] +=== End of Support Notifications + +//CWP-49461 +==== Ended Support for Cloud Native Network Segmentation (CNNS) + +The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts is being removed. +The configuration settings on the console (*Runtime Security > Defend > CNNS*) and the corresponding APIs for CNNS are removed in `v32.00.159`. +Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this continues to be available. + +[#deprecation-notices] +=== Deprecation Notices + +//CWP-48467 +==== Deprecated the `aggregated` and `rest` fields + +The `aggregated` and `rest` macros from the webhook custom JSON alerts are being deprecated and replaced by `AggregatedAlerts` and `Dropped` macros respectively. + +//CWP-40710 +==== Deprecated `AccountID` macro from the Alerts payload + +The `AccountID` macro in the Alerts payload is deprecated and replaced by the `AccountIDs` macro. diff --git a/docs/en/compute-edition/32/rn/release-information/release-notes-32-01.adoc b/docs/en/compute-edition/32/rn/release-information/release-notes-32-01.adoc new file mode 100644 index 0000000000..05b8897405 --- /dev/null +++ b/docs/en/compute-edition/32/rn/release-information/release-notes-32-01.adoc @@ -0,0 +1,202 @@ +:toc: macro +== 32.01 Release Notes + +The following table outlines the release particulars: + +[cols="1,4"] +|=== +|Build +|32.01.128 + +|Code name +|O'Neal - Update 1, 32.01 + +|Release date +|January 7th, 2024 + +|Type +|Maintenance Release + +|SHA-256 +|c7540e43ccd43c625a0a379570915198decaeaa48e61b145508c792adf084fc2 +|=== + +Review the https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/install/system_requirements[system requirements] to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators. + +// You can download the release image from the Palo Alto Networks Customer Support Portal, or use a program or script (such as curl, wget) to download the release image directly from our CDN: + +// LINK + +toc::[] + +[#upgrade] +=== Upgrade from Previous Releases + +[#upgrade-defender] +==== Upgrade Defender Versions 22.06 and Earlier + +With the `v32.00` release, https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/welcome/support_lifecycle[Defender versions supported (n, n-1, and n-2)] are `v32.00`, `v31.00`, and `v30.00`. + +To prepare for this update, you must upgrade your Defenders from version `v22.06` (Kepler) or earlier to a later version. +Failure to upgrade Defenders will result in disconnection of any Defender version below `v22.12` such as `v22.06`. + +[#upgrade-console] +==== Upgrade the Prisma Cloud Console + +With the `v32.00` release, the https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/welcome/support_lifecycle[supported Console versions (n, n-1, and n-2)] are `v32.00`, `v31.00`, and `v30.00`. + +You can upgrade the Prisma Cloud console directly from any version for n-1 to n. +With `v30.00` as n-1 and `v31.00` as n, you can for example go directly from `v30.01.153` to `v31.00.129`. + +You have to upgrade any version of `v22.00` to `v30.00` before upgrading to `v31.00`. +For example, you can upgrade from `v22.12.693` to `v30.02.123` and then upgrade to `v32.00.159`. + +//[#cve-coverage-update] +//=== CVE Coverage Update + +[#api-changes] +=== API Changes and New APIs + +//CWP-51321 +* Collections that were added using the https://pan.dev/prisma-cloud/api/cwpp/post-collections/[Add a New Collection] did not display as expected in the Console. This issue has been resolved by making all request body fields, except `name`, optional. Any field that is not provided will default to the wildcard value '*'. + +[#enhancements] +=== Enhancements + +[cols="40%a,60%a"] +|=== + +|FEATURE +|DESCRIPTION + +//CWP-46475 +|*Agentless Scanning* +|Added agentless scanning support of encrypted volumes in Azure for the hub account mode. + +//CWP-41206 +|*Agentless Scanning* +|Added agentless scanning hub account mode for Azure. + +//CWP-52656 +|*Vulnerability Management* +|Added support for Debian Bullseye and Bookworm Security fixes. + +//CWP-53787 +|*Operating System Support* +|Added support for OpenShift 4.14. + +//CWP-53162 +// |*Cloud Service Providers* +// |Added a new filter in the cloud accounts page in Runtime Security, which filters accounts that are not yet onboarded to the Prisma platform account management under the cloud service providers tab. + +// In the future, will be able import and manage such accounts fully on the platform cloud service providers page. The goal is to simplify the management of cloud service providers accounts by decommissioning the cloud account management page in Runtime Security. + +//CWP-34450 +|*Vulnerability Management* +|Added support to detect IBM Java version 1.8 and earlier. +IBM Java version 1.9 and later are partially supported. +The detection depends on the `jdk/release` file being found. + +|=== + +// [#new-features-core] +// === New Features in Core + + +//[#new-features-host-security] +//=== New Features in Host Security + +//[#new-features-serverless] +//=== New Features in Serverless + +//[#new-features-waas] +//=== New Features in WAAS + +// [#api-changes] +// === API Changes and New APIs + + + +//[#breaking-api-changes] +//=== Breaking Changes in API + +[#end-support] +=== End of Support Notifications + +[cols="30%a,70%a"] +|=== + +//CWP-40710 CWP-41766 +|*Alerts* +|Deprecated the `AccountID` and `Cluster` macros used in alerts. +This removes the `AccountID` and `Cluster` fields in the following alerts using the macros. + +* Webhook +* AWS SQS +* Prisma Cortex Alert +* Splunk + +|=== + +[#addressed-issues] +=== Addressed Issues + +[cols="40%a,60%a"] +|=== + +|*FIXED VERSION* +|*DESCRIPTION* + +//CWP-51321 +|tt:[Fixed in 32.01] +|Collections that were added using the https://pan.dev/prisma-cloud/api/cwpp/post-collections/[Add a New Collection] did not display as expected in the Console. This issue has been resolved by making all request body fields, except `name`, optional. Any field that is not provided will default to the wildcard value '*'. + +//CWP-46557 +|tt:[Fixed in 32.01] +|*Container Support:* Bump `github.com/containers/storage` to v1.42.0 (or later). + +//CWP-46051 +|tt:[Fixed in 32.01] +| *Documentation:* Updated the inconsistent icons in the documentation of the trusted images compliance under *Monitor > Compliance > Trusted images*. + +//CWP-42711 +|tt:[Fixed in 32.01] +|*Serverless:* Fixed confusion around the serverless function defended status. + +//CWP-50500 +|tt:[Fixed in 32.01] +|*Operating System Support:* Fixed false positives caused by CVE-2016-9063 in hosts running RHEL. + +//CWP-48649 +|tt:[Fixed in 32.01] +|*Operating System Support:* Improve parsing of Debian feed for CVEs with status open to include only the vulnerable versions. + +//CWP-50923 +|tt:[Fixed in 32.01] +|*Cloud Service Providers - Azure:* Fixed an issue where the cluster name of Azure AKS clusters was incorrectly resolved by Defenders as vanilla Kubernetes cluster instead of AKS cluster, if the resource group name of the cluster contained the suffix `_group`. + +//CWP-53655 +|tt:[Fixed in 32.01] +|*Image Scanning:* Fixed an issue where system administrators could see all the clusters in the Image Vulnerability scan reports. + +//CWP-51321 +|tt:[Fixed in 32.01] +|*User Interface:* Fixed an issue where adding a collection via API with missing `labels:["*"]` caused the operation to go through but caused the UI to freeze. + +//CWP-49926 +|tt:[Fixed in 32.01] +|*Logging:* Fixed an issue causing errors in logs after upgrading from v30.00.140 to v31.00.129. + +//CWP-51425 +|tt:[Fixed in 32.01] +|*Registry Scanning:* Fixed an issue that caused a scanning failure for Google artifactory registry using credentials imported from the Prisma Cloud platform. + +|=== + +//[#backward-compatibility] +//=== Backward Compatibility for New Features + +//[#change-in-behavior] +//=== Change in Behavior + +//==== Breaking fixes compare with SaaS RN diff --git a/docs/en/compute-edition/32/rn/release-information/release-notes-32-02.adoc b/docs/en/compute-edition/32/rn/release-information/release-notes-32-02.adoc new file mode 100644 index 0000000000..c747d83a34 --- /dev/null +++ b/docs/en/compute-edition/32/rn/release-information/release-notes-32-02.adoc @@ -0,0 +1,234 @@ +:toc: macro +== 32.02 Release Notes + +The following table outlines the release particulars: + +[cols="1,4"] +|=== +|Build +|32.02.127 +|Code name +|O'Neal - Update 2, 32.02 + +|Release date +|January 28th, 2024 + +|Type +|Maintenance Release + +|SHA-256 +|a4790f3e94509fb1d80b0ff5a3567ac57295fd52b976b7f67d34ab268f9636ee + +|=== + +Review the https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/install/system_requirements[system requirements] to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators. + +// You can download the release image from the Palo Alto Networks Customer Support Portal, or use a program or script (such as curl, wget) to download the release image directly from our CDN: + +// LINK + +toc::[] + +[#upgrade] +=== Upgrade from Previous Releases + +[#upgrade-defender] +==== Upgrade Defender Versions 22.06 and Earlier + +With the `v32.00` release, https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/welcome/support_lifecycle[Defender versions supported (n, n-1, and n-2)] are `v32.00`, `v31.00`, and `v30.00`. + +To prepare for this update, you must upgrade your Defenders from version `v22.06` (Kepler) or earlier to a later version. +Failure to upgrade Defenders will result in disconnection of any Defender version below `v22.12` such as `v22.06`. + +[#upgrade-console] +==== Upgrade the Prisma Cloud Console + +With the `v32.00` release, the https://docs.paloaltonetworks.com/prisma/prisma-cloud/32/prisma-cloud-compute-edition-admin/welcome/support_lifecycle[supported Console versions (n, n-1, and n-2)] are `v32.00`, `v31.00`, and `v30.00`. + +You can upgrade the Prisma Cloud console directly from any version for n-1 to n. +With `v30.00` as n-1 and `v31.00` as n, you can for example go directly from `v30.01.153` to `v31.00.129`. + +You have to upgrade any version of `v22.00` to `v30.00` before upgrading to `v31.00`. +For example, you can upgrade from `v22.12.693` to `v30.02.123` and then upgrade to `v32.00.159`. + +// [#cve-coverage-update] +// === CVE Coverage Update + +// [#api-changes] +// === API Changes and New APIs + + +[#enhancements] +=== Enhancements +[cols="40%a,60%a"] +|=== + +|FEATURE +|DESCRIPTION + +//CWP-52181 +|*Agentless Scanning* +|Enabled the scan of non-running hosts by default. +Agentless scanning now scans non-running hosts by default for all newly added accounts. +This change does not affect existing accounts. + +//CWP-49984 +|*Registry Scanning* +|The following new fields are now displayed for registry scans: + +* Scan status—if the scan completed successfully or failed. + +* Last scan time—the time at which defender started scanning the registry. + +A new unified scan progress indicator shows the status (percentage and number) of scanning and pending registries. + +//CWP-47706 +|*Vulnerability Management* +|Improved the detection of vulnerabilities on supported Windows OS workloads to fix false negative and false positive alerts related to Windows feeds. + +// //CWP-55308 +// |*Cloud Account Management* +// |Introduced the *Account Import Status* filter on the *Cloud Accounts* page in *Runtime Security*. +// This feature includes three statuses: + +// * *Local accounts:* cloud accounts created in Runtime Security only (and not in the Prisma Cloud console) +// * *Manually imported accounts:* cloud accounts that were manually imported from Prisma Cloud console to Runtime Security in the past prior to the Lagrange release (end of 2022) +// * *Auto-imported accounts:* cloud accounts that originated from Prisma Cloud console and seamlessly imported into Runtime Security. + +|=== + +// [#new-features-core] +// === New Features in Core + + +//[#new-features-host-security] +//=== New Features in Host Security + +//[#new-features-serverless] +//=== New Features in Serverless + +//[#new-features-waas] +//=== New Features in WAAS + +[#api-changes] +=== API Changes +[cols="30%a,70%a"] +|=== + +//CWP-55309 +| *API to list cloud accounts that are imported from the Prisma Cloud platform* +|You can onboard accounts and cloud credentials only through the Prisma Cloud platform Accounts page now. To support this change, the following new query parameters have been added to the https://pan.dev/prisma-cloud/api/cwpp/get-credentials/[Get All Credentials] endpoint. These parameters allow you to list cloud accounts that are imported from the Prisma Cloud platform: + +* `external`: Set to `true` to retrieve credentials imported from the Prisma Cloud platform Accounts page. +* `autoImported`: Set to `true` to retrieve credentials that were automatically imported from the Prisma Cloud platform Accounts page. + + +//CWP-52775 +|*New request body field in the Download Serverless Layer Bundle endpoint* +|The https://pan.dev/prisma-cloud/api/cwpp/post-images-twistlock-defender-layer-zip/[Download Serverless Layer Bundle] endpoint includes a new request body field: `nodeJSModuleType`, which accepts one of these values: + +* `commonjs` +* `ecmascript` + +The `nodeJSModuleType` field is optional and the default value is `commonjs`. + +|=== + + +// [#breaking-api-changes] +// === Breaking Changes in API +// [cols="30%a,70%a"] +// |=== + + +[#end-support] +=== End of Support Notifications +[cols="30%a,70%a"] +|=== + +//CWP-36043 / CWP-50985 +|*Code Security Module for Scanning* +|The Code Repository Scanning feature is sunset in Prisma Cloud Compute Edition. + +It is replaced by Prisma Cloud Application Security in the Enterprise Edition, which offers more comprehensive and advanced Software Composition Analysis (SCA). For information, see https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/application-security[Prisma Cloud Application Security]. + +//CWP-36043 / CWP-53875 +|*Code Security Module for Scanning APIs are Sunset* +|The Code Repository Scanning feature in Prisma Cloud Compute is no longer available as Prisma Cloud Enterprise Edition (Cloud Application Security) offers a more comprehensive and advanced Software Composition Analysis (SCA) feature. + +Also, the following Prisma Cloud Compute code scan endpoints have been sunset (removed): + +* `/api//coderepos` - *GET* +* `/api//coderepos/scan` - *POST* +* `/api//coderepos/stop` - *POST* +* `/api//coderepos/download`- *GET* +* `/api//coderepos/progress` - *GET* +* `/api//coderepos/discover` - *GET* +* `/api//coderepos-ci` - *POST* +* `/api//coderepos-ci` - *GET* +* `/api//coderepos-ci/download` - *GET* +* `/api//policies/vulnerability/coderepos` - *GET* +* `/api//policies/vulnerability/coderepos/impacted` - *GET* +* `/api//policies/vulnerability/ci/coderepos` - *GET* +* `/api//policies/compliance/coderepos` - *GET* +* `/api//policies/compliance/coderepos/impacted` - *GET* +* `/api//policies/compliance/ci/coderepos`- *GET* +* `/api//policies/vulnerability/coderepos` - *PUT* +* `/api//policies/vulnerability/ci/coderepos` - *PUT* +* `/api//policies/compliance/coderepos` - *PUT* +* `/api//policies/compliance/ci/coderepos`- *PUT* +* `/api//settings/coderepos` - *PUT* +* `/api//settings/coderepos` - *GET* +* `/api//coderepos/webhook/{" + id + "}"` - *POST* + +|=== + +[#addressed-issues] +=== Addressed Issues + +[cols="40%a,60%a"] +|=== + +|*FIXED VERSION* +|*DESCRIPTION* +//CWP-46155 +|tt:[Fixed in 32.02] +|Agentless scanning now supports scanning of Podman container images deployed to hosts with the default storage driver. + +//CWP-46167 +|tt:[Fixed in 32.02] +|Fixed an issue where scanning scripts that contain binary data caused memory consumption issues. + +//CWP-47706 - Waiting on inputs +// |tt:[Fixed in 32.02] +// | + +//CWP-47945 +|tt:[Fixed in 32.02] +|Improved the detection of vulnerabilities on supported Windows OS workloads to fix false negative and false positive alerts related to Windows feeds. + +//CWP-48097 +|tt:[Fixed in 32.02] +|Fixed an issue causing some TAS blobstore controllers not to be listed. + +//CWP-48530 +|tt:[Fixed in 32.02] +|Fixed an issue found during configuration of the Tanzu blobstore scanner. The configuration didn't filter the scanners from the selected cloud controller correctly. Now, when you provide a cloud controller in the Tanzu blobstore scan configuration, only the suitable scanners are available in the scanner dropdown. + +//CWP-54804 +|tt:[Fixed in 32.02] +|Added support for installing serverless defender on AWS with NodeJS runtime, using layer based deployment type and ES modules type. + +//CWP-52027 +|tt:[Fixed in 32.02] +|Fixed an issue where users could not see credentials stored in the Runtime Security credential store, when creating a new System Admin role while specifying cloud accounts only onboarded under Runtime Security. + +|=== + +//[#backward-compatibility] +//=== Backward Compatibility for New Features + +//[#change-in-behavior] +//=== Change in Behavior + +//==== Breaking fixes compare with SaaS RN diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/add-email-notification-template-1.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-email-notification-template-1.png new file mode 100644 index 0000000000..ed8b529300 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-email-notification-template-1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/add-email-notification-template-2.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-email-notification-template-2.png new file mode 100644 index 0000000000..345e38596d Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-email-notification-template-2.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-1.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-1.png new file mode 100644 index 0000000000..8541f9dae6 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-2.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-2.png new file mode 100644 index 0000000000..e7c61067f4 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-2.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-3.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-3.png new file mode 100644 index 0000000000..0ddf4e3a71 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-jira-notification-template-3.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/add-servicenow-notification-template-1.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-servicenow-notification-template-1.png new file mode 100644 index 0000000000..11fe70b140 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/add-servicenow-notification-template-1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/alerts-alert-rules-set-alert-notification.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/alerts-alert-rules-set-alert-notification.png new file mode 100644 index 0000000000..0f70647949 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/administration/alerts-alert-rules-set-alert-notification.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-pre-req-create-policy-2.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-pre-req-create-policy-2.png index 0854ebf1fb..01a0fab0a3 100644 Binary files a/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-pre-req-create-policy-2.png and b/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-pre-req-create-policy-2.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-subscription-enable.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-subscription-enable.png index 649aaa482c..1bfbfbdec4 100644 Binary files a/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-subscription-enable.png and b/docs/en/enterprise-edition/content-collections/_graphics/administration/cdem-subscription-enable.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-alert-violating-policy.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-alert-violating-policy.png index f83c999c48..310c15e240 100644 Binary files a/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-alert-violating-policy.png and b/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-alert-violating-policy.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-policy-type.png b/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-policy-type.png index 9c66525409..f1cd1e7321 100644 Binary files a/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-policy-type.png and b/docs/en/enterprise-edition/content-collections/_graphics/administration/iam-security-policy-type.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/alerts/send-to-email.png b/docs/en/enterprise-edition/content-collections/_graphics/alerts/send-to-email.png new file mode 100644 index 0000000000..a369991f8e Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/alerts/send-to-email.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/alerts/send-to-slack.png b/docs/en/enterprise-edition/content-collections/_graphics/alerts/send-to-slack.png new file mode 100644 index 0000000000..9a95b02cba Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/alerts/send-to-slack.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/docker-connectivity-main2.0.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/docker-connectivity-main2.0.png new file mode 100644 index 0000000000..ec14f4296e Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/docker-connectivity-main2.0.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/docker-run-image1.1.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/docker-run-image1.1.png new file mode 100644 index 0000000000..a063defae8 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/docker-run-image1.1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement-access.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement-access.png new file mode 100644 index 0000000000..39b354bbba Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement-access.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement-modify.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement-modify.png new file mode 100644 index 0000000000..f2496f0b3b Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement-modify.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement.gif b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement.gif new file mode 100644 index 0000000000..9eb12fe647 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement.gif differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement2.0.gif b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement2.0.gif new file mode 100644 index 0000000000..f1adbe6944 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/enforcement2.0.gif differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/gha-add-envstep-wizard.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/gha-add-envstep-wizard.png new file mode 100644 index 0000000000..94e5fb1bdf Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/gha-add-envstep-wizard.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/gha-conf-job-step-wizard.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/gha-conf-job-step-wizard.png new file mode 100644 index 0000000000..d63dcd6d4d Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/gha-conf-job-step-wizard.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-blue.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-blue.png new file mode 100644 index 0000000000..d1da3a79cd Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-blue.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-blue1.1.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-blue1.1.png new file mode 100644 index 0000000000..d1da3a79cd Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-blue1.1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-connectivity.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-connectivity.png new file mode 100644 index 0000000000..5262370f97 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-connectivity.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-green.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-green.png new file mode 100644 index 0000000000..ab1b8a9c6a Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-green.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-red.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-red.png new file mode 100644 index 0000000000..ee426c8ccf Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/legend-red.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/secrets-advanced-settings.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/secrets-advanced-settings.png new file mode 100644 index 0000000000..60a76249f9 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/secrets-advanced-settings.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/select-transporter1.1.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/select-transporter1.1.png new file mode 100644 index 0000000000..4c341611da Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/select-transporter1.1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/select-transporter1.2.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/select-transporter1.2.png new file mode 100644 index 0000000000..99203e93b5 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/select-transporter1.2.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/tf-module-scan.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/tf-module-scan.png new file mode 100644 index 0000000000..4ed6cb9c66 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/tf-module-scan.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transport-health-check1.1.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transport-health-check1.1.png new file mode 100644 index 0000000000..16874f742f Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transport-health-check1.1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-browser-all-2.0.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-browser-all-2.0.png new file mode 100644 index 0000000000..238ce303a5 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-browser-all-2.0.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-docker-proxy-2.0.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-docker-proxy-2.0.png new file mode 100644 index 0000000000..c95769c3c8 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-docker-proxy-2.0.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-k8s-main-2.0.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-k8s-main-2.0.png new file mode 100644 index 0000000000..3da5505a54 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-k8s-main-2.0.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-k8s-proxy-2.0.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-k8s-proxy-2.0.png new file mode 100644 index 0000000000..92230cd434 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-connectivity-k8s-proxy-2.0.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-docker-connectivity-log2.2.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-docker-connectivity-log2.2.png new file mode 100644 index 0000000000..70e63485e3 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-docker-connectivity-log2.2.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-int-wiz-mng-int.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-int-wiz-mng-int.png new file mode 100644 index 0000000000..4850432074 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-int-wiz-mng-int.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-k8s-usecases.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-k8s-usecases.png new file mode 100644 index 0000000000..0eb0bcdb4b Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-k8s-usecases.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-trusted-ipaddresses.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-trusted-ipaddresses.png new file mode 100644 index 0000000000..7c72a78a5b Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-trusted-ipaddresses.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-verify-connectivity-ui1.1.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-verify-connectivity-ui1.1.png new file mode 100644 index 0000000000..df793ef13c Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/transporter-verify-connectivity-ui1.1.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/application-security/ui-wizard-deploy-client.png b/docs/en/enterprise-edition/content-collections/_graphics/application-security/ui-wizard-deploy-client.png new file mode 100644 index 0000000000..04ada0407b Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/application-security/ui-wizard-deploy-client.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/connect/aws-add-logging-account.png b/docs/en/enterprise-edition/content-collections/_graphics/connect/aws-add-logging-account.png new file mode 100644 index 0000000000..922e7ca5ca Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/connect/aws-add-logging-account.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/connect/aws-configure-s3-flowlogs.png b/docs/en/enterprise-edition/content-collections/_graphics/connect/aws-configure-s3-flowlogs.png new file mode 100644 index 0000000000..c5ba4b17b4 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/connect/aws-configure-s3-flowlogs.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/dashboards/compliance-dashboard.gif b/docs/en/enterprise-edition/content-collections/_graphics/dashboards/compliance-dashboard.gif new file mode 100644 index 0000000000..da2ae7560f Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/dashboards/compliance-dashboard.gif differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-aws-configuration.png b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-aws-configuration.png new file mode 100644 index 0000000000..c1351cb351 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-aws-configuration.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-azure-configuration.png b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-azure-configuration.png new file mode 100644 index 0000000000..821949d72d Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-azure-configuration.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-gcp-configuration.png b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-gcp-configuration.png new file mode 100644 index 0000000000..d99f14a1ff Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-gcp-configuration.png differ diff --git a/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-oci-configuration.png b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-oci-configuration.png new file mode 100644 index 0000000000..dff5f32db7 Binary files /dev/null and b/docs/en/enterprise-edition/content-collections/_graphics/runtime-security/agentless-oci-configuration.png differ diff --git a/docs/en/enterprise-edition/content-collections/administration/add-a-resource-list-on-prisma-cloud.adoc b/docs/en/enterprise-edition/content-collections/administration/add-a-resource-list-on-prisma-cloud.adoc index 2129d12476..af7f291c74 100644 --- a/docs/en/enterprise-edition/content-collections/administration/add-a-resource-list-on-prisma-cloud.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/add-a-resource-list-on-prisma-cloud.adoc @@ -72,7 +72,7 @@ image::administration/resource-list-cag.png[] . View this resource list on *Compute*. + -The resource list is automatically added to the list of Collections. Select menu:Manage[Collections And Tags > Collections] and find the resource list by name. Although the Resource List for Compute Access Group is included in the list of collections, you cannot edit it on the *Compute* tab or use it when you add or edit rules for enforcing security checks on your resources. +The resource list is automatically added to the list of Collections. Select *Manage > Collections And Tags > Collections* and find the resource list by name. Although the Resource List for Compute Access Group is included in the list of collections, you cannot edit it on the *Compute* tab or use it when you add or edit rules for enforcing security checks on your resources. . Attach the resource list. + @@ -118,14 +118,14 @@ This is currently only applicable to Azure resources. If you have access to AWS, .. Apply a filter on the Compliance dashboard. + -* Select menu:Compliance[Overview] and click the plus icon (image:filter-plus-icon.png) to view and add filter menu items. +* Select *Compliance > Overview* and click the plus icon (image:filter-plus-icon.png) to view and add filter menu items. * Select *Azure Resource Group* to view the resource list data associated with your role. + image::administration/compliance-azure-resource-group-1.png[] . Apply a filter on the Asset inventory dashboard. + -* Select menu:Inventory[Assets] and click the plus icon to view and add filter menu items. +* Select *Inventory > Assets* and click the plus icon to view and add filter menu items. * Select *Azure Resource Group* to view the resource list data associated with your role. + image::administration/asset-inventory-azure-resource-group-2.png[] diff --git a/docs/en/enterprise-edition/content-collections/administration/add-service-account-prisma-cloud.adoc b/docs/en/enterprise-edition/content-collections/administration/add-service-account-prisma-cloud.adoc index a96a70f178..affdc38d76 100644 --- a/docs/en/enterprise-edition/content-collections/administration/add-service-account-prisma-cloud.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/add-service-account-prisma-cloud.adoc @@ -10,7 +10,7 @@ Service Accounts can be created for automation use cases to enable a nonhuman en [.procedure] -. Navigate to menu:Settings[Access Control] and select menu:Add[Service Account]. +. Navigate to *Settings > Access Control* and select *Add > Service Account*. + You must have the System Administrator role on Prisma Cloud to add a service account; a maximum of 250 service accounts are supported. @@ -45,7 +45,7 @@ image::administration/access-key-results-1.png[] . View the service accounts. + -To verify that the service accounts is created successfully, select menu:Settings[Users], and enter the name of the service account in the search box. +To verify that the service accounts is created successfully, select *Settings > Users*, and enter the name of the service account in the search box. + image::administration/service-account-table-1.png[] + diff --git a/docs/en/enterprise-edition/content-collections/administration/collections.adoc b/docs/en/enterprise-edition/content-collections/administration/collections.adoc index 45cdd519ce..ef31cc1c2f 100644 --- a/docs/en/enterprise-edition/content-collections/administration/collections.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/collections.adoc @@ -2,7 +2,7 @@ [task] == Prisma Cloud Collections -Prisma Cloud Collections allow you to define logical groups of assets within Prisma Cloud, in a way that is meanigful to the stakeholders in your cloud environments. You can create Collections to represent applications and services, organize your cloud estate by business units, or maintain focused visibility on the security posture of the critical components of your cloud infrastructure. +Prisma Cloud Collections allow you to define logical groups of assets within Prisma Cloud, in a way that is meaningful to the stakeholders in your cloud environments. You can create Collections to represent applications and services, organize your cloud estate by business units, or maintain focused visibility on the security posture of the critical components of your cloud infrastructure. == Create a Collection diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/disable-pcds-and-offboard-aws-account.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/disable-pcds-and-offboard-aws-account.adoc index c74af0d004..fbaea65f5d 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/disable-pcds-and-offboard-aws-account.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/disable-pcds-and-offboard-aws-account.adoc @@ -3,11 +3,11 @@ * *Disable Prisma Cloud Data Security* + -** On menu:Settings[Cloud Accounts], select the AWS account for which you want to disable Data Security, click *Edit*, and deselect the *Data Security* option. Prisma Cloud stops ingestion of data stored in S3 buckets for the account. The Data Security information from earlier scans are not deleted on Prisma Cloud, and you have access to the alerts that were generated during the period when Data Security was enabled. +** On *Settings > Cloud Accounts*, select the AWS account for which you want to disable Data Security, click *Edit*, and deselect the *Data Security* option. Prisma Cloud stops ingestion of data stored in S3 buckets for the account. The Data Security information from earlier scans are not deleted on Prisma Cloud, and you have access to the alerts that were generated during the period when Data Security was enabled. + If you do not plan to re-enable Data Security for this AWS account, you can delete the SNS topic to avoid the additional cost of that SNS topic sending messages to Prisma Cloud. You can also stop sending S3 events to the CloudTrail bucket, if you had set it up only for Prisma Cloud. -** You can easily re-enable Data Security on menu:Settings[Cloud Accounts]. Select the AWS account for which you want to enable Data Security, click *Edit*, and select the *Data Security* option. Prisma Cloud starts ingesting data again and your usage charge will resume. All the data (before you disabled Data Security) and new data (after you re-enabled Data Security) will be available for you. +** You can easily re-enable Data Security on *Settings > Cloud Accounts*. Select the AWS account for which you want to enable Data Security, click *Edit*, and select the *Data Security* option. Prisma Cloud starts ingesting data again and your usage charge will resume. All the data (before you disabled Data Security) and new data (after you re-enabled Data Security) will be available for you. * *Offboard and onboard an AWS account within 24 hours* + diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-policies.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-policies.adoc index b0d3cabc32..a78a47137c 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-policies.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-policies.adoc @@ -16,7 +16,7 @@ Prisma Cloud includes default data policies to help you start scanning. These da A Data Profile is a collection of Data Patterns in Prisma Cloud that you can use to scan for sensitive data in your cloud resources. Prisma Cloud provides you the ability to use any of the predefined Data Profiles, or the option to create a custom Data Profile. With a custom data profile, you can combine predefined and custom Data Patterns to meet your content scanning use cases. [.procedure] -. Select menu:Settings[Data > Data Profile]. +. Select *Settings > Data > Data Profile*. . *+ Add New* and enter a *Data Profile Name* and an optional *Data Profile Description*. //+ @@ -58,7 +58,7 @@ Data profiles are *Enabled* by default and can be used in a data policy. To disa Data Patterns are the entities used to scan files or objects for any sensitive content. Prisma Cloud supports over 600 predefined Data Patterns such as API Credentials Client ID, Healthcare Provider, and Tax ID. A Data Pattern is used with a Data Profile to scan for risks and protect your data. You also have the ability to clone and edit custom patterns after you create them; predefined data patterns cannot be deleted or modified. [.procedure] -. Select menu:Settings[Data > Data Patterns]. +. Select *Settings > Data > Data Patterns*. . *+Add New* to create a new pattern. @@ -84,7 +84,7 @@ A regular expressions or regex is the match criteria for the data you want to fi You must first onboard an account and enable Data Security before you can create a custom data policy. [.procedure] -. Select menu:Policies[Add Policy > Data]. +. Select *Policies > Add Policy > Data*. + Enter a Policy Name, Description, Severity, and Labels for the new policy. diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-security-settings.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-security-settings.adoc index db6f805ecd..3f3369adea 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-security-settings.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-security-settings.adoc @@ -3,9 +3,9 @@ The scan settings for data security allows you to configure scans for additional resources (buckets), view the data profiles and the associated data patterns, and modify what you want to scan. -After you add the cloud accounts that you want to scan using Prisma Cloud, the data security configurations that define what profiles and patterns are used to scan your files stored in the storage bucket, how sensitive information is displayed when there is a pattern match, and any modifications to enable and disable scans for specific buckets are available on menu:Settings[Data]. +After you add the cloud accounts that you want to scan using Prisma Cloud, the data security configurations that define what profiles and patterns are used to scan your files stored in the storage bucket, how sensitive information is displayed when there is a pattern match, and any modifications to enable and disable scans for specific buckets are available on *Settings > Data*. -. Select menu:Settings[Data > Scan Settings]. +. Select *Settings > Data > Scan Settings*. + The table view displays a list of all storage resources across the cloud accounts that you have added to Prisma Cloud. Buckets that are deleted after onboarding are not removed from this page. + diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-aws-org.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-aws-org.adoc index 341ebecf35..acc7c67059 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-aws-org.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-aws-org.adoc @@ -8,7 +8,7 @@ After onboarding an AWS organization account, you can configure data security and start scanning your S3 buckets. Prisma Cloud creates two separate sets of AWS resources based on whether your onboarded account is an individual account or an organization account. You can onboard all the Organization Units (OUs) and Member Accounts under root or pick and choose the OUs and Member Accounts under root for selective onboarding. You must onboard the AWS organization first and you can then configure Prisma Cloud Data Security. [.procedure] -. After you successfully https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-your-aws-account/add-aws-organization-to-prisma-cloud.html#idafad1015-aa36-473e-8d6a-a526c16d2c4f[onboard] your AWS organization account, go to menu:Settings[Cloud Accounts > Account Overview] and select *Configure* to configure data security for your AWS organization account. +. After you successfully https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-your-aws-account/add-aws-organization-to-prisma-cloud.html#idafad1015-aa36-473e-8d6a-a526c16d2c4f[onboard] your AWS organization account, go to *Settings > Cloud Accounts > Account Overview* and select *Configure* to configure data security for your AWS organization account. + [NOTE] ==== @@ -50,7 +50,7 @@ image::administration/aws-org-pcds-2-3.png[] + Complete the onscreen instructions to create the StackSet. -.. StackSet deployment will deploy the stack to all member accounts associated with the master account. On the AWS management console, select menu:Services[CloudFormation > StackSets > Create StackSet] for the member account. +.. StackSet deployment will deploy the stack to all member accounts associated with the master account. On the AWS management console, select *Services > CloudFormation > StackSets > Create StackSet* for the member account. + image::administration/aws-org-4.png[] @@ -169,6 +169,6 @@ image::administration/aws-org-pcds-9.png[] + If the *Data Security unsuccessfully configured* error displays, see xref:../troubleshoot-data-security-errors.adoc#troubleshoot-data-security-errors[] to resolve the issues. -. You can verify the configuration on the menu:Settings[Data > Scan Settings] page. +. You can verify the configuration on the *Settings > Data > Scan Settings* page. + image::administration/aws-org-pcds-4-1.png[] diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-azure.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-azure.adoc index 95c3c557ae..7b378bd610 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-azure.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-azure.adoc @@ -56,7 +56,7 @@ Begin here if you want to add your Azure tenant on Prisma Cloud and start scanni . *Enable Data Security* to scan all your resources or custom resources in your Azure tenant. -.. Navigate to menu:Settings[Cloud Accounts > Azure]. +.. Navigate to *Settings > Cloud Accounts > Azure*. .. Click the *Eye* (View Cloud Account) icon next to the Azure tenant for which you want to enable Data Security. diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/edit-an-existing-aws-account.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/edit-an-existing-aws-account.adoc index e56026cd03..3959cc0349 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/edit-an-existing-aws-account.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/edit-an-existing-aws-account.adoc @@ -8,7 +8,7 @@ If you want to enable Data Security on an AWS account that you have previously o [.procedure] . Select the AWS Account and enable *Data Security*. -.. Select menu:Settings[Cloud Accounts]. +.. Select *Settings > Cloud Accounts*. .. Click the Eye (View Cloud Account) icon next to the AWS account for which you want to enable Data Security. @@ -22,7 +22,7 @@ If you want to enable Data Security on an AWS account that you have previously o + image::administration/aws-pcds-edit-ac-configure.png[] -.. Go to menu:AWS{sp}Management{sp}Console[Stacks]. +.. Go to *AWS Management Console > Stacks*. + * Select PrismaCloudApp Stack (if you have previously used the CFT to deploy PrismaCloudApp Stack) and *Update*. @@ -38,7 +38,7 @@ image::administration/image35.png[] + image::administration/image29.png[] -.. Copy the *Callback URL* from menu:Settings[Cloud Accounts > Configure Account] +.. Copy the *Callback URL* from *Settings > Cloud Accounts > Configure Account* .. In the Specify stack details page on the AWS Management Console, paste the *Callback URL* in the *SNSEndpoint* field. + @@ -54,13 +54,13 @@ image::administration/image2.png[] + image::administration/image59.png[] -.. On Prisma Cloud, paste Role ARN in the menu:Settings[Cloud Accounts > Configure Account], to replace the existing Role ARN. +.. On Prisma Cloud, paste Role ARN in the *Settings > Cloud Accounts > Configure Account*, to replace the existing Role ARN. .. Copy SNS ARN from the Outputs tab for the stack. + image::administration/image9.png[] -.. Paste the *SNS Topic: ARN* in the menu:Settings[Cloud Accounts > Configure Account] and click *Next* to continue. +.. Paste the *SNS Topic: ARN* in the *Settings > Cloud Accounts > Configure Account* and click *Next* to continue. //include::../../fragments/idee00fe2e-51d4-4d26-b010-69f3c261ad6f__id82a563a3-ea83-444d-a6ab-f1f8b5e116d8.adoc[] diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/subscribe-to-data-security.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/subscribe-to-data-security.adoc index ed8439d34b..6741e55582 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/subscribe-to-data-security.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/subscribe-to-data-security.adoc @@ -16,7 +16,7 @@ Subscribe to Prisma Cloud Data Security and configure it for your AWS and Azure . Select *Subscribe* to enable your Data Security subscription. //+ //image::administration/product-subscription.png[] -//* Or select menu:Dashboard[Data] or menu:Inventory[Data] +//* Or select *Dashboard > Data* or *Inventory > Data* //+ //image::administration/inventory-data.png[] . Start scanning data for an xref:data-security-for-azure.adoc[Azure Subscription or Tenant]. diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/what-is-included-with-prisma-cloud-data-security.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/what-is-included-with-prisma-cloud-data-security.adoc index 4c61b8ba60..d312b04c09 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-data-security/what-is-included-with-prisma-cloud-data-security.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-data-security/what-is-included-with-prisma-cloud-data-security.adoc @@ -1,6 +1,7 @@ [#features-at-a-glance] == What is Included with Prisma Cloud Data Security? -* Azure Blob Storage and AWS S3 support for Prisma Cloud tenants in the Canada, EMEA, Singapore, and USA regions. + +* Azure Blob Storage and AWS S3 support for Prisma Cloud tenants in the Canada, EMEA, and USA regions. + [NOTE] ==== diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/add-notification-template.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/add-notification-template.adoc index bab3a14610..2d91709a38 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/add-notification-template.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/add-notification-template.adoc @@ -60,7 +60,7 @@ image::administration/add-email-notification-template-1.png[] + image::administration/add-email-notification-template-2.png[] -. Select menu:Alerts[Alert Rules] and either create an Alert Rule for runtime checks or select an existing rule to edit. +. Select *Alerts > Alert Rules* and either create an Alert Rule for runtime checks or select an existing rule to edit. . Select *Configure Notifications > Email*. @@ -83,15 +83,15 @@ Including an attachment provides a way for you to include information on the ale + Each email can include up to 10 attachments. An attachment in the zip file format can have 60000 rows, while a CSV file can have 900 rows. If the number of alerts exceeds the maximum number of attachments, the alerts with the older timestamps are omitted. + -image::administration/alerts/alerts-alert-rules-set-alert-notification.png[] +image::administration/alerts-alert-rules-set-alert-notification.png[] . Review the *Summary* and *Save* the new alert rule or changes to an existing alert rule. . Verify the alert notification emails. + -The email alert notification specifies the alert rule, account name, cloud type, policies that were violated, the number of alerts each policy violated, and the affected resources. Click the ** of alerts to view the Prisma Cloud menu:Alerts[Overview] page. +The email alert notification specifies the alert rule, account name, cloud type, policies that were violated, the number of alerts each policy violated, and the affected resources. Click the ** of alerts to view the Prisma Cloud *Alerts > Overview* page. + -image::administration/alerts/alerts-email-notification.png[] +image::alerts/alerts-email-notification.png[] [.task] [#add-jira-notification-template] @@ -100,7 +100,7 @@ image::administration/alerts/alerts-email-notification.png[] You can configure alert notifications triggered by an alert rule to create Jira tickets. [.procedure] -. xref:configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc[Integrate Prisma Cloud with Jira]. +. xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc[Integrate Prisma Cloud with Jira]. . Select *Settings > Integrations & Notifications > Notification Templates*. @@ -114,15 +114,12 @@ The total length of the template name can be up to 99 characters and should not . Select your *Project*. + -[NOTE] -==== -* Select the project where you want to see the Prisma Cloud alerts. Because every alert converts to a Jira ticket, as a best practice, create and use a dedicated project for Prisma Cloud ticketing and issue management. +* (tt:[NOTE]) Select the project where you want to see the Prisma Cloud alerts. Because every alert converts to a Jira ticket, as a best practice, create and use a dedicated project for Prisma Cloud ticketing and issue management. * If you want to enable both *Open* and *Resolved* alert notification states on Prisma Cloud, make sure your Jira workflow for the configured project is set up to handle the transition of *Open > Resolved > Open* (re-open) states, or else the following error occurs: ---- Jira state transition is not possible for configured state ---- -==== . Select your *Issue Type*. @@ -134,10 +131,7 @@ image::administration/add-jira-notification-template-1.png[] .. Select the *Jira Fields* that you would like to populate. + -[NOTE] -==== -The Jira fields that are defined as mandatory in your project are already selected and included in the alert. -==== +(tt:[NOTE]) The Jira fields that are defined as mandatory in your project are already selected and included in the alert. + image::administration/add-jira-notification-template-2.png[] @@ -147,10 +141,7 @@ image::administration/add-jira-notification-template-2.png[] .. Select the *Reporter* for your alert from users listed in your Jira project. + -[NOTE] -==== -This option is available only if the administrator who set up this integration has the appropriate privileges to modify the reporter settings on Jira. -==== +(tt:[NOTE]) This option is available only if the administrator who set up this integration has the appropriate privileges to modify the reporter settings on Jira. . If you have *Enabled* the *Resolved* alert state, then repeat the above steps to *Configure Resolved State* for alerts in Jira. @@ -168,6 +159,7 @@ After you set up the integration successfully, you can use the Get Status link i + image::administration/get-status.png[] + //. xref:../manage-prisma-cloud-alerts/create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or modify an existing rule to send alerts to Jira. //. Select *Alerts > Alert Rules* and either xref:create-an-alert-rule.adoc#idd1af59f7-792f-42bf-9d63-12d29ca7a950[Create an Alert Rule for Run-Time Checks] or select an existing rule to edit. //. Navigate to *Configure Notifications > Jira*. @@ -180,12 +172,12 @@ image::administration/get-status.png[] [#add-servicenow-notification-template] === Send Alert Notifications to ServiceNow -You can send alert notifications to ServiceNow. +You can send alert notifications to ServiceNow. Notification templates allow you to map the Prisma Cloud alert payload to the incident fields (referred to as _ServiceNow fields_ on the Prisma Cloud interface in the screenshot) on your ServiceNow instance. Because the incident, security, and event tables are independent on ServiceNow, to view alerts in the corresponding table, you must set up the notification template for each service type — *Incidents*, *Events* or *Security Incidents* on Prisma Cloud. -[.procedure] -. xref:configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc[Integrate Prisma Cloud with ServiceNow]. +If you see errors, review how to xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc#iddd0aaa90-d099-4a99-a3ed-bde105354340[Interpret Error Messages]. -. Select menu:Alerts[Alert Rules] and either create an Alert Rule for runtime checks or select an existing rule to edit. +[.procedure] +. xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc[Integrate Prisma Cloud with ServiceNow]. . Select *Settings > Integrations & Notifications > Notification Templates*. @@ -193,4 +185,58 @@ You can send alert notifications to ServiceNow. + image::administration/add-servicenow-notification-template-1.png[] -//to add remaining steps and screenshots \ No newline at end of file +. Enter a *Template Name* and select your *Integration*. ++ +Use descriptive names to easily identify the notification templates. ++ +The total length of the template name can be up to 99 characters and should not include special ASCII characters: (‘<’, ‘>’, ‘!’, ‘=’, ‘\n’, ‘\r’). + +. Set the *Service Type* to *Incident*, *Security*, or *Event*. ++ +The options in this drop-down match what you selected when you enabled the ServiceNow integration on Prisma Cloud. + +. Select the alert status for which you want to set up the ServiceNow fields. ++ +You can choose different fields for the Open, Dismissed, or Resolved states. The fields for the Snoozed state are the same as that for the Dismissed state. + +. Enable the checkbox if you want to create a new ServiceNow incident when the alert state changes from *Resolved > Open* (re-open) states. ++ +image::administration/servicenow-notification-template.png[] + +. Click *Next*. + + +. Select the *ServiceNow Fields* that you want to include in the alert. ++ +Prisma Cloud retrieves the list of fields from your ServiceNow instance dynamically, and it does not store any data. Depending on how your IT administrator has set up your ServiceNow instance, the configurable fields may support a drop-down list, long-text field, or type-ahead. For a type-ahead field, you must enter a minimum of three characters to view a list of available options. When selecting the configurable fields in the notification template, at a minimum, you must include the fields that are defined as mandatory in your ServiceNow implementation. ++ +In this example, *Description* is a long-text field, hence you can select and include the Prisma Cloud Alert Payload fields that you want in your ServiceNow Alerts. You must include a value for each field you select to make sure that it is included in the alert notification. See xref:../../alerts/alert-payload.adoc[Alert Payload] for details on the context you can include in alerts. ++ +If the text in this field exceeds a certain number of characters (limit may differ based on ServiceNow default field size), you must adjust the maximum length for the fields on your ServiceNow implementation to ensure that the details are not truncated when it’s sent from Prisma Cloud. ++ +(tt:[Optional]) To generate a ServiceNow Event, Message Key and Severity are required. The Message key determines whether to create a new alert or update an existing one, and you can map the Message Key to Account Name or to Alert ID based on your preference for logging Prisma Cloud alerts as a single alert or multiple alerts on ServiceNow. Severity is required to ensure that the event is created on ServiceNow and can be processed without error; without severity, the event is in an Error state on ServiceNow. ++ +For *Number*, use AlertID from the Prisma Cloud alert payload for ease of scanning and readability of incidents on ServiceNow. ++ +image::administration/servicenow-notification-template-alert-id.png[] ++ +image::administration/servicenow-notification-template-fields.png[] + +. Review the *Summary* status, *Test Template*, and *Save Template*. ++ +image::administration/snow-notification-review-status.png[] ++ +You can clone, edit, or delete the notification from *Actions*. ++ +After you set up the integration and configure the notification template, Prisma Cloud uses this template to send a test alert to your ServiceNow instance. The test workflow creates a ticket that transitions through the different alert states that you have configured in the template. When the communication is successful, a success message displays. ++ +For an on-demand status check, use the *Get Status* icon on *Settings > Integrations*. These checks help you validate that the ServiceNow instance URL is reachable and that your credentials are valid. ++ +image::administration/get-status.png[] + +. *Next Steps* ++ +Verify that the integration is working as expected and xref:../configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc#id46a9b2b8-8b2a-4b68-b65e-d8c15dd574d2[view alerts]. + + + diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc index 158bae221b..e574240a74 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc @@ -71,20 +71,15 @@ Prisma Cloud is listed in your Jira account after successful creation. [.procedure] . Login to Prisma Cloud. -. Select *Settings > Integrations*. +. Select *Settings > Integrations & Notifications > Integrations*. -. Click *Add Integration*. - -. Set *Integration* to *JIRA*. +. Select *Add Integration > Jira* from the list. . Specify a meaningful *Integration Name* and, optionally, add a *Description*. . Enter the *JIRA Login URL*. + -[NOTE] -==== -Make sure the URL starts with https and does not have a trailing slash (‘/’) at the end. -==== +(tt:[NOTE]) Make sure the URL starts with https and does not have a trailing slash (‘/’) at the end. . Enter the Consumer Key that you created when you created the Prisma Cloud application in Jira and click *Next*. + @@ -112,4 +107,10 @@ image::administration/Step-2-11.png[] + image::administration/jira-integration-step-2-13.png[] + -The integration will be listed on the Integrations page. \ No newline at end of file +The integration will be listed on the Integrations page. + +. *Next Step* ++ +xref:../configure-external-integrations-on-prisma-cloud/add-notification-template.adoc[Add a Jira Notification Template] to configure alert notifications triggered by an alert rule to create Jira tickets. + +NOTE: If the user who set up your Jira integration is no longer with your organization, you have to follow the steps in the above two sections to create a new Jira integration. diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc index 777fbc2301..a6fe20ca5c 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc @@ -14,7 +14,7 @@ If you are using a ServiceNow developer instance, make sure that it is not hiber . xref:integrate-prisma-cloud-with-servicenow.adoc#idce37e68b-d094-4b6b-a5d4-ab21d092fd36[Set Up Permissions on ServiceNow] . xref:integrate-prisma-cloud-with-servicenow.adoc#idc4548ecb-5da3-4de2-8072-7f0c3df02de3[Enable the ServiceNow Integration on Prisma Cloud] -. xref:integrate-prisma-cloud-with-servicenow.adoc#id9e2276cf-c56c-4ea1-a70b-059707fe64b5[Set up Notification Templates] +//. xref:integrate-prisma-cloud-with-servicenow.adoc#id9e2276cf-c56c-4ea1-a70b-059707fe64b5[Set up Notification Templates] . xref:integrate-prisma-cloud-with-servicenow.adoc#id46a9b2b8-8b2a-4b68-b65e-d8c15dd574d2[View Alerts] If you see errors, review how to xref:#iddd0aaa90-d099-4a99-a3ed-bde105354340[Interpret Error Messages]. @@ -32,7 +32,7 @@ If you do not have the privileges required listed below, you must work with your .. You must have permissions to create a local user account on ServiceNow. + -Create a userinput:[Username] and userinput:[password] that are local on the instance itself. A local user account is a requirement because the ServiceNow web services cannot authenticate against an LDAP or SSO Identity provider and it is unlike the authentication flow that ServiceNow supports for typical administrative users who access the service using a web browser.Refer to the https://docs.servicenow.com/bundle/london-platform-administration/page/administer/roles/reference/r_BaseSystemRoles.html[ServiceNow documentation] for more information. +Create a `Username` and `password` that are local on the instance itself. A local user account is a requirement because the ServiceNow web services cannot authenticate against an LDAP or SSO Identity provider and it is unlike the authentication flow that ServiceNow supports for typical administrative users who access the service using a web browser.Refer to the https://docs.servicenow.com/bundle/london-platform-administration/page/administer/roles/reference/r_BaseSystemRoles.html[ServiceNow documentation] for more information. + image::administration/servicenow-dev-instance.png[] @@ -42,15 +42,15 @@ Prisma Cloud has verified that the following roles provide the required permissi + *New York, Orlando, and Paris* + -*** tt:[(Optional)] userinput:[personalize] for accessing tables. +*** tt:[(Optional)] `personalize` for accessing tables. + Personalize role is recommended to support type-ahead fields in notification templates for ServiceNow on Prisma Cloud. With this permission, when you enter a minimum of three characters in a type-ahead field, this role enables you to view the list of available options. If you do not enable personalize permissions, you must give table specific read-access permissions for type-ahead inputs. -*** userinput:[evt_mgmt_integration] basic role has create access to the Event [em_event] and Registered Nodes [em_registered_nodes] tables to integrate with external event sources. +*** `evt_mgmt_integration` basic role has create access to the Event [em_event] and Registered Nodes [em_registered_nodes] tables to integrate with external event sources. -*** userinput:[itil] role is required for the incident table actions. +*** `itil` role is required for the incident table actions. -*** userinput:[sn_si.basic] role is required for the sn_si.incident security incident table actions. +*** `sn_si.basic` role is required for the sn_si.incident security incident table actions. .. For the user you added earlier, create a custom role with the permissions listed above. + @@ -82,7 +82,9 @@ Verify that all three tables—Plugins (*V_plugin*), Dictionary (*sys_dictionary + The Security Incident Response plugin is optional but is required if you want to generate Security Incident tickets. To create Security Incident tickets, you must also have the Security Incident Response plugin installed on your ServiceNow instance. + -Verify that the Security Incident Response plugin is https://docs.servicenow.com/bundle/geneva-security-management/page/product/planning_and_policy/task/t_ActivateSecurityIncidentResponse.html[activated]. To activate a plugin you must be ServiceNow administrator; if you do not see the plugin in the list, verify that you have purchased the subscription. +Verify that the Security Incident Response plugin is activated. To activate a plugin you must be ServiceNow administrator; if you do not see the plugin in the list, verify that you have purchased the subscription. ++ +//Removing the following url since it has been moved from SNow docs. RLP-123152. https://docs.servicenow.com/bundle/geneva-security-management/page/product/planning_and_policy/task/t_ActivateSecurityIncidentResponse.html[activated] . *Prerequisites for the Event Management Module* + @@ -98,15 +100,17 @@ Verify that the Event Management plugin is https://docs.servicenow.com/bundle/ne Set up ServiceNow as an external integration on Prisma Cloud. [.procedure] -. Log in to Prisma Cloud and select *Settings > Integrations > +Add New*. +. Login to Prisma Cloud. + +. Select *Settings > Integrations & Notifications > Integrations*. -. Set the *Integration Type* to *ServiceNow*. +. Select *Add Integration > ServiceNow* from the list. . Enter a meaningful *Integration Name* and a *Description*. . Enter your *FQDN* for accessing ServiceNow. + -Make sure to provide the FQDN for ServiceNow—not the SSO redirect URL or a URL that enables you to bypass the SSO provider (such as sidedoor or login.do) for local authentication on ServiceNow. For example, enter userinput:[.com] and not any of the following: +Make sure to provide the FQDN for ServiceNow—not the SSO redirect URL or a URL that enables you to bypass the SSO provider (such as sidedoor or login.do) for local authentication on ServiceNow. For example, enter `.com` and not any of the following: + ---- https://www..com @@ -124,10 +128,7 @@ https://www..com .com/login.do ---- + -[NOTE] -==== -You cannot modify the FQDN after you save the integration. If you want to change the FQDN for your ServiceNow instance, add a new integration. -==== +(tt:[NOTE]) You cannot modify the FQDN after you save the integration. If you want to change the FQDN for your ServiceNow instance, add a new integration. . Enter the *Username* and *Password* for the ServiceNow administrative user account. + @@ -145,69 +146,11 @@ image::administration/servicenow-integration-in-prisma-cloud.png[] . *Test* and *Save* the integration. + -Continue with setting up the notification template, and then verify the status of the integration on *Settings > Integrations*. +The integration will be listed on the Integrations page. - -[.task] -[#id9e2276cf-c56c-4ea1-a70b-059707fe64b5] -=== Set up Notification Templates - -Notification templates allow you to map the Prisma Cloud alert payload to the incident fields (referred to as _ServiceNow fields_ on the Prisma Cloud interface in the screenshot) on your ServiceNow instance. Because the incident, security, and event tables are independent on ServiceNow, to view alerts in the corresponding table, you must set up the notification template for each service type — *Incidents*, *Events* or *Security Incidents* on Prisma Cloud. - -[.procedure] -. Log in to Prisma Cloud - -. Select *Alerts > Notification Templates* and *Add Notification Template*. - -. Select the ServiceNow Notification template from the list. - -. Enter a *Template Name* and select your *Integration*. -+ -Use descriptive names to easily identify the notification templates. -+ -The total length of the template name can be up to 99 characters and should not include special ASCII characters: (‘<’, ‘>’, ‘!’, ‘=’, ‘\n’, ‘\r’). - -. Set the *Service Type* to *Incident*, *Security*, or *Event*. -+ -The options in this drop-down match what you selected when you enabled the ServiceNow integration on Prisma Cloud. - -. Select the alert status for which you want to set up the ServiceNow fields. -+ -You can choose different fields for the Open, Dismissed, or Resolved states. The fields for the Snoozed state are the same as that for the Dismissed state. - -. Enable the checkbox if you want to create a new ServiceNow incident when the alert state changes from *Resolved > Open* (re-open) states. -+ -image::administration/servicenow-notification-template.png[] - -. Click *Next*. - - -. Select the *ServiceNow Fields* that you want to include in the alert. -+ -Prisma Cloud retrieves the list of fields from your ServiceNow instance dynamically, and it does not store any data. Depending on how your IT administrator has set up your ServiceNow instance, the configurable fields may support a drop-down list, long-text field, or type-ahead. For a type-ahead field, you must enter a minimum of three characters to view a list of available options. When selecting the configurable fields in the notification template, at a minimum, you must include the fields that are defined as mandatory in your ServiceNow implementation. -+ -In this example, *Description* is a long-text field, hence you can select and include the Prisma Cloud Alert Payload fields that you want in your ServiceNow Alerts. You must include a value for each field you select to make sure that it is included in the alert notification. See xref:../../alerts/alert-payload.adoc[Alert Payload] for details on the context you can include in alerts. -+ -If the text in this field exceeds a certain number of characters (limit may differ based on ServiceNow default field size), you must adjust the maximum length for the fields on your ServiceNow implementation to ensure that the details are not truncated when it’s sent from Prisma Cloud. -+ -[NOTE] -==== -To generate a ServiceNow Event, Message Key and Severity are required. The Message key determines whether to create a new alert or update an existing one, and you can map the Message Key to Account Name or to Alert ID based on your preference for logging Prisma Cloud alerts as a single alert or multiple alerts on ServiceNow. Severity is required to ensure that the event is created on ServiceNow and can be processed without error; without severity, the event is in an Error state on ServiceNow. -==== -+ -For *Number*, use AlertID from the Prisma Cloud alert payload for ease of scanning and readability of incidents on ServiceNow. -+ -image::administration/servicenow-notification-template-alert-id.png[] -+ -image::administration/servicenow-notification-template-fields.png[] - -. Review the *Summary* status, *Test Template*, and *Save Template*. -+ -image::administration/snow-notification-review-status.png[] -+ -After you set up the integration and configure the notification template, Prisma Cloud uses this template to send a test alert to your ServiceNow instance. The test workflow creates a ticket that transitions through the different alert states that you have configured in the template. When the communication is successful, a success message displays. +. *Next Steps* + -For an on-demand status check, use the *Get Status* icon on *Settings > Integrations*. These checks help you validate that the ServiceNow instance URL is reachable and that your credentials are valid. +Continue with setting up the xref:../configure-external-integrations-on-prisma-cloud/add-notification-template.adoc[notification template], and then verify the status of the integration on *Settings > Integrations*. [#iddd0aaa90-d099-4a99-a3ed-bde105354340] diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-idp-services.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-idp-services.adoc index f5df569b61..afea713773 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-idp-services.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-idp-services.adoc @@ -5,10 +5,12 @@ Prisma Cloud integrates with the identity providers (IdP) *Okta* and *Azure Acti * xref:integrate-prisma-cloud-with-okta.adoc[Integrate Prisma Cloud with Okta] -* xref:../connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-active-directory.adoc[Integrate Prisma Cloud with Azure Active Directory] +* xref:../../connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-active-directory.adoc[Integrate Prisma Cloud with Azure Active Directory] * xref:integrate-prisma-cloud-with-aws-id-center.adoc[Integrate Prisma Cloud with AWS IAM Identity Center] + + diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta.adoc index f10e7f458c..96dfdc58f8 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta.adoc @@ -29,7 +29,7 @@ image::administration/okta-admin-panel.png[] . Add an administrator role. -.. From the top menu navigate to menu:Security[Administrators]. +.. From the top menu navigate to *Security > Administrators*. .. Click *Add Administrator*. + @@ -47,7 +47,7 @@ image::administration/read-only-admin.png[] + API tokens are unique identifiers that are used to authenticate requests to the Okta API—they’re needed to connect your Prisma Cloud account to Okta so that Prisma Cloud can ingest the SSO data. -.. From the top menu navigate to menu:Security[API]. +.. From the top menu navigate to *Security > API*. .. Select *Tokens.* @@ -63,7 +63,7 @@ image::administration/create-token-sucessfully.png[] + After you generate the API token, you can use it to connect your Prisma Cloud account to Okta. -.. In Prisma Cloud navigate to menu:Settings[Integrations]. +.. In Prisma Cloud navigate to *Settings > Integrations*. .. Click *+Add New*. diff --git a/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/remediate-alerts-for-iam-security.adoc b/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/remediate-alerts-for-iam-security.adoc index 64c312ca8c..eb567f66f2 100644 --- a/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/remediate-alerts-for-iam-security.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/configure-iam-security/remediate-alerts-for-iam-security.adoc @@ -9,7 +9,6 @@ The IAM security module provides two options for remediating alerts so that you ==== IAM automatic remediation is different from Prisma Cloud automatic remediation. The IAM module does not support the option to enable automatic remediation. Instead, xref:../../alerts/create-an-alert-rule-cloud-infrastructure.adoc[Create an Alert Rule for Run-Time Checks], follow the instructions for configuring a custom python script or configure and run Azure IAM remediation script to manage automatic remediation for IAM alert rules using the messaging queuing service on the respective CSP. ==== -//xref:#id6591319e-c53c-4df5-826f-7fc1b09f0464[Configure and Run AWS IAM Remediation Script] xref:#idb32d1fc5-f705-438f-a798-e9d1a791d96e[Configure and Run Azure IAM Remediation Script] xref:#idddd91dfc-b4d5-43fe-96cf-4b3cc447451d xref:#id2cbf5c9b-62aa-4a95-9340-eeaaf6f07bc4, xref:#ide69e3eac-d058-4804-8d58-8e648893a030, xref:#id54a76b5a-cc02-4394-b2d8-c0a64b17bc3e * Manually Remediate IAM Security Alerts—Copy and paste the CLI commands for your AWS, Azure, or GCP environments and then execute them to manually remove excess permissions. @@ -31,67 +30,37 @@ Automatic remediation for GCP IAM alerts is not supported. [#idddd91dfc-b4d5-43fe-96cf-4b3cc447451d] === Manually Remediate IAM Security Alerts -The following steps shows how you can manually remediate alerts in AWS. You can follow similar steps in Azure and GCP. +Follow the steps below to manually remediate alerts in AWS. You can follow similar steps in Azure and GCP. [.procedure] . View the existing alerts. + -To view all of the policies that triggered an alert select menu:Alerts[Overview.] +To view all of the policies that triggered an alert select *Alerts > Overview*. -. Click *Add Filter* and select menu:Policy{sp}Type[IAM]. +. Click *Add Filter* and select *Policy Type > IAM*. Filter the alerts to show only *Alert State-Open* alerts that are *Remediable-Yes*. + image::administration/iam-security-policy-type.png[] -. Select the violating policy that you want to remediate. -+ -On Prisma Cloud, policies that you can remediate are indicated by the image:remediable-icon.png[] icon. -+ -image::administration/iam-security-policy-alert.png[] +. Select the violating policy that you want to remediate. -. Investigate the policy violations. -+ -In this example we see all the violating resources for this Okta user. Prisma Cloud provides us hints on why the alert was generated, which in this case was a result of an Okta user being able to create another IAM user—this could lead to a potential back door because even if the original Okta user is deleted, they can still log in through the second user. Prisma Cloud also provides recommended steps on how to resolve the policy violation. +. Investigate the policy violations. + -image::administration/iam-security-alert-violating-policy.png[] +Select the alert and click *Investigate* from the Actions menu. Here you can take a closer look at the asset that trigerred the policy violation. After a policy violation is triggered, it is sent to the SQS queue. In the following example, the AWS SQS queue indicates that the alert that was triggered. + -After a policy violation is triggered, it is sent to the SQS queue. -+ -image::administration/send-and-receive-messages-1-alert.png[] -+ -In this example the SQS queue shows 1 message which is the alert that was triggered. +image::administration/send-and-receive-messages-1-alert.png[50%] -. Get the remediation steps. -+ -Under the *OPTIONS* column, click *Remediate*. -+ -image::administration/iam-security-remediate-button.png[] +. Manually remediate the alert. -.. Copy the CLI commands. -+ -After you click *Remediate* the CLI commands appears in a popup window. -+ -image::administration/iam-security-cli-commands.png[] +.. After you select the alert and click *Remediate* the CLI commands appears in a popup window. -.. Run the CLI commands on your AWS account. In case of your GCP account, before you run the CLI command, set up remediation for GCP IAM alerts. -+ -After you executed the CLI commands you will have completed the remediation process and the excess privileges will be revoked. The SQS queue will now show 0 messages. -+ -image::administration/send-and-receive-messages-2-remediation.png[] +.. Run the CLI commands on your AWS account. For GCP accounts, before you run the CLI command, set up remediation for GCP IAM alerts. - -[#id2cbf5c9b-62aa-4a95-9340-eeaaf6f07bc4] -=== Set up Automatic Remediation for AWS IAM Alerts - -Automate the remediation steps for your AWS IAM alerts with the help of a custom python script which receives an alert via the AWS SQS queue, extracts the alert ID and uses it to call the IAM remediation API, and runs the commands which are provided by the API response. - -* xref:#id2cecf98a-db8f-4a61-9eaf-12171397bd4f[Review Prerequisites for AWS Remediation Script] -* xref:#id6591319e-c53c-4df5-826f-7fc1b09f0464[Configure and Run AWS IAM Remediation Script] +Once you execute the CLI commands the remediation process is complete. The SQS queue will now show 0 messages. -[#id2cecf98a-db8f-4a61-9eaf-12171397bd4f] -==== Review Prerequisites for AWS Remediation Script +=== Set up Automatic Remediation for AWS IAM Alerts -Complete the following prerequisites so that you can set up everything you need to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. +Automate the remediation steps for your AWS IAM alerts with the help of a custom python script which receives an alert via the AWS SQS queue, extracts the alert ID and uses it to call the IAM remediation API, and runs the commands which are provided by the API response. Complete the following prerequisites to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. * xref:../../administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs.adoc[Integrate Prisma Cloud with Amazon SQS]—This is an AWS service that allows you to send, store, and receive messages between AWS and Prisma Cloud. @@ -184,58 +153,58 @@ for message in all_messages: . Install the third party libraries. + -This script uses a total of five python libraries. Three of the libraries: varname:[json], varname:[os], and varname:[subprocess] are part of the python core which allows you to import them into your programs after you install python. The other two libraries are varname:[boto3] and varname:[requests] which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called varname:[pip], which can install 3rd party libraries and frameworks via the command line. +This script uses a total of five python libraries. Three of the libraries: `subprocess`, `logging`, and `json` are part of the python core which allows you to import them into your programs after you install python. The other two libraries are `requests` and `azure.servicebus` which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called `pip`, which can install third party libraries and frameworks through the command line. -.. Install varname:[boto3]. +.. Install requests. + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + -pip install boto3 +`pip install requests` + [NOTE] ==== -This is the AWS SDK for python that allows you to create, configure, and manage AWS services such as SQS. +Requests is a third party library for making simple HTTP requests ==== -.. Install varname:[requests]. +.. Install azure.servicebus. + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + -pip install requests +`pip install azure.servicebus` + [NOTE] ==== -Requests is a third party library for making simple HTTP requests. +`azure.servicebus` is a client library for python to communicate between applications and services and implement asynchronous messaging patterns. ==== . Edit the environment variables. + You will need to specify these variables in the python script to customize settings and run the commands provided by the API response. Review the environment variables and their values below: + -* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, varname:[Queue2_Policy_UUID]. -* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the varname:[API_ENDPOINT] will be varname:[api]. -* tt:[varname:[DEBUG\]] - Displays the debug logs for your script which is enabled by default. -* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as varname:[123456789012], that uniquely identifies an AWS account. A user could have multiple account numbers. +* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, `Queue2_Policy_UUID`. +* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the `API_ENDPOINT` will be `api`. +* `DEBUG\`- Displays the debug logs for your script which is enabled by default. +* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as `123456789012`, that uniquely identifies an AWS account. A user could have multiple account numbers. * AUTH_KEY - Your JWT authentication token string (x-redlock-auth). See the https://pan.dev/prisma-cloud/api/cspm/[API reference] for more details. + These are mandatory variables to specify in the python script to run the commands provided by the API response and to customize the settings. + tt:[Optional (mac/linux only)]—Use the export command to set your environment variables. + -If you’re not familiar with python and don’t want to edit the script then you can use the varname:[export] command to set the environment variables. Here’s the syntax for doing so: +If you’re not familiar with python and don’t want to edit the script then you can use the `export` command to set the environment variables. Here’s the syntax for doing so: + -* screen:[% export API_ENDPOINT=api_tenant] -* screen:[% export YOUR_ACCOUNT_NUMBER=123456789] -* screen:[% export SQS_QUEUE_NAME=your_sqs_queue_name ] -* screen:[% export YOUR_ACCOUNT_NUMBER=123456789] -* screen:[% export AUTH_KEY=your_jwt_token] -* screen:[% python script.py] +* % export API_ENDPOINT=api_tenant +* % export YOUR_ACCOUNT_NUMBER=123456789 +* % export SQS_QUEUE_NAME=your_sqs_queue_name +* % export YOUR_ACCOUNT_NUMBER=123456789 +* % export AUTH_KEY=your_jwt_token +* % python script.py + The following instructions can be executed on any operating system that has python installed. For example, Windows, macOS, and Linux. + -.. tt:[Edit varname:[DEBUG\]]. +.. `[DEBUG\]`. + -varname:[DEBUG] is enabled or set to varname:[True] by default. To disable logs, update the code snippet as follow: +`DEBUG` is enabled or set to `True` by default. To disable logs, update the code snippet as follow: + ---- if os.environ['DEBUG'] = False: @@ -243,7 +212,7 @@ if os.environ['DEBUG'] = False: .. Edit YOUR_ACCOUNT_NUMBER. + -Replace varname:[YOUR_ACCOUNT_NUMBER] with the 12-digit account ID. The portion of the script to modify is: +Replace `YOUR_ACCOUNT_NUMBER` with the 12-digit account ID. The portion of the script to modify is: + ---- account_number_to_profile = { 'YOUR_ACCOUNT_NUMBER_1': 'YOUR_ACCOUNT_NAME_1', 'YOUR_ACCOUNT_NUMBER_2': 'YOUR_ACCOUNT_NAME_2'} @@ -257,15 +226,15 @@ account_number_to_profile = {'123456789123': 'default','512478725627': 'user1'} .. Edit API_ENDPOINT. + -Replace varname:[API_ENDPOINT] with the Prisma Cloud tenant sub domain that you’re using. The portion of the script to modify is: +Replace `API_ENDPOINT` with the Prisma Cloud tenant sub domain that you’re using. The portion of the script to modify is: + ---- url=f'{os.environ["API_ENDPOINT"]}/api/v1/permission/alert/remediation' ---- + -For example, replace varname:[API_ENDPOINT] with varname:[app,] varname:[app2], varname:[app3], or varname:[app.gov]. +For example, replace `API_ENDPOINT` with `app`, `app2`, `app3`, or `app.gov`. -.. Edit the varname:[SQS_QUEUE_NAME]. +.. Edit the `SQS_QUEUE_NAME`. + This stores the value of your queue name. The portion of the script to modify is: + @@ -273,7 +242,7 @@ This stores the value of your queue name. The portion of the script to modify is queue = sqs.get_queue_by_name(QueueName=os.environ['SQS_QUEUE_NAME']) ---- + -Replace varname:[SQS_QUEUE_NAME] with the name of your actual queue—for example, if varname:[Queue2_Policy_UUID] is the name of your queue, then the code snippet will be updated as follow: +Replace `SQS_QUEUE_NAME` with the name of your actual queue—for example, if `Queue2_Policy_UUID` is the name of your queue, then the code snippet will be updated as follow: + ---- queue = sqs.get_queue_by_name(QueueName=os.environ['Queue2_Policy_UUID']) @@ -281,13 +250,13 @@ queue = sqs.get_queue_by_name(QueueName=os.environ['Queue2_Policy_UUID']) .. Edit the AUTH_KEY. + -Generate a JWT token and replace the value in varname:[AUTH_KEY] of the python script. The portion of the script to modify is as follows: +Generate a JWT token and replace the value in `AUTH_KEY` of the python script. The portion of the script to modify is as follows: + ---- 'x-redlock-auth': os.environ['AUTH_KEY'] ---- + -Replace varname:[AUTH_KEY] with the JWT token that you generated. +Replace `AUTH_KEY` with the JWT token that you generated. . View the remediation results. + @@ -364,24 +333,13 @@ Deleting message The output shows that we’re processing an alert for a resource named varname:[test-resource] which should now be gone when we view *Alerts*. The CLI commands for executing the remediation steps are shown in the output; these commands are automatically executed on your behalf by the python script. A new policy will be created in AWS that removes the excess permissions of the user. -[#ide69e3eac-d058-4804-8d58-8e648893a030] === Set up Automatic Remediation for Azure IAM Alerts -Automate the remediation steps for your IAM Azure alerts with the help of a custom python script—the script reads in the Azure Bus queue, collects alerts, and then goes into Azure and executes the CLI remediation steps. - -* xref:#id9d092285-2b15-4fb4-acba-0f6e3defdeb8[Review Prerequisites for Azure Remediation Script] -* xref:#idb32d1fc5-f705-438f-a798-e9d1a791d96e[Configure and Run Azure IAM Remediation Script] - - -[#id9d092285-2b15-4fb4-acba-0f6e3defdeb8] -==== Review Prerequisites for Azure Remediation Script - -Complete the following prerequisites so that you can set up everything you need to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. +Automate the remediation steps for your IAM Azure alerts with the help of a custom python script—the script reads in the Azure Bus queue, collects alerts, and then goes into Azure and executes the CLI remediation steps. Complete the following prerequisites to successfully run the python script. This includes the Prisma Cloud integrations, APIs, and python libraries. * Integrate Prisma Cloud with Azure Serve Bus—This is an Azure service that allows you to send, store, and receive messages between Azure and Prisma Cloud. Follow the steps to https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue[Integrate Prisma Cloud with Azure Service Bus]. -* Create https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/create-an-alert-rule[alert rules] and set up https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.html[alert notifications] to Azure Service Bus. All alerts triggered for the IAM policy you selected will be sent to the Service Bus queue. - +* Create xref:../..alerts/create-an-alert-rule-cloud-infrastructure.adoc[alert rules] and set up xref:../..alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc[alert notifications] to Azure Service Bus. All alerts triggered for the IAM policy you selected will be sent to the SQS queue. [.task] [#idb32d1fc5-f705-438f-a798-e9d1a791d96e] @@ -475,13 +433,13 @@ def get_messages_from_queue(): . Install the third party libraries. + -This script uses a total of five python libraries. Three of the libraries: varname:[subprocess], varname:[logging], and varname:[json] are part of the python core which allows you to import them into your programs after you install python. The other two libraries are varname:[requests] and varname:[azure.servicebus] which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called varname:[pip], which can install third party libraries and frameworks through the command line. +This script uses a total of five python libraries. Three of the libraries: `subprocess`, `logging`, and `json` are part of the python core which allows you to import them into your programs after you install python. The other two libraries are `requests` and `azure.servicebus` which are third party libraries—or—libraries that you have to install before running the script. Python has a default package downloader called `pip`, which can install third party libraries and frameworks through the command line. .. Install requests. + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + -userinput:[pip install requests] +`pip install requests` + [NOTE] ==== @@ -492,21 +450,21 @@ Requests is a third party library for making simple HTTP requests + From the command line (Windows) or terminal (Linux/MacOS) type the following command: + -userinput:[pip install azure.servicebus] +`pip install azure.servicebus` + [NOTE] ==== -varname:[azure.servicebus] is a client library for python to communicate between applications and services and implement asynchronous messaging patterns. +`azure.servicebus` is a client library for python to communicate between applications and services and implement asynchronous messaging patterns. ==== . Edit the environment variables. + You will need to specify these variables in the python script to customize settings and run the commands provided by the API response. Review the environment variables and their values below: + -* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, varname:[Queue2_Policy_UUID]. -* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the varname:[API_ENDPOINT] will be varname:[api]. -* tt:[varname:[DEBUG\]] - Displays the debug logs for your script which is enabled by default. -* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as varname:[123456789012], that uniquely identifies an AWS account. A user could have multiple account numbers. +* SQS_QUEUE_NAME - A string that represents the name of the SQS queue that you created in step 1. For example, `Queue2_Policy_UUID`. +* API_ENDPOINT - Your Prisma Cloud API subdomain. For example, if your tenant is `\https://api.prismacloud.io` , then the API_ENDPOINT will be `api`. +* DEBUG\ - Displays the debug logs for your script which is enabled by default. +* YOUR_ACCOUNT_NUMBER - The 12-digit number, such as `123456789012`, that uniquely identifies an AWS account. A user could have multiple account numbers. * AUTH_KEY - Your JWT authentication token string (x-redlock-auth). See the https://pan.dev/prisma-cloud/api/cspm/[API reference] for more details. + These are mandatory variables to specify in the python script to run the commands provided by the API response and to customize the settings. @@ -515,11 +473,11 @@ tt:[Optional (mac/linux only)]—Use the export command to set your environment + If you’re not familiar with python and don’t want to edit the script then you can use the varname:[export] command to set the environment variables. Here’s the syntax for doing so: + -* screen:[% export SB_QUEUE_KEY=your_sb_queue_key] -* screen:[% export SB_QUEUE_KEY_NAME=your_sb_queue_key_name] -* screen:[% export SB_QUEUE_NAME_SPACE=your_sb_queue_name_space] -* screen:[% export API_ENDPOINT=api_tenant] -* screen:[% export AUTH_KEY=your_jwt_token] +* % export SB_QUEUE_KEY=your_sb_queue_key +* % export SB_QUEUE_KEY_NAME=your_sb_queue_key_name +* % export SB_QUEUE_NAME_SPACE=your_sb_queue_name_space +* % export API_ENDPOINT=api_tenant +* % export AUTH_KEY=your_jwt_token + The following instructions can be executed on any operating system that has python installed. For example, Windows, macOS, and Linux. + @@ -544,7 +502,6 @@ After executing the python script, details related to the remediation will displ [.task] -[#id54a76b5a-cc02-4394-b2d8-c0a64b17bc3e] === Set up Remediation for GCP IAM Alerts Prisma Cloud leverages the https://cloud.google.com/iam/docs/deny-overview[Deny Policies] feature on GCP to remediate risky permissions to ensure a safe rollout in case you decide to revert the remediated risky permissions. Make sure you have done all the necessary https://cloud.google.com/iam/docs/deny-access#before-you-begin[configurations] in your GCP environment to use *Deny Policies*. @@ -557,7 +514,7 @@ Prisma Cloud leverages the https://cloud.google.com/iam/docs/deny-overview[Deny ==== [.procedure] -. *Add Filter* and select menu:Policy{sp}Type[IAM] and menu:Cloud{sp}Type[GCP]. +. *Add Filter* and select *Policy Type > IAM* and *Cloud Type > GCP*. . Select the violating policy that you want to remediate. diff --git a/docs/en/enterprise-edition/content-collections/administration/create-access-keys.adoc b/docs/en/enterprise-edition/content-collections/administration/create-access-keys.adoc index 49eebb4e29..200bf0124e 100644 --- a/docs/en/enterprise-edition/content-collections/administration/create-access-keys.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/create-access-keys.adoc @@ -9,10 +9,10 @@ Access Keys are a secure way to enable programmatic access to the Prisma Cloud A You can enable API access either when you xref:add-prisma-cloud-users.adoc#id2730a69c-eea8-4e00-a7f1-df3b046615bc[Add Administrative Users On Prisma Cloud], you can modify the user permissions to enable API access. If you have API access, you can create up to two access keys per role for most roles; some roles such the Build and Deploy Security role can generate one access key only. When you create an access key, the key is tied to the role with which you logged in and if you delete the role, the access key is automatically deleted. -Create an access key for a limited time period and regenerate your API keys periodically to minimize exposure and follow security best practices. On the menu:Settings[Audit Logs], you can view a record of all access key related activities such as an update to extend its validity, deletion, or a revocation. +Create an access key for a limited time period and regenerate your API keys periodically to minimize exposure and follow security best practices. On the *Settings > Audit Logs*, you can view a record of all access key related activities such as an update to extend its validity, deletion, or a revocation. [.procedure] -. Select menu:Settings[Access Control > Access Keys] and select menu:Add[Access Key]. +. Select *Settings > Access Control > Access Keys* and select *Add > Access Key*. + If you do not see the option to add a new key, it means that you do not have the permissions to create access keys. diff --git a/docs/en/enterprise-edition/content-collections/administration/create-manage-account-groups.adoc b/docs/en/enterprise-edition/content-collections/administration/create-manage-account-groups.adoc index dd704ce282..702382a629 100644 --- a/docs/en/enterprise-edition/content-collections/administration/create-manage-account-groups.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/create-manage-account-groups.adoc @@ -18,7 +18,7 @@ When you onboard a cloud account to Prisma Cloud, you can assign the cloud accou === Create an Account Group [.procedure] -. Select menu:Settings[Account Groups > Add Account Group]. +. Select *Settings > Account Groups > Add Account Group*. . Enter a *Name* and *Description* for the new Account Group. @@ -28,7 +28,7 @@ These are the list of cloud accounts that you have onboarded and are monitoring . Enter the Account IDs for cloud accounts for which you want visibility on *Compute*. + -For the cloud service providers that are supported on Prisma Cloud Compute, you can add the Account IDs manually, even if you have not onboarded the cloud account and are not using Prisma Cloud for compliance and governance. Adding the account IDs manually enables you to assign these accounts to users for role-based access control on Compute so that they can view data collected from Defenders running on workloads across these cloud service providers on menu:Compute[Radar]. +For the cloud service providers that are supported on Prisma Cloud Compute, you can add the Account IDs manually, even if you have not onboarded the cloud account and are not using Prisma Cloud for compliance and governance. Adding the account IDs manually enables you to assign these accounts to users for role-based access control on Compute so that they can view data collected from Defenders running on workloads across these cloud service providers on *Compute > Radar*. + You must provide the Account ID, the account name is not a unique identifier and is not used to retrieve information from the cloud service provider. @@ -50,7 +50,7 @@ This feature is available to customers on Alerts 2.0. Please contact your Prisma . Create an account group. + -.. Select menu:Settings[Account Groups > Add Account Group]. +.. Select *Settings > Account Groups > Add Account Group*. .. Enter a *name*, *description*, and (tt:[optionally]) select cloud accounts to add to the account group and click *Save*. @@ -79,7 +79,7 @@ You have the option of creating a new role or assigning the parent account group + .. Add a new role. + -Select menu:Settings[Roles > Add Role]. +Select *Settings > Roles > Add Role*. .. Enter the new role details. + @@ -87,7 +87,7 @@ Enter *Name*, tt:[Description], select *Permission Group* and click *Account Gro .. (tt:[Optional]) Assign the parent account group to an existing role. + -Select menu:Settings[Roles], and then select a role from the *Name* column. +Select *Settings > Roles*, and then select a role from the *Name* column. .. (tt:[Optional]) Select the *Account Group* dialog box and choose the parent account groups you want to add. @@ -95,7 +95,7 @@ Select menu:Settings[Roles], and then select a role from the *Name* column. + You can view your parent account group data from several places in the console such as the *Asset Inventory*, *Compliance* dashboards, and the *Investigate* page. + -To view the parent account groups in the *Asset Inventory* dashboard, Select menu:Inventory[Assets], and select the account groups to filter in the *Account Group* search field. +To view the parent account groups in the *Asset Inventory* dashboard, Select *Inventory > Assets*, and select the account groups to filter in the *Account Group* search field. + And on the *Investigate* page, enter the following query: + @@ -108,7 +108,7 @@ screen:[config from cloud.resource where cloud.accountgroup =] When you onboard a cloud account such as an AWS Org or GCP Org, all child accounts associated with it are automatically included in the account group that you select in the onboarding workflow. If you now want to select or reassign the grouping of one or more cloud accounts to support your reporting or logical grouping needs, use this approach: [.procedure] -. Select menu:Settings[Account Groups]. +. Select *Settings > Account Groups*. . Select the account group you want to edit and click the edit icon. + @@ -135,7 +135,7 @@ image::administration/manage-account-groups-by-parent-account-expand-child-accou To view and manage account groups: [.procedure] -. Select menu:Settings[Account Groups]. +. Select *Settings > Account Groups*. . To edit the details of an Account Group, click the record, and change any details. + diff --git a/docs/en/enterprise-edition/content-collections/administration/create-prisma-cloud-roles.adoc b/docs/en/enterprise-edition/content-collections/administration/create-prisma-cloud-roles.adoc index 5343dfb660..3d2948ca2f 100644 --- a/docs/en/enterprise-edition/content-collections/administration/create-prisma-cloud-roles.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/create-prisma-cloud-roles.adoc @@ -10,7 +10,7 @@ Roles on Prisma Cloud enable you to specify what permissions an administrator ha When you create a cloud account, you can assign one or more cloud account to account group(s) and then attach the account group to the role you create. This flow allows you to ensure the user/administrator who has the role can access the information related to only the cloud account(s) to which you have authorized access. [.procedure] -. Select menu:Settings[Access Control > Roles > Add > Role]. +. Select *Settings > Access Control > Roles > Add > Role*. . Enter a name and a description for the role. diff --git a/docs/en/enterprise-edition/content-collections/administration/define-prisma-cloud-enterprise-settings.adoc b/docs/en/enterprise-edition/content-collections/administration/define-prisma-cloud-enterprise-settings.adoc index fc0c5e4bfa..a1b995e678 100644 --- a/docs/en/enterprise-edition/content-collections/administration/define-prisma-cloud-enterprise-settings.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/define-prisma-cloud-enterprise-settings.adoc @@ -164,7 +164,7 @@ If you want to exclude one or more IP addresses or a CIDR block from generating . For UEBA policies: -.. Select menu:Settings[Anomaly Settings > Alerts and Thresholds]. +.. Select *Settings > Anomaly Settings > Alerts and Thresholds*. + image::administration/anomaly-policies-ueba-settings-1.png[] diff --git a/docs/en/enterprise-edition/content-collections/administration/manage-roles-in-prisma-cloud.adoc b/docs/en/enterprise-edition/content-collections/administration/manage-roles-in-prisma-cloud.adoc index eb4d907ba6..f03a8900ba 100644 --- a/docs/en/enterprise-edition/content-collections/administration/manage-roles-in-prisma-cloud.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/manage-roles-in-prisma-cloud.adoc @@ -6,7 +6,7 @@ Use roles to define the permissions for a specific account group. [.procedure] -. To view roles, select menu:Settings[Access Control > Roles]. +. To view roles, select *Settings > Access Control > Roles*. . To edit the details of a role, click the record and change any details. diff --git a/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions.adoc b/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions.adoc index b08952e7e9..353c0715e3 100644 --- a/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions.adoc @@ -1,6 +1,6 @@ [#id6627ae5c-289c-4702-b2ec-b969eaf844b3] == Prisma Cloud Administrator Permissions -View a list of the access privileges associated with each Prisma Cloud role +View a list of the access privileges associated with each Prisma Cloud role. The following tables provides a list of the access privileges associated with each role for different areas of the Prisma Cloud administrative console. diff --git a/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-administrator-roles.adoc b/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-administrator-roles.adoc index 869f111298..e0c9b1864d 100644 --- a/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-administrator-roles.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-administrator-roles.adoc @@ -16,7 +16,7 @@ An account group administrator can only view assets deployed within the cloud ac * *Account and Cloud Provisioning Admin*—Combines the permissions for the *Account Group Admin* and the *Cloud Provisioning Admin* to enable an administrator who is responsible for a line of business. With this role, in addition to being able to onboard cloud accounts, the administrator can access the dashboard, manage the security policies, investigate issues, view alerts and compliance details for the designated accounts only. -* *Cloud Provisioning Admin*—Permissions to onboard and manage cloud accounts from Prisma Cloud and the APIs, and the ability to create and manage the account groups. With this role access is limited to menu:Settings[Cloud Accounts] and menu:Settings[Account Groups] on the admin console. +* *Cloud Provisioning Admin*—Permissions to onboard and manage cloud accounts from Prisma Cloud and the APIs, and the ability to create and manage the account groups. With this role access is limited to *Settings > Cloud Accounts* and *Settings > Account Groups* on the admin console. * *Build and Deploy Security*—Restricted permissions to DevOps users who need access to a subset of *Runtime Security* capabilities and/or API access to run IDE, SCM and CI/CD plugins for Infrastructure as Code and image vulnerabilities scans. For example, the Build and Deploy Security role enables read-only permissions to review vulnerability and compliance scan reports on *runtime security* and to manage and download utilities such as Defender images, plugins and twistcli. + diff --git a/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-licenses.adoc b/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-licenses.adoc index 1f7171c2b4..bc545ae275 100644 --- a/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-licenses.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/prisma-cloud-licenses.adoc @@ -109,5 +109,9 @@ When this threshold is met, say 75% of 1000 allocated credits, an alarm is gener For each rule, the following information is available for your review. You can select each rule to edit or delete it. Rule Name, Allocated Credits, Total Credit Usage, Average Credit Usage (%), Account Groups. +[NOTE] +==== +Serverless Radar consumes credits even if your deployment does not actively use it. This is because Serverless Radar is part of cloud discovery and security posture management which is always on and cannot be disabled. +==== diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/get-started-with-saml-sso.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/get-started-with-saml-sso.adoc index e05879336d..19256124bb 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/get-started-with-saml-sso.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/get-started-with-saml-sso.adoc @@ -23,7 +23,7 @@ If you want to enable JIT provisioning for users, xref:../../create-prisma-cloud . Copy the Audience URI, for Prisma Cloud, which users need to access from the IdP. + -.. Log in to Prisma Cloud and select menu:Settings[Access Control > SSO]. +.. Log in to Prisma Cloud and select *Settings > Access Control > SSO*. .. Copy the *Audience URI (SP Entity ID)* value. This is a read-only field in the format: \https://app.prismacloud.io?customer= to uniquely identify your instance of Prisma Cloud. You require this value when you configure SAML on your IdP. + diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/set-up-jit-on-okta.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/set-up-jit-on-okta.adoc index b543e6c05c..702853e82c 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/set-up-jit-on-okta.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/set-up-jit-on-okta.adoc @@ -16,7 +16,7 @@ If you have not already created the SAML app for Prisma Cloud on Okta, follow th + If you need to add custom mandatory fields, follow these steps. -.. Go to menu:Directory[Profile Editor > ]. +.. Go to *Directory > Profile Editor > *. + image::administration/jit-okta-profile-editor.png[] + @@ -30,7 +30,7 @@ image::administration/jit-okta-add-attribute.png[] + [NOTE] ==== -If you have multiple roles, select menu:data{sp}type[string array] so that you will have an array, or group of strings to represent your role names in Prisma Cloud. +If you have multiple roles, select *data type > string array* so that you will have an array, or group of strings to represent your role names in Prisma Cloud. ==== .. *Save* the new attribute. @@ -42,7 +42,7 @@ image::administration/sso-okta-add-attribute.png[] . [[id766be9d2-fec0-4fae-9bb7-583c24c4ccd7]]Configure the *Attribute Statements* on the Prisma Cloud Okta app. + -Specify the user attributes in the SAML assertion or claim that Prisma Cloud can use to create the local user account... Select menu:Applications[Applications]. +Specify the user attributes in the SAML assertion or claim that Prisma Cloud can use to create the local user account... Select *Applications > Applications*. .. Select the Prisma Cloud **, *General* and click *Edit* under the *SAML Settings* heading to add the attribute statements.Replace ** with the name of the Prisma Cloud app you want to configure the attribute statements for. You must provide the *email*, *role*, *first*, and *last* name for each user. + @@ -50,12 +50,12 @@ image::administration/jit-attributes-okta.png[] + [NOTE] ==== -The attribute statement names should map to the values that you have in menu:Settings[Access Control > SSO > > Just in Time (JIT) Provisioning]. +The attribute statement names should map to the values that you have in *Settings > Access Control > SSO > > Just in Time (JIT) Provisioning*. ==== . Assign the Prisma Cloud role for each SSO user. + -Each SSO user who is granted access to Prisma Cloud, can have between one to five Prisma Cloud roles assigned. Each role determines the permissions and account groups that the user can access on Prisma Cloud... Select menu:Applications[Applications] +Each SSO user who is granted access to Prisma Cloud, can have between one to five Prisma Cloud roles assigned. Each role determines the permissions and account groups that the user can access on Prisma Cloud... Select *Applications > Applications* .. Select the Prisma Cloud app and Assignments. + @@ -63,7 +63,7 @@ For existing users, click the pencil icon to add the Prisma Cloud Role you want + image::administration/jit-okta-users.png[] + -For new users, select menu:Assign[Assign to People], click *Assign* for the user you want to give access to Prisma Cloud and define the Prisma Cloud Role you want to give this user. +For new users, select *Assign > Assign to People*, click *Assign* for the user you want to give access to Prisma Cloud and define the Prisma Cloud Role you want to give this user. + image::administration/jit-okta-edit-user-assignment.png[] diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc index 5aba049752..7637c9aefa 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud.adoc @@ -19,7 +19,7 @@ If you want to enable JIT provisioning for users, create Prisma Cloud Roles befo . Copy the Audience URI, for Prisma Cloud, which users need to access from AD FS. + -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. Copy the *Audience URI (SP Entity ID)* value. This is a read-only field in the format: \https://app.prismacloud.io?customer= to uniquely identify your instance of Prisma Cloud. You require this value when you configure SAML on AD FS. + @@ -53,7 +53,7 @@ image::administration/adfs-sso-setup-2.png[] . Configure AD FS on Prisma Cloud. + -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. *Enable SSO*. diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-google.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-google.adoc index d6529ddc0f..f2934f04ff 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-google.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-google.adoc @@ -14,9 +14,9 @@ If you have not already created the SAML app for Prisma Cloud on Google, see set . Create a custom role in Google that will be used as a Prisma Cloud role. For the Prisma Cloud role to be available to each user, this role attribute should be available to each registered user in the Google workspace. -.. Log in to Google as a Super Administrator and select menu:Directory[Users]. +.. Log in to Google as a Super Administrator and select *Directory > Users*. -.. Select menu:More[Manage Custom Attributes]. +.. Select *More > Manage Custom Attributes*. + image::administration/sso-google-jit-6.png[] @@ -35,7 +35,7 @@ image::administration/sso-google-jit-7.png[] . Map the JIT attributes. -.. Log in to Google as a Super Administrator and select menu:Apps[Web and mobile apps]. +.. Log in to Google as a Super Administrator and select *Apps > Web and mobile apps*. .. Click on the application for which you want to enable JIT provisioning. + @@ -51,7 +51,7 @@ image::administration/sso-google-jit-10.png[] . Enable JIT. -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. Under Just in Time (JIT) Provisioning, *Enable JIT Provisioning*. @@ -67,4 +67,4 @@ image::administration/sso-onelogin-jit-10.png[] .. Click *Prisma * (the SAML custom application that you had configured) to log directly in to the Prisma Cloud instance. -.. Log in to Prisma Cloud as an Administrator and select menu:Settings[Users] to validate that the above user is provisioned. +.. Log in to Prisma Cloud as an Administrator and select *Settings > Users* to validate that the above user is provisioned. diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-onelogin.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-onelogin.adoc index 22811d7c2a..657cfe931a 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-onelogin.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-onelogin.adoc @@ -18,7 +18,7 @@ If you have not already created the SAML app for Prisma Cloud on OneLogin, see x + .. Log in to OneLogin as an Administrator and select *Administration*. -.. Navigate to menu:Users[Roles]. +.. Navigate to *Users > Roles*. .. *New Role*. @@ -38,7 +38,7 @@ image::administration/sso-onelogin-jit-2.png[] + .. In OneLogin, select *Administration*. -.. Navigate to menu:Users[Roles] and select the role to which you want to add the users. +.. Navigate to *Users > Roles* and select the role to which you want to add the users. .. Click *Users* and use automatic (filter-based) or manual-based option to add new users to the role. + @@ -72,7 +72,7 @@ image::administration/sso-onelogin-jit-9.png[] . Enable JIT. + -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. Under Just in Time (JIT) Provisioning, *Enable JIT Provisioning*. @@ -90,7 +90,7 @@ image::administration/sso-onelogin-jit-10.png[] .. Click *Prisma App* from the dashboard to log directly in to the Prisma Cloud instance. -.. Log in to Prisma Cloud as an Administrator and select menu:Settings[Users] to validate that the above user is provisioned. +.. Log in to Prisma Cloud as an Administrator and select *Settings > Users* to validate that the above user is provisioned. diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc index 4c6e7f7c7f..69f86b7c58 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google.adoc @@ -10,15 +10,15 @@ On Prisma Cloud, you can enable single sign-on (SSO) using Google. To enable SSO [.procedure] . Set up Google for SSO. -.. Before you begin to set up Google configuration, log in to your Prisma Cloud instance, select menu:Settings[SSO] and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. +.. Before you begin to set up Google configuration, log in to your Prisma Cloud instance, select *Settings > SSO* and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. .. Log in to https://admin.google.com/[Google Workspace] as a Super Administrator. + image::administration/sso-google-2.png[] -.. From the left navigation menu, select menu:Apps[Web and mobile Apps]. +.. From the left navigation menu, select *Apps > Web and mobile Apps*. -.. Select menu:Add{sp}App[Add custom SAML App]. +.. Select *Add App > Add custom SAML App*. + image::administration/sso-google-3.png[] @@ -51,7 +51,7 @@ image::administration/sso-google-7.png[] . Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. *Enable SSO*. diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc index 1f7311f6b3..2e62c21ce0 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory.adoc @@ -64,7 +64,7 @@ If the attribute has a namespace configured, the namespace and the name of the a . Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[Access Control > SSO]. +.. Log in to Prisma Cloud and select *Settings > Access Control > SSO*. .. *Enable SSO*. diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc index 8f8e7836b4..7991140543 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta.adoc @@ -51,7 +51,7 @@ image::administration/sso-okta-general-settings.png[] + The format for Sign On URL uses the URL for Prisma Cloud, but you must replace app with api and add saml at the end. For example, if you access Prisma Cloud at https://app2.prismacloud.io, your Sign On URL should be userinput:[\https://api2.prismacloud.io/saml] and if it is https://app.eu.prismacloud.io, it should be userinput:[\https://api.eu.prismacloud.io/saml] . -.. For *Audience URI* - Use the value displayed on Prisma Cloud menu:Settings[Access Control > SSO] that you copied in the first step. +.. For *Audience URI* - Use the value displayed on Prisma Cloud *Settings > Access Control > SSO* that you copied in the first step. .. Select *Name ID format* as *Persistent* and *Application username* as *Okta username*. + @@ -77,7 +77,7 @@ You have now successfully created an application for the SAML integration. This .. Assign users or groups of users who can use the Prisma Cloud SSO app to log in to Prisma Cloud. + -Select Assignments on the app and menu:Assign[Assign to People], to add individual users. +Select Assignments on the app and *Assign > Assign to People*, to add individual users. + image::administration/sso-okta-assign-users.png[] + @@ -89,13 +89,13 @@ image::administration/sso-okta-assign-groups.png[] . [[id3e639e18-3f16-4f90-b8e7-e3a4b35a743b]]Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[Access Control > SSO]. +.. Log in to Prisma Cloud and select *Settings > Access Control > SSO*. .. *Enable SSO*. .. Enter the value for your *Identity Provider Issuer*. + -This is the URL of a trusted provider such as Google, Salesforce, Okta, or Ping who act as your IdP in the authentication flow. On Okta, for example, you can find the Identity Provider issuer URL at menu:Applications[Sign On > View Setup Instructions]. +This is the URL of a trusted provider such as Google, Salesforce, Okta, or Ping who act as your IdP in the authentication flow. On Okta, for example, you can find the Identity Provider issuer URL at *Applications > Sign On > View Setup Instructions*. + image::administration/sso-get-idp-for-prisma-cloud.png[] + diff --git a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc index 04e9e0fe5a..969225f39b 100644 --- a/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin.adoc @@ -10,13 +10,13 @@ If you have selected OneLogin as your Identity and Access Management provider, y [.procedure] . Set up OneLogin for SSO. -.. Before you begin to set up OneLogin configuration, log in to your Prisma Cloud instance, select menu:Settings[SSO] and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. +.. Before you begin to set up OneLogin configuration, log in to your Prisma Cloud instance, select *Settings > SSO* and copy the Audience URI (SP Entity ID). For example: https://app.prismacloud.io/settings/sso[https://app.prismacloud.io/settings/sso]. + image::administration/sso-onelogin-01.png[] .. Log in to OneLogin as an Administrator and click *Administration*. -.. Select menu:Applications[Add App]. +.. Select *Applications > Add App*. .. Enter *SAML* in the search bar and from the options displayed select *SAML Custom Connector (Advanced)* that is provided by OneLogin, Inc. + @@ -51,7 +51,7 @@ image::administration/sso-onelogin-5.png[] . Configure SSO on Prisma Cloud. -.. Log in to Prisma Cloud and select menu:Settings[SSO]. +.. Log in to Prisma Cloud and select *Settings > SSO*. .. *Enable SSO*. diff --git a/docs/en/enterprise-edition/content-collections/administration/subscribe-to-cdem.adoc b/docs/en/enterprise-edition/content-collections/administration/subscribe-to-cdem.adoc index a8d7dfa76f..729c3f23c4 100644 --- a/docs/en/enterprise-edition/content-collections/administration/subscribe-to-cdem.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/subscribe-to-cdem.adoc @@ -12,7 +12,7 @@ The pre-requisite tasks are applicable only to AWS. For Azure and GCP, you can s [#pre-req-for-cdem-aws] === Pre-requisites to Secure Exposed AWS Assets -To enable Cloud Discovery and Exposure Management (CDEM) to convert the unmanaged (shadow IT) to managed (secure) AWS assets, you must configure your AWS OU account as follows: +To enable Cloud Discovery and Exposure Management (CDEM) to convert the unmanaged (shadow IT) to managed (secure) AWS assets, you must configure your AWS Organization account as follows: [.procedure] @@ -20,7 +20,7 @@ To enable Cloud Discovery and Exposure Management (CDEM) to convert the unmanage + .. Select *IAM > Roles* in the AWS Management Console. -.. Locate and select the desired IAM role for which you want to attach the custom inline policy. Click the role's name to access its details. +.. Locate and select the desired IAM role created while onboarding your AWS Organization account to Prisma Cloud, then attach the custom inline policy. Click the role's name to access its details. .. Within the role details page, navigate to the *Permissions* tab. @@ -32,15 +32,15 @@ image::administration/cdem-pre-req-create-policy-1.png[] + ---- { - - "Version":"2012-10-17", - "Statement":[ - { - "Effect":"Allow", - "Action":"sts:AssumeRole", - "Resource":"*" - } - ] + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "CrossAccountRoleForAWSNetworkQueryTool", + "Effect": "Allow", + "Action": "sts:AssumeRole", + "Resource": "arn:aws:iam::*:role/CrossAccountRoleForAWSNetworkQueryTool" + } + ] } ---- @@ -114,7 +114,7 @@ image::administration/cdem-subscription-enable.png[] + image::administration/cdem-aa-enable.png[] -. Once the subscription is enabled, you will receive a 14-day trial. You will receive three email notifications during the trial period indicating the upcoming trial expiry and how to continue with your subscription. After the trial period ends, you can continue the subscription and utilize credits to maintain access to the service or unsubscribe from CDEM. Alternatively, you can also choose directly to subscribe to the paid version of CDEM. +. Once the subscription is enabled, you will receive a 30-day trial. You will receive three email notifications during the trial period indicating the upcoming trial expiry and how to continue with your subscription. After the trial period ends, you can continue the subscription and utilize credits to maintain access to the service or unsubscribe from CDEM. Alternatively, you can also choose directly to subscribe to the paid version of CDEM. . Upon subscription, Prisma Cloud initiates scans across the internet to identify your digital footprint. + diff --git a/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc b/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc index ca50005107..d1f0da2f69 100644 --- a/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc @@ -11,7 +11,7 @@ NOTE: Audit logs older than 120 days are deleted. [.procedure] -. Select menu:Settings[Audit Logs]. +. Select *Settings > Audit Logs*. . Select a *Time Range* to view the activity details by users in the system. diff --git a/docs/en/enterprise-edition/content-collections/alerts/alert-payload.adoc b/docs/en/enterprise-edition/content-collections/alerts/alert-payload.adoc index b4a6b508c0..996694ec43 100644 --- a/docs/en/enterprise-edition/content-collections/alerts/alert-payload.adoc +++ b/docs/en/enterprise-edition/content-collections/alerts/alert-payload.adoc @@ -146,7 +146,7 @@ image::alerts/alert-payload-1.png[] [NOTE] ==== -For alert notifications to include user attribution data, you must *Populate User Attribution In Alerts Notifications* ( menu:Settings[Enterprise Settings]). Including user attribution data may delay alert notifications because the information may not be available from the cloud provider when Prisma Cloud is ready to generate the alert. +For alert notifications to include user attribution data, you must *Populate User Attribution In Alerts Notifications* ( *Settings > Enterprise Settings*). Including user attribution data may delay alert notifications because the information may not be available from the cloud provider when Prisma Cloud is ready to generate the alert. ==== |=== diff --git a/docs/en/enterprise-edition/content-collections/alerts/create-an-alert-rule-cloud-infrastructure.adoc b/docs/en/enterprise-edition/content-collections/alerts/create-an-alert-rule-cloud-infrastructure.adoc index 1f8df0b089..cb56bc9700 100644 --- a/docs/en/enterprise-edition/content-collections/alerts/create-an-alert-rule-cloud-infrastructure.adoc +++ b/docs/en/enterprise-edition/content-collections/alerts/create-an-alert-rule-cloud-infrastructure.adoc @@ -5,36 +5,29 @@ //Use alert rules to define the target cloud accounts and policies for which you want to generate alerts and send notifications to an external destination. -Prisma® Cloud begins monitoring your cloud environments as soon as you onboard a cloud account and it includes a default alert rule out-of-the-box. This default alert rule has the default account group attached to it and it includes only the Prisma Cloud Recommended OOTB policies. If you want to view this list of policies, filter the policies with the *Prisma_Cloud* label. +Prisma® Cloud starts monitoring your cloud environments as soon as you onboard your cloud account. A default alert rule is included out-of-the-box (OOTB), with a default account group attached to it that includes only the Prisma Cloud recommended OOTB policies. To view this list of policies, filter the policies with the *Prisma_Cloud* label. For example, you can define different alert rules and notification flows for your production and development cloud environments. You can also set up different alert rules for sending specific alerts to your existing SOC visibility tools, such as send one set of alerts to your security information and event management (SIEM) system and another set to Jira for automated ticketing. -While you can use this default alert rule, granular alert rules provide you with flexibility in how you manage alerts and help you adhere to the administrative boundaries for your organization. You can send very specific sets of alerts for xref:../administration/create-manage-account-groups.adoc[cloud account groups] that you have grouped based on appropriate access levels and business logic and restrict access to information about specific cloud accounts to only those administrators who need it. You can for example, define different alert rules and notification flows for your production and development cloud environment. In addition, you can set up different alert rules for sending specific alerts to your existing SOC visibility tools - you could send one set of alerts to your security information and event management (SIEM) system and another set to Jira for automated ticketing. +If you xref:../administration/configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud.adoc[configure external integrations on Prisma Cloud] with third-party tools, defining granular alert rules enables you to send only the alerts you need to enhance your existing operational, ticketing, notification, and escalation workflows with the addition of Prisma Cloud alerts on policy violations in all your cloud environments. To see any existing integrations, select *Settings > Integrations & Notifications*. - - -In addition, if you xref:../administration/configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud.adoc[Configure External Integrations on Prisma Cloud] with third-party tools, defining granular alert rules enables you to send only the alerts you need to enhance your existing operational, ticketing, notification, and escalation workflows with the addition of Prisma Cloud alerts on policy violations in all your cloud environments. To see any existing integrations, select *Settings > Integrations & Notifications*. - -If you want to create an alert rule for workload protection, see xref:../governance/workload-protection-policies.adoc#create-alert-workload-policy[Workload Protection]. +To create an alert rule for workload protection, see xref:../governance/workload-protection-policies.adoc#create-alert-workload-policy[Workload Protection]. //When you create an alert rule, you can xref:view-respond-to-prisma-cloud-alerts.adoc[automatically remediate alerts], which enables Prisma Cloud to automatically run the CLI command required to remediate the policy violation directly in your cloud environments. Automated remediation is only available for default policies (Config policies only) that are designated as Remediable (image:remediable-icon.png[]). - [.procedure] . Select *Alerts > View Alert Rules > Add Alert Rule*. -. In *Add Details*, enter a *Name* for the alert rule and, optionally, a *Description* to communicate the purpose of the rule. +. In *Add Details*, enter a *Name* for the alert rule and optionally, a *Description* to communicate the purpose of the rule. .. You can enable the optional *Auto-Actions*, *Alert Notifications*, and *Auto-Remediation* settings up front. If you enable any of these options, they are displayed as additional steps in the alert rule creation process, for example, if you enable *Alert Notifications*, the options to *Configure Notifications* is displayed. + [NOTE] ==== -If you enable *Automated-Remediation*, the list of policies shows only Remediable (image:alerts/remediable-icon.png[]) policies +If you enable *Automated-Remediation*, the list of policies shows only Remediable policies. ==== - -.. Select *Next*. + -image::alerts/add-alert-rule-details-1.png[] +.. Select *Next*. . *Assign Targets* to add more granularity for which cloud resources trigger alerts for this alert rule, and then provide more criteria as needed: @@ -43,23 +36,23 @@ image::alerts/add-alert-rule-details-1.png[] .. *Exclude Cloud Accounts and Regions* from your selected Account Group—If there are some cloud accounts and regions in the selected account groups for which you do not want to trigger alerts, select the accounts and regions from the list. .. Select *Include Tag Resource Lists* to easily manage or identify the type of your resources—To trigger alerts only for specific resources in the selected cloud accounts, enter the *Key* and *Value* of the resource tag you created for the resource in your cloud environment. Tags apply only to *Config* and *Network* policies. When you add multiple resource tags, it uses the boolean logical OR operator. - -.. After defining the target cloud resources, select *Next*. + image::alerts/add-alert-rule-assign-targets-1.png[] +.. After defining the target cloud resources, select *Next*. + + . Select the policies for which you want this alert rule to trigger alerts and, optionally, xref:view-respond-to-prisma-cloud-alerts.adoc[automatically remediate alerts]. .. Either *Select All Policies* or select the specific policies that match the filter criteria for which you want to trigger alerts on this alert rule. Selecting *All Policies* will create a large volume of alerts. It is recommended that you use granular filtered selection for more relevant and targeted alerts specific to your requirement. -.. *Add Filter* (image:alerts/add-alert-rule-add-filter.png[]) to filter better while selecting policies. You can filter by *Policy Severity*, *Cloud Type*, *Compliance Standard*, and *Policy Label*. As you select the filters, the results listed the table are refreshed automatically. *Reset Filters* (image:alerts/add-alert-rule-reset-filter.png[]) to remove the filter selection. +.. *Add Filter* to further define the policies you would like to filter on. Filter options include, *Policy Severity*, *Cloud Type*, *Compliance Standard*, and *Policy Label*. Table results are refreshed automatically, as you select the Filters. Select *Reset Filters* to remove a filter selection. + -[NOTE] -==== *Include new policies matching filter criteria* is enabled when you select at least one of the filters and then select all rows in the table by selecting the top checkbox in the first column of the table. When enabled, new policies that match the filter criteria will be automatically included and used to scan your cloud accounts. -==== ++ +tt:[IMPORTANT] When you add an alert rule policy filter, keep in mind that filters follow *AND* logic not *OR*. For instance, if you create an alert rule by selecting `policy label='Prisma Cloud'` with `Compliance standard='CIS v2'`, an AND rule is applied. Scans will return results with policies that have both the Prisma Cloud label and the CIS v2 compliance standard. -.. To help you find the specific group of policies for which you want this rule to alert: +.. To find a specific group of policies for which you want this rule to alert: + * *Filter Results*—Enter a *Search* term to filter the list of policies to those with specific keywords. * *Column Picker*—Click *Edit* (image:alerts/column-picker.png[]) to modify which columns to display. @@ -67,10 +60,8 @@ image::alerts/add-alert-rule-assign-targets-1.png[] * *Fullscreen*—Click *View in Fullscreen mode* (image:alerts/add-alert-rule-fullscreen.png[])to see an expanded view of the table. .. *Next*. -+ -image::alerts/add-alert-rule-assign-policies-1-2.png[] -. (tt:[Optional]) You can automatically dismiss alerts that have specific tags as defined on the resource and added to the Resource Lists on Prisma Cloud. The details of the reason for dismissal is included in the alert rule L2 view. If you enabled ^tt:[Limited GA]^*Auto-Actions* in the *Add Details* screen, when you update an alert rule, all existing alerts with matching tags are auto dismissed. When an alert has been dismissed and you update the alert rule, the alert will continue to stay dismissed. If you are interested, please reach out to Prisma Cloud Customer Support and submit a request to enable this feature on your tenant. The team will promptly review your request and inform you about your tenant's eligibility for LGA access. +. (tt:[Optional]) You can automatically dismiss alerts that have specific tags as defined on the resource and added to the Resource Lists on Prisma Cloud. The details of the reason for dismissal is included in the alert rule L2 view. If you enabled *Auto-Actions* in the *Add Details* screen, when you update an alert rule, all existing alerts with matching tags are auto dismissed. When an alert has been dismissed and you update the alert rule, the alert will continue to stay dismissed. If you are interested, please reach out to Prisma Cloud Customer Support and submit a request to enable this feature on your tenant. The team will promptly review your request and inform you about your tenant's eligibility for LGA access. + Add a Reason, Requestor, and Approver for the automatic dismissal and click *Next*. @@ -97,15 +88,10 @@ If you want to receive external notifications for when an existing alert status The ability to send notifications for all states is limited GA. If you are interested, please reach out to Prisma Cloud Customer Support and submit a request to enable this feature on your tenant. The team will review your request and inform you about your tenant's eligibility for LGA access. No alerts will be generated for the Jira and Cortex XSOAR integrations. ==== -+ -image::alerts/add-alert-rule-configure-notifications-1.png[] - . View the *Summary* of all the alert rule. *Edit* if you want to change any setting and *Save* the alert rule. -+ -image::alerts/add-alert-rule-summary-1.png[] . Verify that the alert rule you created is triggering alert notifications. + -As soon as you save your alert rule, any violation of a policy for which you enabled alerts results in an alert notification on *Alerts*, as well as in any third-party integrations you designated in the alert rule. +As soon as you save your alert rule, any policy violation for which you enabled alerts results in an alert notification on *Alerts*, as well as in any third-party integrations designated in the alert rule. diff --git a/docs/en/enterprise-edition/content-collections/alerts/generate-reports-on-prisma-cloud-alerts.adoc b/docs/en/enterprise-edition/content-collections/alerts/generate-reports-on-prisma-cloud-alerts.adoc index ed5ca4fada..a14a2ce101 100644 --- a/docs/en/enterprise-edition/content-collections/alerts/generate-reports-on-prisma-cloud-alerts.adoc +++ b/docs/en/enterprise-edition/content-collections/alerts/generate-reports-on-prisma-cloud-alerts.adoc @@ -15,7 +15,7 @@ The overview report lists cloud resources by account group and aggregates inform [.procedure] -. Select menu:Alerts[Reports > +Add Alert Report]. +. Select *Alerts > Reports > +Add Alert Report*. . Enter a *Name* and select a *Report Type*. + diff --git a/docs/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons.adoc b/docs/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons.adoc index a20b3fe823..1f274262df 100644 --- a/docs/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons.adoc +++ b/docs/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons.adoc @@ -2,7 +2,7 @@ == Prisma Cloud Alert Resolution Reasons Review the different reasons an alert is closed on Prisma Cloud -When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on menu:Alerts[Overview] when you select an resolved alert and review the alert details for the violating resource. +When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on *Alerts > Overview* when you select an resolved alert and review the alert details for the violating resource. The table below lists the reasons: diff --git a/docs/en/enterprise-edition/content-collections/alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc b/docs/en/enterprise-edition/content-collections/alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc index babb128252..680eb18c86 100644 --- a/docs/en/enterprise-edition/content-collections/alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc +++ b/docs/en/enterprise-edition/content-collections/alerts/send-prisma-cloud-alert-notifications-to-third-party-tools.adoc @@ -85,7 +85,7 @@ All email notifications from Prisma Cloud include the domain name to support Dom + Prisma Cloud provides a default email template for your convenience, and you can customize the lead-in message within the body of the email using the rich-text editor. -.. Select *Alerts > Notification Templates" and *Add Notification Template* +.. Select *Settings > Notification Templates* and *Add Notification Template*. .. Select the *Email* Notification template from the list. @@ -103,7 +103,7 @@ The preview on the right gives you an idea of how your content will look. + image::alerts/alert-rules-custom-email-review-status.png[] -. Select *Alerts > View Alert Rules* +. Select *Alerts > View Alert Rules*. + Either xref:create-an-alert-rule-cloud-infrastructure.adoc[Create an Alert Rule for Cloud Infrastructure] or xref:create-an-alert-rule-cloud-workloads.adoc[Create an Alert Rule for Cloud Workloads], or select an existing rule to edit. @@ -134,7 +134,7 @@ image::alerts/alerts-alert-rules-set-alert-notification.png[] . Verify the alert notification emails. + -The email alert notification specifies the alert rule, account name, cloud type, policies that were violated, the number of alerts each policy violated, and the affected resources. Click the ** of alerts to view the Prisma Cloud menu:Alerts[Overview] page. +The email alert notification specifies the alert rule, account name, cloud type, policies that were violated, the number of alerts each policy violated, and the affected resources. Click the ** of alerts to view the Prisma Cloud *Alerts > Overview* page. + image::alerts/alerts-email-notification.png[] @@ -217,6 +217,8 @@ image::alerts/alert-rule-jira.png[] . Review the *Summary* and *Save* the new alert rule or your changes to an existing alert rule. +NOTE: If the user who set up your Jira integration is no longer with your organization, you have to create a new xref:../administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc[Jira integration]. + [.task] [#idd57f95ff-7246-48c9-85d0-4eae0185b827] @@ -227,7 +229,7 @@ You can send alert notifications to Google Cloud Security Command Center (SCC). [.procedure] . xref:../administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-google-cloud-security-command-center.adoc[Integrate Prisma Cloud with Google Cloud Security Command Center (SCC)]. -. Select *Alerts > View Alert Rules* +. Select *Alerts > View Alert Rules*. + Either xref:create-an-alert-rule-cloud-infrastructure.adoc[Create an Alert Rule for Cloud Infrastructure] or xref:create-an-alert-rule-cloud-workloads.adoc[Create an Alert Rule for Cloud Workloads], or select an existing rule to edit. @@ -251,7 +253,7 @@ You can send alert notifications to ServiceNow. [.procedure] . xref:../administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow.adoc[Integrate Prisma Cloud with ServiceNow]. -. Select *Alerts > View Alert Rules* +. Select *Alerts > View Alert Rules*. + Either xref:create-an-alert-rule-cloud-infrastructure.adoc[Create an Alert Rule for Cloud Infrastructure] or xref:create-an-alert-rule-cloud-workloads.adoc[Create an Alert Rule for Cloud Workloads], or select an existing rule to edit. diff --git a/docs/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts.adoc b/docs/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts.adoc index 66c68a38c7..00516de080 100644 --- a/docs/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts.adoc +++ b/docs/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts.adoc @@ -7,7 +7,7 @@ Alerts on Prisma Cloud are generated to identify a range of potential threats, e If you are already on *Alerts*, you are at the right place. The Alerts are prioritized and organized into specific saved views to help you easily access the most urgent and pertinent alerts for a focus area. Each saved view is named and has preset filters to display the relevant alerts. For example, the Overview displays all open alerts within the past 24 hours, while Highest Priority displays open alerts for critical and high severity policies that were opened within the past 24 hours. If you have a specific category of alerts in mind, you'll find them grouped in categories such as vulnerability or malware. -Alternatively, starting from the *Home* page (with the Prisma Cloud switcher set to Cloud Security) provides you with an overview of incidents and high-priority risks detected in the last 24 hours. From the Home page also, you are back on the *Alerts* fromw where you can take immediate action, such as exploring attack paths and delving into alerts associated with critical and high-severity policies. This allows you to focus on threats with the highest risk potential. +Alternatively, starting from the *Home* page (with the Prisma Cloud switcher set to Cloud Security) provides you with an overview of incidents and high-priority risks detected in the last 24 hours. From the Home page also, you are back on the *Alerts* from where you can take immediate action, such as exploring attack paths and delving into alerts associated with critical and high-severity policies. This allows you to focus on threats with the highest risk potential. Effective management of alerts is crucial for safeguarding your cloud environments. You have two options: you can either monitor and take action from the Prisma Cloud or you can xref:send-prisma-cloud-alert-notifications-to-third-party-tools.adoc#idcda01586-a091-497d-87b5-03f514c70b08[Send Prisma Cloud Alert Notifications to Third-Party Tools] where you have automated processes or workflows for timely response and resolution. @@ -36,7 +36,7 @@ NOTE: Bulk editing actions to resolve, dismiss, or snooze alerts take a while to [#view-alerts] === View Alerts on the Prisma Cloud Console -An alert is an issue that needs your attention. It informs you about an asset with a potential problem such as a misconfiguration, exposure to the internet or malware. Alerts are grouped into saved views and the most crtitical issues are priortitized and arranged from left to right. +An alert is an issue that needs your attention. It informs you about an asset with a potential problem such as a misconfiguration, exposure to the internet or malware. Alerts are grouped into saved views and the most critical issues are priortitized and arranged from left to right. Each saved view is system-defined and has a default name and preset filters to display the relevant alerts.For instance, the Overview displays all open alerts within the past 24 hours and the Highest Priority displays open alerts for critical and high severity policies that were opened within the past 24 hours. @@ -49,13 +49,14 @@ In addition to the alert context, you also have context on the asset such as inf . Select *Alerts* to view alerts from within Prisma Cloud. + Prisma Cloud displays all alerts for which your role has permissions. -For each saved view the filters determine what you see on the page. You can Add or update filters. With the exception of the Overview, when you modify the filters in a system-defined view, you can either copy to a new view to save changes or clear edits. Any custom view is prefixed with an icon (image:alerts/custom-view-icon.png[]). +For each saved view the filters determine what you see on the page. You can Add or update filters. With the exception of the Overview, when you modify the filters in a system-defined view, you can either copy to a new view to save changes or clear edits. Any custom view is prefixed with a custom view icon. +//(image:alerts/custom-view-icon.png[]) +** To show, hide, and reorder the columns to suit your preferences, click the column picker icon and add, remove columns, and change the order of columns. +//(image:alerts/column-picker.png[]) -** To show, hide and reorder the columns to suit your preferences, click (image:alerts/column-picker.png[]) and add,remove columns and change the order of columns. - - -** To sort on a specific column, click the corresponding *Sort* icon (image:alerts/sort-column.png[]). +** To sort on a specific column, click the corresponding *Sort* icon. +//(image:alerts/sort-column.png[]) + Most filters have a value you can select in the dropdown, and some such as the Asset Tag support a key and value as input. It performs an exact match, and does not support white spaces or wildcard characters. You can for example, enter Key as `env` and leave the Value as empty to match on all values for the key `env`, or specify value as `prod` or `stage`. + @@ -79,7 +80,8 @@ To view the details for the asset on the Cloud Service Provider directly, select + Select the alert ID link to open the side panel and review the alert details. -** As needed, *Download* (image:alerts/download-alerts.png[]) the filtered list of alert details to a CSV file. +** As needed, *Download* the filtered list of alert details to a CSV file. +//(image:alerts/download-alerts.png[]) + When you add a cloud account on Prisma Cloud and then delete it, you can no longer view alerts associated with that account on *Alerts > Overview*, and the alert count does not include alerts for a deleted cloud account. If you add the account back on Prisma Cloud within a 24-hour period, the existing alerts will display again. After 24 hours, the alerts are resolved with the resolution reason *Account Deleted* and then permanently deleted. + @@ -100,9 +102,13 @@ After you xref:view-respond-to-prisma-cloud-alerts.adoc#view-alerts.adoc[view al * *Reopen*—You can reopen a dismissed alert or a snoozed alert before the snooze period expires, if you want to review and investigate it. -* *Investigate*—When you select an open alert for some policy types such as Config or IAM policies that use RQL, you get an automatically generated search query that enables you to review the details for the alert on *Investigate*. The ability to investigate is also availabkle from the Alert side panel. +* *Investigate*—When you select an open alert for some policy types such as Config or IAM policies that use RQL, you get an automatically generated search query that enables you to review the details for the alert on *Investigate*. The ability to investigate is also available from the Alert side panel. + +* *Send to Jira*—When you select the Alert ID link for an alert that is in a snoozed or open state, you can send the alert to your Jira integration. This option enables you to create and assign an action to a user and help them track status in their existing workflows. If the user who set up your Jira integration is no longer with your organization, you have to create a new xref:../administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira.adoc[Jira integration]. -* *Send to Jira*—When you select the Alert ID link for an alert that is in a snoozed or open state, you can send the alert to your Jira integration. This option enables you to create and assign an action to a user and help them track status in their existing workflows. +* *Send to Email*—When you select the Alert ID link for an alert that is in a snoozed or open state, you can send the alert as an email for the authorized person or team to review and remediate. + +* *Send to Slack*—When you select the Alert ID link for an alert that is in a snoozed or open state, you can send the alert to a Slack channel of your organization to review and remediate. * *View in Console*—When you select the Alert ID link for an alert, the View in Console link takes you to the Cloud Service Provider console where the asset is deployed. If you have access to the CSP console, you can log in and view the details of the misconfiguration that generated the policy violation. @@ -163,7 +169,13 @@ If you want to investigate further, use the *Investigate* link for the automatic .. Fix the problem. -* Use *Send To Jira* to file a ticket for the application team, if you do not have the authority to fix the issue. +* Select *Send To > Jira* to file a ticket for the application team, if you do not have the authority to fix the issue. +* Select *Send To > Email* to enter the email address of the person or addresses (comma-separated list) of the team to whom you want to send the alert notification, add a message (optional), and *Send*. The recipient will receive an email with the alert details and remediation steps to resolve the alert (if applicable). ++ +image::alerts/send-to-email.png[] +* Select *Send To > Slack* to enter or select the Slack channel where you want to send the alert notification, add a message (optional), and *Send*. The specified channel will receive the alert details and remediation steps to resolve the alert (if applicable). ++ +image::alerts/send-to-slack.png[] * Use *Fix in Cloud* to prevent an incident from occurring in runtime. Prisma Cloud can automatically execute the CLI command provided in the policy recommendations to resolve the misconfiguration. * Use *Fix in Code* if you have access to the IaC resource and can submit a PR to the Version Control System. + @@ -260,18 +272,18 @@ Create *Saved Views* to organize your alerts into appropriate threat vector cate Because the default (*System*) views are an opinionated suggestion of the filters that provide the results for a specific problem, if you make changes to a *System* view, you will either need to save it as a custom view with a new name or clear your edits. ==== -.. *Add View* to clone the view that you’re currently on and then make changes. You can create a maximum of 20 views. +.. Select *Add View* to clone the view that you’re currently on and then make changes. You can create a maximum of 20 views. . *Manage Views*. -.. *Manage Views* to reorder (image:alerts/alerts-views-reorder.png[]), hide/show (image:alerts/alerts-views-visible.png[]), duplicate (image:alerts/alerts-views-duplicate.png[]), and delete (image:alerts/alerts-views-delete.png[]) your saved views. +.. Select *Manage Views* to reorder, hide/show, duplicate, and delete your saved views. +//image::alerts/alerts-views-reorder.png[], image::alerts/alerts-views-visible.png[], image::alerts/alerts-views-duplicate.png[], image::alerts/alerts-views-delete.png[] + [NOTE] ==== You cannot delete or rename the *System* views. ==== + +.. Select *Done* and *Confirm* to view your changes. The *Confirm* option displays only when you want to delete a view. + image::alerts/alerts-views-4.png[] - -.. *Done* and *Confirm* to view your changes. The *Confirm* option displays only when you want to delete a view. - diff --git a/docs/en/enterprise-edition/content-collections/application-security/collection-application-security.yml b/docs/en/enterprise-edition/content-collections/application-security/collection-application-security.yml index aa0f8d2a14..e5d400721b 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/collection-application-security.yml +++ b/docs/en/enterprise-edition/content-collections/application-security/collection-application-security.yml @@ -61,6 +61,8 @@ topics: topics: - name: CI/CD Runs file: ci-cd-runs.adoc + - name: Azure Pipelines + file: add-azure-pipelines.adoc - name: AWS Code Build file: add-aws-codebuild.adoc - name: Checkov @@ -69,6 +71,8 @@ topics: file: add-circleci.adoc - name: GitHub Actions file: add-github-actions.adoc + - name: GitLab Runner + file: add-gitlab-runner.adoc - name: Jenkins Server file: add-jenkins.adoc - name: Terraform Cloud (Run Tasks) @@ -101,15 +105,19 @@ topics: file: connect-jetbrains.adoc - name: Non-Default Branch Scan file: non-default-branch-scan.adoc - - name: Manage Network Tunnel (Transporter) + - name: Manage Transporter (Network Tunnels) dir: manage-network-tunnel topics: - - name: Manage Network Tunnel (Transporter) + - name: Manage Transporter (Network Tunnels) file: manage-network-tunnel.adoc + - name: Transporter Connectivity Overview + file: transporter-connectivity-overview.adoc - name: Set Up Transporter Network Tunnels using Docker Containers file: deploy-transporter-docker.adoc - name: Set Up Transporter Network Tunnels using Helm Charts file: deploy-transporter-helmcharts.adoc + - name: Select Transporter and ensure Domain Name Consistency + file: select-transporter-domain-consistency.adoc - name: Application Security Settings dir: application-security-settings topics: @@ -172,6 +180,8 @@ topics: file: supported-package-managers.adoc - name: Secrets Scanning file: secrets-scanning.adoc + - name: Terraform Module Scanning + file: terraform-module-scan.adoc - name: Fix Code Issues file: fix-code-issues.adoc - name: Suppress Code Issues diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/add-pre-receive-hooks.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/add-pre-receive-hooks.adoc index 007239959d..fedee5da81 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/add-pre-receive-hooks.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/add-pre-receive-hooks.adoc @@ -23,7 +23,7 @@ Installing Prisma Cloud scanner as a pre-receive hook on your local host enables . Before you begin: + -* Install https://www.python.org/downloads/[Python] v3.7 - v3.11 +* Install https://www.python.org/downloads/[Python] v3.8 - v3.12 * Install https://docs.docker.com/get-docker/[Docker] * Install xref:../../connect-code-and-build-providers/ci-cd-runs/add-checkov.adoc[Checkov] * Verify _Administrator_ access to the VCS server and console diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/exclude-paths.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/exclude-paths.adoc index 0e9189b0bf..64b622fe52 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/exclude-paths.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/exclude-paths.adoc @@ -2,29 +2,30 @@ [.task] -== Exclude Paths from Application Security scans +== Exclude Paths from Application Security Scans -Enhance your Application Security scan by incorporating rules into an integrated repository. These new rules are specifically scanned for a single defined repository. However, you have the flexibility to set up multiple repositories for a defined rule. - -By default, Prisma Cloud conducts scans across all paths in all repositories. You can apply a rule to precisely identify which repository paths should be excluded during the scanning process. +By default, Prisma Cloud conducts scans across all paths in all repositories. You can apply a rule to exclude paths during a scan, and select the repositories to which these exclusions apply. //Prior to initiating the rule-addition process, ensure that the default configuration for all repositories is disabled. //TODO: Anagha to confirm this statement. [.procedure] -. Select *Application Security* on Prisma Cloud switcher and then select *Settings > Application Security*. +. In *Application Security*, select *Settings* > *Application Security*. +. Scroll-down to *Exclude Paths*. + image::application-security/settings-config-excludepaths.png[] -. Add paths to exclude from scans. +. Add paths to be excluded exclude from scans. + -Use comma `(,)` to list more than one path or file. +NOTE: Use a comma `(,)` to list more than one path or file. + -In this example, you see `test, _test, \/test\/` added as paths. During scans any path or file that includes the specified context will not be scanned. +In this example, the `test, _test, \/test\/` paths were added. During a scan, any path or file that includes the specified values will not be scanned. + image::application-security/settings-example.png[] -. Select repositories to which you would like to exclude specific paths during scans and then select *Save*. -+ -Optionally, you can select *Add Rule* to add another rule to exclude paths in a repository. +. Select repositories to which you would like to exclude specific paths during scans > *Save*. + +=== Add Rules + +Select *Add Rule* to add exclude additional paths in a repository, and repeat the steps above. diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-aws-codebuild.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-aws-codebuild.adoc index 3d6c004e7e..0bc0a39408 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-aws-codebuild.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-aws-codebuild.adoc @@ -49,7 +49,7 @@ env: phases: install: runtime-versions: - python: 3.7 + python: 3.8 commands: - pip3 install checkov - echo Installing codebuild-extras... diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-azure-pipelines.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-azure-pipelines.adoc new file mode 100644 index 0000000000..7fb576b615 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-azure-pipelines.adoc @@ -0,0 +1,105 @@ +:topic_type: task + +[.task] +== Connect Azure Pipelines + +Integrate Prisma Cloud Code Security with Azure Pipelines to seamlessly embed vulnerability detection into your Azure DevOps CI/CD pipelines. This integration enables continuous scanning and detection of your your infrastructure as code (IaC) and code repositories as a part of your CI/CD workflows. Additionally, it automates shift-left actions and provides reporting and tracking on the Prisma Cloud administrative console. + +[.procedure] + +. Before you begin, xref:../../../../administration/create-access-keys.adoc[generate and copy the Prisma Cloud access key] to enable access to Prisma Cloud. The access key includes a Key ID and Secret. +. Create or open the `.azure-pipelines.yml` file in your repository for editing, or alternatively, navigate to *CI/CD* > *Editor* in your Azure project. +. In *Azure DevOps*, create a new pipeline or select an existing pipeline and select *Edit*. ++ +An editor for the `azure-pipelines.yml` configuration file is displayed. ++ +image::application-security/az-pipelines-1.png[] + +. Add the following steps into your pipeline jobs or stages, based on your current configuration. ++ +[source,yaml] +---- +- task: UsePythonVersion@0 + inputs: + versionSpec: '3.8' + displayName: 'Install Python 3.8' +- script: pip install checkov + displayName: 'Install Checkov' +- script: checkov -d --bc-api-key :: --repo-id --branch + displayName: 'Scan with Prisma Cloud' + env: + PRISMA_API_URL: +---- + +The code snippet above includes the following arguments: + +* : The directory of the repository you wish to scan. + +* ::: A combination of your Prisma Access Key and Prisma Secret Key. As a best practice, store this access the access key and secret in a vault + +* : Your VCS organization name and repository name + +* : The branch to be scanned + +* : The *API URL* for your Prisma Cloud stack. Refer to the xref:../../../../get-started/console-prerequisites.adoc[available list of URLs] for more information. + +NOTE: Use `--soft-fail` to scan the build for errors without failing the job or stage. + +For additional scan settings, refer to the https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html[CLI Command Reference guide]. + +=== Verify Integration + +To verify the integration with Prisma Cloud, in *Application Security*, select *Home* > *Settings* > *CICD Runs* tab. Your integrated repositories will be displayed. You may have to wait for up to three minutes before the status of the integration is updated. + +NOTE: Although the Prisma Cloud UI does not natively support an Azure Pipelines integration, your repository will still be visible in the UI as a CLI Repository. + +=== USAGE + +After completing the integration, Prisma Cloud will automatically conduct a scan, and the outcomes will be presented in the pipeline logs and on the *Projects* page of the Prisma Cloud console. + +image::application-security/az-pipelines-2.png[] + +=== EXAMPLE + +The following example describes a full pipeline enabled for the Prisma Cloud Code Security scan that also sends results to the *Azure Pipeline Tests* section. +[source,yaml] +---- +trigger: +- main + +pr: +- main + +pool: + vmImage: ubuntu-latest + +variables: + PRISMA_API_URL: https://api.prismacloud.io + +jobs: +- job: Prisma_Cloud_Job + displayName: Prisma Cloud Job + steps: + - task: AzureKeyVault@2 + inputs: + azureSubscription: 'pipeline-connection' + keyVaultName: 'pipeline-vault' + secretsFilter: '*' + runAsPreJob: false + - task: UsePythonVersion@0 + inputs: + versionSpec: 3.8 + displayName: 'Use Python 3.8' + - script: pip install checkov + displayName: Install Checkov + - script: checkov -d . --use-enforcement-rules --bc-api-key $(prisma-access-key)::$(prisma-secret-key) --repo-id prismaiac/bicepgoat --branch main -o cli -o junitxml --output-file-path console,CheckovReport.xml + workingDirectory: $(System.DefaultWorkingDirectory) + displayName: Run Checkov + - task: PublishTestResults@2 + inputs: + testResultsFormat: 'JUnit' + testResultsFiles: '**/CheckovReport.xml' + testRunTitle: PrismaCloudTests + displayName: Publish Test Results + condition: always() +---- diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-github-actions.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-github-actions.adoc index f895038359..bcecb85c33 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-github-actions.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-github-actions.adoc @@ -8,7 +8,7 @@ Integrate Prisma Cloud with GitHub Actions to allow dynamic, automated, and cont [.procedure] . Before you begin. -+ + .. xref:../../../../administration/create-access-keys.adoc[Generate and copy the Prisma Cloud access key] to enable access to Prisma Cloud. The access key includes a key ID and secret. .. Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console. @@ -23,18 +23,27 @@ image::application-security/connect-provider-menu.png[] + image::application-security/connect-provider.png[] + -The *Add Environment Variable* step of the integration wizard opens. +The *Add Environment Variable* step of the integration wizard is displayed. ++ +image::application-security/gha-add-envstep-wizard.png[] . Add the Prisma Cloud access key as an environment variable to *GitHub Secrets*. -.. Copy the pre-populated Prisma access key name from the *Name* field. -.. Enter your access key ID and secret generated in step 1.1 above in the *Value* step > *Next*. +.. Copy the Prisma access key name from the *Name* field. +.. Copy the access key ID and secret from the *Value* step +.. Add the access key as an environment variable to GitHub Actions. + -NOTE: Access key format: `PRISMA_ACCESS_KEY::PRISMA_SECRET_KEY`. +NOTE: For more information on passing secrets as environment variables to GitHub Actions, refer to https://docs.github.com/actions/security-guides/encrypted-secrets. -. Copy and paste the following code from the *Configure Job* step of the integration wizard into your GitHub Actions job configuration. +. Click *Next*. + -NOTE: The `prisma-api-url` value is environment-specific. Therefore, replace the value with the appropriate value for your environment. +The *Configure Job* step of the integration wizard is displayed. + +image::application-security/gha-conf-job-step-wizard.png[] + +. Copy and paste the following code into your GitHub Actions job configuration. ++ +NOTE: The `prisma-api-url` value is environment-specific. Therefore, replace the value with the appropriate value for your environment. + [source.yml] ---- steps: @@ -50,6 +59,7 @@ steps: api-key: ${{ secrets.BC_API_KEY }} ---- +. Select *Done*. . Verify integration: In *Application Security*, select *Home* > *Settings* > *CI/CD Runs* tab. + Your integrated GitHub Actions repositories will be displayed. You may have to wait for up to three minutes before the status of the integration is updated. diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-gitlab-runner.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-gitlab-runner.adoc new file mode 100644 index 0000000000..4bf93c02c0 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-gitlab-runner.adoc @@ -0,0 +1,57 @@ +:topic_type: task + +[.task] +== Connect GitLab Runner + +Integrate Prisma Cloud Code Security with GitLab Runner to seamlessly embed vulnerability detection into your GitLab CI/CD pipelines. This integration enables continuous scanning of your workflow whenever changes are pushed or triggered,integrating security checks, and catching issues as soon as they are introduced. Additionally, it automates shift-left actions such as notifying developers or creating tickets, based on scan results. + +[.procedure] + +. Before you begin. +.. xref:../../../../administration/create-access-keys.adoc[Generate and copy the Prisma Cloud access key] to enable access to Prisma Cloud. The access key includes a Key ID and Secret. +.. Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console. +. Create or open the `.gitlab-ci.yml` file in your repository for editing, or alternatively, navigate to *CI/CD* > *Editor* in your GitLab project. +. Add your Prisma *Access Key* and Prisma *Secret Key* as GitLab environment variables named `PRISMA_ACCESS_KEY` and `PRISMA_SECRET_KEY` respectively. ++ +NOTE: For additional information about GitLab variables, refer to the https://docs.gitlab.com/ee/ci/variables/#create-a-custom-variable-in-the-ui[GitLab documentation on creating custom variables]. +. Add the following job code to the appropriate stage in the file. + +[source,yaml] +---- +stages: +- validate + +prisma-cloud: + variables: + PRISMA_API_URL: https://api.prismacloud.io + image: + name: bridgecrew/checkov:latest + entrypoint: + - '/usr/bin/env' + - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' + stage: validate + script: + - checkov -d . --bc-api-key $PRISMA_ACCESS_KEY::$PRISMA_SECRET_KEY --repo-id $CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME --branch $CI_COMMIT_REF_NAME --use-enforcement-rules -o cli -o junitxml --output-file-path console,prismacloud.xml + artifacts: + paths: + - prismacloud.xml + reports: + junit: prismacloud.xml +---- + +NOTE: Update the `PRISMA_API_URL` with the `API URL` corresponding to your Prisma Cloud stack. Refer to the xref:../../../../get-started/console-prerequisites.adoc[available list of URLs] for more information. + +=== Verify Integration + +To verify the integration with Prisma Cloud, in *Application Security*, select *Home* > *Settings* > *CICD Runs* tab. Your integrated repositories will be displayed. You may have to wait for up to three minutes before the status of the integration is updated. + +NOTE: Although the Prisma Cloud UI does not natively support a GitLab Runner integration, your repository will still be visible in the UI as a CLI Repository. + +=== USAGE + +After completing the integration, Prisma Cloud will automatically conduct a scan, and the outcomes will be presented in the *Tests* section on GitLab and on the *Projects* page of the Prisma Cloud console. + +NOTE: GitLab Runner does not support CI/CD Security scans. + +image::application-security/gitlab-runner-1.png[] + diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/ci-cd-runs.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/ci-cd-runs.adoc index 713958b645..9cf98758ff 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/ci-cd-runs.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/ci-cd-runs.adoc @@ -4,10 +4,12 @@ Integrate Prisma Cloud with your CI/CD runs in order to scan and detect misconfi CI/CD Run integrations include: +* xref:add-azure-pipelines.adoc[Azure Pipelines] * xref:add-aws-codebuild.adoc[AWS Code Build] * xref:add-circleci.adoc[CircleCI] * xref:add-checkov.adoc[Checkov] * xref:add-github-actions.adoc[GitHub Actions] +* xref:add-gitlab-runner.adoc[GitLab Runner] * xref:add-jenkins.adoc[Jenkins] * xref:add-terraform-cloud-sentinel.adoc[Terraform Cloud (Sentinel)] * xref:add-terraform-run-tasks.adoc[Terraform Cloud (Run Tasks)] diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-azurerepos.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-azurerepos.adoc index edd51795f2..6d2f8ba6fa 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-azurerepos.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-azurerepos.adoc @@ -14,7 +14,7 @@ Prisma Cloud supports multiple Azure Repos accounts for a single Prisma Cloud te . Before you begin. .. Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console. -.. Grant *Administrator* permissions in the relevant Azure organization to the Prisma user integrating Prisma Cloud with Bitbucket +.. Grant *Administrator* permissions in the relevant Azure organization to the Prisma user integrating Prisma Cloud with Azure. .. On the Azure DevOps console. + diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab-selfmanaged.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab-selfmanaged.adoc index d5f68dfde9..034c81c9a5 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab-selfmanaged.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab-selfmanaged.adoc @@ -11,11 +11,11 @@ This integration enables security scans to identify Infrastructure-as-Code (IaC) . Before you begin. + .. Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console. -.. Grant *Administrator* permissions in the relevant GitLab organization to the Prisma user integrating Prisma Cloud with GitLab Self-managed +.. Grant *Administrator* permissions in the relevant GitLab organization to the Prisma user integrating Prisma Cloud with GitLab Self-managed. . On the Prisma Cloud Application Security console. -.. In Application Security, select *Settings* > *Connect Provider* > *Code & Build Providers*. +.. In *Application Security*, select *Home* > *Settings* > *Connect Provider* > *Code & Build Providers*. + image::application-security/connect-provider-menu.png[] @@ -50,14 +50,14 @@ image::application-security/gitlab-selfmanaged-app-values1.0.png[] . In the *Set Client ID and Secret* step of the Prisma Cloud integration wizard. -.. Paste the generated *Application ID* and *Secret* values that you copied above > *Authorize*. +.. Paste the generated *Application ID* and *Secret* values that you copied above > click *Authorize*. + The *Select Repositories* step of the wizard is displayed. . Select which repositories will be scanned. + * *Permit all existing repositories* -* *Permit all existing and future repositories*. This is the recommended option to ensure complete coverage and successful operation of all features. +* *Permit all existing and future repositories*. This is the recommended option to ensure complete coverage and successful operation of all features * *Choose from repository list* > Select repositories . Select *Next* > *Done* in the *Status* step of the wizard to complete the integration. @@ -83,7 +83,7 @@ Prisma Cloud supports multiple integrations for GitLab Self-Managed. After the i Multiple integrations from a single Prisma Cloud account enables you to: * View a list of integrations on a single console -* Add additional integrations. +* Add additional integrations * Delete an existing integration NOTE: Selecting a repository for a specific integration will restrict you from selecting the same repository in another integration. diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/connect-vscode.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/connect-vscode.adoc index 2bb1c4b3f8..cadeafe2a2 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/connect-vscode.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/connect-vscode.adoc @@ -14,7 +14,7 @@ Apart from the scanning the default Prisma Cloud policies, Prisma Cloud also sca .. *Access Key*: Enables access to Prisma Cloud. If you do not have the access key, refer to xref:../../../administration/create-access-keys.adoc[Generate and copy the Prisma Cloud access key] .. *Roles and Permissions* Grant Developer (minimum) role with access to specific repositories. The Developer role provides view and access to *Fix and Submit* changes to the relevant VCS repositories. If a user has more than one Prisma Cloud Role assigned to them, the access key associated with the default role is used when accessing Prisma Cloud .. *Secret Key*: The secret key generates with your access key. Save your secret key when you generate it, as you cannot view it again on Prima Cloud -.. *Install Python*: Prisma Cloud Code Security requires Python to run. Install https://www.python.org/downloads/[Python version 3.7] or above. If you have a versatile working environment of both pip and virtual environment install https://docs.pipenv.org/[Pipenv] or https://www.docker.com/products/docker-desktop[Docker] +.. *Install Python*: Prisma Cloud Code Security requires Python to run. Install https://www.python.org/downloads/[Python version 3.8] or above. If you have a versatile working environment of both pip and virtual environment install https://docs.pipenv.org/[Pipenv] or https://www.docker.com/products/docker-desktop[Docker] .. *Prisma Cloud API URL*: When you configure the Prisma Cloud Code Security plugin to VScode (Visual Studio Code) you need Prisma Cloud API URL. The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io. For Prisma Cloud API URL, replace *app* in the URL with *api* * Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-docker.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-docker.adoc index ba564bc45a..fe004a7c45 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-docker.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-docker.adoc @@ -3,91 +3,108 @@ [.task] == Set Up Transporter Network Tunnels using Docker Containers -Setup the Transporter network tunnel using Docker containers. +Deploy the Transporter network tunnel using Docker containers. [.procedure] . Before you begin. -.. Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console. -.. Configure your firewall or proxy to allow egress network access for the IP addresses in the allow list. -.. xref:../../../administration/create-access-keys.adoc[Generate and copy the Prisma Cloud access key] to enable access to Prisma Cloud. The access key includes a key ID and secret. -.. https://docs.docker.com/engine/install/[Install Docker]. The Transporter Client requires Docker to be installed in your environment with network access to your self-hosted VCS. -.. *SSL Certificate and path access*: To establish a secure webhook connection to your VCS, you need to provide Transporter with an SSL certificate. The webhook is established in your environment, so you need to define to the certificate storage path and key. -.. Hardware resources: -+ -* For environments where the total size of all scanned repositories is under 4 GB, use a machine with 2 CPUs and 8 GB of RAM (tested on m5.large EC2 instance) -* For environments where the total size of all scanned repositories is over 4 GB, use a machine with 4 CPUs and 16 GB of RAM (tested on m5.xlarge EC2 instance) +.. Fulfill the xref:manage-network-tunnel.adoc#requirements[Requirements] listed in *Manage Transporter (Network Tunnel)*. +.. https://docs.docker.com/engine/install/[Install Docker]. The Transporter Client requires Docker to be installed in your environment with network access to your self-hosted provider (such as your VCS). +.. *Proxy*: If you are using a proxy, refer to <> below for details on proxy connectivity. +.. *Self-signed certificates*: As mentioned in xref:manage-network-tunnel.adoc#requirements[Requirements for setting up the Transporter], you must provide the Transporter with an SSL certificate to ensure a secure webhook connection between your version control system and the Transporter. If you are using a self-signed certificate, add SSL/TLS CA certificate environment variables and configure the HTTPS_CA variable. Refer to <> below for more information. . On the *Application Security* console. .. Select *Home* > *Settings* > *Manage Network Tunnels*. -.. In the *Manage Integrations* step of the installation wizard that is displayed, select *New Transporter*. -. Fill in the fields that are displayed. + -* *Transporter Name*: a unique alias. Helps to group and define multiple connections on Prisma Cloud console. The Transporter unique name cannot contain spaces. -* *Transporter URL* and *Port*: The Transporter URL is a proxy URL with a port number you must define. This information will also be used in the Docker files that are configured in Transporter to communicate with Prisma Cloud -* *Prisma Cloud Access Key* and *Prisma Cloud Secret Key*: The Access key ID and secret generated in step 1 above -* *SSL Certificate path* and *SSL Certificate key path*: Specify the paths to the SSL certificate and key in order to use Transporter. Webhooks use the certificate path to integrate with Transporter, and the key path to allow WebSockets to encrypt traffic (communicate over HTTP). Ensure that the path of the certificate is for the specified Transporter client URL and port +image::application-security/transporter-int-wiz-mng-int.png[] +.. Select *New Transporter* in the *Manage Integrations* step of the installation wizard that is displayed. +. Fill in the provided fields. ++ +* *Transporter Name*: A unique alias. Helps to group and define multiple connections on the Prisma Cloud console. The Transporter name cannot contain spaces +* *Transporter URL*: The URL that your firewall or proxies route to the Transporter at the port configured in the Port section +* *Port*: The Transporter URL is a proxy URL with a port number you must define. This information will also be used in the Docker files that are configured in Transporter to communicate with Prisma Cloud +* *Prisma Cloud Access Key ID*: The Access Key ID generated in step 1 above +* *Prisma Cloud Secret Key*: The Secret key generated in step 1 above +* *SSL Certificate path*: The path to the SSL certificate in order to use Transporter. Webhooks use the certificate path to integrate with Transporter. Ensure that the path is for the specified Transporter client URL and port +* *SSL Certificate key path*: The path to the SSL certificate key. Allows WebSockets to encrypt traffic (communicate over HTTP). +* *Provider Self Signed CA certificate path (Optional)*: The path for the self-signed CA certificate of your VCS provider when using self-signed certificates. +* *VPN/Proxy CA certificate path (Optional)*: The path for the self-signed CA certificate of your VPN/proxy provider when using self-signed certificates, if it differs from the self-signed certificate used by the provider +* *Proxy URL (Optional)*: The proxy URL, when using a proxy . Select *Next*. ++ +The *Docker Client* step of the wizard is displayed. ++ +image::application-security/ui-wizard-deploy-client.png[] . In the *Deploy Client* step of the wizard. -.. Give Docker the permissions it needs to run: Copy the command from the *Verify and add permissions for set SSL Certificate path* field, and run it in your CLI terminal. +.. Copy the command from the *Verify and add permissions for set SSL Certificate path* field, and run it in your CLI terminal. + NOTE: This command sets the permissions for the SSL certificate and defines the local path to the certificate. .. Pull the Docker image: Copy the command from the *Docker pull CLI* field and run it in your CLI terminal. -.. Select *Docker commands* or *Docker compose* from the *Run Image* field to run the image and establish communication between Prisma Cloud and your self-hosted VCS. +.. Select *Using Docker commands* or *Docker compose* from the *Run Image* field to run the image and establish communication between Prisma Cloud and your self-hosted VCS. + -NOTE: Use *Docker commands* to create a Docker image that contains the code and configuration for establishing communication between Prisma Cloud and your self-hosted VCS. Then run this image using Docker commands. Use *Docker compose* to define a Docker application that contains the code and configuration for establishing communication between Prisma Cloud and your self-hosted VCS. Then run this application using Docker compose. - -* *Using Docker commands* - - +image::application-security/docker-run-image1.1.png[] ++ +* *Run Image through Docker Commands* ++ +Use *Docker commands* to create a Docker image that contains the code and configuration for establishing communication between Prisma Cloud and your self-hosted VCS. Then run this image using Docker commands. ** Copy and paste the command from the *Logs volume* command in your terminal to save the Docker logs as a dedicated volume ** Copy and paste the command from the *Docker Run CLI command* in your terminal to run the pulled Docker image +* *Run Image through Docker Compose* + -image::application-security/transporter-12.png[] -+ -* *Using Docker compose* - +Use *Docker compose* to define a Docker application that contains the code and configuration for establishing communication between Prisma Cloud and your self-hosted VCS. Then run this application using Docker compose. ** Copy and paste the content from the *Docker Compose Content* field into your file to create and save docker-compose file content that you can use later ** Copy and paste the command from the *Docker-Compose CLI Command* field in your CLI terminal to run the 'docker-compose' command -+ + Once the connection is established, Transporter will use WebSockets to communicate with each other. -+ -NOTE: The `-d` value in the command is used to specify the name of the Docker Compose yml file. + +NOTE: The `-d` value in the command specifies the name of the Docker Compose yml file. . Select *Next* > *Done* to complete the integration. + -Only after the Transporter has run successfully can Prisma Cloud authenticate and establish a communication channel with your VCS. +NOTE: Only after the Transporter has run successfully can Prisma Cloud authenticate and establish a communication channel with your provider (such as VCS). -You can view the integrated Transporter in *Application Security* through *Home* > *Settings > Manage Network Tunnels > Manage Integrations*. +. Next Step: Select the Transporter that will act as the secure communication channel between the hosted Docker Client and Prisma Cloud. ++ +Refer to xref:select-transporter-domain-consistency.adoc[Select Transporter and ensure Domain name consistency during Integration] for more information. -=== Add Additional Transporters +=== Verify Deployment and Connectivity -You can add a new Transporter to an VCS integration in *Application Security* through *Home* > *Settings* > *Manage Network Tunnels* > *Manage Integrations* > *New Transporter*. +You can verify that the transporter has been successfully deployed and is connected to your providers through both the Prisma Cloud console and your CLI. -Adding the Transporter to an integration establishes the communication channel between the VCS and Prisma Cloud. In this example, the GitLab Self-managed integration to Prisma Cloud uses the Transporter. +* *Prisma Cloud console*: In *Application Security* select *Home* > *Settings > Manage Network Tunnels > Manage Integrations*. Select that your Transporter in the *Transporter* field, and verify connectivity by checking for a displayed message ++ +image::application-security/transporter-verify-connectivity-ui1.1.png[] -image::application-security/transporter-18.png[] +* *CLI*: To retrieve logs in your Docker environment, run `docker logs [CONTAINER ID]` ++ +image::application-security/transporter-docker-connectivity-log2.2.png[] + +=== Add Additional Transporters +You can add a new Transporter to a VCS integration in *Application Security* through *Home* > *Settings* > *Manage Network Tunnels* > *Manage Integrations* > *New Transporter*, and repeating the deployment steps above. === Manage Transporter -You can manage the existing Transporter configuration in Application Security through *Home* > *Settings* > *Manage Network Tunnels* > *Manage Integrations*. +You can manage the existing Transporter configuration in *Application Security* through *Home* > *Settings* > *Manage Network Tunnels* > *Manage Integrations*. -* *Edit* Transporter: Select a Transporter from the menu in the Transporter field > edit required the values in the same manner as the integration process above. +* *Edit* Transporter: Select a Transporter from the menu in the Transporter field > Edit required the values in the same manner as the integration process above -* *Delete* Transporter: Select a Transporter from the menu in the Transporter field > Click *Delete Transporter* +* *Delete* Transporter: Select a Transporter from the menu in the Transporter field > Click *Delete Transporter*. ++ +NOTE: To delete the Transporter, you need to first remove the existing VCS integrations associated with it. === Health Check -The health check shows you how many VCS integrations you have and the last time the connection was established. The Transporter runs health checks every hour, but you can also refresh the connection anytime on Prisma Cloud. +The health check provides about the VCS integrations and the most recent connection establishment time. The Transporter runs health checks every hour, and you manually refresh the connection at any time through Prisma Cloud. -Prisma Cloud scans every Transporter configuration for a secure connection. After authenticating the secure connection, you will view the health check of the Transporter. +Prisma Cloud scans every Transporter configuration for a secure connection. After authenticating the secure connection, you will be able to view the health check of the Transporter. -image::application-security/transporter-19.png[] +image::application-security/transport-health-check1.1.png[] -Prisma cloud supports three types of client health checks:Transporter Client at VCS Domain, Transporter Client at Prisma Cloud Server and Transporter Client in client environment and Transporter Client at Prisma Cloud environment. +==== Health Check Types +Prisma cloud supports three types of client health checks: 'Transporter Client at VCS Domain', 'Transporter Client at Prisma Cloud Server' and 'Transporter Client in client environment and Transporter Client at Prisma Cloud environment'. ==== Transporter Client at VCS Domain @@ -95,13 +112,13 @@ Prisma cloud supports three types of client health checks:Transporter Client at Checks if there is a connection with your VCS machine using Transporter. -* Apply additional headers to a `CURL` command in order to point to the VCS that the check should be applied to: +Apply additional headers to a `CURL` command in order to point to the VCS that the check should be applied to: -** `x-forwarded-host`: The VCS machine hostname for the check +* `x-forwarded-host`: The VCS machine hostname for the check -** `x-forwarded-path`: The path of the request to send to the VCS machine +* `x-forwarded-path`: The path of the request to send to the VCS machine -** `x-forwarded-proto`: The protocol which to check connectivity on - https or http +* `x-forwarded-proto`: The protocol which to check connectivity on - https or http === Transporter Client at Prisma Cloud Server @@ -117,27 +134,82 @@ Checks if the certificates provided are valid for the domain of the machine and `/healthz`, is used for docker `healthcheck` on the internal port of docker `8080`. -NOTE: You must run at least 3 test checks before running the Docker image. The responses must be `ok:true` when the checks pass, or `ok:false` when they fail. +NOTE: You must run at least three test checks before running the Docker image. Response values: `ok:true` for passed checks, `ok:false` for failed checks. -[.task] +[#self-signed-certificates] +=== Self Signed Certificates +Ensure the security of your Transporter Client when using self-signed certificates, by adding SSL/TLS CA Certificate environment variables, and configuring the HTTPS_CA variable. -=== Delete Transporter +==== Adding SSL/TLS CA Certificate Environment Variables -Deleting the Transporter is only possible if you have removed existing VCS integrations with the Transporter. +To enhance security and enable SSL/TLS configuration for your Transporter Client, consider including Certificate Authority (CA) certificates. -[.procedure] +==== Configure SSL/TLS with HTTPS_CA Variable -. In *Application Security*, select *Home* > *Settings > Manage Network Tunnel* > select a specific Transporter name. -. Select *Delete Transporter*. +When using a self-signed certificate for your Transporter Client, which is a common practice for internal or non-public systems, add the CA certificate that signed your self-signed certificate to the HTTPS_CA environment variable. This step ensures that your VCS system can verify the domain's identity and establish a secure connection using HTTPS, even with self-signed certificates. It is a way to establish trust for your self-signed certificate within your environment. -[.task] +*HTTPS_SOCKET_CA* -=== Edit Transporter +[source,Dockerfile] +---- +-e HTTPS_CA=/usr/bridgecrew/app/tls/ca.crt +-v /Users/username/config/certificates/ca.pem:/usr/bridgecrew/app/tls/ca.crt +---- -You can edit the configuration of an existing Transporter. +==== Configure Environment Variable for TLS Proxy (HTTPS_SOCKET_CA) + +When working with a TLS termination proxy in a proxy or VPN, configure the 'HTTPS_SOCKET_CA' environment variable with the appropriate CA certificate. This ensures secure TLS communication with properly authenticated endpoints during the SSL/TLS handshake process. + +NOTE: This variable is required when the CA certificate used by the proxy differs from the CA certificate used by the Transporter Client (refer to the section above). + +*HTTPS_SOCKET_CA (TLS Termination Proxy CA)* + +[source,Dockerfile] +---- +HTTPS_SOCKET_CA (TLS Termination Proxy CA) +-e HTTPS_SOCKET_CA=/usr/bridgecrew/app/tls/ca.crt +-v /Users/username/config/certificates/ca.pem:/usr/bridgecrew/app/tls/ca.crt +---- + +[#docker-proxy-integration-] +=== Docker Proxy Connectivity + +Using a proxy enhances security and network efficiency by enabling the establishment of a secure and isolated communication channel between the Prisma Cloud service and your self-hosted version control system, such as GitLab Self Managed or GitHub Server. + +The following diagram displays system architecture for proxy connectivity in a Docker Container environment. + +image::application-security/transporter-connectivity-docker-proxy-2.0.png[] + +NOTES: + +* In the first diagram the connection between the VCS and Transporter Client does not pass through the firewall, while in the second diagram, the connectivity between the VCS and Transporter Client passes through a firewall +* The Connectivity legend for the proxy matches with the legend Transporter connectivity above, except that traffic passes through the firewall from the Transporter Client to the Proxy, and then to the Prisma Cloud Tenant + +==== Configure Proxy Server and Certificate Authority (CA) + +Organizations using a proxy server to enhance network security can define the proxy settings using environment variables. To ensure security and integrity, configuring the Certificate Authority (CA) for the proxy is very important. + +==== Configure System Environment Variable + +Set up a proxy in your system environment using the following environment variable. +`HTTPS_PROXY=http://proxy.domain.com:8080`. + +==== Configure Container Environment Variable + +For containerized environments, configure the following environment variable: +`docker run -e PORT=8080 -e HTTPS_PROXY=http://proxy.domain.com:8080 bridgecrew/transporter`. + +==== Configure Environment Variable for TLS Proxy (HTTPS_SOCKET_CA) + +When working with a TLS termination proxy in a proxy or VPN, configure the HTTPS_SOCKET_CA environment variable with the appropriate CA certificate. This ensures secure TLS communication with properly authenticated endpoints during the SSL/TLS handshake process. + +*HTTPS_SOCKET_CA (TLS Termination Proxy CA)* + +[source,Dockerfile] +---- +-e HTTPS_SOCKET_CA=/usr/bridgecrew/app/tls/ca.crt +-v /Users/username/config/certificates/ca.pem:/usr/bridgecrew/app/tls/ca.crt +---- -[.procedure] -. In *Application Security*, select *Home* > *Settings* > *Code & Build Providers* > *Manage Network Tunnel* > select a specific Transportere. -. Edit the configurations and then select *Next*. diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-helmcharts.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-helmcharts.adoc index 5291fbc05b..2c94281457 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-helmcharts.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-helmcharts.adoc @@ -1,12 +1,19 @@ == Set Up Transporter Network Tunnels using Helm Charts -Setting up the Transporter network tunnel using Helm charts provides automated and efficient configuration management. +Deploying the Transporter network tunnel using using Helm charts provides automated and efficient configuration management. Transporter can be deployed in a new or existing cluster environment. -=== System Topology +=== System Architecture -The following diagram illustrates the system set up using Helm charts to deploy the Transporter. +The following diagram displays Kubernetes deployment options. -image::application-security/transporter-topology.png[] +image::application-security/transporter-k8s-usecases.png[] + +As displayed, deployment options include encrypting traffic at either the pod or ingress level. You can omit encryption when interacting with both ingress and pod. You can also choose to interact directly with the service and pod without involving ingress. + +=== Resiliency and Redundancy Considerations + +* *Resiliency*: Transporter supports resiliency +* *Redundancy*: Transporter does not support redundancy. You cannot run multiple Docker Containers of the Transporter and then load balance between them. In addition, you cannot run more than replica sets of more than one pod. Therefore you should monitor the pod === Installation Options @@ -14,13 +21,15 @@ You can install the Helm chart and set configurations through either the Helm in === Requirements -Before you begin installing Transporter through either option, you must fulfill the following requirements: +Before installing Transporter through either of the two methods outlined above, you must fulfill the following requirements: + +* Fulfill the xref:manage-network-tunnel.adoc#requirements[Requirements] listed in xref:manage-network-tunnel.adoc[Manage Transporter (Network Tunnel)] -* Hardware resources: +* Open firewall rules before deployment -** For environments where the total size of all scanned repositories is under 4 GB, use a machine with 2 CPUs and 8 GB of RAM (tested on m5.large EC2 instance) +* DNS resolution within the environment. Public DNS resolution is not required -** For environments where the total size of all scanned repositories is over 4 GB, use a machine with 4 CPUs and 16 GB of RAM (tested on m5.xlarge EC2 instance) +* Administrator access to your VCS in order to create a webhook * Kubernetes/OpenShift cluster (supported versions v1.18 - 1.27) @@ -28,7 +37,7 @@ Before you begin installing Transporter through either option, you must fulfill * Create a Kubernetes resource for TLS secrets containing the certificate and private key when enabling TLS on the Transporter client pod or ingress controller + -Example: To create a TLS secret named: *transporter-tls* from local private.key & public.crt files run: `kubectl create secret tls transporter-tls --key private.key --cert public.crt`. +EXAMPLE: To create a TLS secret named: *transporter-tls* from local private.key and public.crt files run: `kubectl create secret tls transporter-tls --key private.key --cert public.crt`. * Download the Transporter Client Helm chart: The available image tags are located in the following https://hub.docker.com/r/bridgecrew/transporter/tags[Docker Hub repository] + @@ -38,23 +47,24 @@ NOTE: To use a specific transporter image tag other than the latest version, unc [#install-helm-cli] -=== Install Transporter through Helm install command on CLI +=== Install Transporter using the Helm install command in the CLI [.procedure] . Generate the Transporter client ENVIRONMENT variables required for the Helm chart setup. -.. Setup Transporter through the Prisma Cloud console - see xref:deploy-transporter-docker.adoc[Set Up Transporter Network Tunnels using Docker Containers]. +.. Setup Transporter through the Prisma Cloud console. ++ +NOTE: Refer to xref:deploy-transporter-docker.adoc[Set Up Transporter Network Tunnels using Docker Containers] for more information. -.. During the setup, select the *Docker commands* option from the *Run Image* field. +.. During the setup, in the *Deply Client* step of the installation wizard, select the *Docker commands* option from the *Run Image* field. + image::application-security/docker-cmnds.png[] .. Copy and save the content from the `docker.compose yaml` file that is generated during the setup. . Customize your Helm chart by enabling TLS on the pod or by configuring ingress with TLS. -+ -* *Deploy with TLS on the pod* +.. Option #1: Deploy with TLS on the pod + Run the following commands with the Transporter environment variables that were generated in *step 1* above in the folder where you extracted the Helm chart ZIP file: + @@ -67,12 +77,22 @@ helm install transporter \ --set transporter.transporterAlias=transporter-alias \ --set transporter.transporterUrl=transporter.bridgecrew.cloud \ --set transporter.tls.enabled=true \ - --set transporter.tls.secretName=transporter-tls + --set "ingress.hosts[0].host=transporter.bridgecrew.cloud" \ + --set "ingress.hosts[0].paths[0].path='\'" \ + --set tls.enabled=true \ + --set tls.secretName="" \ + --set tls.certificate="tls.crt" \ + --set tls.key="tls.key" \ + --set certificateAuthority.enabled=false \ + --set certificateAuthority.socketCa="" \ + --set certificateAuthority.httpsCa="" \ + --set certificateAuthority.secretName="" \ --- + -* *Deploy with Ingress Enabled and TLS Configured on Ingress (Pod TLS Disabled)* + +.. Option #2: Deploy with Ingress Enabled and TLS Configured on Ingress (Pod TLS Disabled) + -Before running the `helm install` commands below you must uncomment the `ingress.tls` section of the `values.yaml` file. +Requirement: Before running the `helm install` commands below, you must uncomment the `ingress.tls` section of the `values.yaml` file. + Run the following commands with the Transporter environment variables that were generated in *step 1* above in the folder where you extracted the Helm chart ZIP file: + @@ -91,7 +111,7 @@ helm install transporter \ . Modify Kubernetes *Service* settings as required. + -Example: Configure service type & port settings. +EXAMPLE: Configure service type and port settings. + [source,yml] --- @@ -104,7 +124,7 @@ helm install transporter \ . Modify the *Resources* section as required. + -Make sure to uncomment the `resources.limits` section of the `values.yaml` before running helm install. +Requirement: Make sure to uncomment the `resources.limits` section of the `values.yaml` before running `helm install`. + [source,yml] --- @@ -119,7 +139,7 @@ helm install transporter \ . Verify successful deployment by inspecting the Transporter logs. + -Example: +EXAMPLE: + image::application-security/transporter-logs1.png[] @@ -148,7 +168,7 @@ NOTE: The Transporter URL is used by the VCS to access the transporter client. E + Prerequisite: To enable TLS on the Transporter client pod or ingress controller you need to create a TLS secret Kubernetes resource with the certificate and private key. + -Example: To create a TLS secret named: _transporter-tls_ from *local private.key* and *public.crt* files run: `kubectl create secret tls transporter-tls --key private.key --cert public.crt`. +EXAMPLE: To create a TLS secret named: _transporter-tls_ from *local private.key* and *public.crt* files run: `kubectl create secret tls transporter-tls --key private.key --cert public.crt`. + To set up TLS on the pod configure the following settings: + @@ -171,9 +191,9 @@ To set up an ingress rule, configure the *ingress* section in the `values.yaml` . Modify Kubernetes Service settings under the *service* section of the `values.yaml` file. + -For instance, if you want to switch from using the ClusterIP service type to the LoadBalancer service type, make the necessary changes in the `values.yaml` file. +For example, if you want to switch from using the ClusterIP service type to the LoadBalancer service type, make the necessary changes in the `values.yaml` file. + -Example: Set the service to a different type (e.g. LoadBalancer) and port (e.g. 8000), and change the service section’s type and port values: +EXAMPLE: Set the service to a different type (LoadBalancer) and port (8000): + [source,yml ] --- @@ -188,8 +208,16 @@ NOTE: See prerequisites above for hardware limitations. . Install the Helm chart: run: `helm install transporter` in the folder where you extracted the Helm chart ZIP file. -. Verify successful deployment by inspecting the Transporter logs see _step 5_ of <>above. +. Verify successful deployment by inspecting the Transporter logs. Refer to _step 5_ of <> above. +=== Verify Deployment and Connectivity + +You can verify that the transporter has been successfully deployed and is connected to your providers through both the Prisma Cloud console and your CLI. + +* *Prisma Cloud console*: In *Application Security* select *Home* > *Settings > Manage Network Tunnels > Manage Integrations*. Select that your Transporter in the *Transporter* field, and verify connectivity by checking for a displayed message ++ +image::application-security/transporter-verify-connectivity-ui1.1.png[] +* *CLI*: To retrieve logs in your Kubernetes environment displaying the establishment of a connection between the Transporter and your provider, run `kubectl logs [POD_NAME] -c [CONTAINER_NAME]`. diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/manage-network-tunnel.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/manage-network-tunnel.adoc index ea38ae7c8d..56f378de42 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/manage-network-tunnel.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/manage-network-tunnel.adoc @@ -1,26 +1,112 @@ -== Manage Network Tunnels (Transporter) +== Manage Transporter (Network Tunnel) -The Transporter is a network tunnel that allows you to establish a secure communication channel between Prisma Cloud and your self-hosted version control systems (VCS) that do not allow inbound network traffic. For Transporter to establish a communication channel between your environment and Prisma Cloud, two components are required: +The Prisma Cloud Transporter (Transporter) acts as a secure intermediary between your on-premises environment and Prisma Cloud. This setup allows Prisma Cloud to scan your code without exposing your data to the internet. The Transporter operates as a communication proxy or broker, establishing a secure communication channel between Prisma Cloud and self-hosted providers such as version control systems (VCS) and more, that restrict incoming network traffic. The Transporter's outbound-only operation ensures that sensitive data remains within the customer network or DMZ. -* *Prisma Cloud Transporter Client*: A Docker container running in your environment with access to VCS isolated from inbound network traffic -* *Prisma Cloud Transporter Server*: Access to the server will be pre-enabled +NOTE: Transporter is only available on request. -To configure the Transporter, you need to define the domain configuration by specifying a proxy URL along with a port number. This setup ensures that the Transporter can securely communicate with Prisma Cloud via an HTTPS connection. Establishing a secure HTTPS connection between the Transporter and your self-hosted VCS requires a SSL certificate and key. After the configuration is complete, Prisma Cloud provides commands to pull and run the Transporter in your environment using Docker or Helm Charts. +To create a network tunnel, Transporter requires the following components: -The following image describes Transporter connectivity with your environment. +* *Prisma Cloud Transporter Client*: A Docker container running in your environment with access to VCS, isolated from inbound network traffic +* *Prisma Cloud Transporter Server*: Pre-enabled access to the server. ++ +NOTE: Transporter is not meant to act as a tool for air-gapped environments, that is, environments that do not allow access to the internet. -image::application-security/transporter.png[] +[#requirements-] +=== Requirements -After configuring Transporter in your environment, Prisma Cloud authenticates the connection between the Transporter and Prisma Cloud and then establishes a communication channel through the WebSocket. You can then define which VCS integration on Prisma Cloud will use the Transporter. +Before deploying the Transporter, fulfill the following requirements. -Prisma Cloud currently supports Transporter integrations on GitLab Self-managed, GitHub Enterprise Server and Bitbucket Server. A single Transporter on the Prisma Cloud can secure multiple VCS integrations or you can use multiple Transporters. +NOTE: These requirements apply to both Docker and Kubernetes setups. Requirements specific to Docker or Kubernetes setups are specified in the relevant documentation. -NOTE: Transporter is only available on request. +* *Select a Deployment Method*: Choose between deploying the Transporter as a *Docker Container* or as a *Kubernetes* service +* xref:../../../administration/create-access-keys.adoc[Generate and copy a Prisma Cloud access key] to enable access to Prisma Cloud. The access key includes a Key ID and secret +* *Configure DNS Records*: Create an *A Record* or a *CNAME Record* to direct traffic to the VM hosting the Docker Container or the Kubernetes (k8s) service. ++ +NOTE: Creating either an 'A' or 'CNAME' record requires configuring Domain Name System (DNS) settings to associate a domain name with a specific IP address, typically an internal IP address in the context of the Transporter. In the context of a virtual machine (VM) running Docker or a Kubernetes (k8s) service, this configuration serves the purpose of making services accessible through a custom domain name. Additionally it enables securing communication through a certificate linked to the specific domain name. + +* *Generate an SSL Certificate and Key*: To establish a secure webhook connection to your provider, including Version Control Systems (VCS), private registries, Terraform Enterprise and so on, generate an SSL certificate and key for the Transporter URL. Define the certificate storage path and key to ensure secure communication over HTTPS. Self-signed certificates are supported. ++ +NOTE: For more information on certificates for Docker Container environments, refer to xref:deploy-transporter-docker.adoc#self-signed-certificates[Self-signed Certificates]. For more information on certificates for Kubernetes environments see xref:deploy-transporter-helmcharts.adoc[Helm Charts]. + +* *Network Access* +** *Allow egress network traffic*: Add the Prisma Cloud IP addresses and hostname for Application Security to an allow list and configure your firewall or proxy to allow egress network access for the specified IP addresses, in order to allow access to the Prisma Cloud Console. For a list of available whitelisted Transporter IP addresses, refer to <> below + +** *Proxy*: Establishing connectivity through a proxy with Transporter enhances both security and network efficiency as it establishes a secure and isolated communication channel between the Prisma Cloud service and your self-hosted version control system (VCS). Proxies can be configured when setting up Transporter through both Docker and Kubernetes. For more on proxy configuration, refer to xref:transporter-connectivity-overview.adoc#proxy-connectivity[Proxy Connectivity] + +** *Browser network access requirements*: To facilitate the Prisma Cloud Transporter integration, the browser performing the setup must meet specific network access conditions. For detailed information on browser requirements, refer to xref:transporter-connectivity-overview.adoc#browser-connectivity[Browser Connectivity] + +* *Transporter Protocol*: The Transporter client communicates with the Prisma Cloud platform using the WebSocket protocol over TCP port 443. Ensure that your proxy/firewall supports WebSocket and has the necessary network permissions + +* *Hardware resources*: +** For environments where the total size of all scanned repositories is under 4 GB, use a machine with 2 CPUs and 8 GB of RAM (tested on m5.large EC2 instance) +** For environments where the total size of all scanned repositories is over 4 GB, use a machine with 4 CPUs and 16 GB of RAM (tested on m5.xlarge EC2 instance) + +=== Guidelines + +Follow these guidelines when configuring IP addresses for your Transporter: + +* Recommended: Avoid specifying a public IP address for the Transporter. Utilize a hide-NAT IP address on the firewall +* If not encrypting traffic from a provider to the Transporter client, using an IP address is possible but discouraged, due to security concerns and IP address dependency +* If you have defined a "Trusted Login IP Address" whitelist, ensure that the public IP address for the Transporter is included in the list: In *Application Security* > select *Settings* > *Trusted IP Addresses* in the left navigation panel > click the *Trusted IP Login Addresses* tab > *Add Trusted Login IP Addresses* button > fill in the provided fields > *Save*. ++ +image::application-security/transporter-trusted-ipaddresses.png[] ++ +For more on trusted IP addresses, refer to xref:../../../administration/trusted-ip-addresses-on-prisma-cloud.adoc[Trusted IP Addresses on Prisma Cloud]. +//+docs/en/enterprise-edition/content-collections/administration/trusted-ip-addresses-on-prisma-cloud.adoc +//NOTE: Currently, only VCS providers are supported. === Transporter Setup Options -You can setup Transporter through the following methods: +Connect your environment and Prisma Cloud through the Transporter using *Docker Containers* or *Kubernetes*. This includes connectivity through a proxy. +For more information refer to: * xref:deploy-transporter-docker.adoc[Set Up Transporter Network Tunnels using Docker Containers] * xref:deploy-transporter-helmcharts.adoc[Set Up Transporter Network Tunnels using Helm Charts] + +[#whitelist-ip-addresses-] +=== Whitelist Transporter IP Addresses + +If you select Transporter as the connectivity option when integrating your VCS with Prisma Cloud, you will automatically be assigned two dedicated IP addresses specifically for Transporter functionality. These IP addresses differ from the two IP addresses specified during the VCS integration without Transporter connectivity. + +NOTE: The list of whitelisted Transporter IP addresses provided below is for planning purposes. Only the two relevant IP addresses associated with your tenant will be displayed during the actual configuration process. + +[cols="50%a,50%a"] +|=== + +|*Tenant* +|*IP Address* + +|app +|99.83.152.127, 75.2.127.6 +|app-ca +|15.197.228.87, '3.33.234.166 +|app-eu +|52.223.19.46, '35.71.174.180' +|app-uk +|76.223.7.222, 13.248.138.98 +|app0 +|15.197.168.68, 3.33.171.190 +|app2-eu +|3.33.224.209, 15.197.231.169' +|app2 +|99.83.160.95, 75.2.43.50 +|app4 +|15.197.223.116, 3.33.218.120 +|app3 +|99.83.173.121, 75.2.26.238 +|app-anz +|13.248.219.139, 76.223.67.156 +|app-jp +|99.83.194.145, 75.2.28.135 +|app-fr +|99.83.174.135, 75.2.92.48 +|app-ind +|76.223.40.41, 13.248.170.138 +|app-stage +|15.197.223.22, 3.33.205.33 +|app-sg +|3.33.154.240, 15.197.156.167 + +|=== + diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/select-transporter-domain-consistency.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/select-transporter-domain-consistency.adoc new file mode 100644 index 0000000000..f4e1933ad8 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/select-transporter-domain-consistency.adoc @@ -0,0 +1,26 @@ +== Select Transporter and ensure Domain Name Consistency + +When integrating your self-hosted provider, such as GitLab Self-Managed or GitHub Server, with Prisma Cloud using a Transporter, it is essential to maintain consistency in the domain name. This means matching the domain name that you provided during integration with the domain configuration set up for the Transporter. Additionally, you must select the appropriate Transporter as part of the configuration process. + +[.task] +[.procedure] +. Before you begin. +.. Set-up a Transporter. ++ +NOTE: Refer to xref:deploy-transporter-docker.adoc[Set Up Transporter Network Tunnels using Docker Containers] or xref:deploy-transporter-helmcharts.adoc[Set Up Transporter Network Tunnels using Helm Charts] for more information. +.. Ensure that connection with the Transporter is established. +. Select a Transporter. +.. In *Application Security*, select *Settings* > *Manage Network Tunnels*. +.. Select a Transporter that you have set up from the *Transporter* field of the *Manage Integrations* step in the integration wizard. +.. Copy the Transporter *Domain name*. ++ +image::application-security/select-transporter1.1.png[] ++ +. In *Application Security*, select *Home* > *Settings* > *Connect Provider* > *Code & Build Providers* > select your integrated [PROVIDER] from the catalog. +. In the relevant fields of the *Configure Domain* step of the integration wizard. +.. Provide the *Domain name* of the Transporter that you selected. +.. Check the *Use a Transporter for secured connection box* > select the Transporter that you configured from the dropdown menu in the *Transporter* field. + +NOTE: This field is only available after a socket is opened and a connection is established with the Transporter. + +image::application-security/select-transporter1.2.png[] diff --git a/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/transporter-connectivity-overview.adoc b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/transporter-connectivity-overview.adoc new file mode 100644 index 0000000000..d644996dac --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/transporter-connectivity-overview.adoc @@ -0,0 +1,107 @@ +=== Transporter Connectivity Overview + +The Transporter acts as a network tunnel that allows you to create a secure communication channel between Prisma Cloud and your self-hosted version control systems (VCS) that do not allow inbound network traffic. To establish this communication channel, two components are required: + +* *Prisma Cloud Transporter Client*: A Docker container running in your environment with access to VCS isolated from inbound network traffic +* *Prisma Cloud Transporter Server*: Pre-enabled access to the server + +After configuring Transporter, Prisma Cloud authenticates the connection, establishing a communication channel through WebSocket. + +This overview describes Transporter connectivity, including browser connectivity and proxy connectivity for both Docker and Kubernetes setups. + +=== Transporter Connectivity + +The Transporter requires the following network access: + +* Internet access to the Prisma Cloud platform. The Transporter Client (Client) is restricted to outbound traffic for internet access to the Prisma Cloud platform, allowing egress only towards the Prisma Cloud Tenant (Tenant). The Tenant does not initiate traffic to the Client. Therefore the Tenant does not need to know the public IP of the Client and does not need to be able to access the Client directly. The Client establishes a web socket tunnel on port 443, and the Tenant responds on the same port, creating a VPN tunnel over port 443 between the Client and the Server. Once the network tunnel is created, the connection becomes secure, enabling bi-directional communication between the Client and Server. +* Access to the Transporter Client IP on the designated port (default: TCP-8000). This connection facilitates the interaction between the browser and the Transporter Client +* Access to the VCS on ports 80 and 443 + +The following diagram describes Transporter connectivity in a Docker environment. + +image::application-security/docker-connectivity-main2.0.png[] + +*Legend* + +[cols="25%a,75%a"] +|=== + +|*Legend* +| - + +|image::application-security/legend-red.png[] +|Secure communication and data transfer from Transporter Client (Docker Container) and Prisma Cloud Tenant via port 443 + +|image::application-security/legend-blue.png[] +|Receive webhook events by the Docker Container from the VCS on the specified port (default: 8000) + +|image::application-security/legend-green.png[] +|Secure communication and data transfer between the Docker Client and VCS Server on port 443 + +|=== + +The following diagram describes Transporter connectivity in a Kubernetes environment. You can configure the VCS server either inside or outside the cluster. + +image::application-security/transporter-connectivity-k8s-main-2.0.png[] + +NOTE: The legends for the Kubernetes and Docker diagrams (see above) are identical. + +[#browser-connectivity] +=== Browser Connectivity + +To facilitate the Prisma Cloud Transporter integration, the browser that performs the setup must meet specific network access conditions. + +The following diagrams describe browser connectivity in both Docker and Kubernetes environments. + +image::application-security/transporter-connectivity-browser-all-2.0.png[] + +[cols="25%a,75%a"] +|=== + +|*Legend* +| - + +|image::application-security/legend-red.png[] +|Browser requires internet access to the Prisma Cloud platform on port 443 + +|image::application-security/legend-blue1.1.png[] +|Browser requires access to the Transporter Client IP on the designated port (default: TCP-8000). This connection facilitates the interaction between the browser and the Transporter Client + +|image::application-security/legend-green.png[] +|Browser requires access to the VCS on port 443 + +|=== + + +[#proxy-connectivity] +=== Proxy Connectivity + +When employing a proxy within the Prisma Cloud Transporter setup, it acts as a gateway, necessitating the Transporter Client configuration to recognize the proxy's presence. This is achieved by setting environment variables during Transporter Client execution, ensuring that traffic is routed through the proxy rather than directly connecting to the Prisma Cloud Tenant. + +In some cases, proxies go beyond simply relaying traffic and actively inspect traffic passing through port 443. They may evaluate the traffic and decide whether to allow it or not. This necessitates providing the proxy with the client certificate when communicating through it. The client certificate serves as a trusted identifier, enabling the proxy to verify the client's authenticity and facilitate secure communication. +// add link +Transporter supports deployment through a proxy for both Docker and Kubernetes configurations. + +The following diagrams describe Transporter connectivity through a proxy in a Docker environment. + +image::application-security/transporter-connectivity-docker-proxy-2.0.png[] + +NOTES: + +* In the first diagram, the connection between the VCS and Docker Container does not pass through the firewall, while in the second diagram, the connectivity between the VCS and Docker Container passes through a firewall +* The connectivity legend for the proxy matches with the Transporter connectivity legend above, except that traffic passes through the firewall from the Transporter Client to the Proxy, and then to the Prisma Cloud Tenant ++ +For detailed information about the proxy setup for Transporter in a Docker Container deployment refer to xref:deploy-transporter-docker.adoc#docker-proxy-integration-[Docker Proxy Connectivity]. + + +The following diagram describes Transporter connectivity in a Kubernetes environment. You can configure the VCS server either inside or outside the cluster. + +image::application-security/transporter-connectivity-k8s-proxy-2.0.png[] + +NOTES: + +* The legend detailing connectivity in the Kubernetes diagram matches the legend used for Docker Containers above +* For more on proxy integration through Kubernetes see (link) +// Add link + + diff --git a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/drift-detection.adoc b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/drift-detection.adoc index d0f8a75a92..d023153188 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/drift-detection.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/drift-detection.adoc @@ -253,23 +253,21 @@ lifecycle { === Troubleshoot Drift Detection -Listed here are causes that maybe effecting the drift detection in your integrated repositories. +Listed here are causes that may prevent drift detection. -* Your Prisma Cloud user role is restricting you from detecting drift. Ensure you have the right permissions when onboarding AWS and Azure accounts. See https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions[Prisma Cloud Administrator Permissions] to know more. +* Your Prisma Cloud user role in your cloud account does not have the proper permissions. Ensure you have the right permissions when onboarding AWS, GCP and Azure accounts. -* The code or cloud account with a runtime resource is not onboarded. +* The repository or cloud account with the resource is not onboarded in Prisma Cloud. * Ensure your repository is private. -* The `yor_trace ID` is a copy of another repository. +* For Terraform, the `yor_trace` ID is not unique to the Prisma Cloud tenant. In other words, the `yor_trace` is duplicated in another onboarded repository in any Prisma Cloud tenant. -* The changes in CloudFormation are not deployed. +* The changes in CloudFormation in the repository are not deployed in the cloud. * Ensure three policies are enabled on Policies for drift detection. - ** `AWS traced resources are manually modified` ** `AWS provisioned resources are manually modified` ** `Traced Azure resources are manually modified` ** `Traced GCP resources are manually modified` - diff --git a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/enforcement.adoc b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/enforcement.adoc index 224adf2a62..6bbef1144f 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/enforcement.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/enforcement.adoc @@ -1,44 +1,47 @@ == Enforcement -Enforcement enables you to configure code review scan parameters in your repositories and customize violation failures and comments. On the Prisma Cloud console there are default parameters, based on best practices, for each code category scanned in your repositories. Using enforcement you can configure these default parameters and receive violation notifications only for critical issues, helping you reduce unnecessary noise and optimizing secure productivity. +Prisma Cloud provides default parameters for each code category scanned in your repositories, based on best practices. Through Enforcement, you can efficiently manage enforcement strategies across your code reviews by customizing how violations, failures and comments are handled before repositories are scanned or integrated. This capability helps reduce unnecessary noise, allowing you to focus on the most critical issues. +//// Enforcement configurations scan every commit into your repository and suggest fix remedies, if any violation is detected, this is in addition to the scan that Prisma Cloud periodically performs on your repositories, the results for which are accessible on Projects. -The periodic scans have a predefined severity threshold which are run across code categories that result in three run rules. - -* *Hard Fail* -+ -A repository scan result fails when Prisma Cloud detects a violation or a vulnerability. +//// +The scans are applied across code categories, leading to the enforcement of three run rules: -* *Soft Fail* -+ -A repository scan result is a pass and a notification appears on the console when Prisma Cloud detects a violation or a vulnerability. +* *Hard fail*: A repository scan result fails when Prisma Cloud detects a violation or a vulnerability. -* *Comment bot* -+ -A repository scan result displays issues with fix suggestions as comments with Pull requests accessible on VCS (Version Control System). +* *Soft fail*: A repository scan result passes, but a notification is displayed on the console when Prisma Cloud detects a violation or a vulnerability. -Prisma Cloud scans multiple code categories to identify vulnerabilities and violations unique to the category. See the table for more details. +* *Comment bot*: A repository scan result displays issues with suggested fixes as comments within Pull Requests on the VCS (Version Control System). +Prisma Cloud scans the following code categories to detect vulnerabilities and violations unique to each category. [cols="1,2", options="header"] |=== |Code Category | Description |*Vulnerabilities* -|Vulnerabilities found in open source packages. - -|*Licenses* -|License compliance issues found in open source packages and container images. +|SCA vulnerabilities found in open source packages |*Infrastructure as Code (IaC)* -|Misconfiguration issues found in IaC files (relevant for users who provision and manage their infrastructure via code). +|Misconfiguration issues found in IaC files + +// |*CI/CD Risks* +// |Identifies vulnerabilities in CI/CD pipelines. + +|*Licenses* +|License compliance issues found in open source packages and container images |*Secrets* -|Secret leaks across code files that might hinder access to information, services or assets. +|Secret leaks across code files that might hinder access to information, services or assets |=== -To understand the default scan parameter on Prisma Cloud with the enforcement run result see the table. +=== Default Enforcement Rules + +The following table displays the default enforcement rules associated with each code category, determined by severity level. These rules apply to all repositories by default. + +In the table, 'Vulnerability' scans result in a hard fail when detecting critical issues, a soft fail for low severity issues, and trigger a comment bot for medium severity issues. + [cols="1,1,1,1,1,1", options="header"] |=== |Code Category @@ -68,29 +71,30 @@ To understand the default scan parameter on Prisma Cloud with the enforcement ru |=== -You can manage Enforcement configuration scan results by modifying the default configurations, adding an exception configuration, turning run rule off for a code category configurations, and reviewing either fail scans or suggestions to a vulnerability on your VCS (Version Control System). +=== Manage Enforcement -NOTE: See xref:../../../administration/prisma-cloud-admin-permissions.adoc[Prisma Cloud Administrator Permissions] and know more about user roles and permissions to configure enforcement. +You can modify the default Enforcement configurations, add an exception, and disable run rules or review pull request scans and suggested vulnerability fixes on your VCS (Version Control System). You can modify the default parameters for any code category. However, each time a default configuration is modified, the modified parameters will be applied across all integrated repositories. -* <> -+ -You can modify the default parameters for each code category and set up a new default parameter. However, each time a default configuration is modified, the parameters are applicable across all repositories on the Prisma Cloud console. -+ -NOTE: Soft Fail configuration for any code category must be lower than Hard Fail. +NOTE: The severity configurations for a code category in *Soft Fail* must be lower than the configurations in *Hard Fail*. For example, if a code category has a critical severity, it cannot be configured for a soft fail if a hard fail is configured for a medium severity. -* <> -+ -You can add an exception configuration for each code category that is applicable only for select repositories that you have access to. The exception configuration runs in addition to the default enforcement configurations. +==== Permissions Required to Configure Enforcement + +Refer to xref:../../../administration/prisma-cloud-admin-permissions.adoc[Prisma Cloud Administrator Permissions] for information about the user roles and permissions allowed to configure Enforcement rules. + +// * <> + + +//// * <> + You can choose to prevent an enforcement configuration from running a scan for one or more run rules for a code category. The parameter to turn off a scan for a code category can be an addition to either a default configuration or to an exception configuration. Turning the scan off for a run rule in a code category results in no code review scan. -* <> + For every failed scan result you can view the latest Pull Request (PR) of your repository within the Prisma Cloud console. Currently the ability to review violation fix suggestions and view the Pull Request (PR) scans that failed is supported only for Github repositories. From the Prisma Cloud console you can directly access your repositories in Github and remediate solutions through a Pull Request (PR). +////* <> - +//// [.task] [#access-enforcement] @@ -99,160 +103,117 @@ For every failed scan result you can view the latest Pull Request (PR) of your r [.procedure] . Access Enforcement on Prisma Cloud Application Security console. -.. Select *Application Security* on Prisma Cloud switcher and then select *Projects >Action* menu. -.. Select *Enforcement* from the list. +.. In *Application Security* select *Projects >Action* menu. +.. Select *Enforcement* from the menu. + image::application-security/enfor-1.png[] + -If you are unsure which repository may contain critical issues or if you are receiving unnecessary noise from select repositories, you can optionally access Enforcement from *Settings > Application Security > Enforcement Rules*. -+ -image::application-security/enfor-2.png[] +Optionally, you can access Enforcement in *Application Security* by selecting *Settings* > *Application Security* under 'Configure' in the left menu > *Enforcement Rules*. [.task] [#modify-default-enforcement] -=== Modify Default Enforcement +=== Modify Default Enforcement Configurations -While you have the option to customize the default enforcement configuration, it's important to note that any modifications made will apply universally to all repositories on the console. +Default enforcement configurations can be modified for any code category. These changes will be applies universally to all integrated repositories. -NOTE: The default enforcement configurations cannot be deleted +NOTE: Default enforcement configurations cannot be deleted. [.procedure] -. <> default enforcement configuration. +// . <> default enforcement configuration. -. Modify the default configuration. +. <> settings. -.. Select a code category. +. In a code category, drag the threshold rule arrow (Hard fail, Soft fail, Comments bot) to your required severity. + -In this example, see Vulnerabilities. +In this example for the 'Vulnerabilities' code category, a Hard fail has been downgraded from 'Critical' to' High' vulnerability detection. + -image::application-security/enfor-3.png[] +image::application-security/enforcement2.0.gif[] -.. Select the severity threshold corresponding to the code category. -+ -In this example, severity is *High* for Vulnerabilities. -+ -image::application-security/enfor-4.png[] -+ -You can choose to continue modifying other code categories or conclude with a single modification. -+ -You can also choose to <> the severity threshold of a code category. +. Optional: Add a label. see <> below for more information about labels. + +. Select *Save*. + +[.task] + +[#add-label] +=== Add Labels + +You can apply labels to both default and custom policies when you create or edit an existing policy. Labeling enforcement rules provides a filtering mechanism. When you apply a label to enforcement rules, those rules will only apply to repositories with the corresponding label. Labels can be reused and assigned across multiple enforcement rules, allowing for the grouping of policies and the creation of enforcement rules for these labeled groups. + +NOTES: + +* To view labels assigned to Application Security policies: On the Prisma Cloud console, select *Governance*, policy type: *config*, policy subtype *Build*. View the label associated to a policy under the Labels column in a row corresponding to the policy + +* To add labels while creating policies, refer to xref:../../../governance/custom-build-policies/custom-build-policies.adoc[Custom Build Policies] -.. Select *Save* the modified enforcement configuration. +[.procedure] +. <> settings. +. Click on the *Label* field > select a label from the drop-down menu > *Save*. [.task] [#add-an-exception-to-enforcement] -=== Add an Exception to Enforcement +=== Add an Exception + +To ensure focus on critical issues and receive violation notifications for important repositories, add exceptions to Enforcement rules. You can add an exception for each code category that is applicable. The exception configuration runs in addition to the default enforcement configurations. -To ensure your focus is only on critical issues and you receive violation notifications on important repositories, you can add an exception to the Enforcement. +Configuring an exception includes defining the scope of the exception, and specifying the repositories code categories and run rules that the exception will apply to. [.procedure] -. <> enforcement. +. <> settings. + +. Before you begin, ensure that you have the relevant permissions on the repository to add exceptions. -. Add an exception to enforcement. -.. Select *Add exception*. +. Select *Add Exception*. + image::application-security/enfor-6.png[] -. Configure exception parameters. -.. Add *Description* to the new exception. -.. Select the repositories you want to add the exception. +. Add a *Description* for the new exception. +. Select the repositories you want to add the exception for. + -NOTE: You can only view repositories that you own. +NOTE: You will only view repositories that you own. -.. Select a code category. - -.. Select the severity threshold corresponding to the code category. -+ -You can choose to continue modifying other code categories or conclude with a single modification. +. Modify the severity threshold corresponding to the required code category/ categories. -.. Select *Save* to save the exception with the parameters. +. Select *Save*. + -Here is an example of an exception. +EXAMPLE + image::application-security/enfor-21.png[] + -All exception configurations are listed on *Enforcement*. +NOTE: All exceptions are listed on the *Enforcement* configuration pop-up. + image::application-security/enfor-22.png[] -+ -You can optionally choose to edit or delete an existing exception. -+ -** To edit an exception, hover over the Exception and then select *Edit* to configure the parameters. Select *Save* to save the modification to the exception. -+ -image::application-security/enfor-10.png[] -+ -** To delete an exception select *Edit* and then select *Delete this exception*. -+ -image::application-security/enfor-11.png[] -[.task] +==== Editing or Deleting an Exception -[#turn-off-run-rule-scan-for-a-code-category] -=== Turn off run rule scan for a code category +* To edit an exception, hover over an exception > select *Edit* to edit configure the parameters > *Save*. -You can choose to turn off one or more run rules for code categories, if your enforcement strategy is aligned with it. +* To delete an exception, select *Edit* > select an exception> *Delete this exception*. -NOTE: Turning the scan off for a run rule in a code category results in no code review scan. +=== Disable Enforcement Rules -[.procedure] -. <> Enforcement. - -. Select a code category. - -. Select *Off* corresponding to the code category. -+ -In this example, Vulnerabilities is off. -+ -image::application-security/enfor-12.png[] -+ -Hover over OFF to identify the run rule before the selection. - -. Select *Save* to save the configuration. -+ -You can set a run rule off for a code category in either a default configuration or to an exception. - -//// [.task] +* Global disable: You can disable enforcement rules globally: Uncheck the *Enable default thresholds for soft-fail, hard-fail and comments bot in your code reviews* setting -[#review-fail-scans-and-suggestions-on-vcs] -=== Review VCS (Version Control System) Pull Requests +* Specific disable: You can <> the severity threshold for a specific code category -After a scan result that fails the enforcement configuration, to find remediation you can directly access your the latest Pull Request (PR) from the Enforcement scan result. +[.task] -[.procedure] +[#turn-off-run-rule-scan-for-a-code-category] +=== Disable a run rule for a code category -. Access *Projects* and then select *VCS Pull Requests* view. +You can disable one or more run rules (Hard-fail, Soft-fail, Comment-bot) for code categories. This applies to both a default configuration or to an exception. -. Select *Add Filter* corresponding to the fail scan result. -+ -image::application-security/enfor-23.png[] +NOTE: Disabling a run rule in a code category prevents running a scan for the selected rule. -. Select *Open latest PR* to access the latest Pull Request (PR) in your repository. -+ -image::application-security/enfor-15.png[] -+ -You will view the repository with the Pull Request (PR) on *Application Security > Projects*. +[.procedure] -* In addition currently available only for Github repositories, see the instructions here. +. Select a code category. -. Select *Review Fix PRs in VCS* to review the fix suggestions from Prisma Cloud for the violation identified in your repository on Github. -+ -image::application-security/enfor-16.png[] -+ -You can choose to accept or reject the suggestion on Github. -+ -NOTE: Ensure you have access to the repository on Github. +. Select *Off* corresponding to the category rule > *Save*. -. Select *Open failed PRs scans* to view a list of Pull Request (PR) that have failed with your repository on Github. -+ -image::application-security/enfor-17.png[] -+ -You can choose to remediate the repository on Github. -+ -NOTE: Ensure you have access to the repository on Github. -//// \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-code-build-issues.adoc b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-code-build-issues.adoc index de232b63df..107b9fcef4 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-code-build-issues.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-code-build-issues.adoc @@ -225,11 +225,15 @@ image::application-security/proj-4.png[] |Provides the severity level of the exposed secret within the code giving you a valuable insight into a potential impact. |*Risk Factors* -a|Three key risk factors are assessed for secrets: +a|Key risk factors are assessed for secrets: * *Private or Public*: Distinguishes if the repository housing the secret is publicly accessible or restricted to private access, influencing the potential exposure risk. * *Last Modified By*: Identifies the name of the user who last made contributions before the issue was identified, offering traceability and accountability. * *Modified On*: Specifies the date of the last modification to the relevant code, aiding in contextual understanding and assessment. +* *Validity*: Utilizes public APIs to assess the validity of a secret, categorizing it as Valid (to be prioritized), Invalid (can be deprioritized), or Unknown if Prisma Cloud is unable to determine its validity. +* *Privileged*: Determines if the exposed AWS Access Key possesses privileged permissions, based on IAM Security capabilities. +* *Found in History*: If the secret no longer exists in the current commit, but was found in history scanning. +* *IaC Resource*: Identifies if a secret is located within an Infrastructure as Code (IaC) resource block. |*First Detected* |Know exactly when the issue was first detected, providing a historical context for effective troubleshooting and resolution. diff --git a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/secrets-scanning.adoc b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/secrets-scanning.adoc index df7860dbe6..40d1a34c37 100644 --- a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/secrets-scanning.adoc +++ b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/secrets-scanning.adoc @@ -1,67 +1,92 @@ == Secrets Scanning -You can use Application Security to detect and block secrets in files in your IDEs, VCS repositories, and CI/CD pipelines. +Application Security scan capability detects secrets ^*^ in files within your version control system (VCS) repositories and CI/CD executions. This functionality is accessible through the Prisma Cloud console, IDE, or CLI, allowing you to address and fix the issues that led to the exposure of secrets, such as removing the secrets from configuration files or storing them in dedicated files or secure storage mechanisms. The results of Secrets scanning are displayed on the Projects page. -A secret is a programmatic access key that provides systems with access to information, services or assets. Developers use secrets such as API keys, encryption keys, OAuth tokens, certificates, PEM files, passwords, and passphrases to enable their application to securely communicate with other cloud services. +*Limitation*: Secrets scanning in integrated version control systems supports repositories up to 4GB in size. -For identifying secrets, Prisma Cloud provides default policies that use domain-specific and generic syntax to match on specific signatures and patterns to validate the likelihood or entropy of a string being a secret. You can view the scan results directly on *Application Security > Projects*, on the CLI if using Checkov, or in the IDE such as VSCode. +Prisma Cloud provides default policies designed to identify secrets that leverage both domain-specific and generic syntax. These policies match specific signatures and patterns to validate the likelihood or entropy of a string being a secret. For more information on Secrets policies refer to xref:../../../../policy-reference/secrets-policies/secrets-policies.adoc[Secrets Policies]. -image::application-security/scan-results-secrets-ide.png[] +* A secret is a programmatic access key that provides systems with access to information, services or assets. Developers use secrets such as API keys, encryption keys, OAuth tokens, certificates, PEM files, passwords, and passphrases to enable their application to securely communicate with other cloud services. + +=== Prerequisite + +You must enable the Secrets module in order to scan for secrets: In *Application Security*, go to *Settings* > *Application Security* in the left menu under *Configuration* > enable *Secrets Security*. + +For more information refer to xref:../../get-started/application-security-license-types.adoc[Application Security License Types]. + +=== Advanced Secrets Scanner Configurations + +In addition to the default settings for the Secrets scanner, you can configure the following advanced settings: *Validate Secrets* and *Scan Git History for Secrets*. + +image::application-security/secrets-advanced-settings.png[] [#validate-secrets] -=== Validate Secrets +==== Validate Secrets -When scanning for secrets, Prisma Cloud can validate secrets against public APIs to verify if the secret is still active so that you can prioritize and handle exposed secrets quickly. +Prisma Cloud can validate detected secrets against public APIs to verify their current activity status. This enables you to prioritize and promptly address exposed secrets. “Secrets” validation scanning can be executed through the Prisma Cloud console and IDE by extension, or through your CLI. -By default the validation of secrets is disabled and you can choose to enable the validation for secrets scan from *Settings > Application Security Configuration > Validate Secrets*. +By default, the Secrets validation functionality is disabled. To enable validation scanning: -Additionally, you can choose to run Checkov on your repositories to filter valid secrets that may be potentially exposed. To see a list of potentially exposed secrets you need to add an environment variable `CKV_VALIDATE_SECRETS=true` after enabling Validate Secrets. +* On *Prisma Cloud console* ++ +. In *Application Security*, select *Settings*. +. Select *Application Security* in the left menu under *Configuration* > enable the *Validate Secrets* setting. -In this example, you see a secret that is valid and requires to be prioritized in the repository after running Checkov on the terminal. +* Through the *CLI* ++ +. Enable the *Validate Secrets* setting on the Prisma Cloud console (see above). +. Add the environment variable `CKV_VALIDATE_SECRETS=true`. + +EXAMPLE + +In the following example, a valid secret has been identified in the repository after conducting a Checkov scan in the CLI terminal. It is crucial to prioritize addressing this issue. image::application-security/secrets-validate-3.png[] -You can see the scan results of secrets after validation on *Projects > Secrets* and then use *Resource Explorer* to prioritize a valid secret by either a *Suppress* or by performing a *Manual Fix* on the secret. +==== Scan Git History for Secrets -//image::application-security/secrets-validate-4.gif[] +Prisma Cloud can scan through the git history of a repository to identify secrets that may have been deleted from a file but still exist in the historical records, and notify you about such secrets even if they are no longer present in the most recent commit. This helps to mitigate the risk of potential abuse of those credentials as they may still be compromised if found in history. This scan can be executed through the Prisma Cloud console and IDE by extension, or through your CLI. +By default, git history scanning is disabled. -=== Git History for Secrets +==== Enable git history scanning on Prisma Cloud -Secrets deleted from a file can still be found in the git history of the repository and abused. Prisma Cloud can search through git history for those secrets and notify you even when the secret is no longer in the most recent commit. +. In *Application Security*, select *Settings*. +. Select *Application Security* in the left menu under *Configuration* > enable the *Scan Git History for Secrets* setting. -By default git history scanning is disabled and you can choose to enable the validation for secrets scan from *Settings > Application Security Configuration > Scan Git History for Secrets*. +==== Enable git history scanning through the CLI -image::application-security/secrets-history-1.png[] +Scan your git history locally using Checkov CLI by executing the command with the `--scan-secrets-history` flag. By default, timeouts are not set, but you can specify one using the `--secrets-history-timeout TIME` flag. -Results of secrets scanning will show up on the *Projects*. +NOTE: Scans are performed in chunks and partial scans of chunks will not be saved. Additionally, results will not be saved on the Prisma Cloud platform. -NOTE: Git history scanning through the VCS integrations is only supported for repositories up to 4GB in size. +=== Scan Options -Additionally, you can scan your git history without saving the results to the Prisma Cloud platform using Checkov locally by using the `--scan-secrets-history` flag. By default, there is not a timeout, but one can be set with `--secrets-history-timeout TIME`. Scans are performed in chunks and partial scans of chunks will not be saved. +Prisma Cloud provides the following options for scanning secrets in your files. +*Automatic scans*: -[.task] -=== Suppress Secret Notifications +* *Integration*: Scans are automatically initiated as soon as you integrate your repositories through the Prisma Cloud console +* *CI/CD runs*: Event driven scans are performed during runs in your CI/CD pipeline +* *IDE interaction*: *Opening or *saving files* in your integrated IDE triggers an automatic scan +* *Pull Requests*: Submitting a pull request in your version control system prompts an automatic scan -By suppressing a notification for secrets you are choosing to no longer receive any information on a violation related to the suppressed secret. To suppress a notification you are required to define a suppression rule by adding a justification with an expiration time. +*Manual scans*: -[.procedure] +* *IDE*: You can trigger scans manually in your IDE. For more information refer to xref:../../get-started/connect-code-and-build-providers/ides/ides.adoc[IDE] +* *CLI commands*: By default, Checkov does not scan files for secrets. To enable Secrets scanning, execute the command with the `--enable-secret-scan-all-files flag` or set the `CKV_SECRETS_SCAN_ENABLE_ALL` environment variable. For more information on CLI based scanning, refer to the https://www.checkov.io/1.Welcome/Quick%20Start.html[CLI documentation] -. Select *Application Security > Projects* and then select *Secrets* view. -. Configure a suppression rule for a secret. +=== Manage Scan Results -.. Select a secret and then on the side panel select *Issues* and then select *Suppress*. -+ -In this example, `Azure Storage Account Access Keys (Error)` is the policy violation. -+ -image::application-security/secrets-validate-1.png[] +You can view, analyze and manage scan results, as well as prioritize remediation efforts, and implement effective fixes, or suppress findings, directly on the Prisma Cloud console, through your Checkov CLI, or directly within your IDE. Note that Secrets scanning does not support automatic fixes. -.. Add a *Justification* with the *Expiration Time*. -+ -Optionally, you can choose a *Manual Fix* to resolve the secret violation. +For information on fixing Secrets issues, refer to xref:fix-code-issues.adoc[Fix Code Security Issues]. For information on suppressing Secrets issues, refer to xref:suppress-code-issues.adoc[Suppress Code Issues]. -. Select *Save*. +NOTE: To fix or suppress Secrets issues, ensure that you select *Secrets* as the code category on the *Projects* page. This allows you to quickly identify secret-related issues. +For more information on Secrets scan management across the different platforms refer, to the documentation: +* *Prisma Cloud console* documentation: see xref:monitor-and-manage-code-build.adoc[Monitor and Manage Code Build Issues] +* xref:../../get-started/connect-code-and-build-providers/ides/ides.adoc[IDE] documentation +* https://www.checkov.io/1.Welcome/What%20is%20Checkov.html[CLI] documentation \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/terraform-module-scan.adoc b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/terraform-module-scan.adoc new file mode 100644 index 0000000000..87c8e155a6 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/terraform-module-scan.adoc @@ -0,0 +1,24 @@ +== Terraform Module Scanning + +Prisma Cloud supports rendering and scanning both public, private, and locally cached Terraform modules (modules). This capability enables users to analyze misconfigurations that may result from the module definition and the variables defined in the module block. + +image::application-security/tf-module-scan.png[] + +=== Public and Locally Cached Modules + +Automated support for public modules is provided by the platform for all version control system (VCS) repositories that have been onboarded. For information on onboarding repositories refer to xref:../../get-started/connect-code-and-build-providers/code-repositories/code-repositories.adoc[Code Repositories]. + +==== Public and Local Module Scanning through Checkov CLI + +When using the Checkov CLI (CLI), make sure to include the `--download-external-modules true` flag to enable the automatic download of external modules. + +Additionally, the CLI supports scanning the `.terraform` directory when modules have been downloaded locally. + +NOTE: Nested modules are not yet supported in scans performed in the `.terraform` directory. + +=== Private Module Support + +Prisma Cloud supports the rendering and scanning of private modules through both CLI and VCS integrations. When using the CLI, refer to https://www.checkov.io/7.Scan%20Examples/Terraform.html[Scanning Third-Party Terraform Modules with Checkov CLI] for instructions on including your API key, and optionally, the host. + + + diff --git a/docs/en/enterprise-edition/content-collections/book.yml b/docs/en/enterprise-edition/content-collections/book.yml index 922434692b..7c4631d150 100644 --- a/docs/en/enterprise-edition/content-collections/book.yml +++ b/docs/en/enterprise-edition/content-collections/book.yml @@ -21,45 +21,45 @@ topics: - name: Welcome to Prisma Cloud file: welcome-to-prisma-cloud.adoc - name: Prisma Cloud Preview and Next Steps - file: get-going.adoc + file: get-going.adoc - name: Adoption Advisor - file: adoption-advisor.adoc + file: adoption-advisor.adoc - name: Prisma Cloud Platform - file: prisma-cloud-platform.adoc + file: prisma-cloud-platform.adoc - name: Prisma Cloud Console Prerequisites - file: console-prerequisites.adoc + file: console-prerequisites.adoc - name: Access Prisma Cloud - file: access-prisma-cloud.adoc + file: access-prisma-cloud.adoc - name: Prisma Cloud API Access Keys - file: access-keys.adoc + file: access-keys.adoc --- kind: chapter -name: Connect +name: Connect dir: connect topics: - - name: Connect + - name: Connect file: connect.adoc - name: Connect Cloud Accounts dir: connect-cloud-accounts topics: - name: Connect Cloud Accounts file: connect-cloud-accounts.adoc - - name: Onboard AWS + - name: Onboard AWS dir: onboard-aws topics: - - name: Onboard AWS + - name: Onboard AWS file: onboard-aws.adoc - name: Onboard Your AWS Organization file: onboard-aws-org.adoc - name: Onboard Your AWS Account file: onboard-aws-account.adoc - - name: Configure Audit Logs + - name: Configure Audit Logs file: configure-audit-logs.adoc - name: Configure Flow Logs - file: configure-flow-logs.adoc + file: configure-flow-logs.adoc - name: Configure Data Security - file: configure-data-security.adoc - - name: Configure DNS Logs + file: configure-data-security.adoc + - name: Configure DNS Logs file: configure-dns-logs.adoc - name: Configure Findings file: configure-findings.adoc @@ -83,7 +83,7 @@ topics: file: automate-aws-onboarding.adoc - name: Onboard Your Azure Account dir: onboard-your-azure-account - topics: + topics: - name: Onboard Your Azure Account file: onboard-your-azure-account.adoc - name: Connect you Azure Account @@ -93,7 +93,7 @@ topics: - name: Connect an Azure Subscription file: connect-azure-subscription.adoc - name: Connect an Azure Active Directory Tenant - file: connect-azure-active-directory.adoc + file: connect-azure-active-directory.adoc - name: Authorize Prisma Cloud to access Azure APIs file: authorize-prisma-cloud.adoc - name: Update Azure Application Permissions @@ -104,10 +104,10 @@ topics: file: troubleshoot-azure-account-onboarding.adoc - name: Microsoft Azure APIs Ingested by Prisma Cloud file: microsoft-azure-apis-ingested-by-prisma-cloud.adoc - - name: Onboard GCP + - name: Onboard GCP dir: onboard-gcp topics: - - name: Onboard GCP + - name: Onboard GCP file: onboard-gcp.adoc - name: Prerequisites to Onboard GCP Organizations and Projects file: prerequisites-to-onboard-gcp.adoc @@ -141,7 +141,7 @@ topics: - name: Manage Data Ingestion for Child Compartments file: data-ingestion-for-child-compartment.adoc - name: Update Permissions on an Onboarded OCI Account - file: update-oci-permissions.adoc + file: update-oci-permissions.adoc - name: Rotate Access Keys for an Onboarded OCI Account file: rotate-access-keys.adoc - name: OCI APIs Ingested by Prisma Cloud @@ -156,7 +156,7 @@ topics: - name: Add an Alibaba Cloud Account on Prisma Cloud file: add-alibaba-cloud-account-to-prisma-cloud.adoc - name: Manage an Onboarded Alibaba Account - file: manage-alibaba-account.adoc + file: manage-alibaba-account.adoc - name: Alibaba APIs Ingested by Prisma Cloud file: alibaba-apis-ingested-by-prisma-cloud.adoc - name: Cloud Service Provider Regions on Prisma Cloud @@ -241,7 +241,7 @@ topics: - name: Reports file: reports.adoc - name: Get Started with Reports - file: prisma-cloud-reports.adoc + file: prisma-cloud-reports.adoc - name: Create and Manage Reports file: create-and-manage-reports.adoc --- @@ -252,7 +252,7 @@ topics: - name: Dashboards file: dashboards.adoc - name: Prisma Cloud Dashboards Get Started - file: dashboards-get-started.adoc + file: dashboards-get-started.adoc - name: Create and Manage Dashboards file: create-and-manage-dashboards.adoc - name: Code to Cloud Dashboard @@ -260,22 +260,22 @@ topics: - name: Command Center Dashboard file: dashboards-command-center.adoc - name: Discovery and Exposure Management Dashboard - file: dashboards-discovery-exposure-management.adoc + file: dashboards-discovery-exposure-management.adoc - name: Vulnerabilities Dashboard file: dashboards-vulnerabilities.adoc - name: Application Security Dashboard - file: dashboards-application-security.adoc + file: dashboards-application-security.adoc --- kind: chapter name: Alerts dir: alerts topics: - name: Alerts - file: alerts.adoc + file: alerts.adoc - name: Alerts and Notifications on Prisma Cloud file: alert-notifications.adoc - name: Risk Prioritization and Remediation - file: risk-prioritization-remediation.adoc + file: risk-prioritization-remediation.adoc - name: Create an Alert Rule for Cloud Infrastructure file: create-an-alert-rule-cloud-infrastructure.adoc - name: Create an Alert Rule for Cloud Workloads @@ -286,8 +286,8 @@ topics: file: view-respond-to-prisma-cloud-alerts.adoc - name: Suppress Alerts for Prisma Cloud Anomaly Policies file: suppress-alerts-for-prisma-cloud-anomaly-policies.adoc - # - name: Alert Payload - # file: alert-payload.adoc + # - name: Alert Payload + # file: alert-payload.adoc - name: Prisma Cloud Alert Resolution Reasons file: prisma-cloud-alert-resolution-reasons.adoc - name: Alert Notifications on State Change @@ -296,19 +296,19 @@ topics: kind: chapter name: Administration dir: administration -topics: +topics: - name: Administration file: administration.adoc - name: Manage Prisma Cloud Administrators file: manage-prisma-cloud-administrators.adoc - name: Prisma Cloud Administrator Roles file: prisma-cloud-administrator-roles.adoc - - name: Create and Manage Account Groups + - name: Create and Manage Account Groups file: create-manage-account-groups.adoc - name: Manage your Prisma Cloud Profile - file: manage-your-prisma-cloud-profile.adoc - # - name: Add Collections - # file: runtime-security/configure/collections.adoc + file: manage-your-prisma-cloud-profile.adoc + # - name: Add Collections + # file: runtime-security/configure/collections.adoc - name: License Types file: prisma-cloud-licenses.adoc - name: Subscribe to Discovery and Exposure Management @@ -433,13 +433,13 @@ topics: file: subscribe-to-data-security.adoc - name: Configure Data Security for Azure file: data-security-for-azure.adoc - - name: Configure Data Security for AWS Account + - name: Configure Data Security for AWS Account file: data-security-for-aws-account.adoc - name: Edit an Onboarded AWS Account and Configure Data Security file: edit-an-existing-aws-account.adoc - name: Provide Prisma Cloud Role with Access to Common S3 Bucket file: add-a-common-s3-bucket-for-aws-cloudtrail.adoc - - name: Configure Data Security for AWS Organization + - name: Configure Data Security for AWS Organization file: data-security-for-aws-org.adoc - name: Troubleshoot Data Security Errors file: troubleshoot-data-security-errors.adoc @@ -486,7 +486,7 @@ topics: - name: Remediate Alerts for IAM Security file: remediate-alerts-for-iam-security.adoc - name: Context Used to Calculate Effective Permissions - file: context-used-to-calculate-effective-permissions.adoc + file: context-used-to-calculate-effective-permissions.adoc - name: Alarm Center dir: alarm-center topics: @@ -495,7 +495,7 @@ topics: - name: Review Alarms file: review-alarms.adoc - name: Set Up Notifications for Alarms - file: set-up-email-notifications-for-alarms.adoc + file: set-up-email-notifications-for-alarms.adoc --- kind: chapter name: Search and Investigate @@ -516,62 +516,78 @@ topics: - name: Asset Queries dir: asset-queries topics: - - name: Asset Queries - file: asset-queries.adoc - - name: Asset Query Attributes - file: asset-query-attributes.adoc + - name: Asset Queries + file: asset-queries.adoc + - name: Asset Query Attributes + file: asset-query-attributes.adoc - name: Asset Configuration Queries dir: asset-config-queries topics: - - name: Asset Configuration Queries - file: asset-config-queries.adoc - - name: Asset Configuration Query Attributes - file: asset-config-query-attributes.adoc - - name: Asset Configuration Query Examples - file: asset-config-query-examples.adoc + - name: Asset Configuration Queries + file: asset-config-queries.adoc + - name: Asset Configuration Query Attributes + file: asset-config-query-attributes.adoc + - name: Asset Configuration Query Examples + file: asset-config-query-examples.adoc - name: Application Asset Queries dir: application-asset-queries topics: - - name: Application Asset Queries - file: application-asset-queries.adoc - - name: Application Asset Query Examples - file: application-asset-examples.adoc + - name: Application Asset Queries + file: application-asset-queries.adoc + - name: Application Asset Query Examples + file: application-asset-examples.adoc - name: Vulnerability Queries dir: vulnerability-queries topics: - - name: Vulnerability Queries - file: vulnerability-queries.adoc - - name: Vulnerability Query Attributes - file: vulnerability-query-attributes.adoc - - name: Vulnerability Query Examples - file: vulnerability-query-examples.adoc + - name: Vulnerability Queries + file: vulnerability-queries.adoc + - name: Vulnerability Query Attributes + file: vulnerability-query-attributes.adoc + - name: Vulnerability Query Examples + file: vulnerability-query-examples.adoc - name: Permissions Queries dir: permissions-queries topics: - - name: Permissions Queries - file: permissions-queries.adoc - - name: Permissions Query Attributes - file: permissions-query-attributes.adoc - - name: Permissions Query Examples - file: permissions-query-examples.adoc + - name: Permissions Queries + file: permissions-queries.adoc + - name: Permissions Query Attributes + file: permissions-query-attributes.adoc + - name: Permissions Query Examples + file: permissions-query-examples.adoc + - name: Permissions Query Conditions + file: permissions-query-conditions.adoc - name: Network Queries dir: network-queries topics: - - name: Network Queries - file: network-queries.adoc - - name: Network Configuration Queries - file: network-config-queries.adoc - - name: Network Flow Queries - file: network-flow-queries.adoc + - name: Network Queries + file: network-queries.adoc + - name: Network Configuration Queries + file: network-config-queries.adoc + - name: Network Configuration Query Attributes + file: network-config-query-attributes.adoc + - name: Network Configuration Query Examples + file: network-config-query-examples.adoc + - name: Network Flow Queries + file: network-flow-queries.adoc + - name: Network Flow Query Attributes + file: network-flow-query-attributes.adoc + - name: Network Flow Query Examples + file: network-flow-query-examples.adoc - name: Audit Event Queries dir: audit-event-queries topics: - - name: Audit Event Queries - file: audit-event-queries.adoc - - name: Audit Event Query Attributes - file: audit-event-query-attributes.adoc - - name: Audit Event Query Examples - file: audit-event-query-examples.adoc + - name: Audit Event Queries + file: audit-event-queries.adoc + - name: Audit Event Query Attributes + file: audit-event-query-attributes.adoc + - name: Audit Event Query Examples + file: audit-event-query-examples.adoc + - name: RQL Operators + file: rql-operators.adoc + - name: RQL Examples + file: rql-examples.adoc + - name: RQL FAQs + file: rql-faqs.adoc --- kind: chapter name: Runtime Security @@ -702,11 +718,11 @@ topics: topics: - name: Agentless Scanning file: agentless-scanning.adoc - - name: Onboard Accounts for Agentless Scanning - dir: onboard-accounts + - name: Configure Agentless Scanning + dir: configure-accounts topics: - - name: Onboard Accounts for Agentless Scanning - file: onboard-accounts.adoc + - name: Use Agentless Scanning + file: configure-accounts.adoc - name: Configure Agentless Scanning for AWS file: configure-aws.adoc - name: Configure Agentless Scanning for Azure @@ -751,12 +767,12 @@ topics: - name: Licensing dir: licensing topics: - - name: Licensing - file: licensing.adoc - - name: Runtime Security Maintenance Updates - file: maintenance.adoc - - name: Security Assurance Policy - file: security-assurance-policy.adoc + - name: Licensing + file: licensing.adoc + - name: Runtime Security Maintenance Updates + file: maintenance.adoc + - name: Security Assurance Policy + file: security-assurance-policy.adoc - name: Configure dir: configure topics: @@ -917,46 +933,46 @@ topics: - name: Compliance dir: compliance topics: - - name: Compliance - file: compliance.adoc - - name: Available Compliance Checks - dir: visibility - topics: - - name: Available Compliance Checks - file: visibility.adoc - - name: Compliance Explorer - file: compliance-explorer.adoc - - name: CIS Benchmarks - file: cis-benchmarks.adoc - - name: DISA STIG Compliance Checks - file: disa-stig-compliance-checks.adoc - - name: Custom Compliance Checks - file: custom-compliance-checks.adoc - - name: Prisma Cloud Compliance Checks - file: prisma-cloud-compliance-checks.adoc - - name: Serverless Functions - file: serverless.adoc - - name: Windows Compliance Checks - file: windows.adoc - - name: Enforce Compliance Checks - dir: operations - topics: - - name: Enforce Compliance Checks - file: operations.adoc - - name: Manage Compliance - file: manage-compliance.adoc - - name: Trusted images - file: trusted-images.adoc - - name: Host Scanning - file: host-scanning.adoc - - name: VM Image Scanning - file: vm-image-scanning.adoc - - name: App-Embedded Scanning - file: app-embedded-scanning.adoc - - name: Detect Secrets - file: detect-secrets.adoc - - name: OSS License Management - file: oss-license-management.adoc + - name: Compliance + file: compliance.adoc + - name: Available Compliance Checks + dir: visibility + topics: + - name: Available Compliance Checks + file: visibility.adoc + - name: Compliance Explorer + file: compliance-explorer.adoc + - name: CIS Benchmarks + file: cis-benchmarks.adoc + - name: DISA STIG Compliance Checks + file: disa-stig-compliance-checks.adoc + - name: Custom Compliance Checks + file: custom-compliance-checks.adoc + - name: Prisma Cloud Compliance Checks + file: prisma-cloud-compliance-checks.adoc + - name: Serverless Functions + file: serverless.adoc + - name: Windows Compliance Checks + file: windows.adoc + - name: Enforce Compliance Checks + dir: operations + topics: + - name: Enforce Compliance Checks + file: operations.adoc + - name: Manage Compliance + file: manage-compliance.adoc + - name: Trusted images + file: trusted-images.adoc + - name: Host Scanning + file: host-scanning.adoc + - name: VM Image Scanning + file: vm-image-scanning.adoc + - name: App-Embedded Scanning + file: app-embedded-scanning.adoc + - name: Detect Secrets + file: detect-secrets.adoc + - name: OSS License Management + file: oss-license-management.adoc - name: Runtime Defense dir: runtime-defense topics: @@ -1097,8 +1113,6 @@ topics: topics: - name: Firewalls file: firewalls.adoc - - name: Cloud Native Network Segmentation (CNNS) - file: cnns-saas.adoc - name: Secrets dir: secrets topics: @@ -1251,6 +1265,8 @@ topics: topics: - name: CI/CD Runs file: ci-cd-runs.adoc + - name: Azure Pipelines + file: add-azure-pipelines.adoc - name: AWS Code Build file: add-aws-codebuild.adoc - name: Checkov @@ -1259,6 +1275,8 @@ topics: file: add-circleci.adoc - name: GitHub Actions file: add-github-actions.adoc + - name: GitLab Runner + file: add-gitlab-runner.adoc - name: Jenkins file: add-jenkins.adoc - name: Terraform Cloud (Run Tasks) @@ -1290,16 +1308,20 @@ topics: - name: Jetbrains file: connect-jetbrains.adoc - name: Non-Default Branch Scan - file: non-default-branch-scan.adoc - - name: Manage Network Tunnels (Transporter) + file: non-default-branch-scan.adoc + - name: Manage Transporter (Network Tunnels) dir: manage-network-tunnel topics: - - name: Manage Network Tunnels (Transporter) + - name: Manage Transporter (Network Tunnels) file: manage-network-tunnel.adoc + - name: Transporter Connectivity Overview + file: transporter-connectivity-overview.adoc - name: Set Up Transporter Network Tunnels using Docker Containers file: deploy-transporter-docker.adoc - name: Set Up Transporter Network Tunnels using Helm Charts file: deploy-transporter-helmcharts.adoc + - name: Select Transporter and ensure Domain Name Consistency + file: select-transporter-domain-consistency.adoc - name: Application Security Settings dir: application-security-settings topics: @@ -1309,8 +1331,8 @@ topics: file: enable-notifications.adoc - name: Exclude Paths file: exclude-paths.adoc -# - name: Code Reviews and PR Comments -# file: code-reviews-pr-comments.adoc + # - name: Code Reviews and PR Comments + # file: code-reviews-pr-comments.adoc - name: Add Prisma Cloud Code Security Scanner as a Pre-Receive Hook file: add-pre-receive-hooks.adoc - name: Visibility @@ -1364,6 +1386,8 @@ topics: file: supported-package-managers.adoc - name: Secrets Scanning file: secrets-scanning.adoc + - name: Terraform Module Scanning + file: terraform-module-scan.adoc - name: Fix Code Issues file: fix-code-issues.adoc - name: Suppress Code Issues @@ -1373,3 +1397,4 @@ topics: - name: CI/CD Risks file: ci-cd-risks.adoc --- + diff --git a/docs/en/enterprise-edition/content-collections/cloud-and-software-inventory/data-inventory.adoc b/docs/en/enterprise-edition/content-collections/cloud-and-software-inventory/data-inventory.adoc index 9768c97faf..bff06235df 100644 --- a/docs/en/enterprise-edition/content-collections/cloud-and-software-inventory/data-inventory.adoc +++ b/docs/en/enterprise-edition/content-collections/cloud-and-software-inventory/data-inventory.adoc @@ -1,7 +1,7 @@ [#data-inventory] == Data Inventory -The Data Inventory (menu:Inventory[Data]) provides information on the number of assets being monitored and summary of data cards that provide status on how objects are exposed—public, sensitive, or malware, along with a detailed inventory view of objects across accounts, account groups, assets, objects, and regions. It also provides a number of filters such as Time Range, Asset Name, Asset Exposure, Object Profile, Object Pattern to find the specific assets or objects they are interested in. +The Data Inventory (*Inventory > Data*) provides information on the number of assets being monitored and summary of data cards that provide status on how objects are exposed—public, sensitive, or malware, along with a detailed inventory view of objects across accounts, account groups, assets, objects, and regions. It also provides a number of filters such as Time Range, Asset Name, Asset Exposure, Object Profile, Object Pattern to find the specific assets or objects they are interested in. image::cloud-and-software-inventory/data-inventory-1.png[] diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/connect-cloud-accounts.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/connect-cloud-accounts.adoc index 8ef535dcf9..2b31620d74 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/connect-cloud-accounts.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/connect-cloud-accounts.adoc @@ -2,7 +2,7 @@ Prisma Cloud provides comprehensive security and compliance coverage to secure your cloud accounts and comply with various industry standards. With a simplified onboarding experience you can adapt to your organization's security priorities in a streamlined manner with the security capabilities grouped as *Foundational* and *Advanced* (with a few enabled by default). Use the *Foundational* capabilities during the start of your organization's cloud adoption journey to effectively manage assets in the cloud and on-premises. Use the *Advanced* capabilities to proactively control your cloud operations and identify and remediate issues before they manifest within your runtime environments. -To get the most out of your investment in Prisma Cloud and to begin monitoring the resources on your cloud infrastructure, you must first connect your public cloud accounts to Prisma Cloud. The onboarding process requires that you have the correct permissions on Prisma Cloud and your cloud accounts to authenticate and authorize the connection and retrieval of data. Prisma Cloud administrators with the System Administrator and Cloud Provisioning Administrator roles can use the cloud account onboarding process for a good first-run experience with the supported cloud platforms—Alibaba Cloud, Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Infrastructure. +To get the most out of your investment in Prisma Cloud and to begin monitoring the resources on your cloud infrastructure, you must first connect your public cloud accounts to Prisma Cloud. The onboarding process requires that you have the correct permissions on Prisma Cloud and your cloud accounts to authenticate and authorize the connection and retrieval of data. Prisma Cloud administrators with the System Administrator and Cloud Provisioning Administrator roles can use the cloud account onboarding process for a good first-run experience with the supported cloud service providers—Alibaba Cloud, Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Infrastructure. * xref:onboard-aws/onboard-aws.adoc[Onboard Your Amazon Web Services Account] * xref:onboard-your-azure-account/onboard-your-azure-account.adoc[Onboard Your Microsoft Azure Account] diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-dns-logs.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-dns-logs.adoc index 77ad61e82f..eb0d009df3 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-dns-logs.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-dns-logs.adoc @@ -61,7 +61,7 @@ Running a stackset requires the following two roles. See the https://docs.aws.am ** https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml[AWS Cloud Formation StackSet Execution Role] ==== -.. After setting up the two roles, in your AWS console select menu:Settings[CloudFormation template > StackSets > Create StackSet]. +.. After setting up the two roles, in your AWS console select *Settings > CloudFormation template > StackSets > Create StackSet*. .. Choose a template for StackSet creation using https://redlock-public.s3.amazonaws.com/cft/prisma-dnslogs.onboarding-cft-stack-part-2.template[Amazon S3 URL]. + @@ -94,6 +94,6 @@ image::connect/amazon-dns-logs-9.png[] + On successful configuration, Prisma Cloud starts to ingest DNS logs from Amazon Kinesis Data Firehose. -. Once the stackset deployment is complete, in your AWS console select menu:Route 53[Resolver > Query Logging], click *Route-53 query logging config* created by the CFT, and select the VPCs whose DNS query logs you want Prisma Cloud to ingest. +. Once the stackset deployment is complete, in your AWS console select *Route 53 > Resolver > Query Logging*, click *Route-53 query logging config* created by the CFT, and select the VPCs whose DNS query logs you want Prisma Cloud to ingest. + NOTE: Repeat step 14 for every region where the stackset is deployed. diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-flow-logs.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-flow-logs.adoc index c7f2ab778b..b70a183663 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-flow-logs.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-flow-logs.adoc @@ -3,7 +3,7 @@ == Configure Flow Logs -Prisma Cloud ingests the VPC flow logs from Amazon S3 buckets stored in a logging account and makes it available for network policy alerting and visualization. After onboarding your AWS account, you need to onboard the logging account which has the S3 bucket storing VPC flow logs for the monitored account. The default retention period of flow logs is 30 days after which they are purged. You can query flow logs data for the last 30 days. CloudWatch is the default selection to ingest flow logs and does not require additional configuration. +Prisma Cloud ingests the VPC flow logs from Amazon S3 buckets stored in a logging account and makes it available for network policy alerting and visualization. After onboarding your AWS account, you must onboard the logging account which has the S3 bucket storing VPC flow logs for the monitored account. The default retention period of flow logs is 30 days after which they are purged. You can query flow logs data for the last 30 days. CloudWatch is the default selection to ingest flow logs and does not require additional configuration. [NOTE] ==== @@ -17,11 +17,9 @@ When creating S3 flow logs on the AWS console, make sure to partition your flow + image::connect/aws-s3-sample-flowlogs-1.png[] -.. *Select all* instead of manually selecting each field. +.. It is recommended to *Select all* instead of manually selecting each field. + -image::connect/aws-s3-sample-flowlogs-2.png[] -+ -Or you can choose custom format and select the following required fields: +However, if you choose *Custom format*, make sure you select the following (required) fields: + * account-id * action @@ -48,6 +46,8 @@ Or you can choose custom format and select the following required fields: * pkt-dstaddr * pkt-src-aws-service * pkt-dst-aws-service ++ +image::connect/aws-s3-sample-flowlogs-2.png[] .. Set *Partition logs by time* to *Every 1 hour (60 minutes)*. + @@ -70,62 +70,57 @@ For your previously onboarded AWS accounts that are using S3 with 24 hours parti . Click the *View* icon next to the AWS account for which you want to configure the logging account and buckets to fetch flow logs from S3. -. Click *Threat Detection*. - -. Select *S3* under *Flow Logs*. +. Select *Threat Detection* and select *S3* under *Flow Logs*. . Click *Configure S3*. + image::connect/configure-flow-logs-1.png[] -. *Configure Logging Account*. - -.. Click *Add Logging Account* or select from the logging accounts displayed (if you have previously set up logging accounts). +. *Select Logging Account*. + -image::connect/configure-flow-logs-2.png[] +.. Click *Add Logging Account* (follow Step 6) or select from the logging accounts displayed (if you have previously set up logging accounts). .. Click *Next*. - -.. Enter an *Account ID*, *Account Name*, and *Role Name* and click *Next*. By default, the role name is *prisma-cloud-logging-role*, which you can customize. + -All the configured Logging Accounts are displayed. You can select one of these Logging Accounts which contains the S3 bucket to which the VPC flow logs are being sent for the respective monitored account. Or you can *Add* a new Logging Account as described in the step above. +image::connect/configure-flow-logs-2.png[] + +. *Add Logging Account*. + -image::connect/configure-flow-logs-3.png[] +image::connect/aws-add-logging-account.png[] -. *Configure Buckets*. +.. Enter an *Account ID*, *Account Name*, and *Role Name*. By default, the role name is *prisma-cloud-logging-role*, which you can customize. +// All the configured Logging Accounts are displayed. You can select one of these Logging Accounts which contains the S3 bucket to which the VPC flow logs are being sent for the respective monitored account. Or you can *Add* a new Logging Account as described in the step above. +//. *Configure Buckets*. -.. Enter a *Bucket Name* and the *Bucket Region* that you have configured as destination for flow logs on the AWS Logging Account VPC Console. The *Bucket Path Prefix* (comma separated list) and *Key ARN* are optional. If you have any specific path (Bucket Path) prefix for flow logs and configured bucket encryption (Key ARN), you can enter those values. +.. Enter a *Bucket Name* and the *Bucket Region* that you have configured as a destination for flow logs on the AWS Logging Account VPC Console. ++ +The *Bucket Path Prefix* (comma separated list) and *Key ARN* are optional. If you have any specific path (Bucket Path) prefix for flow logs and configured bucket encryption (Key ARN), you can enter those values. + If you've enabled hourly partitions, the files are published to the following location: -_bucket-and-optional-prefix/AWSLogs/account_id/vpcflowlogs/region/year/month/day/hour/_ + -In AWS, the _bucket-and-optional-prefix_ is added to the S3 bucket ARN as a folder in the flow log settings page. Make sure you add the same _bucket-and-optional-prefix_ in the prefix section in Prisma Cloud. +_bucket-and-optional-prefix/AWSLogs/account_id/vpcflowlogs/region/year/month/day/hour/_ + -image::connect/aws-s3-flowlogs-7-1.png[] +In AWS, the _bucket-and-optional-prefix_ is added to the S3 bucket ARN as a folder in the flow logs settings page. Make sure you add the same _bucket-and-optional-prefix_ in the prefix section in Prisma Cloud. +//+ image::connect/aws-s3-flowlogs-7-1.png[] .. *Add* or *Remove* multiple buckets used for logging. -+ -image::connect/configure-flow-logs-4.png[] +//+ image::connect/configure-flow-logs-4.png[] +//. Click *Next*. -. Click *Next*. +.. *Download the Template Script*. Click *View steps* to see the detailed information. +//+ image::connect/configure-flow-logs-5.png[] -. Follow the steps displayed on *Logging Account Template*. -+ -image::connect/configure-flow-logs-5.png[] - -.. Enter the *Role ARN*. - -.. Click *Validate*. +.. Enter the *External ID* and *IAM Role ARN* and click *Validate*. + You can proceed further only if the validation is successful and you see a green *Validated* checkmark. + The CFT template is deployed on the Logging Account through your AWS Management Console. -. Click *Save*. +.. Click *Save*. . *Configure S3 Flowlogs*. + -image::connect/aws-s3-flowlogs-8.png[] +image::connect/aws-configure-s3-flowlogs.png[] .. Select all the applicable *Logging Buckets* that Prisma Cloud can access and from which it can ingest flow logs. @@ -135,11 +130,8 @@ If all the required permissions are present, a green *Validated* checkmark displ + If you want to configure a different logging account and buckets, click the *Edit* icon. -. Click *Save*. +.. Click *Save*. + You can save your settings, regardless of the validation status. + -[NOTE] -==== -For accounts that are using CloudWatch and now you want to upgrade to S3, the *Enable Hourly Partition* checkbox is enabled (grayed out) by default to ensure it is using hourly partition. -==== \ No newline at end of file +NOTE: For accounts that are using CloudWatch and now you want to upgrade to S3, the *Enable Hourly Partition* checkbox is enabled (grayed out) by default to ensure it is using hourly partition. \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc index bb04c81fdb..1800de1b7f 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/manually-set-up-prisma-cloud-role-for-aws.adoc @@ -73,7 +73,7 @@ Both the read-only role and the read-write roles require the AWS Managed Policy + .. Select *IAM* on the AWS Management Console. -.. In the navigation pane on the left, choose menu:Access{sp}Management[Policies > Create policy]. +.. In the navigation pane on the left, choose *Access Management > Policies > Create policy*. .. Select the *JSON* tab. + diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws-org.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws-org.adoc index 423222c2e9..f168e51ec9 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws-org.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws-org.adoc @@ -76,11 +76,7 @@ After you download the CFT from Prisma Cloud and before you upload and create a * Click *Services* from the left navigation pane. -* Choose *AWS Account Management* from the list of services. - -* Select *Enable trusted access*. - -* Click *Services* again and choose *CloudFormation StackSets* from the list of services. +* Choose *CloudFormation StackSets* from the list of services. * Select *Enable trusted access*. diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-aws-account.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-aws-account.adoc index f727864c9c..62add413e0 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-aws-account.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-aws-account.adoc @@ -45,7 +45,7 @@ If you decide to create a new stack instead of updating the existing stack, you .. *Update* your CFT. + -If you created a new stack, you must log in to the Prisma Cloud administrative console, select your cloud account on menu:Settings[Cloud Accounts], click the *Edit* icon, navigate to *Configure Account*, and enter the *PrismaCloudRoleARN* value from the AWS CFT output in the *IAM Role ARN* field. +If you created a new stack, you must log in to the Prisma Cloud administrative console, select your cloud account on *Settings > Cloud Accounts*, click the *Edit* icon, navigate to *Configure Account*, and enter the *PrismaCloudRoleARN* value from the AWS CFT output in the *IAM Role ARN* field. + [TIP] ==== diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-onboarded-aws-accnt-to-org.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-onboarded-aws-accnt-to-org.adoc index 09cf15332e..f683e15c15 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-onboarded-aws-accnt-to-org.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-onboarded-aws-accnt-to-org.adoc @@ -36,4 +36,9 @@ You can enter the same *Account Name* as the one you had entered while onboardin . Click *Save*. + After successfully onboarding the account, you will see it onboarded as an *Organization* on the *Cloud Accounts* page. -//+image::connect/aws-accnt-to-org-0-6.png[] \ No newline at end of file +//+image::connect/aws-accnt-to-org-0-6.png[] + +[NOTE] +==== +Updating from an individual account to an *Organization* is not supported for *Agentless* functions. If you previously onboarded a single account and now wish to switch to an *Organization* you will need to delete the single account on Prisma Cloud before proceeding with creating an *Organization*. +==== \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc index e01f8da292..58b72e4d62 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-organization.adoc @@ -51,11 +51,11 @@ If you are onboarding a GCP folder, you must have the https://cloud.google.com/i . Grant the service account permission to access your Cloud Storage bucket. + -.. Select menu:Navigation{sp}menu[Storage] and select your Cloud Storage bucket. +.. Select *Navigation menu > Storage* and select your Cloud Storage bucket. -.. Select menu:Permissions[Add members]. +.. Select *Permissions > Add members*. -.. Add the service account email address for *Members*, select menu:Storage[Storage Admin] and select *Add*. +.. Add the service account email address for *Members*, select *Storage > Storage Admin* and select *Add*. + image::connect/gcp-organization-storage-account-access.png[] diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-project.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-project.adoc index 26042e2005..0c71a10909 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-project.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-project.adoc @@ -23,7 +23,7 @@ To analyze your network traffic, you must enable flow logs for each project you + .. Log in to https://console.cloud.google.com/[GCP console] and select your project. -.. Select menu:Navigation{sp}menu[VPC network > VPC networks]. +.. Select *Navigation menu > VPC network > VPC networks*. + image::connect/gcp-flow-logs-vpc-network.png[] @@ -56,11 +56,11 @@ You must grant the Prisma Cloud service principal permissions to list objects in + You must create a sink and specify a Cloud Storage bucket as the export destination for VPC flow logs. You must configure a sink for every project that you want Prisma Cloud to monitor and configure a single Cloud Storage bucket as the sink destination for all projects. When you xref:onboard-gcp-project.adoc[Onboard Your GCP Project], you must provide the Cloud Storage bucket from which the service can ingest VPC flow logs. As a cost reduction best practice, set a lifecycle to delete logs from your Cloud Storage bucket. + -.. While authenticated into GCP, switch to the new Logs Explorer by selecting menu:Navigation{sp}menu[Logging > Legacy Logs Viewer > Upgrade > Upgrade to the new Logs Explorer]. +.. While authenticated into GCP, switch to the new Logs Explorer by selecting *Navigation menu > Logging > Legacy Logs Viewer > Upgrade > Upgrade to the new Logs Explorer*. .. Create a sink. + -Select menu:Logging[Logs Router > Create Sink]. +Select *Logging > Logs Router > Create Sink*. + image::connect/gcp-flow-logs-stackdriver-logging.png[] @@ -95,7 +95,7 @@ userinput:[logName:("projects/text-project-351281/logs/compute.googleapis.com%2F + By default, logs are never deleted. To manage cost, specify the threshold (in number of days) for which you want to store logs. -... Select menu:Navigation{sp}Menu[Cloud Storage > Browser]. +... Select *Navigation Menu > Cloud Storage > Browser*. ... Select the *Lifecycle* link for the storage bucket you want to modify. + @@ -117,7 +117,7 @@ You can review the status and take necessary actions to resolve any issues encou .. Authenticate into Prisma Cloud and verify that your storage bucket is being ingested. + -Select menu:Settings[Cloud Accounts], filter for GCP cloud accounts. Click the *Edit* icon under the *Actions* column to view the results. +Select *Settings > Cloud Accounts*, filter for GCP cloud accounts. Click the *Edit* icon under the *Actions* column to view the results. .. Navigate to *Investigate*, replace the name with your GCP cloud account name, and enter the following network query: + diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp-project.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp-project.adoc index 16e0784f9f..dff99f9945 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp-project.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp-project.adoc @@ -8,7 +8,7 @@ Begin here to add a GCP project to Prisma Cloud. If you want to add multiple pro [NOTE] ==== -After you start monitoring your project using Prisma Cloud, if you delete the project on GCP, Prisma Cloud automatically deletes the account from the list of monitored accounts on menu:Settings[Cloud Accounts]. To track the automatic deletion of the project, an audit log is generated with information on the name of the deleted account and the date that the action was performed. +After you start monitoring your project using Prisma Cloud, if you delete the project on GCP, Prisma Cloud automatically deletes the account from the list of monitored accounts on *Settings > Cloud Accounts*. To track the automatic deletion of the project, an audit log is generated with information on the name of the deleted account and the date that the action was performed. ==== [.procedure] diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/prerequisites-to-onboard-gcp.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/prerequisites-to-onboard-gcp.adoc index a6784c797d..964db887f6 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/prerequisites-to-onboard-gcp.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/prerequisites-to-onboard-gcp.adoc @@ -95,112 +95,158 @@ The following table lists the APIs and associated granular permissions if you wa |*Enable this API on* |API Keys -|screen:[apikeys.googleapis.com] +|`apikeys.googleapis.com` |Authenticates requests associated with your project for usage and billing purposes. |API Keys Viewer -|screen:[apikeys.keys.list]screen:[apikeys.keys.get] +|`apikeys.keys.list` +`apikeys.keys.get` | |App Engine API -|screen:[appengine.googleapis.com] +|`appengine.googleapis.com` |Allows you to access App Engine, which is a fully managed serverless platform on GCP. |App Engine Viewer -|screen:[appengine.applications.get] +|`appengine.applications.get` |Project where you have created the service account |Access Context Manager API -|screen:[accesscontextmanager.googleapis.com] +|`accesscontextmanager.googleapis.com` |Read access to policies, access levels, and access zones. |Access Context Manager Reader -|screen:[accesscontextmanager.accessPolicies.list]screen:[accesscontextmanager.policies.list]screen:[accesscontextmanager.accessLevels.list]screen:[accesscontextmanager.servicePerimeters.list] +|`accesscontextmanager.accessPolicies.list` +`accesscontextmanager.policies.list` +`accesscontextmanager.accessLevels.list` +`accesscontextmanager.servicePerimeters.list` |Project where you have created the service account |Access Approval -|screen:[accessapproval.googleapis.com] +|`accessapproval.googleapis.com` |Allows you to access settings associated with a project, folder, or organization. |Project Viewer -|screen:[accessapproval.settings.get] +|`accessapproval.settings.get` |Project where you have created the service account |API Gateway -|screen:[apigateway.googleapis.com] +|`apigateway.googleapis.com` |Enables you to create, secure, and monitor APIs for Google Cloud serverless back ends, including Cloud Functions, Cloud Run, and App Engine. |API Gateway Viewer -|screen:[apigateway.gateways.getIamPolicy]screen:[apigateway.gateways.list]screen:[apigateway.gateways.get]screen:[apigateway.locations.list] +|`apigateway.gateways.getIamPolicy` +`apigateway.gateways.list` +`apigateway.gateways.get` +`apigateway.locations.list` |Every project that the service account can access |BigQuery API -|screen:[cloudasset.googleapis.com] +|`cloudasset.googleapis.com` |Allows you to create, manage, share, and query data. |Cloud Asset Viewer -|screen:[bigquery.tables.get]screen:[cloudasset.assets.searchAllResources]screen:[cloudasset.assets.searchAllIamPolicies] +|`bigquery.tables.get` +`cloudasset.assets.searchAllResources` +`cloudasset.assets.searchAllIamPolicies` |Project where you have created the service account |Binary Authorization API -|screen:[binaryauthorization.googleapis.com] +|`binaryauthorization.googleapis.com` |Enables you to configure a policy that the service enforces when an attempt is made to deploy a container image on one of the supported container-based platforms. |Project Viewer -|screen:[binaryauthorization.policy.get]screen:[binaryauthorization.policy.getIamPolicy] +|`binaryauthorization.policy.get` +`binaryauthorization.policy.getIamPolicy` |Project where you have created the service account |Cloud Data Fusion -|screen:[datafusion.googleapis.com] +|`datafusion.googleapis.com` |Cloud Data Fusion is a fully managed, cloud-native, enterprise data integration service for quickly building and managing data pipelines. |Project Viewer -|screen:[datafusion.instances.list]screen:[datafusion.instances.getIamPolicy] +|`datafusion.instances.list` +`datafusion.instances.getIamPolicy` |Every project that the service account can access |Cloud Functions -|screen:[cloudfunctions.googleapis.com] +|`cloudfunctions.googleapis.com` |Cloud Functions is Google Cloud’s event-driven serverless compute platform. |Project Viewer -|screen:[cloudfunctions.functions.getIamPolicy]screen:[cloudfunctions.functions.list]screen:[cloudfunctions.functions.get] -screen:[cloudfunctions.locations.list] +|`cloudfunctions.functions.getIamPolicy` +`cloudfunctions.functions.list` +`cloudfunctions.functions.get` +`cloudfunctions.locations.list` |Project where you have created the service account |Cloud DataFlow API -|screen:[dataflow.googleapis.com] +|`dataflow.googleapis.com` |Manages Google Cloud Dataflow projects. |Dataflow Admin -|screen:[iam.serviceAccounts.actAs]screen:[resourcemanager.projects.get]screen:[storage.buckets.get]screen:[storage.objects.create]screen:[storage.objects.get]screen:[storage.objects.list]See xref:flow-logs-compression.adoc[Flow Logs Compression] +|`iam.serviceAccounts.actAs` +`resourcemanager.projects.get` +`storage.buckets.get` +`storage.objects.create` +`storage.objects.get` +`storage.objects.list` +See xref:flow-logs-compression.adoc[Flow Logs Compression] |Project that runs Data Flow |Cloud DNS API -|screen:[dns.googleapis.com] +|`dns.googleapis.com` |Cloud DNS translates requests for domain names into IP addresses and manages and publishes DNS zones and records. |DNS Reader -|screen:[dns.dnsKeys.list]screen:[dns.managedZones.list]screen:[dns.projects.get]screen:[dns.policies.list]screen:[dns.managedZones.list]screen:[dns.resourceRecordSets.list] +|`dns.dnsKeys.list` +`dns.managedZones.list` +`dns.projects.get` +`dns.policies.list` +`dns.managedZones.list` +`dns.resourceRecordSets.list` +`dns.responsePolicyRules.list` |Every project that the service account can access |Cloud Pub/Sub -|screen:[pubsub.googleapis.com] +|`pubsub.googleapis.com` |Real-time messaging service that allows you to send and receive messages between independent applications. |Project Viewer and a custom role with granular privileges -|screen:[pubsub.topics.list]screen:[pubsub.topics.get]screen:[pubsub.topics.getIamPolicy]screen:[pubsub.subscriptions.list]screen:[pubsub.subscriptions.get]screen:[pubsub.subscriptions.getIamPolicy]screen:[pubsub.snapshots.list]screen:[pubsub.snapshots.getIamPolicy]screen:[cloudasset.assets.searchAllIamPolicies] +|`pubsub.topics.list` +`pubsub.topics.get` +`pubsub.topics.getIamPolicy` +`pubsub.subscriptions.list` +`pubsub.subscriptions.get` +`pubsub.subscriptions.getIamPolicy` +`pubsub.snapshots.list` +`pubsub.snapshots.getIamPolicy` +`cloudasset.assets.searchAllIamPolicies` |Every project that the service account can access |Container Analysis -|screen:[containeranalysis.googleapis.com] +|`containeranalysis.googleapis.com` |Container Analysis provides vulnerability scanning and metadata storage for containers through Container Analysis. |Project Viewer -|screen:[containeranalysis.occurrences.list] +|`containeranalysis.occurrences.list` |Every project that the service account can access |Google Dataplex -|screen:[dataplex.googleapis.com] +|`dataplex.googleapis.com` |Unifies distributed data and automates data management and governance across that data to power analytics at scale. |Project Viewer -|screen:[dataplex.assets.list]screen:[dataplex.assets.getIamPolicy]screen:[dataplex.assetActions.list]screen:[dataplex.content.list]screen:[dataplex.content.getIamPolicy]screen:[dataplex.entities.list]screen:[dataplex.locations.list]screen:[dataplex.lakes.list]screen:[dataplex.lakes.getIamPolicy]screen:[dataplex.tasks.list]screen:[dataplex.tasks.getIamPolicy]screen:[dataplex.zones.list]screen:[dataplex.lakeActions.list]screen:[dataplex.zoneActions.list] +|`dataplex.assets.list` +`dataplex.assets.getIamPolicy` +`dataplex.assetActions.list` +`dataplex.content.list` +`dataplex.content.getIamPolicy` +`dataplex.entities.list` +`dataplex.locations.list` +`dataplex.lakes.list` +`dataplex.lakes.getIamPolicy` +`dataplex.tasks.list` +`dataplex.tasks.getIamPolicy` +`dataplex.zones.list` +`dataplex.lakeActions.list` +`dataplex.zoneActions.list` |Project where you have created the service account .2+|Google Cloud Resource Manager API -.2+|screen:[cloudresourcemanager.googleapis.com] +.2+|`cloudresourcemanager.googleapis.com` .2+|Creates, reads, and updates metadata for Google Cloud Platform resource containers. .2+|Project Viewer -|screen:[resourcemanager.projects.getIamPolicy] +|`resourcemanager.projects.getIamPolicy` |Project where you have created the service account -|screen:[resourcemanager.folders.getIamPolicy] +|`resourcemanager.folders.getIamPolicy` |tt:[Only required for GCP Organization]Project where you have created the service account And @@ -208,146 +254,205 @@ And Every project that the service account can access |Google Cloud Data Loss Prevention -|screen:[dlp.googleapis.com] +|`dlp.googleapis.com` |Cloud Data Loss Prevention is a fully managed service designed to discover, classify, and protect the most sensitive data. |Project Viewer -|screen:[dlp.inspectTemplates.list]screen:[dlp.deidentifyTemplates.list]screen:[dlp.jobTriggers.list]screen:[dlp.deidentifyTemplates.list]screen:[dlp.inspectTemplates.list]screen:[dlp.storedInfoTypes.list] +|`dlp.inspectTemplates.list` +`dlp.deidentifyTemplates.list` +`dlp.jobTriggers.list` +`dlp.deidentifyTemplates.list` +`dlp.inspectTemplates.list` +`dlp.storedInfoTypes.list` |Project where you have created the service account |Google Cloud Deploy -|screen:[clouddeploy.googleapis.com] +|`clouddeploy.googleapis.com` |Google Cloud Deploy is an opinionated, serverless, secure continuous delivery service for GKE to manage release progression from dev to staging to prod. |Project Viewer -|screen:[clouddeploy.config.get]screen:[clouddeploy.locations.list]screen:[clouddeploy.deliveryPipelines.list]screen:[clouddeploy.deliveryPipelines.getIamPolicy]screen:[clouddeploy.targets.list]screen:[clouddeploy.targets.getIamPolicy] +|`clouddeploy.config.get` +`clouddeploy.locations.list` +`clouddeploy.deliveryPipelines.list` +`clouddeploy.deliveryPipelines.getIamPolicy` +`clouddeploy.targets.list` +`clouddeploy.targets.getIamPolicy` |Every project that the service account can access |Google Firebase App Distribution -|screen:[firebaseappdistribution.googleapis.com]screen:[cloudresourcemanager.googleapis.com] +|`firebaseappdistribution.googleapis.com` +`cloudresourcemanager.googleapis.com` |Firebase App Distributimakes painless distribution of apps to trusted testers by getting the apps onto testers' devices quickly and also can get feedback early and often. |Project Viewer -|screen:[resourcemanager.projects.get]screen:[firebaseappdistro.testers.list] +|`resourcemanager.projects.get` +`firebaseappdistro.testers.list` |Project where you have created the service account |Google Firebase Remote Config -|screen:[firebaseremoteconfig.googleapis.com] +|`firebaseremoteconfig.googleapis.com` |Firebase Remote Config gives visibility and fine-grained control over app's behavior and appearance by simply updating its configuration. |Project Viewer -|screen:[cloudconfig.configs.get] +|`cloudconfig.configs.get` |Project where you have created the service account |Cloud Key Management Service (KMS) API -|screen:[cloudasset.googleapis.com] +|`cloudasset.googleapis.com` |Google Cloud KMS allows customers to manage encryption keys and perform cryptographic operations with those keys. |Cloud Asset Viewer -|screen:[cloudasset.assets.searchAllResources]screen:[cloudasset.assets.searchAllIamPolicies]screen:[cloudkms.keyRings.get]screen:[cloudkms.keyRings.getIamPolicy]screen:[cloudkms.cryptoKeys.get]screen:[cloudkms.cryptoKeys.getIamPolicy] +|`cloudasset.assets.searchAllResources` +`cloudasset.assets.searchAllIamPolicies` +`cloudkms.keyRings.get` +`cloudkms.keyRings.getIamPolicy` +`cloudkms.cryptoKeys.get` +`cloudkms.cryptoKeys.getIamPolicy` |Project where you have created the service account |Cloud Service Usage API -|screen:[serviceusage.googleapis.com] +|`serviceusage.googleapis.com` |API that lists the available or enabled services, or disables services that service consumers no longer use on GCP. |Project Viewer -|screen:[serviceusage.services.list] +|`serviceusage.services.list` |Project where you have created the service account |Google Binary Authorization -|screen:[binaryauthorization.googleapis.com] +|`binaryauthorization.googleapis.com` |A service that enables policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run. |Project Viewer -|screen:[binaryauthorization.policy.get]screen:[binaryauthorization.policy.getIamPolicy] +|`binaryauthorization.policy.get` +`binaryauthorization.policy.getIamPolicy` |Every project that the service account can access |Google Cloud Armor -|screen:[compute.googleapis.com] +|`compute.googleapis.com` |Network security service that provides defenses against DDoS and application attacks, and offers WAF rules. |Project Viewer -|screen:[compute.securityPolicies.list]screen:[compute.securityPolicies.get] +|`compute.securityPolicies.list` +`compute.securityPolicies.get` |Every project that the service account can access |Google Cloud Billing -|screen:[cloudbilling.googleapis.com] +|`cloudbilling.googleapis.com` |Cloud Billing is a collection of tools to track and to understand Google Cloud spending, pay bills, and optimize costs.. |Project Viewer -|screen:[resourcemanager.projects.get] +|`resourcemanager.projects.get` |Every project that the service account can access |Google Cloud Tasks -|screen:[cloudtasks.googleapis.com] +|`cloudtasks.googleapis.com` |API to fetch task and queue information. |Project Viewer -|screen:[cloudtasks.locations.list]screen:[cloudtasks.tasks.list]screen:[cloudtasks.queues.list]screen:[run.locations.list] +|`cloudtasks.locations.list` +`cloudtasks.tasks.list` +`cloudtasks.queues.list` +`run.locations.list` |Every project that the service account can access |Google AI Platform -|screen:[ml.googleapis.com] +|`ml.googleapis.com` |A suite of services on Google Cloud specifically targeted at building, deploying, and managing machine learning models in the cloud. | -|screen:[ml.models.list]screen:[ml.models.getIamPolicy]screen:[ml.jobs.getIamPolicy]screen:[ml.jobs.list]screen:[ml.jobs.get] +|`ml.models.list` +`ml.models.getIamPolicy` +`ml.jobs.getIamPolicy` +`ml.jobs.list` +`ml.jobs.get` | |Google Analytics Hub -|screen:[analyticshub.googleapis.com] +|`analyticshub.googleapis.com` |Analytics Hub is a data exchange that allows to efficiently and securely exchange data assets across organizations to address challenges of data reliability and cost. |Project Viewer -|screen:[analyticshub.dataExchanges.list] +|`analyticshub.dataExchanges.list` |Every project that the service account can access |Google Anthos GKE Fleet Management -|screen:[gkehub.googleapis.com] -|Anthos offers capabilities built around the idea of the fleet: a logical grouping of Kubernetes clusters and other assets that can be managed together. +|`gkehub.googleapis.com` +|Anthos offers capabilities built around the idea of the fleet: a logical grouping of Kubernetes clusters and other resources that can be managed together. |Project Viewer -|screen:[gkehub.locations.list]screen:[gkehub.memberships.list]screen:[gkehub.memberships.getIamPolicy]screen:[gkehub.features.list]screen:[gkehub.features.getIamPolicy] +|`gkehub.locations.list` +`gkehub.memberships.list` +`gkehub.memberships.getIamPolicy` +`gkehub.features.list` +`gkehub.features.getIamPolicy` |Every project that the service account can access |Google Apigee X -|screen:[apigee.googleapis.com] +|`apigee.googleapis.com` |Apigee X is a new version of Google Cloud's API management platform that assists enterprises in making the transition to digital platforms. |Project Viewer -|screen:[apigee.apiproducts.get]screen:[apigee.apiproducts.list]screen:[apigee.organizations.get]screen:[apigee.organizations.list]screen:[apigee.sharedflows.list]screen:[apigee.sharedflows.get]screen:[apigee.deployments.list]screen:[apigee.datacollectors.list]screen:[apigee.datastores.list]screen:[apigee.instances.list]screen:[apigee.instanceattachments.list]screen:[apigee.envgroups.list]screen:[apigee.environments.get]screen:[apigee.environments.getIamPolicy]screen:[apigee.hostsecurityreports.list]screen:[apigee.proxies.get]screen:[apigee.proxies.list]screen:[apigee.reports.list]screen:[apigee.securityProfiles.list] +|`apigee.apiproducts.get` +`apigee.apiproducts.list` +`apigee.organizations.get` +`apigee.organizations.list` +`apigee.sharedflows.list` +`apigee.sharedflows.get` +`apigee.deployments.list` +`apigee.datacollectors.list` +`apigee.datastores.list` +`apigee.instances.list` +`apigee.instanceattachments.list` +`apigee.envgroups.list` +`apigee.environments.get` +`apigee.environments.getIamPolicy` +`apigee.hostsecurityreports.list` +`apigee.proxies.get` +`apigee.proxies.list` +`apigee.reports.list` +`apigee.securityProfiles.list` |Every project that the service account can access |Google Artifact Registry -|screen:[artifactregistry.googleapis.com] +|`artifactregistry.googleapis.com` |Artifact Registry is a scalable and integrated service to store and manage build artifacts. |Project Viewer -|screen:[artifactregistry.locations.list]screen:[artifactregistry.repositories.list]screen:[artifactregistry.repositories.getIamPolicy] +|`artifactregistry.locations.list` +`artifactregistry.repositories.list` +`artifactregistry.repositories.getIamPolicy` |Every project that the service account can access |Google Essential Contacts -|screen:[essentialcontacts.googleapis.com] +|`essentialcontacts.googleapis.com` |Allows you to customize who receives notifications from Google Cloud services, such as Cloud Billing, by providing a list of contacts. |Project Viewer -|screen:[essentialcontacts.contacts.list ] +|`essentialcontacts.contacts.list` |Project where you have created the service account |Google Firebase Rules -|screen:[firebaserules.googleapis.com] +|`firebaserules.googleapis.com` |An application development software that enables developers to develop iOS, Android and Web apps. | -+++Viewer role does not include firebaserules.rulesets.get+++ -|screen:[firebaserules.rulesets.get]screen:[firebaserules.rulesets.list]screen:[firebaserules.releases.list] +|`firebaserules.rulesets.get` +`firebaserules.rulesets.list` +`firebaserules.releases.list` | |Google Cloud Composer -|screen:[composer.googleapis.com] +|`composer.googleapis.com` | |Project Viewer -|screen:[composer.environments.list]screen:[composer.environments.get] +|`composer.environments.list` +`composer.environments.get` |Every project that the service account can access |Google Cloud Source Repositories API -|screen:[sourcerepo.googleapis.com] +|`sourcerepo.googleapis.com` |A private Git repository to design, develop, and securely manage your code. |Source Repository Reader -|screen:[source.repos.list]screen:[source.repos.getIamPolicy] +|`source.repos.list` +`source.repos.getIamPolicy` |Every project that the service account can access |Google Cloud Spanner API -|screen:[spanner.googleapis.com] +|`spanner.googleapis.com` |A globally distributed NewSQL database service and storage solution designed to support global online transaction processing deployments. |Cloud Spanner Viewer -|screen:[spanner.databases.list]screen:[spanner.databases.getIamPolicy]screen:[spanner.instances.list]screen:[spanner.instanceConfigs.list]screen:[spanner.instances.getIamPolicy]screen:[spanner.backups.list]screen:[spanner.backups.getIamPolicy] +|`spanner.databases.list` +`spanner.databases.getIamPolicy` +`spanner.instances.list` +`spanner.instanceConfigs.list` +`spanner.instances.getIamPolicy` +`spanner.backups.list` +`spanner.backups.getIamPolicy` |Project where you have created the service account And @@ -355,280 +460,439 @@ And Every project that the service account can access |Cloud SQL Admin API -|screen:[sqladmin.googleapis.com] +|`sqladmin.googleapis.com` |API for Cloud SQL database instance management. |Custom Role -|screen:[cloudsql.instances.list] +|`cloudsql.instances.list` |Project where you have created the service account |Compute Engine API -|screen:[compute.googleapis.com] +|`compute.googleapis.com` |Creates and runs virtual machines on the Google Cloud Platform. |Project Viewer -|screen:[cloudasset.assets.searchAllIamPolicies]screen:[compute.addresses.list]screen:[compute.backendServices.list]screen:[compute.backendBuckets.list]screen:[compute.sslCertificates.list]screen:[compute.disks.get]screen:[compute.disks.list]screen:[compute.firewalls.list]screen:[compute.forwardingRules.list]screen:[compute.globalForwardingRules.list]screen:[compute.images.get]screen:[compute.images.list]screen:[compute.images.getIamPolicy]screen:[compute.instances.getIamPolicy]screen:[compute.instances.list]screen:[compute.instanceGroups.list]screen:[compute.instanceTemplates.list]screen:[compute.instanceTemplates.getIamPolicy]screen:[compute.targetSslProxies.list]screen:[compute.networks.get]screen:[compute.networks.list]screen:[compute.subnetworks.get]screen:[compute.projects.get]screen:[compute.regionBackendServices.list]screen:[compute.routers.get]screen:[compute.routers.list]screen:[compute.routes.list]screen:[compute.snapshots.list]screen:[compute.snapshots.getIamPolicy]screen:[compute.sslPolicies.get]screen:[compute.sslPolicies.list]screen:[compute.subnetworks.list]screen:[compute.targetHttpProxies.list]screen:[compute.targetHttpsProxies.list]screen:[compute.targetPools.list]screen:[compute.urlMaps.list]screen:[compute.vpnTunnels.list]screen:[compute.externalVpnGateways.list] +|`cloudasset.assets.searchAllIamPolicies` +`compute.addresses.list` +`compute.backendServices.list` +`compute.backendBuckets.list` +`compute.sslCertificates.list` +`compute.disks.get` +`compute.disks.list` +`compute.firewalls.list` +`compute.forwardingRules.list` +`compute.globalForwardingRules.list` +`compute.images.get` +`compute.images.list` +`compute.images.getIamPolicy` +`compute.instances.getIamPolicy` +`compute.instances.list` +`compute.instanceGroups.list` +`compute.instanceTemplates.list` +`compute.instanceTemplates.getIamPolicy` +`compute.targetSslProxies.list` +`compute.networks.get` +`compute.networks.list` +`compute.subnetworks.get` +`compute.projects.get` +`compute.regionBackendServices.list` +`compute.routers.get` +`compute.routers.list` +`compute.routes.list` +`compute.snapshots.list` +`compute.snapshots.getIamPolicy` +`compute.sslPolicies.get` +`compute.sslPolicies.list` +`compute.subnetworks.list` +`compute.targetHttpProxies.list` +`compute.targetHttpsProxies.list` +`compute.targetPools.list` +`compute.urlMaps.list` +`compute.vpnTunnels.list` +`compute.externalVpnGateways.list` |Project where you have created the service account |Cloud Bigtable API -|screen:[bigtableadmin.googleapis.com] +|`bigtableadmin.googleapis.com` |Google Cloud Bigtable is a NoSQL Big Data database service. |Custom Role -|screen:[bigtable.appProfiles.get]screen:[bigtable.appProfiles.list]screen:[bigtable.clusters.get]screen:[bigtable.clusters.list]screen:[bigtable.instances.get]screen:[bigtable.instances.list]screen:[bigtable.instances.getIamPolicy]screen:[bigtable.tables.get]screen:[bigtable.tables.list]screen:[bigtable.tables.getIamPolicy]screen:[bigtable.backups.list]screen:[bigtable.backups.getIamPolicy] +|`bigtable.appProfiles.get` +`bigtable.appProfiles.list` +`bigtable.clusters.get` +`bigtable.clusters.list` +`bigtable.instances.get` +`bigtable.instances.list` +`bigtable.instances.getIamPolicy` +`bigtable.tables.get` +`bigtable.tables.list` +`bigtable.tables.getIamPolicy` +`bigtable.backups.list` +`bigtable.backups.getIamPolicy` |Project where you have created the service account |Google Cloud Storage API -|screen:[storage-component.googleapis.com] +|`storage-component.googleapis.com` |Cloud Storage is a RESTful service for storing and accessing your data on Google’s infrastructure. |Custom Role -|screen:[storage.buckets.get]screen:[storage.buckets.getIamPolicy]screen:[storage.buckets.list] +|`storage.buckets.get` +`storage.buckets.getIamPolicy` +`storage.buckets.list` |No specific requirement for Prisma Cloud |Google Organization Policy -|screen:[orgpolicy.googleapis.com] -|Organization Policy Service provides centralized and programmatic control over organization's cloud assets through configurable constraints across the entire asset hierarchy. +|`orgpolicy.googleapis.com` +|Organization Policy Service provides centralized and programmatic control over organization's cloud resources through configurable constraints across the entire resource hierarchy. |Project Viewer -|screen:[orgpolicy.constraints.list]screen:[orgpolicy.policy.get] +|`orgpolicy.constraints.list` +`orgpolicy.policy.get` |Project where you have created the service account |Google Dataproc Clusters API -|screen:[dataproc.googleapis.com] +|`dataproc.googleapis.com` |Dataproc is a managed service for creating clusters of compute that can be used to run Hadoop and Spark applications. |Project Viewer -|screen:[dataproc.clusters.list]screen:[dataproc.clusters.get]screen:[dataproc.clusters.getIamPolicy]screen:[cloudasset.assets.searchAllIamPolicies]screen:[dataproc.workflowTemplates.list]screen:[dataproc.workflowTemplates.getIamPolicy]screen:[dataproc.autoscalingPolicies.list]screen:[dataproc.autoscalingPolicies.getIamPolicy] +|`dataproc.clusters.list` +`dataproc.clusters.get` +`dataproc.clusters.getIamPolicy` +`cloudasset.assets.searchAllIamPolicies` +`dataproc.workflowTemplates.list` +`dataproc.workflowTemplates.getIamPolicy` +`dataproc.autoscalingPolicies.list` +`dataproc.autoscalingPolicies.getIamPolicy` |Every project that the service account can access |Google Dataproc Metastore -|screen:[metastore.googleapis.com] +|`metastore.googleapis.com` |Dataproc is a managed service for creating clusters of compute that can be used to run Hadoop and Spark applications. |Project Viewer -|screen:[metastore.locations.list]screen:[metastore.services.list]screen:[metastore.services.getIamPolicy] +|`metastore.locations.list` +`metastore.services.list` +`metastore.services.getIamPolicy` |Every project that the service account can access |Google Data Catalog -|screen:[datacatalog.googleapis.com] +|`datacatalog.googleapis.com` |Data Catalog is a fully managed, scalable metadata management service which helps in searching and tagging data entries. |Project Viewer -|screen:[datacatalog.taxonomies.list]screen:[datacatalog.taxonomies.getIamPolicy]screen:[datacatalog.taxonomies.get]screen:[datacatalog.entryGroups.list]screen:[datacatalog.entryGroups.getIamPolicy]screen:[datacatalog.entryGroups.get] +|`datacatalog.taxonomies.list` +`datacatalog.taxonomies.getIamPolicy` +`datacatalog.taxonomies.get` +`datacatalog.entryGroups.list` +`datacatalog.entryGroups.getIamPolicy` +`datacatalog.entryGroups.get` |Project where you have created the service account |Google Datastore -|screen:[datastore.googleapis.com] +|`datastore.googleapis.com` |Datastore is a schemaless NoSQL database to provide fully managed, robust, scalable storage for any application. |Project Viewer -|screen:[datastore.indexes.list] +|`datastore.indexes.list` |Project where you have created the service account |Google Datastream -|screen:[datastream.googleapis.com] +|`datastream.googleapis.com` |Datastream is a serverless change data capture (CDC) and replication service to synchronize data across heterogeneous databases and applications. |Project Viewer -|screen:[datastream.locations.list]screen:[datastream.privateConnections.list]screen:[datastream.connectionProfiles.list]screen:[datastream.streams.list] +|`datastream.locations.list` +`datastream.privateConnections.list` +`datastream.connectionProfiles.list` +`datastream.streams.list` | |Google AlloyDB for PostgreSQL |`alloydb.googleapis.com` |AlloyDB for PostgreSQL is a fully managed, PostgreSQL-compatible database service designed for most demanding workloads, including hybrid transactional and analytical processing. |Project Viewer -|`alloydb.locations.list``alloydb.backups.list``alloydb.clusters.list``alloydb.instances.list``alloydb.users.list` +|`alloydb.locations.list` +`alloydb.backups.list` +`alloydb.clusters.list` +`alloydb.instances.list` +`alloydb.users.list` |Project where you have created the service account - |Google Recommendation APIs -|screen:[recommender.googleapis.com]GCP IAM Recommender +|`recommender.googleapis.com`GCP IAM Recommender -screen:[gcloud-recommender-organization-iam-policy-lateral-movement-insight] -|Google Recommender provides usage recommendations for Google Cloud assets. Recommenders are specific to a single Google Cloud product and asset type. +`gcloud-recommender-organization-iam-policy-lateral-movement-insight` +|Google Recommender provides usage recommendations for Google Cloud resources. Recommenders are specific to a single Google Cloud product and resource type. |IAM Recommender Viewer -|screen:[recommender.iamPolicyRecommendations.list]screen:[recommender.iamPolicyInsights.list]screen:[recommender.iamServiceAccountInsights.list]screen:[recommender.iamPolicyLateralMovementInsights.list] +|`recommender.iamPolicyRecommendations.list` +`recommender.iamPolicyInsights.list` +`recommender.iamServiceAccountInsights.list` +`recommender.iamPolicyLateralMovementInsights.list` |Project where you have created the service account |Google HealthCare -|screen:[healthcare.googleapis.com] +|`healthcare.googleapis.com` |Manages solutions for storing and accessing healthcare data in Google Cloud. |Project Viewer -|screen:[healthcare.locations.list]screen:[healthcare.datasets.get]screen:[healthcare.datasets.list]screen:[healthcare.datasets.getIamPolicy] +|`healthcare.locations.list` +`healthcare.datasets.get` +`healthcare.datasets.list` +`healthcare.datasets.getIamPolicy` |Every project that the service account can access |Google Hybrid Connectivity -|screen:[networkconnectivity.googleapis.com] +|`networkconnectivity.googleapis.com` |Network Connectivity is Google's suite of products that provide enterprise connectivity from your on-premises network or from another cloud provider to your Virtual Private Cloud (VPC) network. |Project Viewer -|screen:[networkconnectivity.hubs.list]screen:[networkconnectivity.hubs.getIamPolicy]screen:[networkconnectivity.locations.list]screen:[networkconnectivity.spokes.list]screen:[networkconnectivity.spokes.getIamPolicy] +|`networkconnectivity.hubs.list` +`networkconnectivity.hubs.getIamPolicy` +`networkconnectivity.locations.list` +`networkconnectivity.spokes.list` +`networkconnectivity.spokes.getIamPolicy` |Every project that the service account can access |Google Cloud Run API -|screen:[run.googleapis.com] +|`run.googleapis.com` |Deploys and manages user provided container images. |Project Viewer -|screen:[run.locations.list]screen:[run.services.list]screen:[cloudasset.assets.searchAllIamPolicies] +|`run.locations.list` +`run.services.list` +`cloudasset.assets.searchAllIamPolicies` +`run.jobs.list` +`run.jobs.getIamPolicy` + |Every project that the service account can access |Google Secrets Manager -|screen:[secretmanager.googleapis.com] +|`secretmanager.googleapis.com` |Stores sensitive data such as API keys, passwords, and certificates. |Secret Manager Viewer -|screen:[secretmanager.secrets.list]screen:[secretmanager.secrets.getIamPolicy]screen:[secretmanager.versions.list] +|`secretmanager.secrets.list` +`secretmanager.secrets.getIamPolicy` +`secretmanager.versions.list` |Every project that the service account can access |Google Security Command Center -|screen:[securitycenter.googleapis.com] +|`securitycenter.googleapis.com` |Security Command Center is centralized vulnerability and threat reporting service which helps to mitigate and remediate security risks. |Project Viewer -|screen:[securitycenter.sources.list]screen:[securitycenter.sources.getIamPolicy]screen:[securitycenter.organizationsettings.get]screen:[securitycenter.notificationconfig.list]screen:[securitycenter.muteconfigs.list] +|`securitycenter.sources.list` +`securitycenter.sources.getIamPolicy` +`securitycenter.organizationsettings.get` +`securitycenter.notificationconfig.list` +`securitycenter.muteconfigs.list` |Project where you have created the service account |Google Serverless VPC Access -|screen:[vpcaccess.googleapis.com] -|Serverless VPC Access allows Cloud Functions and App Engine apps to access assets in a VPC network using those asset’s private IPs. +|`vpcaccess.googleapis.com` +|Serverless VPC Access allows Cloud Functions and App Engine apps to access resources in a VPC network using those resources’ private IPs. |Project Viewer -|screen:[vpcaccess.locations.list]screen:[vpcaccess.connectors.list] +|`vpcaccess.locations.list` +`vpcaccess.connectors.list` |Every project that the service account can access |Google Cloud Filestore -|screen:[file.instances.list] +|`file.instances.list` |Creates and manages cloud file servers. |Cloud Filestore Viewer -|screen:[file.instances.list] +|`file.instances.list` +`file.snapshots.list` +`file.backups.list` |Every project that the service account can access |Google Cloud Firestore -|screen:[firestore.googleapis.com] +|`firestore.googleapis.com` |Cloud Firestore is a flexible, scalable NoSQL cloud database to store and sync data for client- and server-side development. |Project Viewer -|screen:[datastore.databases.list] +|`datastore.databases.list` |Every project that the service account can access |Google Cloud Identity Platform -|screen:[identitytoolkit.googleapis.com] +|`identitytoolkit.googleapis.com` |Identity Platform is a customizable authentication service which makes it easier for users to sign-up and sign-in by providing back-end services, SDKs, and UI libraries. |Project Viewer -|screen:[firebaseauth.configs.get]screen:[identitytoolkit.tenants.list]screen:[firebaseauth.users.get]screen:[identitytoolkit.tenants.list]screen:[identitytoolkit.tenants.get]screen:[identitytoolkit.tenants.getIamPolicy] +|`firebaseauth.configs.get` +`identitytoolkit.tenants.list` +`firebaseauth.users.get` +`identitytoolkit.tenants.list` +`identitytoolkit.tenants.get` +`identitytoolkit.tenants.getIamPolicy` |Every project that the service account can access |Google Certificate Authority Service -|screen:[privateca.googleapis.com] +|`privateca.googleapis.com` |Enables you to simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA). |CA Service Auditor -|screen:[privateca.caPools.getIamPolicy]screen:[privateca.caPools.list]screen:[privateca.certificateAuthorities.list]screen:[privateca.certificates.list]screen:[privateca.certificateRevocationLists.list]screen:[privateca.certificateRevocationLists.getIamPolicy]screen:[privateca.locations.list] +|`privateca.caPools.getIamPolicy` +`privateca.caPools.list` +`privateca.certificateAuthorities.list` +`privateca.certificates.list` +`privateca.certificateRevocationLists.list` +`privateca.certificateRevocationLists.getIamPolicy` +`privateca.locations.list` +|Every project that the service account can access + +|Google Certificate Manager +|`certificatemanager.googleapis.com` +|Certificate Manager is fully managed service for the provisioning and administration of TLS/SSL certificates, targeting applications that do not necessitate intricate control over the certificate issuance process. +|Project Viewer +|`certificatemanager.locations.list` +`certificatemanager.dnsauthorizations.list` +`certificatemanager.certissuanceconfigs.list` +`certificatemanager.certmaps.list` +`certificatemanager.locations.list` +`certificatemanager.certs.list` |Every project that the service account can access + |Google Deployment Manager -|screen:[deploymentmanager.googleapis.com] -|Google Cloud Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud assets. +|`deploymentmanager.googleapis.com` +|Google Cloud Deployment Manager is an infrastructure deployment service that automates the creation and management of Google Cloud resources. |Project Viewer -NOTE:You must manually add the permission or update the Terraform template to enable screen:[deploymentmanager.deployments.getIamPolicy]. -|screen:[deploymentmanager.deployments.list]screen:[deploymentmanager.deployments.getIamPolicy]screen:[deploymentmanager.deployments.list]screen:[deploymentmanager.manifests.list] +NOTE:You must manually add the permission or update the Terraform template to enable +`deploymentmanager.deployments.getIamPolicy`. + +|`deploymentmanager.deployments.list` +`deploymentmanager.deployments.getIamPolicy` +`deploymentmanager.deployments.list` +`deploymentmanager.manifests.list` |Every project that the service account can access |Google Identity Aware Proxy -|screen:[iap.googleapis.com] +|`iap.googleapis.com` |Provides application-level access control model instead of relying on network-level firewalls by establishing a central authorization layer for applications. |Custom Role -|screen:[clientauthconfig.brands.list]screen:[clientauthconfig.clients.listWithSecrets] +|`clientauthconfig.brands.list` +`clientauthconfig.clients.listWithSecrets` |Every project that the service account can access |Google Traffic Director -|screen:[networksecurity.googleapis.com] +|`networksecurity.googleapis.com` |Traffic Director is Google Cloud's fully managed application networking platform and service mesh. |Project Viewer -|screen:[networksecurity.authorizationPolicies.list]screen:[networksecurity.authorizationPolicies.getIamPolicy]screen:[networksecurity.clientTlsPolicies.list]screen:[networksecurity.clientTlsPolicies.getIamPolicy]screen:[networksecurity.serverTlsPolicies.list]screen:[networksecurity.serverTlsPolicies.getIamPolicy]screen:[networkservices.locations.list]screen:[networkservices.gateways.list]screen:[networkservices.meshes.list]screen:[networkservices.meshes.getIamPolicy] +|`networksecurity.authorizationPolicies.list` +`networksecurity.authorizationPolicies.getIamPolicy` +`networksecurity.clientTlsPolicies.list` +`networksecurity.clientTlsPolicies.getIamPolicy` +`networksecurity.serverTlsPolicies.list` +`networksecurity.serverTlsPolicies.getIamPolicy` +`networkservices.locations.list` +`networkservices.gateways.list` +`networkservices.meshes.list` +`networkservices.meshes.getIamPolicy` |Project where you have created the service account |Google Traffic Director Network Service -|screen:[networkservices.googleapis.com] +|`networkservices.googleapis.com` |Traffic Director is Google Cloud's fully managed application networking platform and service mesh. |Project Viewer -|screen:[networkservices.httpRoutes.list]screen:[networkservices.grpcRoutes.list]screen:[networkservices.tcpRoutes.list]screen:[networkservices.tlsRoutes.list] +|`networkservices.httpRoutes.list` +`networkservices.grpcRoutes.list` +`networkservices.tcpRoutes.list` +`networkservices.tlsRoutes.list` |Every project that the service account can access |Google VPC -|screen:[compute.googleapis.com] +|`compute.googleapis.com` |Enables you to create and enforce a consistent firewall policy across your organization.This lets organization-wide admins manage critical firewall rules in one place. |Project Viewer -|screen:[compute.firewallPolicies.list]screen:[compute.regionfirewallPolicies.list] +|`compute.firewallPolicies.list` +`compute.regionfirewallPolicies.list` |Project where you have created the service account |Google Vertex AI -|screen:[notebooks.googleapis.com] +|`notebooks.googleapis.com` |Vertex AI is an artificial intelligence platform with pre-trained and custom tooling to build, deploy, and scale ML models. |Project Viewer -|screen:[notebooks.locations.list]screen:[notebooks.instances.list]screen:[notebooks.instances.checkUpgradability]screen:[notebooks.instances.getHealth]screen:[notebooks.instances.getIamPolicy]screen:[notebooks.runtimes.list]screen:[notebooks.schedules.list] -|Project where you have created the service account - -|Google Vertex AI AIPlatform -|screen:[aiplatform.googleapis.com] -|Vertex AI is a machine learning (ML) platform that trains and deploys ML models and AI applications, and customize large language models (LLMs) in AI-powered applications. -|Project Viewer -|screen:[aiplatform.indexEndpoints.list]screen:[aiplatform.tensorboards.list]screen:[aiplatform.metadataStores.list]screen:[aiplatform.featurestores.list]screen:[aiplatform.featurestores.getIamPolicy] +|`notebooks.locations.list` +`notebooks.instances.list` +`notebooks.instances.checkUpgradability` +`notebooks.instances.getHealth` +`notebooks.instances.getIamPolicy` +`notebooks.runtimes.list` +`notebooks.schedules.list` |Project where you have created the service account |Identity and Access Management (IAM) API -|screen:[iam.googleapis.com] -|Manages identity and access control for GCP assets, including the creation of service accounts, which you can use to authenticate to Google and make API calls. +|`iam.googleapis.com` +|Manages identity and access control for GCP resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. |Project Viewer -|screen:[iam.roles.get]screen:[iam.roles.list]screen:[iam.serviceAccountKeys.list]screen:[iam.serviceAccounts.list]screen:[iam.workloadIdentityPools.list]screen:[iam.workloadIdentityPoolProviders.list]screen:[iam.denypolicies.get]screen:[iam.denypolicies.list] +|`iam.roles.get` +`iam.roles.list` +`iam.serviceAccountKeys.list` +`iam.serviceAccounts.list` +`iam.workloadIdentityPools.list` +`iam.workloadIdentityPoolProviders.list` +`iam.denypolicies.get` +`iam.denypolicies.list` |Project where you have created the service account |Memorystore -|screen:[redis.googleapis.com] +|`redis.googleapis.com` |Memorystore is a fully-managed database service that provides a managed version of two popular open source caching solutions: Redis and Memcached. |Project Viewer -|screen:[redis.instances.get]screen:[redis.instances.list] +|`redis.instances.get` +`redis.instances.list` |Every project that the service account can access |Memorystore for Memcached -|screen:[memcache.googleapis.com] +|`memcache.googleapis.com` |Memorystore for Memcached is a fully managed Memcached service for Google Cloud, using which avoids the burden of managing complex Memcached deployments. |Project Viewer -|screen:[memcache.locations.list]screen:[memcache.instances.list] +|`memcache.locations.list` +`memcache.instances.list` |Every project that the service account can access |Google Managed Microsoft AD -|screen:[managedidentities.googleapis.com] +|`managedidentities.googleapis.com` |Managed Service for Microsoft Active Directory offers high-availability, hardened Microsoft Active Directory domains hosted by Google Cloud. |Project Viewer -|screen:[managedidentities.domains.list]screen:[managedidentities.domains.get]screen:[managedidentities.domains.getIamPolicy]screen:[managedidentities.sqlintegrations.list] +|`managedidentities.domains.list` +`managedidentities.domains.get` +`managedidentities.domains.getIamPolicy` +`managedidentities.sqlintegrations.list` |No specific requirement for Prisma Cloud. |Google Network Intelligence Center -|screen:[recommender.googleapis.com] +|`recommender.googleapis.com` |Network Intelligence Center provides a single console for managing Google Cloud network visibility, monitoring, and troubleshooting. |Project Viewer -|screen:[recommender.computeFirewallInsights.list] +|`recommender.computeFirewallInsights.list` |Project where you have created the service account. |Kubernetes Engine API -|screen:[container.googleapis.com] +|`container.googleapis.com` |Builds and manages container-based applications, powered by the open source Kubernetes technology. |Kubernetes Engine Cluster Viewer -|screen:[container.clusters.get]screen:[container.clusters.list] -|Project where you have created the service account +|`container.clusters.get` +`container.clusters.list` +|Every project that the service account can access |Google Cloud Translation -|screen:[translate.googleapis.com] +|`translate.googleapis.com` |Enables websites and applications to dynamically translate text programmatically using a Google pre-trained or a custom machine learning model. |Project Viewer -|screen:[cloudtranslate.locations.list]screen:[cloudtranslate.glossaries.list]screen:[cloudtranslate.customModels.list]screen:[cloudtranslate.datasets.list] +|`cloudtranslate.locations.list` +`cloudtranslate.glossaries.list` +`cloudtranslate.customModels.list` +`cloudtranslate.datasets.list` |Project where you have created the service account |Services Usage API -|screen:[serviceusage.googleapis.com] +|`serviceusage.googleapis.com` |API that lists the available or enabled services, or disables services that service consumers no longer use on GCP.*Note*: As a best practice, you must enable this API on all GCP projects that are onboarded to Prisma Cloud. |Project Viewer -|screen:[serviceusage.services.list] +|`serviceusage.services.list` |Every project that the service account can access |Stackdriver Monitoring API -|screen:[monitoring.googleapis.com] +|`monitoring.googleapis.com` |Manages your https://cloud.google.com/stackdriver/[Stackdriver] Monitoring data and configurations. Helps to gain visibility into the performance, availability, and health of your applications and infrastructure. |Monitoring Viewer -|screen:[monitoring.alertPolicies.list]screen:[monitoring.metricDescriptors.get]screen:[redis.instances.list]screen:[monitoring.notificationChannels.list]screen:[resourcemanager.folders.getIamPolicy]screen:[monitoring.groups.list]screen:[monitoring.snoozes.list] +|`monitoring.alertPolicies.list` +`monitoring.metricDescriptors.get` +`redis.instances.list` +`monitoring.notificationChannels.list` +`resourcemanager.folders.getIamPolicy` +`monitoring.groups.list` +`monitoring.snoozes.list` |Every project that the service account can access And @@ -636,45 +900,60 @@ And Source project where the service account is created for enabling monitoring and protection using Prisma Cloud |Stackdriver Logging API -|screen:[logging.googleapis.com] +|`logging.googleapis.com` |Writes log entries and manages your Logging configuration. |Logging Admin -|screen:[logging.buckets.list]screen:[logging.logEntries.list]screen:[logging.logMetrics.get]screen:[logging.logMetrics.list]screen:[logging.sinks.get]screen:[logging.sinks.list]screen:[logging.exclusions.list]screen:[logging.cmekSettings.get] +|`logging.buckets.list` +`logging.logEntries.list` +`logging.logMetrics.get` +`logging.logMetrics.list` +`logging.sinks.get` +`logging.sinks.list` +`logging.exclusions.list` +`logging.cmekSettings.get` |Every project that the service account can access |Google Web Security Scanner API -|screen:[websecurityscanner.googleapis.com] +|`websecurityscanner.googleapis.com` |Identifies security vulnerabilities in your App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications. |Web Security Scanner Viewer -|screen:[cloudsecurityscanner.scans.list] +|`cloudsecurityscanner.scans.list` |Project where you have created the service account |Google Workflows -|screen:[workflows.googleapis.com] +|`workflows.googleapis.com` |Workflows is a fully-managed orchestration platform to execute services in a defined order. |Project Viewer -|screen:[workflows.locations.list]screen:[workflows.workflows.list] +|`workflows.locations.list` +`workflows.workflows.list` |Every project that the service account can access |Cloud Spanner backups -|screen:[spanner.googleapis.com] +|`spanner.googleapis.com` |A backup of a Cloud Spanner database. |Project Viewer -|screen:[spanner.backups.list]screen:[spanner.backups.getIamPolicy] +|`spanner.backups.list` +`spanner.backups.getIamPolicy` |Source project and destination. |Google Service Directory -|screen:[servicedirectory.googleapis.com] +|`servicedirectory.googleapis.com` |A managed service that enhances service inventory management at scale and reduces the complexity of management and operations by providing a single place to publish, discover, and connect services. |Project Viewer -|screen:[servicedirectory.namespaces.list]screen:[servicedirectory.namespaces.getIamPolicy]screen:[servicedirectory.services.list]screen:[servicedirectory.services.getIamPolicy]screen:[servicedirectory.endpoints.list] +|`servicedirectory.namespaces.list` +`servicedirectory.namespaces.getIamPolicy` +`servicedirectory.services.list` +`servicedirectory.services.getIamPolicy` +`servicedirectory.endpoints.list` |Every project that the service account can access 3+|GCP Organization - Additional permissions required to onboard |Organization Role Viewer |The Organization Role Viewer is required for onboarding a GCP Organization. If you only provide the individual permissions listed below, the permissions set is not sufficient. -screen:[resourcemanager.organizations.get]screen:[resourcemanager.projects.list]screen:[resourcemanager.organizations.getIamPolicy] +`resourcemanager.organizations.get` +`resourcemanager.projects.list` +`resourcemanager.organizations.getIamPolicy` |N/A |=== diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account.adoc index 9559106eee..8084e9c4fd 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account.adoc @@ -39,11 +39,13 @@ Use one of the following three options to onboard your Azure cloud account on Pr ** xref:connect-azure-tenant.adoc#commercial[Commercial] ** xref:connect-azure-tenant.adoc#government[Government] ** xref:connect-azure-tenant.adoc#china[China] -* Azure Subscription (Connects a single subscription) + +* *Azure Subscription* (Connects a single subscription) ** xref:connect-azure-subscription.adoc#commercial[Commercial] ** xref:connect-azure-subscription.adoc#government[Government] ** xref:connect-azure-subscription.adoc#china[China] -* Azure Active Directory (Connects an Active Directory) + +* *Azure Active Directory* (Connects the IAM module at root tenant level) ** xref:connect-azure-active-directory.adoc#commercial[Commercial] ** xref:connect-azure-active-directory.adoc#government[Government] ** xref:connect-azure-active-directory.adoc#china[China] @@ -63,6 +65,18 @@ Using a manually created Custom Role you also have the option to enforce least a * xref:authorize-prisma-cloud.adoc#manual[Manually Authorizing Prisma Cloud] If your organization restricts the use of Terraform scripts, you can choose to manually create the required resources for Prisma Cloud to call the Azure APIs. +[NOTE] +==== +The status of your Azure subscription may impact Prisma Cloud's ability to ingest and onboard your account. Reference the list below to review the impact of your subscription status on ingestion: + +* Active/Enabled - Ingestion and Auto Remediation is possible. +* Expired - Ingestion and Auto Remediation is possible. +* Past Due - Ingestion and Auto Remediation is possible. +* Deleted - Ingestion is not possible. +* Disabled - Ingestion is not possible. +* Warned - Ingestion is possible, however the Azure portal shows the Subscription as disabled, since it can be deactivated at anytime during the 90 day grace period. +==== + [.task] [#prerequisites] === Prerequisites @@ -86,7 +100,9 @@ The following Azure resources need to have the *Get* and *List* permissions enab ** azure-key-vault-certificate + -Select menu:All{sp}services[Key vaults > (key vault name) > Access policies > + Add Access Policy]. For *Key permissions*, *Secret permissions*, and *Certificate permissions*, add the *Get* and *List* Key Management Operations. +Select *All services > Key vaults > (key vault name) > Access policies > + Add Access Policy*. For *Key permissions*, *Secret permissions*, and *Certificate permissions*, add the *Get* and *List* Key Management Operations. ++ +tt:[NOTE] Get is required to support policies based on Azure Key Vault. Prisma Cloud requires this to ingest Key Vault Data. Keys or secrets are not ingested. Ingestion is limited to IDs and other metadata. Get is required to allow the creation of policies on RSA key strength, EC curve algorithm etc. + image::connect/add-access-policy-azure.png[] @@ -103,7 +119,7 @@ NSG flow logs, a feature of Network Watcher, allow you to view ingress and egres ... The subscriptions belong to the same Azure AD or Root Management Group (for example, Azure Org). ... The Service Principal that you use to onboard the subscription on Prisma Cloud has access to read the contents of the storage account. -.. Add the xref:../get-started/access-prisma-cloud.adoc[NAT GatewayIP addresses] for your Prisma Cloud instance to the Storage Account created in the step above. For example, if your instance is on userinput:[app.prismacloud.io] use the IP addresses associated with that. +.. Add the xref:../get-started/access-prisma-cloud.adoc[NAT GatewayIP addresses] for your Prisma Cloud instance to the Storage Account created in the step above. For example, if your instance is on `app.prismacloud.io` use the IP addresses associated with that. .. Create Azure https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create[Network Watcher instances] for the virtual networks in every region where you collect NSG flow logs. Network Watcher enables you to monitor, diagnose, and view metrics to enable and disable logs for resources in an Azure virtual network. @@ -115,10 +131,20 @@ NSG flow logs, a feature of Network Watcher, allow you to view ingress and egres + ... Go to storage account previously created and opt to store the logs. ... Select *Data Storage > Containers*. -... Select the userinput:[insights-logs-networksecuritygroupflowevent] container. -... In the container, navigate the folder hierarchy until you get to the userinput:[PT1H.json] flow logs file. +... Select the `insights-logs-networksecuritygroupflowevent` container. +... In the container, navigate the folder hierarchy until you get to the `PT1H.json` flow logs file. + +[NOTE] +==== +If *Public Network Access* is set to *Disabled* Prisma Cloud will not be able to ingest the `publicContainersList` field and calculate the `totalPublicContainers` for the Azure Storage account. + +To optionally configure your Azure Storage account settings to identify internet exposed public containers, do the following: + +- Option 1 (Recommended): On the Azure portal, set Public Network Access to *Enabled from selected virtual networks and IP addresses*. Add the IP addresses and NAT Gateway source and directory IPs listed https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console#idcb6d3cd4-d1bf-450a-b0ec-41c23a4d4280[here] to the firewall configuration. +- Option 2: On the Azure portal, set Public Network Access to *Enabled from all networks*. +==== //+ [commenting out per Madhu Jain - Novartis POC - 6/14 email thread] -//On the Azure Portal, include the source and the DR Prisma Cloud IP addresses for your Prisma Cloud instance. Select menu:Azure{sp}services[Storage accounts > (your storage account) > Networking > Selected networks]. +//On the Azure Portal, include the source and the DR Prisma Cloud IP addresses for your Prisma Cloud instance. Select *Azure > services[Storage accounts > (your storage account) > Networking > Selected networks*. //+ //image::connect/azure-selected-networks.png //+ @@ -134,7 +160,7 @@ NSG flow logs, a feature of Network Watcher, allow you to view ingress and egres To successfully connect your account to Prisma Cloud you will need to provide the required permissions for both Foundational and Advanced security capabilities. Reference the information below to make sure that you have assigned the appropriate permissions to Prisma Cloud. -* https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/azure-commercial-permissions-security-coverage.txt[Permissions for Foundational and Advanced Security Capabilities] +* xref:microsoft-azure-apis-ingested-by-prisma-cloud.adoc[Permissions for Security Capabilities] Reference Azure documentation to learn more about https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader[Reader], https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader-and-data-access[Reader and Data Access], https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor[Network Contributor] and https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor[Storage Account Contributor] roles. diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-subscription.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-subscription.adoc index b3a4e4dfcb..a8e5ea14e4 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-subscription.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-subscription.adoc @@ -11,6 +11,7 @@ This workflow automates the process of setting up the Prisma Cloud application o ==== Azure China workflows do not support the use of Terraform templates. ==== + * xref:authorize-prisma-cloud.adoc#json[Using Custom Role JSON] Using a manually created Custom Role you also have the option to enforce least access privilege to restrict access. To achieve this you will need to manually set up the Prisma Cloud application on Active Directory and Create a Custom Role to authorize access to Azure APIs. * xref:authorize-prisma-cloud.adoc#manual[Manually Authorizing Prisma Cloud] @@ -73,4 +74,7 @@ Account onboarding on https://app.prismacloud.cn/[Prisma Cloud] is only availabl * Azure China does not support the use of Terraform templates to onboard a cloud account. To get started with monitoring your Azure China Subscription, review the xref:authorize-prisma-cloud.adoc#manual[manual onboarding steps] and gather the required information from your Azure China account. * During the Configuration step, *Remediation of IaC templates* is not available for Azure China accounts. -* Advanced security capabilities such as Agentless Workload Scanning, Serverless Function Scanning and Agent-based Workload Protection are not available on Azure China. \ No newline at end of file +* Advanced security capabilities such as Agentless Workload Scanning, Serverless Function Scanning and Agent-based Workload Protection are not available on Azure China. + + + diff --git a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/microsoft-azure-apis-ingested-by-prisma-cloud.adoc b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/microsoft-azure-apis-ingested-by-prisma-cloud.adoc index 3db9504dbb..69ae7ae937 100644 --- a/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/microsoft-azure-apis-ingested-by-prisma-cloud.adoc +++ b/docs/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/microsoft-azure-apis-ingested-by-prisma-cloud.adoc @@ -4,17 +4,17 @@ Reference the table below to identify the Azure APIs ingested by Prisma Cloud. The table also lists all the required permissions for each Azure service. //The source file is https://drive.google.com/drive/folders/166udI14uUm2Q7r9AhtL6vRkEYwqZAkKN -=== Misconfiguration Feature Permissions and APIs + +=== Azure Feature Permissions [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/enterprise-edition/assets/apis-ingested-by-prisma-cloud?sheet=azure-apis-and-permissions +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/enterprise-edition/assets/apis-ingested-by-prisma-cloud?sheet=azure-feature-permissions |=== -=== Azure Feature Permissions - +=== Azure Feature Permissions and APIs [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/enterprise-edition/assets/apis-ingested-by-prisma-cloud?sheet=azure-feature-permissions -|=== +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/enterprise-edition/assets/apis-ingested-by-prisma-cloud?sheet=azure-apis-and-permissions +|=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/dashboards/dashboards-compliance.adoc b/docs/en/enterprise-edition/content-collections/dashboards/dashboards-compliance.adoc new file mode 100644 index 0000000000..e37cb32956 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/dashboards/dashboards-compliance.adoc @@ -0,0 +1,19 @@ +== Compliance Dashboard + +Prisma Cloud's *Compliance* dashboard provides a snapshot view of your overall compliance posture across multiple compliance standards. The dashboard provides you with an interactive look at how your compliance coverage maps to the established compliance frameworks available within Prisma Cloud. + +Use the Compliance dashboard as a tool for risk oversight across all the supported cloud platforms and quickly evaluate your compliance posture using real-time data. Use the provided *Filters* to hone in on the time period, cloud account, or account group you would like to focus on. By default, the dashboard shows your compliance state for the last 24 hour period. + +image::dashboards/compliance-dashboard.gif[] + +=== Compliance Overview + +The compliance score presents data on the total unique resources that are passing or failing the policy checks that match compliance standards. Use this score to audit how many unique resources are failing compliance checks and get a quick count on the severity of these failures. The links allow you to view the list of all resources on the *Inventory* page, and the *View Alerts* link enables you to view all the open alerts of Low, Medium, or High severity. + +=== Compliance Trend + +The compliance trendline is a line chart that shows you how the compliance posture of your monitored resources have changed over time (on the horizontal X axis). You can view the total number of resources monitored (in blue), and the number of resources that passed (in green) and failed (in red) over that time period. + +=== Compliance Coverage + +The Compliance coverage bar graph highlights the passed and failed resource count across all compliance standards for easy comparison. Selct any given compliance standard to view the total number of failed assets for that standard. Click on the compliance standard to view policy details. diff --git a/docs/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities.adoc b/docs/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities.adoc index 013aa75a70..8bf32aa869 100644 --- a/docs/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities.adoc +++ b/docs/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities.adoc @@ -40,7 +40,7 @@ image::dashboards/uve-dashboard-c2c.gif[] === Discover Vulnerabilities On *Dashboard > Vulnerabilities* you can discover all the vulnerabilities across your environment. -Let's say, there are 1.4K vulnerabilities in your environment out of which only 16997 are critical and high, 2697 are exploitable, out of which 2636 are patchable meaning these vulnerabilities are actionable for you to fix them. The funnel in the Prioritized Vulnerabilities further narrows down to just 5 vulnerable packages that are in use in the runtime that you can focus on. +Let's say, there are 25K vulnerabilities in your environment out of which only 20637 are critical and high, 7470 are exploitable, out of which 7400 are patchable meaning these vulnerabilities are actionable for you to fix them. The funnel in the Prioritized Vulnerabilities further narrows down to just 35 vulnerable packages that are in use in the runtime that you can focus on. **Prerequisites** diff --git a/docs/en/enterprise-edition/content-collections/get-started/adoption-advisor.adoc b/docs/en/enterprise-edition/content-collections/get-started/adoption-advisor.adoc index 29a54f3979..eb5f21a3d3 100644 --- a/docs/en/enterprise-edition/content-collections/get-started/adoption-advisor.adoc +++ b/docs/en/enterprise-edition/content-collections/get-started/adoption-advisor.adoc @@ -126,7 +126,7 @@ For sharing your progress, xref:#create-manage-aa-report[*Generate Report*] to d |*Top Custom Alerts Generated* -|Displays the top 3 custom policies by open alert count, highlighting the threats and misconfigurations you are catching through these policies. +|Displays the top three custom policies by open alert count. |*Vulnerability Trends* diff --git a/docs/en/enterprise-edition/content-collections/get-started/console-prerequisites.adoc b/docs/en/enterprise-edition/content-collections/get-started/console-prerequisites.adoc index a35903fefc..91585c0bfa 100644 --- a/docs/en/enterprise-edition/content-collections/get-started/console-prerequisites.adoc +++ b/docs/en/enterprise-edition/content-collections/get-started/console-prerequisites.adoc @@ -695,8 +695,9 @@ api{asterisk}.{asterisk}.prismacloud.io. See https://pan.dev/prisma-cloud/api/cs You’re running Checkov within your pipeline, enable access for the machine running Checkov. + If you’re running the IDE extension on your local machine, enable access on the local machine. -+ + [cols="12%a,19%a,32%a,37%a"] + |=== |*Prisma Cloud URL is on* |*API Gateway* diff --git a/docs/en/enterprise-edition/content-collections/governance/create-a-policy.adoc b/docs/en/enterprise-edition/content-collections/governance/create-a-policy.adoc index a6959f50a1..a84eed751d 100644 --- a/docs/en/enterprise-edition/content-collections/governance/create-a-policy.adoc +++ b/docs/en/enterprise-edition/content-collections/governance/create-a-policy.adoc @@ -58,11 +58,11 @@ For a Run policy, an alert will be generated on a policy violation. + .. [[id288ced4a-725b-4572-ae13-0f64775676ea]]Add a rule for the *Run* phase. + -The Configuration—Run policies use RQL. If you are using a *Saved Search*, you can select from predefined options to auto-populate the query. For building a *New Search*, enter userinput:[config from cloud.resource where] and use the auto-suggestion to select the available attributes and complete the query. +The Configuration—Run policies use RQL. If you are using a *Saved Search*, you can select from predefined options to auto-populate the query. For building a *New Search*, `config from cloud.resource where` and use the auto-suggestion to select the available attributes and complete the query. + image::governance/build-query-for-policy.png[] + -Config queries require some mandatory attributes. It should begin with userinput:[config where cloud.resource where] and at a minimum have userinput:[api.name] in conjunction with userinput:[json.rule] or it can have an attribute from completion suggestions, or it can have two userinput:[api.name] attributes with a userinput:[filter] attribute. +Config queries require some mandatory attributes. It should begin with `config where cloud.resource where` and at a minimum have `api.name` in conjunction with `json.rule` or it can have an attribute from completion suggestions, or it can have two `api.name` attributes with a `filter` attribute. + ---- config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-usage' AND json.rule = StaticPublicIPAddresses.currentValue greater than 1 @@ -108,26 +108,16 @@ Build phase policies do not support remediation CLI. You can however add the ins .. (tt:[Configuration—Run policies only]) Enter Command Line remediation commands in *CLI Remediation*. + -CLI remediation is available for userinput:[config from] queries only. You can add up to 5 CLI commands, and use a semi-colon to separate the commands in the sequence. The sequence is executed in the order defined in policy, and if a CLI command fails, the execution stops at that command. The parameters that you can use to create remediation commands are displayed on the interface as CLI variables, and a syntax example is: userinput:[gcloud -q compute --project=${account} firewall-rules delete ${resourceName}; gsutil versioning set off gs://${resourceName};] : +CLI remediation is available for `config from` queries only. You can add up to 5 CLI commands, and use a semi-colon to separate the commands in the sequence. The sequence is executed in the order defined in policy, and if a CLI command fails, the execution stops at that command. The parameters that you can use to create remediation commands are displayed on the interface as CLI variables, and a syntax example is: `gcloud -q compute --project=${account} firewall-rules delete ${resourceName}; gsutil versioning set off gs://${resourceName};`: + -* userinput:[$account] —Account is the Account ID of your account in Prisma Cloud. -* userinput:[$azurescope] —tt:[(Azure only)] Allows you to specify the node in the Azure resource hierarchy where the resource is deployed. -* userinput:[$gcpzoneid] —tt:[(GCP only)] Allows you to specify the zone in the GCP project, folder, or organization where the resource is deployed. -* userinput:[$region] —Region is the name of the cloud region to which the resource belongs. -* userinput:[resourcegroup] — tt:[(Azure only)] Allows you to specify the name of the Azure Resource Group that triggered the alert. -* userinput:[$resourceid] —Resource ID is the identification of the resource that triggered the alert. -* userinput:[$resourcename] —Resource name is the name of the resource that triggered the alert. -+ -++++ -these are not supported in custom policy*** userinput:[$cidr] —tt:[(AWS only)] Allows you to specify the IP address in a CIDR format of the AWS security group that triggered the alert. +* $account — Account is the Account ID of your account in Prisma Cloud. +* $azurescope — tt:[(Azure only)] Allows you to specify the node in the Azure resource hierarchy where the resource is deployed. +* $gcpzoneid — tt:[(GCP only)] Allows you to specify the zone in the GCP project, folder, or organization where the resource is deployed. +* $region — Region is the name of the cloud region to which the resource belongs. +* resourcegroup — tt:[(Azure only)] Allows you to specify the name of the Azure Resource Group that triggered the alert. +* $resourceid — Resource ID is the identification of the resource that triggered the alert. +* $resourcename — Resource name is the name of the resource that triggered the alert. -* userinput:[$fromport] —tt:[(AWS only)] Allows you to specify the starting port number for a range of ports assigned in an AWS security group rule. -* userinput:[$ipv4/6] —tt:[(AWS only)] Allows you to specify the IP version for the CIDR assigned in an AWS security group. -* userinput:[$protocol] —tt:[(AWS only)] Allows you to specify the IP protocol referenced in an AWS security group rule. -* userinput:[$rulename] —tt:[(Azure only)] Allows you to specify the name of the Azure security group rule that triggered the alert. -* userinput:[$toport] —tt:[(AWS only)] Allows you to specify the end port number for a range of ports assigned in an AWS security group rule. - -++++ .. Click *Validate syntax* to validate the syntax of your code. + @@ -171,13 +161,13 @@ image::governance/add-new-policy.png[] + If you are using a *Saved Search*, you can select from the list of predefined options to auto-populate the query. The *Select Saved Search* drop-down displays the RQL for saved searches that match the policy type you selected in Step 2 above. + -For a building a *New Search*, the RQL query must begin with userinput:[event from] for an Audit Event policy; for Network policy userinput:[config from network where] , or userinput:[network from] , or userinput:[network from vpc.flow_record where] . You can then use the auto-suggestion to select the available attributes and complete the query. +For a building a *New Search*, the RQL query must begin with `event from` for an Audit Event policy; for Network policy `config from network where` , or `network from` , or `network from vpc.flow_record where` . You can then use the auto-suggestion to select the available attributes and complete the query. + image::governance/add-new-policy-2.png[] . (tt:[Optional]) Select the compliance standards for your policy. + -Compliance standards can be only associated with custom policies for Audit Events, and for Network policies that do not use the RQL userinput:[config from network where] . +Compliance standards can be only associated with custom policies for Audit Events, and for Network policies that do not use the RQL `config from network where` . .. Choose the compliance *Standard*, *Requirement*, and *Section*. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning-results.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning-results.adoc index 634c415d82..5244dbe943 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning-results.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning-results.adoc @@ -5,7 +5,7 @@ Prisma Cloud gives you the flexibility to choose between agentless and agent-bas Prisma Cloud supports agentless scanning on AWS, GCP and Azure hosts, clusters, and containers for vulnerabilities and compliance. Prisma Cloud only supports agentless scanning of hosts for vulnerabilities and compliance on OCI. -See xref:./agentless-scanning.adoc#scanning-modes[scanning modes] to review the scanning options and xref:./onboard-accounts/onboard-accounts.adoc[to configure agentless scanning] on your accounts. +See xref:./agentless-scanning.adoc#scanning-modes[scanning modes] to review the scanning options and xref:./configure-accounts/configure-accounts.adoc[to configure agentless scanning] on your accounts. === Vulnerability Scan @@ -73,4 +73,4 @@ The following image shows the notification of a missing permission. image::runtime-security/agentless-preflight.png[width=800] -include::onboard-accounts/frag-start-agentless-scan.adoc[leveloffset=1] +include::configure-accounts/frag-start-agentless-scan.adoc[leveloffset=1] diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning.adoc index 6147cd558b..38a9193153 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning.adoc @@ -7,7 +7,7 @@ Prisma Cloud supports agentless scanning of cloud workloads on AWS, Azure, GCP, In AWS, Azure, and GCP you can also use agentless scanning for container images as well as xref:../vulnerability-management/scan-serverless-functions.adoc[Serverless functions]. -Follow the xref:./onboard-accounts/onboard-accounts.adoc[step-by-step instructions to configure agentless scanning] and start scanning your AWS, Azure, GCP, and OCI accounts for vulnerabilities and configuration risks with agentless scanning. +Follow the xref:./configure-accounts/configure-accounts.adoc[step-by-step instructions to configure agentless scanning] and start scanning your AWS, Azure, GCP, and OCI accounts for vulnerabilities and configuration risks with agentless scanning. Once you onboard your cloud account with agentless scanning enabled, that account is continuously scanned regardless of how many workloads are under that account. Whether you add or remove hosts and containers, agentless scanning keeps your workload's security issues visible. @@ -15,7 +15,7 @@ Whether you add or remove hosts and containers, agentless scanning keeps your wo When onboarding an organization into Prisma Cloud and enabling agentless scanning across the organization, agentless scanning automatically scans accounts added to the organization. To achieve that goal, you grant the needed permissions during onboarding and Prisma Cloud scans the account regularly. -By default, agentless scans are performed periodically every 24 hours and this interval is xref:./onboard-accounts/onboard-accounts.adoc#start-agentless-scan[configurable]. +By default, agentless scans are performed periodically every 24 hours and this interval is xref:./configure-accounts/configure-accounts.adoc#start-agentless-scan[configurable]. [#scanning-process] === Agentless Scanning Process @@ -70,7 +70,7 @@ Ensure that you follow these guidelines. ** In Azure: Specify the deployed Security group ID and Subnet ID. -** In xref:./onboard-accounts/configure-gcp.adoc[GCP]: Specify the deployed subnet name or a shared VPC. +** In xref:./configure-accounts/configure-gcp.adoc[GCP]: Specify the deployed subnet name or a shared VPC. ** In OCI: Specify the VCN, Subnet, or Security group. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-accounts.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-accounts.adoc similarity index 98% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-accounts.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-accounts.adoc index 134946c97a..07d9696bdb 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-accounts.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-accounts.adoc @@ -1,4 +1,4 @@ -== Onboard Accounts for Agentless Scanning +== Use Agentless Scanning Agentless scanning provides visibility into vulnerabilities and compliance risks on cloud workloads by scanning the root volumes of snapshots. The agentless scanning architecture lets you inspect a host and the container images in that host without having to install an agent or affecting its execution. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-aws.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-aws.adoc similarity index 98% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-aws.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-aws.adoc index 5e73d53251..cd71239ea2 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-aws.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-aws.adoc @@ -21,7 +21,7 @@ Complete the steps below to configure agentless scanning based on the needs of y . Expand the *Advanced settings*. + -image::runtime-security/agentless-aws-pcee-advanced-settings.png[width=540] +image::runtime-security/agentless-aws-configuration.png[width=540] .. Enable Permissions check to verify that the permissions are correct before running a scan. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-azure.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-azure.adoc similarity index 98% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-azure.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-azure.adoc index 0739484c92..ed2a8964eb 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-azure.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-azure.adoc @@ -18,6 +18,8 @@ Complete the steps below to configure agentless scanning based on the needs of y . Click the edit button of your cloud account. . Go to the *Agentless Scanning* section. ++ +image::runtime-security/agentless-azure-configuration.png . Expand the *Advanced settings*. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-gcp.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-gcp.adoc similarity index 99% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-gcp.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-gcp.adoc index 820a48b78b..c68f9ba88f 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-gcp.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-gcp.adoc @@ -23,7 +23,7 @@ Complete the steps below to configure agentless scanning based on the needs of y . Expand the *Advanced settings*. + -image::runtime-security/agentless-gcp-pcee-advanced-settings.png[] +image::runtime-security/agentless-gcp-configuration.png .. *Select where to scan*: For GCP accounts, you can decide between xref:../agentless-scanning.adoc#scanning-modes[two scanning modes]. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-oci.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-oci.adoc similarity index 96% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-oci.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-oci.adoc index 117ef4779e..408431aa2d 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-oci.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/configure-oci.adoc @@ -55,7 +55,7 @@ image::runtime-security/agentless-oci-agentless-configuration-compartment.png[wi . Configure any *Advanced settings* you need. + -image::runtime-security/agentless-oci-agentless-advanced-settings.png[width=800] +image::runtime-security/agentless-oci-configuration.png + [NOTE] ==== diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/frag-start-agentless-scan.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/frag-start-agentless-scan.adoc similarity index 100% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/frag-start-agentless-scan.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/frag-start-agentless-scan.adoc diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-oci.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/onboard-oci.adoc similarity index 100% rename from docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-oci.adoc rename to docs/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/configure-accounts/onboard-oci.adoc diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/alerts/alert-mechanism.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/alerts/alert-mechanism.adoc index c2d8c4b5d8..97378885cd 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/alerts/alert-mechanism.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/alerts/alert-mechanism.adoc @@ -119,9 +119,6 @@ When you set up alerts for Defender health events. These events tell you when Defender unexpectedly disconnects from Console. Alerts are sent when a Defender has been disconnected for more than 6 hours. -==== CNNS -Cloud Native Network Segmentation (CNNS) - ==== Runtime Runtime alerts are generated for the following categories: Container runtime, App-Embedded Defender runtime, Host runtime, Serverless runtime, and Incidents. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/active-directory.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/active-directory.adoc index c8aeb25a5a..4c394718f0 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/active-directory.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/active-directory.adoc @@ -138,6 +138,5 @@ image::runtime-security/logout.png[width=200] . At Console's login page, enter the UPN and password of an existing Active Directory user. + -If the log in is successful, you are directed to the view appropriate for the user's role. -If you have the Access User role, you are directed to a single page, where you can download certs for xref:../access-control/rbac.adoc[Docker client role-based access control]. +If the login is successful, you are directed to the view appropriate for the user's role. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/assign-roles.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/assign-roles.adoc index 4a1b97a038..6269757dbc 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/assign-roles.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/assign-roles.adoc @@ -153,10 +153,6 @@ Monitor/Compliance |Images, Containers, Namespaces, Clusters, Container Deployment Labels (under Labels), Cloud Account IDs. (Cluster collections are not currently able to filter some events such as container audits, specifically.) -|Monitor/Events -|CNNS for Containers -|Images (Destination image), Cloud Account IDs - |Monitor/Events |WAAS for Containers |Images, Namespaces, Cloud Account IDs @@ -185,10 +181,6 @@ Monitor/Compliance |Host audits |Hosts, Clusters, Labels, Cloud Account IDs -|Monitor/Events -|CNNS for Hosts -|Hosts (Source and Destination Hosts), Cloud Account IDs - |Monitor/Events |WAAS for Hosts |Hosts, Cloud Account IDs diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/openldap.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/openldap.adoc index 2118e6e2e7..64572fa864 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/openldap.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/openldap.adoc @@ -8,11 +8,6 @@ Integrating Prisma Cloud with OpenLDAP lets users access Prisma Cloud using thei With OpenLDAP integration, you can: * Re-use the identities and groups already set up in your OpenLDAP directory. -* Extend your organization’s access control logic to the management of Docker containers. - -For example, you could specify that only members of the group Dev Ops Admins can start and stop containers in the production environment. -For more information, see the article for setting up role-based access control for xref:../access-control/rbac.adoc[Docker Engine]. - [.task] === Integrating OpenLDAP @@ -95,5 +90,4 @@ image::runtime-security/logout.png[width=200] . Log in to Console using the credentials of an existing OpenLDAP user. + -If the log in is successful, you are directed to the view appropriate for the user's role. -If you have the Access User role, you are directed to a single page, where you can download certs for xref:../access-control/rbac.adoc[Docker client role-based access control]. +If the login is successful, you are directed to the view appropriate for the user's role. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/saml.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/saml.adoc index 1e30736cda..803b5c06c9 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/authentication/saml.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/authentication/saml.adoc @@ -128,11 +128,10 @@ Configure Prisma Cloud Console. [.task] -=== Granting access by group +=== Granting Access by Group Grant access to Prisma Cloud Console by group. Each group must be assigned a xref:../authentication/user-roles.adoc[role]. -You can optionally use these groups to define xref:../access-control/rbac.adoc[RBAC rules] for controlling who can run which Docker Engine commands in your environment. [.procedure] . Open Console. @@ -158,11 +157,10 @@ Console does not verify if that the value entered matches a group name in the SA [.task] -=== Granting access by user +=== Granting Access by User Grant access to Prisma Cloud Console by user. Each user must be assigned a xref:../authentication/user-roles.adoc[role]. -You can optionally use these user to define xref:../access-control/rbac.adoc[RBAC rules] for controlling who can run which Docker Engine commands in your environment. [.procedure] . Open Console. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/collection-runtime-security.yml b/docs/en/enterprise-edition/content-collections/runtime-security/collection-runtime-security.yml index 6c848fe178..201225dc03 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/collection-runtime-security.yml +++ b/docs/en/enterprise-edition/content-collections/runtime-security/collection-runtime-security.yml @@ -143,11 +143,11 @@ topics: topics: - name: Agentless Scanning file: agentless-scanning.adoc - - name: Onboard Accounts for Agentless Scanning - dir: onboard-accounts + - name: Configure Agentless Scanning + dir: configure-accounts topics: - - name: Onboard Accounts for Agentless Scanning - file: onboard-accounts.adoc + - name: Use Agentless Scanning + file: configure-accounts.adoc - name: Configure Agentless Scanning for AWS file: configure-aws.adoc - name: Configure Agentless Scanning for Azure diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/detect-secrets.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/detect-secrets.adoc index 7f3aa5dea3..21050d7a24 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/detect-secrets.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/detect-secrets.adoc @@ -67,14 +67,14 @@ Agentless scanning detects sensitive information inside files in your hosts and ==== Compliance Check ID 456 -This check detects secrets inside your hosts' filesystem. -By default, Prisma Cloud alerts you that a secret was detected in a host. +This check detects secrets inside your container images' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a container image. Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. ==== Compliance Check ID 457 -This check detects secrets inside your container images' filesystem. -By default, Prisma Cloud alerts you that a secret was detected in a container image. +This check detects secrets inside your hosts' filesystem. +By default, Prisma Cloud alerts you that a secret was detected in a host. Select *Monitor > Compliance > Compliance Explorer* and search the results using the compliance check ID. [#detected-secrets] diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/trusted-images.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/trusted-images.adoc index 8fa65e154b..eb26ebe3eb 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/trusted-images.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/compliance/operations/trusted-images.adoc @@ -91,6 +91,8 @@ Badges are shown in the following pages: The table is updated at scan-time. ** *Monitor > Compliance > Trusted Images* +NOTE: After a trust policy update, the image data is only updated as a trusted image when you initiate a re-scan. +While, the hostnames with the same image are evaluated as trusted immediately after the policy update. === Events Viewer diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/custom-compliance-checks.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/custom-compliance-checks.adoc index 90c2943bb5..da08f62020 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/custom-compliance-checks.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/custom-compliance-checks.adoc @@ -13,6 +13,7 @@ Custom compliance checks are supported for: Custom compliance checks are not supported for: +- Agentless scanning on Windows hosts - Linux and Windows containers - Docker images on Windows hosts - Tanzu Application Service (TAS) defender diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/configure/certificates.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/configure/certificates.adoc index 0c07220029..e9fd19b0e3 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/configure/certificates.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/configure/certificates.adoc @@ -18,18 +18,6 @@ NOTE: Customizing certificates is only allowed for Prisma Cloud Compute edition. |Your organization CA |Compute edition -|xref:../access-control/rbac.adoc[Docker access control] -|Client certificates - -To enforce Docker access control, client certs should be installed on any host where the docker client can be run. -|Clients (users) access to remote Docker Engine instances -|Customize your own certificates for your clients - -Explicit list of trusted certificates can be defined under *Manage > Authentication > System certificates > Client certificates > Explicit certificate trust list* -|Console CA -|Customize under *Manage > Authentication > System certificates > Client certificates > CA certificate* -|Compute edition - |Certificate-based authentication to Console | |Clients access the Console @@ -186,64 +174,8 @@ NOTE: HTTP Public Key Pinning (HPKP) was a security feature that was used to tel This feature is no longer recommended. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning - -=== Docker role-based access control certificates - -These certificates settings are related to the xref:../access-control/rbac.adoc[Docker access control] feature. Using the Docker access control, you can validate that Docker commands only run from remote machines through Defender on port 9998. Any user running Docker commands on port 9998 must be authenticated and authorized. By default, the Console generates certificates for users to authenticate to Defender. Any command run against Defender must also be explicitly allowed. - -Prisma Cloud lets you use your own certificates for Docker access control. -Customize the Docker access control certificates, by providing Prisma Cloud the CA that signs the client (user) certificates. You can also specify an explicit list for client-trusted certificates. - -*NOTES:* - -* External certification authority (CA) section will be visible only to an Admin role user. -* All trusted certificate information will be retrieved from the certificate itself, so the user doesn't have to manually add info such as CN, issuer, etc. -* Only the public portion of a user certificate should be added to the explicit trust list. Private keys are not required and should be excluded from this process. - -[.task] -==== Setting up your custom certs - -To set up your custom certs: - -[.procedure] -. Open Console, and go to *Manage > Authentication > System certificates*. - -. Open the *CA certificate* card. - -.. Under *CA certificate*, upload CA certificate to trust. -+ -Once this configuration is enabled, users must copy their keys (both public and private) to the host they're using to run commands with docker or kubectl. -Though the path can be referenced in each command, it's usually simpler to place them in the default directory that docker looks in for certificates (~/.docker). -+ -Each user certificate used with Prisma Cloud must have the user's CN embedded in the Subject field of the certificate. -You can validate these settings by running the following command against the certificate: - - $ openssl x509 -in .docker/cert.pem -text | grep Subj - Subject: CN=username -+ -Finally, Docker requires that the CA certificate used to sign the server certificate on the nodes Prisma Cloud is protecting must also be in the ~/.docker folder, in a file called ca.pem. -Because the 'server' certificate used in this deployment model is still generated by Prisma Cloud, this means that on each host where you're running docker or kubectl commands, you must also add the CA certificate to this folder. - -. You can also choose to set *Explicit certificate trust list* to *ON* (this configuration is optional) -+ -An explicit certificate trust list allows you to create a list of explicitly trusted custom certificates. -A typical use case of this feature would be when you have multiple certificates issued to a given user, but only want specific ones to be available for use with Prisma Cloud. -By adding an explicit trust list, you can control what certificates can be used, as Prisma Cloud compares any certificates presented to it against the allowed trusted certificates list. -This way, a user using a certificate not in the explicitly allowed list will not be able to use the certificate with Prisma Cloud, even if it was issued by a trusted CA. -Note that this feature is valid only when a custom CA is configured. -When enabled, this feature allows users to add new certificates to a table by uploading public certificates in PEM format. - -. Click *Add certificate*, copy the PEM-formatted public certificate which was issued by the trusted CA, then click *Add*. -+ -When a custom certificate is provided to Prisma Cloud, it first checks the certificate against this list. -If the certificate is matched to an entry in the list, then the previously existing flow continues. -If the certificate is not in the trusted list, then the authentication fails with an error 'Certificate not in certificate trust list configured in Prisma Cloud'. -+ -image::runtime-security/client-cert-editing.png[width=800] - - [.task] -=== Certificate-based authentication to Console +=== Certificate-based Authentication to Console This feature allows the Console to verify the client's CA certificate when accessing the Console. Use certificates from an implicitly trusted CA for securing the TLS connection. To enable this feature, follow the steps below: diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/configure/collections.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/configure/collections.adoc index 26e3dcebd3..de78e05574 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/configure/collections.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/configure/collections.adoc @@ -261,10 +261,6 @@ Monitor/Compliance |Images, Containers, Namespaces, Clusters, Container Deployment Labels (under Labels), Cloud Account IDs. (Cluster collections are not currently able to filter some events such as container audits, specifically.) -|Monitor/Events -|CNNS for Containers -|Images (Destination image), Cloud Account IDs - |Monitor/Events |WAAS for Containers |Images, Namespaces, Cloud Account IDs @@ -293,10 +289,6 @@ Monitor/Compliance |Host audits |Hosts, Clusters, Labels, Cloud Account IDs -|Monitor/Events -|CNNS for Hosts -|Hosts (Source and Destination Hosts), Cloud Account IDs - |Monitor/Events |WAAS for Hosts |Hosts, Cloud Account IDs diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/configure/customize-terminal-output.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/configure/customize-terminal-output.adoc index e9690d10c2..60513fea2d 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/configure/customize-terminal-output.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/configure/customize-terminal-output.adoc @@ -22,60 +22,7 @@ Enhanced terminal output is available for rules created under: * *Defend > Vulnerabilities > Policy* * *Defend > Compliance > Policy* -* *Defend > Access* (Docker Engine and Kubernetes access control rules). - - -[.task] -=== Specifying a custom message - -This procedure shows you how to create an access control rule that blocks all users from running the `container_create` operation. -You will configure the rule to emit the following custom message when an action is blocked: - - Contact admin@example.com to get additional privileges - -Although this procedure is specific to access control rules, the process for configuring custom messages for vulnerability and compliance rules is the same. - -[.procedure] -. Open Console. - -. Go to *Defend > Access > Docker*, then click *New Docker rule*. - -. In the new rule dialog, enter the following information: - -.. In *Rule name*, enter a name. - -.. Set *Effect* to *Deny*. - -.. In *Show*, uncheck *All* to deselect all actions. - -.. In *Actions*, check *container_create*. -+ -image::runtime-security/customize-terminal-output-765462.png[width=550] - -.. Click on the *Advanced* tab. - -.. In *Custom message for blocked requests*, enter *Contact admin@example.com to get additional privileges*. - -.. Click *Save*. - -. Test your setup by running a command that violates your access control rule. - -.. Install your client certs. -+ -For more information, see -xref:../access-control/rbac.adoc#configuring-docker-client-variables[Configure Docker client variables]. - -.. Try to run a container on a host protected by Prisma Cloud: -+ -[source,console] ----- -$ docker --tlsverify -H :9998 run ubuntu:latest -docker: Error response from daemon: [Prisma Cloud] The command container_create denied for user aqsa by rule Block create. Contact admin@example.com to get additional privileges. -See 'docker run --help'. ----- -+ -Where `` is the hostname or IP address for a host running Defender. - +* *Defend > Access* (Kubernetes access control rules). [.task] === Output itemized list of compliance issues diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/caps.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/caps.adoc index 1bbe934b4e..d45cb31fc0 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/caps.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/caps.adoc @@ -33,9 +33,6 @@ For audits: if you must retain all audits, consider configuring Console to send |xref:../runtime-defense/image-analysis-sandbox.adoc[Image sandbox analysis reports] |5000 scan reports or 500 MB (whichever limit is reached first) -|xref:../access-control/rbac.adoc[Access audits] -|100K audits or 50 MB (whichever limit is reached first) - |xref:../audit/kubernetes-auditing.adoc[Kubernetes audits] |100K audits or 50 MB (whichever limit is reached first) diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/performance-planning.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/performance-planning.adoc index 9b2033501f..f1920d0de7 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/performance-planning.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/performance-planning.adoc @@ -112,7 +112,6 @@ The test environment is built on Kubernetes clusters, and has the following prop The results are collected over the course of 24 hours. The default vulnerability policy (alert on everything) and compliance policy (alert on critical and high issues) are left in place. -CNNS is enabled. [.underline]#Resource consumption#: diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/firewalls/cnns-saas.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/firewalls/cnns-saas.adoc deleted file mode 100644 index 068c720bf4..0000000000 --- a/docs/en/enterprise-edition/content-collections/runtime-security/firewalls/cnns-saas.adoc +++ /dev/null @@ -1,122 +0,0 @@ -[#cloud-native-network-segmentation] -== Cloud Native Network Segmentation (CNNS) - -Cloud Native Network Segmentation (CNNS) is a Layer 4 container and host-aware virtual firewall and network monitoring tool that enables you to segment your network and compartmentalize communication between the segments as a part of a comprehensive defense strategy. - -CNNS works as an east-west firewall for containers and hosts. -When enabled, CNNS automatically displays communications in your environment on xref:../runtime-security-components/radar.adoc[Radar]. -Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively. -You can then define rules to enforce what traffic to allow or block across the network entities. - -For all connections that are monitored using policies, you can set up an alert profile to send it to an external integration such as email. - -[#cnns-get-started] -[.task] -=== Get Started with CNNS - -CNNS leverages the Defenders that are deployed on your hosts and containers to monitor how your containers and hosts connect and communicate with each other in real-time. - -The Defender inspects the connection before it is set up. -Defender adds iptables rules to observe the TCP three-way handshake and watch for SYN messages required to set up new connections. -When SYN messages arrive, Defender evaluates them to track all connections. -After a connection is established, traffic flows directly between the source and destination without any further oversight from Defender. - -From the Radar view, you can identify how you want to segment your network, create network objects to represent each entity that is a source or a destination for traffic, and define policies to enforce what is allowed, alerted on, or blocked between these network objects. - -You can then audit the connection events to analyze how the policy is enforced, both for CNNS for Containers and CNNS for Hosts. - -[.procedure] -. Confirm that you have deployed Defenders on your hosts and containers. -+ -You will need xref:../install/deploy-defender/host/windows-host.adoc[Container Defenders-Windows], for the Windows Hosts. -+ -And for Linux, xref:../install/deploy-defender/container/container.adoc[Container Defenders-Linux] or xref:../install/deploy-defender/host/host.adoc[Defenders-Linux], running on the supported x86_64 and ARM64 Linux OS. See the xref:../install/system-requirements.adoc[system requirements]. - -. xref:#create-cnns-rules[Create CNNS Rules] -. Next Steps: -+ -* xref:#monitor-cnns-events[Monitor CNNS Audit Events] -* xref:../runtime-security-components/radar.adoc#view-connections-radar[View Connections on Radar] -* xref:#configure-notifications[Notifications for CNNS Alerts] - -[#create-cnns-rules] -[.task] -=== Create CNNS Rules - -**Prerequisite**: - -* Enable xref:../runtime-security-components/radar.adoc[CNNS] for hosts and containers under *Runtime Security > Radars > Settings*. -+ -NOTE: -When CNNS is disabled, it displays limited traffic flow data on Radar, including outbound connections to the Internet and connections local to the node itself. -You can create CNNS rules for enforcing access on specific ports or protocols for outbound traffic from hosts and containers on which Defenders are deployed. - -* Create xref:../runtime-security-components/radar.adoc#add-network-objects[Network objects] under *Runtime Security > Radars > Settings*. -+ -CNNS policies use Network Objects for defining the source and destination in a rule. - -[.procedure] - -. Add CNNS policy from *Runtime Security > Defend > CNNS*. -+ -You can add a maximum of 255 rules. -+ -* To add a rule for containers: -+ -.. Select *Container > Add rule*. -.. Select a *Source*. -+ -The source for a container rule must be a network object of type "Image". -.. Select a *Destination*. -+ -The destination can be another container, subnet or DNS. -.. Select a port or range of ports. -+ -For example * for any ports, a specific port number such as 80 or 443, or a range of ports such as 10-100. -.. Select the *Effect*. -The actions you can enforce are alert to allow the connection and generate an event, allow the connection, or prevent to deny connection and generate an event from the source to the destination on the specified port or domain name. -.. *Save* the rule. -+ -image::runtime-security/cnns-container-rules.png[width=400] - -+ -* To add a rule for hosts: -+ -.. Select *Host > Add rule*. -.. Select a *Source*. -+ -The source for a host rule must be a network object of type host. - -.. Select a *Destination*. -+ -The destination can be another host or subnet. -.. Select *Ports*. -+ -For example * for any ports, a specific port number such as 80 or 443, or a range of ports such as 10-100. -.. Select the *Effect*. -The actions you can enforce are alert, allow, or prevent to deny traffic from the source to the destination on the specified port or domain name. -.. Save the rule. -+ -CNNS rules are indicated by dotted lines in the Radar view. - -[#monitor-cnns-events] -[.task] -=== Monitor CNNS Audit Events -You can view all connections to the CNNS hosts and containers. - -[.procedure] -. Select *Runtime Security > Monitor > Events*. -. Filter for *CNNS for containers* or *CNNS for hosts* to view the relevant connection attempts. -+ -image::runtime-security/cnns-container-events.png[width=600] -. Explore more details on the audit event. -+ -You can view the runtime model for a container. -+ -image::runtime-security/cnns-container-events-details.png[width=600] - -[#configure-notifications] -=== Notifications for CNNS Alerts - -On *Runtime Security > Manage > Alerts*, you can add an xref:../alerts/alert-mechanism.adoc[alert profile] to enable alert notifications for CNNS alerts. -The first event is sent immediately; all subsequent runtime events are aggregated hourly. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/container.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/container.adoc index 8b25819250..d091aa4a2e 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/container.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/container.adoc @@ -61,8 +61,6 @@ If you select Console's IP address, and Console's IP address changes, your Defen . Under *Advanced Settings*, you can enter the following additional network configurations. -.. Select the xref:../../../access-control/rbac.adoc#_defender_listener_type[listener type]. The default setting is *None*. - .. Set *Assign globally unique names to Hosts* to *ON* when you have multiple hosts that can have the same hostname. + [NOTE] diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/deploy-defender.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/deploy-defender.adoc index 01d9e32a17..d78ca52ad0 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/deploy-defender.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/deploy-defender.adoc @@ -97,19 +97,13 @@ The following table summarizes the key functional differences between Defender t | | -.2+|*Firewalls* +.1+|*Firewalls* |*WAAS* |Y |Y |Y |Y -|*CNNS* -|Y -|Y -| -| - .1+|*Radar (visualization)* |*Radar* |Y diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/windows-host.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/windows-host.adoc index adac4c675b..35589db939 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/windows-host.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/windows-host.adoc @@ -15,25 +15,15 @@ The Defender type "Container Defender - Windows" means that Defender is capable To deploy Defender on Windows, you’ll copy a PowerShell script from the Prisma Cloud Console and run it on the host where you want to install Defender. - === Feature matrix The following table compares Prisma Cloud's Windows Server feature support to Linux feature support: -[cols="2,1,1,1,1,1,1,1", frame="topbot"] +[cols="1,1,1,1,1,1,1,1", options="header"] |=== -|Platform |Vulnerability |Compliance 3+|Runtime defense 2+|Firewalls - -h| -h| -h| -h|Processes -h|Network -h|Filesystem -h|CNNS -h|WAAS - -|Linux {set:cellbgcolor:#fff} +|Platform |Vulnerability |Compliance |Runtime - Processes |Runtime - Network |Runtime - Filesystem |Firewalls - CNNS| Firewalls - WAAS + +|Linux |Yes |Yes |Yes diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/auto-defend-serverless.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/auto-defend-serverless.adoc index 6340409729..12850403db 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/auto-defend-serverless.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/auto-defend-serverless.adoc @@ -188,6 +188,11 @@ The available resources for scope are: . Click *Apply Defense*. + -NOTE: By default, the serverless auto-defend rules are evaluated every 24 hours. -+ -NOTE: When a rule is deleted, the new set of rules is evaluated and applied *immediately*. +[NOTE] +==== +Auto Defending a serverless function adds runtime protection to it, and the defended function is indicated by a green defended icon in the list view under *Monitor > Vulnerabilities > Functions*. Refer to xref:../../../vulnerability-management/scan-serverless-functions.adoc[Serverless Functions Scanning]. + +By default, the serverless auto-defend rules are evaluated every 24 hours. + +When a rule is deleted, the new set of rules is evaluated and applied *immediately*. +==== \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc index 7adf203fb9..747f8dccff 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/install/system-requirements.adoc @@ -1,3 +1,5 @@ +//System Requirements spreadsheet for O'Neal +//https://docs.google.com/spreadsheets/d/1Mzz4E_7s3JHI7dBm489HNgxDjrmQbVltWS8AhTKiIsM/edit#gid=0 [#system-requirements] == System Requirements @@ -89,7 +91,7 @@ Prisma Cloud is supported on the following host operating systems on x86_64 arch [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=x86-operating-systems +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=x86-operating-systems |=== [#arm64-os] @@ -99,7 +101,7 @@ Prisma Cloud supports host Defenders on the following host operating systems on [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=arm-operating-systems +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=arm-operating-systems |=== [#kernel] @@ -119,8 +121,7 @@ Refer to the the Linux capabilities https://man7.org/linux/man-pages/man7/capabi [NOTE] ==== -* The Prisma Cloud App-Embedded Defender requires CAP_SYS_PTRACE only. -* If you have enabled the CNNS capabilities and are on v4.15.x kernel you must upgrade the kernel version to v5.4.x or later. +The Prisma Cloud App-Embedded Defender requires CAP_SYS_PTRACE only. ==== When running on a Docker host, Prisma Cloud Defender uses the following files/folder on the host: @@ -139,7 +140,7 @@ Prisma Cloud supports only the versions of the Docker Engine supported by Docker [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=docker +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=docker |=== The following storage drivers are supported: @@ -184,7 +185,7 @@ We support the following versions of official mainline vendor/project releases. [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=x86-orchestrators +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=x86-orchestrators |=== [#arm64-orchestrators] @@ -194,7 +195,7 @@ Prisma Cloud supports the official releases of the following orchestrators for t [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=arm-orchestrators +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=arm-orchestrators |=== [#istio] @@ -241,35 +242,35 @@ The following sections show the supported languages for each feature available f [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=vulnerability-scanning +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=vulnerability-scanning |=== ==== Compliance Scanning [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=compliance-scanning +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=compliance-scanning |=== ==== Runtime Protection with Defender [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=runtime-protection +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=runtime-protection |=== ==== WaaS with Defender [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=waas +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=waas |=== ==== Auto-Defend [format=csv, options="header"] |=== -https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/newton-31-system-requirements?sheet=auto-defend +https://main\--prisma-cloud-docs-website\--hlxsites.hlx.live/en/compute-edition/assets/oneal-32-system-requirements?sheet=auto-defend |=== [#go] diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-collection.yml b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-collection.yml index 5b9bcf7b53..6577ab0c74 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-collection.yml +++ b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-collection.yml @@ -149,7 +149,7 @@ topics: dir: onboard-accounts topics: - name: Configure Agentless Scanning - file: onboard-accounts.adoc + file: configure-accounts.adoc - name: Onboard AWS Accounts file: onboard-aws.adoc - name: Configure Agentless Scanning for AWS diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/licensing.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/licensing.adoc index 11f9f5808c..b8a1c5d1be 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/licensing.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/licensing.adoc @@ -46,6 +46,11 @@ Prisma Cloud also offers twistcli, a command-line configuration tool for which t * App-Embedded Defender |=== +[NOTE] +==== +Serverless Radar consumes credits even if your deployment does not actively use it. This is because Serverless Radar is part of cloud discovery and security posture management which is always on and cannot be disabled. +==== + === Defender types The type of Defender you deploy depends on the resource you’re securing. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/radar.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/radar.adoc index 1288a2ef6d..02a8337f8c 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/radar.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/radar.adoc @@ -13,7 +13,6 @@ image::runtime-security/radar-general.png[width=800] Radar makes it easy to conceptualize the architecture and connectivity of large environments, identify risks, and zoom in on incidents that require a response. Radar provides a visual depiction of inter-network and intra-network connections between containers, apps, and cluster services across your environment. It shows the ports associated with each connection, the direction of traffic flow, and internet accessibility. -When Cloud Native Network Segmentation (CNNS) is enabled, Prisma Cloud automatically generates the mesh shown in Radar based on what it has learned about your environment. Radar's pivot has a container view, a host view, and a serverless view. In the container view, each image with running containers is depicted as a node in the graph. @@ -36,6 +35,9 @@ The map tells you what services are running in which data centers, which service Select a marker on the map to see details about the services deployed in the account/region. You can directly secure both the registries and the serverless functions by selecting *Defend* next to them. +NOTE: *Radar > Cloud* shows the serverless functions as undefended until the functions are not scanned for vulnerabilities, regardless of auto defend status. +Add a *Defend > Vulnerabilities > Functions > Functions* rule to trigger a scan on the relevant functions and the Radar will then show the previously undefended functions as defended. + image::runtime-security/radar-cloud-pivot.png[] You can filter the data based on an entity to narrow down your search. @@ -209,21 +211,13 @@ The cluster pivot is currently supported for Kubernetes, OpenShift, and ECS clus All other running containers in your environment are collected in the *Non-Cluster Containers* view. [#radar-settings] -[.task] === Radar Settings -You can enable network monitoring for containers and hosts. +As a Cloud network security measure, you can visualize how your network resources communicate with each other, by enabling *Container network monitoring* and *Host network monitoring* under *Compute > Radars > Settings* and add network objects. -[.procedure] -. Log in to Prisma Cloud Console. +image::runtime-security/radar-settings.png[] -. Select *Runtime Security > Radars > Settings*. - -. Enable CNNS for hosts and containers. -+ -Enable *Container network monitoring* and *Host network monitoring*. -+ -image::runtime-security/cnns-enable.png[width=400] +NOTE: If you have enabled Container/Host Network monitoring under *Compute > Radars > Settings* and are on kernel `v4.15.x` you must upgrade the kernel version to `v5.4.x` or later. [#add-network-objects] [.task] @@ -235,8 +229,6 @@ For example, a payment gateway might pass information to an external service to For hosts:: You can configure network objects to enforce traffic destined from a host to a subnet or another host. For containers:: You can configure network objects to enforce traffic destined from a container (referred to as an image) to a DNS, subnet, or to another container. -When a connection is established between two entities in your environment, CNNS policy evaluates the first rule where both source and destination match. If there are no matching rules, it allows the connection. - [.procedure] . Log in to Prisma Cloud Console. @@ -259,8 +251,6 @@ Some example network objects are: * Type: Image; Value: Name of the containerimage from a collection you have already defined. + A subnet network object can reference a range of IP addresses or a single IP address in a CIDR format. -+ -NOTE: If a rule alerts or prevents outgoing connections to a subnet, traffic will be blocked even if you have defined rules that allow some of those ports for containers/hosts that may be running on machines with IPs from the subnet. [#view-connections-radar] === View Connections on Radar @@ -269,13 +259,4 @@ Radar helps you visualize the connections for a typical microservices app and vi image::runtime-security/cnns-container-radar.png[width=600] -When a connection is observed, the dotted line becomes a solid line, and the CNNS policy is evaluated for a match. -If there is a matching rule, the color of the port number reflects the matching rule's configured effect. -Yellow port numbers represent connections that raised an alert. -Orange port numbers represent connections that were blocked. - -If there's no matching rule, by default the connection is allowed. -The port number is in gray to indicate that the connection was observed, but there was no matching rule. -As a best practice, review the port numbers in gray to assess the need to add additional rules for enforcement. - -NOTE: If CNNS is disabled, you cannot view outgoing connections to external IP addresses. +When a connection is observed, the dotted line becomes a solid line. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security.adoc index 6159501179..b0d913aebc 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/runtime-security.adoc @@ -17,7 +17,7 @@ Use the following table to explore how Runtime Security can help secure your env |xref:../connect/connect-cloud-accounts/connect-cloud-accounts.adoc[Connect Cloud Accounts] |Inspect the risks and vulnerabilities of your cloud workloads without having to install an agent or affecting the execution of your workload. -|xref:./agentless/agentless.adoc[Agentless scanning] +|xref:./agentless-scanning/agentless-scanning.adoc[Agentless scanning] |Provide predictive protection for containers and threat based active protection for running containers, hosts and serverless functions |xref:./runtime-defense/runtime-defense.adoc[Runtime defense] diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-manager.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-manager.adoc index acf2ea6362..8a8f485100 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-manager.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-manager.adoc @@ -17,8 +17,7 @@ It undermines the principal benefit of a secrets store, which is managing all se === Theory of operation When a user or orchestrator starts a container, Defender injects the secrets you specify into the container. -In order for secret injection to work, all Docker commands must be routed through Defender, so be sure to -xref:../access-control/rbac.adoc#authentication-and-identity[download your client certs and setup your environment variables]. +In order for secret injection to work, all Docker commands must be routed through Defender. Refer to xref:inject-secrets.adoc[Inject Secrets into Containers]. There are several moving parts in the solution: diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/prisma-cloud-vulnerability-feed.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/prisma-cloud-vulnerability-feed.adoc index fa63638cc7..8bef2f3715 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/prisma-cloud-vulnerability-feed.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/prisma-cloud-vulnerability-feed.adoc @@ -98,7 +98,7 @@ The type of applications supported in the IS are: * BusyBox * Consul * CRI-O -* Docker +* Docker Enterprise * GO * Istio * OMI diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/troubleshoot-vulnerability-detection.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/troubleshoot-vulnerability-detection.adoc index d1ca7a6b2b..fea272a348 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/troubleshoot-vulnerability-detection.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/troubleshoot-vulnerability-detection.adoc @@ -235,7 +235,7 @@ Always validate the Image ID SHA to ensure it's the same image. If you are unable to share the image, please provide an image where the issue reproduces that we can analyze. . *Scan discrepancy report sheet*: Ensure you have a spreadsheet with the following columns info filled out from your prior analysis. -+ + [cols="1,1,1,1,1,1,1,1"] |=== |CVE ID |Package Type |Package Name |Package Version |Path where package is found in image |CVE Reported in Console? Yes/No |CVE Reported by any other vendor/source? |Your explanation/comments diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-explorer.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-explorer.adoc index 703cc36f96..e86f07a595 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-explorer.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-explorer.adoc @@ -129,7 +129,7 @@ For each impacted resource, you can hover over the *Vulnerability* tag next to t image::runtime-security/vuln-explorer-CVE-dialog.png[width=500] ==== Image details -The image details also show the Start time when the image was first deployed within the container. +The image details also show the Start time for when the container image was first scanned. image::runtime-security/vuln-explorer-image-details.png[width=500] @@ -183,7 +183,7 @@ Vulnerability is remotely exploitable. The vulnerable component is bound to the network, and the attacker's path is through the network. * *Reachable from the internet* -- -Vulnerability exists in a container exposed to the internet. The detection of this risk factor requires that CNNS will be enabled and network objects will be defined for external sources under *Radar > Settings*. Then, if a connection is established between the defined external source and the container, the container is identified as reachable from the internet. +Vulnerability exists in a container exposed to the internet. * *Listening ports* -- Vulnerability exists in a container that is listening on network ports. diff --git a/docs/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc b/docs/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc index d86a23a616..45a38b37aa 100644 --- a/docs/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc +++ b/docs/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/fragments/defender-deployment-failed-troubleshoot.adoc @@ -4,7 +4,7 @@ image::runtime-security/err4-failedcondition-received.png[] . Make sure that the IP address of Prisma Console in the VPC configuration is public. . Check if the Defender instance has a public IP address. -. Check if xref:../../agentless-scanning/onboard-accounts/configure-aws.adoc[AWS account can connect with the Prisma Cloud Console] with Console URL that you selected in the VPC configuration. +. Check if xref:../../agentless-scanning/configure-accounts/configure-aws.adoc[AWS account can connect with the Prisma Cloud Console] with Console URL that you selected in the VPC configuration. .. If the Console is not reachable, delete the rule and create a new rule with a valid Prisma Cloud Console URL. .. If the Console is not reachable due to a firewall rule or other blocking rules, fix the rule to allow the connectivity to the Console, and click *Update* to retry the deployment. .. Ensure that the Console's IP address and the ports are reachable by the Defender. Also, the firewall is open with the relevant port and source IPs. diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/application-asset-queries/application-asset-build-explore.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/application-asset-queries/application-asset-build-explore.adoc deleted file mode 100644 index 83372a8acf..0000000000 --- a/docs/en/enterprise-edition/content-collections/search-and-investigate/application-asset-queries/application-asset-build-explore.adoc +++ /dev/null @@ -1,130 +0,0 @@ -`code` - - -:topic_type: task - -[.task] - -== Build Queries - -[.procedure] - -. Before you begin building a query, you must understand the basic building blocks of a query. -+ -* *[FIND]*: The category of investigation -* *[Type]*: The asset or node in your engineering environment -* *[WHERE]* clause: An attribute representing the relationship or edge between the nodes -* *[+ADD]*: Create an additional clause - -. Access Application Security query builder: -+ -In Application Security, select *Investigate* > *Search* > select the *Application Asset* domain from the 'Find' menu. -. Select a type. -. In the *[WHERE]* clause, select an attribute or a more complex condition such as a relationship between two nodes. -+ -NOTE: When selecting an attribute, the auto-suggest feature will suggest applicable expressions and operators that you can use to narrow your search criteria. - -. Add clauses as required: select *+ Add*. -. Create the query: select *Search*. -. Next step: xref:explore-query-results.adoc[Analyze query results]. -+ -NOTE: See xref:application-asset-examples.adoc[Investigate Query Examples] for examples. - -=== Explore Query Results - -After building your query, you can analyze the results to perform an in-depth analysis of security issues across your entire engineering ecosystem. - -image::investigate-example-query-results.png[] - -The query result, displayed in *Graph View*, includes the following components: -* <>: The assets of a repository. Can include entities -* <>: The connections between nodes -* *Export*: Download graph data as a png image or JSON file -* *Controls*: Include zoom and reset - -See the ../../../../application-security/visibility/repositories.adoc#appgraph[Application Graph]for more on exploring graphs, including nodes and edges. - -NOTE: See xref:investigate-examples.adoc[Application Asset query examples]. - - - - - - -== Asset Query Attributes - -Learn about Asset query attributes. - -Review your options when using userinput:[asset where]. Each attribute allows you to narrow your search criteria. As you use these attributes, the auto-suggestion feature shows the available expressions and the operators that are applicable for each attribute. - -* userinput:[asset.name] -+ -Use the userinput:[asset.name] attribute to view asset details on the *Investigate* tab. -+ -For example, you can
. -+ -screen:[example] - - -* userinput:[asset.class] -+ -Use the userinput:[asset.class] attribute to view . -+ -For example, you can
. -+ -screen:[example] - - -* userinput:[asset.type] -+ -Use the userinput:[asset.type] attribute to view . -+ -For example, you can
. -+ -screen:[example] - - -* userinput:[asset.category] -+ -Use the userinput:[asset.category] attribute to view . -+ -For example, you can
. -+ -screen:[example] - - -* userinput:[asset.service] -+ -Use the userinput:[asset.service] attribute to view . -+ -For example, you can
. -+ -screen:[example] - - - -* `asset.name` -+ -Use `asset.name` to view asset details. - -* `asset.class` -+ -Use `asset.class` to view the asset class. - -* `asset.type` -+ -Use `asset.type` to view . - -* `asset.category` -+ -Use `asset.category` to view . - -* `asset.service` -+ -Use `asset.service` to view . - -//- cloud.type -//- cloud.region -//- cloud.service -//- cloud.account -//- cloud.accountgroup \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-query-attributes.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-query-attributes.adoc index 7147bc7549..163642bf46 100644 --- a/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-query-attributes.adoc +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-query-attributes.adoc @@ -1,30 +1,38 @@ == Asset Configuration Query Attributes -Learn more about Config query attributes. +//Learn more about Config query attributes. -Review your options when using userinput:[config from]. The userinput:[cloud.resource] attribute uses the configuration metadata that Prisma Cloud ingests from the cloud service providers, and you can use it to query the asset configuration and manage the security posture for the asset. +Review your options when using the `config from` query. The `cloud.resource` attribute uses the configuration metadata that Prisma Cloud ingests from the cloud service providers, and you can use it to query the asset configuration and manage the security posture for the asset. Each attribute allows you to narrow your search criteria. As you use these attributes, the auto-suggestion feature shows the available expressions and the operators that are applicable for each attribute. -* userinput:[api.name] +//Results on the Investigate page are optimized to load the initial set of results faster. When you enter the query and click *Search*, the interface loads the first 100 search results. Click the *Load More* button to fetch additional results. All config attributes except `cloud.account.group, azure.resource.group, limit search records, aggregate functions (count and group by)`, and all finding type attributes such as `finding.type, finding.severity`, are currently optimized for faster search results. + +* `api.name` + Cloud APIs are part of cloud platforms and they enable the development of applications and services used for provisioning assets, virtual machines, platforms, and software. + -For each cloud platform, depending on the asset, there are several APIs available. You can use the userinput:[api.name] attribute to identify a specific configuration for the asset. For a list of all API names available for each cloud platform, see *API Reference*. +For each cloud platform, depending on the asset, there are several APIs available. You can use the `api.name` attribute to identify a specific configuration for the asset. For a list of all API names available for each cloud platform, see *API Reference*. + -When used with the userinput:[cloud.type] attribute, auto-complete displays only the API names that pertain to the cloud type you selected. +When used with the `cloud.type` attribute, auto-complete displays only the API names that pertain to the cloud type you selected. + For example, you can list SQL instances on Google Cloud: + -screen:[config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-sql-instances-list'] +[screen] +---- +config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-sql-instances-list' +---- -* userinput:[addcolumn] +* `addcolumn` + -Use the userinput:[addcolumn] attribute to add columns to the results displayed on screen. This enables you to view the JSON data for the assets that correspond to your query. +Use the `addcolumn` attribute to add columns to the results displayed. This enables you to view the JSON data for the assets that correspond to your query. + For example, you can add columns for key name and image ID for EC2 instances: + -screen:[config from cloud.resource where api.name = 'aws-ec2-describe-instances' addcolumn keyName hypervisor imageId] +[screen] +---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' addcolumn keyName hypervisor imageId +---- + [NOTE] ==== @@ -32,53 +40,73 @@ The addcolumn attributes works only when the field is present in all matching en ==== -* userinput:[azure.resource.group] +* `azure.resource.group` + -Use the userinput:[azure.resource.group] attribute to find all cloud resources deployed within a specific Azure Resource Group, which is a logical container that groups related resources that are stored within your Azure account. For example:screen:[config from cloud.resource where azure.resource.group = 'azure-resource-group-test' and api.name = 'azure-network-vnet-list']lists all network-vnet resources that are part of the Azure resourcegroup named azure-resource-group-test. +Use the `azure.resource.group` attribute to find all cloud resources deployed within a specific Azure Resource Group, which is a logical container that groups related resources that are stored within your Azure account. For example, you can list all network-vnet resources that are part of the Azure Resource Group named azure-resource-group-test: ++ +[screen] +---- +config from cloud.resource where azure.resource.group = 'azure-resource-group-test' and api.name = 'azure-network-vnet-list' +---- -* userinput:[cloud.account] +* `cloud.account` + -Use the userinput:[cloud.account] attribute to narrow down a configuration search to one or more cloud accounts that you connected to the Prisma Cloud. +Use the `cloud.account` attribute to narrow down a configuration search to one or more cloud accounts that you connected to the Prisma Cloud. + For example, you can list EC2 instances in your Production AWS account: + -screen:[config from cloud.resource where cloud.type = 'aws' AND cloud.account = 'Production’ AND api.name = 'aws-ec2-describe-instances'] +[screen] +---- +config from cloud.resource where cloud.type = 'aws' AND cloud.account = 'Production’ AND api.name = 'aws-ec2-describe-instances' +---- -* userinput:[cloud.account.group] +* `cloud.account.group` + -Use the userinput:[cloud.account.group] attribute to narrow down the configuration to the cloud account in your cloud account group. +Use the `cloud.account.group` attribute to narrow down the configuration to the cloud account in your cloud account group. + For example, you can list all the Amazon RDS instances in all your AWS accounts: + -screen:[config from cloud.resource where cloud.account.group = 'All my AWS accounts' AND cloud.region = 'AWS Virginia' AND api.name = 'aws-rds-describe-db-instances' ] +[screen] +---- +config from cloud.resource where cloud.account.group = 'All my AWS accounts' AND cloud.region = 'AWS Virginia' AND api.name = 'aws-rds-describe-db-instances' +---- -* userinput:[cloud.region] +* `cloud.region` + -Use the userinput:[cloud.region] attribute to narrow down a configuration search to one or more cloud regions. +Use the `cloud.region` attribute to narrow down a configuration search to one or more cloud regions. + For example, you can list all virtual machine instances in your Azure account in the Central US region: + -screen:[config from cloud.resource where cloud.type = 'azure' and cloud.account = 'RedLock - Azure Subscription' AND cloud.region = 'Azure Central US' AND api.name = 'azure-vm-list'] +[screen] +---- +config from cloud.resource where cloud.type = 'azure' and cloud.account = 'RedLock - Azure Subscription' AND cloud.region = 'Azure Central US' AND api.name = 'azure-vm-list' +---- -* userinput:[cloud.service] +* `cloud.service` + -Use the userinput:[cloud.service] attribute to query configuration for a specific cloud service, such as IAM, S3, or Virtual Machines. +Use the `cloud.service` attribute to query configuration for a specific cloud service, such as IAM, S3, or Virtual Machines. + For example, you can list all S3 storage bucket access control lists (ACLs) in your AWS cloud accounts: + -screen:[config from cloud.resource where cloud.type = 'aws' AND cloud.service = 'S3' AND api.name = 'aws-s3api-get-bucketacl'] +[screen] +---- +confg from cloud.resource where cloud.type = 'aws' AND cloud.service = 'S3' AND api.name = 'aws-s3api-get-bucketacl' +---- -* userinput:[cloud.type] +* `cloud.type` + -Use the userinput:[cloud.type] attribute to narrow down your search option to specific clouds. Supported options are AWS, Azure,GCP, Alibaba and OCI. +Use the `cloud.type` attribute to narrow down your search option to specific clouds. Supported options are AWS, Azure,GCP, Alibaba and OCI. + For example, you can list all EC2 instances in your AWS cloud accounts: + -screen:[config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-instances'] +[screen] +---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-instances' +---- -* userinput:[count] +* `count` + -Use the userinput:[count] attribute for a tally of the number of assets of a specific type. userinput:[count] is available for use with the userinput:[api.name] attribute as ) or along with userinput:[json.rule] to query or filter specific elements included in the JSON configuration related to a cloud asset. +Use the `count` attribute for a tally of the number of assets of a specific type. `count` is available for use with the `api.name` attribute as or along with `json.rule` to query or filter specific elements included in the JSON configuration related to a cloud asset. + When the api.name is a global service (such as, azure-active-directory-app-registration), count includes all assets for that service within the cloud account; if the api.name is a regional service (such as, azure-vm-list), the count includes the only assets tied to the cloud region for the cloud account. + @@ -89,28 +117,35 @@ For example, you can retrieve a count of all the Azure Linux Virtual Machines av config from cloud.resource where api.name = 'azure-vm-list' as X; count(X) greater than 0 ---- + -or, in conjunction with the userinput:[json.rule] attribute to filter and retrieve a count of all the Azure Linux Virtual Machines where password authentication is disabled: +or, in conjunction with the `json.rule` attribute to filter and retrieve a count of all the Azure Linux Virtual Machines where password authentication is disabled: + [screen] ---- config from cloud.resource where api.name = 'azure-vm-list' AND json.rule = ['properties.osProfile'].linuxConfiguration.disablePasswordAuthentication is true as X; count(X) greater than 1 ---- -* userinput:[finding.type, finding.severity, finding.source] +* `finding.type, finding.severity, finding.source` + Use the finding attributes to query for vulnerabilities on workloads—destination or source assets—that have one or more host-related security findings. Prisma Cloud ingests host vulnerability data from external sources, such as Qualys, Tenable.io, Amazon Inspector and ingests host and IAM users security-related alerts from Amazon GuardDuty, or Prisma Cloud Defenders deployed on your hosts or containers. + -[NOTE] -==== -To leverage userinput:[finding] attributes, you must either enable an integration with the host vulnerability provider such as Amazon GuardDuty or have installed Prisma Cloud Defenders in your environment. -==== +To leverage `finding` attributes, you must either enable an integration with the host vulnerability provider such as Amazon GuardDuty or have installed Prisma Cloud Defenders in your environment. + For example, you can list all the hosts with a critical host vulnerability: + -screen:[config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.severity = 'critical']Or find potential security issues by source: +[screen] +---- +config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.severity = 'critical' +---- + -screen:[config from cloud.resource where finding.source = 'AWS Guard Duty' AND finding.type = 'AWS GuardDuty IAM ' AND api.name= 'aws-iam-list-users' ]Host finding attributes support the following assets types: +Or find potential security issues by source: + +[screen] +---- +config from cloud.resource where finding.source = 'AWS Guard Duty' AND finding.type = 'AWS GuardDuty IAM ' AND api.name= 'aws-iam-list-users' +---- ++ +Host finding attributes support the following assets types: + ** *Prisma Cloud Alert*—Fetches all assets that have one or more open alerts generated by Prisma Cloud. ** *Host Vulnerability*—Fetches all assets that have one or more of the host vulnerabilities (such as CVE-2016-8655) reported by external providers such as AWS Inspector, Qualys, or Tenable.io or Prisma Cloud Defenders. @@ -121,69 +156,78 @@ screen:[config from cloud.resource where finding.source = 'AWS Guard Duty' AND f ** *AWS Inspector Security Best Practices*—Fetches all assets which are in violation of one or more rules reported by the AWS Inspector Security best practices package. -** *AWS GuardDuty*—Fetches all assets which have one or more findings reported by AWS GuardDuty. -+ -For Amazon GuardDuty, the finding.type can be IAM or host—AWS GuardDuty IAM or AWS GuardDuty Host. +** *AWS GuardDuty*—Fetches all assets which have one or more findings reported by AWS GuardDuty. For Amazon GuardDuty, the finding.type can be IAM or host—AWS GuardDuty IAM or AWS GuardDuty Host. + -* userinput:[finding.name] +* `finding.name` + -Use the userinput:[finding.name] attribute and enter a string value to find a host vulnerability by the name defined on your host vulnerability provider. Specify the userinput:[finding.type] for the autocomplete suggestion to specify a userinput:[finding.name] query. +Use the `finding.name` attribute and enter a string value to find a host vulnerability by the name defined on your host vulnerability provider. Specify the `finding.type` for the autocomplete suggestion to specify a `finding.name` query. + For example, you can list all the hosts with the CVE-2016-8399 vulnerability: + -screen:[config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.name = 'CVE-2016-8399']or,screen:[config from cloud.resource where finding.type = 'AWS GuardDuty IAM' AND finding.name= ‘Recon:IAM/TorIPCaller’] +[screen] +---- +config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.name = 'CVE-2016-8399' +---- ++ +or, ++ +[screen] +---- +config from cloud.resource where finding.type = 'AWS GuardDuty IAM' AND finding.name= ‘Recon:IAM/TorIPCaller’ +---- -* userinput:[json.rule] +* `json.rule` + Prisma Cloud ingests data and updates events in the JSON format. + -Use the userinput:[json.rule] attribute to query or filter specific elements included in the JSON configuration related to a cloud asset. The userinput:[json.rule] attribute enables you to look for specific configurations: parse JSON-encoded values, extract data from JSON, or search for value within any configuration policy for cloud accounts that you are monitoring using Prisma Cloud. The userinput:[json.rule] attribute allows you to create boolean combinations and find data in selected fields within the JSON data that represents the asset. +Use the `json.rule` attribute to query or filter specific elements included in the JSON configuration related to a cloud asset. The `json.rule` attribute enables you to look for specific configurations: parse JSON-encoded values, extract data from JSON, or search for value within any configuration policy for cloud accounts that you are monitoring using Prisma Cloud. The `json.rule` attribute allows you to create boolean combinations and find data in selected fields within the JSON data that represents the asset. + -When you include the userinput:[json.rule] attribute in a configuration query, the auto-complete displays the elements or assets that match your search criteria. Because JSON has a nested structure, you can search for elements at the root level, inside the JSON tree, or in an array object. +When you include the `json.rule` attribute in a configuration query, the auto-complete displays the elements or assets that match your search criteria. Because JSON has a nested structure, you can search for elements at the root level, inside the JSON tree, or in an array object. + For example, you can list all Azure Linux Virtual Machines where password authentication is disabled: + -[userinput] +[screen] ---- config from cloud.resource where api.name = 'azure-vm-list' AND json.rule = ['properties.osProfile'].linuxConfiguration.disablePasswordAuthentication is true ---- + Or define nested rules in Config RQL to query data within JSON arrays, such as find network security groups that include rules that allow TCP traffic on specified destination ports: + -[userinput] +[screen] ---- config from cloud.resource where api.name= 'azure-network-nsg-list' AND json.rule = securityRules[?any( direction equals Inbound and protocol does not equal UDP and access equals Allow and destinationPortRange is member of (22,3389,5432,1521,3306,5000,5984,6379,6380,9042,11211,27017))] exists ---- + or, + -[userinput] +[screen] ---- config from cloud.resource where api.name= 'azure-network-nsg-list' AND json.rule = securityRules[?any(access equals Allow and direction equals Inbound and sourceAddressPrefix equals Internet and (protocol equals Udp or protocol equals *) and destinationPortRange contains _Port.inRange(137,137) )] exists] ---- + or, + -[userinput] +[screen] ---- -config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissionsEgress[?any( toPort greater than 22 and ipv4Ranges[?any( cidrIp does not contain "0.0" )] exists )] exists ] +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissionsEgress[?any( toPort greater than 22 and ipv4Ranges[?any( cidrIp does not contain "0.0" )] exists )` exists ] ---- -* userinput:[resource.status] +* `resource.status` + -Use the userinput:[resource.status] attribute to find assets that are active or deleted on the cloud platform within the specified time range. The value available are userinput:[active] or userinput:[deleted] . For example: userinput:[config from cloud.resource where resource.status = active] . +Use the `resource.status` attribute to find assets that are active or deleted on the cloud platform within the specified time range. The value available are `active` or `deleted` . For example: `config from cloud.resource where resource.status = active` . + The query result is based on whether the specified asset was active during or deleted anytime within the search time range. Assets that were neither created nor deleted within the specified time range are not included in the result. + -When userinput:[resource.status] is not specified in the query, use the *Asset Explorer* to check whether the *Deleted* status for the resource is True or False. +When `resource.status` is not specified in the query, use the *Asset Explorer* to check whether the *Deleted* status for the resource is True or False. -* userinput:[tag] +* `tag` + -Use the userinput:[tag] attribute to find all resources that have a specific tag name or value. The operators available with userinput:[config from cloud.resource where tag] include userinput:[('key') = 'value'] , userinput:[All] , userinput:[Any] , userinput:[tag('key') EXISTS] , userinput:[tag('key') in ('value1', 'value2', 'value3')] , and the negations !=, does not Exist, not in. +Use the `tag` attribute to find all resources that have a specific tag name or value. The operators available with `config from cloud.resource where tag` include `('key') = 'value'` , `All` , `Any` , `tag('key') EXISTS` , `tag('key') in ('value1', 'value2', 'value3')` , and the negations !=, does not Exist, not in. + -After you define a userinput:[tag] in menu:Settings[Resource List], you can reference the tag value or key in a config query. The supported operators are userinput:[is member of] , userinput:[is not member of] , userinput:[intersects] , and userinput:[does not intersect] . Use curly braces to use them in a JSON rule: +After you define a `tag` in menu:Settings[Resource List], you can reference the tag value or key in a config query. The supported operators are `is member of`, `is not member of` , `intersects` , and `does not intersect`. Use curly braces to use them in a JSON rule: + -[userinput] +[screen] ---- config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*].key is member of {'Resource List'.keys} ---- diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-queries/asset-queries.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-queries/asset-queries.adoc index f79e4ee986..f7d39a4d15 100644 --- a/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-queries/asset-queries.adoc +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/asset-queries/asset-queries.adoc @@ -10,4 +10,6 @@ The `asset where` queries display results only for cloud accounts that you have image::search-and-investigate/asset-simple-search-1.png[] -//With Investigate in simple mode, powered by asset RQL grammar? You need to enable corresponding capabilities to have access to the full suite of security findings for running an asset search. \ No newline at end of file +//With Investigate in simple mode, powered by asset RQL grammar? You need to enable corresponding capabilities to have access to the full suite of security findings for running an asset search. + +NOTE: Irrespective of the number of assets displayed in the *Table* view, the *Graph* view displays up to 50 assets. For example, if your `asset where` query search displayed 75 assets in the Table view, when you switch to the Graph view you will only see the first 50 assets. \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/collection-search-and-investigate.yml b/docs/en/enterprise-edition/content-collections/search-and-investigate/collection-search-and-investigate.yml index df451a02a3..d31f7200a8 100644 --- a/docs/en/enterprise-edition/content-collections/search-and-investigate/collection-search-and-investigate.yml +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/collection-search-and-investigate.yml @@ -70,6 +70,8 @@ topics: file: permissions-query-attributes.adoc - name: Permissions Query Examples file: permissions-query-examples.adoc + - name: Permissions Query Conditions + file: permissions-query-conditions.adoc - name: Network Queries dir: network-queries topics: @@ -88,5 +90,11 @@ topics: file: audit-event-query-attributes.adoc - name: Audit Event Query Examples file: audit-event-query-examples.adoc + - name: RQL Operators + file: rql-operators.adoc + - name: RQL Examples + file: rql-examples.adoc + - name: RQL FAQs + file: rql-faqs.adoc --- diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-attributes.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-attributes.adoc new file mode 100644 index 0000000000..b4f3c47d8b --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-attributes.adoc @@ -0,0 +1,209 @@ +== Network Configuration Query Attributes + +//Learn about Network Configuration Query attributes using Cloud Network Analyzer. + +The Cloud Network Analyzer engine of Prisma Cloud calculates the external exposure of your cloud assets using routing path that exists from *source* to *destination* and the net effectiveness of all network security policies in that network path. You can use `config from network where` query and if the search expression is valid and complete, a green checkmark displays along with your query results. + +//You can save the searches that you have created in *My Saved Searches*, which enables you to use the same query at a later time, instead of typing the query again. You can also use the saved search to create a policy. +//image::config-from-network-where-options-query.png[scale=40] + +Each attribute allows you to narrow your search criteria. As you use these attributes, the auto-suggestion capability shows the available expressions and xref:../rql-operators.adoc[operators] that are applicable for each attribute. In order for the network configuration query to be valid, you need to specify at least one `source` , one `dest` (destination), and one `cloud.type` attribute. You can only use the `and` operator in the RQL query. Use `=` to specify a single value and `in` to specify comma separated value (csv). + +[NOTE] +==== +Any IP addresses or CIDR that you have not defined as xref:../../administration/trusted-ip-addresses-on-prisma-cloud.adoc[Trusted IP Addresses on Prisma Cloud] and are not part of your cloud environment are considered as UNTRUST_INTERNET. +==== + +* `source/dest.network` ++ +Use the `source/dest.network` attribute to search for all public untrusted Internet IPs. Specify it in an IP CIDR format, such as `1.2.3.4/32` . + +* `address.match.criteria` ++ +The `address.match.criteria` attribute is optional to use in combination with the `source/dest.network` attribute. ++ +You can use a `full_match` or a `partial_match` for IP addresses with this criteria. For example: ++ +** *full_match*—If you use `address.match.criteria = 'full_match'` for the IP range 20.0.0.0/24 then the cloud network analyzer engine will look for all host addresses of 20.0.0.0/24 in security policies to match. + +** *partial_match*-—If you use `address.match.criteria = 'partial_match'` for the IP range 20.0.0.0/24 then the cloud network analyzer engine will look for at-least one of host addresses of 20.0.0.0/24 in security policies to match. ++ +*Query example:* ++ +`config from network where source.network = '20.0.0.0/24' and address.match.criteria = 'partial_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' )` + +* `source/dest.resource.type` ++ +Use the `source/dest.resource.type` attribute to search for true network exposure of a particular resource type, such as an instance, interface, PaaS, or service endpoint. + +* `source/dest.cloud.type` ++ +Use the `source/dest.cloud.type` attribute to narrow down your search option to specific clouds. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS'` + +* (Optional) `source/dest.resource.state` ++ +Use the `source/dest.resource.state` attribute to find resources that are Active or Inactive, such as an EC2 instance that has state as running or inactive or an EC2 instance that has state as stopped on Prisma Cloud. If you do not specify `source/dest.resource.state` in the query, the RQL query displays both Active and Inactive resources in the result. ++ +*Query example:* ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.resource.state = 'Active'` + +* (Optional) `source/dest.cloud.account` ++ +Use the `source/dest.cloud.account` attribute to narrow down the search to one or more cloud accounts that you connected to Prisma Cloud. ++ +*Query examples:* ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.cloud.account in ( '345744466724', '667116190384' )` ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.cloud.account = '345744466724'` + +* (Optional) `source/dest.cloud.region` ++ +Use the `source/dest.cloud.region` attribute to narrow down the search based on where the sources are, in one or more cloud regions. ++ +*Query examples:* ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.cloud.region = 'AWS Virginia'` ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.cloud.region in ( 'AWS Virginia', 'AWS Ohio' )` + +* (Optional) `source/dest.cloud.instance.id` ++ +Use the `source/dest.cloud.instance.id` attribute to search exposure of a specific EC2 instance based on it resource ID. ++ +*Query examples:* ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.instance.id = 'i-07c6c16595ed9196b'` ++ +`config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.instance.id in ( 'i-0a0e018fc73917ba7' , 'i-0a0e018fc73917ba7' )` + +* (Optional) `source/dest.instance.image.id` ++ +Use the `source/dest.instance.image.id` attribute to search for virtual machines with specific image ID. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.instance.image.id = 'ami-0fe8c3a9b6b9b3c6e'` + +* (Optional) `source/dest.instance.product.code` ++ +Use the `source/dest.instance.product.code` attribute to search for virtual machines with specific product code. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and dest.instance.image.product.code = '5tiyrfb5tasxk9gmnab39b843'` + +* (Optional) `source/dest.cloud.interface.id` ++ +Use the `source/dest.cloud.interface.id` attribute to search exposure of a specific EC2 cloud resource based on its ID. + +* (Optional) `source/dest.network.interface.id` ++ +Use the `source/dest.network.interface.id` attribute to search exposure of a specific network interface based on its ID. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.id = 'eni-083bb56febfd55383'` + +* (Optional) `source/dest.network.interface.owner` ++ +Use the `source/dest.network.interface.owner` attribute to search exposure of a specific network interface based on the owner. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.owner = 'amazon-rds'` + +* (Optional) `source/dest.network.interface.type` ++ +Use the `source/dest.network.interface.type` attribute to search exposure of a specific network interface based on the interface type. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.type = 'Lambda'` + +* (Optional) `source/dest.security.group.id` ++ +Use the `source/dest.security.group.id` attribute to search exposure of a specific network interface based on the specific security group associated with it. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.security.group.id = 'sg-04242ff5c55da0c84'` + +* (Optional) `source/dest.service.name` ++ +Use the `source/dest.service.name` attribute to search exposure of a specific VPC service endpoint based on the service name. ++ +*Query example:* ++ +`config from network where source.resource.type = 'Instance' and dest.resource.type = 'Service Endpoint' and source.vpc.id = 'vpc-079e9bb7bc4ba9db2' and dest.vpc.id = 'vpc-079e9bb7bc4ba9db2' and dest.service.name = 'com.amazonaws.us-east-1.secretsmanager'` + +* (Optional) `source/dest.subnet.id` ++ +Use the `source/dest.subnet.id` attribute to search exposure of a specific network interface based on the subnet id. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.network.interface.id = 'subnet-0d8b58217812f9c42'` + +* (Optional) `source/dest.tag` ++ +Use the `source/dest.tag` attribute to search exposure of a specific network interface or virtual machine based on the resource tag pair. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.tag = 'env=prod'` + +* (Optional) `source/dest.vpc.id` ++ +Use the `source/dest.vpc.id` attribute to search exposure of a specific network interface or virtual machine based on the VPC ID. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.vpc.id = 'vpc-079e9bb7bc4ba9db2'` + +* (Optional) `excluded.networks` ++ +Use the `excluded.networks` attribute to exclude certain IP/IPv6 CIDR blocks from Network Path Analysis calculation. This is useful only when you use `source.network = UNTRUST_INTERNET` or `dest.network = UNTRUST_INTERNET` RQL attribute. ++ +*Query example:* ++ +`config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and excluded.networks in ( '1.2.3.4/32', '100.0.0.0/24' )` + +* (Optional) `alert.on` ++ +The `alert.on` attribute is only applicable when the RQL query is used as a Policy. ++ +*Query example:* ++ +` config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and alert.on = 'DestVPC'` + +* (Optional) `protocol.ports` ++ +Use the `protocol.ports` attribute to search for specific protocols and destination ports, which you can specify in following formats: ++ +** udp + +** tcp + +** tcp/22 + +** tcp/20:50 + +** icmp/code/type + +** tcp/22,443,3389,1000:5000 + +* (Optional) `effective.action` ++ +Use the `effective.action` attribute to search for the net effective action that allows or rejects the network traffic from the specified source to destination. The options are: ++ +** Allow: A routing path exists and security policies allow the traffic. + +** Deny: A routing path exists, however security policies reject the traffic. + +** Any \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-examples.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-examples.adoc new file mode 100644 index 0000000000..b1f1952fb8 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-examples.adoc @@ -0,0 +1,118 @@ +== Network Configuration Query Examples + +The following examples show you how to use xref:network-config-query-attributes.adoc[Network Configuration Query Attributes] in RQL for investigating network exposure issues. + +[cols="40%a,60%a"] +|=== +|AWS USE CASES +|RQL + +|Find all AWS EC2 instances that are accessible from any untrusted Internet source on administrative ports via SSH/RDP. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and effective.action = 'Allow' and protocol.ports in ( 'tcp/22' , 'tcp/3389' ) +---- + +|Find all AWS EC2 instances that are accessible from any untrusted Internet source other than HTTP/HTTPS. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' ) +---- + +|Find all AWS Redshift managed ENI that are accessible from any untrusted Internet source on any port/protocol. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.owner in ( 'amazon-redshift' ) +---- + +|Find all AWS RDS managed ENI that are accessible from any untrusted Internet source on DB port/protocol 3306. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.owner in ( 'amazon-rds' ) and protocol.ports in ( 'tcp/3306') +---- + +|Find all AWS RDS managed ENI that are accessible from any untrusted Internet source on any port/protocol. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.owner in ( 'amazon-rds') +---- + +|Find all AWS ELB managed ENI that are accessible from any untrusted Internet source on any port/protocol other than HTTP/HTTPS. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.network.interface.owner in ( 'amazon-elb' ) and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' ) +---- + +|Find all AWS VPCs that have EC2 Instances that are accessible from any untrusted Internet source on any port/protocol other than web traffic (HTTP/HTTPs). + +If you use the alert.on RQL attribute, it is only applicable for policies and alerts and has no effect on investigate queries. +|---- +config from network where source.network = '0.0.0.0/0' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' ) and alert.on = 'DestVPC' +---- + +|Find all AWS EC2 instances with outbound access to any untrusted Internet destination. +|---- +config from network where source.resource.type = 'Instance' and source.cloud.type = 'AWS' and dest.network = UNTRUST_INTERNET +---- + +|Find if instance A in VPC-1 (staging environment) can communicate with instance A in VPC-2 (production environment). + +For E-W network analysis, specify at least one specific source and destination VPC. +|---- +config from network where source.resource.type = 'Instance' and source.vpc.id = 'vpc-0657741d2470e9869' and source.cloud.type = 'AWS' and source.tag = 'env=staging' and dest.resource.type = 'Instance' and dest.vpc.id = 'vpc-0a8818db3474831ef' and dest.cloud.type = 'AWS' and dest.tag = 'env=prod' +---- + +|Find all AWS EC2 instances that are accessible from any untrusted Internet source where routing exists, however effective security policy is ‘Deny’. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and effective.action = 'Deny' +---- + +|Find if instance A in VPC-1 (staging environment) can communicate with a private S3 bucket using VPC endpoint that contains sensitive information. + +For E-W network analysis, specify at least one specific source and destination VPC. +|---- +config from network where source.resource.type = 'Instance' and source.vpc.id = 'vpc-0a8818db3474831ef' and source.tag = 'env=staging' and dest.resource.type = 'Service' and dest.service.name = 'com.amazonaws.vpce.us-east-1.vpce-svc-0ff33532fa2a4a999' and dest.vpc.id = 'vpc-0a8818db3474831ee' +---- + +To find out all supported service.name in your environment, use the following RQL: + +---- +config from cloud.resource where api.name = 'aws-describe-vpc-endpoints' AND json.rule = serviceName exists addcolumn serviceName +---- + + +|Find all Amazon ELB (load balancer) interfaces that are accessible on the Internet on port TCP/22. +|---- +config from network where source.network = INTERNET and dest.resource.type = 'Interface' and dest.network.interface.owner = 'amazon-elb' and protocol.ports = 'tcp/22' and effective.action = 'Allow' +---- + + +|Find all AWS EC2 Instances with unrestricted access (0.0.0.0/0) from the Internet other than the Web traffic. +|---- +config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' ) +---- + + +|Find all AWS EC2 Instances with network access from any IP in the range 20.0.0.0/24 other than the Web traffic. +|---- +config from network where source.network = '20.0.0.0/24' and address.match.criteria = 'partial_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' ) +---- + + +|=== +[cols="40%a,60%a"] +|=== +|AZURE USE CASES +|RQL + + +|Find Azure PostgreSQL (PaaS) instance reachable from untrust Internet source on TCP port 5432. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'PaaS' and dest.cloud.type = 'AZURE' and dest.paas.service.type in ( 'MicrosoftDBforPostgreSQLFlexibleServers', 'MicrosoftDBforPostgreSQLServers' ) and protocol.ports = 'tcp/5432' +---- + +|Find Azure VM instance in running state that is Internet reachable with unrestricted access (0.0.0.0/0) other than HTTP/HTTPS port. +|---- +config from network where source.network = '0.0.0.0/0' and address.match.criteria = 'full_match' and dest.resource.type = 'Instance' and dest.cloud.type = 'AZURE' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' ) and dest.resource.state = 'Active' +---- + +|Find Azure MySQL (PaaS) instance reachable from untrust internet source on TCP port 3306. +|---- +config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'PaaS' and dest.cloud.type = 'AZURE' and dest.paas.service.type in ( 'MicrosoftDBforMySQLFlexibleServers', 'MicrosoftDBforMySQLServers' ) and protocol.ports = 'tcp/3306' +---- + +|=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-attributes.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-attributes.adoc new file mode 100644 index 0000000000..be5dbd068b --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-attributes.adoc @@ -0,0 +1,211 @@ +== Network Flow Query Attributes + +//Learn about Network Query attributes in RQL using VPC flow log records. + +When you configure Prisma Cloud to retrieve information from VPC flow logs in your cloud deployments, you can use `network from vpc.flow_record where` query to view results on the metadata included in these logs. +//image::network-from-options-query-2.png[scale=40] + +Each attribute allows you to narrow your search criteria. As you use these attributes, the auto-suggestion capability shows the available expressions and xref:../rql-operators.adoc[operators] that are applicable for each attribute. + +* `cloud.account` ++ +Use the `cloud.account` attribute to search for network activity in one or more cloud accounts that you connected to Prisma Cloud. ++ +For example, you can view network activity in a cloud account with > 1MB traffic: ++ +`network from vpc.flow_record where cloud.account = 'Developer Sandbox' AND bytes > 1048576` + +* `cloud.region` ++ +Use the `cloud.region` attribute to search for network activity in your cloud regions. ++ +For example, you can view network activity in Developer sandbox account for AWS Oregon region: ++ +`network from vpc.flow_record where cloud.account = 'Developer Sandbox' AND cloud.region = 'AWS Oregon' AND bytes > 0` + +* `cloud.account.group` ++ +Use the `cloud.account.group` attribute to search for network activity within a group of cloud accounts that you have connected to the RedLock service. ++ +For example, you can view network activity across your AWS accounts that belong to the Oregon region where more than 100000 packets were transmitted: ++ +`network from vpc.flow_record where cloud.account.group = 'All my AWS accounts' AND cloud.region = 'AWS Oregon' AND packets > 100000 ` + +* `dest.ip, source.ip` ++ +Use the `dest.ip, source.ip` attribute to filter your network to view traffic from an originating or a receiving IP address. You can enter one or more IP addresses in a comma separated list or in the CIDR format. A single IP address—172.31.60.74A list of IP addresses—172.31.60.74, 10.0.0.5A single CIDR address— 172.31.60.0/24A list of CIDR addresses— 172.31.60.0/24, 13.233.0.0/16, 10.3.2.2/32 ++ +[NOTE] +==== +** You can provide a single IP address or a list of IP addresses from the public or RFC 1918 address space. The CIDR format is supported only for the RFC 1918 address space. You can include an IP address in a CIDR and non-CIDR format within the list of attributes. + +** The value 0.0.0.0 does not mean any IP address, it means any public IP address. + + +==== ++ +For example, you can view network traffic to a public IP address to which more than 1000000 bytes were transmitted: ++ +`network from vpc.flow_record where dest.ip = 0.0.0.0 AND bytes > 1000000`or traffic originating from a specific IP subnet:`network from vpc.flow_record where source.ip IN (10.2.1.0/24,10.3.1.0/24) AND bytes > 10000`For example, you can view SSH traffic from any public IP address on the internet: ++ +`network from vpc.flow_record where source.ip = 0.0.0.0 and dest.port = 22` + +* `dest.port` ++ +Use the `dest.port` attribute to filter your network activity to view traffic from a destination port. ++ +For example, you can view network traffic for any public IP address where the destination port is 27017: ++ +`network from vpc.flow_record where dest.port = 27017 AND source.ip = 0.0.0.0` + +* `dest.outboundpeers, source.outboundpeers` ++ +Use the `dest.outboundpeers` and `source.outboundpeers` attributes for a count of distinct IP addresses to which this asset establishes a connection. These network attributes enable you to aggregate connection counts for both ingress and egress traffic to help detect account compromise or identify hosts that are establishing multiple SSH connections from one or more external IP addresses. + +* `dest.outboundports, source.outboundports` ++ +Use the `dest.outboundports` and `source.outboundports` attributes for a count of distinct destination ports to which this asset establishes a connection. These network attributes enable you to aggregate connection counts for both ingress and egress traffic. For example, you can detect an attempt to perform a port scan or port sweep, or detect an attempt to set up a number of egress connections on the crypto ports. + +* `dest.publicnetwork, source.publicnetwork` ++ +Use the `Source.publicnetwork` and `dest.publicnetwork` attributes to query for traffic from and to predefined networks. For example, `Internet IPs` represent all public IPs, `Suspicious IPs` represent all suspicious IPs. ++ +[NOTE] +==== +You can also define your own network with a set of IP addresses/CIDRs to see traffic from/to your internal public [non-RFC1918] networks and use them in network RQL query. If you belong to the System Admin permission group, you can set up xref:../../administration/trusted-ip-addresses-on-prisma-cloud.adoc[trusted IP addresses] in *Settings > Trusted IP Addresses*. +==== ++ +For example, you can view traffic on the destination port 3389 and that are classified as internet IPs or suspicious IPs: ++ +`network from vpc.flow_record where dest.port IN (3389) and dest.publicnetwork IN ('Internet IPs' , 'Suspicious IPs' ) and bytes > 0` + +* `dest.resource, source.resource` ++ +Use the `dest.resource, source.resource` attributes to search and filter the network by a destination or a source resource for finding host-based issues, roles, security groups, tags, and virtual networks. ++ +`dest.resource IN or source.resource IN; `displays more options: +//+ +//image::dest-resource-in-resource-query-example-1.png[scale=40] + +* `finding.severity, finding.type, finding.source` ++ +Use finding attributes to query for vulnerabilities on destination or source resources that have one or more host-related security findings. Prisma Cloud ingests host vulnerability data from Prisma Cloud Defenders deployed on your cloud environments, and external sources such as Qualys, Tenable.io, AWS Inspector, and host and IAM-security related alerts from Amazon GuardDuty. ++ +[NOTE] +==== +To leverage `finding` attributes, you must either enable the integration with the host vulnerability providers or deploy Prisma Cloud Defenders on hosts and containers. +==== ++ +For example, you can list events from AWS Guard duty on destination resource which have severity as critical: ++ +`network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'AWS GuardDuty Host' AND finding.severity = 'critical' ) AND bytes > 0`For example, you can list host vulnerability events on the destination resource: ++ +`network from vpc.flow_record where dest.resource IN ( resource where finding.type IN ('Host Vulnerability' ) ) and bytes > 0` + +* `securitygroup.name` Use the `securitygroup.name` attribute to filter the network traffic by security group name. ++ +For example, you can view the network traffic which is hitting the security groups with names AWS-OpsWorks-Java-App-Server and AWS-OpsWorks-Blank-Server: ++ +`network from vpc.flow_record where source.ip = 0.0.0.0 and dest.resource IN ( resource where securitygroup.name IN ( 'AWS-OpsWorks-Java-App-Server' , 'AWS-OpsWorks-Blank-Server' ))` + +* `virtualnetwork.name` ++ +Use the `virtualnetwork.name` attribute to filter the network traffic by virtual network names. ++ +For example, you can view the network traffic which is hitting the virtual network ICHS_FLORENCE: ++ +`network from vpc.flow_record where dest.resource IN ( resource where virtualnetwork.name IN ( 'ICHS_FLORENCE' ))` + +* `dest.state, source.state` ++ +Use `dest.state` or `source.state` attributes to view traffic originating from or destined to a specific state within a country. ++ +For example, you can view network traffic to Karnataka in India: ++ +`network from vpc.flow_record where cloud.account = 'Developer Sandbox' AND dest.country = 'India' AND dest.state = 'Karnataka'`For example, you can view network traffic from Karnataka in India: ++ +`network from vpc.flow_record where cloud.account = 'Developer Sandbox' AND source.country = 'India' AND source.state = 'Karnataka' ` + +* `dest.country, source.country` ++ +Use the `dest.country, source.country` attributes to filter your network to view traffic from the country of its origin or the country where the traffic is received. ++ +For example, you can view network activity where the destination of the traffic is in China and Russia: ++ +`network from vpc.flow_record where dest.country IN ( 'China' , 'Russia' ) and bytes > 0`To view network activity where the source of the traffic is in China: ++ +`network from vpc.flow_record where source.country = 'China' AND bytes > 0` + +* `bytes` ++ +Use the `bytes` attribute to search for network related information by the aggregate byte volume while the transmission lasts. ++ +For example, you can search for network traffic by internet IPs, suspicious IPs and bytes: ++ +`network from vpc.flow_record where source.publicnetwork IN ( 'Internet IPs' , 'Suspicious IPs' ) and bytes > 0` + +* `response.bytes` ++ +Use the `response.bytes` attribute to search for network related information by the aggregate response byte volume. ++ +For example, you can search for network traffic with response bytes more than 100,000: ++ +`network from vpc.flow_record where response.bytes > 100000 AND cloud.account = 'Sandbox Account' ` + +* `accepted.bytes` ++ +Use the `accepted.bytes` attribute to search for the network related information by the aggregate accepted byte volume. ++ +For example, you can search for network traffic with accepted bytes more than 100,000: ++ +`network from vpc.flow_record where accepted.bytes > 100000 AND cloud.account = 'Sandbox Account' ` + +* `packets` ++ +Use the `packets` attribute to search for network related information by the aggregate packet volume while the transmission lasts. ++ +For example, you can identify traffic from internal workloads to internet IPs on ports 8545,30303 that are known to mine Ethereum: ++ +`network from vpc.flow_record where dest.port IN (8545,30303) and dest.publicnetwork IN ('Internet IPs' , 'Suspicious IPs' ) and packets> 0` + +* `protocol` ++ +Use the `protocol` attribute to search for network-related information in relation to network protocols. ++ +For example, you can search for network information by TCP protocol and where the destination port is 21: ++ +`network from vpc.flow_record where src.ip=0.0.0.0 AND protocol='TCP' AND dest.port IN (21)` + +* `role` ++ +Use the `role` attribute to filter the network traffic by roles. ++ +For example, you can view all network traffic in RedLock account where the destination resource role is not AWS NAT Gateway and AWS ELB: ++ +`network from vpc.flow_record where cloud.account = 'RedLock' AND source.ip = 0.0.0.0 AND dest.resource IN ( resource where role NOT IN ( 'AWS NAT Gateway' , 'AWS ELB' ))`For example, you can view traffic originating from suspicious IPs and internet IPS which are hitting the resource roles AWS RDS and Database: ++ +`network from vpc.flow_record where source.publicnetwork IN ( 'Suspicious IPs' , 'Internet IPs' ) and dest.resource IN ( resource where role IN ( 'AWS RDS' , 'Database' ))` + +* `tag` ++ +Use `tag` attribute to filter the network traffic by tags. ++ +For example, you can view network traffic which is hitting the resources that are tagged as NISP: ++ +`network from vpc.flow_record where dest.resource IN ( resource where tag ('name') = 'NISP')` + +* `threat.source` ++ +Use the `threat.source` attribute to filter for the supported threat intelligence feeds—AutoFocus or Opensource—sources. The operators supported include `!=` , `=` , `IN (` , `NOT IN (` . ++ +For example, `network from vpc.flow_record where bytes > 10000 AND threat.source IN ('AutoFocus')` + +* `threat.tag.group` Use the `threat.tag.group` , when the `threat.source` is AutoFocus, to query for specific https://docs.paloaltonetworks.com/autofocus/autofocus-admin/autofocus-tags/tag-concepts/tag-group[tag groups]. Tag groups are genres of malware families as categorized by the https://unit42.paloaltonetworks.com/[Unit 42 threat research team]. ++ +For example, `network from vpc.flow_record where bytes > 100 AND threat.source = 'AutoFocus' AND threat.tag.group IN ( 'BankingTrojan', 'LinuxMalware', 'Worm', 'Downloader', 'HackingTool', 'PotentiallyUnwantedProgram', 'InfoStealer', 'Ransomware', 'InternetofThingsMalware', 'ATMMalware')` + +* `traffic.type IN ` ++ +Use `traffic.type IN ` attribute to view how entities within your cloud environment have accepted and rejected traffic. ++ +For example, using the values for the traffic.type IN, in the parenthesis enables you to find traffic from Suspicious IPs or Internet IPs. `network from vpc.flow_record where src.publicnetwork IN ('Suspicious IPs','Internet IPs') AND dest.resource IN (resource WHERE virtualnetwork.name IN ( 'vpc-323cda49' )) AND dest.ip IN (172.31.12.172 ) AND traffic.type IN ('REJECTED')` \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-examples.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-examples.adoc new file mode 100644 index 0000000000..7a49626e93 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-examples.adoc @@ -0,0 +1,64 @@ +== Network Flow Query Examples + +//Some examples for Network Flow Log Queries. + +The following examples show you how to use xref:network-flow-query-attributes.adoc[Network Flow Query Attributes] in RQL for investigating network flow issues. + +[cols="44%a,56%a"] +|=== +|USE CASE +|RQL + + +|View traffic originating from the Internet & suspicious IPs to resource with Database role. +|---- +network from vpc.flow_record where source.publicnetwork IN ( 'Suspicious IPs' , 'Internet IPs' ) and dest.resource IN ( resource where role IN ( 'AWS RDS' , 'Database' ) ) +---- + + +|Find instances that are accessible over the Internet using insecure ports. +|---- +network from vpc.flow_record where source.publicnetwork IN ( 'Internet IPs' ) and protocol = 'TCP' AND dest.port IN ( 21,23,80) +---- + + +|Find hosts with Meltdown and Spectre vulnerabilities receiving network traffic. +|---- +network from vpc.flow_record where dest.resource IN ( resource where finding.type IN ( 'Host Vulnerability' ) AND finding.name IN ( 'CVE-2017-5754', 'CVE-2017-5753', 'CVE-2017-5715' ) ) and bytes > 0 +---- + + +|Check for traffic categorized as malware of type DDoS, HackingTool, or Worm, originating from the Internet & suspicious IPs that are destined to your cloud assets that are not directly accessible over the Internet. +|---- +network from vpc.flow_record where src.publicnetwork IN ('Suspicious IPs','Internet IPs') AND dest.resource IN ( resource where role not in ( 'AWS NAT Gateway' , 'AWS ELB' ) ) and protocol not in ( 'ICMP' , 'ICMP6' ) AND threat.source = 'AF' AND threat.tag.group IN ( 'DDoS', 'HackingTool', 'Worm' ) +---- + + +|Look for traffic from Internet to any instance outside of Web servers, NAT Gateways or ELBs. +|---- +network from vpc.flow_record where src.publicnetwork IN ('Suspicious IPs','Internet IPs') AND dest.resource IN ( resource where role not in ( 'AWS NAT Gateway' , 'AWS ELB' ) ) and protocol not in ( 'ICMP' , 'ICMP6' ) +---- + + +|Look for source entities which are AWS ELBs with connections to more than 10 unique peer IP addresses, but those peer IPs are not endpoints that function as Databases. +|---- +network from vpc.flow_record where src.resource IN (RESOURCE WHERE role = ('AWS ELB') AND source.outboundpeers > 10) AND dest.resource IN (RESOURCE WHERE role != ('Database')) +---- + + +|Identify any instances with a private IP address (specified in the CIDR format) that are sending traffic to the Internet. +|---- +network from vpc.flow_record where cloud.account=account_name AND source.ip IN(172.31.0.0/12,10.0.0.0/8) AND dest.publicnetwork IN 'Internet IPs' AND bytes > 0 +---- +[NOTE] +==== +Public IP addresses in the CIDR format cannot be set as a source or destination IP address, or a comma seperated value list. +==== + + +|View whether a list of specified IP addresses are sending traffic to the Internet. +|---- +network from vpc.flow_record where cloud.account=account_name AND source.ip IN(52.31.0.0,10.0.8.0) AND dest.publicnetwork IN 'Internet IPs' AND bytes > 0 +---- + +|=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-conditions.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-conditions.adoc new file mode 100644 index 0000000000..d244f29cf9 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-conditions.adoc @@ -0,0 +1,81 @@ +[#iddf81c4c2-eb03-46e9-9f70-8065ba08c4f7] +== Permissions Query Conditions + +Get more granular search results in your permissions queries, by applying conditions to the `config from iam where` query in your RQL search. Use conditions to minimize the exposure of a resource based policy by making it available only to an organization or specific account, or use it to minimize the access to a machine (EC2 instances or Lambda functions); for example, if a machine has publicly available permissions, you can add a condition to enable actions only to a specific IP address. + +xref:permissions-query-attributes.adoc[Permissions Query Attributes] also includes the `grantedby.cloud.condition` attribute that assists with permissions queries where the policy statement may or may not contain conditions. For instance, the example below filters all results with the source IP address: + +`config from iam where grantedby.cloud.policy.condition('aws:sourceIP') does not exist` + +Several additional operators are also supported to give you more flexibility on how filters are applied. The examples below show how they can be used with the `config from iam where` query to apply conditions. + +[cols="40%a,40%a,19%a"] +|=== +|Description +|RQL +|Operator + + +|Show results where a specific condition exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') exists` +|exists + + +|Show results where a specific condition doesn’t exist. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') does not exist` +|does not exist + + +|Show results where a specific condition and operator exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') exists` +|exists + + +|Show results where a specific condition and operator doesn’t exist. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') does not exist` +|does not exist + + +|Show results where a specific condition with a specific value exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') = '1.1.1.1'` +|= + + +|Show results where a specific condition with a different value exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') != '1.1.1.1'` +|!= + + +|Show results where a specific condition and operator with a specific value exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') = '1.1.1.1'` +|= + + +|Show results where a specific condition and operator with a different value exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') != '1.1.1.1'` +|!= + + +|Show results where a specific condition and operator with one or more different values does not exist. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') NOT IN ('1.1.1.1', '2.2.2.2')` +|NOT IN + + +|Show results where a specific condition and operator with one or more different values exists. +|`config from iam where grantedby.cloud.policy.condition('aws:sourceIP', 'IpAddress') NOT IN ('1.1.1.1', '2.2.2.2')` +|NOT IN + + +|Show results where a specific condition with one or more values exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') IN ('1.1.1.1')` +|IN + + +|Show results where a specific condition and operator with one or more values exists. +|`config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') IN ('1.1.1.1')` +|IN + +|=== + + + diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-examples.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-examples.adoc new file mode 100644 index 0000000000..939ffc1950 --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-examples.adoc @@ -0,0 +1,526 @@ +[#id5c31e0cc-2e9f-476d-8a6d-20162d369ca1] +== RQL Examples Library + +Use the RQL examples in this section to learn how to monitor and detect issues in your cloud resources. + +* xref:#id0b390e7c-8e64-419e-a3cb-2bc599c5be77[AWS Examples] + +* xref:#id14248e30-5e94-4f3a-ae66-6a651451e641[Azure Examples] + +* xref:#id9657231e-df24-470d-a880-2205832fe9ea[GCP Examples] + +* xref:#idbd7cb09d-6818-4b3b-9858-93f9a895e63c[Common Useful Query Examples] + + +[#id0b390e7c-8e64-419e-a3cb-2bc599c5be77] +=== AWS Examples +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL + + +|List EC2 instances with a public IP address. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' and json.rule = publicIpAddress exists +---- +---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = publicIpAddress exists and publicIpAddress is not empty +---- + + +|List EC2 instances that are attached to a Security Group named ‘allow-all’. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = 'securityGroups contains allow-all' +---- + + +|List all EC2 instances that have a publicly accessible hostname. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' and json.rule = 'publicDnsName exists' +---- + + +|List all EC2 instances that have a public IP address and allows any IP address to connect to it. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = '$.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0' +---- + + +|List all EC2 instances that associated with a specific security group. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = securityGroups[*].groupId contains "sg-c57910b7" +---- + + +|List all EC2 instances that have a public IP address and are publicly accessible (The IP range is not restricted to a set of specific IP addresses). +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; filter '$.X.publicIpAddress exists and not $.X.publicIpAddress is empty and $.X.securityGroups[*].groupName == $.Y.groupName and $.Y.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 and $.Y.ipPermissions[*].ipProtocol == -1'; show X; +---- + + +|List all EC2 instances that are not in a specified destination security group and have traffic flowing from a resource that does not have a specified tag. (uses the NOT IN operator for negation) +|---- +network from vpc.flow_record where accepted.bytes > 10000 AND dest.resource NOT IN ( resource where securitygroup.name = '2nd_hong_kong_sg' ) AND source.resource NOT IN ( resource where tag ( ANY ) IN ( 'HelloWorld' ) ) +---- + + +|Find EC2 instances where launch time is more than 30 days. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = '_DateTime.ageInDays($.launchTime) > 30' +---- + + +|Find all EBS volumes that do not have a Data Classification tag. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key != DataClassification +---- + + +|Find all RDS snapshots that are shared with cloud accounts that Prisma Cloud is not monitoring. +|---- +config from cloud.resource where api.name = 'aws-rds-describe-db-snapshots' AND json.rule = "$.attributes[?(@.attributeName=='restore')].attributeValues[*] size != 0 and _AWSCloudAccount.isRedLockMonitored($.attributes[?(@.attributeName=='restore')].attributeValues) is false" +---- + + +|Find all Security Groups that opens port 22 to the internet (and are attached to an EC2 instance). +|---- +config from cloud.resource where api.name='aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Y;filter '$.X.ipPermissions[*].toPort == 22 and $.X.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 and $.Y.securityGroups[*].groupId == $.X.groupId' ;show X; +---- + + +|List RDS instances with a public IP address. +|---- +config from cloud.resource where api.name = 'aws-rds-describe-db-instances' and json.rule = publiclyAccessible is true +---- + + +|List workloads with null value in tags. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' and json.rule='$.tags[*] size == 1 and $.tags[*].key contains Name' +---- + + +|List Security Groups with egress 0.0.0.0/0 and with no port limitations. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = " $.ipPermissionsEgress[*].ipRanges[*] contains 0.0.0.0/0 and $.ipPermissions[*].toPort !exists" +---- + + +|List Security Groups with egress 0.0.0.0/0 with fromPort =9009 and no toPort. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = " $.ipPermissionsEgress[*].ipRanges[*] contains 0.0.0.0/0 and $.ipPermissions[?(@.fromPort==9009)].toPort !exists" +---- + + +|Identify Security Groups with 0.0.0.0/0 configured where toPort is NOT 443. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = "$.ipPermissions[*].ipRanges[*] size > 0 and $.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 and (not $.ipPermissions[?(@.toPort==443)].ipRanges[*] contains 0.0.0.0/0)" +---- + + +|List non-encrypted sda1 and xvda volumes. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-volumes' AND json.rule = ' encrypted is false and attachments[*].device does not contain sda1' +---- + +---- +config from cloud.resource where api.name = 'aws-ec2-describe-volumes' AND json.rule = ' encrypted is false and attachments[*].device does not contain xvda' +---- + +---- +config from cloud.resource where api.name = 'aws-ec2-describe-volumes' AND json.rule = ' encrypted is false and attachments[*].device does not contain sda1 and attachments[*].device does not contain xvda' +---- + + +|Identify VPC's with Internet Gateway attached. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-internet-gateways' as X; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Y; filter '$.X.attachments[*].vpcId == $.Y.vpcId and $.Y.tags[*].key contains IsConnected and $.Y.tags[*].value contains true'; show Y; +---- + + +|Find traffic from public IP addresses and in CIDR 169.254.0.0/16, and exclude ICMP and ICMP6 traffic. +|---- +network from vpc.flow_record where src.publicnetwork IN ('Suspicious IPs','Internet IPs') AND source.ip IN 169.254.0.0/16 and bytes > 0 and protocol NOT IN ( 'ICMP' , 'ICMP6' ) +---- + + +|Find workloads with vulnerability 'CVE-2015-5600'. +|---- +network from vpc.flow_record where dest.resource IN ( resource where finding.type IN ( 'Host Vulnerability' ) AND finding.name = 'CVE-2015-5600' ) and bytes > 0 +---- + + +|Find membership status of items, such as Redshift nodes that are tagged as members of the stage or production environments. +|---- +config from cloud.resource where api.name = 'aws-redshift-describe-clusters' AND json.rule = clusterNodes[*].nodeRole is member of ("stage","prod") +---- + + +|Find EC2 security groups with IP permissions that allow access to ports other than 443 and 80. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].toPort is not member of (443,80) +---- + + +|Find "real users" logging in from an IP address to perform root activities; these are not activities performed by automation tasks. +|---- +event from cloud.audit_logs where user = 'root' and IP EXISTS +---- + + +|Find instances that are in subnets that have public IPs auto-assigned. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-subnets' as Y; filter '$.X.subnetId == $.Y.subnetId and $.Y.mapPublicIpOnLaunch is true'; show X; +---- + + +|Check for bucket exposed publicly that does not have a "Data Classification" tag with a value of "Public". +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="($.acl.grants[?(@.grantee=='AllUsers')] size > 0) and websiteConfiguration does not exist and tagSets.DataClassification != Public" +---- + + +|Verify that all S3 buckets have a "Data Classification" tag with a valid value. +|Custom query to find buckets with no Data Classification tag: + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule= tagSets.DataClassification !exists +---- + +Custom query to find buckets with invalid Data Classification tag(s) + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule= tagSets.DataClassification exists and tagSets.DataClassification != Public and tagSets.DataClassification != Private +---- + + +|Alert on S3 buckets open to AllUsers except for ones with a tagSet of: Data Security: Public or Data Security: blank. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="($.acl.grants[?(@.grantee=='AllUsers')] size > 0) and websiteConfiguration does not exist and (['tagSets'].['Data Security'] does not exist or ['tagSets'].['Data Security'] does not contain Public)" +---- + + +|Identify S3 bucket policies that enable write access to a principal who does not belong to an account in your organization. + +This query helps you find all S3 buckets that allow write action (s3:put) where the Principal Org ID is anything except what you specify in the query. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-s3api-get-bucket-acl' AND json.rule = "policy.Statement[*].Condition.StringEquals.aws:PrincipalOrgID does not equal \"o-e9mdyuma56\" and (policy.Statement[?(@.Principal=='*' && @.Effect=='Allow')].Action contains s3:* or policy.Statement[?(@.Principal=='*' && @.Effect=='Allow')].Action contains s3:Put)" +---- + + +|Alert on all Amazon ELB's (Elastic Load Balancing) that have an expiring certificate. +|Custom query for ELBs with certificates that'll expire in less than 90 days: + +---- +config from cloud.resource where api.name = 'aws-acm-describe-certificate' as X;config from cloud.resource where api.name = 'aws-elb-describe-load-balancers' as Y;filter '_DateTime.ageInDays($.X.notAfter) > -90 and $.Y.listenerDescriptions contains $.X.certificateArn' ; show Y; +---- + +Custom query for ELBs with certificates that'll expire in less than 90 days, and with instances attached to ELB: + +---- +config from cloud.resource where api.name = 'aws-acm-describe-certificate' as X;config from cloud.resource where api.name = 'aws-elb-describe-load-balancers' as Y;filter '_DateTime.ageInDays($.X.notAfter) > -90 and $.Y.listenerDescriptions contains $.X.certificateArn and $.Y.instances exists' ; show Y; +---- + + +|Query that looks for SG with 0.0.0.0/0 access and is connected to the running instance. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; filter '$.X.state.name equals running and $.X.securityGroups[*].groupId contains $.Y.groupId and ($.Y.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 or $.Y.ipPermissions[*].ipv6Ranges[*].cidrIpv6 contains ::/0)' ; show X; +---- + + +|List any AWS instances with GuardDuty or Inspector Vulnerabilities. +|---- +config from cloud.resource where finding.type IN ( 'AWS Inspector Runtime Behavior Analysis', 'AWS Inspector Security Best Practices', 'AWS GuardDuty Host' ) +---- + + +|Find someone accessing a specific cloud account, who has assuming a specific role that includes a specific email address. +|The account in this example is encsharedtest, the role is AdminSSO and the User email is abc@xyz.com: + +---- +event from cloud.audit_logs where cloud.account = 'encsharedtest' AND json.rule = $.userIdentity.arn = 'arn:aws:sts::786215072930:assumed-role/AdminSSO/abc@xyz.com' +---- + + +|Count of the images owned by the AWS account +|---- +config from cloud.resource where cloud.account = '' AND api.name = 'aws-ec2-describe-images' AND json.rule = image.ownerId equals "" +---- + + +[TIP] +==== +Add ` AND cloud.region = ''` to list a count of images owned per region +==== + + + +|Count of private or shared images for each region within an AWS account +|---- +config from cloud.resource where cloud.account = '' AND api.name = 'aws-ec2-describe-images' AND cloud.region = '' AND json.rule = image.shared is true +---- + + +[TIP] +==== +Add or replace with `json.rule=image.public is false` to include private images +==== + + +|=== + + + +[#id14248e30-5e94-4f3a-ae66-6a651451e641] +=== Azure Examples +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL + + +|Azure workloads with no tags. +|---- +config from cloud.resource where api.name = 'azure-vm-list' and json.rule='$.tags[*] size == 1 and $.tags[*].key contains Name' +---- + + +|Azure SQL DB's with Transparent Data Encryption disabled. +|---- +config from cloud.resource where api.name = 'azure-sql-db-list' and json.rule = transparentDataEncryption is false +---- + + +|Azure SQL instances that allow any IP address to connect to it. +|---- +config from cloud.resource where cloud.service = 'Azure SQL' AND api.name = 'azure-sql-server-list' AND json.rule = firewallRules[*] contains "0.0.0.0" +---- + + +|Display Azure storage accounts that do not require HTTPS for access. +|---- +config from cloud.resource where cloud.account = 'Azure-RedLock-public-demo' AND api.name = 'azure-storage-account-list' AND json.rule = ['properties.supportsHttpsTrafficOnly'] is false +---- + + +|Display Azure VM's with Linux OS type in storage profile. +|---- +config from cloud.resource where cloud.account = 'Azure-RedLock-public-demo' AND api.name = 'azure-vm-list' AND json.rule = ['properties.storageProfile'].osDisk.osType contains "Linux" +---- + + +|List Azure Network Watchers (can be used for Azure flow log checks). +|---- +config from cloud.resource where cloud.service = 'Azure Network Watcher' AND api.name = 'azure-network-watcher-list' addcolumn provisioningState +---- + + +|List Azure NSGs (can be used for Azure flow log checks). +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nsg-list' addcolumn provisioningState +---- + + +|List Azure Storage accounts (can be used for Azure flow log checks). +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-storage-account-list' addcolumn location +---- + + +|Show NSGs. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nsg-list' addcolumn location name provisioningState securityRules[*] +---- + + +|Instances/VMs Public IP check on Azure. +|---- +config from cloud.resource where api.name = 'azure-vm-list' AND json.rule = ['properties.networkProfile'].networkInterfaces[*] contains publicIpAddress and ['properties.networkProfile'].networkInterfaces[*].publicIpAddress none empty +---- + + +|Find all VMs within a specific cloud account that are not running. +|This query will include instances that are deallocated, stopped starting, or unknown: + +---- +config from cloud.resource where cloud.account = 'Azure-RedLock-public-demo' AND api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running" +---- + + +|Find Azure NSGs that allow inbound traffic. +|---- +config from cloud.resource where api.name= 'azure-network-nsg-list' AND json.rule="securityRules[?(@.sourceAddressPrefix=='*' && @.access=='Allow')].direction contains Inbound" +---- + + +|Find SQL databases deployed on Azure that are not in the East-US location. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-sql-db-list' AND json.rule = sqlDatabase is not member of ("East US") +---- + +|=== + + + +[#id9657231e-df24-470d-a880-2205832fe9ea] +=== GCP Examples +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL + + +|GCP workloads with no tags. +|---- +config from cloud.resource where api.name = 'gcloud-compute-instances-list' and json.rule='$.tags[*] size == 1 and $.tags[*].key contains Name' +---- + + +|GCP terminated compute instances. +|---- +config from cloud.resource where api.name = 'gcloud-compute-instances-list' and json.rule = status contains TERMINATED +---- + + +|List all VM (Google compute engine) instances that have a public IP address. +|---- +config from cloud.resource where api.name = 'gcloud-compute-instances-list' AND json.rule = networkInterfaces[*].accessConfigs[*].natIP size greater than 0 and networkInterfaces[*].accessConfigs[*].natIP none empty +---- + + +|Tag-based filtering—Find resources that are tagged with a specific value within a specific cloud service API (within a cloud platform). +|---- +config from cloud.resource where api.name = 'gcloud-compute-instances-list' AND json.rule = tags.items[*] contains "production" +---- + + +|Tag-based filtering— Find resources that are tagged with specific tags across all your cloud platforms that are monitored by Prisma Cloud. +|---- +config from cloud.resource where tag ( 'items' ) IN ( 'flowlogsautomation', 'dataflow' ) +---- + +| Query for all instances (Google compute engine) Network IP address +|---- +config from cloud.resource where cloud.type = 'gcp' AND cloud.service = 'Google Compute Engine' AND api.name = 'gcloud-compute-instances-list' AND json.rule = networkInterfaces[*].networkIP exists addcolumn $.networkInterfaces[0].networkIP +---- + +|=== + + + +[#idbd7cb09d-6818-4b3b-9858-93f9a895e63c] +=== Common Useful Query Examples +You can use the following queries as a good starting point or when you are looking for complex RQL examples. + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL + + +|List all network traffic from the Internet or from Suspicious IPs with over 100Kb data transferred to a network interface (on any cloud environment). +|---- +network from vpc.flow_record where source.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 100000 +---- + + +|All network traffic that is greater than 1GB and destined to Internet or Suspicious IPs (allows you to identify data exfiltration attempt on any cloud environment). +|---- +network from vpc.flow_record where dest.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000 +---- + + +|All network traffic from Suspicious IPs to instances that have Host Vulnerabilities. +|---- +network from vpc.flow_record where source.publicnetwork = 'Suspicious IPs' AND dest.resource IN ( resource where finding.type IN ( 'AWS GuardDuty Host', 'AWS Inspector Runtime Behavior Analysis', 'AWS Inspector Security Best Practices', 'Host Vulnerability' )) AND bytes > 0 +---- + + +|List VPCs that do not have Flow Logs enabled. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as X; config from cloud.resource where api.name = 'aws-ec2-describe-flow-logs' as Y; filter ' not ($.Y.resourceId equals $.X.vpcId)'; show X; +---- + + +|List all instances that have a Public IP assigned, and are associated to an NSG that is open to the public. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; filter '($.X.publicIpAddress exists and $.X.publicIpAddress is not empty) and ($.X.securityGroups[*].groupName == $.Y.groupName) and ($.Y.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 or $.Y.ipPermissions[*].ipv6Ranges[*].cidrIpv6 contains ::/0)'; show X; +---- + + +|List all security groups that are open to the public on port 3389 that are on a VPC that contains an IGW. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-internet-gateways' as Y; filter '$.Y.attachments[*].vpcId contains $.X.vpcId and ($.X.ipPermissions[?(@.toPort==3389\|\|@.fromPort==3389)].ipv6Ranges[*].cidrIpv6 contains ::/0 or $.X.ipPermissions[?(@.toPort>3389&@.fromPort<3389)].ipRanges[*] contains 0.0.0.0/0 or $.X.ipPermissions[?(@.toPort>3389&&@.fromPort<3389)].ipv6Ranges[*].cidrIpv6 contains ::/0 or $.X.ipPermissions[?(@.toPort>3389&@.fromPort<3389)].ipRanges[*] contains 0.0.0.0/0)'; show X; +---- + + +|List all security groups that are open to the public on port 22 that are on a VPC that contains an IGW with an EC2 instance attached. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-internet-gateways' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Z; filter '$.Z.securityGroups[*].groupId contains $.X.groupId and $.Y.attachments[*].vpcId contains $.X.vpcId and ($.X.ipPermissions[?(@.toPort==22\|\|@.fromPort==22)].ipv6Ranges[*].cidrIpv6 contains ::/0 or $.X.ipPermissions[?(@.toPort==22\|\|@.fromPort==22)].ipRanges[*] contains 0.0.0.0/0 or $.X.ipPermissions[?(@.toPort>22&&@.fromPort<22)].ipv6Ranges[*].cidrIpv6 contains ::/0 or $.X.ipPermissions[?(@.toPort>22&&@.fromPort<22)].ipRanges[*] contains 0.0.0.0/0)'; show X; +---- + + +|List all security groups that are open to the public, unless they are Tagged as a Mailserver and are open on ports 25, 110, or 443. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ((ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 or ipPermissions[*].ipv6Ranges[*].cidrIpv6 contains ::/0) and ( not (tags[?(@.key=='TYPE')].value contains MAILSERVER AND (((ipPermissions[?(@.toPort>25&&@.fromPort<25)].ipRanges[*] contains 0.0.0.0/0) or (ipPermissions[?(@.toPort==25\|\|@.fromPort==25)].ipRanges[*] contains 0.0.0.0/0)) or ((ipPermissions[?(@.toPort>25&&@.fromPort<25)].ipv6Ranges[*].cidrIpv6 contains ::/0) or (ipPermissions[?(@.toPort==25\|\|@.fromPort==25)].ipv6Ranges[*].cidrIpv6 contains ::/0)) or ((ipPermissions[?(@.toPort>443&&@.fromPort<443)].ipRanges[*] contains 0.0.0.0/0) or (ipPermissions[?(@.toPort==443\|\|@.fromPort==443)].ipRanges[*] contains 0.0.0.0/0)) or ((ipPermissions[?(@.toPort>443&&@.fromPort<443)].ipv6Ranges[*].cidrIpv6 contains ::/0) or (ipPermissions[?(@.toPort==443\|\|@.fromPort==443)].ipv6Ranges[*].cidrIpv6 contains ::/0)) or ((ipPermissions[?(@.toPort>110&&@.fromPort<110)].ipRanges[*] contains 0.0.0.0/0) or (ipPermissions[?(@.toPort==110\|\|@.fromPort==110)].ipRanges[*] contains 0.0.0.0/0)) or ((ipPermissions[?(@.toPort>110&&@.fromPort<110)].ipv6Ranges[*].cidrIpv6 contains ::/0) or (ipPermissions[?(@.toPort==110\|\|@.fromPort==110)].ipv6Ranges[*].cidrIpv6 contains ::/0)))))) +---- + + +|Detect AMI images older than 90 days. +|---- +config from cloud.resource where cloud.type = 'aws' AND cloud.service = 'EC2' AND api.name = 'aws-ec2-describe-images' AND json.rule = '_DateTime.ageInDays(image.creationDate) > 90' +---- + + +|Detect EC2 instances running AMIs older than 30 days. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-images' as Y; filter '$.X.imageId==$.Y.image.imageId and _DateTime.ageInDays($.Y.image.creationDate) > 30' ; show X; addcolumn launchTime state +---- + + +|Detect KMS keys with no key rotation. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-kms-get-key-rotation-status' AND json.rule = keyMetadata.keyState does not equal "PendingDeletion" and rotation_status.keyRotationEnabled is false +---- + + +|Detect CloudFormation Templates (CFTs) that created public Security Groups. +|---- +config from cloud.resource where api.name = 'aws-cloudformation-describe-stacks' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; filter "$.X.stackResources[*].physicalResourceId == $.Y.groupId and ($.Y.ipPermissions[*].ipv6Ranges[*].cidrIpv6 contains ::/0 or $.Y.ipPermissions[*].ipRanges[*] contains 0.0.0.0/0)"; show X; +---- + + +|Detect S3 buckets that are open to Internet but don't contain specific tag key/value pairs. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="($.acl.grants[?(@.grantee=='AllUsers')] size > 0) and websiteConfiguration does not exist and (['tagSets'].['Name'] does not exist or ['tagSets'].[‘Name'] does not contain Value)" +---- + + +|Detect security groups except for specific tag key/value pairs. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = "tags[?(@.key=='Name')].value does not contain public” +---- + + +|Find VPC Flow Logs of VPCs that have EC2 instances in it (to verify if there should be network flowlog or not). +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-flow-logs' as X; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Y; filter "$.X.resourceId==$.Y.vpcId"; show X; +---- + + +|Find EC2 instances that are not attached to security groups. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Y; filter ' not ($.Y.securityGroups[*].groupId contains $.X.groupId)'; show X; +---- + + +|Find ENIs that are not associated with security groups. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-network-interfaces' as Y; filter 'not($.Y.groups[*].groupId contains $.X.groupId or $.X.groupName == default) '; show X; +---- + +|=== + + + diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-faqs.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-faqs.adoc new file mode 100644 index 0000000000..9df90cc33a --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-faqs.adoc @@ -0,0 +1,149 @@ +[#idad685a69-e161-4474-a9ba-4172d58b7d8e] +== RQL FAQs +List of commonly asked questions when using RQL. + +The following are answers to frequently asked questions. + +* *What attributes can I use in the Y and Z clauses of an RQL query?* ++ +When structuring an RQL query also known as a clause, it is important to note that only the `api.name` and `json.rule` attribute can be used at the Y and Z clauses. All other attributes such as `cloud type, cloud service, resource status, cloud account, cloud account group, cloud region, azure resource group, tag, finding severity/source/type` can only be used at the X clause. For example: + +---- +config from cloud.resource where api.name = 'aws-lambda-list-functions' as X; config from cloud.resource where api.name = 'aws-iam-list-roles' as Y; config from cloud.resource where api.name = 'aws-iam-get-policy-version' AND json.rule = isAttached is true and document.Statement[?any(Effect equals Allow and (Action equals "*" or Action contains :* or Action[*] contains :*) and (Resource equals "*" or Resource[*] anyStartWith "*") and Condition does not exist)] exists as Z; filter '$.X.role equals $.Y.role.arn and $.Y.attachedPolicies[*].policyName equals $.Z.policyName'; show Z;config from cloud.resource where api.name = 'aws-lambda-list-functions' as X; config from cloud.resource where api.name = 'aws-iam-list-roles' as Y; config from cloud.resource where api.name = 'aws-iam-get-policy-version' AND json.rule = isAttached is true and document.Statement[?any(Effect equals Allow and (Action equals "*" or Action contains :* or Action[*] contains :*) and (Resource equals "*" or Resource[*] anyStartWith "*") and Condition does not exist)] exists as Z; filter '$.X.role equals $.Y.role.arn and $.Y.attachedPolicies[*].policyName equals $.Z.policyName'; show Z;] +---- + +* *How can I add columns to the Config query results that are returned?* ++ +Use the `addcolumn` function to dynamically display columns for the Config query results that are displayed on screen on the *Investigate* page. + +* *Is time range part of grammar?* ++ +Query time ranges are not part of grammar. Instead, the query time window is passed as a separate argument to the query APIs. The selection of what attributes or columns of a category are returned are not part of the RQL grammar. + +* *Is aggregating of query results supported?* ++ +Aggregating, limiting, or formatting of query results are not supported. + +* *Are cross joins supported?* ++ +Joins across Event, Network, and Config are not supported. Joins are supported across Config queries only, and you can include up to three joins. + +* *Why can't I see auto-complete suggestions when using functions?* ++ +Autocomplete suggestions are not supported for function parameters. Autocomplete suggestions are also not supported for some attributes. + +* *What is the correct way of grouping or breaking negated clauses within the json.rule?* ++ +Use De Morgan Laws when grouping or breaking negated clauses within the json.rule. ++ +For example, to separate the conditions, use `(not ($.x is true)) or (not ($.y is true))` instead of `(not ($.x is true and $.y is true))` ++ +Similarly, if you want to use separate clauses use `(not ($.x is true)) and (not ($.y is true))` instead of `(not ($.x is true or $.y is true))` . + +* *How do I use quotation marks in a JSON rule?* ++ +When you use the `json.rule` attribute, you can use specify the match conditions in the expression using single quotation marks, double quotation marks, or without any quotation marks. ++ +You can for example, say: ++ +json.rule = encrypted is true, or ++ +json.rule = ‘encrypted is true’, or ++ +json.rule = "encrypted is true" ++ +The query output is the same whether you enclose it in quotation marks or not, the main difference is that the expression is validated only when you build the query without quotation marks. ++ +If you use functions or are matching data within an array, you must use single or double quotation marks. And if you have used a single quote in an array condition, use a double quote to enclose the expression. For example, `json.rule = "ipAddress[?(@.x=='a')`.port"] . + +* *Do you have guidelines on wrapping parameters/ keys that contain a dot operator?* ++ +For parameters with *.* such as `['properties.level'`] , use square brackets to wrap the JSON data all the way to the root level. Child attributes that come after the parameter do not need to be wrapped in square brackets. + +* *How do we use the operator MATCHES in Event RQL?* ++ +Use the boolean operators `Matches` and `Does not Match` to match or not match field values against simple patterns (and do not use regular expressions). A pattern can include substrings and `*` to support wild characters. ++ +In the following example, the operation `matches 'c*login'` enables you to list all activities that match `clogin` , `cloudlogin` , or `consolelogin` : ++ +---- +event from cloud.audit_logs where cloud.type = 'aws' AND cloud.account = 'RedLock Sandbox' AND operation MATCHES 'c*login' +---- + +* *Which are some constructs that are used across config, network, and event queries?* ++ +** `bytes` or `packets` ++ +Use `bytes` to search for network related information by the aggregate byte or packet volume while the transmission lasts. For example, to search for network traffic generated by IP addresses that are coming from the public internet or from suspicious IP addresses: ++ +---- +network from vpc.flow_record where source.publicnetwork IN ( 'Internet IPs' , 'Suspicious IPs' ) and bytes > 0 +---- ++ +To identify traffic from internal workloads to public IP addresses on ports 8545,30303 that are known to mine Ethereum: ++ +---- +network from vpc.flow_record where dest.port IN (8545,30303) and dest.publicnetwork IN ('Internet IPs' , 'Suspicious IPs' ) and packets> 0 +---- + +** `operation` ++ +An `operation` is an action performed by users on resources in a cloud account. When you type the name of the operation that you are interested in, auto-suggest displays the options that match the search criteria. For example, to view all operations such as deletion of VPCs, VPC endpoints, and VPC peering connections: ++ +---- +event from cloud.audit_logs where operation in ( 'DeleteVpc' , 'DeleteVpcEndpoints' 'DeleteVpcPeeringConnection' ) +---- + +** `protocol` ++ +You can search for network traffic based on protocols. For example, to search for network traffic from any public IP address that uses the TCP protocol and where the destination port is 21: ++ +---- +network from vpc.flow_record where source.ip=0.0.0.0 AND protocol='TCP' AND dest.port IN (21) +---- + +** `role` ++ +Use `role` to filter the network traffic by resource roles. ++ +For example, to show all network traffic from any public IP address in a specific cloud account where the destination resource role is not AWS NAT Gateway and AWS ELB: ++ +---- +network from vpc.flow_record where cloud.account = 'Redlock' AND source.ip = 0.0.0.0 AND dest.resource IN ( resource where role NOT IN ( 'AWS NAT Gateway' , 'AWS ELB' )) +---- ++ +To view traffic originating from suspicious IPs and internet IPS which are hitting the resource roles AWS RDS and Database: ++ +---- +network from vpc.flow_record where source.publicnetwork IN ( 'Suspicious IPs' , 'Internet IPs' ) and dest.resource IN ( resource where role IN ( 'AWS RDS' , 'Database' )) +---- + +** `tag` ++ +Use `tag` to filter the network traffic with a specific tag. For example, to find all resources that are tagged as NISP to which you network traffic: ++ +---- +network from vpc.flow_record where dest.resource IN ( resource where tag ('name') = 'NISP') +---- + +** `user` ++ +To search for operations performed by specific users, use `user` . For example, to view all console login operations by Ben: ++ +---- +event from cloud.audit_logs where operation = 'ConsoleLogin' AND user = 'ben' +---- + +** `addcolumn` ++ +Use `addcolumn` to dynamically display columns for the Config queries results that are displayed on screen. ++ +To add columns for key name and image ID for EC2 instances, for example: ++ +---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' addcolumn keyName hypervisor imageId +---- + + + + diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-operators.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-operators.adoc new file mode 100644 index 0000000000..dcca725a2a --- /dev/null +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/rql-operators.adoc @@ -0,0 +1,935 @@ +[#id7077a2cd-ecf9-4e1e-8d08-e012d7c48041] +== RQL Operators + +A list of operators supported by the resource query language (RQL) that enables you to modify the results. + +An operator in RQL is one or more symbols or words that compare the value of a field on its left with one or more values on its right, such that only valid results are retrieved and displayed to you. You can use an RQL operator to find a specific term included as a value within an object or an array within a JSON structure. + +You can use the following operators and conditions to compare or validate results: + +* xref:#id26f56de7-623a-4850-808e-80c4476166d5[Operators Within JSON Arrays] +* xref:#idd0bd13f8-7505-4290-ad05-163362024aec[Config and Event Operators] +* xref:#id864e6358-0dae-48f6-bf3e-16d88f85a41b[Joins] +* xref:#idf1090750-00ce-4a0e-adb1-609033551ce5[Functions] + + +[#id26f56de7-623a-4850-808e-80c4476166d5] +=== Operators Within JSON Arrays + +[cols="33%a,33%a,34%a"] +|=== +|OPERATOR +|DESCRIPTION +|RQL EXAMPLE + + +|?any +|?any is an expression used to filter arrays. + +It is used to specify conditions to return results when *any* single one of the array elements satisfy them. +|---- +config from cloud.resource where api.name= 'azure-network-nsg-list' AND json.rule = securityRules[?any(access equals Allow and direction equals Inbound and sourceAddressPrefix equals Internet and (protocol equals Udp or protocol equals *) and destinationPortRange contains _Port.inRange(137,137) )] exists +---- + + +|?none +|?none is an expression used to filter arrays. + +It is used to specify conditions to return results when *none* one of the array elements are satisfied. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[?none(toPort is member of (10,220,250))] exists +---- + + +|?all +|?all is an expression used to filter arrays. + +It is used to specify conditions to return results when *all* of the array elements satisfy them. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-network-acls' AND json.rule = entries[?all(egress is true and ruleAction contains deny)] exists +---- + + +|@ and ? +|@ and ? are expressions used to filter arrays. + +* ? opens the array. +* @ represents the current item being processed. It is used to hone in on a particular block in the json object so that you are only matching that block and no others. +|---- +config from cloud.resource where api.name='aws-ec2-describe-security-groups' AND json.rule='ipPermissions[?(@.fromPort==0)].ipRanges[*] contains 0.0.0.0/0' +---- + + +|`&&` and `\|\|` +|Combine conditions within json.rule using `&&` and `\|\|`. +|---- +config from cloud.resource where api.name = 'aws-s3api-get-bucket-acl' and json.rule = "policy.Statement exists and policy.Statement[?(@.Action=='s3:GetObject' && @.Effect=='Allow' \|\| @.Action=='s3:ListBucket' && @.Effect=='Allow')].Principal contains *" +---- + +|=== + + +[#idd0bd13f8-7505-4290-ad05-163362024aec] +=== Config and Event Operators + +[cols="33%a,33%a,34%a"] +|=== +|OPERATOR +|DESCRIPTION +|RQL EXAMPLE + + +|greater than +|Compares a path on the left-hand side against either a numeric value or another path on the right-hand side. +|---- +config from cloud.resource where api.name = 'aws-iam-get-account-password-policy' AND json.rule = maxPasswordAge greater than 20 +---- + + +|less than +|Compares a path on the left-hand side against either a numeric value or another path on the right-hand side. +|---- +config from cloud.resource where api.name = 'aws-iam-get-account-password-policy' AND json.rule = maxPasswordAge less than 100 +---- + + +|equals +|Compares a path on the left-hand side against either a numeric value or another path on the right-hand side. +|---- +config from cloud.resource where api.name = 'aws-iam-get-account-password-policy' AND json.rule = maxPasswordAge equals 90 +---- + + +|does not equal +|Compares a path on the left-hand side against either a numeric value or another path on the right-hand side. +|---- +config from cloud.resource where api.name = 'aws-iam-get-account-password-policy' AND json.rule = maxPasswordAge does not equal 90 +---- + + +|equal ignore case +|Compares a path on the left-hand side against either a string or value or another path on the right-hand side. + +The *equal ignore case* operator works exactly the same as *equals*, with the only difference that it disregards case sensitivity in the string match. +|---- +config from cloud.resource where cloud.account = 'AWS_prod' AND api.name = 'aws-ec2-describe-security-groups' AND json.rule = groupName equal ignore case RQL-auto-SG1 +---- + + +|does not equal ignore case +|Compares a path on the left-hand side against either a string or value or another path on the right-hand side. +| + + +|starts with +|The left-hand side must be a path with a string value. +|---- +config from cloud.resource where api.name = 'aws-iam-list-users' and json.rule = userName starts with y +---- + + +|does not start with +|The left-hand side must be a path with a string value. +|---- +config from cloud.resource where api.name = 'aws-iam-list-users' and json.rule = userName does not start with y +---- + + +|ends with +|The left-hand side must be a path with a string value. +|---- +config from cloud.resource where api.name = 'aws-iam-list-users' and json.rule = userName ends with i +---- + + +|does not end with +|The left-hand side must be a path with a string value. +|---- +config from cloud.resource where api.name = 'aws-iam-list-users' and json.rule = userName does not end with i +---- + + +|contains +|The left-hand side may be a single path or a set of paths with numeric or string value. +|---- +config from cloud.resource where api.name = 'azure-network-nsg-list' AND json.rule = defaultSecurityRules[*].direction contains outbound +---- + + +|does not contain +|The left-hand side may be a single path or a set of paths with numeric or string value. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-vm-list' AND json.rule = powerState does not contain allocated +---- + + +|is empty +|The left-hand side must be a path leading to a string value. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' and json.rule = publicIpAddress is empty +---- + + +|is not empty +|The left-hand side must be a path leading to a string value. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' and json.rule = publicIpAddress is not empty +---- + + +|exists +|The left-hand side must be a path. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-network-interfaces' AND json.rule = 'association.publicIp exists' +---- + + +|does not exist +|The left-hand side must be a path. +|---- +config from cloud.resource where cloud.type = 'gcp' AND cloud.service = 'Compute Engine' and api.name = 'gcloud-compute-instances-list' AND json.rule = metadata.kind does not exist +---- + + +|any start with +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId any start with vpc-3 +---- + + +|none start with +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId none start with vpc-323cda +---- + + +|all start with +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId all start with vpc-323cda +---- + + +|any end with +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId any end with 49 +---- + + +|none end with +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId none end with 49 +---- + + +|all end with +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId all end with 49 +---- + + +|any equal +|The left-hand side must be a set of paths leading to string or numeric values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId any equal vpc-323cda49 +---- + + +|none equal +|The left-hand side must be a set of paths leading to string or numeric values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId none equal vpc-323cda49 +---- + + +|all equal +|The left-hand side must be a set of paths leading to string or numeric values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId all equal vpc-323cda49 +---- + + +|any empty +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId any empty +---- + + +|none empty +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId none empty +---- + + +|all empty +|The left-hand side must be a set of paths leading to string values. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = networkInterfaces[*].vpcId all empty +---- + + +|IN ( +|The left-hand side must be a string. +|---- +event from cloud.audit_logs where crud IN ( 'create' , 'update' ) AND has.anomaly +---- + + +|NOT IN ( +|The left-hand side must be a string. +|---- +config from cloud.resource where finding.severity NOT IN ( 'low', 'informational', 'medium' ) AND cloud.account IN ( 'account_name' ) +---- + + +|size equals +|The left-hand side must be an array. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*] size equals 0 +---- + + +|size does not equal +|The left-hand side must be an array. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*] size does not equal 0 +---- + + +|size greater than +|The left-hand side must be an array. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*] size greater than 1 +---- + + +|size less than +|The left-hand side must be an array. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*] size less than 1 +---- + + +|length equals +|The left-hand side is a path with a string value. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-rds-describe-db-snapshots' AND json.rule = snapshot.storageType length equals 3 +---- + + +|length does not equal +|The left-hand side is a path with a string value. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-rds-describe-db-snapshots' AND json.rule = snapshot.storageType length does not equal 3 +---- + + +|length greater than +|The left-hand side is a path with a string value. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-rds-describe-db-snapshots' AND json.rule = snapshot.storageType length greater than 3 +---- + + +|length less than +|The left-hand side is a path with a string value. + +The right-hand side must be an integer. +|---- +config from cloud.resource where api.name = 'aws-rds-describe-db-snapshots' and json.rule = snapshot.storageType length less than 4 +---- + + +|number of words equals +|The left-hand side is a path with a string value. +|---- +config from cloud.resource where cloud.type = 'gcp' AND cloud.service = 'Compute Engine' and api.name = 'gcloud-compute-instances-list' AND json.rule = cpuPlatform number of words equals 3 +---- + + +|number of words does not equal +|The left-hand side is a path with a string value. +|---- +config from cloud.resource where cloud.type = 'gcp' AND cloud.service = 'Compute Engine' and api.name = 'gcloud-compute-instances-list' AND json.rule = cpuPlatform number of words does not equal 3 +---- + + +|number of words greater than +|The left-hand side is a path with a string value. +|---- +config from cloud.resource where cloud.type = 'gcp' AND cloud.service = 'Compute Engine' and api.name = 'gcloud-compute-instances-list' AND json.rule = cpuPlatform number of words greater than 2 +---- + + +|number of words less than +|The left-hand side is a path with a string value. +|---- +config from cloud.resource where cloud.type = 'gcp' AND cloud.service = 'Compute Engine' and api.name = 'gcloud-compute-instances-list' AND json.rule = cpuPlatform number of words less than 3 +---- + + +|any true +|The left-hand side is a set of paths with Boolean values. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nic-list' AND json.rule = " ['properties.ipConfigurations'][*].['properties.primary'] any true " +---- + + +|none true +|The left-hand side is a set of paths with Boolean values. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nic-list' AND json.rule = " ['properties.ipConfigurations'][*].['properties.primary'] none true" +---- + + +|all true +|The left-hand side is a set of paths with Boolean values. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nic-list' AND json.rule = " ['properties.ipConfigurations'][*].['properties.primary'] all true +---- + + +|any false +|The left-hand side is a set of paths with Boolean values. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nic-list' AND json.rule = " ['properties.ipConfigurations'][*].['properties.primary'] any false" +---- + + +|none false +|The left-hand side is a set of paths with Boolean values. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nic-list' AND json.rule = " ['properties.ipConfigurations'][*].['properties.primary'] none false" +---- + + +|all false +|The left-hand side is a set of paths with Boolean values. +|---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-network-nic-list' AND json.rule = " ['properties.ipConfigurations'][*].['properties.primary'] all false" +---- + + +|is true +|The left-hand side is a path with Boolean value. +|---- +config from cloud.resource where api.name = 'azure-storage-account-list' AND json.rule = encryptionStatuses.Blob is true +---- + + +|is false +|The left-hand side is a path with Boolean value. +|---- +config from cloud.resource where api.name = 'azure-storage-account-list' AND json.rule = encryptionStatuses.Blob is false +---- + + +|is not member of +|The left-hand side is a path with string value, and the right-hand side is a set of values in parentheses and separated with commas. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].toPort exists and ipPermissions[*].fromPort is not member of (22) +---- + + +|is member of +|The left-hand side is a path with string value, and the right-hand side is a set of values in parentheses and separated with commas. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].toPort exists and ipPermissions[*].toPort is member of (3389,22,5432) +---- + +---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].ipProtocol exists and ipPermissions[*].ipProtocol is member of (tcp) +---- + + +|matches + +does not match +|For Event queries, use the boolean operators `matches` and `does not match` to match or exclude field values against simple patterns and not full regex. + +Patterns can have substrings and `*` for wild character search. + +Use the `matches` or `does not match` operator instead of `contains/does not contain` or `exists/does not exist` operators. +|In the following example, the value 'c*login' enables you to list activities that match `clogin` , `cloudlogin` , or `consolelogin` . + +---- +event from cloud.audit_logs where cloud.type = 'aws' AND cloud.account = 'RedLock Sandbox' AND operation matches 'c*login' +---- + + +|intersects + +does not intersect +|Checks if there are common elements between any two lists. + +Both the left-hand and right-hand sides can be a path with a string or array, a string or IP address/CIDR block, a set of values in parentheses and separated with commas, or a function such as, `_Port.inRange()` . +|The following example shows the `_IPAddress.inRange` function using the *does not intersect* operator: + +---- +config from cloud.resource where api.name = 'azure-sql-server-list' AND json.rule = firewallRules size > 0 and ((firewallRules[*].endIpAddress does not intersect _IPAddress.inRange("190.100.0.%d",100,130) and firewallRules[*].endIpAddress does not intersect (52.31.43.92, 56.75.42.16, 96.15.20.13)) +---- + + +|like +|Checks if the wildcard character (*) is used to grant access permissions at the account level on your cloud service provider. For example, you can check for wildcard permissions granted to delete all EC2 instances in every account. + +The left-hand side is a path with string value, and the right-hand side is the name of a cloud account. + + +[NOTE] +==== +The `like` operator is currently only supported for `iam` queries; see xref:iam-query/iam-query-attributes.adoc#idd31fd7aa-bbe1-4353-b872-d89d688dfc45[IAM Query Attributes]. +==== + +|---- +config from iam where dest.cloud.account LIKE 'account-dev-3' +---- + +|=== + + +[#id864e6358-0dae-48f6-bf3e-16d88f85a41b] +=== Joins + +Joins allow you to get data from two different APIs where you have combined different conditions. You can use Joins only across `config from cloud.resource where` queries, and can include up to three configuration API resources with alias X, Y and Z, and you can optionally include a json.rule to match within the API resource alias. When you use the json.rule, joins across event, network, and config are not supported. + +Nested Rules using the `?any` quantifier limit the conditions you write on the elements of an array. For RQL policies that use nested rules, you can add a condition referencing an external JSON path inside the nested rule. This is useful when a Join operator is expressed among two different paths in a JSON specimen, which requires the nested rules to check on values outside the scope of the quantifier. In addition, when a Join is expressed among two different paths in a JSON specimen, which requires the nested rules to check on values outside the scope of the quantifier. + +[NOTE] +==== +Use resource specific conditions inside json.rule of the alias and use the filter option only for comparison using operators ==, !=, contains, does not contains, not (negation). +==== + +*Join basic syntax:* + +---- +config from cloud.resource where api.name = 'a' and json.rule = 'r' as X; config from cloud.resource where api.name ='b' and json.rule ='r2' as Y; show (X;|Y;) +---- + +---- +config from cloud.resource where api.name=".." as X; config from cloud.resource where api.name="..." as Y; filter "$.X... $.Y"; show (X;|Y;) +---- + +To find EC2 instances that have public IP addresses assigned at launch use this query: + +Steps: + +. List EC2 instances that have a public IP address as X: ++ +---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' and json.rule = publicIpAddress exists and publicIpAddress is not empty as X; +---- + +. List instances that have security groups which allow unrestricted access from any source as Y: ++ +---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' and json.rule = ipPermissions[*].ipRanges[*] contains 0.0.0.0/0 or ipPermissions[*].ipv6Ranges[*].cidrIpv6 contains ::/0 as Y; +---- + +. Set the filter: ++ +---- +filter '($.X.securityGroups[*].groupName==$.Y.groupName)'; show X; +---- + +. Complete the query to list all EC2 instances that have a public IP address and are accessible without any source IP restrictions: ++ +---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-subnets' as Y; filter '$.X.subnetId == $.Y.subnetId and $.Y.mapPublicIpOnLaunch is true'; show X; +---- + +*Examples of Joins:* + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL EXAMPLE + + +|VPCs that are connected to internet gateways. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-internet-gateways' as X; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Y; filter '$.X.attachments[*].vpcId == $.Y.vpcId and $.Y.tags[*].key contains IsConnected and $.Y.tags[*].value contains true'; show Y; +---- + + +|CloudTrail logs that are integrated with CloudWatch for all regions. +|---- +config from cloud.resource where api.name = 'aws-cloudtrail-describe-trails' as X; config from cloud.resource where api.name = 'aws-cloudtrail-get-trail-status' as Y; filter '$.X.cloudWatchLogsLogGroupArn != null and ($.Y.status.latestCloudWatchLogsDeliveryTime != null and _DateTime.ageInDays($.Y.status.latestCloudWatchLogsDeliveryTime) > 1) and ($.X.rrn == $.Y.rrn)'; show X; +---- + + +|Show all AWS Lambda functions that are accessible with the RedlockReadOnly IAM role. +|---- +config from cloud.resource where api.name = 'aws-lambda-list-functions' AND json.rule = handler contains "lambda" as X;config from cloud.resource where api.name = 'aws-iam-list-roles' AND json.rule = role.roleName contains "RedlockReadOnlyRole" as Y;filter '($.X.role.rolename equals $.Y.role.rolename)' ; show X; +---- + + +|Find all EC2 instances that have a specified name, snapshot ID and image ID. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*].key contains "Name" as X; config from cloud.resource where api.name = 'aws-ec2-describe-snapshots' AND json.rule = snapshot.snapshotId contains "snap-004b0221589e516d7" as Y; config from cloud.resource where api.name = 'aws-ec2-describe-images' AND json.rule = image.imageId contains "ami-03698559b1d406e89" as Z; show X +---- + + +|Find Azure SQL databases where audit log retention period is less that 90 days. +|---- +config from cloud.resource where api.name = 'azure-sql-db-list' as X; config from cloud.resource where api.name = 'azure-sql-server-list' AND json.rule = (serverBlobAuditingPolicy does not exist or serverBlobAuditingPolicy is empty or serverBlobAuditingPolicy.properties.retentionDays does not exist or (serverBlobAuditingPolicy.properties.state equals Enabled and serverBlobAuditingPolicy.properties.retentionDays does not equal 0 and serverBlobAuditingPolicy.properties.retentionDays less than 90)) as Y; filter '$.X.blobAuditPolicy.id contains $.Y.sqlServer.name'; show X; +---- + + +|Find where bucket ACL owner ID and grantee ID do not match and display name does not contain awslogsdelivery +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-s3api-get-bucket-acl' AND json.rule = acl.grants[?any( grantee.displayName exists and grantee.displayName does not contain awslogsdelivery and grantee.identifier does not contain $.acl.owner.id)] exists +---- + +|=== + +//RLP-116449 +//summary: recommend adding a cloud account for multi-join RQLs in order to emulate config scanner functionality. + +==== Cross-Account Joins + +Prisma Cloud *Investigate* works differently from *Policy* when executing an RQL query specific to cloud accounts. You can facilitate cross-account comparisons from the Investigate page, but not from the Policy page. In case of cross-account JOINs, you must be careful when trying to correlate *Alert* counts with the Investigate page results. + +If you do not specify the _cloud.account_ parameter while running a query from Investigate, all cloud accounts will be open for JOIN. And since resources from one API in a query can potentially match with another, irrespective of the account, you can get inaccurate results. To achieve consistency with Policy (which generates alerts) and get precise results, Prisma Cloud recommends that you add the _cloud.account_ parameter in your query. However, you do not need to apply the _cloud account_ condition every time for JOIN RQLs. Usually, the results count on Investigate matches with that on Alerts. + +For example: + +* If only the first part of an RQL has corresponding resources, and the second part does not, Investigate search displays results only from the first part. These are typically false positives. Prisma Cloud will not generate alerts for these instances. + +* When resources with the same name that are associated with a particular API exist across multiple cloud accounts, can also generate false positives. + +NOTE: Prisma Cloud recommends that you specify the cloud account for verification and help validate discrepancies. + +[#idf1090750-00ce-4a0e-adb1-609033551ce5] +=== Functions + +A function performs a calculation on specific data that matches the clause contained in the function and displays results. Functions support auto-complete when you enter the prefix `_` in a json.rule or addcolumn attribute. + +Prisma Cloud supports following functions: + +* xref:#id12237fdb-8312-4339-9c07-a86721f130c6[_DateTime Examples] +* xref:#idbafe637e-96e0-42b3-a227-a51d6045fc72[_AWSCloudAccount.isRedLockMonitored Examples] +* xref:#idef51bf6d-59e2-420d-9dd0-21b23191c227[_IPAddress.inRange Examples] +* xref:#idb115efe2-c78f-450c-bae9-617de5668536[_Port.inRange Examples] +* xref:#id71d92562-6649-4057-9fdf-3ffbf4804353[_IPAddress.inCIDRRange Examples] +* xref:#id584a8722-44f3-422e-9374-2991b62fe2d8[_IPAddress.areAnyOutsideCIDRRange() Examples] +* xref:#ide11cc0b6-ecfd-49eb-ae44-63b626661f14[_Set Examples] + + +[#id12237fdb-8312-4339-9c07-a86721f130c6] +==== _DateTime Examples + +Query time ranges are not part of RQL grammar, and the query time window is passed as a separate argument to the query APIs. The selection of the attributes or columns for a category are not part of the RQL grammar. The function accepts timestamps in the following formats only: + +Zulu: "2011-08-13T20:17:46.384Z" + +GSON/AWS: "Nov 7, 2016 9:34:21 AM" + +ISO: "2011-12-04T10:15:30+01:00" + +The query time ranges that are available are `_DateTime.ageInDays` , `_DateTime.ageInMonths` , `_DateTime.ageInYears` , and `_DateTime.daysBetween` . The `_DateTime.daysBetween` function looks for any information that falls in between two dates and takes two dates as arguments. + +For example, the `_DateTime.ageInDays` returns the number of days until a date as a negative number. + +[NOTE] +==== +When using the _DateTime function all json parameters are available as auto-complete options, you must select only parameters that have timestamps. Also, the syntax for a function does not support spaces. Remove empty spaces before or after parenthesis, and between comma-separated parameters. +==== + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL EXAMPLE + + +|List EC2 instances with age greater than 2 days. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = '_DateTime.ageInDays(launchTime) > 2' +---- + + +|List resource names where access keys are not rotated for 90 days. +|---- +config from cloud.resource where api.name = 'aws-iam-get-credential-report' AND json.rule = '(access_key_1_active is true and access_key_1_last_rotated != N/A and _DateTime.ageInDays(access_key_1_last_rotated) > 90) or (access_key_2_active is true and access_key_2_last_rotated != N/A and _DateTime.ageInDays(access_key_2_last_rotated) > 90)' +---- + + +|Use the function today() to return the current day’s date. +|---- +config from cloud.resource where cloud.type = 'aws' and api.name = 'aws-cloudtrail-get-trail-status' AND json.rule ="_DateTime.daysBetween($.latestDeliveryTime,today()) ! = 2" +---- + +|=== + + +[#idbafe637e-96e0-42b3-a227-a51d6045fc72] +==== _AWSCloudAccount.isRedLockMonitored Examples + +When using this function to identify AWS accounts that are or are not monitored on Prisma Cloud, you can provide the AWS account ID in any of the following formats: + +* Standard AWS 12-digit account number. ++ +For example: 123456789012 + +* Canonical user ID. You can use this ID to identify an AWS account when granting cross-account access to buckets and objects using Amazon S3. ++ +For example, an alpha-numeric identifier: 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be + +* 3. AWS account ID in ARN format. ++ +For example, arn:aws:iam::123456789012:role/test-1240-47 + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL EXAMPLE + + +|List any snapshots that are shared publicly and are not monitored by Prisma Cloud. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-snapshots' AND json.rule = 'createVolumePermissions[*] size != 0 and _AWSCloudAccount.isRedLockMonitored(createVolumePermissions[*].userId) is false' +---- + +|=== + + + +[#idef51bf6d-59e2-420d-9dd0-21b23191c227] +==== _IPAddress.inRange Examples + +To check if a particular IP address is part of an IP address range, use `_IPAddress.inRange` and in the argument specify the octets, along with the `` , `` . For example ("172.%d.",16,31) or (”172.10.%d.”,10,255). + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL EXAMPLE + + +|List AWS Route53 Public Zones that have Private Records. +|In this example, the IPAddress.inRange("172.%d.",16,31) allows you to search for IP addresses that are in the range "172.16.x.x" to "172.31.x.x": + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-route53-list-hosted-zones' AND json.rule = resourceRecordSet[*].resourceRecords[*].value any start with _IPAddress.inRange("172.%d.",16,31) +---- + +|=== + + +[#idb115efe2-c78f-450c-bae9-617de5668536] +==== _Port.inRange Examples + +To check if a particular port number is part of a specific range, use class `Port` and method `inRange` . This method takes three arguments `` , `` , and you can optionally include an ``. + +[NOTE] +==== +By default, the is 1. +==== + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL EXAMPLE + + +|Use the `inRange` function with the `contains` and `does not contain` operators to check for conditions on a port range. + +Specify `` and `` to find all ports within the specified range. +|Example using `contains` to check for ports numbers between 22 and 33 with an offset of 1: + +---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].toPort exists and ipPermissions[*].toPort contains _Port.inRange(22,33,1) +---- + +The example above checks for all ports between 22 and 33. + + +| +|Example using `Does not Contain` : + +---- +config from cloud.resource where api.name = 'azure-network-nsg-list' AND json.rule = securityRules[*].sourcePortRanges[*] does not contain _Port.inRange(350,5400,5) +---- + +The example above checks for ports 350, 355, 360, .....5390, 5395, 5600. + + +| +|Example using no offset, to find all ports within the specified range: + +---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].toPort exists and ipPermissions[*].toPort contains _Port.inRange(400,500) +---- + +|=== + + +[#id71d92562-6649-4057-9fdf-3ffbf4804353] +==== _IPAddress.inCIDRRange Examples + +To check if a specific IPv4 or IPv6 address or subnet is a part of a specific CIDR block or supernetwork, use the `_IPAddress.inCIDRRange` function. This function takes two arguments, the first is the CIDR address or array of CIDR addresses extracted from the JSON payload where you must specify whether it is an `ipv4Ranges` or an `ipv6Ranges` and the second is the CIDR block (either IPv4 or IPv6) `cidrIp` or `cidripv6` followed by the IP address that you want to match on.The result returns the resources that contain the IP addresses in the JSON payload that fall within the CIDR range you entered, in the case when it is true, and the resources that do not match when it is false. + +[cols="49%a,51%a"] +|=== +|DESCRIPTION +|RQL EXAMPLE + + +|Define multiple CIDR blocks that you want to match on. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = '_IPAddress.inCIDRRange($.ipPermissions[*].ipv4Ranges[*].cidrIp,10.0.0.0/8) is false and _IPAddress.inCIDRRange($.ipPermissions[*].ipv4Ranges[*].cidrIp,172.31.0.0/12) is false and _IPAddress.inCIDRRange($.ipPermissions[*].ipv4Ranges[*].cidrIp,192.168.0.0/16) is true' +---- + + +|Find an IPv6 address within a CIDR block. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = '_IPAddress.inCIDRRange($.ipPermissions[*].ipv6Ranges[*].cidrIpv6,2600:1f18:226b:62fa:ffff:ffff:ffff:ffff/24) is true' +---- + + +|Specify multiple match conditions to find all CIDRs within the JSON metadata. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = 'ipPermissions[*].ipv4Ranges[*].cidrIp does not contain "0.0.0.0/0" and ipPermissions[*].ipv4Ranges[*].cidrIp size does not equal 0 and _IPAddress.inCIDRRange(ipPermissions[*].ipv4Ranges[*].cidrIp,192.168.0.0/16) is true' +---- + +|=== + + +[#id0de207fb-bfe9-4382-9618-f599e7003bd7] +==== _IPAddress.areAllInCIDRRange() Examples + +The `_IPAddress.areAllInCIDRRange(Resource, CIDR)` function checks to see if all of the IP addresses assigned to a resource are within a specified CIDR block. The result of executing the function will be a boolean. For example, if you had the question “Do my databases have all IP addresses in the 10.0.0.0./24 IP range,” the answer will be yes or no. The function accepts two arguments which are `Resource` and `CIDR` . + +`Resource` describes meta data within the configuration file that contains the IP address(es), and `CIDR` represents the value of the CIDR block that you define. + +[cols="50%a,50%a"] +|=== +|Description +|Example + + +|Find all resources that contain CIDR addresses within the 10.0.0.0/8 range. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].ipv4Ranges[*] size greater than 0 and _IPAddress.areAllInCIDRRange($.ipPermissions[*].ipv4Ranges[*].cidrIp,10.0.0.0/8) is true +---- + + +|Find all IP addresses that fall within the a specified range. +|---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-security-groups' AND json.rule = ipPermissions[*].ipv6Ranges[*] size greater than 0 and _IPAddress.areAllInCIDRRange($.ipPermissions[*].ipv6Ranges[*].cidrIp,fc00::/7) is true +---- + + +|Find all the IPv6 addresses within the CIDR block. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = _IPAddress.areAllInCIDRRange(ipPermissions[*].ipv6Ranges[*].cidrIpv6,2600:1f18:226b:6200::/1) is true +---- + +|=== + + +[#id584a8722-44f3-422e-9374-2991b62fe2d8] +==== _IPAddress.areAnyOutsideCIDRRange() Examples + +The `_IPAddress.areAnyOutsideCIDRRange()` function enables you to write config RQL queries that check if any IP/CIDR addresses are outside of a given list of permitted CIDR blocks. You can use this function to check if any resources have exposure to IP addresses outside of the RFC 1918 private CIDR blocks. + +The first argument is a JSON expression that evaluates against one or more IP/CIDR addresses. The second and subsequent arguments list the IP/CIDR addresses and/or ranges to test against. You can use IPV4 and IPV6 address formats. However, the two function arguments should be either both in IPV4 or both in IPV6. + +[cols="75%a,25%a"] +|=== +|Description +|Example + +|Check a valid IP against an invalid range to indicate the IP is outside of the range. If the address is not a valid IP or CIDR it is not considered to be a match. +|---- +_IPAddress.areAnyOutsideCIDRRange(ipPermissions[*].ipv4Ranges[*].cidrIp,192.0.0.0/24,172.31.0.0/16) +---- + +|=== + + + +[#ide11cc0b6-ecfd-49eb-ae44-63b626661f14] +==== _Set Examples + +The `_Set` function enables you to compare the values between lists on the Left Hand Side and Right Hand Side using the properties of union or intersection, and identify whether a specific value or comma separated list of values are included within that result set. The methods supported are `_Set.intersection`, `_Set.union`, and `Set_isSubset`. +For [_Set.intersection], `_Set.union`, you can use the boolean operators `intersects` and `contains` to verify whether the values you want to look for are included in the result or if the result set contains the specified value(s). + +For `Set_isSubset`, enables you to identify whether a specific value or comma separated list of values returned by the JSON path of the resource is fully contained within the target list. +The syntax is: `Set.isSubset(, ) is [ true | false `] +where + = JSON path + + = a set of strings without any whitespace within. For example, neither use of whitepace is valid: _Set.isSubset(, (a, "b1 b2",c)) where there are spaces within the second string, nor _Set.isSubset(, (a, b, c)) with space between the strings in a list. + +[NOTE] +==== +If the result dataset is huge, use `limit search records to` at the end of the query. +==== + +[cols="31%a,69%a"] +|=== +|Description +|Example + + +.2+|Compare a list on the RHS [as X] with another dynamic list of items in LHS [as Y] and take the intersection ones into a subset list and then compare this against a static, comma separated list you provide. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Z; filter '_Set.intersection($.X.vpcId,$.Y.vpcId) intersects (vpc-5b9a3c33,vpc-b8ba2dd0,vpc-b8ba2dd01)'; show X; +---- + + +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Z; filter 'not _Set.intersection($.X.vpcId,$.Y.vpcId) intersects (vpc-5b9a3c33,vpc-b8ba2dd0,vpc-b8ba2dd01)'; show X; limit search records to 100 +---- + + +|Combine two lists to include all elements of X and Y and find a match against a comma separated list you provide. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Z; filter '_Set.union($.X.vpcId,$.Y.vpcId) intersects (vpc-5b9a3c33,vpc-b8ba2dd0,vpc-b8ba2dd01)'; show Y; limit search records to 10 +---- + + +|Check if a result set contains a specific value. +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-instances' as X; config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-vpcs' as Z; filter '_Set.union($.X.vpcId,$.Y.vpcId) contains vpc-b8ba2dd0'; show X; +---- + + +|Detects Internet exposed instances with public IP and firewall rule with 0.0.0.0/0 and destination is specified target tags: +|---- +config from cloud.resource where api.name = 'gcloud-compute-instances-list' as X; config from cloud.resource where api.name = 'gcloud-compute-firewall-rules-list' as Y; filter '$.X.networkInterfaces[*].network contains $.Y.network and $.X.networkInterfaces[*].accessConfigs[*].natIP size greater than 0 and $.Y.direction contains INGRESS and $.Y.sourceRanges[*] contains 0.0.0.0/0 and $.X.tags.items[*] intersects $.Y.targetTags[*] and $.Y.disabled contains false'; show X; +---- + +|Checks that the SQS policy statement does not include the list of IP addresses specified +|---- +config from cloud.resource where cloud.region = 'AWS Ohio' and api.name='aws-sqs-get-queue-attributes' and json.rule = QueueArn contains rql and _Set.isSubset(attributes.Policy.Statement[*].Condition.NotIpAddress.aws:SourceIp[*],(58.307.78.64/28,43.89.2.128/27,3.218.144.244,34.205.176.82,34.228.96.118,14.228.97.64/27)) is false +---- + + +|Checks that for the specified groupName, the IP address ranges in the path ipPermissions[*].ipRanges[*] are fully contained in the target list of strings +|---- +config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' AND json.rule = groupName contains rql and _Set.isSubset(ipPermissions[*].ipRanges[*],(199.167.52.5/32,34.98.203.241/32,192.168.0.0/16,10.0.0.0/24,172.31.0.0/16)) is true +---- + +|=== diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/search-and-investigate.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/search-and-investigate.adoc index 8246a21f12..4b55ba555c 100644 --- a/docs/en/enterprise-edition/content-collections/search-and-investigate/search-and-investigate.adoc +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/search-and-investigate.adoc @@ -45,6 +45,11 @@ Review attributes and examples for the query types using advanced mode * xref:network-queries/network-flow-queries.adoc[Network] * xref:audit-event-queries/audit-event-queries.adoc[Audit Event] +|Appendix +|* xref:rql-operators.adoc[RQL Operators] +* xref:rql-examples.adoc[RQL Examples] +* xref:rql-faqs.adoc[RQL FAQs] + * Built a query you think would be useful to other customers? Contribute using *Edit on Github* link provided on each page! diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-10.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-10.adoc new file mode 100644 index 0000000000..a119268326 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-10.adoc @@ -0,0 +1,55 @@ + +== Operation object uses 'password' flow in OAuth2 authentication + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 83894412-ed76-4884-8e47-2e74285d8a60 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2OperationObjectPasswordFlow.py[CKV_OPENAPI_10] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is looking for instances in API definitions where the 'password' flow is being used in OAuth2 authentication, specifically within version 2.0 files. The 'password' flow, also known as the resource owner password credentials grant, could potentially place the application at a higher risk as it involves sharing the user's password with the client application. If not managed securely, it could lead to unauthorized access or data breaches. Therefore, it's recommended to use more secure methods of authentication to protect sensitive information. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you should avoid using 'password' flow in OAuth2 authentication when defining your OpenAPI objects. The password flow is less secure because it involves sharing password credentials directly to the client-side application. Instead, consider using a more secure flow like 'authorization_code' flow or 'client_credentials' flow. + +[source,yaml] +---- +components: + securitySchemes: + OAuth2: + type: oauth2 + flows: + clientCredentials: + tokenUrl: https://example.com/oauth2/default/v1/token + scopes: + 'read:apps': read your applications + authorization_code: + authorizationUrl: https://example.com/oauth2/default/v1/authorize + tokenUrl: https://example.com/oauth2/default/v1/token + scopes: + 'read:apps': read your applications +---- + +The above code is secure because it does not use the 'password' flow. Both the 'clientCredentials' and 'authorization_code' flows are shown as examples of more secure alternatives for OAuth2 authentication in your OpenAPI objects. The 'clientCredentials' flow is used when the client can be trusted to hold a secret, while the 'authorization_code' flow is used for apps that are hosted on a secure server. In both flows, a token is used to grant access, which is more secure than sharing password credentials. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-11.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-11.adoc new file mode 100644 index 0000000000..9af01552f2 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-11.adoc @@ -0,0 +1,50 @@ + +== Operation object uses 'password' flow in OAuth2 authentication + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 49fa9089-965c-4c2f-a5b9-cb796ba0836a + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionPasswordFlow.py[CKV_OPENAPI_11] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is specifically geared towards ensuring the security of OpenAPI documents for APIs, specifically for those using OAuth2 authentication in version 2.0 files. The policy checks for the presence of 'password' flow. The usage of 'password' flow allows direct usage of usernames and passwords to obtain access tokens, circumventing stronger methods of authentication. This leaves user credentials, and by extension your API, more susceptible to cyber threats, hence it is not recommended. The policy aims to flag this as an issue in order to maintain the best security practices. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you need to change the OAuth2 authentication flow. Instead of using 'password' flow, try using 'authorizationCode' or 'implicit' flow. This is a more secure way to handle authentication. + +[source,yaml] +---- +securitySchemes: + OauthSecurityScheme: + type: oauth2 + flows: + authorizationCode: + tokenUrl: https://authorization-server.com/token + scopes: + read: Grants read access + write: Grants write access +---- + +The above code is secure because it doesn't expose the user's password in the OAuth2 authentication flow, which could potentially lead to credential leaks or unauthorized access. Instead, it uses the 'authorizationCode' flow that relies upon the interaction between the web browser and the server, which is a more secure approach. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-12.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-12.adoc new file mode 100644 index 0000000000..80d796af2b --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-12.adoc @@ -0,0 +1,59 @@ + +== Security definition uses the deprecated implicit flow on OAuth2 + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| a19546f2-d7e5-410a-b72c-cc5ad410cee2 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionImplicitFlow.py[CKV_OPENAPI_12] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is evaluating if a security definition is utilizing the implicit flow on OAuth2 in version 2.0 files. Implicit flow is a part of OAuth 2.0, which allows a client application to obtain an access token directly from an authorization server, without needing an authorization code first. It's primarily used for applications that run inside the browser where having a client secret is not secure. + +However, the use of implicit flow in OAuth2 is considered outdated and insecure, thus it's been deprecated. It exposes a higher risk of access tokens being compromised because they can be potentially intercepted by malicious actors during transmission from the authorization server to the client. + +So, use of implicit flow can lead to security breaches and unauthorized access to sensitive data or functionalities. That's why it's considered bad and a best practice to avoid its use in security definitions. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you need to ensure that the OpenAPI definition isn't using Implicit OAuth2 flow for security. + +[source,yaml] +---- +openapi: 3.0.0 +components: + securitySchemes: + OAuth2: + type: oauth2 + flows: + default: + authorizationUrl: https://example.com/oauth/authorize + tokenUrl: https://example.com/oauth/token + refreshUrl: https://example.com/oauth/refresh + scopes: + read: Grants read access + write: Grants write access + admin: Grants access to admin operations +---- + +The above code isn't using Implicit flow. Instead, it's using Authorization Code Grant, which requires the client to interact with the authorization server. This interaction allows the client to obtain an authorization code and then exchange it for an access token. This makes the OAuth2 flow more secure as the access token is never exposed directly to the client. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-13.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-13.adoc new file mode 100644 index 0000000000..8d89dde2ef --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-13.adoc @@ -0,0 +1,50 @@ + +== Security definitions uses basic auth + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 18ba9d20-c84e-4738-891e-289bbc12ec65 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityDefinitionBasicAuth.py[CKV_OPENAPI_13] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy checks to ensure that security definitions in a version 2.0 file do not use basic authentication. Using basic authentication is predominantly not considered a secure practice as it involves sending user credentials (username and password) in an unencrypted form over the network. This increases the risk of sensitive data being intercepted by unauthorized personnel, which can lead to possible data breaches or other security incidents. It is generally recommended to use more secure authentication methods such as tokens, hashes, or keys. + +=== Fix - Buildtime + +*OpenAPI* + +You should avoid using basic authentication in security definitions for version 2.0 files as it is not considered a secure method of authorization. Instead, opt for more secure forms of authentication. This could include certificate-based client authentication, third-party single sign-on, or other more secure methods which provide stronger security and data protection. + +[source,json] +---- +securityDefinitions: { + bearerAuth: { + type: "apiKey", + name: "Authorization", + in: "header" + } +} +---- + +In the above code, we have replaced the basic authentication with the use of an API key which is known to offer higher security. + +This config is secure because it allows for a secure way to authenticate user requests. 'Bearer authentication' (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. This type of HTTP authentication scheme is more secure than basic authentication as it can encrypt the user data while transmitting over the network. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-14.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-14.adoc new file mode 100644 index 0000000000..039b0287cd --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-14.adoc @@ -0,0 +1,70 @@ + +== Operation Objects Uses 'Implicit' Flow + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 2c090e1b-e819-4a68-b461-55ef26d7cdb9 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectImplicitFlow.py[CKV_OPENAPI_14] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is checking for the usage of 'implicit' flow in operation objects within OpenAPI 2.0 files. The 'implicit' flow is an authorization method used in OpenAPI operations which has since been deprecated due to inherent security vulnerabilities. It relies on redirection-based flows that make an application more susceptible to access and refresh token interception. When these tokens are stolen, a malicious actor can impersonate a user and conduct activities without consent. Therefore, using a more secure method like 'authorization code' flow is recommended, which adds an additional layer of security and prevents direct exposure of tokens. The policy thus helps in maintaining good API security practices in the OpenAPI specifications. + +=== Fix - Buildtime + +*OpenAPI* + +To fix the issue pointed out by this Checkov policy, you should update your API authorization procedure from the deprecated 'implicit' flow to another supported authorization flow such as 'authorizationCode' flow. + +[source,yaml] +---- +openapi: "3.0.0" +info: + version: 1.0.0 + title: Swagger Petstore +servers: + - url: http://petstore.swagger.io/v1 +paths: + /pets: + get: + summary: List all pets + operationId: listPets + responses: + '200': + description: An paged array of pets + security: + - petstore_auth: + - 'read:pets' +components: + securitySchemes: + petstore_auth: # arbitrary name for the security scheme + type: oauth2 + flows: + authorizationCode: # OAuth flow + authorizationUrl: https://example.com/api/oauth/dialog + tokenUrl: https://example.com/api/oauth/token + scopes: + 'read:pets': read your pets + 'write:pets': modify pets in your account +---- + +The secure code provided does not use 'implicit' flow. It uses the 'authorizationCode' OAuth 2.0 flow which is not deprecated and considered secure. The OAuth 'authorizationCode' flow is intended to be used for applications that can keep the client secret (the password) a secret. 'AuthorizationCode' is safer because it hands off clients to the provider's system to conduct a secure authentication transaction. As a result, applications do not have to handle delicate information like user passwords. + + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-15.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-15.adoc new file mode 100644 index 0000000000..023b6ca513 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-15.adoc @@ -0,0 +1,49 @@ + +== Operation Objects Uses Basic Auth + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| e7544d68-6d83-4dbd-a8f2-b569041fb455 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectBasicAuth.py[CKV_OPENAPI_15] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is checking for operation objects in OpenAPI version 2.0 files that are using basic authentication. Basic authentication is a simple authentication scheme built into the HTTP protocol, and involves sending user credentials (username and password) in the headers of a request. It's generally considered insecure for several reasons. Firstly, user credentials are sent as plaintext with basic encoding, making it easy for eavesdroppers to possibly intercept and see the credentials, especially if the request is sent over an unencrypted (i.e., non-HTTPS) connection. Secondly, basic authentication makes your application vulnerable to brute force attacks, as it doesn't incorporate any functionality for limiting login attempts. Overall, using a more secure authentication method, such as token-based or OAuth 2.0 authentication, is recommended. + +=== Fix - Buildtime + +*OpenAPI* + +A given OpenAPI specification file must not use a Basic Authentication scheme. This ensures that our APIs are not using a less secure authentication method such as Basic Authentication. + +To fix the issue, use a more secure authentication method rather than Basic Authentication. One secure alternative is using Bearer Authentication with a JWT token. This requires providing the bearer token for authorization. + +[source,yaml] +---- +components: + securitySchemes: + BearerAuth: # arbitrary name for the security scheme + type: http + scheme: bearer + bearerFormat: JWT # arbitrary string for documentation purposes +---- + +In the example above, a JWT token is provided for authorization via the bearer authentication method. The bearerFormat is mentioned for documentation purposes. This setup allows the server to verify a user's authenticity using a self-contained JWT token without using the less secure basic authentication scheme. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-16.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-16.adoc new file mode 100644 index 0000000000..e2b218afd8 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-16.adoc @@ -0,0 +1,61 @@ + +== Operation objects do not have the 'produces' field defined for GET operations + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 18509e95-b2ab-458b-9e45-89dfe13ed6f6 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectProducesUndefined.py[CKV_OPENAPI_16] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy checks to ensure that for every GET operation in an OpenAPI (version 2.0) file, there is a 'produces' field defined. The 'produces' field specifies the MIME type of the responses an operation can produce. If it is not defined, it may lead to ambiguity or incorrect handling of the response by the client. This could potentially create issues regarding the security and functionality of the API. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you need to define the 'produces' field for GET operations in your OpenAPI v2.0 files. + +[source,yaml] +---- +paths: + '/pet': + get: + summary: Info for a specific pet + operationId: showPetById + tags: + - pets + parameters: + - name: petId + in: path + required: true + description: The id of the pet to retrieve + type: string + produces: # adding the produces field here + - application/json + responses: + '200': + description: Expected response to a valid request + schema: + $ref: '#/definitions/pets' +---- + +The fix involves including the 'produces' field in the GET operation object definition. In OpenAPI v2.0, the 'produces' field determines the MIME type of the responses. It's an array that lists different types of MIME that your API can produce. For instance, 'application/json' is a common MIME type for APIs. Including the 'produces' field helps improve the predictability and understandability of your API's behavior. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-17.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-17.adoc new file mode 100644 index 0000000000..3bdc350eee --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-17.adoc @@ -0,0 +1,53 @@ + +== Operation objects for PUT, POST, and PATCH operations do not have a 'consumes' field defined + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 9b9d727b-f65a-4fd9-8f39-0ed3c2e0a206 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectConsumesUndefined.py[CKV_OPENAPI_17] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy checks if operation objects in the API version 2.0 files have the 'consumes' field defined for PUT, POST and PATCH operations. The 'consumes' field is important because it specifies the MIME types that the operation or endpoint can handle. If this field is not defined, the API may process requests with unspecified or incorrect content types, leading to errors or security vulnerabilities. It may also invite compatibility issues, as some clients may send requests in a format that the API does not support. Therefore, it's crucial to define the 'consumes' field for ensuring the correct operation of the API and safeguarding it from potential threats. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you need to ensure that every operation object for PUT, POST and PATCH in your OpenAPI description (version 2.0 files) has the 'consumes' field defined. The 'consumes' field indicates what MIME types the operation can consume. + +[source,yaml] +---- +paths: + /users: + post: + summary: Creates a new user. + consumes: # Add this field + - application/json + parameters: + - in: body + name: user + description: The user to create. + schema: + $ref: '#/definitions/User' +---- + +In the fixed code, the 'consumes' field is clearly defined under the POST operation. This is important as it informs clients what type of content the operation can consume, further avoiding any client sending the wrong content type to the server. This also ensures that the API is secure as it only accepts the defined format. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-18.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-18.adoc new file mode 100644 index 0000000000..463b4b0f20 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-18.adoc @@ -0,0 +1,47 @@ + +== Global schemes use 'httpa' protocol instead of 'https' + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1114331a-28e0-4f3a-bdc8-cf4fe9df19d8 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSchemeDefineHTTP.py[CKV_OPENAPI_18] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is checking to ensure that global schemes in the API are using 'https' protocol instead of 'http'. 'Http' protocol is insecure as it does not encrypt the data being transferred, making it susceptible to interception by malicious third parties. On the other hand, 'https' ensures that the communication between the client and the server is encrypted, hence providing a secure connection. If an API is using 'http', it poses a security threat as confidential data transferred can be easily intercepted and misused. Ensuring that global schemes use 'https' protocol hence provides an important safeguard for sensitive data. + +=== Fix - Buildtime + +*OpenAPI* + +To fix the issue, you need to change the schemes from 'http' to 'https'. You should update the `schemes` field in the OpenAPI document to only include 'https' and remove 'http'. + +[source,yaml] +---- +swagger: '2.0' +info: + version: 1.0.0 + title: Simple API +schemes: + - https +---- + +The above code is secure because it ensures that all data transmitted between the client and server is encrypted, preventing man-in-the-middle attacks, eavesdropping, and data tampering. This is essential for protecting sensitive information such as usernames, passwords, and API keys. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-19.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-19.adoc new file mode 100644 index 0000000000..4168169fb9 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-19.adoc @@ -0,0 +1,75 @@ + +== The global security scope is not defined in the securityDefinitions + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 390b7d27-254c-4385-8b9d-d942cf97a87a + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSecurityScopeUndefined.py[CKV_OPENAPI_19] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is checking to ensure that a global security scope is defined in the securityDefinitions of 2.0 version files in an OpenAPI framework. This is crucial for API security because failure to define this might mean that APIs may not have a standard security measure throughout their operations, which can leave them vulnerable to attacks. This can lead to unauthorized data access, data manipulation, or other forms of security breaches. Hence, it's important to have consistent security definitions in place to ensure a secure API environment. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, define a securityDefinitions section in your OpenAPI specification version 2.0 file which contains scopes for OAuth according to what is provided at API level on global security section. + +[source,json] +---- +{ + "swagger": "2.0", + "info": { + "version": "1.0.0", + "title": "Swagger Sample API" + }, + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "api_key", + "in": "header" + }, + "petstore_auth": { + "type": "oauth2", + "authorizationUrl": "http://petstore.swagger.io/api/oauth/dialog", + "flow": "implicit", + "scopes": { + "write:pets": "modify pets in your account", + "read:pets": "read your pets" + } + } + }, + "security": [ + { + "api_key": [] + }, + { + "petstore_auth": [ + "write:pets", + "read:pets" + ] + } + ] +} +---- + +The above code is secure because it defines the securityDefinitions section properly. It includes both API Key and OAuth2 security schemes and references them in the security section at the root level of the API specification. Plus, OAuth2 utilizing 'implicit' flow involves scopes, and the scopes are defined at the global level, thus enforcing security at the API level. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-20.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-20.adoc new file mode 100644 index 0000000000..71e36b1142 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-20.adoc @@ -0,0 +1,72 @@ + +== API keys transmitted over cleartext + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 868cc0cb-868c-4caa-bb29-d5aaa1d1b5ff + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/ClearTextAPIKey.py[CKV_OPENAPI_20] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is essentially checking for instances where API keys may be sent over unencrypted, plain text. The danger or risk associated with violation of this policy is that it could lead to potential security breaches. If API keys are sent over clear text, it could potentially be intercepted and inappropriately used by malicious third parties, leading to unauthorized access, data theft or other harmful malicious activities. + +=== Fix - Buildtime + +*OpenAPI* + +To address the issue, we need to create an OpenAPI specification that follows secure communication protocols and proper API key handling. Here's an example OpenAPI spec in YAML format that would comply with this policy: + +[source,yaml] +---- +openapi: 3.0.0 +info: + title: Secure API + version: 1.0.0 + +servers: + - url: https://api.example.com + description: Secure server + +components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: X-API-KEY + +paths: + /secureEndpoint: + get: + summary: Secure endpoint requiring API key + security: + - ApiKeyAuth: [] + responses: + '200': + description: Success +---- + + +1. **Use of HTTPS**: The `servers` section specifies a URL that begins with `https://`, ensuring that all data, including API keys, is encrypted in transit. This is crucial to prevent interception of sensitive data, including API keys, by unauthorized parties. + +2. **Security Schemes**: In the `components.securitySchemes`, an API key security scheme is defined (`ApiKeyAuth`). This specifies that the API key should be included in the request header. The key is named `X-API-KEY`, indicating where and how the API key should be sent. + +3. **Secure Endpoints**: Under `paths`, the `/secureEndpoint` path is defined to use the `ApiKeyAuth` security scheme, meaning that accessing this endpoint requires a valid API key. The security requirement at the operation level ensures that each request to this endpoint must include the API key in the header, as defined in the `securitySchemes`. + +By adhering to these practices, the OpenAPI spec ensures secure communication (via HTTPS) and proper handling of API keys, thus complying with the `ClearTestAPIKey` Checkov policy. This policy checks for the use of insecure protocols (like HTTP or WS) and the improper handling of API keys, both of which are addressed in the provided spec. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-21.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-21.adoc new file mode 100644 index 0000000000..fec0a7e50f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-21.adoc @@ -0,0 +1,66 @@ + +== Array does not have a maximum number of items + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| c521be55-0c0d-4544-9764-1a761f9c5f72 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/NoMaximumNumberItems.py[CKV_OPENAPI_21] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy checks whether arrays in OpenAPI definitions have a specified maximum amount of items. This is important for security and performance reasons. If there's no set limit, it might lead to problems like buffer overflow, which can allow unauthorized access or remote code execution. Additionally, huge arrays can cause the system to slow down or even crash due to running out of memory. Therefore, a certain limit should be defined for the number of items in an array to prevent these potential threats. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you will have to specify a maximum number of items for each array in your API's schema definition. + +[source,yaml] +---- +openapi: "3.0.0" +info: + version: "1.0.0" + title: "An API for temperature measurements" +paths: + /temperatures: + get: + responses: + "200": + content: + application/json: + schema: + type: "array" + maxItems: 10 + items: + $ref: "#/components/schemas/Temperature" +components: + schemas: + Temperature: + type: "object" + properties: + id: + type: "string" + value: + type: "number" +---- + +The above code is secure because it ensures that there is a limit on the number of items that can be returned in a response from the "/temperatures" endpoint. Without this limit, larger-than-expected responses could lead to performance issues or even application crashes. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-7.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-7.adoc new file mode 100644 index 0000000000..3367218999 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-7.adoc @@ -0,0 +1,52 @@ +== The path scheme is supports unencrypted HTTP connections + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| b9bf2d88-0a21-4411-bcfe-af19049cd35d + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/PathSchemeDefineHTTP.py[CKV_OPENAPI_7] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy is checking to ensure that the path scheme of the application programming interface (API) does not support unencrypted HTTP connections. An unencrypted HTTP connection means that all data transmitted between the user and the website is sent in plaintext, which can be easily intercepted and read by third parties. This presents a significant security risk as sensitive data like personal information, passwords, credit card details, etc., could be exposed and exploited. Thus, it's extremely important to use encrypted connections, like HTTPS, to secure data in transit and protect against possible attacks. + +=== Fix - Buildtime + +*OpenAPI* + +To fix the issue, you should ensure that your API supports only HTTPS connections and not HTTP. This can be done by defining the 'schemes' parameter in your OpenAPI definition to only contain 'https'. + +[source,yaml] +---- +openapi: 3.0.0 +info: + title: Sample API + description: API description in Markdown. + version: 1.0.0 +servers: + - url: https://api.example.com/v1 +paths: + /users: + get: + summary: Returns a list of users. + description: Optional extended description in Markdown. +---- + +The above code is secure as it ensures all data transmitted between the client and server is encrypted. It uses the 'https' scheme for the API, which means all the data to and from the server is sent over an encrypted HTTP connection. This is important as it prevents potential attackers from intercepting or tampering with the data. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-8.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-8.adoc new file mode 100644 index 0000000000..bba66eea3c --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-8.adoc @@ -0,0 +1,55 @@ +== API spec includes a 'password' flow in OAuth2 authentication + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| bb8d8b60-7c04-4503-b9ea-54df1b28b1f0 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityPasswordFlow.py[CKV_OPENAPI_8] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy evaluates if 'password' flow is being used in OAuth2 authentication specifically for version 2.0 files. The 'password' flow, also known as the Resource Owner Password Credentials flow, is generally not secure. It involves providing the user's credentials (username and password) directly to the client, which then exchanges these for an access token. This method can expose user credentials to a potentially malicious client, creating a significant security risk. Therefore, it is not recommended to use the 'password' flow in OAuth2 authentication unless it's assumed that the client is highly trustworthy. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue, you need to modify the specification of your OAuth2 authentication to not use 'password' flow. This is because 'password' flow of OAuth2 authentication is less secure compared to other flows like 'authorization_code', 'implicit', etc. + +[source,yaml] +---- +components: + securitySchemes: + OAuth2: + type: oauth2 + flows: + implicit: + authorizationUrl: http://api.example.com/auth + scopes: + read: Grants read access + write: Grants write access + authorizationCode: + authorizationUrl: http://api.example.com/auth + tokenUrl: http://api.example.com/token + scopes: + admin: Grants access to admin operations +---- + +The above code is secure because it uses 'implicit' and 'authorizationCode' flows of OAuth2 authentication instead of the 'password' flow. Both 'implicit' and 'authorizationCode' flows are OAuth2's response types that are more secure than the 'password' flow. 'implicit' flow is recommended for applications whose server side components are not capable of maintaining the confidentiality of the client secret while 'authorizationCode' flow is used when the client is confidential (can keep a secret) and maintains a server-side component. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-9.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-9.adoc new file mode 100644 index 0000000000..f7f6ff956d --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-9.adoc @@ -0,0 +1,49 @@ + +== Security scopes of operations are not defined in securityDefinition + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 67ec7cac-244d-4c13-b286-2fd8b2e01e27 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectSecurityScopeUndefined.py[CKV_OPENAPI_9] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|OpenAPI + +|=== + +=== Description + +This policy looks into the security definitions in OpenAPI 2.0 files to ensure that security scopes for operations are properly defined. If they are not properly defined, it could lead to insecure API endpoints, potentially leaving the application vulnerable to unauthorized access or breaches. This could result in unauthorized data access, manipulation, or even system takeover, hence it's crucial to ensure each operation has been mapped with the correct security scope. + +=== Fix - Buildtime + +*OpenAPI* + +To fix this issue in your OpenAPI (Swagger) file, define security scopes that allow you to set the level of access for each API operation. Specifically, include each security scope within the `securityDefinition` block. + +[source,yaml] +---- +securityDefinitions: + my_oauth: + type: oauth2 + scopes: + 'read:stuff': Read access to the stuff + 'write:stuff': Write access to the stuff + flow: implicit + authorizationUrl: https://oauth.example.com/authorize +---- + +In the above code, `my_oauth` defines an OAuth security scheme where 'read:stuff' and 'write:stuff' are the specific scopes. The 'read:stuff' and 'write:stuff' scopes indicate the actions that can be performed when a user is granted these permissions. This structure ensures that API consumers understand what specific authorizations are required to access each operation. This is a strong practice in securing your API as it provides granularity in access control for each operation in your API specification. + diff --git a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/openapi-policies.adoc b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/openapi-policies.adoc index 654dab6c0e..8986499a78 100644 --- a/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/openapi-policies.adoc +++ b/docs/en/enterprise-edition/policy-reference/api-policies/openapi-policies/openapi-policies.adoc @@ -35,5 +35,80 @@ |HIGH -|=== +|xref:bc-openapi-19.adoc[The global security scope is not defined in the securityDefinitions] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSecurityScopeUndefined.py +|MEDIUM + + +|xref:bc-openapi-15.adoc[Operation Objects Uses Basic Auth] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectBasicAuth.py +|HIGH + + +|xref:bc-openapi-7.adoc[The path scheme is supports unencrypted HTTP connections] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/PathSchemeDefineHTTP.py +|HIGH + + +|xref:bc-openapi-14.adoc[Operation Objects Uses 'Implicit' Flow] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectImplicitFlow.py +|MEDIUM + + +|xref:bc-openapi-18.adoc[Global schemes use 'httpa' protocol instead of 'https'] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSchemeDefineHTTP.py +|HIGH + + +|xref:bc-openapi-13.adoc[Security definitions uses basic auth] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityDefinitionBasicAuth.py +|HIGH + + +|xref:bc-openapi-12.adoc[Security definition uses the deprecated implicit flow on OAuth2] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionImplicitFlow.py +|MEDIUM + + +|xref:bc-openapi-11.adoc[Operation object uses 'password' flow in OAuth2 authentication] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionPasswordFlow.py +|HIGH + +|xref:bc-openapi-10.adoc[Operation object uses 'password' flow in OAuth2 authentication] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2OperationObjectPasswordFlow.py +|HIGH + + +|xref:bc-openapi-21.adoc[Array does not have a maximum number of items] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/NoMaximumNumberItems.py +|MEDIUM + + +|xref:bc-openapi-9.adoc[Security scopes of operations are not defined in securityDefinition] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectSecurityScopeUndefined.py +|MEDIUM + + +|xref:bc-openapi-17.adoc[Operation objects for PUT, POST, and PATCH operations do not have a 'consumes' field defined] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectConsumesUndefined.py +|MEDIUM + + +|xref:bc-openapi-16.adoc[Operation objects do not have the 'produces' field defined for GET operations] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectProducesUndefined.py +|LOW + + +|xref:bc-openapi-8.adoc[API spec includes a 'password' flow in OAuth2 authentication] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityPasswordFlow.py +|HIGH + + +|xref:bc-openapi-20.adoc[API keys transmitted over cleartext] +| https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/ClearTextAPIKey.py +|HIGH + + + +|=== diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-51.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-51.adoc new file mode 100644 index 0000000000..0a6cc9b594 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-51.adoc @@ -0,0 +1,58 @@ +== AWS API Gateway endpoints without client certificate authentication + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 82493c0b-f4d0-4a82-a5b5-a85df8e78e19 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayEndpointsUsesCertificateForAuthentication.yaml[CKV2_AWS_51] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy detects AWS API Gateway endpoints that do not use client certificate authentication. Client certificate authentication provides an additional layer of security by requiring clients to present a valid certificate issued by a trusted Certificate Authority (CA) in order to authenticate and establish a secure connection with the API Gateway endpoint. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_api_gateway_stage +* *Arguments:* client_certificate_id + +To fix the issue, the `client_certificate_id` argument should be provided in the `aws_api_gateway_stage` resource. This argument allows you to specify the identifier of the ClientCertificate resource that represents the client certificate to use for authentication. + +Secure code example: + +[source,terraform] +---- +resource "aws_api_gateway_stage" "example" { + stage_name = "prod" + rest_api_id = aws_api_gateway_rest_api.example.id + deployment_id = aws_api_gateway_deployment.example.id ++ client_certificate_id = aws_api_gateway_client_certificate.example.id +} + +resource "aws_api_gateway_client_certificate" "example" { + certificate_body = filebase64("client_certificate.pem") + certificate_chain = filebase64("certificate_chain.pem") + private_key = filebase64("private_key.pem") +} +---- + +In the above code example, the `aws_api_gateway_stage` resource includes the `client_certificate_id` argument which references the `aws_api_gateway_client_certificate` resource. This ensures that client certificate authentication is enabled for the API Gateway endpoint. + +By providing a valid client certificate, clients must present this certificate and undergo a mutual authentication process to establish a secure connection with the API Gateway endpoint, enhancing the overall security of the system. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-53.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-53.adoc new file mode 100644 index 0000000000..84b51afab5 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-53.adoc @@ -0,0 +1,51 @@ +== AWS API gateway request parameter is not validated + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| fccd881f-26d1-485d-a742-3602afe72035 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/APIGatewayRequestParameterValidationEnabled.yaml[CKV2_AWS_53] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy detects whether the AWS API Gateway has request validation enabled. Request validation is crucial for ensuring that the input parameters of each request to the API Gateway are properly validated, which helps prevent security vulnerabilities such as injection attacks and data breaches. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_api_gateway_method +* *Arguments:* request_validator_id + +To fix this issue, add the request_validator_id argument to the aws_api_gateway_method resource in your Terraform code. This argument configures request validation settings for the API Gateway method. Make sure to specify the required input parameters and their validation requirements. + +Secure code example: + +[source,go] +---- +resource "aws_api_gateway_method" "MyDemoMethod" { + rest_api_id = aws_api_gateway_rest_api.MyDemoAPI.id + resource_id = aws_api_gateway_resource.MyDemoResource.id + http_method = "GET" + authorization = "NONE" ++ request_validator_id = example.id +} +---- + +The above code is secure based on the policy because it configures the request_validator_id argument in the aws_api_gateway_method resource. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-55.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-55.adoc new file mode 100644 index 0000000000..566898f1ef --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-55.adoc @@ -0,0 +1,49 @@ +== AWS EMR cluster is not configured with security configuration + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| fdb20dde-b829-4385-b6b8-eb29f6379e8c + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/EMRClusterHasSecurityConfiguration.yaml[CKV2_AWS_55] + +|Severity +|INFO + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy detects if an AWS EMR cluster is not configured with a security configuration. The security configuration of an EMR cluster determines things like encryption settings and security group rules. If such a configuration is not set, the cluster may be vulnerable to attacks or data breaches. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_emr_cluster +* *Arguments:* security_configuration + +To fix the issue, name a valid security configuration in the `security_configuration` argument of the `aws_emr_cluster` resource. + +Secure code example: + +[source,go] +---- +resource "aws_emr_cluster" "example" { + ... + security_configuration = aws_emr_security_configuration.example.name + ... +} +---- + +The above code is secure because it names a valid security configuration for the AWS EMR cluster, reducing its vulnerability to attacks or data breaches. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57.adoc new file mode 100644 index 0000000000..daf5ada952 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-57.adoc @@ -0,0 +1,54 @@ +== AWS Secret Manager Automatic Key Rotation is not enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| fd6a6fc7-8c83-4b3c-b239-7fbdd42abc42 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/SecretsAreRotated.yaml[CKV2_AWS_57] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy detects whether rotation is enabled for Secrets in AWS Secrets Manager. Enabling rotation for secrets helps reduce the risk of unauthorized access to the secrets. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_secretsmanager_secret +* *Arguments:* aws_secretsmanager_secret_rotation + + +[source,go] +---- +resource "aws_secretsmanager_secret" "example" { + name = "example-secret" + # Other necessary configurations +} + ++resource "aws_secretsmanager_secret_rotation" "example" { ++ secret_id = aws_secretsmanager_secret.example.id ++ rotation_lambda_arn = aws_lambda_function.example.arn ++ rotation_rules { ++ automatically_after_days = 30 ++ } ++ # Other necessary configurations ++} +---- + +In this Terraform example, an aws_secretsmanager_secret resource is declared to create a new secret in AWS Secrets Manager, and an aws_secretsmanager_secret_rotation resource is configured to enable automatic rotation for that secret. The aws_secretsmanager_secret_rotation resource references the secret by its ID and specifies a Lambda function ARN that will handle the rotation logic, with rotation rules stating how frequently the secret should be rotated (e.g., every 30 days). To satisfy the policy, the example assumes that the Lambda function and necessary IAM roles and policies are correctly set up to perform the rotation, which are essential components for enabling and executing automatic rotation. diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-58.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-58.adoc new file mode 100644 index 0000000000..31ddfa927b --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-58.adoc @@ -0,0 +1,49 @@ +== AWS Neptune cluster deletion protection is disabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| fd9b71b1-a601-4c6b-b6f2-a8290ece5680 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/NeptuneDeletionProtectionEnabled.yaml[CKV2_AWS_58] + +|Severity +|INFO + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy ensures that AWS Neptune clusters have deletion protection enabled. Deletion Protection safeguards against accidental deletion of AWS resources, allowing for greater data protection and security. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_neptune_cluster +* *Arguments:* deletion_protection + +To fix this issue, you need to set the 'deletion_protection' parameter to 'true' in the AWS Neptune cluster settings. + +Secure code example: + +[source,go] +---- +resource "aws_neptune_cluster" "example" { + cluster_identifier = "example" ++ deletion_protection = true +} +---- + +The above code is secure as it has deletion protection enabled, which prevents accidental removal of AWS resources. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-59.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-59.adoc new file mode 100644 index 0000000000..2c880512d8 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-59.adoc @@ -0,0 +1,54 @@ +== AWS Elasticsearch domain has Dedicated master set to disabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 5727a110-89e3-4f9f-befa-6ed9d2f474a1 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/ElasticSearchDedicatedMasterEnabled.yaml[CKV2_AWS_59] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy checks if Elasticsearch/OpenSearch clusters are configured with a dedicated master node. Having a dedicated master node for Elasticsearch/OpenSearch clusters helps ensure that the cluster’s state and health status is managed properly and prevents the cluster from becoming unstable in case of failures. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_opensearch_domain, aws_elasticsearch_domain +* *Arguments:* cluster_config.dedicated_master_enabled + +To fix the issue, ensure the 'dedicated_master_enabled' configuration is set to 'true' inside the 'cluster_config' block of the Elasticsearch or OpenSearch domain resource. + +Secure code example: + +[source,go] +---- +resource "aws_elasticsearch_domain" "example" { + domain_name = "example" + + cluster_config { + instance_count = 5 ++ dedicated_master_enabled = true + dedicated_master_type = "m3.medium.elasticsearch" + } +} +---- + +The above code is secure as it enables a dedicated master node in the Elasticsearch/OpenSearch domain, which provides better control and stability over the cluster's state and health status. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-60.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-60.adoc new file mode 100644 index 0000000000..0bceb9c97f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-2-60.adoc @@ -0,0 +1,52 @@ +== AWS RDS instance with copy tags to snapshots disabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1f524c07-3254-45a0-8ad7-03e29242c499 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/aws/RDSEnableCopyTagsToSnapshot.yaml[CKV2_AWS_60] + +|Severity +|INFO + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy ensures that tags are copied when creating snapshots of an Amazon RDS database instance. Tags are metadata that you can assign to AWS resources. They enable you to categorize resources in different ways, for example, by purpose, owner, or environment. When tags are copied to snapshots, it provides continuity and orderliness in managing resources, especially when using cost allocation reports. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_db_instance +* *Arguments:* copy_tags_to_snapshot + +The issue can be fixed by setting the `copy_tags_to_snapshot` attribute to true in the database instance resource block of the Terraform file. + +Secure code example: + +[source,go] +---- +resource "aws_db_instance" "mysql" { + name = "mydb" + engine = "mysql" + instance_class = "db.t3.micro" + allocated_storage = "20" + tags = {Name = "mydb"} ++ copy_tags_to_snapshot = true +} +---- + +With `copy_tags_to_snapshot` set as true, all the tags assigned to the database instance will be copied onto any automated or manual snapshots of the database when the snapshots are created. This enables easy resource management and efficient cost allocation tracking. diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-267.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-267.adoc new file mode 100644 index 0000000000..4a49a246cd --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-267.adoc @@ -0,0 +1,60 @@ + +== Comprehend Entity Recognizer's model is not encrypted by KMS using a customer managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 0fbde6f9-78ad-41c7-8be7-9bc589c66320 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ComprehendEntityRecognizerModelUsesCMK.py[CKV_AWS_267] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is assessing whether the Amazon Comprehend Entity Recognizer's model is encrypted using a Key Management Service (KMS) with a Customer Managed Key (CMK). An unencrypted model may be exposed to certain threats such as unauthorized access or potential data breaches. By using a KMS with a CMK, users have more control and oversight over who can use or manage their keys, enabling a higher level of data protection. Therefore, failing to use CMKs in this context could lead to vulnerabilities in data security and compliance risks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_comprehend_entity_recognizer +* *Arguments:* model_kms_key_id + +To fix this issue, you need to configure the AWS Comprehend Entity Recognizer model with a KMS key. The KMS key must be a customer managed key, not the default AWS key. Specify the key ARN in the `model_kms_key_id` field in the resource block for the Comprehend Entity Recognizer. + +[source,go] +---- +resource "aws_kms_key" "key" { + description = "Customer Managed Key for Comprehend Entity Recognizer" + deletion_window_in_days = 10 +} + +resource "aws_comprehend_entity_recognizer" "entity_recognizer" { + name = "test-entity-recognizer" + data_access_role_arn = aws_iam_role.role.arn + input_data_config { + data_format = "ONE_DOC_PER_LINE" + entity_types { + type = "TEST_ENTITY_TYPE" + } + s3_uri = aws_s3_bucket_object.test.bucket + } + model_kms_key_id = aws_kms_key.key.arn +} +---- +The code above creates a new Customer Managed Key (CMK) and uses it to secure the Comprehend data. The `model_kms_key_id` field specifies the ARN of the KMS key that is used to encrypt the Comprehend Entity Recognizer model. This ensures that your data is encrypted with a key that you manage, providing an additional level of control over data encryption and decryption. This provides better security compared to using the default AWS-managed key. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-268.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-268.adoc new file mode 100644 index 0000000000..c1f9477835 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-268.adoc @@ -0,0 +1,49 @@ + +== Comprehend Entity Recognizer's volume is not encrypted by KMS using a customer managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 6b4b54a6-fdf4-45fe-900b-eef13fee6304 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ComprehendEntityRecognizerVolumeUsesCMK.py[CKV_AWS_268] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy checks for encryption settings in AWS (Amazon Web Services) cloud infrastructure. In particular, it focuses on verifying if Elastic File System (EFS) data at rest is protected through encryption. + +Encryption is vital for data security because it converts data into a format that can't be read without a decryption key. Failures to encrypt data at rest can lead to data breaches and unauthorized access, which may violate data privacy laws and regulations, and potentially harm the business' reputation and customer trust. Thus, it is crucial to maintain appropriate encryption measures. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_comprehend_entity_recognizer +* *Arguments:* volume_kms_key_id + +Ensure you configure the `volume_kms_key_id` attribute within the `aws_comprehend_entity_recognizer` resource block. This ID should point to the Amazon Resource Name (ARN) of the KMS Key that will be used to encrypt your log group. + +[source,go] +---- +resource "aws_comprehend_entity_recognizer" "example" { + name = "example" + ... + volume_kms_key_id = "arn:aws:kms:us-east-1:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef" +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-269.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-269.adoc new file mode 100644 index 0000000000..77fae33c38 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-269.adoc @@ -0,0 +1,57 @@ +== Connect Instance Kinesis Video Stream Storage Config is not using CMK for encryption + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| e435fe0d-9592-4fd5-a4a7-11148c55f2d5 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py[CKV_AWS_269] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy pertains to Amazon Connect instances leveraging Kinesis Video Stream Storage and checks if the Customer Master Key (CMK) is used for encryption. If the CMK is not utilized, the security of the stored video streams can be compromised. CMK allows for stringent access control and monitoring, providing an additional layer of security. Without it, unauthorized individuals can gain access to the video streams, raising potential confidentiality and privacy issues. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_connect_instance_storage_config +* *Arguments:* storage_config.kinesis_video_stream_config.encryption_config.key_id + +To fix the issue, you should make sure that the AWS Connect Instance Kinesis Video Stream Storage is configured to use a CMK (Customer Master Key) for encryption. + +[source,go] +---- +resource "aws_connect_instance_storage_config" "pass" { + instance_id = aws_connect_instance.pass.id + resource_type = "MEDIA_STREAMS" + + storage_config { + kinesis_video_stream_config { + prefix = "pass" + retention_period_hours = 3 + + encryption_config { + encryption_type = "KMS" ++ key_id = aws_kms_key.test.arn + } + } + storage_type = "KINESIS_VIDEO_STREAM" + } +} +---- diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-270.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-270.adoc new file mode 100644 index 0000000000..37b9a8cf26 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-270.adoc @@ -0,0 +1,59 @@ + +== The Connect Instance S3 Storage Configuration utilizes Customer Managed Key. + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| cf6967e2-c450-4d5a-aa84-86d68ca68930 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ConnectInstanceS3StorageConfigUsesCMK.py[CKV_AWS_270] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy checks whether an Amazon Connect instance uses a Customer Master Key (CMK) for its S3 storage configuration. It underscores the importance of encrypting data at rest to prevent unauthorized access to sensitive information. The use of a CMK allows more granular control over the cryptographic keys, including the ability to create, rotate, disable, and define access permissions and usage. Thus, it significantly enhances the data security posture. If the policy check fails, it indicates that the Amazon Connect instance's S3 storage is either not encrypted or using default encryption, which presents a potential security risk. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_connect_instance_storage_config +* *Arguments:* storage_config.s3_config.encryption_config.key_id + +You should configure the 'key_id' service to use AWS Key Management Service (AWS KMS), this will allow control over who can use the master key and decrypt messages. + +[source, go] +---- +resource "aws_connect_instance_storage_config" "pass" { + instance_id = aws_connect_instance.pass.id + resource_type = "CHAT_TRANSCRIPTS" + + storage_config { + s3_config { + bucket_name = aws_s3_bucket.pass.id + bucket_prefix = "pass" + + encryption_config { + encryption_type = "KMS" ++ key_id = aws_kms_key.example.arn + } + } + storage_type = "S3" + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-271.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-271.adoc new file mode 100644 index 0000000000..e1c0ba2d59 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-271.adoc @@ -0,0 +1,51 @@ + +== DynamoDB table replica does not use CMK KMS encryption + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 406c6932-46e8-49fc-90c3-69026ea857e9 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DynamoDBTableReplicaKMSUsesCMK.py[CKV_AWS_271] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is ensuring that the replica of a DynamoDB table is encrypted using a Customer Managed Key (CMK) under Key Management Service (KMS). It's crucial since it affirms that a user has direct control over the cryptographic keys used for encryption, which gives them granular control over who can use the keys and for what. If the unique keys are not managed by the user, it can lead to unauthorized access or breaches, posing significant security risks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_dynamodb_table_replica +* *Arguments:* kms_key_arn + +To fix this issue, you should ensure that DynamoDB global tables use a Customer Managed Key (CMK) for encryption rather than the default Amazon Managed Key. This can be done by specifying the `aws_kms_key_id` property. + +[source,hcl] +---- +resource "aws_dynamodb_table_replica" "pass" { + provider = "aws.alt" + global_table_arn = aws_dynamodb_table.pass.arn + kms_key_arn = aws_kms_key.test.arn + + tags = { + Name = "taggy" + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-272.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-272.adoc new file mode 100644 index 0000000000..d6dfbe1036 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-272.adoc @@ -0,0 +1,60 @@ + +== AWS Lambda function is not configured to validate code-signing + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| b4e32eaa-9cf9-4fa1-9d34-ecf08b711b19 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaCodeSigningConfigured.py[CKV_AWS_272] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy ensures that an AWS Lambda function has been properly configured to validate code-signing. If not correctly set up, it could mean that your AWS Lambda function is running code that has not been authenticated. This lack of validation raises a significant security concern, as your service could be running code that has been tampered with or injected with malicious code. This could lead to unauthorized access, data leaks, or compromise of the service. Therefore, it is vital to check and ensure that Lambda functions are enforced to validate code-signing for security. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_lambda_function +* *Arguments:* code_signing_config_arn + +To address the issue, you need to enable the code-signing configuration for your AWS Lambda function. Code-signing adds an extra layer of security to your application by ensuring that the deployed code is not tampered with. + +[source,go] +---- +resource "aws_lambda_function" "example" { + function_name = "example" + filename = "example.zip" + source_code_hash = filebase64sha256("example.zip") + handler = "exports.test" + runtime = "nodejs12.x" + ++ code_signing_config_arn = aws_lambda_code_signing_config.example.arn +} + +resource "aws_lambda_code_signing_config" "example" { + allowed_publishers { + signing_profile_version_arns = [aws_signer_signing_profile_version.example.arn] + } + + policies = "Warn" +} +---- + +In the above code, `aws_lambda_function` is configured with the `code_signing_config_arn` attribute. diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-278.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-278.adoc new file mode 100644 index 0000000000..fab85c8c71 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-278.adoc @@ -0,0 +1,47 @@ + +== MemoryDB snapshot is not encrypted by KMS using a customer managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1ebbda07-b7a0-4130-a1ae-b38f764930d4 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/MemoryDBSnapshotEncryptionWithCMK.py[CKV_AWS_278] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking if MemoryDB snapshots are encrypted by KMS using a Customer Managed Key (CMK). MemoryDB snapshots store data from your in-memory databases, which may contain sensitive information. If not encrypted, the data in the snapshots can become vulnerable to unauthorized access or breaches. The AWS Key Management Service (KMS) provides a way to encrypt this data, and specifically, it should use a Customer Managed Key (CMK) which gives users more flexibility and control over their data encryption. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_memorydb_snapshot +* *Arguments:* kms_key_arn + +To fix this issue, you need to ensure that MemoryDB snapshots are encrypted using a KMS customer managed key. Here's how you can modify your Terraform code: + +[source,go] +---- +resource "aws_memorydb_snapshot" "pass" { + cluster_name = "sato" + name = "pike" ++ kms_key_arn = aws_kms_key.example.arn +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-279.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-279.adoc new file mode 100644 index 0000000000..9eca0101f0 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-279.adoc @@ -0,0 +1,55 @@ + +== Neptune snapshot is not securely encrypted + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| d7e4115f-f986-4775-be32-2646b4c72575 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterSnapshotEncrypted.py[CKV_AWS_279] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that snapshots of Neptune, Amazon's managed graph database service, are securely encrypted. Having encryption activated, particularly for sensitive data, is critical for security reasons and confidentiality. Without encryption, your database snapshots could be vulnerable to unauthorized access or potential attacks, which might lead to data leaks or breaches. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_neptune_cluster_snapshot +* *Arguments:* storage_encrypted + +To fix this issue, you need to ensure that your Neptune snapshot is encrypted. The `aws_db_cluster_snapshot` resource in your Terraform configuration needs to have the `storage_encrypted` argument set to `true`. + +[source,hcl] +---- +resource "aws_neptune_cluster" "default" { + cluster_identifier = "neptune-cluster-demo" + engine = "neptune" + ... + storage_encrypted = true +} + +resource "aws_neptune_cluster_snapshot" "snapshot" { + cluster_identifier = aws_neptune_cluster.default.id + db_cluster_snapshot_identifier = "neptune-cluster-snapshot" +} +---- + +By setting the `storage_encrypted` argument to `true`, you're ensuring that your Neptune snapshot is encrypted at rest using Amazon's Key Management Service (KMS). This means that the snapshot and any data associated with it cannot be accessed unless the appropriate key is provided, protecting it from unauthorized use or exposure. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-280.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-280.adoc new file mode 100644 index 0000000000..cc3152dbaa --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-280.adoc @@ -0,0 +1,54 @@ + +== Neptune snapshot is encrypted by KMS using a customer managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| e3156909-bfa2-4972-9e75-cfa27c667abb + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/NeptuneClusterSnapshotEncryptedWithCMK.py[CKV_AWS_280] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that Neptune snapshots are encrypted using a Customer Managed Key (CMK). This is important because Neptune snapshots can contain sensitive data, and encryption helps protect this data from unauthorized access. Specifically, using a Customer Managed Key gives you full control and autonomy over the key management, including its rotation, enabling auditing, and defining the permissions who can use this key. Unencrypted snapshots, or snapshots encrypted with less secure options, can compromise data security, potentially leading to data breaches. Hence, not adhering to this policy can pose significant data security risks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_neptune_cluster_snapshot +* *Arguments:* kms_key_id + +To fix this issue, you need to ensure that Neptune snapshots are encrypted using a KMS CMK. Use the `kms_key_id` argument in the `aws_neptune_cluster_snapshot` resource to specify the CMK. + +[source,go] +---- +resource "aws_kms_key" "key" { + description = "Key for encrypting Neptune snapshots" + deletion_window_in_days = 7 +} + +resource "aws_neptune_cluster_snapshot" "snapshot" { + cluster_identifier = aws_neptune_cluster.default.id + snapshot_identifier = "neptune-snapshot-${aws_neptune_cluster.default.id}" + kms_key_id = aws_kms_key.key.arn //specify the CMK here +} +---- + +This code is secure because it ensures that Neptune snapshots are encrypted with the specified AWS Key Management Service (KMS) customer managed key (CMK). Encryption of sensitive data at rest adds another layer of security and makes it harder for unauthorized individuals to access your data. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-281.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-281.adoc new file mode 100644 index 0000000000..366fe16465 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-281.adoc @@ -0,0 +1,47 @@ + +== RedShift snapshot copy is not encrypted by KMS using a customer managed Key (CMK). + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 299ed98f-120c-428f-a905-65bd129fdc35 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py[CKV_AWS_281] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that RedShift snapshot copies are encrypted using a Key Management Service (KMS), specifically through a Customer Managed Key (CMK). Non-encrypted or poorly encrypted RedShift snapshot data might expose sensitive information that can lead to data breaches or non-compliance with legal and regulatory mandates. Thus, it's crucial to enforce robust encryption using a Customer Managed Key (CMK) for enhanced security. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_redshift_snapshot_copy_grant +* *Arguments:* kms_key_id + +To resolve this issue, you should add the 'KMS Key Id' argument (`kms_key_id`) to your `aws_redshift_snapshot_copy_grant` resources and point it to an existing KMS Key. This will ensure that your RedShift snapshot copies are encrypted with a KMS key that is managed by you. For instance: + +[source,go] +---- +resource "aws_redshift_snapshot_copy_grant" "pass" { + snapshot_copy_grant_name = "my-grant" ++ kms_key_id = aws_kms_key.test.arn +} +---- + +In this code, the 'aws_redshift_cluster' resource includes 'kms_key_id', which is set to the ARN of 'aws_kms_key.mykey'. This means that this KMS key is now used to encrypt snapshot copies of the RedShift cluster. diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-282.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-282.adoc new file mode 100644 index 0000000000..c50fc2c1f3 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-282.adoc @@ -0,0 +1,46 @@ + +== Redshift Serverless namespace is not encrypted by KMS using a customer managed key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| c1962537-be4f-4d56-adc8-25a72869c1f4 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftServerlessNamespaceKMSKey.py[CKV_AWS_282] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that a Redshift Serverless namespace in AWS is encrypted using a customer managed key (CMK) provided by Key Management Service (KMS). This is crucial because encryption adds an additional layer of security to protect data. A customer-managed key offers more flexibility and control over the cryptographic keys, including the ability to implement key rotation, disable, or delete a key. If Redshift Serverless namespaces are not encrypted by a CMK, it implies that default AWS managed keys are being used or data is not encrypted, which can increase the risk of unauthorized data access or breaches. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_redshiftserverless_namespace +* *Arguments:* kms_key_id + +To fix this issue, you need to ensure that your Redshift Serverless namespace is using encryption by a customer-managed key. + +[source,go] +---- +resource "aws_redshiftserverless_namespace" "pass" { + namespace_name = "test-pass-namespace" ++ kms_key_id = aws_kms_key.example.arn +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-292.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-292.adoc new file mode 100644 index 0000000000..331d829225 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-292.adoc @@ -0,0 +1,48 @@ + +== DocDB Global Cluster is not encrypted at rest + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 5e6294f2-8e6e-4e76-ad6d-1177b2178a12 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DocDBGlobalClusterEncryption.py[CKV_AWS_292] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to see if a DocDB Global Cluster is encrypted at rest. The default setting for this is unencrypted. Data encryption at rest is critical for securing sensitive data and protecting it from unauthorized access. If data is not encrypted, it could potentially be exposed to cybercriminals, which could lead to data breaches and other significant security incidents. Therefore, failing to encrypt sensitive data at rest is a significant security risk. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_docdb_global_cluster +* *Arguments:* storage_encrypted + +To fix this issue, you should enable encryption at rest for your DocDB Global Cluster. This can be done by setting the `storage_encrypted` parameter to `true` in your Terraform configuration file. + +[source,hcl] +---- +resource "aws_docdb_global_cluster" "example" { + global_cluster_identifier = "example" + storage_encrypted = true +} +---- + +The above code is secure because setting `storage_encrypted = true` encrypts all data at rest for the DocDB Global Cluster instance. This protects your data by preventing unauthorized access and maintaining its confidentiality even when the storage is compromised. AWS takes care of the encryption and decryption process transparently with minimal impact on performance. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-293.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-293.adoc new file mode 100644 index 0000000000..e7e34a0640 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-293.adoc @@ -0,0 +1,50 @@ + +== AWS database instances do not have deletion protection enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| f94b78fe-3f22-4fde-8cab-add308c6cb23 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSInstanceDeletionProtection.py[CKV_AWS_293] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking for whether AWS database instances have deletion protection enabled or not. If deletion protection is disallowed, there could be potential accidental loss of valuable or critical data. This can happen due to an inadvertent user action. Therefore, it's important for AWS database instances to have deletion protection enabled to prevent the unexpected removal of database that might cause data loss or downtime issues. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_db_instance +* *Arguments:* deletion_protection + +To fix the issue: + +You need to enable `deletion_protection` parameter in the AWS instance block. This ensures that the termination of this DB instance is prevented when this parameter is set to 'true'. + +[source,hcl] +---- +resource "aws_db_instance" "default" { + ... ++ deletion_protection = true +} +---- + +The above code is secure because the `deletion_protection` is set to `true`. This parameter ensures that the AWS database instance cannot be deleted. This adds an extra layer of security against accidental deletions of the AWS database instances. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-294.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-294.adoc new file mode 100644 index 0000000000..7150148071 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-294.adoc @@ -0,0 +1,45 @@ +== AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| c2b84f89-7ec8-473e-a6af-404feeeb96c5 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudtrailEventDataStoreUsesCMK.py[CKV_AWS_294] + +|Severity +|INFO + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy checks to ensure that Cloud Trail Event Data Store uses a Customer Master Key (CMK) for encryption. It's crucial for data security because without the CMK, the default key generated by AWS would be used. If this default key is compromised, the security of all data could be endangered. Hence, to provide an extra layer of control and security, it's advisable to use a Customer Master Key for encryption. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_cloudtrail_event_data_store +* *Arguments:* kms_key_id + +To fix the issue, a custom CMK needs to be specified for the Cloud Trail Event Data Store. This can be achieved by using the AWS Key Management Service (KMS) to create a new CMK and then specifying its ARN in the `kms_key_id` property in your Cloud Trail configuration in your Terraform file. + +[source,go] +---- +resource "aws_cloudtrail_event_data_store" "pass" { + name = "pike-data-store" ++ kms_key_id = aws_kms_key.example.arn +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-295.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-295.adoc new file mode 100644 index 0000000000..165cbe1ea6 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-295.adoc @@ -0,0 +1,48 @@ + +== DataSync Location Object Storage exposes secrets + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| e3bc9262-550f-47f6-96f7-db4bc8f81382 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DatasyncLocationExposesSecrets.py[CKV_AWS_295] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +The policy inspects for any instances where DataSync Location object storage might be revealing secrets. Secrets in this context refer to sensitive information like passwords, API keys, and other such private data. If such secrets are exposed, it means unauthorized individuals could potentially access and manipulate targeted data. The exposure of secrets can lead to serious security risks, including data breaches, unauthorized changes, or even potential system shutdowns. Therefore, ensuring this policy is complied with helps maintain the security and integrity of data. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_datasync_location_object_storage +* *Arguments:* secret_key + +To fix this issue, you should never hard code secrets in your Terraform files. Instead, you should store your secrets in a secure secrets manager and reference them in your Terraform files. + +[source,go] +---- +resource "aws_datasync_location_object_storage" "pass" { + agent_arns = [aws_datasync_agent.example.arn] + server_hostname = "example" + bucket_name = "example" +- secret_key = "OWTHATSBLOWNIT" +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-296.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-296.adoc new file mode 100644 index 0000000000..28b8c8f09a --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-296.adoc @@ -0,0 +1,60 @@ +== DMS endpoint is not using a Customer Managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| cb92477a-1086-43a2-944a-7b3cc9f7762f + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSEndpointUsesCMK.py[CKV_AWS_296] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy ensures that Database Migration Service (DMS) endpoints use a Customer Managed Key (CMK) for encryption. This is crucial because relying on a default encryption key provided by AWS introduces potential security risks. Customer Managed Keys offer a higher level of control over the cryptographic keys, including their rotation and deletion. Lack of such control can lead to unauthorized data accessibility and potential data breaches. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_dms_endpoint +* *Arguments:* server_side_encryption_kms_key_id + +To fix this issue, you must ensure that your AWS DMS (Data Migration Service) endpoint uses a Customer Managed Key (CMK) for encryption. + +[source,go] +---- +resource "aws_dms_endpoint" "pass" { + certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" + database_name = "test" + endpoint_id = "test-dms-endpoint-tf" + endpoint_type = "source" + engine_name = "aurora" + extra_connection_attributes = "" ++ kms_key_arn = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" + password = "test" + port = 3306 + server_name = "test" + ssl_mode = "none" + + tags = { + Name = "test" + } + + username = "test" +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-297.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-297.adoc new file mode 100644 index 0000000000..b33d2eaa63 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-297.adoc @@ -0,0 +1,58 @@ + +== EventBridge Scheduler Schedule is not using a Customer Managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 0a9ecb7e-7cb0-42d5-afa6-8917ad6bdc86 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SchedulerScheduleUsesCMK.py[CKV_AWS_297] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to make sure that EventBridge Scheduler Schedule in AWS utilizes a Customer Managed Key (CMK) for encryption. This is crucial for maintaining secure data practices because CMKs offer increased control over key rotation, allowing a system administrator to manually rotate, disable, or re-enable a CMK. Without the use of a CMK, encryption keys will be solely managed by AWS, leading to less flexibility and potential security risks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_scheduler_schedule +* *Arguments:* kms_key_arn + +To fix this issue, you should use a Customer Managed Key (CMK) for the EventBridge Scheduler Schedule. + +[source,go] +---- +resource "aws_scheduler_schedule" "pass" { + name = "my-schedule" + group_name = "default" + + flexible_time_window { + mode = "OFF" + } + + schedule_expression = "rate(1 hour)" ++ kms_key_arn = "arn:aws:kms:eu-west-2:680235478471:key/a61e2553-18fe-40b8-a959-bf775459ed46" + + target { + arn = aws_sqs_queue.example.arn + role_arn = aws_iam_role.example.arn + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-298.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-298.adoc new file mode 100644 index 0000000000..fab181aeaa --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-298.adoc @@ -0,0 +1,47 @@ +== The DMS S3 does not use a Customer Managed Key (CMK) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 26a99f76-1559-4581-8817-668d04e20724 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DMSS3UsesCMK.py[CKV_AWS_298] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that the AWS Database Migration Service (DMS) S3 is utilizing a Customer Managed Key (CMK) for encryption. If this policy is not adhered to, it could potentially create a security risk as AWS managed keys may not provide the same level of control and access restrictions that a CMK would. This could leave sensitive data exposed or vulnerable to unauthorized access or breaches. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_dms_s3_endpoint +* *Arguments:* kms_key_arn + +To fix this issue, you need to set the "kms_key_arn" attribute in your DMS S3 configuration block. + +[source,hcl] +---- +resource "aws_dms_s3_endpoint" "test_dms_endpoint_s3" { ++ kms_key_arn = "arn:aws:kms:us-west-2:111122223333:key/abcd1234-a123-456a-a12b-a123b4cd56ef" + ... +} +---- + +The above Terraform code is secure because by adding kms_key_arn parameter with the value of the ARN of the Customer Managed Key, you ensure that a Customer Managed Key is used with DMS S3. This allows you to have more granular control over data encryption and decryption. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-300.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-300.adoc new file mode 100644 index 0000000000..c7ac1a7b94 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-300.adoc @@ -0,0 +1,54 @@ + +== S3 lifecycle configuration does not set a period for aborting failed uploads + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 91986a59-e939-4831-b1d5-f06086df5336 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/S3AbortIncompleteUploads.py[CKV_AWS_300] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that there is a specified time period set for aborting failed uploads in the Amazon S3 lifecycle configuration. This is critical for preventing incomplete multipart uploads from consuming unnecessary storage, which could increase costs and potentially slow down system performance. If a multipart upload event fails, without a specified abort period, the partially uploaded data will continue to occupy space and accumulate associated charges. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_s3_bucket_lifecycle_configuration +* *Arguments:* abort_incomplete_multipart_upload + +To achieve this, you need to add the `abort_incomplete_multipart_upload` attribute. + +[source,go] +---- +resource "aws_s3_bucket_lifecycle_configuration" "pass" { + bucket = aws_s3_bucket.bucket.id + + rule { ++ abort_incomplete_multipart_upload { ++ days_after_initiation = 7 ++ } + filter {} + id = "log" + status = "Enabled" + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-301.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-301.adoc new file mode 100644 index 0000000000..785db54ca6 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-301.adoc @@ -0,0 +1,48 @@ +== AWS Lambda Function resource-based policy is overly permissive + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 805cd86b-3e3e-4913-9f12-0b208c657b23 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/LambdaFunctionIsNotPublic.py[CKV_AWS_301] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is examining AWS Lambda functions to ensure they aren't publicly accessible. Having AWS Lambda functions that can be accessed by anyone can lead to sinister activities such as data theft, data manipulation, or other forms of unauthorized access. It's considered bad practice and a security risk, as it allows any anonymous user to invoke the function, potentially leading to misuse of the function or exposure of sensitive information. Therefore, it's important to have controls on who can execute the function, for example, authenticated or identified users only. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_lambda_permission +* *Arguments:* principal + +To fix this issue, ensure the AWS Lambda function is not publicly accessible by restricting access to trusted entities only. Set 'principal' to a specific AWS resource or user-account other than '*'. + +[source,hcl] +---- +resource "aws_lambda_permission" "with_s3" { + statement_id = "AllowExecutionFromS3Bucket" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.example.function_name +- principal = "*" + source_arn = "arn:aws:s3:::example_bucket" +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-302.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-302.adoc new file mode 100644 index 0000000000..aca265d6fb --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-302.adoc @@ -0,0 +1,47 @@ +== AWS RDS snapshots are accessible to public + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| a707de6a-11b7-478a-b636-5e21ee1f6162 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/DBSnapshotsArePrivate.py[CKV_AWS_302] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that database snapshots are not publicly accessible. Database snapshots are backups of your database that allow you to restore data from a particular point in time. Making these snapshots public can expose sensitive information, compromising the integrity and security of the data stored in your database. Therefore, it's crucial to keep these snapshots private to prevent unauthorized access and the potential misuse of your data. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_db_snapshot +* *Arguments:* shared_accounts + +To fix this issue, you need to ensure that `shared_accounts` is not set to `all`. + +[source,go] +---- +resource "aws_db_snapshot" "fail" { + db_instance_identifier = aws_db_instance.bar.id + db_snapshot_identifier = "testsnapshot1234" +- shared_accounts=["all"] +} +---- + + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-303.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-303.adoc new file mode 100644 index 0000000000..c386084883 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-303.adoc @@ -0,0 +1,54 @@ +== AWS SSM documents are public + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| b7673d43-cf84-4cb9-9e00-60d99365f35f + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SSMDocumentsArePrivate.py[CKV_AWS_303] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that SSM (Simple Systems Manager) documents are not public. SSM documents are a set of instructions that an instance follows, such as software configurations. Making them publicly accessible can pose a security risk as it exposes potentially sensitive information. Unauthorized users could gain insight into the system’s configuration, dependencies, or other valuable data, which can be exploited leading to data breaches or system compromises. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_ssm_document +* *Arguments:* permissions.account_ids + +To fix the issue, you should ensure that AWS SSM documents have permissions that restrict public access. You can modify the "permissions" argument of the aws_ssm_document resource to exclude "all", which represents public access. Here is an example: + +[source,go] +---- +resource "aws_ssm_document" "example" { + name = "example" + document_type = "Command" + + permissions = { + type = "Share" +- account_ids = All ++ account_ids = [data.aws_caller_identity.current.account_id] + } + ... +} +---- + +This code is securing the SSM Document by restricting its access only to the specified AWS account. Instead of allowing public access with "All", it's specifying an AWS Role as the transfer. This means only those with that specific role in the specified AWS account can get this document. This helps limit who has access to this SSM Document, enhancing the security of your AWS resources. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-304.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-304.adoc new file mode 100644 index 0000000000..beb40049ed --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-304.adoc @@ -0,0 +1,52 @@ + +== Secrets Manager secrets are not rotated within 90 days + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1f61e327-9c50-4fa3-a14b-14513f3e14a3 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SecretManagerSecret90days.py[CKV_AWS_304] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that the Secrets Manager secrets in AWS (Amazon Web Services) are set to be rotated within a 90-day timeframe. The Secrets Manager is a tool that helps securely store and manage sensitive information like API keys, passwords, and database credentials. + +Not rotating these secrets regularly can lead to a heightened risk of unauthorized access or breaches. If a secret is leaked or compromised, and it's not changed or updated for an extended period, malicious actors can have ongoing access to sensitive information or resources. + +By consistently rotating secrets every 90 days, the window of opportunity for misuse of a compromised secret is significantly diminished, thus escalating the organization's overall security posture. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_secretsmanager_secret_rotation +* *Arguments:* automatically_after_days + +To fix the issue, you should specify the rotation configuration in the AWS Secrets Manager policy code. Set the rotation period to less than or equal to 90 days. + +[source,go] +---- +resource "aws_secretsmanager_secret_rotation" "example" { + secret_id = aws_secretsmanager_secret.example.id + rotation_lambda_arn = aws_lambda_function.example.arn + rotation_rules { + automatically_after_days = 90 + } +} +---- diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-305.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-305.adoc new file mode 100644 index 0000000000..b76bb55cda --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-305.adoc @@ -0,0 +1,45 @@ +== AWS CloudFront distributions does not have a default root object configured + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| e4475583-1d6b-4efe-8974-1bab376b3817 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionDefaultRoot.py[CKV_AWS_305] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking if a default root object has been configured for Cloudfront distribution in Amazon Web Services (AWS). If not properly configured, it may lead to an undesirable user experience. For example, if a user requests the root URL of your distribution and a root object is not set, Cloudfront returns an XML document that lists contents of the distribution. This is not only unprofessional, but it could potentially expose sensitive information about the infrastructure of your website. Therefore, a default root object, such as index.html, should be configured to provide a more controlled and secure user experience. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_cloudfront_distribution +* *Arguments:* default_root_object + +To fix this issue, you need to set a default root object in your Cloudfront distribution. + +[source,hcl] +---- +resource "aws_cloudfront_distribution" "s3_distribution" { + .... + default_root_object = "index.html" + .... +} +---- diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-307.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-307.adoc new file mode 100644 index 0000000000..4b82a84f2a --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-307.adoc @@ -0,0 +1,48 @@ +== AWS SageMaker notebook instance with root access enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 4a38048f-b657-4bcc-b926-aba812bdf66e + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SagemakerNotebookRoot.py[CKV_AWS_307] + +|Severity +|INFO + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +It's essential to restrict this level of access because providing root or admin rights can lead to misuse, intentional or accidental damage, or severe security breaches. These privileges allow users to perform actions on the platform that could modify or extract sensitive data, change configuration settings, or install unauthorized apps, among other things. Root access should only be given to trusted administrators who need such privileges to manage and secure systems. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_sagemaker_notebook_instance +* *Arguments:* root_access + +To fix the issue, you need to make sure the `root_access` attribute should set to Disabled. + +[source,hcl] +---- +resource "aws_sagemaker_notebook_instance" "secure_instance" { + name = "secure_instance" + role_arn = aws_iam_role.role.arn + instance_type = "ml.t3.xlarge" + ++ root_access = Disabled +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-308.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-308.adoc new file mode 100644 index 0000000000..0cb7e64256 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-308.adoc @@ -0,0 +1,54 @@ +== API Gateway method setting is not set to encrypted caching + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 8a749f51-86d9-4d8a-9003-9680a5ed4c12 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/APIGatewayMethodSettingsCacheEncrypted.py[CKV_AWS_308] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying whether the API Gateway method setting caching is encrypted. The data caching in API Gateway is necessary to improve the latency of requests. However, if caching is not encrypted, sensitive information can be at risk as attackers could gain unauthorized access to it. Thus, failing to set this feature to encrypted can potentially compromise the security and data privacy, resulting in a data breach. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_api_gateway_method_settings +* *Arguments:* settings.cache_data_encrypted + +To fix this policy, ensure that the settings for API Gateway methods have caching set to encrypted. For example, set the 'settings' block in your terraform code as shown below: + +[source,go] +---- +resource "aws_api_gateway_method_settings" "pass" { + rest_api_id = aws_api_gateway_rest_api.fail.id + stage_name = aws_api_gateway_stage.fail.stage_name + method_path = "path1/GET" + + settings { + caching_enabled = true + metrics_enabled = false + logging_level = "INFO" ++ cache_data_encrypted = true + data_trace_enabled = false + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-310.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-310.adoc new file mode 100644 index 0000000000..816e3a7973 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-310.adoc @@ -0,0 +1,86 @@ + +== CloudFront distributions do not have origin failover configured + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 923635c1-e6ea-4311-b747-f15246009e34 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudfrontDistributionOriginFailover.py[CKV_AWS_310] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy refers to the configuration of origin failover for CloudFront distributions in AWS. An origin failover setup guarantees that if one resource fails, another takes over to keep applications running. Not having an origin failover configuration in CloudFront can lead to service disruptions if the primary resource fails. The policy checks whether origin failover is properly configured and recommends setting it up if not, to ensure resources' high availability and reliability. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_cloudfront_distribution +* *Arguments:* failover_criteria and origin_id + +To fix this issue, you need to configure origin failover for your CloudFront distributions in your Terraform code and ensure you have two `member` parameters. + +[source,go] +---- +resource "aws_cloudfront_distribution" "pass" { + origin_group { + origin_id = "groupS3" + ++ failover_criteria { ++ status_codes = [403, 404, 500, 502] ++ } + ++ member { ++ origin_id = "primaryS3" ++ } + ++ member { ++ origin_id = "failoverS3" ++ } + } + + origin { + domain_name = aws_s3_bucket.primary.bucket_regional_domain_name + origin_id = "primaryS3" + + s3_origin_config { + origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path + } + } + + origin { + domain_name = aws_s3_bucket.failover.bucket_regional_domain_name + origin_id = "failoverS3" + + s3_origin_config { + origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path + } + } + + default_cache_behavior { + # ... other configuration ... + target_origin_id = "groupS3" + } + + enabled = false + restrictions {} + viewer_certificate {} +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-311.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-311.adoc new file mode 100644 index 0000000000..0f22e5dba3 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-311.adoc @@ -0,0 +1,77 @@ +== CodeBuild S3 logs are not encrypted + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 2f2a5214-eafd-42aa-b2bd-5a84155316d3 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodebuildS3LogsEncrypted.py[CKV_AWS_311] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy verifies that AWS CodeBuild S3 logs are encrypted. If not properly encrypted, these logs, which might contain sensitive information, can be exploited by attackers for malicious activities, posing a significant security risk. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_codebuild_project +* *Arguments:* logs_config.s3_logs.encryption_disabled + +You need to ensure that the CodeBuild project is using an S3 bucket for logging that is configured with server-side encryption. In the below code sample, the `encryption_disabled` argument in the `s3_logs` block is set to `false`. + +[source,hcl] +---- +resource "aws_codebuild_project" "example" { + name = "test-project" + + artifacts { + type = "NO_ARTIFACTS" + } + + environment { + compute_type = "BUILD_GENERAL1_SMALL" + image = "aws/codebuild/standard:4.0" + type = "LINUX_CONTAINER" + } + + logs_config { + cloudwatch_logs { + group_name = "log-group" + stream_name = "log-stream" + } + + s3_logs { + status = "ENABLED" + location = "aws_s3_bucket.default.id/codebuild-logs" ++ encryption_disabled = false + } + } + + source { + type = "GITHUB" + location = "https://github.com/my-account/my-repo.git" + } + + tags = { + Environment = "Test" + } +} +---- + + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc new file mode 100644 index 0000000000..de9128bc53 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-312.adoc @@ -0,0 +1,57 @@ + +== Elastic Beanstalk environments do not have enhanced health reporting enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1d31797a-8a1e-44f0-99c6-fd313aeb293f + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticBeanstalkUseEnhancedHealthChecks.py[CKV_AWS_312] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to make sure that Elastic Beanstalk environments have enhanced health reporting enabled. Enhanced health reporting is a feature that provides additional information about resource utilization and instance health, making it easier to identify and troubleshoot issues. Not having this feature enabled could potentially lead to undetected operational issues, resulting in downtime or impaired system performance. Monitoring and troubleshooting are key elements in maintaining system stability and performance, thus the absence of enhanced health reporting is a high risk. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_elastic_beanstalk_environment +* *Arguments:* namespace, HealthStreamingEnabled + +In order to fix this issue, you need to enable enhanced health reporting in your Elastic Beanstalk environment configuration. + +[source,go] +---- +resource "aws_elastic_beanstalk_environment" "pass" { + name = "beany" + application = var.elastic_beanstalk_application_name + description = var.description + tier = var.tier + solution_stack_name = var.solution_stack_name + wait_for_ready_timeout = var.wait_for_ready_timeout + version_label = var.version_label + tags = local.tags ++ setting { ++ namespace = "aws:elasticbeanstalk:healthreporting:system" ++ name = "HealthStreamingEnabled" ++ value = "true" ++ } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-313.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-313.adoc new file mode 100644 index 0000000000..93990d0aed --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-313.adoc @@ -0,0 +1,57 @@ + +== RDS cluster is not configured to copy tags to snapshots + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 2822a8b2-2d68-45cf-a81c-429a37c15807 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterCopyTags.py[CKV_AWS_313] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that an AWS RDS (Relational Database Service) cluster is configured to copy tags to snapshots. Tags are important in AWS as they allow users to categorize AWS resources in different ways, such as by purpose, owner, or environment. + +If the RDS cluster is not configured to copy tags to snapshots, it could result in operational confusion and challenges in understanding the nature of the snapshot, its purpose and its owner or the entity it belongs to. Moreover, some organizations also use resource tags to track billing or manage costs. Hence, not having these tags on snapshots could impact these processes. Therefore, it's not ideal if the RDS cluster isn't configured to do so. + + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_rds_cluster +* *Arguments:* copy_tags_to_snapshot + +Include the `copy_tags_to_snapshot` parameter in your AWS RDS instance configuration and set it to `true`. This is to ensure that all tags on the RDS instance are copied over to any snapshots created from the instance. + +[source,hcl] +---- +resource "aws_db_instance" "default" { + allocated_storage = 10 + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t2.micro" + name = "mydb" + username = "foo" + password = "foobarbaz" + parameter_group_name = "default.mysql5.7" + skip_final_snapshot = true ++ copy_tags_to_snapshot = true +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-315.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-315.adoc new file mode 100644 index 0000000000..235fe3109e --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-315.adoc @@ -0,0 +1,69 @@ + +== EC2 Auto Scaling groups are not utilizing EC2 launch templates + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 2ec76f1c-a3cc-4d17-a304-dd71a22c8fb8 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/AutoScalingLaunchTemplate.py[CKV_AWS_315] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to verify that EC2 Auto Scaling groups in AWS are utilizing EC2 launch templates. EC2 launch templates define instance configuration for compute resources. They provide a way for you to save a launch configuration that you can reuse, which helps in maintaining the consistency of configurations and also speeds up the deployment process. + +Not using EC2 launch templates can lead to several issues: +1. Inconsistency: Manual configuration for every instance may lead to inconsistencies and errors, which can in turn lead to security vulnerabilities. +2. Slow Deployment: Not using launch templates can result in a slower deployment process. Every time you need to launch a new instance, you would have to manually configure all the settings. +3. Troubleshooting Difficulty: If instances are manually configured, troubleshooting can become complex as you need to identify the configuration for each instance separately. +4. Scaling inefficiencies: Since auto-scaling groups adjust the number of instances on the fly according to load, not using a standard launch template would make this scaling inefficient and error-prone. + +Therefore, it is important for the best practice and efficient deployments to use EC2 launch templates in AWS auto-scaling groups. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_autoscaling_group +* *Arguments:* launch_template + +To fix this issue, you need to refactor the EC2 AutoScaling group resource to use EC2 launch templates, rather than launch configurations. + +[source,hcl] +``` +resource "aws_launch_template" "example" { + image_id = "ami-0c94855ba95c574c8" + instance_type = "t2.micro" + + tags = { + Name = "example" + } +} + +resource "aws_autoscaling_group" "example" { + desired_capacity = 1 + max_size = 1 + min_size = 1 + ++ launch_template { ++ id = aws_launch_template.example.id ++ version = aws_launch_template.example.latest_version ++ } +} +``` + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-316.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-316.adoc new file mode 100644 index 0000000000..cd6488beb9 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-316.adoc @@ -0,0 +1,48 @@ +== AWS CodeBuild project environment privileged mode is enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| c2858dc3-d887-436a-80eb-32e2bfd7d0f2 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CodeBuildPrivilegedMode.py[CKV_AWS_316] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to make sure that the environments within AWS CodeBuild project do not have privileged mode enabled. Having privileged mode enabled can be a significant risk as it provides enhanced permissions that could potentially be misused or exploited. This could lead to unauthorized access or changes within the environment, which might cause damage or loss of data. Therefore, it is critical to maintain only the necessary permissions and avoid enabling privileged mode, as this can potentially breach secure practices. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_codebuild_project +* *Arguments:* environment.privileged_mode + +To fix this issue, you need to ensure that the privileged mode is not enabled in the CodeBuild project environment configuration. + +[source,hcl] +---- +resource "aws_codebuild_project" "example" { + environment { + privileged_mode = false + } +} +---- + +The above code sets the `privileged_mode` attribute of the `aws_codebuild_project`'s `environment` block to `false.` This means the CodeBuild project will not run in privileged mode, mitigating the potential security risks associated with elevated privileges such as unauthorized system alterations or data breaches. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-318.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-318.adoc new file mode 100644 index 0000000000..c61e7256b1 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-318.adoc @@ -0,0 +1,55 @@ + +== Elasticsearch domains are not configured with a minimum of three dedicated master nodes + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 8461fa0f-f4df-4bb0-8e3e-f69028fa76af + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticsearchDomainHA.py[CKV_AWS_318] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is ensuring that Elasticsearch domains are configured with at least three dedicated master nodes for high availability. Not having high availability for Elasticsearch domains could lead to unexpected outages and potential data loss. In addition, it provides resilience against system failures and ensures uninterrupted system operations. Therefore, ignoring this policy can cause significant harm to your database infrastructure and compromises the reliability of your services. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_elasticsearch_domain, aws_opensearch_domain +* *Arguments:* cluster_config.dedicated_master_count + +Configure your Elasticsearch domain with at least three dedicated master nodes. This can be achieved by setting the 'dedicated_master_count' value to 3, under 'cluster_config'. Here is how your Terraform code should look: + +[source,hcl] +---- +resource "aws_elasticsearch_domain" "example" { + domain_name = "example" + elasticsearch_version = "6.8" + + cluster_config { + instance_type = "m4.large.elasticsearch" + instance_count = "3" + + dedicated_master_enabled = true + dedicated_master_count = '3' + dedicated_master_type = "m4.large.elasticsearch" + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-319.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-319.adoc new file mode 100644 index 0000000000..99a75f27e3 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-319.adoc @@ -0,0 +1,60 @@ + +== CloudWatch alarm actions are not enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 9bb8259c-875a-4502-9b03-04682c312402 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/CloudWatchAlarmsEnabled.py[CKV_AWS_319] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that alarm actions in AWS CloudWatch are enabled. AWS CloudWatch is a monitoring service that provides data and actionable insights for AWS applications, resources, and services. Alarm actions are essential functionalities that trigger specific automated responses based on predefined conditions, such as stopping an instance when CPU utilization is too high. If these are not enabled, AWS users may miss alerts on critical issues within their resources and services. Consequently, this could lead to performance degradation, service disruption, or even a security breach. Thus, it's considered a poor security practice not to have CloudWatch alarm actions enabled. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_cloudwatch_metric_alarm +* *Arguments:* actions_enabled + +To fix the issue indicated by this policy, you will need to ensure that all your CloudWatch alarms have `actions_enabled` not set to `false`. + +[source,go] +---- +resource "aws_cloudwatch_metric_alarm" "pass2" { + alarm_name = "alarmname" + comparison_operator = "LessThanThreshold" + evaluation_periods = 1 + metric_name = "HealthyHostCount" + namespace = "AWS/NetworkELB" + period = 60 + statistic = "Average" + threshold = var.logstash_servers_count + alarm_description = "Number of healthy nodes in Target Group" ++ actions_enabled = true + alarm_actions = [aws_sns_topic.sns.arn] + ok_actions = [aws_sns_topic.sns.arn] + dimensions = { + TargetGroup = aws_lb_target_group.lb-tg.arn_suffix + LoadBalancer = aws_lb.lb.arn_suffix + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-320.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-320.adoc new file mode 100644 index 0000000000..acc51ca656 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-320.adoc @@ -0,0 +1,47 @@ + +== Redshift clusters are not using the default database name. + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 02149f11-1502-4acc-a4f8-4470861f4ef3 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterDatabaseName.py[CKV_AWS_320] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that Redshift clusters are not using the default database name. Using the default database name in AWS Redshift clusters can pose a security risk as it can be easily guessed by malicious actors. They could potentially gain unauthorized access to your database if other security measures are weak or compromised. For enhanced security, it is recommended to use a unique database name that cannot be easily guessed. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_redshift_cluster +* *Arguments:* database_name + +To fix the issue, you need to ensure that your Redshift clusters are not using the default database name. You should specify a unique name for every Redshift cluster you create. + +[source,go] +---- +resource "aws_redshift_cluster" "default" { + cluster_identifier = "tf-redshift-cluster" + database_name = "my_db" +} +---- + + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-321.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-321.adoc new file mode 100644 index 0000000000..291c12505f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-321.adoc @@ -0,0 +1,54 @@ + +== Redshift clusters are not using enhanced VPC routing + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 72e9930e-6ae8-412b-a239-152b6e4b8fb7 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RedshiftClusterUseEnhancedVPCRouting.py[CKV_AWS_321] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that Redshift clusters utilise Enhanced Virtual Private Cloud (VPC) routing. Redshift clusters often interact with data placed in S3 buckets, and if not correctly setup, data transit can occur over the public internet. In a scenario where Enhanced VPC routing is not enabled, data transferred between Redshift and S3 doesn't traverse in the confines of the Amazon network, resulting in an increased risk of data exposure. It is critical that data remains secure during transfer, and Enhanced VPC routing helps achieve this as it forces all COPY and UNLOAD traffic between Redshift and S3 to stay within the Amazon network, therefore adding an extra layer of security to the data. Failure to use enhanced VPC routing could potentially lead to data breaches, resulting in regulatory infractions and damage to the business's reputation. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_redshift_cluster +* *Arguments:* enhanced_vpc_routing + +To fix this issue, you should enable the `enhanced_vpc_routing` option on AWS Redshift. + +[source,hcl] +---- +resource "aws_redshift_cluster" "default" { + cluster_identifier = "my_cluster" + availability_zone = "us-west-2a" + database_name = "mydb" + master_username = "administrator" + master_password = "MyPassword" + node_type = "dc1.large" ++ enhanced_vpc_routing = true + ... +} +---- + +The above code is secure because it contains the `enhanced_vpc_routing` argument set to `true`. This forces all COPY and UNLOAD traffic between the cluster and data repositories to go through the Amazon VPC. This can prevent data leakage and provide better control over data traffic. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-322.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-322.adoc new file mode 100644 index 0000000000..48f3699dab --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-322.adoc @@ -0,0 +1,51 @@ + +== ElastiCache for Redis cache clusters do not have auto minor version upgrades enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 5434adda-c728-44e7-aa45-fb6060b698b4 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ElasticCacheAutomaticMinorUpgrades.py[CKV_AWS_322] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that auto minor version upgrades are enabled for ElastiCache for Redis cache clusters on AWS. Enabling auto minor version upgrades is important for maintaining the latest security patches and updates, thus preventing potential vulnerabilities. If auto minor version upgrades are not enabled, the cache clusters could be exposed to security risks, performance issues, and might lack new features. Therefore, not turning on auto minor version upgrades is considered a bad practice in terms of security and operational efficiency. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_elasticache_cluster +* *Arguments:* auto_minor_version_upgrade + +To fix this issue, we need to ensure that the elasticache being provisioned have the attribute `auto_minor_version_upgrade` set to `true`. This can be achieved by modifying the Terraform code as follows: + +[source,go] +---- +resource "aws_elasticache_cluster" "example" { + cluster_id = "cluster-example" + engine = "redis" + node_type = "cache.m4.large" + num_cache_nodes = 2 + parameter_group_name = "default.redis3.2" + auto_minor_version_upgrade = true + ... +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-326.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-326.adoc new file mode 100644 index 0000000000..7ba5eead11 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-326.adoc @@ -0,0 +1,53 @@ + +== RDS Aurora Clusters do not have backtracking enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 14a2eb3c-1958-4904-87f1-5ac9761e80cf + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterAuroraBacktrack.py[CKV_AWS_326] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that AWS RDS Aurora Clusters have a feature called "backtracking" enabled. Backtracking allows users to navigate through the changes made to their database and revert back to any previous state without using a backup. This can be incredibly useful in situations where mistakes have been made or data has been lost. Not having this feature enabled could potentially result in data loss, increased recovery time in the event of an error, or the inability to recover data if a backup has not been recently made. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_rds_cluster +* *Arguments:* backtrack_window + +To fix this issue, you need to enable backtracking on your RDS Aurora Clusters. You can do this by including the `backtrack_window` argument in your `aws_rds_cluster` resource. The `backtrack_window` parameter specifies the target backtrack window, in seconds. If not specified or set to 0, backtracking is disabled. + +[source,go] +---- +resource "aws_rds_cluster" "example" { + cluster_identifier = "example" + engine = "aurora" + master_username = "example" + master_password = "example" + db_subnet_group_name = aws_db_subnet_group.example.name + vpc_security_group_ids = [aws_security_group.example.id] + skip_final_snapshot = true + backtrack_window = 43200 //set the value in seconds + ... +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-327.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-327.adoc new file mode 100644 index 0000000000..b224156a4f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-327.adoc @@ -0,0 +1,51 @@ +== AWS RDS DB cluster is encrypted using default KMS key instead of CMK + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 668068f4-3950-4acd-a565-b550095d6e22 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/RDSClusterEncryptedWithCMK.py[CKV_AWS_327] + +|Severity +|INFO + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying if an Amazon Relational Database Service (RDS) cluster is encrypted using a Key Management Service (KMS) Customer Master Key (CMK). Without this type of encryption, the stored data is not protected against unwanted access or potential security risks. This could lead to data breaches or unauthorized disclosures which can result in regulatory sanctions and loss of customer trust. Therefore, it's important to ensure that the data stored within RDS clusters is encrypted for paramount security measures. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_rds_cluster +* *Arguments:* kms_key_id + +To fix this issue, you need to ensure that your RDS clusters are encrypted using KMS CMKs. You can do it by adding the "kms_key_id" parameter to the "aws_rds_cluster" resource in your Terraform code. Here is an example of how to do it: + +[source,hcl] +---- +resource "aws_rds_cluster" "default" { + cluster_identifier = "aurora-cluster-demo" + availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] + database_name = "mydb" + master_username = "foo" + master_password = "bar" + backup_retention_period = 5 + preferred_backup_window = "07:00-09:00" + kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/abcd1234-a123-456a-a12b-a123b4cd56ef" // ensure to replace with your own KMS key ARN +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-329.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-329.adoc new file mode 100644 index 0000000000..7da637610d --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-329.adoc @@ -0,0 +1,55 @@ + +== EFS Access Points are not enforcing a root directory + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 131ed876-a8e2-4140-8da0-195e065a529e + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EFSAccessPointRoot.py[CKV_AWS_329] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that Amazon Elastic File System (EFS) access points are configured to enforce a root directory. If an EFS access point doesn't enforce setting a root directory, it may allow unrestricted access to all directories in the file system, leading to potential unauthorized data access or threats to data security. Therefore, not enforcing a root directory in EFS access points could pose a significant security risk. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_efs_access_point +* *Arguments:* root_directory.path + +To fix this issue, you should define a root directory for the EFS access point. The root directory will enforce the access point to only allow the NFS client to access data within this root directory and not above it. This limits the scope of access and provides an added layer of security. + +[source,go] +---- +resource "aws_efs_access_point" "example" { + file_system_id = aws_efs_file_system.example.id + + root_directory { + path = "/example" + + creation_info { + owner_gid = 1000 + owner_uid = 1000 + permissions = "755" + } + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-330.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-330.adoc new file mode 100644 index 0000000000..8297535599 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-330.adoc @@ -0,0 +1,51 @@ + +== User identity should be enforced by EFS access points + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 4eb48cce-fb8c-4dc1-9edc-a6389ad271a6 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/EFSAccessUserIdentity.py[CKV_AWS_330] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is designed to ensure that access points for the Elastic File System (EFS) on AWS enforce a specific user identity. If EFS access points do not enforce user identity, it allows for the possibility that unauthorized individuals could gain access to sensitive data. This poses a significant security risk, especially for businesses dealing with confidential or personal information. Therefore, it is essential to implement measures for user identity enforcement to protect data and maintain secure EFS access points. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_efs_access_point +* *Arguments:* posix_user.gid + +To fix this issue, you need to enforce a user identity in your EFS access points using the `posix_user` block within the `access_point` configuration settings. Define the user's ID, group ID, and the secondary group ID as shown in the following script: + +[source,hcl] +---- +resource "aws_efs_access_point" "test" { + filesystem_id = aws_efs_file_system.test.id + + posix_user { + uid = 1000 ++ gid = 1000 + } +} +---- + + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-331.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-331.adoc new file mode 100644 index 0000000000..fa669c840d --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-331.adoc @@ -0,0 +1,45 @@ +== AWS Transit Gateway auto accept vpc attachment is enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| c4f6f70c-3ed7-4c64-aab9-12349674fd36 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/Ec2TransitGatewayAutoAccept.py[CKV_AWS_331] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy verifies whether Transit Gateways are configured not to automatically accept Virtual Private Cloud (VPC) attachment requests. Transit Gateways allow for the connection of multiple VPCs and on-premises networks in a single gateway. The issue arises when these gateways are set to automatically accept VPC attachment requests, as this could potentially allow unauthorized or unintended networks to connect to the gateway. This could therefore provide a malicious entity or user with access to all networks connected to the gateway, leading to a potential breach of security and loss of sensitive data. Therefore, Transit Gateways should be securely configured to manually review and accept VPC attachment requests. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_ec2_transit_gateway +* *Arguments:* auto_accept_shared_attachments + +To fix the issue, you need to disable automatic acceptance of VPC attachment requests in your Terraform code. This can be done by setting the `"auto_accept_shared_attachments"` variable to `"disable"` in your AWS Transit Gateways configuration. Here is how to do this: + +[source,hcl] +---- +resource "aws_ec2_transit_gateway" "example" { + description = "example" + auto_accept_shared_attachments = "disable" +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-332.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-332.adoc new file mode 100644 index 0000000000..9f9163aebd --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-332.adoc @@ -0,0 +1,58 @@ + +== ECS Fargate services are not ensured to run on the latest Fargate platform version + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 8a5d6943-f4c7-449f-b61b-8d2b0901851b + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSServiceFargateLatest.py[CKV_AWS_332] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that Amazon Elastic Container Service (ECS) Fargate services are running on the most recent Fargate platform version. Not using the latest version of any software or platform can expose the system to several security vulnerabilities, as older versions may lack critical security patches and updates. Also, staying updated with the latest Fargate platform ensures you benefit from the improved performance, new features, and bug fixes provided by AWS in newer releases. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_ecs_service +* *Arguments:* launch_type + +To fix this issue, the ECS Fargate service task definition must be configured to use the latest Fargate platform version. A sample is shown below: + +[source,hcl] +---- +resource "aws_ecs_service" "example" { + name = "example" + cluster = aws_ecs_cluster.example.id + task_definition = aws_ecs_task_definition.example.arn + launch_type = "FARGATE" + + network_configuration { + assign_public_ip = false + subnets = ["subnet-abcde012", "subnet-bcde012a"] + security_groups = [aws_security_group.example.id] + } + + platform_version = "LATEST" +} +---- + +The "LATEST" value for the 'platform_version' configuration makes sure that the ECS Fargate service always use the latest Fargate platform version. This adoption of the latest version increases the security level of your infrastructure due to the newer versions always having fixes to vulnerabilities and enhancements in security configurations. + diff --git a/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-334.adoc b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-334.adoc new file mode 100644 index 0000000000..677b06efee --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-334.adoc @@ -0,0 +1,56 @@ +== AWS ECS task definition elevated privileges enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 869a1262-99f3-4d40-8207-3a80e4ba1dbd + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/ECSContainerPrivilege.py[CKV_AWS_334] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy looks for Amazon Elastic Container Service (ECS) configurations where containers are set to run in privileged mode. Running containers in privileged mode is a security risk because it grants the container access to all the host system's devices. A compromised container could, therefore, inflict serious harm to the host system, including accessing sensitive data or disrupting system operations. For enhanced security, it's recommended that containers not be run as "privileged". This policy helps enforce this best practice, flagging any containers that are set to run with potentially excessive permissions. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* aws_ecs_task_definition +* *Arguments:* container_definitions.privilege + +To fix this issue, you'll need to specify the `privilege` flag in the AWS ECS task definition in the code to be `false`. The `privilege` flag controls whether all devices on the host can be accessed by the user inside the container which can be a severe security risk if exploited by a malicious actor. + +[source,hcl] +---- +resource "aws_ecs_task_definition" "task" { + family = "service" + container_definitions = < *Settings* > click *Branches* under ‘Code and automation’. +.. Navigate to the main page of the repository > *Settings* > click *Branches* under 'Code and automation'. .. Select *Add branch protection rule* > Check the *Require pull request reviews before merging* section and select *Require review from Code Owners* from the dropdown. + For more information refer to https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule#creating-a-branch-protection-rule. diff --git a/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17.adoc b/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17.adoc new file mode 100644 index 0000000000..19781d607d --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17.adoc @@ -0,0 +1,46 @@ +== 'chpasswd' is used to set or remove passwords + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| TBD + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/dockerfile/checks/graph_checks/RunChpasswd.yaml[CKV2_DOCKER_17] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is looking for instances where 'chpasswd' is used in dockerfiles. 'chpasswd' is a command that changes the password of a user in Linux OS. Insecure usage of this command can lead to potential security risks. Usually, this command is used to set or remove passwords in Docker containers. + +If attackers gain access to these containers, they could easily change passwords, escalate their privileges, or gain unauthorized access to sensitive information. Consequently, this could lead to system compromise or data breach. Therefore, it's crucial to avoid using 'chpasswd' in Docker containers to maintain secure environments. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* Dockerfile +* *Arguments:* RUN + +To fix this issue, do not use the `chpasswd` command to set or remove passwords in your Docker scripts. You should use other secure methods to handle authentication in your Docker containers as 'chpasswd' can expose sensitive data and it's not considered a secure practice. + +[source, Dockerfile] +---- +RUN adduser --disabled-password --gecos "" user +---- + +In the fixed code, we're using `adduser --disabled-password` which is a more secure way to add a user without a password. For instance, Docker might handle interaction with your application, this way you ensure the Docker container is running with the proper permissions, reducing the risk of a potential breach. It's a more secure practice as it avoids hardcoding the password in the Dockerfile. This method doesn't expose sensitive data, thus following the best security practice. + diff --git a/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.adoc b/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.adoc index 493cc67c6a..b0aac53eea 100644 --- a/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.adoc +++ b/docs/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created.adoc @@ -28,9 +28,7 @@ === Description -Containers should run as a non-root user. -It is good practice to run the container as a non-root user, where possible. -This can be done either via the `USER` directive in the `Dockerfile` or through `gosu` or similar where used as part of the `CMD` or `ENTRYPOINT` directives. +The policy's primary purpose is to verify that a dedicated user has been explicitly created for running the container. This is essential to avoid running the container with root privileges, which could introduce significant security risks in case of a compromise. Running containers as a non-root user reduces the potential impact of a security breach. === Fix - Buildtime @@ -39,14 +37,11 @@ This can be done either via the `USER` directive in the `Dockerfile` or through - [source,dockerfile] ---- -{ - "FROM base +FROM base -LABEL foo="bar baz -USER me", -} ++ RUN useradd -m appuser ++ USER appuser ---- diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-120.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-120.adoc new file mode 100644 index 0000000000..6b09631f5b --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-120.adoc @@ -0,0 +1,47 @@ + +== Spanner Database does not have drop protection enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 6e358244-f073-4e92-8938-423710980f94 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/SpannerDatabaseDropProtection.py[CKV_GCP_120] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying whether the Spanner Database in Google Cloud Platform has drop protection enabled. The absence of this setting could lead to accidental deletion or losses of databases. "Drop protection" shields against the inadvertent dropping or deleting of a database, thus ensuring data persistency and integrity. Consequently, not having this setting activated can be a considerable risk, especially for mission-critical scenarios where any data loss could have damaging impacts on the business. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_spanner_database +* *Arguments:* enable_drop_protection + +To fix this issue, you need to add the `enable_drop_protection` argument to the `google_spanner_database` resource in your Terraform code and set its value to `true`. + +[source,hcl] +---- +resource "google_spanner_database" "database" { + name = "spanner-database" + ... ++ enable_drop_protection = true +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-107.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-107.adoc new file mode 100644 index 0000000000..440c388703 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-107.adoc @@ -0,0 +1,49 @@ +== GCP Cloud Function is publicly accessible + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 34836a26-00ef-4e29-80f7-93e16611f0a5 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/CloudFunctionsShouldNotBePublic.py[CKV_GCP_107] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that cloud functions are not set as public. It falls under the category of Application Security. The rationale behind this check is that making cloud functions public exposes them to potential unauthorized access. This can lead to misuse or exploitation of the functions, potentially causing disruption to services, data breaches, or other security incidents. Therefore, it is crucial to ensure that only authorized entities have access to these functions for the purpose of maintaining robust security. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* "google_cloudfunctions_function_iam_member", "google_cloudfunctions_function_iam_binding" "google_cloudfunctions2_function_iam_member", "google_cloudfunctions2_function_iam_binding" +* *Arguments:* member, members + +To fix this issue, you need to ensure that the access control is set to allow only specific services or accounts to invoke the function. + +[source,hcl] +---- +resource "google_cloudfunctions2_function_iam_binding" "fail" { + project = google_cloudfunctions_function.pikey.project + region = google_cloudfunctions_function.pikey.region + cloud_function = google_cloudfunctions_function.pikey.name + role = "roles/viewer" + members = [ +- "allUsers", + ] +} +---- diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114.adoc new file mode 100644 index 0000000000..78002365a6 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114.adoc @@ -0,0 +1,57 @@ +== GCP Storage buckets has public access to all authenticated users + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1530d5de-34de-4de9-bb0a-82444607fe66 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleStoragePublicAccessPrevention.py[CKV_GCP_114] + +|Severity +|HIGH + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy reviews if a Google Cloud Storage bucket is safeguarded against public access. It essentially checks if measures to prevent public access are enforced on these storage buckets. If storage buckets are left publicly accessible, sensitive and private data stored within them could be exposed to unauthorized users. This potentially leads to data breaches, sabotage, or the unlawful use of this data. Therefore, this policy ensures these storage buckets are secured and not vulnerable to such risks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_storage_bucket +* *Arguments:* public_access_prevention + +To fix the identified issue, you should ensure the "public_access_prevention" setting is enabled for your Google Cloud Storage bucket. This would help to protect your bucket from unintentional or unauthenticated public access. + +Here is an example: + +[source,hcl] +---- +resource "google_storage_bucket" "example_bucket" { + name = "example_bucket" + location = "US" + uniform_bucket_level_access = true + bucket_policy_only = true + iam_configuration { + uniform_bucket_level_access { + enabled = true + } + public_access_prevention = "enforced" + } +} +---- + +The above code sets 'public_access_prevention' to 'enforced' for the Google Cloud Storage bucket. This enables public access prevention, so the Google Cloud Storage bucket cannot be accessed publicly. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-119.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-119.adoc new file mode 100644 index 0000000000..dde9bca0ce --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-119.adoc @@ -0,0 +1,53 @@ + +== Deletion protection for Spanner Database is disabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 00475a66-aff3-4853-8960-6e97cd73332b + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/SpannerDatabaseDeletionProtection.py[CKV_GCP_119] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is examining Google Cloud Platform's Spanner Databases to ensure that deletion protection is enabled. Deletion protection is a safeguard that prevents accidental deletion of the database, which could lead to data loss or disruption of services. Without this protective measure, valuable or sensitive information could be accidentally destroyed, significantly impacting a business or operation. Therefore, activating deletion protection is considered a best practice in terms of security and data management. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_spanner_database +* *Arguments:* deletion_protection + +To fix this issue, you should enable the deletion protection in your Spanner Database configuration. + +[source,hcl] +---- +resource "google_spanner_database" "database" { + instance = "your-spanner-instance" + name = "your-database-name" + + ddl = [ + "CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)", + ] + + deletion_protection = true +} +---- +The above code is secure because it enables the 'deletion_protection' property of the Spanner Database. This setting avoids accidental deletion of databases, providing an extra layer of security for your data. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-121.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-121.adoc new file mode 100644 index 0000000000..cb7bbdfaf3 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-121.adoc @@ -0,0 +1,50 @@ + +== BigQuery tables do not have deletion protection enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| a3a3dac2-77be-44e1-ad09-641edc789dab + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigQueryTableDeletionProtection.py[CKV_GCP_121] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy (CKV_GCP_121) is looking to confirm that deletion protection is enabled for all BigQuery tables in a Google Cloud Platform (GCP) environment. The reason this is important is because tables without deletion protection can be deleted either accidentally or maliciously. In both cases, valuable data could be permanently lost. By ensuring deletion protection is enabled, the data within the tables is safeguarded from such accidental or malicious deletions, maintaining its integrity and availability. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_bigquery_table +* *Arguments:* deletion_protection + +To fix this issue, you need to enable deletion protection in your BigQuery tables. This can be done by setting the `deletion_protection` argument to `true` in the BigQuery table resource block in your Terraform code. + +[source,go] +---- +resource "google_bigquery_table" "example" { + dataset_id = google_bigquery_dataset.example.dataset_id + table_id = "example_table" + + deletion_protection = true +} +---- + +The above code is secure because it ensures that BigQuery tables have deletion protection enabled. This means that these tables cannot be deleted without first disabling the deletion protection, greatly reducing the risk of tables being accidentally deleted. This is a crucial safeguard to prevent the accidental loss of data. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-122.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-122.adoc new file mode 100644 index 0000000000..fb5996eaef --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-122.adoc @@ -0,0 +1,48 @@ + +== Big Table Instances do not have deletion protection enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| a81af0fe-3ebc-49b9-9265-7f70409da07c + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/BigTableInstanceDeletionProtection.py[CKV_GCP_122] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that Big Table Instances operated within Google Cloud Platform (GCP) have deletion protection enabled. The purpose of this check is to prevent unintended data loss or service disruption from the accidental deletion of important Big Table Instances. If deletion protection is not enabled, an erroneous delete command could lead to permanent loss of data or service functionality, affecting business operations or possibly leading to a breach in compliance obligations. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_bigtable_instance +* *Arguments:* deletion_protection + +To fix this issue, enable deletion protection on BigTable Instances in your terraform configuration file. + +[source,go] +``` +resource "google_bigtable_instance" "instance" { + deletion_protection = true + ... +} +``` + +The code above is considered secure because `deletion_protection` is set to `true`. When `deletion_protection` is enabled, this ensures that accidental deletion of the instance is prevented because the instance cannot be deleted when `deletion_protection` is set to `true`. This is a security best practice that adds an additional layer of protection to prevent data loss. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-112.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-112.adoc new file mode 100644 index 0000000000..12ea8b5c17 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-112.adoc @@ -0,0 +1,61 @@ + +== KMS policy allows public access + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 2e4f4a53-1bdf-4f15-a198-0e3b7d1992f7 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleKMSKeyIsPublic.py[CKV_GCP_112] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that the Key Management Service (KMS) policy does not allow public access. The Key Management Service is a critical component for managing encryption keys that are used to secure your data. If a KMS policy allows public access, it means anyone on the internet could potentially access your encryption keys. This is a significant security risk because if malicious actors gain access to your encryption keys, they can encrypt and decrypt your data, leading to potential data breaches or loss. Therefore, it's essential to keep KMS policies restricted to specific, trusted individuals or services. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* "google_kms_crypto_key_iam_policy", "google_kms_crypto_key_iam_binding", "google_kms_crypto_key_iam_member" +* *Arguments:* policy_data + +To fix the issue, you need to ensure that the KMS policy does not allow public access. This can be done by ensuring that the member in the `bindings` block of KMS crypto keys and KMS key rings is not 'allUsers' or 'allAuthenticatedUsers'. + +[source,hcl] +---- +resource "google_kms_crypto_key_iam_binding" "crypto_key" { + crypto_key_id = google_kms_crypto_key.my_crypto_key.self_link + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + + members = [ + "user:jane@example.com" + ] +} + +resource "google_kms_key_ring_iam_binding" "key_ring" { + key_ring_id = google_kms_key_ring.my_key_ring.self_link + role = "roles/cloudkms.admin" + + members = [ + "user:john@example.com" + ] +} +---- + +This updated Terraform code is secure because it doesn't provide public access to the KMS crypto keys and KMS key rings. Instead, access is restricted to specified users, in this case 'jane@example.com' for the crypto key and 'john@example.com' for the key ring. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-113.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-113.adoc new file mode 100644 index 0000000000..7961d93118 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-113.adoc @@ -0,0 +1,59 @@ + +== IAM policy defines public access + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| c60aad83-d7df-4a69-9718-a7b3160b36c2 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/data/gcp/GooglePolicyIsPrivate.py[CKV_GCP_113] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +Allowing public access is generally a bad practice in security terms, as it can potentially expose sensitive data or functionality. Without proper access controls in place, unauthorized users could potentially gain access to secure areas, manipulate data, invoke functions, or even take control of the system or resources. This policy ensures that public access is not permitted, thereby maintaining a tighter control over who can interact with the system. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_iam_policy +* *Arguments:* binding + +Instead of using 'allUsers' or 'allAuthenticatedUsers' which grants permissions to any user on the internet, specific user, role, or service account should be given permissions. + +[source,go] +---- +resource "google_project_iam_policy" "project" { + project = "your-project-id" + policy_data = "${data.google_iam_policy.admin.policy_data}" +} + +data "google_iam_policy" "admin" { + binding { + role = "roles/storage.objectViewer" + + members = [ + "user:individual-email", + "serviceAccount:service-account-email", + ] + } +} +---- + +This code allows only the specified users and service account to get 'objectViewer' permissions. Making such changes to your IAM policies will keep your resources secure by preventing unauthorized access. This adheres to the policy of ensuring IAM policy does not define public access. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-115.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-115.adoc new file mode 100644 index 0000000000..9ed0889a73 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-115.adoc @@ -0,0 +1,50 @@ + +== Basic roles utilized at the organization level + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 21cd1d03-ecc6-4f64-b046-07a8d36d099a + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleOrgBasicRole.py[CKV_GCP_115] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that basic roles are not used at the organizational level within Google Cloud Platform. Basic roles such as Owner, Editor, and Viewer are broad and include a wide range of permissions, so assigning these roles at the organizational level could result in users having access to more resources or actions than they actually need. This is a potential security risk as it violates the principle of least privilege, where users should only have the minimum access necessary to perform their job functions. If these roles are used at the organization level, it could lead to unintentional data exposure or other damaging actions. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* 'google_organization_iam_member', 'google_organization_iam_binding' + +The policy states that you should not use basic roles at the organization level. Basic roles in Google Cloud are Owner, Editor, and Viewer and these roles include a multitude of permissions that cannot be restricted, which might pose a security risk. + +To fix the issue, you should move towards using the pre-defined roles and custom roles in Google Cloud, as they offer finer grained access control. + +[source,go] +---- +resource "google_project_iam_member" "project" { + project = "your-project-id" + role = "roles/editor" + member = "user:jane@example.com" +} +---- + +In the above code, instead of using basic roles such as `roles/owner`, `roles/editor`, or `roles/viewer`, a pre-defined role (`roles/editor`) is being given to the user. The pre-defined roles of Google Cloud IAM are granular and have the necessary permissions to perform a specific job, and nothing more. This follows the principle of least privilege (PoLP) and makes your infrastructure more secure. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-116.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-116.adoc new file mode 100644 index 0000000000..94db4b16da --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-116.adoc @@ -0,0 +1,52 @@ + +== Basic roles used at the folder level + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 2aa38259-53cd-40e4-b072-f498ffe889f4 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleFolderBasicRole.py[CKV_GCP_116] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking for the use of basic roles at the folder level within Google Cloud Platform (GCP). Basic roles include primitive roles (Owner, Editor, Viewer) and predefined roles that have a wide range of permissions. Using these basic roles at the folder level can be a security risk as it might grant more permissions than necessary to users or services, violating the principle of least privilege. Accessibility or modification of sensitive data beyond what's required can lead to data breaches or unwanted changes. Therefore, it's recommended to grant only specific, necessary permissions to users or services. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* 'google_folder_iam_member', 'google_folder_iam_binding' + +Apply the principle of least privilege. Always provide only the level of access necessary to the services your applications need, no more and no less. + +[source,go] +---- +resource "google_folder_iam_binding" "folder_iam_binding" { + members = [ + "user:jane@example.com", + ] + + role = "roles/monitoring.editor" +} +---- + +This provides the user 'jane@example.com' with the 'Monitoring editor' role. This is one step up from 'basic roles', and is expected to be secure enough as per the policy because it restricts the broad access provided by basic roles. + +Avoid running basic roles at folder level, like 'roles/editor', 'roles/viewer' or 'roles/owner'. These roles are legacy and over-grant permissions. In contrast, predefined roles offer more granular access control to resources. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-117.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-117.adoc new file mode 100644 index 0000000000..828c187999 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-117.adoc @@ -0,0 +1,50 @@ + +== Project level utilization of basic roles + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 67bcea2a-fbf7-4f74-b30a-d351c595121e + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleProjectBasicRole.py[CKV_GCP_117] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy, identified as CKV_GCP_117, belongs to the IAM (Identity and Access Management) category and is named "Ensure basic roles are not used at project level." This policy is checking to ensure that basic roles, which are broad, pre-defined roles in Google Cloud Platform, are not being used at a project level. + +This policy tries to enforce more granular, least privilege principles for policy making. Basic roles could allow for overly broad permissions, potentially enabling unauthorized access or actions within the project. Over granting permissions through the use of basic roles could lead to potential breaches in security and unnecessary vulnerabilities may be exploited by malicious users. Thus, it is bad practice to use these basic roles at the project level. It’s always a better security strategy to custom define roles with the least privileges necessary, and applying them to the appropriate users or groups. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* 'google_project_iam_member', 'google_project_iam_binding' + +To fix this issue, you need to replace any use of basic roles at the project level with predefined or custom roles. Predefined roles cover all the possible services and actions that might be needed, while custom roles can be defined with the exact set of permissions necessary. + +[source,go] +---- +resource "google_project_iam_member" "project" { + project = "your-project-id" + role = "roles/logging.viewer" # replace basic roles (e.g., roles/editor) with predefined or custom roles + member = "user:jdoe@example.com" +} +---- + +The above code is secure because it follows the principle of least privilege, a key security concept which means giving a user the minimum levels of access necessary to complete his/her job functions. As a result, potential damage is limited even in the case of a breach. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-118.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-118.adoc new file mode 100644 index 0000000000..ff69e41c8f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-google-cloud-118.adoc @@ -0,0 +1,54 @@ + +== IAM workload identity pool provider is not restricted + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| aa3b7953-cf32-4f2e-90b1-058348802f02 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleIAMWorkloadIdentityConditional.py[CKV_GCP_118] + +|Severity +|HIGH + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is designed to check that the Identity and Access Management (IAM) workload identity pool provider is restricted. IAM workload identity pool provider is a way to authenticate services in Google Cloud Platform (GCP) by providing short-lived credentials. If this provider is not restricted, it can potentially allow unauthorized users to impersonate authorized services. As a result, this could cause security risks such as data leakage, unauthorized access to confidential information, and potential tampering with service operations. Therefore, it's crucial to ensure that the IAM workload identity pool provider is restricted to enhance security. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* 'google_iam_workload_identity_pool_provider' +* *Arguments:* attribute_condition + +To fix the issue of not restricting the IAM workload identity pool provider, you need to set the attribute `attribute_condition` for the workload identity pool provider block. + +[source,go] +---- +resource "google_workload_identity_pool_provider" "example_provider" { + provider_id = "my_identity_provider" + workload_identity_pool_id = google_workload_identity_pool.example_pool_id + issuer_uri = "https://oidc.issuer.example.com" + attribute_mapping { + attribute_name = "attribute_from_assertion" + attribute_value = "attribute_in_assertion" + } + attribute_condition = "attribute.from.subject == \"my-service-account@my-project.iam.gserviceaccount.com\"" +} +---- + +The `attribute_condition` parameter is a condition string. It is used to restrict the tokens accepted from the specified issuer or federation URL. When the condition is specified, only tokens that satisfy the condition are accepted. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-2-19.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-2-19.adoc new file mode 100644 index 0000000000..53ab9ee132 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-2-19.adoc @@ -0,0 +1,53 @@ + +== GCP Kubernetes Engine Clusters have Alpha cluster feature enabled + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| d49d0b8f-790f-412c-b59f-9ccdd0bca8f8 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml[CKV2_GCP_19] + +|Severity +|INFO + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +The policy is checking to ensure that the 'alpha cluster' feature is disabled in Google Cloud Platform's (GCP) Kubernetes engine clusters. This is important because enabling the alpha cluster feature can present several potential issues. + +First, it reduces stability: Alpha features are not stable and are likely to change in future Kubernetes versions, which can cause disruptions to the functioning of deployed applications. Second, it increases security risks: These features are not subject to the same level of scrutiny as stable API versions, so their usage can inadvertently expose the cluster to potential security vulnerabilities. Lastly, it can lead to poor resource management because some alpha features might consume more resources than stable features — leading to inefficiency and increased costs. For these reasons, it's important to disable the 'alpha cluster' feature in GCP Kubernetes engine clusters. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_container_cluster +* *Arguments:* enable_kubernetes_alpha + +In order to fix the issue, you have to make sure that the 'enable_kubernetes_alpha' option is set to false for all GCP Kubernetes Engine Clusters. This can be done using the following Terraform code: + +[source,go] +---- +resource "google_container_cluster" "my_cluster" { + name = "my-cluster" + + ... + + enable_kubernetes_alpha = false +} +---- + +The above code makes sure that the 'alpha cluster' feature is disabled. Google GKE alpha clusters are based on the alpha version of the GKE API, which is not recommended for production use as it includes features that are not fully tested, and may undergo significant changes in terms of stability, security, and breaking changes. Therefore, production environments should always use GKE standard clusters which are stable and secure. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-13.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-13.adoc index 6e21f2b883..eb3b50d793 100644 --- a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-13.adoc +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-13.adoc @@ -13,11 +13,10 @@ | https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GKEHasLabels.py[CKV_GCP_21] |Severity -|LOW +|INFO |Subtype -|Build -//, Run +|Run,Build |Frameworks |Terraform,TerraformPlan @@ -35,49 +34,27 @@ Labels can be attached to objects at creation time and subsequently added and mo Each object can have a set of key/value labels defined. Each Key must be unique for a given object. Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings. -We recommend you configure Kubernetes clusters with labels. +We recommend you configure GKE clusters with labels. === Fix - Buildtime *Terraform* +* *Resource:* google_container_cluster +* *Arguments:* resource_labels - +Ensure your `google_container_cluster` has at least one `resource_labels` value. [source,go] ---- -{ - "resource "google_container_cluster" "primary" { - name = "marcellus-wallace" - location = "us-central1-a" - initial_node_count = 3 - master_auth { - client_certificate_config { - issue_client_certificate = false - } - - } - node_config { - # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles. - service_account = google_service_account.default.email - oauth_scopes = [ - "https://www.googleapis.com/auth/cloud-platform" - ] - labels = { - foo = "bar" - } - - tags = ["foo", "bar"] - } - - timeouts { - create = "30m" - update = "40m" - } - -} -", +resource "google_container_cluster" "example" { + ... ++ resource_labels = { ++ environment = "production" ++ team = "backend" ++ } + ... } ---- diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-2-18.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-2-18.adoc new file mode 100644 index 0000000000..ac44187766 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-2-18.adoc @@ -0,0 +1,60 @@ + +== Google Cloud Platform network is not ensured to define a firewall + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| ff0cddec-1bf3-4bdd-a8e9-a988620792f0 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPNetworkDoesNotUseDefaultFirewall.yaml[CKV2_GCP_18] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that a Google Cloud Platform (GCP) network has a defined firewall and is not using the default firewall settings. By using the default firewall settings, a network may expose vulnerabilities or unnecessary access points, thereby increasing the risk of unauthorized access and potential data breaches. Therefore, it is essential to define a custom firewall rule that aligns with the specific security needs of the network. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_compute_network, google_compute_firewall + +To fix this issue, you need to create a new firewall in the GCP network and make sure it does not use the default firewall. You can do this by defining it in your Terraform scripts. + +[source,go] +--- +resource "google_compute_firewall" "default" { + name = "test-firewall" + network = google_compute_network.default.self_link + + allow { + protocol = "icmp" + } + allow { + protocol = "tcp" + ports = ["80", "443"] + } +} + +resource "google_compute_network" "default" { + name = "test-network" + auto_create_subnetworks = "false" +} +--- + +This Terraform code creates custom network and firewall which does not rely on default firewall. The firewall rule `test-firewall` is associated with the custom network `test-network`, thus the GCP network no longer uses the default firewall. It has specific rules which only allows traffic on ICMP protocol and TCP ports 80 and 443, reducing the attack surface. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-2.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-2.adoc index ecc48a43db..2477d688ed 100644 --- a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-2.adoc +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-2.adoc @@ -13,11 +13,10 @@ | https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/gcp/GoogleComputeFirewallUnrestrictedIngress3389.py[CKV_GCP_3] |Severity -|HIGH +|INFO |Subtype -|Build -//, Run +|Run, Build |Frameworks |Terraform,TerraformPlan diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-2-20.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-2-20.adoc new file mode 100644 index 0000000000..177426c2f0 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-2-20.adoc @@ -0,0 +1,64 @@ + +== Ensure MySQL DB instance has point-in-time recovery backup configured + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 25f41a54-717e-410c-a2ae-fb293dc2ed6d + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml[CKV2_GCP_20] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that a MySQL DB instance has a point-in-time recovery backup configured. Point-in-time recovery allows you to restore your database to any second during your retention period, up to the last five minutes. Not having this setup can be risky as it might result in data loss if there is an issue or outage. By not using point-in-time recovery backup, you are potentially putting your data at risk in the event of a disaster or data corruption issue. Therefore, it's crucial to have this backup configuration in place to safeguard your data. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance +* *Arguments:* database_version, settings.backup_configuration.binary_log_enabled + +To fix this, you need to enable Point-In-Time Recovery (PITR) in your MySQL DB instance. Please ensure the `backup_window` and `backup_retention_period` attributes are configured optimally. Here's some example code: + +[source,hcl] +---- +resource "google_sql_database_instance" "default" { + name = "mysql-instance" + region = "us-central1" + database_version = "MYSQL_5_6" + + settings { + tier = "db-f1-micro" + + backup_configuration { + enabled = true ++ binary_log_enabled = true + start_time = "05:00" // specify a convenient time + } + } + + backup_window { + start_time = "05:00" + } + + backup_retention_period = 30 +} +---- + +In the above example, we've enabled backups by setting `enabled` to `true` under `backup_configuration`. `binary_log_enabled` is also set to `true` to ensure binary logging (necessary for point-in-time recovery) is enabled. The `start_time` attribute is set to schedule the backup at a specific time. Also, `backup_retention_period` has been set to `30` days to hold backups. diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-13.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-13.adoc new file mode 100644 index 0000000000..5ed2ea15a5 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-13.adoc @@ -0,0 +1,58 @@ + +== PostgreSQL database flag 'log_duration' is not set to 'on' + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| f2f61d99-95dc-4a3c-9684-c6d7370316fc + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml[CKV2_GCP_13] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy verifies if the 'log_duration' flag is set to 'on' for a PostgreSQL database in Google Cloud Platform (GCP). The 'log_duration' flag, when turned on, logs the duration of each completed SQL command that was run on the PostgreSQL instance. + +If this configuration is not enabled, it could lead to less visibility in monitoring and diagnosing database performance issues. This lack of insight can introduce difficulties when trying to troubleshoot or optimize performance because durations of SQL commands are crucial to understanding where potential slowdowns or bottlenecks may lie. So, leaving 'log_duration' off can limit the ability to effectively manage the database. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance +* *Arguments:* settings.database_flags + +To fix this issue, you need to ensure that the 'log_duration' flag in the PostgreSQL database is set to 'on'. + +[source,hcl] +---- +resource "google_sql_database_instance" "db" { + name = "db-instance" + database_version = "POSTGRES_9_6" + region = "us-central1" + + settings { + database_flags { + name = "log_duration" + value = "on" + } + } +} +---- + +In the above code, 'log_duration' is set to 'on' for the PostgreSQL instance. This means that each statement's duration will be logged, enhancing the visibility and traceability of operations conducted on your database, further strengthening its security against any potential unauthorized access or actions. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-14.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-14.adoc new file mode 100644 index 0000000000..51b255ee6b --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-14.adoc @@ -0,0 +1,58 @@ + +== PostgreSQL database flag 'log_executor_stats' is not set to 'off' + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| af5d8441-00f5-46db-aa34-ec90cc8a949e + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml[CKV2_GCP_14] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to make sure that the 'log_executor_stats' flag is set to 'off' for PostgreSQL databases in Google Cloud Platform (GCP). The 'log_executor_stats' flag, when enabled, logs information about the performance of the executor stage of query execution in PostgreSQL. While this information can be useful for performance tuning, it can also generate a significant amount of log data, potentially leading to increased storage costs and making important log entries harder to find. Therefore, unless this level of logging is necessary, the policy suggests setting this flag to 'off' to discourage unnecessary logging. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance +* *Arguments:* settings.database_flags + +To fix this issue, you should set the 'log_executor_stats' flag value to 'off' for PostgreSQL database instances in your Terraform configuration. Before disabling, understand that this flag can provide useful metrics but may add extra overhead, so it's important to balance your needs accordingly. + +[source,hcl] +``` +resource "google_sql_database_instance" "default" { + project = "my-gcp-project" + name = "my-database" + region = "us-central1" + + settings { + tier = "db-f1-micro" + + database_flags { + name = "log_executor_stats" + value = "off" + } + } +} +``` + +The above code block configures a Google Cloud SQL PostgreSQL database instance with the 'log_executor_stats' flag set to 'off'. This will ensure that executor-level statistics for each query are not in the database log, thereby meeting the Checkov policy requirements, reducing unnecessary overhead, and potentially improving performance. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-15.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-15.adoc new file mode 100644 index 0000000000..212ba1fc9b --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-15.adoc @@ -0,0 +1,57 @@ + +== PostgreSQL database flag 'log_parser_stats' is not set to 'off' + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 186a44a5-9530-4d85-9095-cbc1c417e7c8 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml[CKV2_GCP_15] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to verify if the 'log_parser_stats' flag in the PostgreSQL database is set to 'off'. This flag, when turned on, logs statistical information about query parsing and rewriting. While this might be useful for debugging, it can generate a vast amount of log data significantly consuming disk space, and may potentially lead to performance degradation. Therefore, for optimal performance and saving resources, it is generally recommended to set the 'log_parser_stats' flag to 'off' in a production environment. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance +* *Arguments:* settings.database_flags + +To fix the issue, you should ensure that the 'log_parser_stats' flag for your PostgreSQL database is set to 'off'. Here is an example of how to do it in your Terraform file: + +[source,hcl] +---- +resource "google_sql_database_instance" "default" { + name = "database" + region = "us-central1" + + database_version = "POSTGRES_11" + + settings { + database_flags { + name = "log_parser_stats" + value = "off" + } + } +} +---- + +The above code is secure because the 'log_parser_stats' flag is explicitly set to 'off'. The 'log_parser_stats' flag in PostgreSQL enables detailed statistics for the parser stage of query execution, including the number of created and used tokens and the number of created and used parse nodes. Logging these statistics can have a significant performance impact. So, having this flag off helps in reducing the overhead of unnecessary logging, decreasing the chance of slowed performance of your PostgreSQL database. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-16.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-16.adoc new file mode 100644 index 0000000000..3f4e40f9e8 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-16.adoc @@ -0,0 +1,59 @@ + +== PostgreSQL database flag 'log_planner_stats' is not set to 'off' + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 40087b14-6b4c-440e-b77c-0d6de2954b2f + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml[CKV2_GCP_16] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that the 'log_planner_stats' flag for PostgreSQL databases is set to 'off'. The 'log_planner_stats' flag is used to enable or disable logging of planner statistics in PostgreSQL. While logging these statistics might be useful for debugging or optimizing purposes, they could potentially contain sensitive information. Furthermore, having this flag set to 'on' could impact the performance of your database due to the overhead of logging. Therefore, it is generally recommended to have this flag set 'off' in a production environment to maintain security and optimal performance. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance +* *Arguments:* settings.database_flags + +To fix this issue, you need to add the 'log_planner_stats' setting within settings block in the database instance and set it to 'off'. This statement is an example of how you can define a database_instance: +```hcl +resource "google_sql_database_instance" "default" { + name = "test" + region = "us-central1" + + # ... + + database_version = "POSTGRES_9_6" + + settings { + database_flags { + name = "log_planner_stats" + value = "off" + } + + # ... + } +} +``` + +This code is secure because setting the 'log_planner_stats' to 'off' ensures that the planner's statistical data is not logged. This helps maintain the security of our database as it may prevent the accidental logging and exposure of sensitive data. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-17.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-17.adoc new file mode 100644 index 0000000000..c2c1b6a925 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-2-17.adoc @@ -0,0 +1,57 @@ + +== PostgreSQL database flag 'log_statement_stats' is not set to 'off' + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| dc45b7cd-27d4-41d2-a111-acedc0e5d48c + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/gcp/GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml[CKV2_GCP_17] + +|Severity +|LOW + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is examining whether the 'log_statement_stats' flag for PostgreSQL databases is set to 'off'. The 'log_statement_stats' setting controls whether detailed statistics on each statement that is executed are included in the server's logs. If it is set to 'on', this would generate a lot of log output, especially for systems executing complex operations, which can easily fill up the storage media, affect database performance, and make the logs difficult to read. Moreover, the information collected by the 'log_statement_stats' could potentially contain sensitive data, thus posing a data exposure risk. Hence, it's recommended to set it to 'off' by default and only enable it temporarily when needed for debugging. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance +* *Arguments:* settings.database_flags + +To fix this issue, you need to ensure that the PostgreSQL database flag 'log_statement_stats' is set to 'off'. This can be achieved by including the flag in the settings of the managed PostgreSQL database instance like this: + +[source,hcl] +---- +resource "google_sql_database_instance" "default" { + name = "default" + database_version = "POSTGRES_9_6" + region = "us-central1" + + settings { + database_flags { + name = "log_statement_stats" + value = "off" + } + } +} +---- + +The provided code is secure because it turns off the PostgreSQL database flag 'log_statement_stats'. This flag, when turned on, causes the system to compute and report the detailed statement-level statistics about the workload of the PostgreSQL server. Turning off this flag is a good practice for the production database because intensive statistics gathering will likely have substantial overhead on the server's performance. Thus, setting 'log_statement_stats' to 'off' will enhance the performance of your PostgreSQL database. + + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-108.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-108.adoc new file mode 100644 index 0000000000..38ccacb9a5 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-108.adoc @@ -0,0 +1,51 @@ +== GCP PostgreSQL instance database flag log_hostname is not set to off + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 96c7404f-856a-42df-b4ea-61b3486806a5 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogHostname.py[CKV_GCP_108] + +|Severity +|INFO + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is concerned with monitoring and logging activities within Google Cloud Platform's (GCP) PostgreSQL databases. It verifies that hostnames are being logged. The absence of this feature could hinder an organization's ability to track user activities, troubleshoot issues or conduct forensic investigations in the event of a data breach or an attack. Proper logging could help in detecting foul play quicker and in responding to regulatory compliance checks or audits. Thus, it's critical to ensure hostnames are logged for GCP PostgreSQL databases for robust security control. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance + +To correct this issue, you should set the flag, log_hostname, to ON. This will ensure that all hostnames of clients attempting to connect to the database are logged. + +[source,hcl] +---- +resource "google_sql_database_instance" "database_instance" { + database_version = "POSTGRES_13" + settings { + database_flags { + name = "log_hostname" + value = "on" + } + } +} +---- + +In this code, setting the log_hostname flag to ON means that PostgreSQL will include the hostname of connecting clients in the logs. This is helpful for security purposes, because if there are unauthorized attempts to access the database, the log information can help identify where the attempts are coming from. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-109.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-109.adoc new file mode 100644 index 0000000000..6a6832de2e --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-109.adoc @@ -0,0 +1,59 @@ + +== Log levels of the GCP PostgreSQL database are not set to ERROR or lower + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| be41aab1-d2ea-47a0-802b-e1511109ec08 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogMinErrorStatement.py[CKV_GCP_109] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking for the log levels of a Google Cloud Platform (GCP) PostgreSQL database. It makes sure that these log levels are set to ERROR or lower. + +Why is this important? In short, it's about maintaining the appropriate level of security and managing the efficiency of your log management. + +If log levels are set too high, you might capture too much unnecessary information, which can create a lot of noise in your logs, making it harder to identify serious issues. On the other hand, it can also lead to increased costs, as a larger volume of data requires more storage and computational power to analyze. + +Setting the log level to ERROR or lower ensures that log captures focus mainly on error events or those of higher significance. This way, troubleshooting becomes more efficient, it's easier to identify and rectify problematic issues, and unnecessary expenditure on data analysis can be reduced. Therefore, not adhering to this policy can lead to inefficient resource management and difficulty in identifying critical database issues. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance + +To fix the issue: + +You need to set the logging level for your GCP PostgreSQL database to 'ERROR' or lower. This can be done in your Terraform code by setting the `log_min_messages` parameter to ERROR. + +[source,hcl] +---- +resource "google_sql_database_instance" "default" { + settings { + database_flags { + name = "log_min_messages" + value = "ERROR" + } + } +} +---- + +The provided code is secure because it ensures the GCP PostgreSQL database log levels are set to error or lower. This helps in limiting the amount of logged information, thereby keeping the system secure from unnecessary exposure. It allows to log only critical information which is beneficial from a security and resource standpoint. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-110.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-110.adoc new file mode 100644 index 0000000000..94ef63d549 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-110.adoc @@ -0,0 +1,51 @@ + +== pgAudit is disabled for your GCP PostgreSQL database + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 98e4c06e-2ccb-4786-aa46-03b8ba450e45 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlEnablePgaudit.py[CKV_GCP_110] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is verifying that pgAudit is activated for your Google Cloud Platform PostgreSQL database. The pgAudit extension provides detailed session and/or object audit logging via the standard logging facility provided by PostgreSQL. The reason this is important is that it enables tracking of who did what and when in the database, providing valuable information if there's ever a security breach or an unexpected change. Not having this could expose the database to risk as you would lack the ability to conduct a proper investigation or audit. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance + +To fix this issue, you need to enable pgAudit for your GCP PostgreSQL database. This can be done by setting the `database_flags` attribute to `pgaudit.log` in the `google_sql_database_instance` resource block to capture the database activities. + +[source,hcl] +---- +resource "google_sql_database_instance" "default" { + settings { + database_flags { + name = "pgaudit.log" + value = "'all'" + } + } +} +---- + +In the above code, the `pgaudit.log` flag is set to `'all'` which means that all queries and operations that occur on the PostgreSQL database will be logged. This ensures a comprehensive audit log is maintained for the data operations in the database, therefore adhering to the best practices and improving the security of the GCP PostgreSQL database setup. This is crucial for maintaining compliance and for post-incident investigations. + diff --git a/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-111.adoc b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-111.adoc new file mode 100644 index 0000000000..c280a0330f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-google-cloud-111.adoc @@ -0,0 +1,59 @@ + +== SQL statements of GCP PostgreSQL are not logged + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 8136a48f-75a2-4e92-a102-fcc578a83cfd + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/gcp/GoogleCloudPostgreSqlLogStatement.py[CKV_GCP_111] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy (CKV_GCP_111) pertains to logging practices in Google Cloud Platform's (GCP) PostgreSQL. It ensures that SQL statements are being logged. Logging SQL statements is beneficial because it helps tracks all the actions and queries performed on a database server. From a security viewpoint, logging SQL statements is critical to detect and investigate suspicious database activity, reduce risk of data loss, and gather forensic evidence in case of a data breach. If SQL statements are not logged, an organization may miss crucial data and alerts about potential security threats or operational issues. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* google_sql_database_instance + +To fix this issue, you should enable the SQL logging for your GCP PostgreSQL database. Modify your `google_sql_database_instance` resource in the following way: + +[source,go] +---- +resource "google_sql_database_instance" "default" { + name = "database" + region = "us-central1" + database_version = "POSTGRES_11" + + settings { + ... + + database_flags { + name = "log_statement" + value = "all" + } + + ... + } +} +---- + +The above code is secure because it sets the `log_statement` flag to `all` in the `google_sql_database_instance` settings, which means that all SQL statements sent to the server will be logged – a good tool for troubleshooting and auditing. It is inline with Google Cloud's best practices for secure and dependable applications. + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-4.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-4.adoc new file mode 100644 index 0000000000..6b2ad69997 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-4.adoc @@ -0,0 +1,59 @@ +== OCI File Storage File System access is not restricted to root users + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 457bb40e-ba24-468e-bdbd-f47677971761 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_NFSaccessRestrictedToRootUsers.yaml[CKV2_OCI_4] + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that access to the File Storage File System is restricted to root users only. Granting unrestricted access or non-root user access to a File Storage File System can lead to threats like unauthorized access, data leakage, and potential modifications to critical files, which in turn can disrupt system processes and compromise data integrity and security. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* oci_file_storage_export +* *Arguments:* export_options.identity_squash + +To fix this policy, you need to set the `identity_squash` attribute to `ROOT` in the "oci_file_storage_export" resource. + +[source,hcl] +---- +resource "oci_file_storage_export" "fail_1" { + export_set_id = oci_file_storage_export_set.fss_pud_export_set.id + file_system_id = oci_file_storage_file_system.fss_pud_file_system.id + path = var.export_path_fss_pud + + export_options { + source = var.pud_subnet_cidr_block + access = "READ_WRITE" + identity_squash = "ROOT" + require_privileged_source_port = true + } + export_options { + source = var.pud_web_subnet_cidr_block + access = "READ_WRITE" + identity_squash = "NONE" + require_privileged_source_port = true + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-5.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-5.adoc new file mode 100644 index 0000000000..0503218efc --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-5.adoc @@ -0,0 +1,48 @@ + +== OCI Kubernetes Engine Cluster boot volume is not configured with in-transit data encryption + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| f5c3b3c2-0993-4915-9d8e-9117423bd271 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_K8EngineClusterBootVolConfigInTransitEncryption.yaml[CKV2_OCI_5] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is assessing whether the Kubernetes Engine Cluster boot volume is set up with in-transit data encryption. The reason why failing to implement this can be harmful is because unencrypted data can be easily intercepted during transit, potentially leading to a confidentiality breach. Enabling in-transit data encryption ensures that the data being transferred cannot be understood if intercepted, and hence, prevents unauthorized access to sensitive information. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* oci_containerengine_node_pool +* *Arguments:* node_config_details.is_pv_encryption_in_transit_enabled + +To fix the issue, you should enable in-transit data encryption for the boot volume of the Kubernetes Engine Cluster. You can do this by setting the "is_pv_encryption_in_transit_enabled" attribute to "TRUE" in your resource block. + +[source,hcl] +---- +resource "oci_containerengine_node_pool" "example" { + ... + node_config_details { +- is_pv_encryption_in_transit_enabled = false + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-6.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-6.adoc new file mode 100644 index 0000000000..32de9a55f5 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/general/bc-oci-2-6.adoc @@ -0,0 +1,62 @@ + +== OCI Kubernetes Engine Cluster pod security policy not enforced + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 735977ee-e9f0-4d0b-a52a-2c326b73649e + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_K8EngineClusterPodSecPolicyEnforced.yaml[CKV2_OCI_6] + +|Severity +|LOW + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that the pod security policy is enforced for Kubernetes Engine Clusters. A pod security policy is a cluster-level resource that controls the security-sensitive aspects of the pod specification. This policy checks if this safety protocol is in place. + +If this policy is not enforced, it may leave the Kubernetes Engine Clusters vulnerable to security issues. The absence of this policy may allow the creation and modification of pods that may affect the stability and integrity of the overall cluster. Therefore, not having a Kubernetes Engine Cluster pod security policy enforced is recognized as a bad practice due to its potential risks to security and stability. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* oci_containerengine_cluster +* *Arguments:* options.admission_controller_options.is_pod_security_policy_enabled + +This Checkov policy indicates that the Kubernetes Engine Cluster pod security policy is not enforced. + +To fix this issue, you need to enable PodSecurityPolicy in your Kubernetes Engine. A Kubernetes Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. + +[source,go] +---- +resource "oci_containerengine_cluster" "pass" { + + options { + admission_controller_options { ++ is_pod_security_policy_enabled = "True" + } + persistent_volume_config { + freeform_tags = { + "ClusName" = pud_cluster + } + } + } + vcn_id = oci_core_vcn.pud_oci_core_vcn.id +} +---- + +In the secure code above, "is_pods_security_enabled" is set to true, meaning that the Pod Security Policy is being enforced. This will ensure that any pod that violates the policy will not be created. This enhances the security of your cluster by ensuring that only secure pods are allowed to be run. + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/general/general.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/general/general.adoc new file mode 100644 index 0000000000..2b4796ba3c --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/general/general.adoc @@ -0,0 +1,12 @@ +== General + +[width=85%] +[cols="1,1,1"] +|=== +|Policy|Checkov ID| Severity + + + + +|=== + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/iam/bc-oci-2-1.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/iam/bc-oci-2-1.adoc new file mode 100644 index 0000000000..ab2849f01a --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/iam/bc-oci-2-1.adoc @@ -0,0 +1,65 @@ + +== OCI tenancy administrator users are associated with API keys + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 6db9b686-4d34-4bb4-8821-6f9dd7837f0b + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/AdministratorUserNotAssociatedWithAPIKey.yaml[CKV2_OCI_1] + +|Severity +|MEDIUM + +|Subtype +|Run,Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that administrator users are not associated with API keys. This is important because, if an administrator's API key is compromised, it can give the attacker extensive privileges that can potentially lead to critical consequences. Access via API keys should be given to services and applications, not to users, in order to maintain proper access control and minimize risk. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* oci_identity_group, oci_identity_user + +To fix this issue, do not associate API keys with administrator users. Instead, use instance principals or dynamic groups. Also, keep a regular rotation of API keys and deprecate old ones to maintain better security. + +[source,go] +---- +resource "oci_identity_user" "user1" { + #Required + compartment_id = "var.tenancy_ocid" + description = "var.user_description" + name = "user1" + + #Optional + defined_tags = {"Operations.CostCenter"= "42"} + email = "var.user_email" + freeform_tags = {"Department"= "Finance"} +} + +- resource "oci_identity_api_key" "user1_api_key" { +- #Required +- key_value = "var.api_key_key_value" +- user_id = oci_identity_user.user1.id +- } + +resource "oci_identity_user_group_membership" "user1_in_admin_group" { + #Required + group_id = oci_identity_group.admin_group.id + user_id = oci_identity_user.user1.id +} +---- + + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/bc-oci-2-2.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/bc-oci-2-2.adoc new file mode 100644 index 0000000000..b8b20b1497 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/bc-oci-2-2.adoc @@ -0,0 +1,61 @@ + +== OCI Network Security Group allows all traffic on RDP port (3389) + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 7895af22-b552-4189-b151-0cc4626e2c1a + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_NSGNotAllowRDP.yaml[CKV2_OCI_2] + +|Severity +|INFO + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to make sure that Network Security Group (NSG) does not allow unrestricted traffic on the Remote Desktop Protocol (RDP) port, which is 3389. Allowing unrestricted RDP traffic could leave the network open to potential brute force attacks, where attackers attempt to gain unauthorized access by trying different combinations of usernames and passwords. Additionally, if security vulnerabilities are discovered in RDP, the network could become an easy target for attackers. Therefore, it is a bad practice to allow all traffic on the RDP port due to these security risks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* oci_core_network_security_group_security_rule +* *Arguments:* TBD + +Source should either not be 0.0.0.0/0 or the destination port should not include 3389. + +[source,hcl] +---- +resource "oci_core_network_security_group_security_rule" "pass_1" { + network_security_group_id = oci_core_network_security_group.fail_network_security_group.id + protocol = "1" + direction = "INGRESS" ++ source = "192.168.12.0/0" + stateless = true + + tcp_options { + destination_port_range { + min = 3389 + max = 3391 + } + + source_port_range { + min = 100 + max = 100 + } + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/bc-oci-2-3.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/bc-oci-2-3.adoc new file mode 100644 index 0000000000..d23729b1bc --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/bc-oci-2-3.adoc @@ -0,0 +1,51 @@ + +== OCI Kubernetes Engine Cluster endpoint is not configured with Network Security Groups + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| b40cbb3f-794e-4031-9d97-3902e4ae0a46 + +|Checkov ID +| https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/graph_checks/oci/OCI_KubernetesEngineClusterEndpointConfigWithNSG.yaml[CKV2_OCI_3] + +|Severity +|INFO + +|Subtype +|Build + +|Frameworks +|Terraform,TerraformPlan + +|=== + +=== Description + +This policy is checking to ensure that a Kubernetes engine cluster is configured with Network Security Group(s), or NSG(s). Failure to do so can greatly increase the security risk. NSGs offer an additional layer of security, acting as a firewall at the subnet level, controlling ingress and egress by defining rules based on the source and destination IP addresses, ports, and protocols. Without an NSG, a Kubernetes cluster could be more vulnerable to network attacks. + +=== Fix - Buildtime + +*Terraform* + +* *Resource:* oci_containerengine_cluster +* *Arguments:* endpoint_config.nsg_ids + +To address this issue, you should associate a Network Security Group (NSG) with the cluster's subnet. An NSG contains a list of access control lists (ACLs) that allow or deny traffic to subnets or network interfaces. + +[source,hcl] +---- +resource "oci_containerengine_cluster" "pass" { + + endpoint_config { + nsg_ids = [ ++ "ocid1.networksecuritygroup.oc1..pud_cki_1", ++ "ocid2.networksecuritygroup.oc1..pud_cki_2", + ] + } +} +---- + diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-group-has-stateless-ingress-security-rules.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-group-has-stateless-ingress-security-rules.adoc index f2c5d2919a..2af3f33d7d 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-group-has-stateless-ingress-security-rules.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-group-has-stateless-ingress-security-rules.adoc @@ -24,9 +24,9 @@ This is recommended for high volume websites. [source,go] ---- resource "oci_core_network_security_group_security_rule" "pass" { -network_security_group_id = oci_core_network_security_group.test_network_security_group.id -direction = "INGRESS" -protocol = var.network_security_group_security_rule_protocol + network_security_group_id = oci_core_network_security_group.test_network_security_group.id + direction = "INGRESS" + protocol = var.network_security_group_security_rule_protocol } ---- diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-groups-rules-do-not-allow-ingress-from-00000-to-port-22.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-groups-rules-do-not-allow-ingress-from-00000-to-port-22.adoc index fdd9d4f0c7..2d2f79959c 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-groups-rules-do-not-allow-ingress-from-00000-to-port-22.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-groups-rules-do-not-allow-ingress-from-00000-to-port-22.adoc @@ -42,15 +42,17 @@ Removing unfettered connectivity to remote console services, such as SSH, reduce [source,go] ---- resource "oci_core_network_security_group_security_rule" "pass" { - network_security_group_id = oci_core_network_security_group.sg.id - direction = "EGRESS" + ... + direction = "INGRESS" protocol = "all" source = "0.0.0.0/0" tcp_options { destination_port_range { - max = 22 - min = 22 ++ max = 25 +- min = 25 +- max = 22 +- min = 22 } } } diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-22.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-22.adoc index be503280ef..91aa2f86c4 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-22.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-22.adoc @@ -42,28 +42,17 @@ Removing unfettered connectivity to remote console services, such as SSH, reduce [source,go] ---- resource "oci_core_security_list" "pass0" { - compartment_id = "var.compartment_id" - vcn_id = "oci_core_vcn.test_vcn.id" + ... ingress_security_rules { - protocol = "var.security_list_ingress_security_rules_protocol" + ... source = "0.0.0.0/0" tcp_options { max = 25 - min = 25 - source_port_range { - max = "var.security_list_ingress_security_rules_tcp_options_source_port_range_max" - min = "var.security_list_ingress_security_rules_tcp_options_source_port_range_min" - } - } - udp_options { - max = 21 - min = 20 - source_port_range { - max = "var.security_list_ingress_security_rules_udp_options_source_port_range_max" - min = "var.security_list_ingress_security_rules_udp_options_source_port_range_min" - } ++ min = 25 +- min = 22 + ... } } } diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-3389.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-3389.adoc index 43a56756fb..c6d60f15a2 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-3389.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-3389.adoc @@ -41,28 +41,16 @@ As a best practice, restrict security groups to only allow permitted traffic and [source,go] ---- resource "oci_core_security_list" "pass0" { - compartment_id = "var.compartment_id" - vcn_id = "oci_core_vcn.test_vcn.id" - + ... ingress_security_rules { - protocol = "var.security_list_ingress_security_rules_protocol" + ... source = "0.0.0.0/0" tcp_options { max = 4000 - min = 3390 - source_port_range { - max = "var.security_list_ingress_security_rules_tcp_options_source_port_range_max" - min = "var.security_list_ingress_security_rules_tcp_options_source_port_range_min" - } - } - udp_options { - max = 21 - min = 20 - source_port_range { - max = "var.security_list_ingress_security_rules_udp_options_source_port_range_max" - min = "var.security_list_ingress_security_rules_udp_options_source_port_range_min" - } ++ min = 3390 +- min = 3389 + ... } } } diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-has-an-inbound-security-list.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-has-an-inbound-security-list.adoc index ee05d36664..5c35adc44a 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-has-an-inbound-security-list.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-has-an-inbound-security-list.adoc @@ -68,10 +68,10 @@ It is recommended that Virtual Cloud Networks (VCN) security lists are configure resource "oci_core_security_list" "pass" { compartment_id = oci_identity_compartment.tf-compartment.id vcn_id = oci_core_vcn.test_vcn.id - ingress_security_rules { - protocol = "all" - source="192.168.1.0/24" - } ++ ingress_security_rules { ++ protocol = "all" ++ source="192.168.1.0/24" ++ } } ---- diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-inbound-security-lists-are-stateless.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-inbound-security-lists-are-stateless.adoc index 389779f69d..c0479a6e5c 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-inbound-security-lists-are-stateless.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-inbound-security-lists-are-stateless.adoc @@ -73,6 +73,7 @@ resource "oci_core_security_list" "pass" { ingress_security_rules { protocol = "all" source="192.168.1.0/24" +- stateless = false } } ---- diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-block-storage-block-volume-has-backup-enabled.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-block-storage-block-volume-has-backup-enabled.adoc index b6445292b6..afc3381152 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-block-storage-block-volume-has-backup-enabled.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-block-storage-block-volume-has-backup-enabled.adoc @@ -65,17 +65,9 @@ It is recommended to have block volume backup policies on each block volume that [source,go] ---- -resource "oci_core_volume" "pass" { - #Required - compartment_id = var.compartment_id - - #Optional - availability_domain = var.volume_availability_domain - backup_policy_id = data.oci_core_volume_backup_policies.test_volume_backup_policies.volume_backup_policies.0.id - block_volume_replicas { - #Required - availability_domain = var.volume_block_volume_replicas_availability_domain - +resource "oci_core_volume" "example" { + ... ++ backup_policy_id = data.oci_core_volume_backup_policies.test_volume_backup_policies .... } ---- diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-is-encrypted-with-customer-managed-key.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-is-encrypted-with-customer-managed-key.adoc index 953ef74d49..a3dfe12e8c 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-is-encrypted-with-customer-managed-key.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-is-encrypted-with-customer-managed-key.adoc @@ -61,7 +61,7 @@ It is recommended that Object Storage buckets should be encrypted with a Custome *Terraform* -* *Resource:* oci_objectstorage_bucke +* *Resource:* oci_objectstorage_bucket * *Arguments:* kms_key_id diff --git a/docs/en/enterprise-edition/policy-reference/oci-policies/storage/oci-block-storage-block-volumes-are-not-encrypted-with-a-customer-managed-key-cmk.adoc b/docs/en/enterprise-edition/policy-reference/oci-policies/storage/oci-block-storage-block-volumes-are-not-encrypted-with-a-customer-managed-key-cmk.adoc index 1177018bf7..08378d2534 100644 --- a/docs/en/enterprise-edition/policy-reference/oci-policies/storage/oci-block-storage-block-volumes-are-not-encrypted-with-a-customer-managed-key-cmk.adoc +++ b/docs/en/enterprise-edition/policy-reference/oci-policies/storage/oci-block-storage-block-volumes-are-not-encrypted-with-a-customer-managed-key-cmk.adoc @@ -68,23 +68,9 @@ It is recommended that Block Storage Volumes should be encrypted with a Customer [source,go] ---- resource "oci_core_volume" "pass" { - #Required - compartment_id = var.compartment_id - availability_domain = var.volume_block_volume_replicas_availability_domain - - } - defined_tags = { "Operations.CostCenter" = "42" } - display_name = var.volume_display_name - freeform_tags = { "Department" = "Finance" } - is_auto_tune_enabled = var.volume_is_auto_tune_enabled - kms_key_id = oci_kms_key.test_key.id - size_in_gbs = var.volume_size_in_gbs - size_in_mbs = var.volume_size_in_mbs - source_details { - #Required - id = var.volume_source_details_id - type = var.volume_source_details_type - } + ... ++ kms_key_id = oci_kms_key.test_key.id + ... } ---- diff --git a/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/bc-openstack-networking-2.adoc b/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/bc-openstack-networking-2.adoc index 94f45ab7c5..d36380e2bb 100644 --- a/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/bc-openstack-networking-2.adoc +++ b/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/bc-openstack-networking-2.adoc @@ -45,15 +45,15 @@ This allows you to control which traffic is allowed or denied based on the desti [source,go] ---- resource "openstack_compute_secgroup_v2" "secgroup_1" { - name = "my_secgroup" - description = "my security group" - - rule { - from_port = 3389 - to_port = 3389 - ip_protocol = "tcp" - from_group_id = "5338c192-5118-11ec-bf63-0242ac130002" - } - } + name = "my_secgroup" + description = "my security group" + + rule { + from_port = 3389 + to_port = 3389 + ip_protocol = "tcp" +- cidr = "0.0.0.0/0" + } +} ---- diff --git a/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/ensure-openstack-firewall-rule-has-destination-ip-configured.adoc b/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/ensure-openstack-firewall-rule-has-destination-ip-configured.adoc index 5e18f98b9a..9edae7181f 100644 --- a/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/ensure-openstack-firewall-rule-has-destination-ip-configured.adoc +++ b/docs/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/ensure-openstack-firewall-rule-has-destination-ip-configured.adoc @@ -43,12 +43,12 @@ You also need to ensure that the destination IP is not 0.0.0.0 so that the firew [source,go] ---- resource "openstack_fw_rule_v1" "fail" { -name = "my_rule_world" -description = "let anyone in" -action = "allow" -protocol = "tcp" -destination_port = "22" -enabled = "true" + name = "my_rule_world" + description = "let anyone in" + action = "allow" + protocol = "tcp" + destination_port = "22" + enabled = "true" } ---- diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-java-policy-index.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-java-policy-index.adoc index b4e5d46ccb..9143164071 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-java-policy-index.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-java-policy-index.adoc @@ -5,10 +5,6 @@ |=== |Policy|Checkov ID| Severity -|xref:sast-policy-1.adoc[Improper neutralization of input during web page generation ('Cross-site Scripting')] -|CKV3_SAST_1 -|LOW - |xref:sast-policy-7.adoc[Improper neutralization of argument delimiters in a command ('Argument Injection')] |CKV3_SAST_7 |HIGH @@ -17,10 +13,6 @@ |CKV3_SAST_8 |HIGH -|xref:sast-policy-9.adoc[Improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')] -|CKV3_SAST_9 -|MEDIUM - |xref:sast-policy-12.adoc[Integrity of the data during transmission is not being verified] |CKV3_SAST_12 |MEDIUM @@ -29,10 +21,6 @@ |CKV3_SAST_13 |MEDIUM -|xref:sast-policy-14.adoc[Unsafe use of Cross-Origin Resource Sharing (CORS)] -|CKV3_SAST_14 -|MEDIUM - |xref:sast-policy-15.adoc[Unsafe use of hazelcast symmetric encryption] |CKV3_SAST_15 |LOW @@ -57,23 +45,15 @@ |CKV3_SAST_20 |MEDIUM -|xref:sast-policy-21.adoc[Cookie contains sensitive session info] +|xref:sast-policy-21.adoc[Cookie contains sensitive session information] |CKV3_SAST_21 |HIGH -|xref:sast-policy-22.adoc[Trust Boundary is Violated] -|CKV3_SAST_22 -|LOW - -|xref:sast-policy-23.adoc[Security of REST web service is not analyzed] -|CKV3_SAST_23 -|MEDIUM - -|xref:sast-policy-24.adoc[File Creation in Publicly Shared Directories] +|xref:sast-policy-24.adoc[File creation in publicly shared directories] |CKV3_SAST_24 |MEDIUM -|xref:sast-policy-25.adoc[CSRF is Disabled] +|xref:sast-policy-25.adoc[CSRF protection is disabled] |CKV3_SAST_25 |MEDIUM @@ -105,11 +85,7 @@ |CKV3_SAST_48 |MEDIUM -|xref:sast-policy-49.adoc[Unrestricted pathnames from HTTP requests] -|CKV3_SAST_49 -|HIGH - -|xref:sast-policy-102.adoc[Cleartext Transmission of Sensitive Information] +|xref:sast-policy-102.adoc[Cleartext HTTP transmission of sensitive information] |CKV3_SAST_102 |MEDIUM @@ -117,7 +93,7 @@ |CKV3_SAST_103 |MEDIUM -|xref:sast-policy-104.adoc[Cross-Site Request Forgery (CSRF)] +|xref:sast-policy-104.adoc[Cross-site request forgery weakness] |CKV3_SAST_104 |MEDIUM @@ -125,11 +101,7 @@ |CKV3_SAST_105 |MEDIUM -|xref:sast-policy-106.adoc[Deserialization of Untrusted Data] -|CKV3_SAST_106 -|MEDIUM - -|xref:sast-policy-107.adoc[External Control of System or Configuration Setting] +|xref:sast-policy-107.adoc[External control of configuration settings] |CKV3_SAST_107 |HIGH @@ -141,39 +113,27 @@ |CKV3_SAST_109 |MEDIUM -|xref:sast-policy-110.adoc[Improper certificate validation] +|xref:sast-policy-110.adoc[Improper certificate validation with HTTP client] |CKV3_SAST_110 |MEDIUM -|xref:sast-policy-111.adoc[Improper certificate validation] +|xref:sast-policy-111.adoc[Improper certificate validation for hostname verification] |CKV3_SAST_111 |MEDIUM -|xref:sast-policy-112.adoc[Improper control of generation of code ('Code Injection')] +|xref:sast-policy-112.adoc[Unsanitized user input in template engine leading to potential code injection] |CKV3_SAST_112 |HIGH -|xref:sast-policy-113.adoc[Improper control of generation of code ('Code Injection')] +|xref:sast-policy-113.adoc[Unsanitized user input in script engine evaluation leading to potential code injection] |CKV3_SAST_113 |HIGH -|xref:sast-policy-114.adoc[Improper Handling of Unicode Encoding] +|xref:sast-policy-114.adoc[Improper handling of Unicode encoding] |CKV3_SAST_114 |HIGH -|xref:sast-policy-115.adoc[Improper Input Validation] -|CKV3_SAST_115 -|MEDIUM - -|xref:sast-policy-116.adoc[Improper Input Validation] -|CKV3_SAST_116 -|HIGH - -|xref:sast-policy-117.adoc[Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] -|CKV3_SAST_117 -|HIGH - -|xref:sast-policy-118.adoc[Improper neutralization of CRLF sequences ('CRLF Injection')] +|xref:sast-policy-118.adoc[Exposure to tainted data in headers leading to potential CRLF injection] |CKV3_SAST_118 |HIGH @@ -181,7 +141,7 @@ |CKV3_SAST_119 |HIGH -|xref:sast-policy-120.adoc[Improper neutralization of CRLF sequences ('CRLF Injection')] +|xref:sast-policy-120.adoc[Logging data from untrusted sources leading to potential CRLF injection] |CKV3_SAST_120 |HIGH @@ -197,7 +157,7 @@ |CKV3_SAST_123 |MEDIUM -|xref:sast-policy-124.adoc[Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')] +|xref:sast-policy-124.adoc[Improper neutralization of input used in an SQL command (potential SQL injection)] |CKV3_SAST_124 |HIGH @@ -209,11 +169,11 @@ |CKV3_SAST_126 |MEDIUM -|xref:sast-policy-127.adoc[Improper restriction of XML external entity reference ('XXE')] +|xref:sast-policy-127.adoc[Unprotected SAX parser with user input] |CKV3_SAST_127 |HIGH -|xref:sast-policy-128.adoc[Improper restriction of XML external entity reference ('XXE')] +|xref:sast-policy-128.adoc[Unsecured XML stream reader with external input] |CKV3_SAST_128 |HIGH @@ -221,15 +181,15 @@ |CKV3_SAST_129 |HIGH -|xref:sast-policy-130.adoc[Inadequate encryption strength] +|xref:sast-policy-130.adoc[Inadequate RSA encryption strength] |CKV3_SAST_130 |MEDIUM -|xref:sast-policy-131.adoc[Inadequate encryption strength] +|xref:sast-policy-131.adoc[Inadequate encryption strength for HTTPS] |CKV3_SAST_131 |MEDIUM -|xref:sast-policy-132.adoc[Inadequate encryption strength] +|xref:sast-policy-132.adoc[Inadequate encryption strength with Hazelcast library] |CKV3_SAST_132 |MEDIUM @@ -237,23 +197,15 @@ |CKV3_SAST_133 |MEDIUM -|xref:sast-policy-134.adoc[Incorrect permission assignment for critical resource] +|xref:sast-policy-134.adoc[Insecure file permissions setting] |CKV3_SAST_134 |MEDIUM -|xref:sast-policy-135.adoc[Incorrect Permission Assignment for Critical Resource] -|CKV3_SAST_135 -|MEDIUM - |xref:sast-policy-136.adoc[Incorrect type conversion or cast] |CKV3_SAST_136 |MEDIUM -|xref:sast-policy-137.adoc[Information exposure through an error message] -|CKV3_SAST_137 -|MEDIUM - -|xref:sast-policy-138.adoc[Information exposure through an error message] +|xref:sast-policy-138.adoc[Insecure exception logging with output streams] |CKV3_SAST_138 |MEDIUM @@ -265,27 +217,19 @@ |CKV3_SAST_140 |MEDIUM -|xref:sast-policy-141.adoc[Permissive Cross-domain Policy with Untrusted Domains] -|CKV3_SAST_141 -|HIGH - -|xref:sast-policy-142.adoc[Sensitive Cookie in HTTPS Session Without 'Secure' Attribute] +|xref:sast-policy-142.adoc[Unsecure cookie handling in response] |CKV3_SAST_142 |MEDIUM -|xref:sast-policy-143.adoc[Sensitive Cookie in HTTPS Session Without 'Secure' Attribute] -|CKV3_SAST_143 -|MEDIUM - |xref:sast-policy-144.adoc[Sensitive cookie without 'HttpOnly' flag] |CKV3_SAST_144 |MEDIUM -|xref:sast-policy-145.adoc[Server-Side Request Forgery (SSRF)] +|xref:sast-policy-145.adoc[Server-side request forgery (SSRF)] |CKV3_SAST_145 |HIGH -|xref:sast-policy-147.adoc[URL Redirection to Untrusted Site ('Open Redirect')] +|xref:sast-policy-147.adoc[URL redirection to untrusted site] |CKV3_SAST_147 |HIGH @@ -305,7 +249,7 @@ |CKV3_SAST_151 |MEDIUM -|xref:sast-policy-155.adoc[Use of insufficiently random values] +|xref:sast-policy-155.adoc[Use of insufficiently random values from core library] |CKV3_SAST_155 |MEDIUM @@ -313,7 +257,7 @@ |CKV3_SAST_156 |MEDIUM -|xref:sast-policy-162.adoc[Permissive cross-domain policy with untrusted domains] +|xref:sast-policy-162.adoc[Permissive cross-domain policy with untrusted domains using Servlet] |CKV3_SAST_162 |MEDIUM @@ -321,11 +265,7 @@ |CKV3_SAST_163 |MEDIUM -|xref:sast-policy-164.adoc[Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] -|CKV3_SAST_164 -|LOW - -|xref:sast-policy-165.adoc[Improper Neutralization of Special Elements in Data Query Logic] +|xref:sast-policy-165.adoc[Improper neutralization of user input in query logic] |CKV3_SAST_165 |MEDIUM diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-1.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-1.adoc deleted file mode 100644 index 6767cbabe4..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-1.adoc +++ /dev/null @@ -1,66 +0,0 @@ -== Improper neutralization of input during web page generation ('Cross-site Scripting') - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 1823b965-c939-4d0f-a17f-c2ee63ce69aa - -|Checkov ID -|CKV3_SAST_1 - -|Severity -|LOW - -|Subtype -|Build - -|Language -|Java - -|CWEs -|https://cwe.mitre.org/data/definitions/79.html[CWE-79: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')] - -|OWASP Categories -|https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[A03:2021 - Injection] - -|=== - -=== Description - -The potential vulnerability of Cross-site Scripting (XSS) is detected. It arises when user-supplied data from an HTTP request is returned directly in an HTTP response's `sendError` method. This can be exploited by malicious actors to inject script code and might lead to several severe implications. - -For applications running on Apache Tomcat versions 9 and above, the output is automatically encoded, making them less vulnerable to this issue. However, for earlier versions or other application servers, proactive measures need to be taken. - -Cross-site Scripting can manifest in various contexts, from HTML tags, attributes, event attributes, to script blocks and URLs. Particularly in script blocks, multiple encoding methods need to be considered. - -The best practice is to avoid directly embedding user inputs into responses. If this cannot be avoided, ensure that the user inputs are correctly sanitized or encoded to neutralize potentially harmful scripts. - -To address this: - -1. Avoid using direct user input in the `sendError` message parameter. -2. Implement output encoding for user-supplied input using tools like [Apache Commons Text](https://commons.apache.org/proper/commons-text/). -3. Ensure you are aware of and have taken the required precautions depending on the context where the user input is used. - -For example: - -[source,java] ----- -// Get user input -String userInput = request.getParameter("key"); -// Encode the input using the Html4 encoder -String encoded = StringEscapeUtils.escapeHtml4(userInput); -// Respond with the error code and value -response.sendError(401, encoded); ----- - -For a comprehensive overview of XSS and its prevention techniques, refer to the OWASP guide: -- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html - -=== Fix - Buildtime - -Ensure that all user inputs that are being reflected in HTTP responses, especially in `sendError` messages, are adequately sanitized or encoded to prevent Cross-site Scripting attacks. - -By strictly following this guideline, you can effectively safeguard your web applications from potential XSS vulnerabilities. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-102.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-102.adoc index d8f2936199..f659c0bc1c 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-102.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-102.adoc @@ -1,5 +1,5 @@ -== Cleartext Transmission of Sensitive Information +== Cleartext HTTP transmission of sensitive information === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-104.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-104.adoc index aff12176a7..ff820771f3 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-104.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-104.adoc @@ -1,5 +1,5 @@ -== Cross-Site Request Forgery (CSRF) +== Cross-site request forgery weakness === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-106.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-106.adoc deleted file mode 100644 index 6f5e465042..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-106.adoc +++ /dev/null @@ -1,57 +0,0 @@ - -== Deserialization of Untrusted Data - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| a7a37c6e-466b-4f67-b8a7-70fbf04ec5bb - -|Checkov ID -|CKV3_SAST_106 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/502.html[CWE:502 - Deserialization of Untrusted Data] - -|OWASP Categories -|https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[A08:2021 - Software and Data Integrity Failures] - -|=== - -=== Description - -This policy detects the enabling of extensions in an Apache XML RPC server or client, which can lead to a deserialization vulnerability. This vulnerability allows an attacker to execute arbitrary code. - -Vulnerable code example: - -[source,java] ----- -XmlRpcServerConfigImpl.setEnabledForExtensions(true); ----- - -Enabling extensions in the XmlRpcServerConfigImpl class can expose the application to a deserialization vulnerability, as it allows for the execution of arbitrary code. - -=== Fix - Buildtime - -To fix this issue, the enabling of extensions should be set to false. - -Secure code example: - -[source,java] ----- -XmlRpcServerConfigImpl.setEnabledForExtensions(false); ----- - -By setting the `setEnabledForExtensions` parameter to `false`, the code ensures that extensions are not enabled, thereby eliminating the deserialization vulnerability. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-107.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-107.adoc index 367d4b0a42..50e5e135c3 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-107.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-107.adoc @@ -1,5 +1,5 @@ -== External Control of System or Configuration Setting +== External control of configuration settings === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-109.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-109.adoc index ce7a823a71..5e729e6e54 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-109.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-109.adoc @@ -37,8 +37,8 @@ Vulnerable code example: [source,java] ---- -BasicParserPool $POOL = new BasicParserPool(); -$POOL.parse(); +BasicParserPool b = new BasicParserPool(...); +b.parse(...); ---- The above code is vulnerable because it creates a BasicParserPool object without invoking the `setIgnoreComments(true)` method. This means that if the XML contains malicious comments, they can be manipulated by attackers to disrupt attestation fields and bypass security checks. @@ -51,9 +51,9 @@ Secure code example: [source,java] ---- -BasicParserPool $POOL = new BasicParserPool(); -$POOL.setIgnoreComments(true); -$POOL.parse(); +BasicParserPool b = new BasicParserPool(...); +b.setIgnoreComments(true); +b.parse(...); ---- The above code is no longer vulnerable because it properly sets the `setIgnoreComments` property of the BasicParserPool object to true. This ensures that any XML comments included in the parsing process will be ignored, preventing attackers from manipulating them to bypass security checks. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-110.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-110.adoc index 7e1eaddafc..c3ac491057 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-110.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-110.adoc @@ -1,5 +1,5 @@ -== Improper certificate validation +== Improper certificate validation with HTTP client === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-111.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-111.adoc index 1f90199e0b..8eab6412c3 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-111.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-111.adoc @@ -1,5 +1,5 @@ -== Improper certificate validation +== Improper certificate validation for hostname verification === Policy Details @@ -63,4 +63,4 @@ HostnameVerifier verifier = HttpsURLConnection.getDefaultHostnameVerifier(); The above code is no longer vulnerable because it uses the default `HostnameVerifier` implementation, which performs proper certificate validation. By using the default implementation, the code ensures that the server's identity is verified against the certificate provided. Note: The fix may vary depending on the specific use case and requirements, but the key point is to ensure proper certificate validation is performed. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-112.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-112.adoc index 015cf91c57..e0d804ef61 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-112.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-112.adoc @@ -1,5 +1,5 @@ -== Improper control of generation of code ('Code Injection') +== Unsanitized user input in template engine leading to potential code injection === Policy Details @@ -56,4 +56,4 @@ Velocity.evaluate("Hello $userParam"); // Secure code ---- The above code is no longer vulnerable because it sanitizes the user input and ensures that it does not include any malicious code. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-113.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-113.adoc index e168c0717b..17861e1763 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-113.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-113.adoc @@ -1,5 +1,5 @@ -== Improper control of generation of code ('Code Injection') +== Unsanitized user input in script engine evaluation leading to potential code injection === Policy Details @@ -76,4 +76,4 @@ public class Example { In the secure code example, the user input (`userInput`) is first concatenated with a pre-defined JavaScript code (`"var x = "`) to form a valid JavaScript expression. This ensures that the user input is treated as a variable assignment and not as direct code execution. Thus, the vulnerability is mitigated as the injected code will not be executed. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-114.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-114.adoc index 282dab157a..48fd083ee4 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-114.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-114.adoc @@ -1,5 +1,5 @@ -== Improper Handling of Unicode Encoding +== Improper handling of Unicode encoding === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-115.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-115.adoc deleted file mode 100644 index 28e0f6d685..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-115.adoc +++ /dev/null @@ -1,92 +0,0 @@ - -== Improper Input Validation - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| df524eaf-2241-4d1e-8918-0c49e9e06495 - -|Checkov ID -|CKV3_SAST_115 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/20.html[CWE-20: Improper Input Validation] - -|OWASP Categories -|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] - -|=== - -=== Description - -This policy detects improper input validation in Java classes that extend ActionForm or ValidatorForm. Improper input validation can lead to vulnerabilities such as injection attacks. - -Vulnerable code example: - -[source,java] ----- -class UserForm extends ActionForm { - private String username; - private String password; - - // Getter and setter methods - - public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) { - // Improper input validation - if (username.length() == 0 || password.length() == 0) { - ActionErrors errors = new ActionErrors(); - errors.add("username", new ActionMessage("error.username.required")); - errors.add("password", new ActionMessage("error.password.required")); - return errors; - } - return null; - } -} ----- - -The above code is vulnerable because it performs inadequate input validation for the username and password fields. It only checks if the length of the fields is zero, which can be easily bypassed by an attacker. - -=== Fix - Buildtime - -To fix this issue, proper input validation should be implemented. - -Secure code example: - -[source,java] ----- -class UserForm extends ActionForm { - private String username; - private String password; - - // Getter and setter methods - - public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) { - ActionErrors errors = new ActionErrors(); - - if (username == null || username.trim().isEmpty()) { - errors.add("username", new ActionMessage("error.username.required")); - } - - if (password == null || password.trim().isEmpty()) { - errors.add("password", new ActionMessage("error.password.required")); - } - - return errors; - } -} ----- - -The code above demonstrates secure input validation. It checks if the username and password are null or empty after trimming whitespace. This helps to avoid injection attacks by ensuring that the input is properly validated and sanitized. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-116.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-116.adoc deleted file mode 100644 index 8cd849edde..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-116.adoc +++ /dev/null @@ -1,58 +0,0 @@ - -== Improper Input Validation - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 0de96614-538e-4f62-9891-cd37ead03967 - -|Checkov ID -|CKV3_SAST_116 - -|Severity -|HIGH - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/20.html[CWE-20: Improper Input Validation] - -|OWASP Categories -|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] - -|=== - -=== Description - -This SAST policy detects improper input validation in Java code. Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context. - -Vulnerable code example: - -[source,java] ----- -new SearchControls($SCOPE, $CLIMIT, $TLIMIT, $ATTR, true, $DEREF) ----- - -The above code is vulnerable because it directly takes user-controlled values ($SCOPE, $CLIMIT, $TLIMIT, $ATTR, $DEREF) as parameters for the `SearchControls` constructor without proper validation or sanitization. This can potentially lead to LDAP injection vulnerabilities. - -=== Fix - Buildtime - -To fix the issue, proper input validation and sanitization techniques should be applied to user-controlled values before passing them to LDAP statements. This can be done by implementing strong input validation checks such as whitelist validation (ensuring only allowed characters are accepted) and input sanitization (removing or escaping special characters). - -Secure code example: - -[source,java] ----- -// Assuming the input values are properly validated and sanitized -new SearchControls(SearchControls.SUBTREE_SCOPE, 100, 10000, new String[] {"cn", "sn"}, true, SearchControls.DEREF_ALWAYS) ----- - -In the secure code example above, the input values have been properly validated and sanitized before constructing the `SearchControls` object. The `SearchControls` constructor now uses specific values (`SUBTREE_SCOPE`, `100`, `10000`, `{"cn", "sn"}`, `true`, `DEREF_ALWAYS`) instead of user-controlled values, reducing the risk of LDAP injection vulnerabilities. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-117.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-117.adoc deleted file mode 100644 index 2dd2603878..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-117.adoc +++ /dev/null @@ -1,64 +0,0 @@ - -== Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| d4faef59-f7fc-4e5f-a824-426eecdebe81 - -|Checkov ID -|CKV3_SAST_117 - -|Severity -|HIGH - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/22.html[CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] - -|OWASP Categories -|https://owasp.org/Top10/A01_2021-Broken_Access_Control/[A01:2021 - Broken Access Control] - -|=== - -=== Description - -This policy detects when a file is opened to read its content, and the filename comes from an input parameter. If an unfiltered parameter is passed to this file API, it could lead to a path traversal vulnerability, allowing files from an arbitrary filesystem location to be read. - -Vulnerable code example: - -[source,java] ----- -String filename = request.getParameter("filename"); -File file = new File(filename); -FileReader fileReader = new FileReader(file); ----- - -In the above code, the `filename` parameter is directly used to create a `File` object and a `FileReader` object without any sanitization or validation. This allows an attacker to manipulate the `filename` parameter and potentially read files from any location on the filesystem. - -=== Fix - Buildtime - -To fix this issue, it is important to validate and sanitize the `filename` parameter before using it to create a `File` object. One approach is to define a whitelist of allowed filenames or restrict the file's location to a specific directory. - -Secure code example: - -[source,java] ----- -String filename = request.getParameter("filename"); -// Validate filename to ensure it is not malicious -if (isValidFilename(filename)) { - File file = new File("/path/to/allowed/directory", filename); - FileReader fileReader = new FileReader(file); -} ----- - -In the secure code example, the `filename` parameter is first passed through a validation function `isValidFilename()` to ensure it does not contain any malicious characters or sequences. If the filename passes the validation, it is then combined with the allowed directory path to create the `File` object. This ensures that only files within the allowed directory can be accessed, mitigating the path traversal vulnerability. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-118.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-118.adoc index e941fe02f5..e5c2334a8e 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-118.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-118.adoc @@ -1,5 +1,5 @@ -== Improper neutralization of CRLF sequences ('CRLF Injection') +== Exposure to tainted data in headers leading to potential CRLF injection === Policy Details @@ -56,4 +56,4 @@ res.setHeader("X-Message", userMessage); ---- In the secure code, the `StringEscapeUtils.unescapeJava` method is used to escape any special characters from the user input before setting it as the header value. This ensures that any CRLF sequences are properly neutralized, preventing any potential CRLF injection attacks. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-120.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-120.adoc index 2c4f980122..bff5e3277a 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-120.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-120.adoc @@ -1,5 +1,5 @@ -== Improper neutralization of CRLF sequences ('CRLF Injection') +== Logging data from untrusted sources leading to potential CRLF injection === Policy Details @@ -56,4 +56,4 @@ LOG.debug("User logged in: " + StringEscapeUtils.escapeJava(user)); ---- In the secure code example, the user input obtained from the request parameter "user" is first passed through the `StringEscapeUtils.escapeJava()` function, which escapes special characters. This ensures that any CRLF sequences or other special characters in the user input are properly neutralized before being logged. This eliminates the possibility of CRLF Injection attacks. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-121.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-121.adoc index bc17bc6870..9d25688630 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-121.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-121.adoc @@ -36,11 +36,11 @@ This SAST policy detects instances where special elements used in a command are Vulnerable code example: [source,java] -``` +---- MimeMessage message = new MimeMessage(session); message.setSubject("User input"); message.addHeader("X-Header", userValue); -``` +---- In the above code, the user-provided value for `userValue` is directly passed to the `addHeader` method of the `MimeMessage` object. This can lead to command injection vulnerabilities if the `userValue` contains special characters that could be interpreted as commands or malicious input. @@ -51,11 +51,11 @@ To fix this issue, the `userValue` should be properly encoded before being passe Secure code example: [source,java] -``` +---- MimeMessage message = new MimeMessage(session); message.setSubject("User input"); message.addHeader("X-Header", StringEscapeUtils.escapeJava(userValue)); -``` +---- In the secure version of the code, the `userValue` is first escaped using `StringEscapeUtils.escapeJava()` to ensure that any special characters are properly encoded. This prevents command injection vulnerabilities by ensuring that the value is treated as plain text and not interpreted as commands or malicious input. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-124.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-124.adoc index f29f48b865..f0209f912d 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-124.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-124.adoc @@ -1,5 +1,5 @@ -== Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') +== Improper neutralization of input used in an SQL command (potential SQL injection) === Policy Details @@ -59,4 +59,4 @@ ResultSet rs = statement.executeQuery(); ---- In the secure code example, a parameterized query is used. The question mark (?) acts as a placeholder for the userId parameter. The value of userId is then set using the `setInt` method on the `PreparedStatement` object. This approach properly separates the query structure from the user input, preventing SQL Injection attacks. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-127.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-127.adoc index 548856c0fb..c519fe7061 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-127.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-127.adoc @@ -1,5 +1,5 @@ -== Improper restriction of XML external entity reference ('XXE') +== Unprotected SAX parser with user input === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-128.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-128.adoc index 7322fdf8af..e28906e67c 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-128.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-128.adoc @@ -1,5 +1,5 @@ -== Improper restriction of XML external entity reference ('XXE') +== Unsecured XML stream reader with external input === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-130.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-130.adoc index 4ea2480998..c2ba1dc0b3 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-130.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-130.adoc @@ -1,5 +1,5 @@ -== Inadequate encryption strength +== Inadequate RSA encryption strength === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-131.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-131.adoc index 0f557a2893..6f816a4fbc 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-131.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-131.adoc @@ -1,5 +1,5 @@ -== Inadequate encryption strength +== Inadequate encryption strength for HTTPS === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-132.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-132.adoc index c0ff5153a7..b6b2ec6e60 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-132.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-132.adoc @@ -1,5 +1,5 @@ -== Inadequate encryption strength +== Inadequate encryption strength with Hazelcast library === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-134.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-134.adoc index 24b8cce0c2..14f3d31147 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-134.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-134.adoc @@ -1,5 +1,5 @@ -== Incorrect permission assignment for critical resource +== Insecure file permissions setting === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-135.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-135.adoc deleted file mode 100644 index ff1b5badbb..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-135.adoc +++ /dev/null @@ -1,65 +0,0 @@ - -== Incorrect Permission Assignment for Critical Resource - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 9b42cb33-2ee4-4685-adc6-ab9bf2731b5e - -|Checkov ID -|CKV3_SAST_135 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/732.html[CWE-732: Incorrect Permission Assignment for Critical Resource] - -|OWASP Categories -| - -|=== - -=== Description - -This policy detects instances where overly permissive file permissions are assigned to critical resources in Java code. These file permissions may allow unauthorized users or processes to read, write, or execute the critical resource. - -Vulnerable code example: - -[source,java] ----- -Path path = Paths.get("path/to/critical/resource.txt"); -Set permissions = new HashSet<>(); -permissions.add(PosixFilePermission.OTHERS_READ); -permissions.add(PosixFilePermission.OTHERS_WRITE); -Files.setPosixFilePermissions(path, permissions); ----- - -The above code assigns read and write permissions to the "others" group for a critical resource. This means that any other user or process on the system can read or modify the contents of the critical resource, which can lead to unauthorized access or data manipulation. - -=== Fix - Buildtime - -To fix the issue, you should assign the appropriate file permissions for the critical resource. Only necessary permissions should be granted to authorized users or processes. - -Secure code example: - -[source,java] ----- -Path path = Paths.get("path/to/critical/resource.txt"); -Set permissions = new HashSet<>(); -permissions.add(PosixFilePermission.OWNER_READ); -permissions.add(PosixFilePermission.OWNER_WRITE); -Files.setPosixFilePermissions(path, permissions); ----- - -In the secure code example, we assign read and write permissions to the owner of the critical resource. This restricts access to only the owner, ensuring that unauthorized users or processes cannot read or modify the critical resource. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-137.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-137.adoc deleted file mode 100644 index 724c27aebf..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-137.adoc +++ /dev/null @@ -1,71 +0,0 @@ - -== Information exposure through an error message - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 110bb667-2ba9-4bc3-a7a6-5299d73a40f9 - -|Checkov ID -|CKV3_SAST_137 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/209.html[CWE-209: Generation of Error Message Containing Sensitive Information] - -|OWASP Categories -|https://owasp.org/Top10/A04_2021-Insecure_Design/[A04:2021 - Insecure Design] - -|=== - -=== Description - -This policy detects instances where an application prints stack trace information to the default system output. Printing stack trace data to the default system output can expose sensitive information to potential attackers. - -Vulnerable code example: - -[source,java] ----- -try { - // Some code -} -catch(Exception e) { - // Some code - e.printStackTrace(); - // Some code -} ----- - -In the above code, the exception stack trace is printed to the console using the `printStackTrace()` method. This can reveal sensitive information about the application's internal workings and potentially aid attackers in exploiting vulnerabilities. - -=== Fix - Buildtime - -To fix this issue, it is recommended to log the stack trace information using a secure logging framework. This ensures that sensitive information is not leaked to the default system output. - -Secure code example: - -[source,java] ----- -try { - // Some code -} -catch(Exception e) { - // Some code - logger.error("An error occurred", e); // Logging the error with a secure logging framework - // Some code -} ----- - -In the secure code example, the stack trace is logged using a secure logging framework (represented by `logger`). This ensures that sensitive information is stored securely in the log files and not exposed to the default system output. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-138.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-138.adoc index 523fe496b4..8341ad8952 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-138.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-138.adoc @@ -1,5 +1,5 @@ -== Information exposure through an error message +== Insecure exception logging with output streams === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-14.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-14.adoc deleted file mode 100644 index 8d8061ea12..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-14.adoc +++ /dev/null @@ -1,74 +0,0 @@ -== Unsafe use of Cross-Origin Resource Sharing (CORS) - - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 36f6ff52-2e3f-429b-a52a-44b11acfd78c - -|Checkov ID -|CKV3_SAST_14 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|Java - -|CWEs -|https://cwe.mitre.org/data/definitions/942.html[CWE-942: Permissive Cross-domain Policy with Untrusted Domains] - -|OWASP Categories -|https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[A05:2021 - Security Misconfiguration] - -|=== - - - -=== Description - - -This policy identifies configurations where Cross-Origin Resource Sharing (CORS) is enabled on a server. CORS is a mechanism that allows resources on a web page to be requested from another domain outside the domain from which the resource originated. This is done using HTTP headers, in particular, the `Access-Control-Allow-Origin` header. A permissive configuration (where the value of this header is set to "*") can pose a risk as it allows any domain to access the resource, potentially leading to various security issues such as Cross-Site Scripting (XSS) and data theft. - -Example of violating code: - -[source,java] ----- -import javax.servlet.http.HttpServletResponse; - -public class Main { - public static void main(String[] args) { - HttpServletResponse response = new HttpServletResponse(); - response.setHeader("Access-Control-Allow-Origin", "*"); - } -} ----- - -In this example, the `Access-Control-Allow-Origin` header is set to "*", indicating that any domain can access the resources. - -=== Fix - Buildtime - -To fix this issue, you should limit the access to specific, trusted domains, instead of allowing all domains. You can do this by specifying the trusted domains instead of "*". - -Example of fixed code: - -[source,java] ----- -import javax.servlet.http.HttpServletResponse; - -public class Main { - public static void main(String[] args) { - HttpServletResponse response = new HttpServletResponse(); - response.setHeader("Access-Control-Allow-Origin", "https://trusteddomain.com"); - } -} ----- - -In the fixed code, only "https://trusteddomain.com" is granted access to the resources, rather than any domain. Please note that in a real scenario, the `HttpServletResponse` would not be directly instantiated with `new HttpServletResponse()`, but would be provided by the servlet container (e.g., in the `doGet` or `doPost` method of a `HttpServlet`). - diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-141.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-141.adoc deleted file mode 100644 index 13608bac7d..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-141.adoc +++ /dev/null @@ -1,63 +0,0 @@ - -== Permissive Cross-domain Policy with Untrusted Domains - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| c7ea7da7-ce7f-43ee-83ab-0b8a55fc798c - -|Checkov ID -|CKV3_SAST_141 - -|Severity -|HIGH - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/942.html[CWE-942: Permissive Cross-domain Policy with Untrusted Domains] - -|OWASP Categories -|https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[A05:2021 - Security Misconfiguration] - -|=== - -=== Description - -This policy detects the usage of a permissive cross-domain policy with untrusted domains. It verifies if the code contains a vulnerable pattern in which the HttpServletRequest object is used to obtain a parameter value, and the HttpServletResponse object is used to set the Access-Control-Allow-Origin header. - -Vulnerable code example: - -[source,java] ----- -String origin = request.getParameter("origin"); -response.setHeader("Access-Control-Allow-Origin", origin); ----- - -The above code is vulnerable because it does not properly validate and sanitize the "origin" parameter obtained from the HttpServletRequest object. This lack of validation allows an attacker to provide a malicious value for the "origin", potentially enabling cross-domain requests from untrusted domains. - -=== Fix - Buildtime - -To fix this issue, the code should properly validate and sanitize the "origin" parameter before setting it as the value for the Access-Control-Allow-Origin header. This can be done by using a whitelist of trusted domains and ensuring that the provided "origin" value is present in the whitelist. - -Secure code example: - -[source,java] ----- -String origin = request.getParameter("origin"); -if (isValidOrigin(origin)) { - response.setHeader("Access-Control-Allow-Origin", origin); -} else { - response.setHeader("Access-Control-Allow-Origin", "https://trusted-domain.com"); -} ----- - -In the secure version of the code, the "origin" parameter is checked against a list of trusted domains using the isValidOrigin() function. If the "origin" is found in the whitelist, it is set as the value for the Access-Control-Allow-Origin header. Otherwise, a default trusted domain is used instead. This ensures that only trusted domains are allowed for cross-domain access, mitigating the risk of data theft and spoofing. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-142.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-142.adoc index 6aa5e2182b..d60a7e9221 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-142.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-142.adoc @@ -1,5 +1,5 @@ -== Sensitive Cookie in HTTPS Session Without 'Secure' Attribute +== Unsecure cookie handling in response === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-143.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-143.adoc deleted file mode 100644 index 28191840e0..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-143.adoc +++ /dev/null @@ -1,62 +0,0 @@ - -== Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 8508558d-371b-4b47-b7b1-12376fd7c81e - -|Checkov ID -|CKV3_SAST_143 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/614.html[CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute] - -|OWASP Categories -|https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[A05:2021 - Security Misconfiguration] - -|=== - -=== Description - -This policy detects the presence of a sensitive cookie in an HTTPS session that does not have the 'Secure' attribute set. Storing sensitive data in a persistent cookie without the 'Secure' attribute can lead to a breach of confidentiality or account compromise. - -Vulnerable code example: - -[source,java] ----- -Cookie cookie = new Cookie("sessionId", sessionId); -cookie.setMaxAge(3600); -response.addCookie(cookie); ----- - -The above code is vulnerable because it creates a cookie named "sessionId" and sets its max age to 3600 seconds, but it does not set the 'Secure' attribute. Without the 'Secure' attribute, the cookie can be sent over an insecure HTTP connection, potentially exposing sensitive data. - -=== Fix - Buildtime - -To fix the issue, the 'Secure' attribute should be set when creating the cookie. This ensures that the cookie will only be sent over secure HTTPS connections. - -Secure code example: - -[source,java] ----- -Cookie cookie = new Cookie("sessionId", sessionId); -cookie.setMaxAge(3600); -cookie.setSecure(true); -response.addCookie(cookie); ----- - -The above code is no longer vulnerable because it sets the 'Secure' attribute to true when creating the cookie. This ensures that the cookie will only be sent over secure HTTPS connections, mitigating the risk of data exposure. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-145.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-145.adoc index 11a382657c..873b0f6e90 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-145.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-145.adoc @@ -1,5 +1,5 @@ -== Server-Side Request Forgery (SSRF) +== Server-side request forgery (SSRF) === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-147.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-147.adoc index 937103fd61..72c7ec3412 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-147.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-147.adoc @@ -1,5 +1,5 @@ -== URL Redirection to Untrusted Site ('Open Redirect') +== URL redirection to untrusted site === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-155.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-155.adoc index 9fb322351e..3f5b5f9b36 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-155.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-155.adoc @@ -1,5 +1,5 @@ -== Use of insufficiently random values +== Use of insufficiently random values from core library === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-162.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-162.adoc index 7d6a173903..3581a51e87 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-162.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-162.adoc @@ -1,10 +1,10 @@ -== Permissive cross-domain policy with untrusted domains +== Permissive cross-domain policy with untrusted domains using Servlet === Policy Details [width=45%] [cols="1,1"] -|=== +|=== |Prisma Cloud Policy ID | 3a302e91-6c56-47ef-9665-251e146e6455 @@ -26,7 +26,7 @@ |OWASP Categories |https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[A05:2021 - Security Misconfiguration] -|=== +|=== === Description diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-164.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-164.adoc deleted file mode 100644 index d6e539228e..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-164.adoc +++ /dev/null @@ -1,69 +0,0 @@ - -== Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| e3ae4c73-cd0b-4ff5-9ea8-498907a61b44 - -|Checkov ID -|CKV3_SAST_164 - -|Severity -|LOW - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/79.html[CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] - -|OWASP Categories -|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] - -|=== - -=== Description - -This policy detects instances where a custom cross-site scripting (XSS) filtering mechanism is implemented in a Java class that extends HttpServletRequestWrapper. It specifically looks for the "stripXSS" function being used. - -Vulnerable code example: - -[source,java] ----- -public class CustomRequestWrapper extends HttpServletRequestWrapper { - public String stripXSS(String value) { - // Custom XSS filtering logic - ... - } -} ----- - -The above code is vulnerable because it implements a custom XSS filtering mechanism instead of using standard sanitization functions. Custom filtering can often lead to incomplete or ineffective protection against XSS attacks. - -=== Fix - Buildtime - -To fix this issue, you should avoid using custom XSS filtering and instead use standard sanitization functions provided by frameworks or libraries. - -Secure code example: - -[source,java] ----- -import org.apache.commons.text.StringEscapeUtils; - -public class CustomRequestWrapper extends HttpServletRequestWrapper { - // Use standard sanitization function - public String stripXSS(String value) { - return StringEscapeUtils.escapeHtml4(value); - } -} ----- - -The secure version of the code uses the "StringEscapeUtils.escapeHtml4" function from the Apache Commons Text library to sanitize input and prevent XSS attacks. This standard sanitization function provides more robust protection compared to a custom implementation. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-165.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-165.adoc index cc8182ba57..32454c5a89 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-165.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-165.adoc @@ -1,5 +1,5 @@ -== Improper Neutralization of Special Elements in Data Query Logic +== Improper neutralization of user input in query logic === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-21.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-21.adoc index b85a3afc4c..db1f3e42fa 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-21.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-21.adoc @@ -1,4 +1,4 @@ -== Cookie contains sensitive session info +== Cookie contains sensitive session information === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-22.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-22.adoc deleted file mode 100644 index f8f7d4cf66..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-22.adoc +++ /dev/null @@ -1,80 +0,0 @@ -== Trust Boundary is Violated - - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 5957d62f-dea7-47ec-97df-e560cdb52eb2 - -|Checkov ID -|CKV3_SAST_22 - -|Severity -|LOW - -|Subtype -|Build - -|Language -|Java - -|CWEs -|https://cwe.mitre.org/data/definitions/501.html[CWE-501: Trust Boundary Violation] - -|OWASP Categories -|https://owasp.org/Top10/A04_2021-Insecure_Design/[A04:2021 - Insecure Design] - -|=== - - - -=== Description - - -A trust boundary can be thought of as a line drawn through a program. On one side of the line, data is untrusted; on the other side, data is considered trustworthy. The role of validation logic is to allow data to safely cross this boundary. Trust boundary violations occur when a program mixes trusted and untrusted data, making it easier for developers to mistakenly trust unvalidated data. - -An example of violating code could look like this: - -[source,java] ----- -import javax.servlet.http.HttpServletRequest; - -public class TrustBoundaryViolation { - public void handleRequest(HttpServletRequest request) { - String untrustedData = request.getParameter("untrustedData"); - // Trust boundary violation: setting untrusted data without validation - request.setAttribute("trustedData", untrustedData); - } -} ----- - -This code is problematic because it places untrusted data (`untrustedData`) into a data structure that is assumed to contain trusted data (`trustedData`), without any validation. - -=== Fix - Buildtime - -To fix this violation, you should add validation logic to verify the data before it crosses the trust boundary. Here's how the revised code might look: - -[source,java] ----- -import javax.servlet.http.HttpServletRequest; - -public class TrustBoundarySafety { - public void handleRequest(HttpServletRequest request) { - String untrustedData = request.getParameter("untrustedData"); - // Validation logic - if (isValid(untrustedData)) { - request.setAttribute("trustedData", untrustedData); - } - } - - public boolean isValid(String data) { - // Implement your validation logic here - return true; // Replace with actual validation logic - } -} ----- - -In this revised code, `untrustedData` is validated by the `isValid()` method before being placed into the `trustedData` attribute. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-23.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-23.adoc deleted file mode 100644 index e64705102f..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-23.adoc +++ /dev/null @@ -1,87 +0,0 @@ -== Security of REST web service is not analyzed - - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| daaab18b-88d7-40cf-aef4-b758dd653e25 - -|Checkov ID -|CKV3_SAST_23 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|Java - -|CWEs -|https://cwe.mitre.org/data/definitions/20.html[CWE-20: Improper Input Validation] - -|OWASP Categories -|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] - -|=== - - - -=== Description - - -This policy is aimed at analyzing the security of REST Web Services implemented using JSR311. Focus areas for security analysis include authentication, access control, input validation, and secure communication (preferably SSL/TLS). - -Example of violating code: - -[source,java] ----- -import javax.ws.rs.Path; - -@Path("/api/resource") -public class UnsafeRESTService { - @Path("/data") - public String getData(String input) { - // No security measures in place - return "Data: " + input; - } -} ----- - -This code is problematic because it does not implement any security measures such as authentication, access control, or input validation, and it does not enforce secure communication. - -=== Fix - Buildtime - -To remedy this violation, implement a comprehensive security strategy that includes the following: - -1. **Authentication:** Implement authentication mechanisms to ensure that only authorized users can access the service. - -2. **Access Control:** Implement fine-grained access control policies to regulate what authenticated users are allowed to do. - -3. **Input Validation:** Implement robust input validation to prevent vulnerabilities like SQL injection, XSS, etc. - -4. **Secure Communication:** Ensure that the service communicates over SSL/TLS. - -Here's a sample revised code snippet that implements basic input validation: - -[source,java] ----- -import javax.ws.rs.Path; -import org.apache.commons.text.StringEscapeUtils; - -@Path("/api/resource") -public class SecureRESTService { - @Path("/data") - public String getData(String input) { - String sanitizedInput = StringEscapeUtils.unescapeJava(input); - // Add further security measures here - return "Data: " + sanitizedInput; - } -} ----- - -In the revised code, the `StringEscapeUtils.unescapeJava()` method is used to sanitize the input, reducing the risk of injection attacks. Note that this is just a start and further security measures are needed. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-24.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-24.adoc index a2b27dd6f5..64eb86849a 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-24.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-24.adoc @@ -1,4 +1,4 @@ -== File Creation in Publicly Shared Directories +== File creation in publicly shared directories === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-25.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-25.adoc index 1001049750..fea982df64 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-25.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-25.adoc @@ -1,4 +1,4 @@ -== CSRF is Disabled +== CSRF protection is disabled === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-49.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-49.adoc deleted file mode 100644 index 6a6f979759..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-49.adoc +++ /dev/null @@ -1,73 +0,0 @@ -== Unrestricted pathnames from HTTP requests - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| d1959bec-6c64-4e4e-b68a-d4879f1d413e - -|Checkov ID -|CKV3_SAST_49 - -|Severity -|HIGH - -|Subtype -|Build - -|Language -|Java - -|CWEs -|https://cwe.mitre.org/data/definitions/22.html[CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] - -|OWASP Categories -|https://owasp.org/Top10/A01_2021-Broken_Access_Control/[A01:2021 - Broken Access Control] - -|=== - -=== Description - -This policy is designed to detect potential path traversal vulnerabilities in Java applications arising from the direct use of HTTP request parameters to form or modify file paths. Without rigorous validation or sanitization, this could allow an attacker to access or modify files outside the intended directory. - -The identified code patterns include: -- Direct usage of arguments or specific method parameters to form paths. -- The potential use of these paths in various file or resource operations. - -Path traversal attacks can lead to unintended information disclosure, data tampering, or more severe impacts depending on the nature of the accessed files. - -Example of potentially vulnerable code: - -[source,java] ----- -public void handleRequest(String[] args) { - String userFilePath = args[0]; - File file = new File("/secure/directory/" + userFilePath); - // ... some operations ... -} ----- - -=== Fix - Buildtime - -To address this vulnerability: - -1. Avoid directly using raw input parameters, especially those obtained from HTTP requests, to form file paths. This applies not only to HTTP request parameters but also to any input that could come from an external or untrusted source. -2. Use sanitizers like `org.apache.commons.io.FilenameUtils.getName()` to ensure that the formed path is limited to the filename without any path sequences. -3. Implement strict whitelist validations for file paths and names. This means paths should be rigorously validated and sanitized before being used. -4. Deny or sanitize inputs containing path traversal sequences such as `..` or other special characters that could modify the intended path. - -Example of a remediated approach: - -[source,java] ----- -public void handleRequest(String[] args) { - String userInput = args[0]; - String sanitizedPath = org.apache.commons.io.FilenameUtils.getName(userInput); - File file = new File("/secure/directory/" + sanitizedPath); - // ... some operations ... -} ----- - -By following these guidelines, the application becomes less susceptible to path traversal attacks stemming from unsanitized input parameters. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-9.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-9.adoc deleted file mode 100644 index 5008d1c4d6..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/java-policies/sast-policy-9.adoc +++ /dev/null @@ -1,58 +0,0 @@ -== Improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 2f3348c2-5877-4586-be74-b41f30e4eadd - -|Checkov ID -|CKV3_SAST_9 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|java - -|CWEs -|https://cwe.mitre.org/data/definitions/113.html[CWE-113: Improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting')] - -|OWASP Categories -|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] - -|=== - -=== Description - -This SAST policy detects improper neutralization of CRLF sequences in HTTP headers, also known as "HTTP Response Splitting." This vulnerability allows attackers to inject CR (\r) and LF (\n) characters into headers, which can lead to cache poisoning and cross-site scripting (XSS) attacks. - -Vulnerable code example: - -[source,java] ----- -String userHeader = request.getHeader("User-Agent\r\nInjected-Header: malicious"); -response.addHeader("X-Forwarded-For\r\nInjected-Header: 127.0.0.1"); ----- - -The above code is vulnerable because it does not properly sanitize or validate user inputs used in HTTP headers, allowing for the injection of newline characters that can be exploited. - -=== Fix - Buildtime - -To fix this issue, you should validate and sanitize user inputs used in HTTP headers. One approach is to use tools like Apache Commons Text to escape inputs and remove any potentially malicious characters. - -Secure code example: - -[source,java] ----- -String userHeader = StringEscapeUtils.escapeJava(request.getHeader("User-Agent")); -response.addHeader("X-Forwarded-For", "127.0.0.1"); ----- - -The above code is no longer vulnerable because it uses StringEscapeUtils.escapeJava to escape any special characters in the User-Agent header, preventing HTTP Response Splitting. Additionally, the X-Forwarded-For header is properly set without any potential injections. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-javascript-policy-index.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-javascript-policy-index.adoc index a67ea51858..c87484b40b 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-javascript-policy-index.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-javascript-policy-index.adoc @@ -9,18 +9,10 @@ |CKV3_SAST_27 |LOW -|xref:sast-policy-28.adoc[CSRF is not used before `methodOverride`] -|CKV3_SAST_28 -|LOW - -|xref:sast-policy-29.adoc[Calls to fs functions that take a non Literal value as the filename parameter] +|xref:sast-policy-29.adoc[Calls to fs functions that take a non literal value as the filename parameter] |CKV3_SAST_29 |MEDIUM -|xref:sast-policy-30.adoc[Bracket object notation with user input] -|CKV3_SAST_30 -|MEDIUM - |xref:sast-policy-31.adoc[Insecure use of crypto.pseudoRandomBytes] |CKV3_SAST_31 |MEDIUM @@ -29,7 +21,7 @@ |CKV3_SAST_32 |HIGH -|xref:sast-policy-33.adoc[Encryption Keys are less than 16 bytes] +|xref:sast-policy-33.adoc[Encryption keys are less than 16 bytes] |CKV3_SAST_33 |MEDIUM @@ -73,7 +65,7 @@ |CKV3_SAST_75 |HIGH -|xref:sast-policy-76.adoc[Risk of Regular Expression Denial of Service (ReDoS)] +|xref:sast-policy-76.adoc[Risk of regular expression denial of service] |CKV3_SAST_76 |HIGH @@ -81,7 +73,7 @@ |CKV3_SAST_77 |MEDIUM -|xref:sast-policy-78.adoc[Restrict Unnecessary Powerful Browser Features] +|xref:sast-policy-78.adoc[Restrict unnecessarily powerful browser features] |CKV3_SAST_78 |MEDIUM @@ -89,11 +81,11 @@ |CKV3_SAST_79 |MEDIUM -|xref:sast-policy-80.adoc[Enforce HTTPS Access for S3 Buckets] +|xref:sast-policy-80.adoc[Enforce HTTPS access for S3 buckets] |CKV3_SAST_80 |MEDIUM -|xref:sast-policy-81.adoc[Prevent OS Command Argument Injections] +|xref:sast-policy-81.adoc[Prevent OS command argument injections] |CKV3_SAST_81 |MEDIUM @@ -105,7 +97,7 @@ |CKV3_SAST_84 |LOW -|xref:sast-policy-85.adoc[AngularJS Misconfiguration Strict Contextual Escaping Disabled] +|xref:sast-policy-85.adoc[AngularJS misconfiguration strict contextual escaping disabled] |CKV3_SAST_85 |MEDIUM @@ -113,23 +105,23 @@ |CKV3_SAST_92 |LOW -|xref:sast-policy-95.adoc[Cookie Security Overly Permissive Samesite Attribute] +|xref:sast-policy-95.adoc[Cookie security overly permissive Samesite attribute] |CKV3_SAST_95 |MEDIUM -|xref:sast-policy-101.adoc[Insecure SSL Server Identity Verification Disabled] +|xref:sast-policy-101.adoc[Insecure SSL server identity verification disabled] |CKV3_SAST_101 |MEDIUM -|xref:sast-policy-146.adoc[Ensure Usage of JWT Algo] +|xref:sast-policy-146.adoc[Usage of JWT with non-secure algorithm] |CKV3_SAST_146 |MEDIUM -|xref:sast-policy-153.adoc[Sensitive Data Logging] +|xref:sast-policy-153.adoc[Sensitive data logging] |CKV3_SAST_153 |MEDIUM -|xref:sast-policy-157.adoc[Cross-Site Request Forgery (CSRF)] +|xref:sast-policy-157.adoc[Exposure to cross-site request forgery] |CKV3_SAST_157 |MEDIUM @@ -141,7 +133,7 @@ |CKV3_SAST_159 |MEDIUM -|xref:sast-policy-160.adoc[Information Exposure Through an Error Message] +|xref:sast-policy-160.adoc[Information exposure through an error message] |CKV3_SAST_160 |MEDIUM @@ -149,4 +141,21 @@ |CKV3_SAST_161 |MEDIUM +|xref:sast-policy-174.adoc[Relative path traversal from input] +|CKV3_SAST_174 +|HIGH + +|xref:sast-policy-176.adoc[Improperly secured inputs displayed on page] +|CKV3_SAST_176 +|MEDIUM + +|xref:sast-policy-177.adoc[Improper use of OS command input] +|CKV3_SAST_177 +|MEDIUM + +|xref:sast-policy-178.adoc[Improper neutralization of inputs used in an SQL query] +|CKV3_SAST_178 +|MEDIUM + + |=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-101.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-101.adoc index 063aa96fd8..915eefd15f 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-101.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-101.adoc @@ -1,5 +1,5 @@ -== Insecure SSL Server Identity Verification Disabled +== Insecure SSL server identity verification disabled === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-146.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-146.adoc index cc67924643..a481096405 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-146.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-146.adoc @@ -1,5 +1,5 @@ -== Ensure Usage of JWT Algo +== Usage of JWT with non-secure algorithm === Policy Details @@ -72,4 +72,4 @@ console.log(token); ---- In the fixed code, the `algorithm` option is set to `'HS256'`, which uses HMAC SHA256 for JWT encryption. This ensures that the JWT token is securely encrypted and protected from tampering or unauthorized access. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-153.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-153.adoc index 5eda5f6af5..bc0def9cfc 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-153.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-153.adoc @@ -1,5 +1,5 @@ -== Sensitive Data Logging +== Sensitive data logging === Policy Details @@ -36,10 +36,10 @@ This policy detects sensitive data logging in JavaScript code. It ensures that w Vulnerable code example: [source,javascript] -``` +---- const name = document.getElementById('name').value; console.log('User name: ' + name); -``` +---- The above code is vulnerable because it logs the user's name without any masking or removal of sensitive data. @@ -48,10 +48,10 @@ The above code is vulnerable because it logs the user's name without any masking To fix the issue, you should configure the logging mechanism to mask or remove sensitive data. Here's an example of secure code: [source,javascript] -``` +---- const name = document.getElementById('name').value; console.log('User name: ' + maskSensitiveData(name)); -``` +---- In the secure code example, the sensitive data (user's name) is passed to a function called `maskSensitiveData` before being logged. This function ensures that the sensitive data is properly masked or removed, preventing it from being logged in plaintext. \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-157.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-157.adoc index 8096a07f8b..8af18e51d0 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-157.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-157.adoc @@ -1,5 +1,5 @@ -== Cross-Site Request Forgery (CSRF) +== Exposure to cross-site request forgery === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-159.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-159.adoc index 76ea34d7fb..10842410bc 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-159.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-159.adoc @@ -34,10 +34,10 @@ This SAST policy detects the usage of the `RegExp` constructor with a non-litera Vulnerable code example: [source,javascript] -``` +---- var userInput = prompt("Enter a regular expression:"); var regex = new RegExp(userInput); -``` +---- In the above code, the `RegExp` constructor is used with the `userInput` variable, which comes from user input. This allows an adversary to supply a malicious regex that can potentially cause the application to perform excessive and inefficient matching, resulting in a DoS condition. @@ -48,10 +48,10 @@ To fix this issue, user-supplied regular expressions should never be allowed. In Secure code example: [source,javascript] -``` +---- var userInput = prompt("Enter a regular expression:"); var regex = /^([a-z]+)\d+$/; -``` +---- In the above code, a hardcoded regular expression `/^([a-z]+)\d+$/` is used instead of the user-supplied input. This ensures that only specific patterns are matched, mitigating the risk of excessive matching and potential DoS. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-160.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-160.adoc index 6704dff007..b27ab57c38 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-160.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-160.adoc @@ -1,5 +1,5 @@ -== Information Exposure Through an Error Message +== Information exposure through an error message === Policy Details @@ -31,14 +31,14 @@ === Description -This policy detects information exposure through an error message. If the code contains a pattern that matches either `console.trace()` or a `try-catch` block with a function containing one of the following methods: `console.log`, `console.error`, `console.warn`, `alert`, `prompt`, or `confirm`, and the catch block includes a variable `$ERR` or a variable that contains sensitive information such as `message`, `stack`, `status`, or `name`, then it is considered a vulnerability. +This policy detects information exposure through an error message. If the code contains a pattern that matches either `console.trace()` or a `try-catch` block with a function containing one of the following methods: `console.log`, `console.error`, `console.warn`, `alert`, `prompt`, or `confirm`, and the catch block includes a variable `$ERR` or a variable that contains sensitive information such as `message`, `stack`, `status`, or `name`, then it is considered a vulnerability. Vulnerable code example: [source,javascript] -``` +---- console.trace('Error message containing sensitive information'); -``` +---- The above code is vulnerable because it directly exposes sensitive information through the `console.trace` method. @@ -49,9 +49,9 @@ To fix the issue, avoid printing sensitive information directly in error message Secure code example: [source,javascript] -``` +---- throw new Error('An unexpected error occurred'); -``` +---- In the secure code example, the error message does not contain any sensitive information. The code throws a generic error message to avoid exposing any internal details about the error. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-174.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-174.adoc new file mode 100644 index 0000000000..a83665f43f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-174.adoc @@ -0,0 +1,61 @@ + +== Relative path traversal from input + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 6f502a98-a990-4f76-95ac-43980b7f1390 + +|Checkov ID +|CKV3_SAST_174 + +|Severity +|HIGH + +|Subtype +|Build + +|Language +|javascript + +|CWEs +|https://cwe.mitre.org/data/definitions/23.html[CWE-23: Relative Path Traversal] + +|OWASP Categories +|https://owasp.org/Top10/A01_2021-Broken_Access_Control/[A01:2021 - Broken Access Control] + +|=== + + +=== Description + +This policy detects when an application in JavaScript contains potential Relative Path Traversal flaw. The vulnerability occurs when the product uses external input to construct a pathname that should be within a restricted directory, but does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. + +Vulnerable code example: + +[source,javascript] +---- +var path = document.getElementById('path').value; +fs.writeFileSync(path, 'Hello World!'); +---- + +This code is vulnerable because it retrieves an input from the user and uses it directly to write a file. If user input ended up containing special sequences like `..`, they could write a file anywhere on the server's filesystem. + +=== Fix - Buildtime + +To fix this vulnerability, sanitize the user’s input by removing or neutralizing the '..' path sequences using functions like 'replaceAll' or 'path.normalize' before using it in filesystem operations. + +Secure code example: + +[source,javascript] +---- +var path = document.getElementById('path').value; +path = path.normalize(path); +fs.writeFileSync(path, 'Hello World!'); +---- + +This code is no longer vulnerable because it uses 'path.normalize' to sanitize the user input before writing a file. This ensures that the file is written in a predetermined directory and not anywhere else on the server's filesystem. + \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-176.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-176.adoc new file mode 100644 index 0000000000..faaaad2b22 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-176.adoc @@ -0,0 +1,60 @@ + +== Improperly secured inputs displayed on page + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 10578a02-321f-45ea-9101-e5c7a5b49634 + +|Checkov ID +|CKV3_SAST_176 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Language +|javascript + +|CWEs +|https://cwe.mitre.org/data/definitions/80.html[CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)] + +|OWASP Categories +|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] + +|=== + + +=== Description + +This SAST policy detects when user inputs are not sanitized properly before being displayed in a web page, which may potentially lead to cross-site scripting (XSS) attacks. Specifically, this policy targets cases when special characters are not properly neutralized in Javascript. Some problematic code examples are using `prompt()`, `document.getElementById()`, `document.getElementsByClassName()`, and `document.querySelector()` without sanitization. + +Vulnerable code example: + +[source,Javascript] +---- +document.getElementById('user-input').innerHTML = req.body.userInput; +---- + +In the above code `req.body.userInput` is a user input that is directly inserted into the web page through `innerHTML` without any sanitization. If a user inserts a malicious script as input, it will lead to an XSS attack. + +=== Fix - Buildtime + +Use a sanitizer. Sanitizers will neutralize special characters that could be interpreted as scripting elements. Libraries like 'sanitize-html', 'xss-filters' and 'dompurify' have methods to sanitize HTML inputs. + +Secure code example: + +[source,Javascript] +---- +var sanitizeHtml = require('sanitize-html'); +document.getElementById('user-input').innerHTML = sanitizeHtml(req.body.userInput); +---- + +The 'sanitize-html' method encodes special characters that have significant meanings in HTML so they cannot be interpreted as scripting elements. This way, even if the user provides a malicious script as input, it will not result in an XSS attack. + + \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-177.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-177.adoc new file mode 100644 index 0000000000..102fa3628e --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-177.adoc @@ -0,0 +1,75 @@ + +== Improper use of OS command input + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 1f8fba75-7963-405f-a86b-ef7384d58cd3 + +|Checkov ID +|CKV3_SAST_177 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Language +|javascript + +|CWEs +|https://cwe.mitre.org/data/definitions/78.html[CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')] + +|OWASP Categories +|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] + +|=== + + +=== Description + +This policy detects instances where an application is using external input to construct an OS command without neutralizing special elements that could alter the intended command. This could potentially lead to OS command injection, which is a serious security vulnerability. + +The policy scope is JavaScript code, and it looks for use of known insecure methods such as 'spawnSync', 'execSync', 'exec', and 'spawn'. It also takes into account if the application is interacting with Document Object Model (DOM) by using methods like 'getElementById', 'getElementsByClassName' and 'querySelector'. + +Vulnerable code example: + +[source,JavaScript] +---- +const express = require('express'); +const app = express(); +const exec = require('child_process').exec; + +app.get('/', function (req, res) { + let command = req.query.command; + exec(command); +}); +---- + +The above code is vulnerable because it uses the query parameter from the request (req.query.command) to execute an OS command. This can create a potential OS command injection vulnerability if an attacker includes malicious command in the query parameter. + +=== Fix - Buildtime + +To fix the issue, ensure that any data used in an OS command is properly sanitized before use. Additionally, consider using safer alternatives to execute OS commands that doesn't execute shell command directly. + +Secure code example: + +[source,JavaScript] +---- +const express = require('express'); +const app = express(); +const exec = require('child_process').execFile; + +app.get('/', function (req, res) { + let command = req.query.command; + exec('mySafeProgram', [command]); +}); +---- + +In the secure version of the code, even if the user input isn't fully sanitized, the application executed 'mySafeProgram' with user input as an argument, rather than executing user input directly as a command. This way, an attacker is not able to execute arbitrary commands. + + \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-178.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-178.adoc new file mode 100644 index 0000000000..b7c126a90f --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-178.adoc @@ -0,0 +1,84 @@ + +== Improper neutralization of inputs used in an SQL query + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| fcc9a4cd-df19-4596-acc9-2ba6286dab48 + +|Checkov ID +|CKV3_SAST_178 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Language +|javascript + +|CWEs +|https://cwe.mitre.org/data/definitions/89.html[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')] + +|OWASP Categories +|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] + +|=== + + +=== Description + +This policy detects instances where an SQL command is built using externally-influenced input, but doesn't properly neutralize special elements that could modify the intended SQL command when it's sent to a downstream component. This leaves the system vulnerable to SQL Injection. + +Vulnerable code example: + +[source,JavaScript] +---- +const mysql = require('mysql'); +const connection = mysql.createConnection({ + host: 'localhost', + user: 'me', + password: 'secret', + database: 'my_db' +}); + +connection.connect(); +const userInput = prompt("Please enter your user id"); +connection.query(`SELECT * FROM users WHERE id = ${userInput}`, function (error, results, fields) { + if (error) throw error; + console.log(results); +}); +---- +In the above code, userInput variable is coming directly from the user and being inserted into an SQL query. This can lead to SQL Injection if a user input something like "1; DROP TABLE users; --". + +=== Fix - Buildtime + +To fix this vulnerability, use parameterized queries. + +Secure code example: + +[source,JavaScript] +---- +const mysql = require('mysql'); +const connection = mysql.createConnection({ + host: 'localhost', + user: 'me', + password: 'secret', + database: 'my_db' +}); + +connection.connect(); +const userInput = prompt("Please enter your user id"); +const sql = 'SELECT * FROM users WHERE id = ?'; +connection.query(sql, [userInput], function (error, results, fields) { + if (error) throw error; + console.log(results); +}); +---- +Now, instead of directly embedding user input into the SQL query, we are using a parameterized query ('?' placeholder). If the user tries to input something malicious, it will simply be treated as a string, rather than part of the SQL command, protecting the system from SQL Injection. + + \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-28.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-28.adoc deleted file mode 100644 index c6cb326085..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-28.adoc +++ /dev/null @@ -1,65 +0,0 @@ -== CSRF is not used before `methodOverride` - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| e47bc063-78f8-4534-b2e4-6a2d24f3a3fd - -|Checkov ID -|CKV3_SAST_28 - -|Severity -|LOW - -|Subtype -|Build - -|Language -|JavaScript - -|CWEs -|https://cwe.mitre.org/data/definitions/352.html[CWE-352: Cross-Site Request Forgery (CSRF)] - -|OWASP Categories -|https://owasp.org/Top10/A01_2021-Broken_Access_Control/[A01:2021 - Broken Access Control] - -|=== - -=== Description - -This policy aims to prevent the misuse of Connect's `methodOverride` middleware by ensuring that `csrf` middleware is used before `methodOverride`. When using Connect, the order in which middlewares are declared determines their execution stack. If `methodOverride` is used before `csrf`, it may allow attackers to bypass standard CSRF protection mechanisms in Connect. - -Example of violating code: - -[source,javascript] ----- -const express = require('express'); -const app = express(); - -app.use(express.methodOverride()); -app.use(express.csrf()); -// other middleware and routes ----- - -In this example, the `methodOverride` middleware is used before `csrf`, which creates a security risk. - -=== Fix - Buildtime - -To resolve this issue, ensure that the `csrf` middleware is declared before the `methodOverride` middleware. - -Example of corrected code: - -[source,javascript] ----- -const express = require('express'); -const app = express(); - -app.use(express.csrf()); -app.use(express.methodOverride()); -// other middleware and routes ----- - -By ensuring that `csrf` middleware is used before `methodOverride`, the application reduces the risk of CSRF diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-29.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-29.adoc index 2635731713..bc057e39e5 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-29.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-29.adoc @@ -1,4 +1,4 @@ -== Calls to fs functions that take a non Literal value as the filename parameter +== Calls to fs functions that take a non literal value as the filename parameter === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-30.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-30.adoc deleted file mode 100644 index 97893f57a0..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-30.adoc +++ /dev/null @@ -1,56 +0,0 @@ -== Bracket object notation with user input - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 42c32db7-09c1-42ba-8899-fe6f71cd5320 - -|Checkov ID -|CKV3_SAST_30 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|JavaScript - -|CWEs -|https://cwe.mitre.org/data/definitions/94.html[CWE-94: Improper Control of Generation of Code ("Code Injection")] - -|OWASP Categories -|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] - -|=== - -=== Description - -This policy detects usages of bracket notation for object access (`$OBJ[$ARG]`) in JavaScript where the argument (`$ARG`) is not a literal or number. This usage could potentially allow an attacker to access any property of the object, including its prototype, which might lead to arbitrary code execution. - -Example of violating code: - -[source,javascript] ----- -const userProvidedKey = req.query.key; -const value = obj[userProvidedKey]; ----- - -=== Fix - Buildtime - -To resolve this issue, validate and sanitize the user-provided keys before using them to access object properties. - -Example of corrected code: - -[source,javascript] ----- -const userProvidedKey = sanitize(req.query.key); -const value = obj[userProvidedKey]; ----- - -In this example, `sanitize()` is a function that ensures only safe, whitelisted keys are used for object access. - diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-33.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-33.adoc index d39254f0ee..db7422eaca 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-33.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-33.adoc @@ -1,4 +1,4 @@ -== Encryption Keys are less than 16 bytes +== Encryption keys are less than 16 bytes === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-42.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-42.adoc index 8027a1ddc3..e9fba82ca1 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-42.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-42.adoc @@ -32,7 +32,7 @@ This policy identifies instances in JavaScript where the `new Buffer()` constructor is used with non-literal values. Such usage can lead to potential memory leaks. The `new Buffer()` constructor is considered unsafe when used with non-literal arguments, and it's recommended to use safer alternatives such as `Buffer.from()` or `Buffer.alloc()`. -For more information about the risks and deprecation of the `new Buffer()` constructor, refer to the [Node.js documentation](https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/), the [Node.js GitHub issue](https://github.com/nodejs/node/issues/4660), and the [ESLint Community Plugin](https://github.com/eslint-community/eslint-plugin-security/blob/main/rules/detect-new-buffer.js). +For more information about the risks and deprecation of the `new Buffer()` constructor, refer to the https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/[Node.js documentation], the https://github.com/nodejs/node/issues/4660[Node.js GitHub issue], and the https://github.com/eslint-community/eslint-plugin-security/blob/main/rules/detect-new-buffer.js[ESLint Community Plugin]. Example of violating code: diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-76.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-76.adoc index 642690d3fd..6395a7ada8 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-76.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-76.adoc @@ -1,4 +1,4 @@ -== Risk of Regular Expression Denial of Service (ReDoS) +== Risk of regular expression denial of service === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-78.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-78.adoc index 4b051fc860..f8793ea99b 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-78.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-78.adoc @@ -1,4 +1,4 @@ -== Restrict Unnecessary Powerful Browser Features +== Restrict unnecessarily powerful browser features === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-80.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-80.adoc index f8033fefb3..a0c455c056 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-80.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-80.adoc @@ -1,4 +1,4 @@ -== Enforce HTTPS Access for S3 Buckets +== Enforce HTTPS access for S3 buckets === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-81.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-81.adoc index 30d78b924e..c7ec329d5c 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-81.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-81.adoc @@ -1,4 +1,4 @@ -== Prevent OS Command Argument Injections +== Prevent OS command argument injections === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-85.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-85.adoc index 25d98608ef..d2d11e7c5f 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-85.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-85.adoc @@ -1,5 +1,5 @@ -== AngularJS Misconfiguration Strict Contextual Escaping Disabled +== AngularJS misconfiguration strict contextual escaping disabled === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-95.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-95.adoc index 4d12daf533..7856a672ef 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-95.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/javascript-policies/sast-policy-95.adoc @@ -1,5 +1,5 @@ -== Cookie Security Overly Permissive Samesite Attribute +== Cookie security overly permissive Samesite attribute === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-100.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-100.adoc deleted file mode 100644 index 50d3350d59..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-100.adoc +++ /dev/null @@ -1,65 +0,0 @@ - -== Improper Check or Handling of Exceptional Conditions - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| ed492272-36b2-4ed7-970e-d16504d78f8e - -|Checkov ID -|CKV3_SAST_100 - -|Severity -|LOW - -|Subtype -|Build - -|Language -|python - -|CWEs -|https://cwe.mitre.org/data/definitions/703.html[CWE-703: Improper Check or Handling of Exceptional Conditions] - - -|=== - -=== Description - -This policy detects instances where there is improper handling of exceptional conditions in Python code. It checks for the use of a try-except block with a generic exception type and a pass statement. - -Vulnerable code example: - -[source,python] ----- -try: - # Any code that may raise an exception -except Exception: - pass ----- - -The above code is vulnerable because it catches all types of exceptions without any specific handling. This can lead to potential issues such as hiding critical errors or mistakenly ignoring unexpected exceptions. - -=== Fix - Buildtime - -To fix this issue, it is recommended to either handle specific exceptions or include appropriate error handling code within the except block. - -Secure code example: - -[source,python] ----- -try: - # Any code that may raise an exception -except ValueError: - # Handle specific exception - print("Invalid value error occurred.") -except FileNotFoundError as e: - # Handle specific exception - print(f"File not found: {e.filename}") ----- - -The secure code example demonstrates the use of specific exception types within the except block. By handling specific exceptions, the code can perform appropriate actions based on the type of exception encountered. This ensures more robust and reliable error handling. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-166.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-166.adoc deleted file mode 100644 index 13cd47beb8..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-166.adoc +++ /dev/null @@ -1,69 +0,0 @@ - -== Improper Check or Handling of Exceptional Conditions - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 60798fd8-d648-41b5-be49-64cf321beac7 - -|Checkov ID -|CKV3_SAST_166 - -|Severity -|LOW - -|Subtype -|Build - -|Language -|python - -|CWEs -|https://cwe.mitre.org/data/definitions/703.html[CWE-703: Improper Check or Handling of Exceptional Conditions] - -|OWASP Categories -| - -|=== - -=== Description - -This policy detects instances where there is improper check or handling of exceptional conditions. It looks for code that uses a try-except block and immediately continues execution inside the except block, without properly addressing or handling the exceptional condition. - -Vulnerable code example: - -[source,python] ----- -try: - # Some code that may raise an exception -except Exception: - continue ----- - -The above code is vulnerable because it captures all exceptions using a broad "Exception" class and simply continues execution without any proper handling or logging of the exception. This can result in unhandled exceptions and unexpected behavior in the application. - -=== Fix - Buildtime - -To fix this issue, it is important to appropriately handle the exceptional condition. This involves: - -- Identifying the specific exception(s) that may be raised within the try block. -- Implementing appropriate error handling or recovery logic within the except block. -- Properly logging or reporting the exception for debugging purposes. - -Secure code example: - -[source,python] ----- -try: - # Some code that may raise an exception -except SpecificException as e: - # Handle the specific exception - log_error(e) - # Take necessary actions to recover from the exception ----- - -In the secure code example, the specific exception type (e.g., "SpecificException") is caught in the except block, allowing for proper handling and recovery. The example also includes logging the error for debugging purposes, and taking necessary actions to recover from the exception, instead of simply continuing execution. This ensures that exceptional conditions are properly addressed and the application can maintain its expected behavior. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-167.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-167.adoc index fabe662de1..8e576ac7aa 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-167.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-167.adoc @@ -1,5 +1,5 @@ -== Use of Insufficiently Random Values +== Use of insufficiently random values from random module === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-168.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-168.adoc index 49505133d0..b1223514ad 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-168.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-168.adoc @@ -1,5 +1,5 @@ -== Improper Control of Generation of Code ('Code Injection') +== Improper control of external configuration inputs leading to potential code injection === Policy Details @@ -62,4 +62,4 @@ logging.config.listen(socket_address, verify=True, encryption=True) In the secure code example, we explicitly validate and sanitize the input before passing it to the `logging.config.listen()` function. Additionally, we use the `verify` and `encryption` parameters to enhance the security of the socket connection, providing integrity checks and encryption/decryption capabilities. By properly validating and sanitizing the input and using additional security measures, the potential for code injection vulnerabilities is significantly reduced. - \ No newline at end of file + diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-169.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-169.adoc index a43e95ce24..8473e9b2be 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-169.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-169.adoc @@ -1,5 +1,5 @@ -== Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') +== Improper limitation of a pathname === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-170.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-170.adoc index 3d99c77a1f..a76ceb3437 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-170.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-170.adoc @@ -1,5 +1,5 @@ -== Improper Neutralization of Wildcards or Matching Symbols +== Improper neutralization of wildcards === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-173.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-173.adoc new file mode 100644 index 0000000000..de1bfa8821 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-173.adoc @@ -0,0 +1,70 @@ + +== Relative path traversal + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 0088f884-0e1d-4b52-a362-3a8692e8fe18 + +|Checkov ID +|CKV3_SAST_173 + +|Severity +|HIGH + +|Subtype +|Build + +|Language +|python + +|CWEs +|https://cwe.mitre.org/data/definitions/23.html[CWE-23: Relative Path Traversal] + +|OWASP Categories +|https://owasp.org/Top10/A01_2021-Broken_Access_Control/[A01:2021 - Broken Access Control] + +|=== + + +=== Description + +This policy detects when an application is potentially vulnerable to a Relative Path Traversal attack. This type of attack allows an attacker to escape the intended directory and access restricted parts of the file system by using ".." or similar sequences in input data that is used to construct file paths. The policy is triggered if an application uses untrusted and unsanitized input data to open, read or write files. + +Vulnerable code example: + +[source,python] +---- +import flask +from flask import request + +file_name = request.args.get('file_name') +with open(file_name, 'rb') as file: + file_data = file.read() +---- + +In the above code, the file name is retrieved from incoming requests without any sanitization. If an attacker provides a malicious file name like "../../../../etc/passwd", he can potentially read sensitive data from the server. + +=== Fix - Buildtime + +All input data that is used to construct file paths should be sanitized before use. Python provides several ways to do this (e.g., the os.path.normpath() or werkzeug.utils.secure_filename() functions). + +Secure code example: + +[source,python] +---- +import flask +from flask import request +from werkzeug.utils import secure_filename + +file_name = secure_filename(request.args.get('file_name')) +with open(file_name, 'rb') as file: + file_data = file.read() +---- + +In the secure code example, the input data is sanitized by the secure_filename function before used to open a file. This function ensures that only "safe" filenames (without any ".." parts or absolute paths) can be used. Thus, it prevents an attacker from escaping the intended directory and accessing restricted parts of the file system. + + \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-175.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-175.adoc new file mode 100644 index 0000000000..8f5db29b03 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-175.adoc @@ -0,0 +1,70 @@ + +== Lack of neutralization of HTML tags + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +| 86d4e57a-3ff5-4181-8ef6-f903575cf4d2 + +|Checkov ID +|CKV3_SAST_175 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Language +|python + +|CWEs +|https://cwe.mitre.org/data/definitions/80.html[CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)] + +|OWASP Categories +|https://owasp.org/Top10/A03_2021-Injection/[A03:2021 - Injection] + +|=== + + +=== Description + +This SAST policy detects cases where a web application written in Python does not properly neutralize script-related HTML tags in user input used in web pages potentially leading to Cross-Site Scripting (XSS) vulnerabilities. Several flask, django, tornado, sys, input, and bottle framework methods that extract user input are monitored. Similarly, several methods for content sanitization are taken into account. The detected issue can be found in the return value of various rendering methods used by flask, django, and bottle frameworks. + +Vulnerable code example: + +[source,python] +---- +from flask import request, render_template + +@app.route('/example') +def example(): + user_input = request.args.get('user_input') + return render_template('example.html', input=user_input) +---- + +In this example, the application is directly using the input from the user in a webpage without neutralizing special characters such as "<", ">", and "&" which could be interpreted as web-scripting elements leading to an XSS attack. + +=== Fix - Buildtime + +In order to fix this issue, developers should always properly sanitize user input before using it in web pages. Special characters should be replaced with appropriate HTML Entities. + +Secure code example: + +[source,python] +---- +from flask import request, render_template +import cgi + +@app.route('/example') +def example(): + user_input = cgi.escape(request.args.get('user_input')) + return render_template('example.html', input=user_input) +---- + +In the Improved code, the user's input goes through the 'cgi.escape()' function which neutralizes any potential script-related HTML tags. Thus, it makes it safe to include in the rendered web page. + + \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-50.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-50.adoc index 2a0c752ad1..1c560ec223 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-50.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-50.adoc @@ -1,4 +1,4 @@ -== XML Parsers exposed to XXE Vulnerabilities +== XML parsers exposed to XXE vulnerabilities === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-6.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-6.adoc deleted file mode 100644 index 5fdbe6bb5b..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-6.adoc +++ /dev/null @@ -1,66 +0,0 @@ -== Use of hardcoded passwords in Python code - - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| a5793935-e457-4939-9005-4642115155b0 - -|Checkov ID -|CKV3_SAST_6 - -|Severity -|HIGH - -|Subtype -|Build - -|Language -|Python - -|CWEs -|https://cwe.mitre.org/data/definitions/259.html[CWE-259: Use of Hard-coded Password] - -|OWASP Categories -|https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[A07:2021 - Identification and Authentication Failures] - -|=== - - - -=== Description - -Hardcoding passwords directly into code is a very serious security concern. These hardcoded credentials can be easily exposed if the source code is ever leaked or inspected by unauthorized individuals. Also, they are typically shared among multiple people and are seldom rotated, which is a bad practice from a security standpoint. - -Hardcoding a password as a default argument in a function could lead to situations where the hardcoded password is used in production if a real password is not supplied. This is a serious issue, as an attacker who knows or discovers the hardcoded password could then potentially authenticate with whatever system the password is used for. - -Here's an example of violating code: - -[source,python] ----- -def connect_to_db(username="admin", password="password123"): - # Code to connect to the database - pass ----- - -In this code, the function connect_to_db has default arguments for username and password. If no arguments are supplied when this function is called, the hardcoded credentials will be used. - -=== Fix - Buildtime - -To fix this issue, you should remove the hardcoded password. If you need to supply a default password for testing or development, it should be loaded from a secure location, like an environment variable: - -[source,python] ----- -import os - -def connect_to_db(username=None, password=None): - username = username or os.getenv('DB_USERNAME') - password = password or os.getenv('DB_PASSWORD') - # Code to connect to the database - pass ----- - -In this revised code, if no arguments are supplied when connect_to_db is called, the function will try to get the credentials from environment variables. This approach keeps the credentials out of the source code. In production, always use secure methods of managing credentials, like secret management services. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-60.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-60.adoc index 9ef235f3a5..991d8be805 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-60.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-60.adoc @@ -1,4 +1,4 @@ -== HTML Autoescape Mechanism Should Not Be Globally Disabled +== HTML autoescape mechanism globally disabled === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-61.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-61.adoc index bead7d25da..89a512b69c 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-61.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-61.adoc @@ -1,4 +1,4 @@ -== LDAP Queries Should Not Be Vulnerable to Injection Attacks +== LDAP queries vulnerable to injection attacks === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-62.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-62.adoc index e6888e4d86..51a9c4575b 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-62.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-62.adoc @@ -1,4 +1,4 @@ -== Logging Should Not Be Vulnerable to Injection Attacks +== Logging vulnerable to injection attacks === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-63.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-63.adoc index 87cef08a93..0e5ee7f5dc 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-63.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-63.adoc @@ -1,4 +1,4 @@ -== Sending Emails is Security-Sensitive +== Unsecure sending of emails from application === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-64.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-64.adoc index a08817baa3..1fd8e031ef 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-64.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-64.adoc @@ -1,4 +1,4 @@ -== Server Hostnames Should not verified during SSL/TLS connections +== Server hostnames verified during SSL/TLS connections === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-65.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-65.adoc index 0cad3dd538..69e9135909 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-65.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-65.adoc @@ -1,4 +1,4 @@ -== Inadequate Encryption Strength +== Inadequate SSL/TLS encryption strength === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-68.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-68.adoc index 0fc7b348da..04e52abf3e 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-68.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-68.adoc @@ -1,4 +1,4 @@ -== Weak SSL/TLS protocol used +== Insecure AES initialization vector usage === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-70.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-70.adoc deleted file mode 100644 index 71096e1f6d..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-70.adoc +++ /dev/null @@ -1,68 +0,0 @@ -== Improper Authorization in Handler for Custom URL Scheme - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| c15ba559-7930-4a73-a2a1-be31964db300 - -|Checkov ID -|CKV3_SAST_70 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|Python - -|CWEs -|https://cwe.mitre.org/data/definitions/939.html[CWE-939: Improper Authorization in Handler for Custom URL Scheme] - -|OWASP Categories -|https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[A5:2017-Broken Access Control] - -|=== - -=== Description - -The `urllib` module in Python provides a way to work with URLs. However, when used improperly, it can introduce security vulnerabilities, especially when handling URLs that may be controlled or manipulated by malicious actors. - -Our analysis has detected the use of `urllib` or its variants with dynamic values. The problem with this is that `urllib` inherently supports the `file://` scheme. This means a malicious actor can craft URLs that could potentially allow them to read arbitrary files on the server. This behavior exposes the system to a range of security threats, including information disclosure. - -For example: - -[source,python] ----- -# Vulnerable code snippet -import urllib - -url = get_dynamic_value_from_user() -content = urllib.urlopen(url).read() ----- - -=== Fix - Buildtime - -To address this vulnerability: - -1. Audit the uses of `urllib` or related calls to ensure no user data can influence or control the URLs being accessed. -2. Consider avoiding the use of `urllib` for URLs that might be influenced by user data. Instead, prefer using the more robust `requests` library in Python. -3. If you continue using `urllib`, ensure proper validation and sanitization mechanisms are in place to prevent malicious URL crafting. - -A safer approach: - -[source,python] ----- -# Recommended code snippet -import requests - -url = get_dynamic_value_from_user() -response = requests.get(url) -content = response.text ----- - -Being vigilant about the libraries and functions you use and ensuring you are always following best practices can go a long way in maintaining the security and integrity of your applications. diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-90.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-90.adoc deleted file mode 100644 index d1bc9ee06e..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-90.adoc +++ /dev/null @@ -1,59 +0,0 @@ - -== Improper Restriction of XML External Entity Reference - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| dab17e87-4629-47c2-ad11-f098980b4cc1 - -|Checkov ID -|CKV3_SAST_90 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|python - -|CWEs -|https://cwe.mitre.org/data/definitions/611.html[CWE-611] - - -|=== - -=== Description - -This SAST policy detects improper restriction of XML external entity reference vulnerabilities in Python code that uses the native XML libraries. - -Vulnerable code example: - -[source,python] ----- -import xml.etree.ElementTree as ET - -tree = ET.parse('file.xml') -root = tree.getroot() ----- - -The above code is vulnerable because it uses the `ET.parse()` method from the `xml.etree.ElementTree` module without proper restriction of XML external entities. This can allow an attacker to read arbitrary files on the server. - -=== Fix - Buildtime - -To fix this issue, it is recommended to use the `defusedxml` library instead of the native Python XML libraries. The `defusedxml` library is specifically designed to mitigate XML external entity attacks. - -Secure code example: - -[source,python] ----- -import defusedxml.ElementTree as ET - -tree = ET.parse('file.xml') -root = tree.getroot() ----- - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-91.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-91.adoc index ac1881ce35..4f0a7965c2 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-91.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-91.adoc @@ -1,5 +1,5 @@ -== Uncontrolled Resource Consumption +== Uncontrolled resource consumption === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-93.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-93.adoc index b70425a403..d0e1e6cc58 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-93.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-93.adoc @@ -1,5 +1,5 @@ -== Cleartext Transmission of Sensitive Information +== Cleartext transmission of sensitive information === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-94.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-94.adoc deleted file mode 100644 index 83d0d2475e..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-94.adoc +++ /dev/null @@ -1,55 +0,0 @@ - -== Improper Certificate Validation - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 846a5062-41de-477d-bf26-52629d951594 - -|Checkov ID -|CKV3_SAST_94 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|python - -|CWEs -|https://cwe.mitre.org/data/definitions/319.html[CWE-319: Cleartext Transmission of Sensitive Information] - - -|=== - -=== Description - -This SAST policy detects instances where improper certificate validation is being performed in Python code. Improper certificate validation can lead to sensitive information being transmitted in clear text, which can expose it to unauthorized access. - -Vulnerable code example: - -[source,python] ----- -requests.get(url, verify=False) ----- - -In the above code, the `verify=False` parameter is used when making a request with the `requests` library. This disables the verification of SSL certificates, allowing for potential man-in-the-middle attacks and exposing sensitive information. - -=== Fix - Buildtime - -To fix this issue, you should enable SSL certificate verification when making requests. This can be done by removing the `verify=False` parameter or setting it to `True`. - -Secure code example: - -[source,python] ----- -requests.get(url, verify=True) ----- - -By setting `verify=True`, the SSL certificate will be validated, ensuring secure communication and preventing sensitive data exposure. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-98.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-98.adoc index 6786dcdf61..b5fe296d3b 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-98.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-98.adoc @@ -1,5 +1,5 @@ -== Key Exchange without Entity Authentication +== Key exchange without entity authentication === Policy Details diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-99.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-99.adoc deleted file mode 100644 index 28b9ecbf17..0000000000 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-policy-99.adoc +++ /dev/null @@ -1,66 +0,0 @@ - -== Insecure temporary file - -=== Policy Details - -[width=45%] -[cols="1,1"] -|=== -|Prisma Cloud Policy ID -| 5bd681c4-f75c-4669-9f9e-30770a2842cb - -|Checkov ID -|CKV3_SAST_99 - -|Severity -|MEDIUM - -|Subtype -|Build - -|Language -|python - -|CWEs -|https://cwe.mitre.org/data/definitions/377.html[CWE-377: Insecure Temporary File] -|https://cwe.mitre.org/data/definitions/379.html[CWE-379: Creation of Temporary File in Directory with Insecure Permissions] - -|OWASP Categories -|https://owasp.org/Top10/A01_2021-Broken_Access_Control/[A01:2021 - Broken Access Control] - -|=== - -=== Description - -This SAST policy detects the usage of insecure temporary files in Python code. Specifically, it looks for the usage of the `os.tempnam`, `os.tmpnam`, `tempfile.mktemp`, and `open` functions with a file path starting with "/tmp". - -Vulnerable code example: - -[source,python] ----- -import os - -def create_temp_file(): - temp_file = os.tempnam("/tmp") - # Perform operations on the temporary file ----- - -The above code is vulnerable because it uses the `os.tempnam` function to create a temporary file in the `/tmp` directory. This can be exploited through symlink attacks or if the `/tmp` directory has insecure permissions. - -=== Fix - Buildtime - -To fix the issue, use the `tempfile` module to create secure temporary files. The `tempfile.TemporaryFile` function provides a safer way to create temporary files. - -Secure code example: - -[source,python] ----- -import tempfile - -def create_temp_file(): - temp_file = tempfile.TemporaryFile() - # Perform operations on the temporary file ----- - -The above code is no longer vulnerable because it uses the `tempfile.TemporaryFile` function to create a secure temporary file, which avoids the symlink attack and ensures proper handling of temporary files. - \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-python-policy-index.adoc b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-python-policy-index.adoc index 72e1611394..dcdaef7a1b 100644 --- a/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-python-policy-index.adoc +++ b/docs/en/enterprise-edition/policy-reference/sast-policies/python-policies/sast-python-policy-index.adoc @@ -21,10 +21,6 @@ |CKV3_SAST_5 |LOW -|xref:sast-policy-6.adoc[Use of hardcoded passwords in Python code] -|CKV3_SAST_6 -|HIGH - |xref:sast-policy-10.adoc[Encryption keys below 2048 bit] |CKV3_SAST_10 |MEDIUM @@ -41,7 +37,7 @@ |CKV3_SAST_48 |MEDIUM -|xref:sast-policy-50.adoc[XML Parsers exposed to XXE Vulnerabilities] +|xref:sast-policy-50.adoc[XML parsers exposed to XXE vulnerabilities] |CKV3_SAST_50 |MEDIUM @@ -81,27 +77,27 @@ |CKV3_SAST_59 |HIGH -|xref:sast-policy-60.adoc[HTML Autoescape Mechanism Should Not Be Globally Disabled] +|xref:sast-policy-60.adoc[HTML autoescape mechanism globally disabled] |CKV3_SAST_60 |MEDIUM -|xref:sast-policy-61.adoc[LDAP Queries Should Not Be Vulnerable to Injection Attacks] +|xref:sast-policy-61.adoc[LDAP queries vulnerable to injection attacks] |CKV3_SAST_61 |CRITICAL -|xref:sast-policy-62.adoc[Logging Should Not Be Vulnerable to Injection Attacks] +|xref:sast-policy-62.adoc[Logging vulnerable to injection attacks] |CKV3_SAST_62 |MEDIUM -|xref:sast-policy-63.adoc[Sending Emails is Security-Sensitive] +|xref:sast-policy-63.adoc[Unsecure sending of emails from application] |CKV3_SAST_63 |LOW -|xref:sast-policy-64.adoc[Server Hostnames Should not verified during SSL/TLS connections] +|xref:sast-policy-64.adoc[Server hostnames verified during SSL/TLS connections] |CKV3_SAST_64 |MEDIUM -|xref:sast-policy-65.adoc[Inadequate Encryption Strength] +|xref:sast-policy-65.adoc[Inadequate SSL/TLS encryption strength] |CKV3_SAST_65 |HIGH @@ -113,7 +109,7 @@ |CKV3_SAST_67 |HIGH -|xref:sast-policy-68.adoc[Weak SSL/TLS protocol used] +|xref:sast-policy-68.adoc[Insecure AES initialization vector usage] |CKV3_SAST_68 |HIGH @@ -121,10 +117,6 @@ |CKV3_SAST_69 |MEDIUM -|xref:sast-policy-70.adoc[Improper Authorization in Handler for Custom URL Scheme] -|CKV3_SAST_70 -|MEDIUM - |xref:sast-policy-71.adoc[Insecure use of no password or weak password when connecting to a database] |CKV3_SAST_71 |CRITICAL @@ -157,22 +149,14 @@ |CKV3_SAST_89 |CRITICAL -|xref:sast-policy-90.adoc[Improper Restriction of XML External Entity Reference] -|CKV3_SAST_90 -|MEDIUM - -|xref:sast-policy-91.adoc[Uncontrolled Resource Consumption] +|xref:sast-policy-91.adoc[Uncontrolled resource consumption] |CKV3_SAST_91 |MEDIUM -|xref:sast-policy-93.adoc[Cleartext Transmission of Sensitive Information] +|xref:sast-policy-93.adoc[Cleartext transmission of sensitive information] |CKV3_SAST_93 |HIGH -|xref:sast-policy-94.adoc[Improper Certificate Validation] -|CKV3_SAST_94 -|MEDIUM - |xref:sast-policy-96.adoc[Insecure active debug code] |CKV3_SAST_96 |MEDIUM @@ -181,18 +165,10 @@ |CKV3_SAST_97 |HIGH -|xref:sast-policy-98.adoc[Key Exchange without Entity Authentication] +|xref:sast-policy-98.adoc[Key exchange without entity authentication] |CKV3_SAST_98 |HIGH -|xref:sast-policy-99.adoc[Insecure temporary file] -|CKV3_SAST_99 -|MEDIUM - -|xref:sast-policy-100.adoc[Improper Check or Handling of Exceptional Conditions] -|CKV3_SAST_100 -|LOW - |xref:sast-policy-152.adoc[Hardcoded passwords are being used] |CKV3_SAST_152 |HIGH @@ -201,24 +177,29 @@ |CKV3_SAST_154 |MEDIUM -|xref:sast-policy-166.adoc[Improper Check or Handling of Exceptional Conditions] -|CKV3_SAST_166 -|LOW - -|xref:sast-policy-167.adoc[Use of Insufficiently Random Values] +|xref:sast-policy-167.adoc[Use of insufficiently random values from random module] |CKV3_SAST_167 |LOW -|xref:sast-policy-168.adoc[Improper Control of Generation of Code ('Code Injection')] +|xref:sast-policy-168.adoc[Improper control of external configuration inputs leading to potential code injection] |CKV3_SAST_168 |MEDIUM -|xref:sast-policy-169.adoc[Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')] +|xref:sast-policy-169.adoc[Improper limitation of a pathname] |CKV3_SAST_169 |HIGH -|xref:sast-policy-170.adoc[Improper Neutralization of Wildcards or Matching Symbols] +|xref:sast-policy-170.adoc[Improper neutralization of wildcards] |CKV3_SAST_170 |MEDIUM +|xref:sast-policy-173.adoc[Relative path traversal] +|CKV3_SAST_173 +|HIGH + +|xref:sast-policy-175.adoc[Lack of neutralization of HTML tags] +|CKV3_SAST_175 +|MEDIUM + + |=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc index ff91bcde7c..1287358633 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc @@ -5,11 +5,6 @@ |=== |Policy|Checkov ID|Validation | Severity -|xref:ensure-repository-is-private.adoc[GitHub repository is not Private] -| https://github.com/bridgecrewio/checkov/tree/master/checkov/terraform/checks/resource/github/PrivateRepo.py[CKV_GIT_1] -|N/A -|LOW - |xref:git-secrets-1.adoc[Artifactory Credentials] |CKV_SECRET_1 diff --git a/docs/en/enterprise-edition/rn/24-1-2-rn-book.yml b/docs/en/enterprise-edition/rn/24-1-2-rn-book.yml new file mode 100644 index 0000000000..56e8f59f32 --- /dev/null +++ b/docs/en/enterprise-edition/rn/24-1-2-rn-book.yml @@ -0,0 +1,58 @@ +--- +kind: book +title: Prisma® Cloud Release Notes - 24.1.2 Draft +author: Prisma Cloud Tech Docs +ditamap: prisma-cloud-release-notes +dita: techdocs/en_US/dita/test/prisma/prisma-cloud-release-notes +graphics: techdocs/en_US/dita/test/_graphics/uv/prisma/prisma-cloud-release-notes +github: + owner: PaloAltoNetworks + repo: prisma-cloud-docs + bookdir: cspm/rn + branch: master +--- +kind: chapter +name: Prisma® Cloud Release Information +dir: prisma-cloud-release-info +topics: + - name: Prisma® Cloud Release Information + file: prisma-cloud-release-info.adoc + - name: Features Introduced in 2024 + dir: features-introduced-in-2024 + topics: + - name: Features Introduced in 2024 + file: features-introduced-in-2024.adoc + - name: Features Introduced in January 2024 + file: features-introduced-in-january-2024.adoc +--- +kind: chapter +name: Limited GA Features on Prisma Cloud +dir: limited-ga-features-prisma-cloud +topics: + - name: Limited GA Features on Prisma Cloud + file: limited-ga-features-prisma-cloud.adoc +--- +kind: chapter +name: Look Ahead—Planned Updates on Prisma Cloud +dir: look-ahead-planned-updates-prisma-cloud +topics: + - name: Look Ahead—Planned Updates on Prisma Cloud + file: look-ahead-planned-updates-prisma-cloud.adoc + - name: Look Ahead Updates to Secure the Infrastructure + file: look-ahead-secure-the-infrastructure.adoc +--- +kind: chapter +name: Prisma Cloud Known Issues +dir: known-issues +topics: + - name: Prisma Cloud Known Issues + file: known-issues.adoc + - name: Known and Fixed Issues on Prisma Cloud + file: known-fixed-issues.adoc +--- +kind: chapter +name: Get Help +dir: get-help +topics: + - name: Get Help + file: get-help.adoc diff --git a/docs/en/enterprise-edition/rn/_graphics/compliance-dashboard.gif b/docs/en/enterprise-edition/rn/_graphics/compliance-dashboard.gif new file mode 100644 index 0000000000..da2ae7560f Binary files /dev/null and b/docs/en/enterprise-edition/rn/_graphics/compliance-dashboard.gif differ diff --git a/docs/en/enterprise-edition/rn/_graphics/send-to-email.png b/docs/en/enterprise-edition/rn/_graphics/send-to-email.png new file mode 100644 index 0000000000..07b7ee71ac Binary files /dev/null and b/docs/en/enterprise-edition/rn/_graphics/send-to-email.png differ diff --git a/docs/en/enterprise-edition/rn/_graphics/send-to-options.png b/docs/en/enterprise-edition/rn/_graphics/send-to-options.png new file mode 100644 index 0000000000..da25975e9d Binary files /dev/null and b/docs/en/enterprise-edition/rn/_graphics/send-to-options.png differ diff --git a/docs/en/enterprise-edition/rn/_graphics/send-to-slack.png b/docs/en/enterprise-edition/rn/_graphics/send-to-slack.png new file mode 100644 index 0000000000..ecfa5b3130 Binary files /dev/null and b/docs/en/enterprise-edition/rn/_graphics/send-to-slack.png differ diff --git a/docs/en/enterprise-edition/rn/book.yml b/docs/en/enterprise-edition/rn/book.yml index 0814920623..2923095a72 100644 --- a/docs/en/enterprise-edition/rn/book.yml +++ b/docs/en/enterprise-edition/rn/book.yml @@ -17,102 +17,117 @@ dir: prisma-cloud-release-info topics: - name: Prisma® Cloud Release Information file: prisma-cloud-release-info.adoc + - name: Features Introduced in 2024 + dir: features-introduced-in-2024 + topics: + - name: Features Introduced in 2024 + file: features-introduced-in-2024.adoc + - name: Features Introduced in January 2024 + file: features-introduced-in-january-2024.adoc - name: Features Introduced in 2023 dir: features-introduced-in-2023 topics: - - name: Features Introduced in 2023 - file: features-introduced-in-2023.adoc - - name: Features Introduced in November 2023 - file: features-introduced-in-november-2023.adoc - - name: Features Introduced in October 2023 - file: features-introduced-in-october-2023.adoc + - name: Features Introduced in 2023 + file: features-introduced-in-2023.adoc + - name: Features Introduced in December 2023 + file: features-introduced-in-december-2023.adoc + - name: Features Introduced in November 2023 + file: features-introduced-in-november-2023.adoc + - name: Features Introduced in October 2023 + file: features-introduced-in-october-2023.adoc - name: Classic Releases dir: classic-releases topics: - - name: Classic Releases - file: classic-releases.adoc - - name: Prisma Cloud Platform Release Information - dir: prisma-cloud-cspm-release-information - topics: + - name: Classic Releases + file: classic-releases.adoc - name: Prisma Cloud Platform Release Information - file: prisma-cloud-cspm-release-information.adoc - - name: Features Introduced in October 2023 - file: features-introduced-in-october-2023.adoc - - name: Features Introduced in September 2023 - file: features-introduced-in-september-2023.adoc - - name: Features Introduced in August 2023 - file: features-introduced-in-august-2023.adoc - - name: Features Introduced in July 2023 - file: features-introduced-in-july-2023.adoc - - name: Features Introduced in June 2023 - file: features-introduced-in-june-2023.adoc - - name: Features Introduced in May 2023 - file: features-introduced-in-may-2023.adoc - - name: Features Introduced in April 2023 - file: features-introduced-in-april-2023.adoc - - name: Features Introduced in March 2023 - file: features-introduced-in-march-2023.adoc - - name: Features Introduced in February 2023 - file: features-introduced-in-february-2023.adoc - - name: Features Introduced in January 2023 - file: features-introduced-in-january-2023.adoc - - name: Prisma Cloud Compute Release Information - dir: prisma-cloud-compute-release-information - topics: + dir: prisma-cloud-cspm-release-information + topics: + - name: Prisma Cloud Platform Release Information + file: prisma-cloud-cspm-release-information.adoc + - name: Features Introduced in October 2023 + file: features-introduced-in-october-2023.adoc + - name: Features Introduced in September 2023 + file: features-introduced-in-september-2023.adoc + - name: Features Introduced in August 2023 + file: features-introduced-in-august-2023.adoc + - name: Features Introduced in July 2023 + file: features-introduced-in-july-2023.adoc + - name: Features Introduced in June 2023 + file: features-introduced-in-june-2023.adoc + - name: Features Introduced in May 2023 + file: features-introduced-in-may-2023.adoc + - name: Features Introduced in April 2023 + file: features-introduced-in-april-2023.adoc + - name: Features Introduced in March 2023 + file: features-introduced-in-march-2023.adoc + - name: Features Introduced in February 2023 + file: features-introduced-in-february-2023.adoc + - name: Features Introduced in January 2023 + file: features-introduced-in-january-2023.adoc - name: Prisma Cloud Compute Release Information - file: prisma-cloud-compute-release-information.adoc - - name: Features Introduced in November 2023 - file: features-introduced-in-compute-november-2023.adoc - - name: Features Introduced in October 2023 - file: features-introduced-in-compute-october-2023.adoc - - name: Features Introduced in September 2023 - file: features-introduced-in-compute-september-2023.adoc - - name: Features Introduced in August 2023 - file: features-introduced-in-compute-august-2023.adoc - - name: Features Introduced in July 2023 - file: features-introduced-in-compute-july-2023.adoc - - name: Features Introduced in June 2023 - file: features-introduced-in-compute-june-2023.adoc - - name: Features Introduced in May 2023 - file: features-introduced-in-compute-may-2023.adoc - - name: Features Introduced in April 2023 - file: features-introduced-in-compute-april-2023.adoc - - name: Features Introduced in March 2023 - file: features-introduced-in-compute-march-2023.adoc - - name: Features Introduced in February 2023 - file: features-introduced-in-compute-february-2023.adoc - - name: Features Introduced in January 2023 - file: features-introduced-in-compute-january-2023.adoc - - name: Prisma Cloud Code Security Release Information - dir: prisma-cloud-code-security-release-information - topics: + dir: prisma-cloud-compute-release-information + topics: + - name: Prisma Cloud Compute Release Information + file: prisma-cloud-compute-release-information.adoc + - name: Features Introduced in February 2024 + file: features-introduced-in-compute-february-2024.adoc + - name: Features Introduced in January 2024 + file: features-introduced-in-compute-january-2024.adoc + - name: Features Introduced in December 2023 + file: features-introduced-in-compute-december-2023.adoc + - name: Features Introduced in November 2023 + file: features-introduced-in-compute-november-2023.adoc + - name: Features Introduced in October 2023 + file: features-introduced-in-compute-october-2023.adoc + - name: Features Introduced in September 2023 + file: features-introduced-in-compute-september-2023.adoc + - name: Features Introduced in August 2023 + file: features-introduced-in-compute-august-2023.adoc + - name: Features Introduced in July 2023 + file: features-introduced-in-compute-july-2023.adoc + - name: Features Introduced in June 2023 + file: features-introduced-in-compute-june-2023.adoc + - name: Features Introduced in May 2023 + file: features-introduced-in-compute-may-2023.adoc + - name: Features Introduced in April 2023 + file: features-introduced-in-compute-april-2023.adoc + - name: Features Introduced in March 2023 + file: features-introduced-in-compute-march-2023.adoc + - name: Features Introduced in February 2023 + file: features-introduced-in-compute-february-2023.adoc + - name: Features Introduced in January 2023 + file: features-introduced-in-compute-january-2023.adoc - name: Prisma Cloud Code Security Release Information - file: prisma-cloud-code-security-release-information.adoc - - name: Features Introduced in September 2023 - file: features-introduced-in-code-security-september-2023.adoc - - name: Features Introduced in August 2023 - file: features-introduced-in-code-security-august-2023.adoc - - name: Features Introduced in July 2023 - file: features-introduced-in-code-security-july-2023.adoc - - name: Features Introduced in June 2023 - file: features-introduced-in-code-security-june-2023.adoc - - name: Features Introduced in May 2023 - file: features-introduced-in-code-security-may-2023.adoc - - name: Features Introduced in April 2023 - file: features-introduced-in-code-security-april-2023.adoc - - name: Features Introduced in March 2023 - file: features-introduced-in-code-security-march-2023.adoc - - name: Features Introduced in February 2023 - file: features-introduced-in-code-security-february-2023.adoc - - name: Features Introduced in January 2023 - file: features-introduced-in-code-security-january-2023.adoc ---- + dir: prisma-cloud-code-security-release-information + topics: + - name: Prisma Cloud Code Security Release Information + file: prisma-cloud-code-security-release-information.adoc + - name: Features Introduced in September 2023 + file: features-introduced-in-code-security-september-2023.adoc + - name: Features Introduced in August 2023 + file: features-introduced-in-code-security-august-2023.adoc + - name: Features Introduced in July 2023 + file: features-introduced-in-code-security-july-2023.adoc + - name: Features Introduced in June 2023 + file: features-introduced-in-code-security-june-2023.adoc + - name: Features Introduced in May 2023 + file: features-introduced-in-code-security-may-2023.adoc + - name: Features Introduced in April 2023 + file: features-introduced-in-code-security-april-2023.adoc + - name: Features Introduced in March 2023 + file: features-introduced-in-code-security-march-2023.adoc + - name: Features Introduced in February 2023 + file: features-introduced-in-code-security-february-2023.adoc + - name: Features Introduced in January 2023 + file: features-introduced-in-code-security-january-2023.adoc +--- kind: chapter name: Limited GA Features on Prisma Cloud dir: limited-ga-features-prisma-cloud topics: - name: Limited GA Features on Prisma Cloud - file: limited-ga-features-prisma-cloud.adoc + file: limited-ga-features-prisma-cloud.adoc --- kind: chapter @@ -122,11 +137,11 @@ topics: - name: Look Ahead—Planned Updates on Prisma Cloud file: look-ahead-planned-updates-prisma-cloud.adoc - name: Look Ahead Updates to Secure the Infrastructure - file: look-ahead-secure-the-infrastructure.adoc + file: look-ahead-secure-the-infrastructure.adoc - name: Look Ahead Updates to Secure the Runtime - file: look-ahead-secure-the-runtime.adoc + file: look-ahead-secure-the-runtime.adoc - name: Look Ahead Updates to Secure the Source - file: look-ahead-secure-the-source.adoc + file: look-ahead-secure-the-source.adoc --- kind: chapter name: Prisma Cloud Known Issues diff --git a/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc b/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc index 49c484109e..22d68cef72 100644 --- a/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc +++ b/docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc @@ -1,5 +1,5 @@ == Known and Fixed Issues on Prisma Cloud - +// @Divya and @Rodrigo need to add their issues in docs/en/enterprise-edition/rn/known-issues/known-fixed-issues.adoc to this file as well. The following table lists the known and fixed issues on Prisma Cloud. [NOTE] @@ -18,13 +18,109 @@ The list of fixed issues are not cumulative; only the issues that are fixed with |=== |*ISSUE ID* |*DESCRIPTION* -//CWP-52647 -|tt:[Fixed in 31.03.103] -|Fixed a bug in agentless scanning that in some cases did not discover all hosts deployed in the cloud environment. -//CWP-52324 -|tt:[Fixed in 31.03.103] -|Fixed a bug for AWS accounts configured to scan in hub mode. The bug caused a permissions error to appear in the UI during the cleanup stage, while no actual permissions issues were present and the scan was completed successfully. +//CWP-46155 +|tt:[Fixed in 32.02] +|Agentless scanning now supports scanning of Podman container images deployed to hosts with the default storage driver. + +//CWP-46167 +|tt:[Fixed in 32.02] +|Fixed an issue where scanning scripts that contain binary data caused memory consumption issues. + +//CWP-47706 +|tt:[Fixed in 32.02] +|Improved the detection of vulnerabilities on supported Windows OS workloads to fix false negative and false positive alerts related to Windows feeds. + +// //CWP-47945 (API Waiting on inputs) +// |tt:[Fixed in 32.02] +// | + +//CWP-48097 +|tt:[Fixed in 32.02] +|Fixed an issue causing some TAS blobstore controllers not to be listed. + + +//CWP-48530 +|tt:[Fixed in 32.02] +|Fixed an issue found during configuration of the Tanzu blobstore scanner. The configuration didn't filter the scanners from the selected cloud controller correctly. Now, when you provide a cloud controller in the Tanzu blobstore scan configuration, only the suitable scanners are available in the scanner dropdown. + + +//CWP-52027 +|tt:[Fixed in 32.02] +|Fixed an issue where users could not see credentials stored in the Runtime Security credential store, when creating a new System Admin role while specifying cloud accounts only onboarded under Runtime Security. + +//CWP-54804 +|tt:[Fixed in 32.02] +|Added support for installing serverless defender on AWS with NodeJS runtime, using layer based deployment type and ES modules type. + +//CWP-46557 +|tt:[Fixed in 32.01] +|*Container Support:* Bump `github.com/containers/storage` to v1.42.0 (or later). + +//CWP-46051 +|tt:[Fixed in 32.01] +| *Documentation:* Updated the inconsistent icons in the documentation of the trusted images compliance under *Monitor > Compliance > Trusted images*. + +//CWP-42711 +|tt:[Fixed in 32.01] +|*Serverless:* Fixed confusion around the serverless function defended status. + +//CWP-50500 +|tt:[Fixed in 32.01] +|*Operating System Support:* Fixed false positives caused by CVE-2016-9063 in hosts running RHEL. + +//CWP-48649 +|tt:[Fixed in 32.01] +|*Operating System Support:* Improve parsing of Debian feed for CVEs with status open to include only the vulnerable versions. + +//CWP-50923 +|tt:[Fixed in 32.01] +|*Cloud Service Providers - Azure:* Fixed an issue where the cluster name of Azure AKS clusters was incorrectly resolved by Defenders as vanilla Kubernetes cluster instead of AKS cluster, if the resource group name of the cluster contained the suffix `_group`. + +//CWP-53655 +|tt:[Fixed in 32.01] +|*Image Scanning:* Fixed an issue where system administrators could see all the clusters in the Image Vulnerability scan reports. + +//CWP-51321 +|tt:[Fixed in 32.01] +|*Collections added using the [Add a New Collection](https://pan.dev/prisma-cloud/api/cwpp/post-collections/) endpoint:* Fixed the issue with collections that were added by invoking the [Add a New Collection](https://pan.dev/prisma-cloud/api/cwpp/post-collections/) endpoint with one or more empty fields: such collections did not display in the Console. +The Add a New Collection endpoint is updated to fix this issue. Now, all request body fields of this endpoint, except name, are optional. Any optional field that is not provided will default to the wildcard value '*'. + +//CWP-49926 +|tt:[Fixed in 32.01] +|*Logging:* Fixed an issue causing errors in logs after upgrading from v30.00.140 to v31.00.129. + +//CWP-51425 +|tt:[Fixed in 32.01] +|*Registry Scanning:* Fixed an issue that caused a scanning failure for Google artifactory registry using credentials imported from the Prisma Cloud platform. + +//CWP-52436 +|tt:[Fixed in 32.00] +|Fixed an issue with agentless scanning that in some conditions failed scanning encrypted volumes when using hub mode in AWS. + +//CWP-52777 CWP-52736 +|tt:[Fixed in 32.00] +|In `v31.02.133`, the new 81 out-of-box admission control rules in Rego were not available by default. This is now fixed. With the v32.00 Console, you now get all the 81 OOB admission control rules. + +//CWP-51754 +|tt:[Fixed in 32.00] +|Fixed an issue where "sourceType" field was missing for Splunk alert meesages. User can now add "sourceType" field to the custom alert JSON of Splunk and prisma cloud will define the external field based on the custom one. + +//CWP-50983 +|tt:[Fixed in 32.00] +|Fixed an issue where the progress bar while scanning deployed images was not reported correctly. + +//CWP-50312 +|tt:[Fixed in 32.00] +|Fixed an issue where Nuget vulnerabilities of same package with difference path appear with the same path. + +// CWP-48205, PCSUP-15977 +|tt:[Fixed in 32.00] +|Fixed an issue that stopped the registry scan due to an invalid credentials error. The registry scan now completes on credential fetch errors. + +// CWP-45971 +|tt:[Fixed in 32.00] +|Custom rule names are now populated for runtime custom rule incidents. Also, labels are reported for when the incident occurred in a Kubernetes cluster. //CWP-47278 |tt:[Fixed in 31.03.103] @@ -43,27 +139,6 @@ To fix this issue, the Defender scan now ignores scanning the images of TAS appl |tt:[Fixed in 31.03.103] |Fixed a bug for AWS accounts configured to scan in hub mode. The bug caused a permissions error to appear in the UI during the cleanup stage, while no actual permissions issues were present and the scan was completed successfully. -//CWP-47278 -|tt:[Fixed in 31.03.103] -|Fixed an issue wherein the alerts were pending in the immediate alerts queue and causing logging errors. - -//CWP-52046 -|tt:[Fixed in 31.03.103] -|Fixed an issue with a broken Jenkins CI link that incorrectly pointed to the Console with filter "true" and no relevant results. The Jenkins output log link now correctly shows the relevant filter for the Jenkins job under *Monitor > Vulnerabilities > Images > CI*. - -//CWP-52169 -|tt:[Fixed in 31.03.203] -|Fixed an issue wherein the Tanzu apps were missing under *Monitor > Vulnerabilities* scan results for the deployed images on the Diego cells and the image scanning for TAS applications mounted on the external system took extremely long. -To fix this issue, the Defender scan now ignores scanning the images of TAS applications mounted on the external file system. - -|tt:[Fixed in 23.11.1] -//*RLP-118358* -//Added in 23.10.2. Mark as fixed in 11.1 -|Knowledge Center is temporarily disabled for content updates. The Prisma Cloud documentation is moving to a new site https://docs.prismacloud.io[docs.prismacloud.io], and the knowledge center will be available with the updated content with 23.11.1. - -You can continue to directly access documentation on https://docs.paloaltonetworks.com/prisma/prisma-cloud[docs.paloaltonetworks.com/prisma/prisma-cloud] and will be redirected to https://docs.prismacloud.io[docs.prismacloud.io]. - - //CWP-51415 |tt:[Fixed in 31.02.133] |Fixed issue in RHEL clusters running NodeOS where compliance checks didn't show any non-compliant alerts. @@ -120,6 +195,24 @@ The fix improves the scan process tolerance to errors during the retrieval of co |*DESCRIPTION* // CSPM AND CAS Known Issues +|*RLP-118360* +//Added in 24.1.2 + +|The Saved Filters option is no longer available in the Darwin UI. It will be replaced with Saved Views in an upcoming release. + +|*RLP-123335* +//Added in 23.12.1 + +|When configuring Jira fields in the Prisma Cloud Notification template, it is important to note that the automatic population is limited to fields specifically of types `user` and `labels`. Other field types may not be populated as expected during the setup process. This is a known issue. + +|*RLP-113952* +//Added in 24.1.1. Plan is to fix it in 24.2.1. This must be moved to fixed issues then. +|While onboarding your Azure China tenant to Prisma Cloud, you might see an inaccurate warning within the *Review Status > Security Capabilities and Permissions* section, even if you have granted the necessary permissions. + +`Prisma Cloud application is not assigned following role(s): GroupMember.Read.All, Domain.Read.All, Reports.Read.All, Application.Read.All, Policy.Read.All;` + +This is a known issue and can be disregarded. This will be fixed in the upcoming release. + |*RLP-104295* //Added in 23.7.2. |Prisma Cloud has fully adopted Microsoft Authentication Library (MSAL) for monitoring Azure instances. However, in very rare cases, you might come across log entries for calls from Prisma Cloud to Active Directory Authentication Library (ADAL) endpoints. These entries can be disregarded. A fix will be implemented to resolve these erroneous entries. @@ -189,12 +282,12 @@ The fix improves the scan process tolerance to errors during the retrieval of co //*RLP-59655* - Removing per confirmation from Shital Katkar -//Prisma Cloud supports user attribution, but there may be some delay when generating user attribution for an alert, even when menu:Settings[Enterprise Settings > Alerts User Attribution] is enabled. +//Prisma Cloud supports user attribution, but there may be some delay when generating user attribution for an alert, even when *Settings > Enterprise Settings > Alerts User Attribution* is enabled. //*RLP-58180* - Removing this as a Known Issue per the ticket, marked as fixed. //Added for PCSUP-7729 in 22.2.1. -//On menu:Inventory[Assets], OKE clusters (Oracle Kubernetes Engine) deployed in Santiago region do not display. You can view resources for other https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-service-provider-regions-on-prisma-cloud.html[supported regions]. +//On *Inventory > Assets*, OKE clusters (Oracle Kubernetes Engine) deployed in Santiago region do not display. You can view resources for other https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/cloud-service-provider-regions-on-prisma-cloud.html[supported regions]. //*RLP-57331* - Removing this as a Known Issue per the ticket. @@ -313,7 +406,7 @@ This issue requires a fix on AWS. When fixed on AWS, the issue will be automatic |*—* // #35634/35308 -|On the menu:Radar[Containers], K3s clusters are not displayed when a Defender is deployed with an empty cluster name. You can view the containers within these clusters under *Non-cluster containers*. +|On the *Radar > Containers*, K3s clusters are not displayed when a Defender is deployed with an empty cluster name. You can view the containers within these clusters under *Non-cluster containers*. |*—* // GH#42826 @@ -334,4 +427,13 @@ As an example, when the application “python” is sourced from an Amazon Pytho |Compliance check 6361 fails for hosts running RedHat Enterprise Linux (RHEL) 9. The check to ensure the `iptables` package is installed fails because `iptables` was deprecated in RHEL 9 and replaced with the `nftables` package. +//CWP-53375 +|*-* +|In **Inventory > Compute Workloads**, for users logged in with a role other than the built in system admin role, currently only data about cloud provider managed registry images and VM instances can be viewed. +In particular, for such roles currently data about the following types of assets is not displayed: + +- Run stage images +- Private registry images +- Build stage images +- On-premises hosts/hosts managed by cloud providers unsupported by Compute |=== diff --git a/docs/en/enterprise-edition/rn/limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc b/docs/en/enterprise-edition/rn/limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc index a908304218..3e04b61038 100644 --- a/docs/en/enterprise-edition/rn/limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc +++ b/docs/en/enterprise-edition/rn/limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc @@ -15,6 +15,7 @@ The Limited General Availability (LGA) features are not available on all stacks tt:[*_CSPM - Visibility, Compliance and Governance_*] //RLP-104999 + |AppDNA helps you center your security strategy around your applications, the most vital construct in your cloud estate. https://docs.prismacloud.io/en/enterprise-edition/assets/pdf/app-dna-lga.pdf[AppDNA] intelligently groups assets in a manner that exposes their relationships, in the context of application development. AppDNA helps you: * Discover applications based on Kubernetes Namespace and assign a Display Name, Owner, Environment, and Business Criticality. @@ -36,7 +37,7 @@ tt:[*_CSPM - Visibility, Compliance and Governance_*] You can now manage vulnerabilities, ensure compliance, and provide runtime defense for your resources in the IBM cloud. -|*Resource Tag Filter in Asset Inventory* +|*Asset Tag Filter in Asset Inventory* tt:[*_CSPM - Visibility, Compliance and Governance_*] @@ -44,7 +45,7 @@ tt:[*_CSPM - Visibility, Compliance and Governance_*] //https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/asset-inventory-resource-tag-filter-lga.pdf -|A new https://docs.prismacloud.io/en/enterprise-edition/assets/pdf/asset-inventory-resource-tag-filter-lga.pdf[Resource Tag] filter is now available in the Prisma Cloud Asset Inventory, which allows you to focus on assets based on the resource tags present. Once you filter based on the Resource Tag, the Asset Inventory will display only the assets that contain the Resource Tags you specified. +|A new https://docs.prismacloud.io/en/enterprise-edition/assets/pdf/asset-inventory-resource-tag-filter-lga.pdf[Asset Tag] filter is now available in the Prisma Cloud Asset Inventory, which allows you to focus on assets based on the resource tags present. Once you filter based on the Asset Tag, the Asset Inventory will display only the assets that contain the Asset Tags you specified. |*Resolved Alert Notification to External Integrations* diff --git a/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-infrastructure.adoc b/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-infrastructure.adoc index 3c4a763f99..81fbcea6da 100644 --- a/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-infrastructure.adoc +++ b/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-infrastructure.adoc @@ -3,7 +3,7 @@ Review any changes planned in the next Prisma Cloud release to ensure the security of your infrastructure. -Read this section to learn about what is planned in the 23.12.1 CSPM Platform, Agentless container host, Agentless Host Security, CIEM, Data Security, and CDEM releases. The Look Ahead announcements are for an upcoming or next release and it is not a cumulative list of all announcements. +Read this section to learn about what is planned in the 24.2.1 CSPM Platform, Agentless container host, Agentless Host Security, CIEM, Data Security, and CDEM releases. The Look Ahead announcements are for an upcoming release and it is not a cumulative list of all announcements. [NOTE] ==== @@ -11,385 +11,349 @@ The details and functionality listed below are a preview and the actual release ==== * <> -//* <> +* <> +* <> * <> //* <> -* <> +//* <> * <> * <> - [#announcement] === Announcement [cols="50%a,50%a"] |=== -|FEATURE -|DESCRIPTION +|*Feature* +|*Description* |*Prisma Cloud Darwin Release* //received the blurb on Slack from Matangi. No Jira ticket for this. -|The *Prisma Cloud Darwin Release* is here. With the Code to Cloud™ intelligence capabilities in this release, your security and development teams can work together to reduce application risks and prevent breaches. +|The *Prisma Cloud Darwin Release* is live. With the Code to Cloud™ intelligence capabilities, your security and development teams can work together to reduce application risks and prevent breaches. image::darwin-release.gif[] -The rollout for existing customers will start on October 18, 2023 through early February 2024, and your tenant will be updated with the new intuitive user interface and https://live.paloaltonetworks.com/t5/prisma-cloud-customer-videos/prisma-cloud-evolution-amp-transformation/ta-p/556596[rich set of security capabilities] during this period. - -Here is the roll out schedule for all Prisma Cloud environments except app.gov. Please connect with your Customer Success team for more details. +The rollout for existing customers started on October 18, 2023 and will run through February 2024. Your tenant will be updated with the new intuitive user interface and https://live.paloaltonetworks.com/t5/prisma-cloud-customer-videos/prisma-cloud-evolution-amp-transformation/ta-p/556596[rich set of security capabilities] during this period. -//* 23.11.1 (Nov 1-9) - app.ind, app.ca, app.uk, app.fr +All Prisma Cloud environments except app.gov are updated to the Darwin release. Contact your Prisma Cloud Customer Success team for more details. -* 23.12.1 (Nov 29-Dec 7) - app, app3, app.eu, app2.eu +* 24.2.1 (Feb 6-15) - app.gov -* 24.1.1 (Jan 10-18) - app2, app4, app.anz, app.jp, app.sg - -* 24.1.2 (Jan 29-Feb 6) - app.cn +//* 23.11.1 (Nov 1-9) - app.ind, app.ca, app.uk, app.fr +//* 23.12.1 (Nov 29-Dec 7) - app, app3, app.eu, app2.eu +//* 24.1.1 (Jan 10-18) - app2, app4, app.anz, app.jp, app.sg +//* 24.1.2 (Jan 29-Feb 6) - app.cn When you are upgraded to the Darwin release, refer to the https://docs.prismacloud.io/en/enterprise-edition/content-collections/[Enterprise Edition documentation]. Until then, you can continue to refer to the https://docs.prismacloud.io/en/classic/cspm-admin-guide/[Enterprise Edition- Classic documentation]. |=== +[#changes-in-existing-behavior] +=== Changes in Existing Behavior -[#new-policies] -=== New Policies - -Learn about the new policies and upcoming policy changes for new and existing Prisma Cloud System policies. - -==== Access the Look Ahead for New Policies +[cols="50%a,50%a"] +|=== +|*Feature* +|*Description* -To learn about the new policies that will be added in the next release: +|*S3 Flow Logs with Hourly Partition* +tt:[This change was first announced in the look ahead that was published with the 23.1.1 release.] +//RLP-76433 - verify with PM moving blurb from LA to 24.2.1 RN -. Find the Prisma Cloud policies folder on GitHub. -+ -The folder contains RQL based Config, Network, and Audit Event policies in JSON format. https://github.com/PaloAltoNetworks/prisma-cloud-policies[View the GitHub repo]. +|If you currently ingest AWS flow logs using S3 with the 24-hour partition, you need to change it to the hourly partition. -. Select the branch for which you want to review policy updates. -+ -The *Master* branch represents rrent Prisma Cloud release that is generally available. You can switch to a previous release or the next release branch, to review the policies that were published previously or are planned for the upcoming release. -+ -Because Prisma Cloud typically has 2 releases in a month, the release naming convention in GitHub is PCS-... For example, PCS-23.12.1 +To make this change, https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-flow-logs[Configure Flow Logs] to use the hourly partition and enable the required additional fields. -. Review the updates. -+ -Use the changelog.md file for a cumulative list of all policies that are added to a specific release. The policies are grouped by new policies and updated policies. -+ -Use the *policies* folder to review the JSON for each policy that is added or updated as listed in the changelog. The filename for each policy matches the policy name listed in the changelog. Within each policy file, the JSON field names are described aptly to help you easily identify the characteristic it represents. The JSON field named searchModel.query provides the RQL for the policy. +*Impact*— VPC Flow logs with partitions set to *Every 24 hours (default)* will be disabled on January 30th, 2024. As a result, you will no longer be able to monitor or receive alerts for these logs. If you have any questions, contact your Prisma Cloud Customer Success Representative immediately. +|=== -[#policy-updates] -=== Policy Updates -The following policies will be updated in Prisma Cloud: +[#new-ips-for-runtime] +=== New IPs for Runtime Security -[cols="50%a,50%a"] -|=== -|POLICY UPDATES -|DESCRIPTION +*Add New IP Addresses for Runtime Security* +//RLP-122832 - Do not remove this blurb till Feb 2024. Add these details to the AG in 24.2.1 +To ensure continued connectivity to the Prisma Cloud console, as a system administrator, review the following IP list and add the new addresses to your allow lists before February 2024. Failure to do so will result in tenant connectivity issues. -|*AWS S3 bucket publicly readable* -//RLP-104677 +[NOTE] +==== +Current (old) IPs will be deprecated after February 2024. +==== -|*Changes to Policy RQL*— Policy RQL will be updated to check for Authenticated Users access. Policy remediation steps have been updated. +[cols="40%a,30%a,30%a"] +|=== +|*Prisma Cloud UI* +|*Ingress IPs* +|*Egress IPs* -*Policy Severity*— High +|app.prismacloud.io us-east-1 (N.Virginia) +|3.232.212.150, 52.206.194.243, 54.205.93.245 +|34.232.99.40, 18.211.176.92, 54.243,170.105 -*Policy Type*— Config +|app2.prismacloud.io us-east-2 (Ohio) +|3.132.133.211, 3.134.159.143, 3.132.102.175 +|3.20.245.229, 18.117.2.10, 3.12.88.219 -*Impact*— New alerts may get opened if Authenticated users have read permissions. +|app3.prismacloud.io us-west-2 (Oregon) +|54.71.138.233, 44.225.112.87, 100.22.20.223 +|34.212.152.80, 35.81.57.244, 35.164.11.119 -*Alert Impact*— Low +|app4.prismacloud.io us-west-1 (N.California) +|52.8.150.142, 13.57.149.63, 52.53.102.128 +|52.8.254.103, 52.8.144.90, 52.52.105.247 -|*Azure Storage account is not configured with private endpoint connection* -//RLP-120048 +|app.anz.prismacloud.io ap-southeast-2 (Sydney) +|54.66.57.155, 3.24.19.111, 3.105.89.234 +|13.54.220.198, 52.65.26.161, 3.106.34.89 -|*Updated RQL*: ----- -config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-storage-account-list' AND json.rule = properties.provisioningState equals Succeeded and networkRuleSet.defaultAction equal ignore case Allow and properties.privateEndpointConnections[*] is empty ----- +|app.ca.prismacloud.io ca-central-1 (Canada - Central) +|35.182.172.138, 35.183.159.40, 15.157.80.131 +|15.156.171.28, 3.98.195.69, 52.60.214.101 -*Policy Severity*— Medium +|app.ind.prismacloud.io ( ap-south-1 ) +|13.127.110.199, 35.154.181.205, 15.206.220.174 +|65.0.38.58, 43.205.12.179, 13.200.1.224 -*Policy Type*— Config +|app.sg.prismacloud.io ap-southeast-1 (Singapore) +|13.250.243.220, 54.251.192.140, 13.214.62.192 +|52.220.86.241, 18.139.216.124, 13.215.145.83 -*Impact*— Low. Alerts that are not reported due to retained IPrule and VirtualNetworkRule will be opened. +|app.jp.prismacloud.io ap-northeast-1 (Tokyo) +|52.192.243.41, 57.180.105.24, 52.195.58.106 +|54.178.53.44, 57.180.197.75, 35.79.153.213 -|*GCP VM instance using a default service account with full access to all Cloud APIs* -//RLP-120380 +|app.eu.prismacloud.io eu-central-1 (Frankfurt) +|3.68.165.169, 18.153.181.13, 3.126.32.183 +|18.192.34.49, 3.66.3.228, 18.153.176.170 -|*Updated Policy Name*— GCP VM instance using a default service account with Cloud Platform access scope +|app2.eu.prismacloud.io eu-west-1 (Ireland) +|52.49.29.166, 52.18.47.237, 52.212.198.8 +|54.220.240.134, 34.247.157.43, 34.255.175.135 -*Updated Policy Description*— This policy identifies the GCP VM instances that are using a default service account with cloud-platform access scope. To be compliant with the principle of least privileges and prevent potential privilege escalation, we recommend that instances not be assigned to default service account 'Compute Engine default service account' with scope 'cloud-platform'. +|app.uk.prismacloud.io eu-west2 (London) +|13.42.228.98, 18.135.233.1, 13.43.203.118 +|18.133.199.52, 3.10.115.247, 18.168.167.81 -*Policy Severity*— Medium +|app.fr.prismacloud.io eu-west-3 (Paris) +|13.36.213.67, 13.36.106.162, 13.39.97.70 +|15.237.224.167, 13.36.133.84, 13.36.226.57 -*Policy Type*— Config +|=== -*Impact*— No Impact +[#new-policies] +=== New Policies -|=== +Learn about the new policies and upcoming policy changes for new and existing Prisma Cloud System policies. -[#iam-policy-update] -=== IAM Policy Updates -//RLP-120492 +==== Access the Look Ahead for New Policies -The following IAM out-of-the-box (OOTB) policies will be updated in Prisma Cloud: +To learn about the new policies that will be added in the next release: -[cols="30%a,35%a,35%a"] -|=== -|POLICY NAME -|Current RQL -|Updated RQL +. Find the Prisma Cloud policies folder on GitHub. ++ +The folder contains RQL based Config, Network, and Audit Event policies in JSON format. https://github.com/PaloAltoNetworks/prisma-cloud-policies[View the GitHub repo]. -|*Azure VM instance associated managed identity with Azure built-in roles of Contributor/Owner permissions* +. Select the branch for which you want to review policy updates. ++ +The *Master* branch represents rrent Prisma Cloud release that is generally available. You can switch to a previous release or the next release branch, to review the policies that were published previously or are planned for the upcoming release. ++ +Because Prisma Cloud typically has 2 releases in a month, the release naming convention in GitHub is PCS-... For example, PCS-24.2.1. -|*Changes—* The policy name will be updated. +. Review the updates. ++ +Use the changelog.md file for a cumulative list of all policies that are added to a specific release. The policies are grouped by new policies and updated policies. ++ +Use the *policies* folder to review the JSON for each policy that is added or updated as listed in the changelog. The filename for each policy matches the policy name listed in the changelog. Within each policy file, the JSON field names are described aptly to help you easily identify the characteristic it represents. The JSON field named searchModel.query provides the RQL for the policy. -*Current Name—* Azure VM instance associated managed identity with Azure built-in roles of Contributor/Owner permissions -*Updated Name—* Azure VM instance associated managed identity with Azure built-in roles of Owner permissions +[#api-ingestions] +=== API Ingestions -|NA +[cols="50%a,50%a"] +|=== +|*Service* +|*API Details* +|*Amazon EC2 Image Builder* +//RLP-123966 +|*aws-imagebuilder-component* -|*AWS IAM policy allows Privilege escalation via PassRole & CodeBuild permissions* +Additional permissions required: -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codebuild:CreateProject', 'codebuild:StartBuild', 'codebuild:StartBuildBatch') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +* `imagebuilder:ListComponents` +* `imagebuilder:GetComponent` -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codebuild:CreateProject', 'codebuild:StartBuild', 'codebuild:StartBuildBatch') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +The Security Audit role includes the permissions. -|*AWS IAM policy allows Privilege escalation via PassRole & CodeStar project permissions* +|*Amazon EC2 Image Builder* +//RLP-123953 -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codestar:CreateProject' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +|*aws-imagebuilder-image-recipe* -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codestar:CreateProject' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +Additional permissions required: -|*AWS IAM policy allows Privilege escalation via PassRole & Data Pipeline permissions* +* `imagebuilder:ListImageRecipes` +* `imagebuilder:GetImageRecipe` -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'datapipeline:ActivatePipeline', 'datapipeline:CreatePipeline', 'datapipeline:PutPipelineDefinition') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +The Security Audit role includes the permissions. -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'datapipeline:ActivatePipeline', 'datapipeline:CreatePipeline', 'datapipeline:PutPipelineDefinition') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +|*Amazon EC2 Image Builder* +//RLP-123951 -|*AWS IAM policy allows Privilege escalation via PassRole & EC2 permissions* +|*aws-imagebuilder-image-pipeline* -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'ec2:RunInstances' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +Additional permissions required: -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'ec2:RunInstances' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +* `imagebuilder:ListImagePipelines` +* `imagebuilder:GetImagePipeline` -|*AWS IAM policy allows Privilege escalation via PassRole & Glue create job permissions* +The Security Audit role includes the permissions. -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +|*Amazon EC2 Image Builder* +//RLP-123946 -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +|*aws-imagebuilder-infrastructure-configuration* -|*AWS IAM policy allows Privilege escalation via PassRole & Glue development endpoint permissions* +Additional permissions required: -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateDevEndpoint', 'glue:GetDevEndpoint') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +* `imagebuilder:ListInfrastructureConfigurations` +* `imagebuilder:GetInfrastructureConfiguration` -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateDevEndpoint', 'glue:GetDevEndpoint') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +The Security Audit role includes the permissions. -|*AWS IAM policy allows Privilege escalation via PassRole & Glue update job permissions* +|*AWS Elastic Disaster Recovery* +//RLP-122569 -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:UpdateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +|*aws-drs-job* -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:UpdateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +Additional permission required: -|*AWS IAM policy allows Privilege escalation via PassRole & Lambda create & invoke Function permissions* +* `drs:DescribeJobs` -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:InvokeFunction', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +The Security Audit role includes the permission. -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:InvokeFunction', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +|*AWS Elastic Disaster Recovery* +//RLP-118756 -|*AWS IAM policy allows Privilege escalation via PassRole & Lambda create Function & Event source mapping permissions* +|*aws-drs-replication-configuration* -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:CreateEventSourceMapping', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +Additional permissions required: -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:CreateEventSourceMapping', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +* `drs:DescribeSourceServers` +* `drs:GetReplicationConfiguration` -|*AWS IAM policy allows Privilege escalation via PassRole & Lambda create Function & add permissions* +The Security Audit role includes the permissions. -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:AddPermission', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +|*AWS Elastic Disaster Recovery* +//RLP-118753 -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:AddPermission', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +|*aws-drs-source-server* -|*AWS IAM policy allows Privilege escalation via PassRole & SageMaker create processing job permissions* +Additional permission required: -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateProcessingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +* `drs:DescribeSourceServers` -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateProcessingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +The Security Audit role includes the permission. -|*AWS IAM policy allows Privilege escalation via PassRole & SageMaker create training job permissions* +|tt:[Update] *Amazon Elastic Container Registry (ECR)* +//RLP-127456 -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateTrainingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist ----- +|*aws-ecr-image* -|---- -config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateTrainingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' ----- +Prisma Cloud will update the `aws-ecr-image` API to exclude the `lastRecordedPullTime` field from the JSON because it changes frequently causing too many resource snapshots. -|=== -[#api-ingestions] -=== API Ingestions +|*Google Vertex AI AIPlatform* +//RLP-121320 -[cols="50%a,50%a"] -|=== -|SERVICE -|API DETAILS +|*gcloud-vertex-ai-aiplatform-dataset* -|*Amazon EMR* -//RLP-118746 -|*aws-emr-instance* +Additional permission required: -Additional permissions required: +* `aiplatform.datasets.list` -* `elasticmapreduce:ListClusters` -* `elasticmapreduce:ListInstances` +The Viewer role includes the permission. -The Security Audit role includes the permissions. +|*Google Vertex AI AIPlatform* +//RLP-121319 -|*AWS Code Build* -//RLP-118748 -|*aws-code-build-source-credential* +|*gcloud-vertex-ai-aiplatform-hyperparameter-tuning-job* -Additional permissions required: +Additional permission required: -* `codebuild:ListSourceCredentials` +* `aiplatform.hyperparameterTuningJobs.list` -You must manually add the above permission to the CFT template to enable it. +The Viewer role includes the permission. +|*Google Cloud VMware Engine* +//RLP-121318 -|*AWS Elastic Disaster Recovery* -//RLP-118756 -|*aws-drs-replication-configuration* +|*gcloud-vmware-engine-network* Additional permissions required: -* `drs:DescribeSourceServers` -* `drs:GetReplicationConfiguration` +* `vmwareengine.locations.list` +* `vmwareengine.vmwareEngineNetworks.list` -You must manually add the above permissions to the CFT template to enable them. +The Viewer role includes the permissions. -|*AWS Elastic Disaster Recovery* -//RLP-118753 -|*aws-drs-source-server* +|*Google Cloud VMware Engine* +//RLP-123964 -Additional permission required: +|*gcloud-vmware-engine-network-policy* -* `drs:DescribeSourceServers` +Additional permissions required: -You must manually add the above permission to the CFT template to enable it. +* `vmwareengine.locations.list` +* `vmwareengine.networkPolicies.list` -|*Azure Cache* -//RLP-119062 -|*azure-cache-redis-diagnostic-settings* +The Viewer role includes the permissions. -Additional permissions required: +|*Google Vertex AI AIPlatform* +//RLP-124015 -* `Microsoft.Cache/redis/read` -* `Microsoft.Insights/DiagnosticSettings/Read` +|*gcloud-vertex-ai-aiplatform-index* -The Reader Role that includes these permissions. - -|*Google Cloud VMware Engine* -//RLP-119360 -|*gcloud-vmware-engine-subnet* +Additional permission required: -Additional permissions required: +* `aiplatform.indexes.list` -* `vmwareengine.locations.list` -* `vmwareengine.privateClouds.list` -* `vmwareengine.subnets.list` +The Viewer role includes the permission. -The Viewer Role that includes these permissions. +|*Google Vertex AI AIPlatform* +//RLP-124015 -|*Google Cloud VMware Engine* -//RLP-119359 -|*gcloud-vmware-engine-hcx-activation-key* +|*gcloud-vertex-ai-aiplatform-feature-store-entity-type* Additional permissions required: -* `vmwareengine.locations.list` -* `vmwareengine.privateClouds.list` -* `vmwareengine.hcxActivationKeys.list` -* `vmwareengine.hcxActivationKeys.getIamPolicy` - -The Viewer Role that includes these permissions. +* `aiplatform.featurestores.list` +* `aiplatform.entityTypes.list` +* `aiplatform.entityTypes.getIamPolicy` -|*Google Cloud VMware Engine* -//RLP-119358 -|*gcloud-vmware-engine-cluster* +The Viewer role includes the permissions. -Additional permissions required: -* `vmwareengine.locations.list` -* `vmwareengine.privateClouds.list` -* `vmwareengine.clusters.list` -* `vmwareengine.clusters.getIamPolicy` +|tt:[Update] *Google Cloud Firestore* +//RLP-127556 -The Viewer Role that includes these permissions. +|*gcloud-cloud-firestore-native-database* -|*Google Cloud VMware Engine* -//RLP-119350 -|*gcloud-vmware-engine-private-cloud* +Prisma Cloud will update the `gcloud-cloud-firestore-native-database` API to exclude the `earliestVersionTime` field from the resource configuration. -Additional permissions required: +|tt:[Update] *Google Compute Engine (GCE)* +//RLP-126590 -* `vmwareengine.locations.list` -* `vmwareengine.privateClouds.list` -* `vmwareengine.privateClouds.getIamPolicy` +|*gcloud-compute-autoscaler* -The Viewer Role that includes these permissions. +Prisma Cloud will update the `gcloud-compute-autoscaler` API to exclude the `recommendedSize` field from the resource configuration. |=== @@ -409,6 +373,8 @@ The Viewer Role that includes these permissions. tt:[*Prisma Cloud CSPM REST API for Compliance Posture*] +//RLP-120514 + * https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture/[get /compliance/posture] * https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture/[post /compliance/posture] * https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend/[get /compliance/posture/trend] @@ -440,11 +406,36 @@ tt:[*Prisma Cloud CSPM REST API for Asset Inventory*] |Will be announced -|Will be announced +|tt:[*Prisma Cloud CSPM REST API for Compliance Posture*] + +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-v-2/[get /v2/compliance/posture] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-v-2/[post /v2/compliance/posture] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend-v-2/[get /v2/compliance/posture/trend] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-trend-v-2/[post /compliance/posture/trend] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend-for-standard-v-2/[get /v2/compliance/posture/trend/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-trend-for-standard-v-2/[post /v2/compliance/posture/trend/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend-for-requirement-v-2/[get /v2/compliance/posture/trend/{complianceId}/{requirementId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-trend-for-requirement-v-2/[post /v2/compliance/posture/trend/{complianceId}/{requirementId}] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-for-standard-v-2/[get /v2/compliance/posture/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-for-standard-v-2/[post /v2/compliance/posture/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-for-requirement-v-2/[get /v2/compliance/posture/{complianceId}/{requirementId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-for-requirement-v-2/[post /v2/compliance/posture/{complianceId}/{requirementId}] + +tt:[*Prisma Cloud CSPM REST API for Asset Explorer and Reports*] +* https://pan.dev/prisma-cloud/api/cspm/save-report-v-2/[post /v2/report] +* https://pan.dev/prisma-cloud/api/cspm/get-resource-scan-info-v-2/[get /v2/resource/scan_info] +* https://pan.dev/prisma-cloud/api/cspm/post-resource-scan-info-v-2/[post /v2/resource/scan_info] + +tt:[*Prisma Cloud CSPM REST API for Asset Inventory*] + +* https://pan.dev/prisma-cloud/api/cspm/asset-inventory-v-3/[get /v3/inventory] +* https://pan.dev/prisma-cloud/api/cspm/post-method-for-asset-inventory-v-3/[post /v3/inventory] +* https://pan.dev/prisma-cloud/api/cspm/asset-inventory-trend-v-3/[get /v3/inventory/trend] +* https://pan.dev/prisma-cloud/api/cspm/post-method-asset-inventory-trend-v-3/[post /v3/inventory/trend] |tt:[*Prisma Cloud CSPM REST API for Resources*] -//RLP-114802 +//RLP-114802, RLP-115752 * https://pan.dev/prisma-cloud/api/cspm/get-resource/[GET/resource] * https://pan.dev/prisma-cloud/api/cspm/get-timeline-for-resource/[POST /resource/timeline] @@ -452,21 +443,17 @@ tt:[*Prisma Cloud CSPM REST API for Asset Inventory*] |23.9.2 -|24.1.1 +|24.2.1 | https://pan.dev/prisma-cloud/api/cspm/asset-2/#get-asset[POST /uai/v1/asset] - -|tt:[*End of Life (EOL) for Prisma Cloud Microsegmentation in 24.1.2*] -//RLP-115151 +|tt:[*Change to Compliance Trendline and Deprecation of Compliance Filters*] +//RLP-126719, need to check if this notice can be moved to current features in 24.1.2 | - -| 24.1.2 - -|The Prisma Cloud Microsegmentation module was announced as End-of-Sale effective 31 August 2022. As of the 24.1.2 release planned in end January 2024, the subscription is going End of Life and will be no longer available for use. - -In preparation for the EoL, make sure to uninstall all instances of the Enforcer, the Microsegmentation agent deployed in your environment, as these agents will no longer enforce any security policies on traffic on or across your hosts. - +| - +|To provide better performance, the *Compliance trendline* will start displaying data only from the past one year. Prisma Cloud will not retain the snapshots of data older than one year. +The Compliance-related filters (*Compliance Requirement, Compliance Standard, and Compliance Section*) will not be available on Asset Inventory (*Inventory > Assets*). |tt:[*Prisma Cloud CSPM REST API for Alerts*] //RLP-25031, RLP-25937 @@ -504,7 +491,4 @@ Response object property `risk.grade.options` is deprecated for the following re | NA -|=== - - - +|=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-runtime.adoc b/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-runtime.adoc index de71efa8b6..c241404fe5 100644 --- a/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-runtime.adoc +++ b/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-runtime.adoc @@ -1,129 +1,53 @@ == Look Ahead—Planned Updates to Secure the Runtime -//Review any changes planned in the next Prisma Cloud release to ensure the security of your runtime. +Review any changes planned in the next Prisma Cloud release to ensure the security of your runtime. - -//Read this section to learn about what is planned in the upcoming `32.00` release on the Runtime Security tab of the Prisma Cloud console for WAAS, Host Security, Serverless Security, and Container Security. +Read this section to learn about what is planned in the upcoming `32.02` release on the Runtime Security tab of the Prisma Cloud console for WAAS, Host Security, Serverless Security, and Container Security. The Look Ahead announcements are for an upcoming or next release and it is not a cumulative list of all announcements. Currently, there are no previews or announcements for updates. -[NOTE] -==== -The details and functionality listed below are a preview of what is planned for the `v32.00` release; the changes listed herein and the actual release date, are subject to change. -==== - -* <> -* <> -* <> -* <> - -[#defender-upgrade] -=== Defender Upgrade - -[cols="30%a,70%a"] -|=== -|Plan to Upgrade Defender Versions 22.12 and Earlier -|With the v32.00.xx (O'Neal) release, Defender versions supported (n, n-1, and n-2) are `v32.xx.xxx`, `v31.xx.xxx`, and `v30.xx.xxx`. -To prepare for this update, you must upgrade your Defenders from version `v22.12.xx.xxx` (Lagrange) or earlier to a later version. Failure to upgrade Defenders will result in disconnection of any Defender version below 30.xx, such as 22.12. - -|=== - -[#deprecation] -=== Deprecation Notices -[cols="30%a,70%a"] -|=== -//CWP-48467 -|Deprecate the `aggregated` and `rest` fields -|The `aggregated` and `rest` macros from the webhook custom JSON alerts are being deprecated and replaced by `AggregatedAlerts` and `Dropped` macros respectively. - -//CWP-40710 -|Deprecate `AccountID` macro from the Alerts payload -to be verified by PM -|The `AccountID` macro in the Alerts payload is deprecated and replaced by the `AccountIDs` macro. - -//CWP-36043 -|Code Security Module for Scanning -|Support for scanning your code repositories from the Prisma Cloud console (*Runtime Security > Monitor > Vulnerabilities > code repositories*) is being deprecated. -https:docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/tools/twistcli-scan-code-repos[Scan code repos with twistcli] is also being deprecated. - -You can use the *Runtime Security > Defend > Vulnerabilities > Code repositories* on Prisma Cloud to scan code repositories and CI pipelines for misconfigurations and vulnerabilities. - -|=== +// [NOTE] +// ==== +// The details and functionality listed below are a preview of what is planned for the `v32.02` release; the changes listed herein and the actual release date, are subject to change. +// ==== -[#eos-notices] -=== End of Support Notices -[cols="30%a,70%a"] -|=== +//* <> +// * <> +// * <> +// * <> +// * <> -//CWP-49461 -|Support for Cloud Native Network Segmentation (CNNS) -|The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts is being removed. The configuration settings on the console (*Runtime Security > Defend > CNNS*) and the corresponding APIs for CNNS will be removed in `v32.0.xxx`. -Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available. -List of API endpoints that are no longer supported: +// [#enhancements] +// === Enhancements -* PUT, `{{/api/v/policies/firewall/network/container}}` -* GET, `{{/api/v/policies/firewall/network}}` -* GET, `{{/api/v/audits/firewall/network/container/download}}` -* GET, `{{/api/v/audits/firewall/network/container}}` -* GET, `{{/api/v/audits/firewall/network/host/download}}` -* GET, `{{/api/v/audits/firewall/network/host}}` +// The following enhancements are planned; the details will be available at release: -|=== - -[#addressed-issues] - -=== Addressed Issues - -The following fixes will be available in an upcoming release. - -[cols="30%a,70%a"] -|=== -// CWP-48205, PCSUP-15977 -|- -|Fixed an issue that stopped the registry scan due to an invalid credentials error. The registry scan now completes on credential fetch errors. +// [cols="30%a,70%a"] +// |=== -// CWP-44286 -|- -|Fixed an issue wherein the VMWare Blobstore scan results failed to refresh and show some apps in the scan results. This is fixed by deleting the TAS droplets cache at the end of the scan procedure. +// |=== -// CWP-52476 -|- -|Fixed deployment error issues in VMWare TAS due to Defender termination. This issue was fixed by setting TAS to wait until the Defender exits gracefully when the job is stopped. -//CWP-52169 -// |- -// |Fixed an issue wherein the Tanzu apps were missing under *Monitor > Vulnerabilities* scan results for the deployed images on the Diego cells and image scanning for TAS applications mounted on the external system took extremely long. -// To fix this issue, the Defender scan now ignores scanning the images of TAS applications mounted on the external filesystem. +// [#deprecation-notices] +// === Deprecation Notices +// [cols="30%a,70%a"] +// |=== -// CWP-52736 -|- -|In `v31.02.133`, the new 81 out-of-box admission control rules in Rego were not available by default. This is now fixed. With the `v32.00` Console, you now get all the 81 OOB admission control rules. +// |=== -// CWP-51754 -|- -|Fixed an issue where the `sourceType` field was missing for Splunk alert messages. You can now add `sourceType` field to the custom alert JSON of Splunk and Prisma Cloud will define the external field based on the custom one. +// [#eos-notices] +// === End of Support Notices -// CWP-52436 -|- -|Fixed an issue with agentless scanning that in some conditions failed to scan encrypted volumes when using hub mode in AWS. -// CWP-39713 -|- -|Fixed an edge case where a Defender was not able to scan containers and generated error logs with the message "failed to update container info profile not found"and reported a bad health status for the Defender. -// CWP-45971 -|- -|Custom rule names are now populated for runtime custom rule incidents. Also, labels are reported for when the incident occurred in a Kubernetes cluster. +// [#addressed-issues] +// === Addressed Issues +// [cols="30%a,70%a"] +// |=== // |=== -// [#enhancement] -//=== Enhancements -//The following enhancements are planned; the details will be available at release: -//* -//Placeholder incase there are any LA enhancements to be listed. - diff --git a/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-source.adoc b/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-source.adoc index 90484bac7d..54da4fb43d 100644 --- a/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-source.adoc +++ b/docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-source.adoc @@ -10,24 +10,20 @@ Read this section to learn about what is planned in the upcoming CI/CD Security, The details and functionality listed below are a preview and the actual release date is subject to change. ==== -* <> +//* <> * <> -[#changes-in-existing-behavior] -=== Changes in Existing Behavior +// [#changes-in-existing-behavior] +// === Changes in Existing Behavior -[cols="50%a,50%a"] -|=== -|FEATURE -|DESCRIPTION - -| *Checkov update for SCA Security scanning* -//RLP-112353 +// [cols="50%a,50%a"] +// |=== +// |FEATURE +// |DESCRIPTION -| Before November 2023 upgrade Checkov or Bridgecrew CLI to version 2.2.234 or later. The current Checkov version relies on twistcli coderepo scanning, which will not be available in future Prisma Cloud releases. -|=== +// |=== [#deprecation-notices] @@ -41,14 +37,6 @@ The details and functionality listed below are a preview and the actual release |*Sunset Release* |*Replacement Endpoints* -|tt:[*Support for BridgecrewCLI*] -//RLP-112353 - -By the end of 2023 calendar year, BridgecrewCLI including GitHub Action, CircleCI Orb, and container, will be deprecated. Plan to transition smoothly to Checkov and its compatible plugins to minimize disruption. -| - -| - -| NA - |tt:[*Build Policy Management Endpoints are now part of Centralized Policy Management APIs*] @@ -62,7 +50,7 @@ The following endpoints are deprecated: * https://pan.dev/prisma-cloud/api/code/clone-policy/[Policy Clone] | 23.8.1 -| 23.12.1 +| 24.2.1 | *Replacement Endpoints* diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-december-2023.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-december-2023.adoc new file mode 100644 index 0000000000..5a6fffb0cd --- /dev/null +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-december-2023.adoc @@ -0,0 +1,92 @@ +[#id-december2023] +== Features Introduced in December 2023 + +Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in December 2023. + +The host, container, and serverless capabilities on the *Compute* tab are being upgraded starting on December 03, 2023. When upgraded, the version will be 32.00. + +=== 32.00 + +* xref:#defender-upgrade[Defender Upgrade] +//* xref:#new-features-prisma-cloud-compute[New Features in Prisma Cloud Compute] +//* xref:#enhancements[Enhancements] +//* xref:#api-changes[API Changes] +//* xref:#breaking-api-changes[Breaking Changes in API] +* xref:#deprecation-notice[Deprecation Notice] +//* xref:#id-backward-compatibility[Backward Compatibility for New Features] +* xref:#end-of-support[End of Support Notifications] + +* See also xref:../../../known-issues/known-fixed-issues.adoc[Known Issues] + + +[#defender-upgrade] +=== Defender Upgrade + +[cols="30%a,70%a"] +|=== +|Plan to Upgrade Defender Versions 22.12 and Earlier +|With the `v32.00` (O'Neal) release, Defender versions supported (n, n-1, and n-2) are `v32.00`, `v31.00`, and `v30.00`. +To prepare for this update, you must upgrade your Defenders from version `v22.12` (Lagrange) or earlier to a later version. Failure to upgrade Defenders will result in disconnection of any Defender version below `v30.00`, such as `v22.12`. + +|=== + +[#new-features-prisma-cloud-compute] +=== New Features in Prisma Cloud Compute + +[cols="40%a,60%a"] +|=== + +//CWP-47397 +|*Added the agentless scanning report.* +|The agentless scanning report is now available under *Runtime Security > Cloud Accounts*. +This report provides you with complete visibility of all hosts in your cloud account at the account and regional level. +It includes clear reporting of each host, the corresponding scan status, and further details. + +|=== + +[#enhancements] +=== Enhancements + +[cols="40%a,60%a"] +|=== + +//CWP-52883 +|*Agentless malware scanning now includes all supported binaries.* +|Agentless malware scanning detects all supported binaries and shared libraries on both Linux and Windows operating systems. For example, malicious ELF files on Windows machines are now detected. + +|=== + +[#deprecation] +=== Deprecation Notices +[cols="30%a,70%a"] +|=== +//CWP-48467 +|Deprecate the `aggregated` and `rest` fields +|The `aggregated` and `rest` macros from the webhook custom JSON alerts are being deprecated and replaced by `AggregatedAlerts` and `Dropped` macros respectively. + +//CWP-40710 +|Deprecate `AccountID` macro from the Alerts payload +to be verified by PM +|The `AccountID` macro in the Alerts payload is deprecated and replaced by the `AccountIDs` macro. + +|=== + +[#end-of-support] +=== End of Support Notifications +[cols="40%a,60%a"] +|=== +//CWP-49461 +|Support for Cloud Native Network Segmentation (CNNS) +|The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts is being removed. The configuration settings on the console (*Runtime Security > Defend > CNNS*) and the corresponding APIs for CNNS will be removed in `v32.00`. +Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available. + +|=== +//[#api-changes] +// === API Changes +// [cols="40%a,60%a"] +// |=== + +// |*Heading* +// |Desc + +// |=== diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-february-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-february-2024.adoc new file mode 100644 index 0000000000..08504e8dfc --- /dev/null +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-february-2024.adoc @@ -0,0 +1,158 @@ +[#id-february2024] +== Features Introduced in February 2024 + +Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in February 2024. + +The host, container, and serverless capabilities on the *Compute* tab are being upgraded starting on January 28, 2024. When upgraded, the version will be 32.01. + + * xref:#defender-upgrade[Defender Upgrade] +//* xref:#new-features-prisma-cloud-compute[New Features in Prisma Cloud Compute] +* xref:#enhancements[Enhancements] +* xref:#api-changes[API Changes] +// * xref:#breaking-api-changes[Breaking Changes in API] +// * xref:#deprecation-notice[Deprecation Notice] +//* xref:#id-backward-compatibility[Backward Compatibility for New Features] +* xref:#end-of-support[End of Support Notifications] + +* xref:../../../known-issues/known-fixed-issues.adoc[Known Issues] + +[#defender-upgrade] +=== Defender Upgrade + +[cols="30%a,70%a"] +|=== +|Plan to Upgrade Defender Versions 22.12 and Earlier +|With the `v32.00` (O'Neal) release, Defender versions supported (n, n-1, and n-2) are `v32.00`, `v31.00`, and `v30.00`. +To prepare for this update, you must upgrade your Defenders from version `v22.12` (Lagrange) or earlier to a later version. Failure to upgrade Defenders will result in disconnection of any Defender version below `v30.00`, such as `v22.12`. + +|=== + +// [#new-features-prisma-cloud-compute] +// === New Features in Prisma Cloud Compute + +// [cols="40%a,60%a"] +// |=== +// |FEATURE +// |DESCRIPTION + + + +// |=== + +[#enhancements] +=== Enhancements + +[cols="40%a,60%a"] +|=== +|FEATURE +|DESCRIPTION + +//CWP-52181 +|*Agentless Scanning* +|Enabled the scan of non-running hosts by default. +Agentless scanning now scans non-running hosts by default for all newly added accounts. +This change does not affect existing accounts. + +//CWP-49984 +|*Registry Scanning* +|The following new fields are now displayed for registry scans: + +* Scan status—if the scan completed successfully or failed. + +* Last scan time—the time at which defender started scanning the registry. + +A new unified scan progress indicator shows the status (percentage and number) of scanning and pending registries. + +//CWP-47706 +|*Vulnerability Management* +|Improved the detection of vulnerabilities on supported Windows OS workloads to fix false negative and false positive alerts related to Windows feeds. + + +// //CWP-55308 +// |*Cloud Account Management* +// |Introduced the *Account Import Status* filter on the *Cloud Accounts* page in *Runtime Security*. +// This feature includes three statuses: + +// * *Local accounts:* cloud accounts created in Runtime Security only (and not in the Prisma Cloud console) + +// * *Manually imported accounts:* cloud accounts that were manually imported from Prisma Cloud console to Runtime Security in the past prior to the Lagrange release (end of 2022) + +// * *Auto-imported accounts:* cloud accounts that originated from Prisma Cloud console and seamlessly imported into Runtime Security. + +|=== + + +[#api-changes] +=== API Changes +[cols="30%a,70%a"] +|=== + +//CWP-55309 +| *API to list cloud accounts that are imported from the Prisma Cloud platform* +|You can onboard accounts and cloud credentials only through the Prisma Cloud platform Accounts page now. To support this change, the following new query parameters have been added to the https://pan.dev/prisma-cloud/api/cwpp/get-credentials/[Get All Credentials] endpoint. These parameters allow you to list cloud accounts that are imported from the Prisma Cloud platform: + +* `external`: Set to `true` to retrieve credentials imported from the Prisma Cloud platform Accounts page. +* `autoImported`: Set to `true` to retrieve credentials that were automatically imported from the Prisma Cloud platform Accounts page. + + +//CWP-52775 +|*New request body field in the Download Serverless Layer Bundle endpoint* +|The https://pan.dev/prisma-cloud/api/cwpp/post-images-twistlock-defender-layer-zip/[Download Serverless Layer Bundle] endpoint includes a new request body field: `nodeJSModuleType`, which accepts one of these values: + +* `commonjs` +* `ecmascript` + +The `nodeJSModuleType` field is optional and the default value is `commonjs`. + +|=== + +// [cols="30%a,70%a"] +// |=== + +// | +// | + +// |=== + + +[#end-support] +=== End of Support Notifications +[cols="30%a,70%a"] +|=== + +//CWP-36043 / CWP-50985 +|*Code Security Module for Scanning* +|The Code Repository Scanning feature is sunset in Prisma Cloud Compute Edition. + +It is replaced by Prisma Cloud Application Security in the Enterprise Edition, which offers more comprehensive and advanced Software Composition Analysis (SCA). For information, see https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/application-security[Prisma Cloud Application Security]. + +//CWP-36043 / CWP-53875 +|*Code Security Module for Scanning APIs are Sunset* +|The Code Repository Scanning feature in Prisma Cloud Compute is no longer available as Prisma Cloud Enterprise Edition (Cloud Application Security) offers a more comprehensive and advanced Software Composition Analysis (SCA) feature. + +Also, the following Prisma Cloud Compute code scan endpoints have been sunset (removed): + +* `/api//coderepos` - *GET* +* `/api//coderepos/scan` - *POST* +* `/api//coderepos/stop` - *POST* +* `/api//coderepos/download`- *GET* +* `/api//coderepos/progress` - *GET* +* `/api//coderepos/discover` - *GET* +* `/api//coderepos-ci` - *POST* +* `/api//coderepos-ci` - *GET* +* `/api//coderepos-ci/download` - *GET* +* `/api//policies/vulnerability/coderepos` - *GET* +* `/api//policies/vulnerability/coderepos/impacted` - *GET* +* `/api//policies/vulnerability/ci/coderepos` - *GET* +* `/api//policies/compliance/coderepos` - *GET* +* `/api//policies/compliance/coderepos/impacted` - *GET* +* `/api//policies/compliance/ci/coderepos`- *GET* +* `/api//policies/vulnerability/coderepos` - *PUT* +* `/api//policies/vulnerability/ci/coderepos` - *PUT* +* `/api//policies/compliance/coderepos` - *PUT* +* `/api//policies/compliance/ci/coderepos`- *PUT* +* `/api//settings/coderepos` - *PUT* +* `/api//settings/coderepos` - *GET* +* `/api//coderepos/webhook/{" + id + "}"` - *POST* + +|=== diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-january-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-january-2024.adoc new file mode 100644 index 0000000000..a9acfec525 --- /dev/null +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-january-2024.adoc @@ -0,0 +1,95 @@ +[#id-january2024] +== Features Introduced in January 2024 + +Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in January 2024. + +The host, container, and serverless capabilities on the *Compute* tab are being upgraded starting on January 07, 2024. When upgraded, the version will be 32.01. + +* xref:#defender-upgrade[Defender Upgrade] +* xref:#new-features-prisma-cloud-compute[New Features in Prisma Cloud Compute] +//* xref:#enhancements[Enhancements] +* xref:#api-changes[API Changes] +//* xref:#breaking-api-changes[Breaking Changes in API] +* xref:#deprecation-notice[Deprecation Notice] +//* xref:#id-backward-compatibility[Backward Compatibility for New Features] +// * xref:#end-of-support[End of Support Notifications] + +* See also xref:../../../known-issues/known-fixed-issues.adoc[Known Issues] + +[#defender-upgrade] +=== Defender Upgrade + +[cols="30%a,70%a"] +|=== +|Plan to Upgrade Defender Versions 22.12 and Earlier +|With the `v32.00` (O'Neal) release, Defender versions supported (n, n-1, and n-2) are `v32.00`, `v31.00`, and `v30.00`. +To prepare for this update, you must upgrade your Defenders from version `v22.12` (Lagrange) or earlier to a later version. Failure to upgrade Defenders will result in disconnection of any Defender version below `v30.00`, such as `v22.12`. + +|=== + +[#new-features-prisma-cloud-compute] +=== New Features in Prisma Cloud Compute + +[cols="40%a,60%a"] +|=== +|FEATURE +|DESCRIPTION + +//CWP-46475 +|*Agentless Scanning* +|Added agentless scanning support of encrypted volumes in Azure for the hub account mode. + +//CWP-41206 +|*Agentless Scanning* +|Added agentless scanning hub account mode for Azure. + +//CWP-52656 +|*Vulnerability Management* +|Added support for Debian Bullseye and Bookworm Security fixes. + +//CWP-53787 +|*Operating System Support* +|Added support for OpenShift 4.14. + +//CWP-53162 +// |*Cloud Service Providers* +// |Added a new filter in the cloud accounts page in Runtime Security, which filters accounts that are not yet onboarded to the Prisma platform account management under the cloud service providers tab. + +//In the future, will be able import and manage such accounts fully on the platform cloud service providers page. The goal is to simplify the management of cloud service providers accounts by decommissioning the cloud account management page in Runtime Security. + +//CWP-34450 +|*Vulnerability Management* +|Added support to detect IBM Java version 1.8 and earlier. +IBM Java version 1.9 and later are partially supported. +The detection depends on the `jdk/release` file being found. + +|=== + + +[#api-changes] +=== API Changes + +[cols="30%a,70%a"] +|=== + +|*API Changes* +|The [Add a New Collection](https://pan.dev/prisma-cloud/api/cwpp/post-collections/) endpoint is updated to fix resolve an issue that caused collections that were added by invoking this endpoint with one or more empty fields: such collections did not display in the Console. Now, all request body fields of this endpoint, except `name`, are optional. Any optional field that is not provided will default to the wildcard value '*'. + +|=== + +[#deprecation-notice] +=== Deprecation Notices +[cols="30%a,70%a"] +|=== + +//CWP-40710 CWP-41766 +|*Runtime Security Alerts* +|Deprecated the `AccountID` and `Cluster` macros used in alerts. +This removes the `AccountID` and `Cluster` fields in the following alerts using the macros. + +* Webhook +* AWS SQS +* Prisma Cortex Alert +* Splunk + +|=== diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/prisma-cloud-compute-release-information.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/prisma-cloud-compute-release-information.adoc index 17f0b49a80..cf80b8243f 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/prisma-cloud-compute-release-information.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/prisma-cloud-compute-release-information.adoc @@ -1,7 +1,11 @@ == Prisma Cloud Compute Release Information -The following topics provide a snapshot of features introduced for the *Compute* navigation path on the Prisma Cloud console in 2023. +The following topics provide a snapshot of features introduced for the *Compute* navigation path on the Prisma Cloud console in 2023 and 2024. +* xref:features-introduced-in-compute-january-2024.adoc[Features Introduced in January 2024] + +* xref:features-introduced-in-compute-december-2023.adoc[Features Introduced in December 2023] +* xref:features-introduced-in-compute-november-2023.adoc[Features Introduced in November 2023] * xref:features-introduced-in-compute-october-2023.adoc[Features Introduced in October 2023] * xref:features-introduced-in-compute-september-2023.adoc[Features Introduced in September 2023] * xref:features-introduced-in-compute-august-2023.adoc[Features Introduced in August 2023] diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-april-2023.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-april-2023.adoc index 89ed257fec..4b308affe0 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-april-2023.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-april-2023.adoc @@ -755,7 +755,7 @@ With this support, you can now view this built-in standard and the related polic |*Changes to Policy Severity Level* tt:[First announced in 23.2.1] //RLP-90803, RLP-97339 -|Prisma Cloud updated the system default policies to help you identify critical alerts and address them effectively. The policy severity levels for some system default policies are re-aligned to use the newly introduced *Critical* and *Informational* severities. Due to this change, the policies have five levels of severity; Critical, High, Medium, Low, and Informational. You can prioritize critical alerts first and then move on to the other levels. For more information, see the updated https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prerelease/policy-severity-level-changes.csv[list of policies]. +|Prisma Cloud updated the system default policies to help you identify critical alerts and address them effectively. The policy severity levels for some system default policies are re-aligned to use the newly introduced *Critical* and *Informational* severities. Due to this change, the policies have five levels of severity; Critical, High, Medium, Low, and Informational. You can prioritize critical alerts first and then move on to the other levels. *Impact—* diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-2023.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-2023.adoc index 2b4894f7db..d43922ed7d 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-2023.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-2023.adoc @@ -4,6 +4,7 @@ Stay informed on the new capabilities and policies added to Prisma Cloud for Clo //The following topics provide a snapshot of new features introduced for Prisma® Cloud in 2023. Refer to the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin[Prisma® Cloud Administrator’s Guide] for more information on how to use the service. +* xref:features-introduced-in-december-2023.adoc[Features Introduced in December 2023] * xref:features-introduced-in-november-2023.adoc[Features Introduced in November 2023] * xref:features-introduced-in-october-2023.adoc[Features Introduced in October 2023] diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-december-2023.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-december-2023.adoc new file mode 100644 index 0000000000..3fdfbc4285 --- /dev/null +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-december-2023.adoc @@ -0,0 +1,432 @@ +== Features Introduced in December 2023 +// @Divya and @Rodrigo need to add their issues that are in docs/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-december-2023.adoc to this file as well. + +Learn what's new on Prisma® Cloud in December 2023. + +[#new-features-nov] +=== New Features Introduced in December 2023 + +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> + + +[#announcement] +=== Announcement + +[cols="50%a,50%a"] +|=== +|FEATURE +|DESCRIPTION + +|*Prisma Cloud Darwin Release* +//received the blurb on Slack from Matangi. No Jira ticket for this. + +|The *Prisma Cloud Darwin Release* is here for Prisma Cloud environments on app, app3, app.eu, app2.eu except app.gov. With the Code to Cloud™ intelligence capabilities in this release, your security and development teams can work together to reduce application risks and prevent breaches. + +With this change, your tenant will be updated with the new intuitive user interface and https://live.paloaltonetworks.com/t5/prisma-cloud-customer-videos/prisma-cloud-evolution-amp-transformation/ta-p/556596[rich set of security capabilities]. + +Connect with your Customer Success team for more details. + +When you are upgraded to the Darwin release, refer to the https://docs.prismacloud.io/en/enterprise-edition/content-collections/[Enterprise Edition documentation]. + +|=== + + +[#new-features] +=== New Features + +[cols="50%a,50%a"] +|=== +|FEATURE +|DESCRIPTION + +|*IAM Policy Scanner Enhancement* + +tt:[*_Secure the Infrastructure_*] + +tt:[*23.12.1*] + +//RLP-123079 + +|IAM Policy Scanner now includes enhancements to improve alert accuracy. This may result in some alerts briefly closing and reopening. + +|=== + +[#api-ingestions] +=== API Ingestions + +The 23.12.1 release does not include any API Ingestions. + + +[#new-policies] +=== New Policies + +[cols="50%a,50%a"] +|=== + +|NEW POLICIES +|DESCRIPTION + +| *New Policies to Configuration Build Policies* +|Starting from this release 2 new policies are added to Config policies of subtype Build. +Here are the policies: + +* AWS CloudFront attached WAFv2 WebACL is not configured with AMR for Log4j Vulnerability +* Software Composition Analysis (SCA) findings + +In addition, 6 new policies integrated with CI/CD Risks are added by default to Prisma Cloud console and visible Governance. + +* BitBucket private repository made public. +* Unrotated organization secrets in GitHub Actions. +* Unrotated repository secrets in GitHub Actions. +* CircleCI pipeline uses an unpinned container image. +* Azure Pipelines uses an unpinned container image. +* Secrets found in logs of a GitLab CI pipeline. + +*Impact*- Impact- You will view policy violations for these policies on Prisma Cloud switcher *Application Security > Projects* in CI/CD Risks with CI/CD module enabled on *Application Security > Settings*. + +| *Azure Virtual Machine (Linux) does not authenticate using the SSH keys* +|*Changes* - The policy name is being updated to reflect the latest changes. + +*Current Policy Name* - Azure instance does not authenticate using the SSH keys + +*Impact*- No impact on alerts. + + +|=== + +[#policy-updates] +=== Policy Updates + + +[cols="50%a,50%a"] +|=== +|POLICY UPDATES +|DESCRIPTION + +// 2+|*Policy Updates—RQL* + +|*Enhancements to Terraform GitHub and GitLab policies for Configuration Build Policies* +|*Changes* - The policy name is being updated to reflect the latest changes. + +*Current Policy Name* - +* GitHub Actions Environment Secrets not Encrypted +* GitHub repository doesn't have vulnerabilities alerts enabled +* Gitlab project commits are not signed +* Gitlab project does not prevent secrets +* Gitlab project has less than 2 approvals + +*Impact*- No impact on alerts. + +|*New domain for Application Security Policy Reference Guide* +|*Changes* - Starting from this release all policy documentation will be available on https://docs.prismacloud.io/en/enterprise-edition/policy-reference[Prisma Cloud Application Security Policy Reference]. + +*Impact*- No impact on alerts. + +|*Azure Virtual Machine (Linux) does not authenticate using the SSH keys* + +| *Changes* - The policy name is being updated to reflect the latest changes. + +*Current Policy Name* - Azure instance does not authenticate using the SSH keys + +*Impact*- No impact on alerts. + +2+|*Policy Deletions* + +|*Docker GitHub repository is not private* + +|*Changes* - This policy is deleted because the GitHub policies are modified in GitHub Policies. + +*Impact* - No impact on alerts. + +|=== + +=== IAM Policy Updates + +The following IAM out-of-the-box (OOTB) policies are updated in Prisma Cloud: +//RLP-120492 + +[cols="30%a,35%a,35%a"] +|=== + +|POLICY NAME +|Current RQL +|Updated RQL + +|*Azure VM instance associated managed identity with Azure built-in roles of Contributor/Owner permissions* + +|*Changes—* The policy name will be updated. + +*Current Name—* Azure VM instance associated managed identity with Azure built-in roles of Contributor/Owner permissions + +*Updated Name—* Azure VM instance associated managed identity with Azure built-in roles of Owner permissions + +|NA + + +|*AWS IAM policy allows Privilege escalation via PassRole & CodeBuild permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codebuild:CreateProject', 'codebuild:StartBuild', 'codebuild:StartBuildBatch') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codebuild:CreateProject', 'codebuild:StartBuild', 'codebuild:StartBuildBatch') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & CodeStar project permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codestar:CreateProject' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'codestar:CreateProject' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Data Pipeline permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'datapipeline:ActivatePipeline', 'datapipeline:CreatePipeline', 'datapipeline:PutPipelineDefinition') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'datapipeline:ActivatePipeline', 'datapipeline:CreatePipeline', 'datapipeline:PutPipelineDefinition') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & EC2 permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'ec2:RunInstances' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'ec2:RunInstances' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Glue create job permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Glue development endpoint permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateDevEndpoint', 'glue:GetDevEndpoint') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:CreateDevEndpoint', 'glue:GetDevEndpoint') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Glue update job permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:UpdateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'glue:UpdateJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Lambda create & invoke Function permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:InvokeFunction', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:InvokeFunction', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Lambda create Function & Event source mapping permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:CreateEventSourceMapping', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:CreateEventSourceMapping', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & Lambda create Function & add permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:AddPermission', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'lambda:AddPermission', 'lambda:CreateFunction') AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & SageMaker create processing job permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateProcessingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateProcessingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|*AWS IAM policy allows Privilege escalation via PassRole & SageMaker create training job permissions* + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateTrainingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist +---- + +|---- +config from iam where action.name CONTAINS ALL ( 'iam:PassRole', 'sagemaker:CreateTrainingJob' ) AND dest.cloud.wildcardscope = true and grantedby.cloud.policy.condition ('iam:PassedToService') does not exist and source.cloud.resource.id DOES NOT END WITH ':root' +---- + +|=== + +[#new-compliance-benchmarks-and-updates] +=== New Compliance Benchmarks and Updates + +[cols="50%a,50%a"] +|=== +|COMPLIANCE BENCHMARK +|DESCRIPTION + +|*Support for MITRE ATT&CK Cloud IaaS v13 & v14* + +tt:[23.12.1] + +//RLP-121584, RLP-120363 + +|Prisma Cloud now supports the MITRE ATT&CK Cloud IaaS v13 & v14 compliance standard. This framework includes Att&ck Tactics, Techniques and sub-techniques that attackers can leverage to compromise cloud applications and infrastructure. + +You can now view this built-in standard and the associated policies on the *Compliance > Standards* page. You can also generate reports for immediate viewing or download, or schedule recurring reports to track this compliance standard over time. + +|=== + +[#changes-in-existing-behavior] +=== Changes in Existing Behavior + +[cols="50%a,50%a"] +|=== +|FEATURE +|DESCRIPTION + +|*Checkov update for SCA Security scanning* + +tt:[Secure the Source] + +tt:[23.12.1] + +//RLP-112353 +|Ensure Checkov or Bridgecrew CLI is updated to version 2.2.234 or later. Support for earlier versions is no longer supported. + +| *Checkov CLI upgrade* + +tt:[Secure the Source] + +tt:[23.12.1] + +//RLP-112353 +| The Checkov CLI has been upgraded to Checkov 3.0. The upgrade impacts a few known changes: + +* *Level Up*: This capability has been removed. This change is non-disruptive and affects only Bridgecrew standalone sign ups. +* *Multi-Signatures*: Multi-signatures in Python checks are being removed. This will only impact custom Python policies using this method. +* *Deprecating flags for Suppression and Fix*: CLI command of `--skip-fixes` and `--skip-suppressions` are being deprecated. Instead `--skip-download` is a recommended command. +* *API Key Restriction and Repo-ID Parameter*: Scans with API keys will now require the --repo-id parameter for repository scans allowing for easier platform mapping. +* *Enhanced Argument Handling*: The way to specify frameworks and skip frameworks will align to other flags where multiple values can be listed (like --check). For example: `--framework terraform,arm`.. +* *Pyston Docker Build Deprecation*: The Pyston Docker build has been depreciated due to increasing complexities in support. The regular Checkov image will still be available for use. + +|=== + +[#rest-api-updates] +=== REST API Updates + +[cols="37%a,63%a"] +|=== +|CHANGE +|DESCRIPTION + +|*Compliance Posture APIs* + +tt:[23.12.1] + +//RLP-120514 + +|The following new endpoints are available for the Compliance Posture API: + +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-v-2/[get /v2/compliance/posture] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-v-2/[post /v2/compliance/posture] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend-v-2/[get /v2/compliance/posture/trend] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-trend-v-2/[post /compliance/posture/trend] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend-for-standard-v-2/[get /v2/compliance/posture/trend/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-trend-for-standard-v-2/[post /v2/compliance/posture/trend/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-trend-for-requirement-v-2/[get /v2/compliance/posture/trend/{complianceId}/{requirementId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-trend-for-requirement-v-2/[post /v2/compliance/posture/trend/{complianceId}/{requirementId}] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-for-standard-v-2/[get /v2/compliance/posture/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-for-standard-v-2/[post /v2/compliance/posture/{complianceId}] +* https://pan.dev/prisma-cloud/api/cspm/get-compliance-posture-for-requirement-v-2/[get /v2/compliance/posture/{complianceId}/{requirementId}] +* https://pan.dev/prisma-cloud/api/cspm/post-compliance-posture-for-requirement-v-2/[post /v2/compliance/posture/{complianceId}/{requirementId}] + +|*Asset Explorer and Reports APIs* + +tt:[23.12.1] + +//RLP-120514 + +|The following new endpoints are available for the Asset Explorer and Reports API: + +* https://pan.dev/prisma-cloud/api/cspm/save-report-v-2/[post /v2/report] +* https://pan.dev/prisma-cloud/api/cspm/get-resource-scan-info-v-2/[get /v2/resource/scan_info] +* https://pan.dev/prisma-cloud/api/cspm/post-resource-scan-info-v-2/[post /v2/resource/scan_info] + +|*Asset Inventory APIs* + +tt:[23.12.1] + +//RLP-120514 + +|The following new endpoints are available for the AAsset Inventory APIs: + +* https://pan.dev/prisma-cloud/api/cspm/asset-inventory-v-3/[get /v3/inventory] +* https://pan.dev/prisma-cloud/api/cspm/post-method-for-asset-inventory-v-3/[post /v3/inventory] +* https://pan.dev/prisma-cloud/api/cspm/asset-inventory-trend-v-3/[get /v3/inventory/trend] +* https://pan.dev/prisma-cloud/api/cspm/post-method-asset-inventory-trend-v-3/[post /v3/inventory/trend] + +|=== + +[#deprecation-notices] +=== Deprecation Notices +[cols="30%a,70%a"] +|=== +//CWP-48467 +|*Deprecate the `aggregated` and `rest` fields* +|The `aggregated` and `rest` macros from the webhook custom JSON alerts are being deprecated and replaced by `AggregatedAlerts` and `Dropped` macros respectively. + +//CWP-40710 +|*Deprecate `AccountID` macro from the Alerts payload* +//to be verified by PM +|The `AccountID` macro in the Alerts payload is deprecated and replaced by the `AccountIDs` macro. + +|=== + +[#end-of-support] +=== End of Support Notifications +[cols="40%a,60%a"] +|=== +//CWP-49461 +|*Support for Cloud Native Network Segmentation (CNNS)* +|The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts is being removed. The configuration settings on the console (*Runtime Security > Defend > CNNS*) and the corresponding APIs for CNNS will be removed in `v32.00`. +Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available. + +|=== \ No newline at end of file diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-2024.adoc new file mode 100644 index 0000000000..e01da828c2 --- /dev/null +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-2024.adoc @@ -0,0 +1,11 @@ +== Features Introduced in 2024 + +Stay informed on the new capabilities and policies added to Prisma Cloud for Cloud Security, Runtime Security, and Application Security in 2024. + +//The following topics provide a snapshot of new features introduced for Prisma® Cloud in 2023. Refer to the https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin[Prisma® Cloud Administrator’s Guide] for more information on how to use the service. + +* xref:features-introduced-in-january-2024.adoc[Features Introduced in January 2024] + +Refer to the xref:../../limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc[Limited GA Features on Prisma Cloud] for features that have limited general availability (LGA). + +//Refer to the xref:../../Archived-releases[Classic Releases] to see previous release notes till September 2023. \ No newline at end of file diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-january-2024.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-january-2024.adoc new file mode 100644 index 0000000000..fc027f13cc --- /dev/null +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-january-2024.adoc @@ -0,0 +1,1222 @@ +== Features Introduced in January 2024 + +Learn what's new on Prisma® Cloud in January 2024. + +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +//* <> +* <> + +[#announcement] +=== Announcement + +[cols="50%a,50%a"] +|=== +|*Feature* +|*Description* + +|*Prisma Cloud Darwin Release* +//received the blurb on Slack from Matangi. No Jira ticket for this. + +|The *Prisma Cloud Darwin Release* is now available for Prisma Cloud environments on app.cn. With the Code to Cloud™ intelligence capabilities in this release, your security and development teams can work together to reduce application risks and prevent breaches. + +With this change, your tenant will be updated with the new intuitive user interface and https://live.paloaltonetworks.com/t5/prisma-cloud-customer-videos/prisma-cloud-evolution-amp-transformation/ta-p/556596[rich set of security capabilities]. When you are upgraded to the Darwin release, refer to the https://docs.prismacloud.io/en/enterprise-edition/content-collections/[Enterprise Edition documentation]. + +Contact your Prisma Cloud Customer Success team for more details. + +//* 23.11.1 (Nov 1-9) - app.ind, app.ca, app.uk, app.fr +//* 23.12.1 (Nov 29-Dec 7) - app, app3, app.eu, app2.eu +//* 24.1.1 (Jan 10-18) - app2, app4, app.anz, app.jp, app.sg +//* 24.1.2 (Jan 29-Feb 6) - app.cn +//* 24.2.1 (Feb 6-15) - app.gov + +|=== + + +[#new-features] +=== New Features + +[cols="50%a,50%a"] +|=== +|*Feature* +|*Description* + +|*Compliance Dashboard* +//RLP-127657 + +tt:[*Secure the Infrastructure*] + +tt:[*24.1.2*] + +|Prisma Cloud’s out of the box dashboards now include a https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-compliance[Compliance] dashboard. Select *Home > Dashboards > Compliance* to view a snapshot of assets and their compliance status, compliance trends over time, and top compliance policies by failed status. + +image::compliance-dashboard.gif[] + +|tt:[Update] *Code to Cloud Dashboard* +//RLP-123827 + +tt:[*Secure the Infrastructure*] + +tt:[*24.1.2*] + +|Prisma Cloud’s Latest Events tracker now provides redirections on the events from all phases of the Code Build Deploy Run (CBDR) cloud deployment lifecycle. Select any event from *Home > Dashboards > Code to Cloud > Latest Events* to immediately take action and investigate the risk or incident. Learn more about optimizing Prisma Cloud https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-code-to-cloud[Dashboards]. + + +|*Send Ad hoc Alert Notifications to Email and Slack* +//RLP-106064 + +tt:[*Secure the Infrastructure*] + +tt:[*24.1.2*] + +|In addition to sending ad hoc Alert notifications to your Jira integration, now you can also https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts[send a notification] to *Email* and *Slack* for any open alert. From *Alerts > Overview*, select an Alert ID link to view the details. From the *Send To* dropdown, select *Email* or *Slack* to send the notification. + +image::send-to-options.png[] + +Selecting *View Alert* from the Email received or the Slack channel will directly open the Alert Overview (for all Policies, except Attack Path) or the Evidence Graph (for Attack Path policies) in the Prisma Cloud console. + +|*Unique Counts on the Prioritized Funnel* +//RLP-124146 + +tt:[*Secure the Runtime*] + +tt:[*24.1.2*] + +|In Vulnerability Management, the Prioritized Funnel widget now displays the unique CVE count instead of the total number of CVE occurrences. + + +|*Dashboard Widgets* +//RLP-123898, RLP-96521 + +tt:[*Secure the Infrastructure*] + +tt:[*24.1.1*] + +|*Prisma Cloud > Dashboards > Widget Selector* now includes eight additional https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/adoption-advisor#id0356c4cc-e4f1-43e2-8848-3f6cd7e4cd60[widgets] to help you create https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/create-and-manage-dashboards[customized dashboards] to track your organization’s key metrics. Widgets include: + +* Adoption Progress +* Assets with Urgent Alerts +* Anomalous Threats Detected +* Top Custom Alerts Generated +* Discovered vs. Secured Resources +* Vulnerabilities Trend by Resource Type +* Risks Burndown +* Incidents Burndown + +|*Terraform Module Scanning* +//CAS Update - Received blurb from Jonathan. + +tt:[*Secure the Source*] + +tt:[*24.1.1*] + +|Prisma Cloud now supports rendering and scanning public, private, and locally cached Terraform modules. This capability enables you to analyze misconfigurations that may result from the module definition and the variables defined in the resource block. +For more information, see https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/terraform-module-scan[Terraform Module Scanning]. + +|*Agentless Scanning* +//CWP-46475 + +tt:[*Secure the Runtime*] + +tt:[*24.1.1*] + +|Added agentless scanning support of encrypted volumes in Azure for the hub account mode. + +|*Agentless Scanning* +//CWP-41206 + +tt:[*Secure the Runtime*] + +tt:[*24.1.1*] + +|Added agentless scanning hub account mode for Azure. + +|*Vulnerability Management* +//CWP-52656 + +tt:[*Secure the Runtime*] + +tt:[*24.1.1*] + +|Added support for Debian Bullseye and Bookworm Security fixes. + +|*Operating System Support* +//CWP-53787 + +tt:[*Secure the Runtime*] + +tt:[*24.1.1*] + +|Added support for OpenShift 4.14. + +|*Vulnerability Management* +//CWP-34450 + +tt:[*Secure the Runtime*] + +tt:[*24.1.1*] + +|Added support to detect IBM Java version 1.8 and earlier. +IBM Java version 1.9 and later are partially supported. +The detection depends on the `jdk/release` file being found. + +|=== + + +[#api-ingestions] +=== API Ingestions + +[cols="50%a,50%a"] +|=== +|*Service* +|*API Details* + +|*Azure Cache* +//RLP-119062 + +tt:[*24.1.2*] + +|*azure-cache-redis-diagnostic-settings* + +Additional permissions required: + +* `Microsoft.Cache/redis/read` +* `Microsoft.Insights/DiagnosticSettings/Read` + +The Reader role includes the permissions. + +|*Google Cloud VMware Engine* +//RLP-119350 + +tt:[*24.1.2*] + +|*gcloud-vmware-engine-private-cloud* + +Additional permissions required: + +* `vmwareengine.locations.list` +* `vmwareengine.privateClouds.list` +* `vmwareengine.privateClouds.getIamPolicy` + +The Viewer role includes the permissions. + +|*Google Cloud VMware Engine* +//RLP-119358 + +tt:[*24.1.2*] + +|*gcloud-vmware-engine-cluster* + +Additional permissions required: + +* `vmwareengine.locations.list` +* `vmwareengine.privateClouds.list` +* `vmwareengine.clusters.list` +* `vmwareengine.clusters.getIamPolicy` + +The Viewer role includes the permissions. + +|*Google Cloud VMware Engine* +//RLP-119359 + +tt:[*24.1.2*] + +|*gcloud-vmware-engine-hcx-activation-key* + +Additional permissions required: + +* `vmwareengine.locations.list` +* `vmwareengine.privateClouds.list` +* `vmwareengine.hcxActivationKeys.list` +* `vmwareengine.hcxActivationKeys.getIamPolicy` + +The Viewer role includes the permissions. + +|*Google Cloud VMware Engine* +//RLP-119360 + +tt:[*24.1.2*] + +|*gcloud-vmware-engine-subnet* + +Additional permissions required: + +* `vmwareengine.locations.list` +* `vmwareengine.privateClouds.list` +* `vmwareengine.subnets.list` + +The Viewer role includes the permissions. + +|*Google Vertex AI AIPlatform* +//RLP-121267 + +tt:[*24.1.2*] + +|*gcloud-vertex-ai-aiplatform-custom-job* + +Additional permission required: + +* `aiplatform.customJobs.list` + +The Viewer role includes the permission. + + +|*Google Vertex AI AIPlatform* +//RLP-121266 + +tt:[*24.1.2*] + +|*gcloud-vertex-ai-aiplatform-endpoint* + +Additional permission required: + +* `aiplatform.endpoints.list` + +The Viewer role includes the permission. + +|*Google Vertex AI AIPlatform* +//RLP-121265 + +tt:[*24.1.2*] + +|*gcloud-vertex-ai-aiplatform-training-pipeline* + +Additional permission required: + +* `aiplatform.trainingPipelines.list` + +The Viewer role includes the permission. + + +|*Google Vertex AI AIPlatform* +//RLP-121262 + +tt:[*24.1.2*] + +|*gcloud-vertex-ai-aiplatform-pipeline-job* + +Additional permission required: + +* `aiplatform.pipelineJobs.list` + +The Viewer role includes the permission. + +|*Google Speech to text* +//RLP-115162 + +tt:[*24.1.2*] + +|*gcloud-speech-projects-locations-phraseSets-list* + +Additional permission required: + +* `speech.phraseSets.list` + +The Viewer role includes the permission. + +|*Google Speech to text* +//RLP-115608 + +tt:[*24.1.2*] + +|*gcloud-speech-projects-locations-customClasses-list* + +Additional permission required: + +* `speech.customClasses.list` + +The Viewer role includes the permission. + +|*Google Cloud Composer* +//RLP-115855 + +tt:[*24.1.2*] + +|*gcloud-composer-projects-locations-imageVersions-list* + +Additional permission required: + +* `composer.imageversions.list` + +The Viewer role includes the permission. + +|*Google Data Migration* +//RLP-116905 + +tt:[*24.1.2*] + +|*gcloud-datamigration-projects-locations-privateConnections-list* + +Additional permissions required: + +* `datamigration.privateconnections.list` +* `datamigration.privateconnections.getIamPolicy` + +The Viewer role includes the permissions. + +|*Google Data Migration* +//RLP-116914 + +tt:[*24.1.2*] + +|*gcloud-datamigration-projects-locations-connectionProfiles-list* + +Additional permissions required: + +* `datamigration.connectionprofiles.list` +* `datamigration.connectionprofiles.getIamPolicy` + +The Viewer role includes the permissions. + +|*Google Data Migration* +//RLP-116915 + +tt:[*24.1.2*] + +|*gcloud-datamigration-projects-locations-conversionWorkspaces-list* + +Additional permissions required: + +* `datamigration.conversionworkspaces.list` +* `datamigration.conversionworkspaces.getIamPolicy` + +The Viewer role includes the permissions. + +|*Google Data Migration* +//RLP-116925 + +tt:[*24.1.2*] + +|*gcloud-datamigration-projects-locations-migrationJobs-list* + +Additional permissions required: + +* `datamigration.migrationjobs.list` +* `datamigration.migrationjobs.getIamPolicy` + +The Viewer role includes the permissions. + +|tt:[Update] *Google Deployment Manager* +//RLP-123409 + +tt:[*24.1.2*] + +|*gcloud-deployment-manager-deployment-manifest* + +Prisma Cloud will update the `Resource Name` and `Asset ID` fields in the backend for `gcloud-deployment-manager-deployment-manifest` API. +Due to this change, when you perform an RQL search query, you will be able to see a change in the `Resource Name` and `Asset ID` fields making it easier for you to identify the resources. Also, all the existing resources will be deleted, and then regenerated on the management console. + +Existing alerts corresponding to this resource will be resolved as `Resource_Deleted`, and new alerts will be generated against any policy violations. + +*Impact—* None. Once the resources for `gcloud-deployment-manager-deployment-manifest` resume ingesting data, you will notice the correct alert count in the console. + +|tt:[Update] *Google Cloud SQL* +//RLP-122825 + +tt:[*24.1.2*] + +|*gcloud-sql-instances-list* + +Prisma Cloud has updated the `gcloud-sql-instances-list` API to exclude the `settings.settingsVersion` field from the JSON response because it changes frequently and does not add much value to the response. + +|*OCI Service Catalog* + +tt:[*24.1.1*] + +//RLP-102261 + +|*oci-servicecatalog-catalog* + +Additional permissions required: + +* `SERVICE_CATALOG_INSPECT` +* `SERVICE_CATALOG_READ` + +You must update the Terraform template to enable the permissions. + + +|tt:[Update] *OCI Data Safe* + +tt:[*24.1.1*] + +//RLP-121486 + +|*oci-data-safe-target-database* + +The resource JSON for this API no longer includes the `timeUpdated` field. + + +|tt:[Update] *OCI Database* + +tt:[*24.1.1*] + +//RLP-121486 + +|*oci-database-autonomous-database* + +The resource JSON for this API no longer includes the `actualUsedDataStorageSizeInTBs` field. + +|tt:[Update] *OCI MySQL* + +tt:[*24.1.1*] + +//RLP-121486 + +|*oci-mysql-dbsystems* + +The resource JSON for this API no longer includes the `timeUpdated` field. + +|=== + + +[#new-policies] +=== New Policies + +[cols="50%a,50%a"] +|=== +|*Policies* +|*Description* + + +|*Azure Cognitive Services account not configured with private endpoint* + +tt:[*24.1.2*] + +//RLP-125893 + +|Identifies Azure Cognitive Services accounts that are not configured with private endpoint. Private endpoints in Azure AI service resources allow clients on a virtual network to securely access data over Azure Private Link. Configuring a private endpoint enables access to traffic coming from only known networks and prevents access from malicious or unknown IP addresses which includes IP addresses within Azure. It is recommended to create private endpoint for secure communication for your Cognitive Services account. + +*Policy Severity—* Medium + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-cognitive-services-account' AND json.rule = properties.provisioningState equal ignore case Succeeded and properties.privateEndpointConnections[*] is empty +---- + +|*Azure Cognitive Services account is not configured with managed identity* + +tt:[*24.1.2*] + +//RLP-125799 + +|Identifies Azure Cognitive Services accounts that are not configured with managed identity. Managed identity can be used to authenticate to any service that supports Azure AD authentication, without having credentials in your code. Storing credentials in a code increases the threat surface in case of exploitation and also managed identities eliminate the need for developers to manage credentials. So as a security best practice, it is recommended to have the managed identity to your Cognitive Services account. + +*Policy Severity—* Informational + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-cognitive-services-account' AND json.rule = properties.provisioningState equal ignore case Succeeded and (identity.type does not exist or identity.type equal ignore case None) +---- + +|*Azure Cognitive Services account configured with public network access* + +tt:[*24.1.2*] + +//RLP-124668 + +|Identifies Azure Cognitive Services accounts configured with public network access. Overly permissive public network access allows access to resource through the internet using a public IP address. It is recommended to restrict IP ranges to allow access to your cognitive Services account and endpoint from specific public internet IP address ranges and is accessible only to restricted entities. + +*Policy Severity—* High + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-cognitive-services-account' AND json.rule = properties.provisioningState equal ignore case Succeeded and properties.publicNetworkAccess equal ignore case Enabled and (properties.networkAcls.defaultAction does not exist or properties.networkAcls.defaultAction equal ignore case Allow) +---- + +|*Attack Path Policies* +|New Attack Path policies are available. Log in to the Prisma Cloud console and filter for the list of available policies. + +|*AWS S3 bucket encrypted using Customer Managed Key (CMK) with overly permissive policy* + +tt:[*24.1.1*] + +//RLP-124241 + +|Identifies Amazon S3 buckets that use Customer Managed Keys (CMKs) for encryption that have a key policy overly permissive. Amazon S3 bucket encryption key overly permissive can result in the exposure of sensitive data and potential compliance violations. As a security best practice, It is recommended to follow the principle of least privilege ensuring that the KMS key policy does not have all the permissions to be able to complete a malicious action. + +*Policy Severity—* Medium + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name= 'aws-s3api-get-bucket-acl' AND json.rule = (sseAlgorithm contains "aws:kms" or sseAlgorithm contains "aws:kms:dsse") and kmsMasterKeyID exists as X; config from cloud.resource where api.name = 'aws-kms-get-key-rotation-status' AND json.rule = keyMetadata.keyState equals Enabled and keyMetadata.keyManager equals CUSTOMER and policies.default.Statement[?any((Principal.AWS equals * or Principal equals *)and Condition does not exist)] exists as Y; filter '$.X.kmsMasterKeyID contains $.Y.key.keyArn' ; show X; +---- + + +|*AWS S3 bucket encrypted with Customer Managed Key (CMK) is not enabled for regular rotation* + +tt:[*24.1.1*] + +//RLP-124147 + +|Identifies Amazon S3 buckets that use Customer Managed Keys (CMKs) for encryption but are not enabled with key rotation. Amazon S3 bucket encryption key rotation failure can result in prolonged exposure of sensitive data and potential compliance violations. As a security best practice, it is important to rotate these keys periodically. This ensures that if the keys are compromised, the data in the underlying service remains secure with the new keys. + +*Policy Severity—* Informational + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name= 'aws-s3api-get-bucket-acl' AND json.rule = (sseAlgorithm contains "aws:kms" or sseAlgorithm contains "aws:kms:dsse") and kmsMasterKeyID exists as X; config from cloud.resource where api.name = 'aws-kms-get-key-rotation-status' AND json.rule = keyMetadata.keyState equals Enabled and keyMetadata.keyManager equal ignore case CUSTOMER and keyMetadata.origin equals AWS_KMS and (rotation_status.keyRotationEnabled is false or rotation_status.keyRotationEnabled equals "null")as Y; filter '$.X.kmsMasterKeyID contains $.Y.key.keyArn'; show X; +---- + +|*AWS RDS database instance encrypted with Customer Managed Key (CMK) is not enabled for regular rotation* + +tt:[*24.1.1*] + +//RLP-121502 + +|Identifies Amazon RDS instances that use Customer Managed Keys (CMKs) for encryption but are not enabled with key rotation. Amazon RDS instance encryption key rotation failure can result in prolonged exposure of sensitive data and potential compliance violations. As a security best practice, it is important to periodically rotate these keys. This ensures that if the keys are compromised, the data in the underlying service remains secure with the new keys. + +*Policy Severity—* Informational + +*Policy Type—* Config + +---- +config from cloud.resource where api.name = 'aws-rds-describe-db-instances' and json.rule = storageEncrypted is true as X; config from cloud.resource where api.name = 'aws-kms-get-key-rotation-status' AND json.rule = keyMetadata.keyState equals Enabled and keyMetadata.keyManager equals CUSTOMER and keyMetadata.origin equals AWS_KMS and (rotation_status.keyRotationEnabled is false or rotation_status.keyRotationEnabled equals "null") as Y; filter '($.X.kmsKeyId equals $.Y.key.keyArn)'; show X; +---- + +|*Azure Storage account encrypted by an encryption key configured access policy with privileged operations* + +tt:[*24.1.1*] + +//RLP-124037 + +|Identifies Azure Storage accounts which are encrypted by an encryption key configured access policy with privileged operations. Encryption keys should be kept confidential and only accessible to authorized entity with limited operation access. Allowing privileged access to an encryption key also allows to alter/delete the data that is encrypted by it, making the data more easily accessible. It is recommended to have restricted access policies to an encryption key so that only authorized entities can access it with limited operation access. + +*Policy Severity—* Medium + +*Policy Type—* Config + +---- +config from cloud.resource where api.name = 'azure-storage-account-list' AND json.rule = properties.encryption.keySource equal ignore case "Microsoft.Keyvault" as X; config from cloud.resource where api.name = 'azure-key-vault-list' and json.rule = properties.accessPolicies[*].permissions exists and (properties.accessPolicies[*].permissions.keys[*] intersects ('Decrypt', 'Encrypt', 'Release', 'Purge', 'all') or properties.accessPolicies[*].permissions.secrets[*] intersects ('Purge', 'all') or properties.accessPolicies[*].permissions.certificates[*] intersects ('Purge', 'all')) as Y; filter '$.Y.properties.vaultUri contains $.X.properties.encryption.keyvaultproperties.keyvaulturi'; show X; +---- + +|*Azure Storage account encrypted by an encryption key that is not rotated regularly* + +tt:[*24.1.1*] + +//RLP-124036 + +|Identifies Azure Storage accounts which are encrypted by an encryption key that is not rotated regularly. As a security best practice, it is important to rotate the keys periodically so that if the keys are compromised, the data in the underlying service is still secure with the new keys. + +*Policy Severity—* Informational + +*Policy Type—* Config + +---- +config from cloud.resource where api.name = 'azure-storage-account-list' AND json.rule = properties.encryption.keySource equal ignore case "Microsoft.Keyvault" as X; config from cloud.resource where api.name = 'azure-key-vault-list' and json.rule = keys[?any(attributes.exp equals -1 and attributes.enabled contains true)] exists as Y; filter '$.Y.properties.vaultUri contains $.X.properties.encryption.keyvaultproperties.keyvaulturi'; show X; +---- + +|*Azure AKS cluster configured with overly permissive API server access* + +tt:[*24.1.1*] + +//RLP-75135 + +|Identifies AKS clusters configured with overly permissive API server access. In Kubernetes, the API server receives requests to perform actions in the cluster such as to create resources or scale the number of nodes. To enhance cluster security and minimize attacks, the API server should only be accessible from a limited set of IP address ranges. These IP ranges allow defined IP address ranges to communicate with the API server. A request made to the API server from an IP address that is not part of these authorized IP ranges is blocked. It is recommended to configure AKS cluster with defined IP address ranges to communicate with the API server. + +*Policy Severity—* Low + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-kubernetes-cluster' AND json.rule = properties.powerState.code equal ignore case Running and properties.apiServerAccessProfile.enablePrivateCluster is false and (properties.apiServerAccessProfile.authorizedIPRanges does not exist or properties.apiServerAccessProfile.authorizedIPRanges is empty) +---- + +|*Azure Machine learning workspace configured with overly permissive network access* + +tt:[*24.1.1*] + +//RLP-58075 + +|Identifies Machine learning workspaces configured with overly permissive network access. Overly permissive public network access allows access to resource through the internet using a public IP address. It is recommended to restrict IP ranges to allow access to your workspace and endpoint from specific public internet IP address ranges and is accessible only to restricted entities. + +*Policy Severity—* High + +*Policy Type—* Config + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-machine-learning-workspace' AND json.rule = properties.provisioningState equal ignore case Succeeded and properties.publicNetworkAccess equal ignore case Enabled and (properties.ipAllowlist does not exist or properties.ipAllowlist is empty) +---- + +|*New CI/CD Configuration Build Policies* + +tt:[*24.1.1*] + +//CAS Policies. Shared by J.Baksht. + +//RLP-125897 + +|Added the following default CI/CD policies within the *Build* subtype of *Configuration* policies under *Governance* for enhanced continuous integration and deployment pipeline security. + +*Azure Repo Policies* + +* Potential dependency confusion in an Azure Repos repository due to package name or scope available in registry +* Deprecated package used in NPM project of an Azure Repos repository +* Missing ‘.npmrc’ file in Azure Repos repository +* Possible Python typosquatting detected in an Azure Repos repository +* Secret exposed in registry URL within ‘.npmrc’ file of an Azure Repos repository +* Unencrypted channel used by ‘.npmrc’ file of an Azure Repos repository to download dependencies from proxy +* Azure Pipelines uses an unpinned container image +* Secret exposed in proxy URL within ‘.npmrc’ file of an Azure Repos repository +* Deprecated package used in NPM project of a Bitbucket repository + +*Bitbucket Policies* + +* Missing ‘.npmrc’ file in Bitbucket repository +* Possible Python typosquatting detected in a Bitbucket repository +* Potential dependency confusion in a Bitbucket repository due to package name or scope available in registry +* Private Bitbucket repository made public +* Secret exposed in proxy URL within ‘.npmrc’ file of a Bitbucket repository +* Secret exposed in registry URL within ‘.npmrc’ file of a Bitbucket repository +* Unencrypted channel used by ‘.npmrc’ file of a Bitbucket repository to download dependencies from proxy +* Unencrypted channel used by ‘.npmrc’ file of a Bitbucket repository to download dependencies from registry + +*CircleCI Policies* + +* CircleCI pipeline uses an unpinned container image + +*GitHub Policies* + +* Deprecated package used in NPM project of a GitHub repository +* Missing ‘.npmrc’ file in GitHub repository +* Possible Python typosquatting detected in a GitHub repository +* Potential dependency confusion in a GitHub repository due to package name or scope available in registry +* Secret exposed in proxy URL within ‘.npmrc’ file of a GitHub repository +* Secret exposed in registry URL within ‘.npmrc’ file of a GitHub repository +* Unencrypted channel used by ‘.npmrc’ file of a GitHub repository to download dependencies from proxy +* Unencrypted channel used by ‘.npmrc’ file of a GitHub repository to download dependencies from registry +* Unrotated organization secrets in GitHub Actions +* Unrotated repository secrets in GitHub Actions + +*GitLab Policies* + +* Deprecated package used in NPM project of a GitLab repository +* Missing ‘.npmrc’ file in GitLab repository +* Possible Python typosquatting detected in a GitLab repository +* Potential dependency confusion in a GitLab repository due to package name or scope available in registry +* Secrets found in logs of a GitLab CI pipeline +* Secret exposed in proxy URL within ‘.npmrc’ file of a GitLab repository +* Secret exposed in registry URL within ‘.npmrc’ file of a GitLab repository +* Unencrypted channel used by ‘.npmrc’ file of a GitLab repository to download dependencies from proxy +* Unencrypted channel used by ‘.npmrc’ file of a GitLab repository to download dependencies from registry + + +|=== + +[#policy-updates] +=== Policy Updates + +[cols="50%a,50%a"] +|=== +|*Policy Updates* +|*Description* + +2+|*Policy Updates—RQL* + +|*Azure Function App authentication is off* +//RLP-126199 + +tt:[24.1.2] + +|*Changes—* The policy RQL is updated to only report Function Apps for which authentication is disabled. Azure Function App Authentication prevents anonymous HTTP requests from reaching the API app or authenticates token-enabled requests before they reach the API app, but not the Logic app or Web App resources created in Azure. + +*Severity—* Low + +*Policy Type—* Config + +*Current RQL—* + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-app-service' AND json.rule = properties.state equal ignore case Running and kind contains functionapp and config.siteAuthEnabled is false +---- + +*Updated RQL—* + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-app-service' AND json.rule = properties.state equal ignore case Running and kind contains functionapp and kind does not contain workflowapp and kind does not equal app and config.siteAuthEnabled is false +---- + +*Impact—* Low. Existing alerts generated for Logic App and Web App will be resolved and new alerts will be generated. + +|*AWS Elasticsearch domain publicly accessible* + +tt:[*24.1.1*] + +//RLP-122897 + +|*Changes—* The policy RQL is updated to check for `vpc-options` instead of `vpc.endpoints`. + +*Severity—* Medium + +*Policy Type—* Config + +*Current RQL—* + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-es-describe-elasticsearch-domain' AND json.rule = processing is false and (endpoints does not exist or endpoints.vpc does not exist or endpoints.vpc is empty) +---- + +*Updated RQL—* + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-es-describe-elasticsearch-domain' AND json.rule = processing is false and vpcoptions.vpcid does not exist +---- + +*Impact—* No impact on alerts. + +|*Azure Key Vault Firewall is not enabled* + +tt:[*24.1.1*] + +//RLP-123051 + +|*Changes—* The policy RQL is updated to not trigger alerts when the public access is disabled. + +*Severity—* Low + +*Policy Type—* Config + +*Current RQL—* + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-key-vault-list' AND json.rule = properties.networkAcls.ipRules[*].value does not exist +---- + +*Updated RQL—* + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-key-vault-list' AND json.rule = properties.networkAcls.ipRules[*].value does not exist and properties.publicNetworkAccess does not equal ignore case disabled +---- + +*Impact—* Low. Existing alerts which were triggered when the public access was disabled will be resolved. + +|*Azure Storage account is not configured with private endpoint connection* + +tt:[*24.1.1*] + +//RLP-120048 + +|*Changes—* The policy RQL has been updated to report azure storage account which allow all networks with `IPrule` and `VirtualNetworkRule` not being empty. + +*Severity—* Medium + +*Policy Type—* Config + +*Current RQL—* + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-storage-account-list' AND json.rule = properties.provisioningState equals Succeeded and networkRuleSet.defaultAction equal ignore case Allow and networkRuleSet.virtualNetworkRules is empty and networkRuleSet.ipRules[] is empty and properties.privateEndpointConnections[] is empty +---- + +*Updated RQL—* + +---- +config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-storage-account-list' AND json.rule = properties.provisioningState equals Succeeded and networkRuleSet.defaultAction equal ignore case Allow and properties.privateEndpointConnections[*] is empty +---- + +*Impact—* Low. New alerts will be generated when the `IPrule` and `VirtualNetworkRule` are retained. + +|*AWS S3 bucket publicly readable* + +tt:[*24.1.1*] + +//RLP-104677 +|*Changes—* The policy remediation steps and RQL will be updated to check for Authenticated User with read access. + +*Policy Type—* Config + +*Severity—* High + +*Current RQL—* + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-s3api-get-bucket-acl' AND json.rule = ((((publicAccessBlockConfiguration.ignorePublicAcls is false and accountLevelPublicAccessBlockConfiguration does not exist) or (publicAccessBlockConfiguration does not exist and accountLevelPublicAccessBlockConfiguration.ignorePublicAcls is false) or (publicAccessBlockConfiguration.ignorePublicAcls is false and accountLevelPublicAccessBlockConfiguration.ignorePublicAcls is false)) and acl.grantsAsList[?any(grantee equals AllUsers and permission is member of (ReadAcp,Read,FullControl))] exists) or ((policyStatus.isPublic is true and ((publicAccessBlockConfiguration.restrictPublicBuckets is false and accountLevelPublicAccessBlockConfiguration does not exist) or (publicAccessBlockConfiguration does not exist and accountLevelPublicAccessBlockConfiguration.restrictPublicBuckets is false) or (publicAccessBlockConfiguration.restrictPublicBuckets is false and accountLevelPublicAccessBlockConfiguration.restrictPublicBuckets is false))) and (policy.Statement[?any(Effect equals Allow and (Principal equals * or Principal.AWS equals *) and (Action contains s3:* or Action contains s3:Get or Action contains s3:List) and (Condition does not exist))] exists))) and websiteConfiguration does not exist +---- + +*Updated RQL—* + +---- +config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-s3api-get-bucket-acl' AND json.rule = ((((publicAccessBlockConfiguration.ignorePublicAcls is false and accountLevelPublicAccessBlockConfiguration does not exist) or (publicAccessBlockConfiguration does not exist and accountLevelPublicAccessBlockConfiguration.ignorePublicAcls is false) or (publicAccessBlockConfiguration.ignorePublicAcls is false and accountLevelPublicAccessBlockConfiguration.ignorePublicAcls is false)) and (acl.grantsAsList[?any(grantee equals AllUsers and permission is member of (ReadAcp,Read,FullControl))] exists or acl.grantsAsList[?any(grantee equals AuthenticatedUsers and permission is member of (ReadAcp,Read,FullControl))] exists)) or ((policyStatus.isPublic is true and ((publicAccessBlockConfiguration.restrictPublicBuckets is false and accountLevelPublicAccessBlockConfiguration does not exist) or (publicAccessBlockConfiguration does not exist and accountLevelPublicAccessBlockConfiguration.restrictPublicBuckets is false) or (publicAccessBlockConfiguration.restrictPublicBuckets is false and accountLevelPublicAccessBlockConfiguration.restrictPublicBuckets is false))) and (policy.Statement[?any(Effect equals Allow and (Principal equals * or Principal.AWS equals *) and (Action contains s3:* or Action contains s3:Get or Action contains s3:List) and (Condition does not exist))] exists))) and websiteConfiguration does not exist +---- + +*Impact—* Low. New alerts will be generated when Authenticated users have read permissions. + + +2+|*Policy Updates—Metadata* + +|*GCP VM instance using a default service account with full access to all Cloud APIs* + +tt:[*24.1.1*] + +//RLP-120380 +|*Changes—* The policy name, description and remediation details are updated. + +*Current Policy Name—* GCP VM instance using a default service account with full access to all Cloud APIs + +*Updated Policy Name—* GCP VM instance using a default service account with Cloud Platform access scope + +*Current Policy Description—* This policy identifies the GCP VM instances which are using a default service account with full access to all Cloud APIs. To compliant with the principle of least privileges and prevent potential privilege escalation it is recommended that instances are not assigned to default service account 'Compute Engine default service account' with scope 'Allow full access to all Cloud APIs'. + +*Updated Policy Description—* This policy identifies the GCP VM instances that are using a default service account with cloud-platform access scope. To compliant with the principle of least privileges and prevent potential privilege escalation it is recommended that instances are not assigned to default service account 'Compute Engine default service account' with scope 'cloud-platform'. + +*Severity—* Medium + +*Policy Type—* Config + +*Impact—* No impact on alerts. + +2+|*Policy Deletion* + +|*Azure Policies Deletion* + +tt:[*24.1.1*] + +//RLP-123535 + +|*Changes—* Azure has deprecated Azure Storage classic metrics. Due to this change the following associated policies have been deleted: + +* Azure storage account logging (Classic Diagnostic Setting) for queues is disabled (fde9482f-3ac2-43f6-bda2-bf2013074acd) +* Azure storage account logging (Classic Diagnostic Setting) for blobs is disabled (85a4a77f-0d46-4c3d-ae8c-37d945a0b44e) +* Azure storage account logging (Classic Diagnostic Setting) for tables is disabled (f4784022-48f3-4f3b-bc16-2b7fef56aea3) + +*Impact—* Low. Existing alerts are resolved as `Policy_Deleted`. + + +|=== + +[#policy-updates-iam] +=== Policy Updates - IAM + +tt:[*24.1.2*] + +The following IAM policy has updated RQL. + +[cols="40%a,30%a,30%a"] +|=== +|*Policy Name* +|*Old RQL* +|*New RQL* + +|*AWS cross-account resource access through IAM policies* +//RLP-126448 + +|---- +config from iam where dest.cloud.type = 'AWS' and source.cloud.account != dest.cloud.account +---- +|---- +config from iam where dest.cloud.type = 'AWS' and source.cloud.account != dest.cloud.account AND dest.cloud.accountgroup != 'Default Account Group' AND dest.cloud.account != '*' +---- + +|=== + +tt:[*24.1.1*] + +The following IAM policies has updated names and description. +//RLP-123585 + +[cols="20%a,30%a,20%a,30%a"] +|=== +|*Old Policy Name* +|*Old Policy Description* +|*New Policy Name* +|*New Policy Description* + +|AWS EC2 instance with IAM permissions management access level +|This policy identifies IAM permissions management access that is defined as risky permissions. Ensure that the AWS EC2 instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks.AWS IAM permissions management access level that are risky for AWS EC2 instances. Ensure that the AWS EC2 instances provisioned in your AWS account don't have a risky set of permissions management access to minimize security risks. +|AWS EC2 Instance with IAM policy management permissions +|This policy identifies IAM permissions that allow EC2 instances to manage IAM policies, such as creating, deleting, or attaching IAM policies to identities, roles, or groups. IAM policy management permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|AWS EC2 instance with IAM write access level +|This policy identifies IAM write permissions that are defined as risky permissions. Ensure that the AWS EC2 instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS EC2 Instance with IAM write permissions +|This policy identifies IAM permissions that allow EC2 instances to perform write operations for IAM. such as creating, deleting, updating access keys, users, groups, and roles. IAM write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|AWS EC2 instance with org write access level +|This policy identifies org write access that is defined as risky permissions. Ensure that the AWS EC2 instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS EC2 Instance with AWS Organization management permissions +|This policy identifies IAM permissions that allow EC2 instances to manage AWS Organizations such as creating, deleting, updating AWS Organizations, accounts and Org level policies, features, and services. AWS Organization write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|AWS Lambda Function with IAM permissions management access level +|This policy identifies IAM permissions management access that is defined as risky permissions. Ensure that the AWS Lambda Function instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Lambda Function with IAM policy management permissions +|This policy identifies IAM permissions that allow Lambda functions to manage IAM policies, such as creating, deleting, or attaching IAM policies to identities, roles, or groups. IAM policy management permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|AWS Lambda Function with IAM write access level +|This policy identifies IAM write permissions that are defined as risky permissions. Ensure that the AWS Lambda Function instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Lambda Function with IAM write permissions +|This policy identifies IAM permissions that allow Lambda functions to perform write operations for IAM. such as creating, deleting, updating access keys, users, groups, and roles. IAM write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|AWS Lambda Function with org write access level +|This policy identifies org write access that is defined as risky permissions. Ensure that the AWS Lambda Function instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Lambda Function with AWS Organization management permissions +|This policy identifies IAM permissions that allow Lambda functions to manage AWS Organizations such as creating, deleting, updating AWS Organizations, accounts and Org level policies, features, and services. AWS Organization write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|Okta User with IAM permissions management access level +|This policy identifies IAM permissions management access that is defined as risky permissions. Ensure that the Okta Users in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Okta User with IAM policy management permissions +|This policy identifies IAM permissions that allow Okta users to manage IAM policies, such as creating, deleting, or attaching IAM policies to identities, roles, or groups. IAM policy management permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|Okta User with IAM write access level +|This policy identifies IAM write permissions that are defined as risky permissions. Ensure that the Okta Users in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Okta User with IAM write permissions +|This policy identifies IAM permissions that allow Okta users to perform write operations for IAM, such as creating, deleting, updating access keys, users, groups, and roles. IAM write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|Okta User with org write access level +|This policy identifies org write access that is defined as risky permissions. Ensure that the Okta Users in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Okta User with AWS Organization management permissions +|This policy identifies IAM permissions that allow Okta users to manage AWS Organizations, such as creating, deleting, updating AWS Organizations, accounts and Org level policies, features, and services. AWS Organization write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|ECS Task Definition with IAM permissions management access level +|This policy identifies IAM permissions management access that is defined as risky permissions. Ensure that the AWS ECS Task Definition instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS ECS Task Definition with IAM policy management permissions +|This policy identifies IAM permissions that allow ECS task definitions to manage IAM policies, such as creating, deleting, or attaching IAM policies to identities, roles, or groups. IAM policy management permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|ECS Task Definition with IAM write access level +|This policy identifies IAM write permissions that are defined as risky permissions. Ensure that the AWS ECS Task Definition instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks +|AWS ECS Task Definition with IAM write permissions +|This policy identifies IAM permissions that allow ECS task definitions to perform write operations for IAM. such as creating, deleting, updating access keys, users, groups, and roles. IAM write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|ECS Task Definition with org write access level +|This policy identifies org write access that is defined as risky permissions. Ensure that the AWS ECS Task Definition instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS ECS Task Definition with AWS Organization management permissions +|This policy identifies IAM permissions that allow ECS task definitions to manage AWS Organizations such as creating, deleting, updating AWS Organizations, accounts and Org level policies, features, and services. AWS Organization write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|IAM User with IAM permissions management access level +|This policy identifies IAM permissions management access that is defined as risky permissions. Ensure that the IAM Users in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS IAM User with IAM policy management permissions +|This policy identifies IAM permissions that allow IAM users to manage IAM policies, such as creating, deleting, or attaching IAM policies to identities, roles, or groups. IAM policy management permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|IAM User with IAM write access level +|This policy identifies IAM write permissions that are defined as risky permissions. Ensure that the IAM Users in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS IAM User with IAM write permissions +|This policy identifies IAM permissions that allow IAM users to perform write operations for IAM. such as creating, deleting, updating access keys, users, groups, and roles. IAM write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|IAM User with org write access level +|This policy identifies org write access that is defined as risky permissions. Ensure that the IAM Users in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS IAM User with AWS Organization management permissions +|This policy identifies IAM permissions that allow IAM users to manage AWS Organizations such as creating, deleting, updating AWS Organizations, accounts and Org level policies, features, and services. AWS Organization write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|Elasticbeanstalk Platform with IAM permissions management access level +|This policy identifies IAM permissions management access that is defined as risky permissions. Ensure that the AWS Elasticbeanstalk Platform instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Elastic Beanstalk Platform with IAM policy management permissions +|This policy identifies IAM permissions that allows an Elastic Beanstalk Platform to manage IAM policies, such as creating, deleting, or attaching IAM policies to identities, roles, or groups. IAM policy management permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|Elasticbeanstalk Platform with IAM write access level +|This policy identifies IAM write permissions that are defined as risky permissions. Ensure that the AWS Elasticbeanstalk Platform instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Elastic Beanstalk Platform with IAM write permissions +|This policy identifies IAM permissions that allows an Elastic Beanstalk Platform to perform write operations for IAM. such as creating, deleting, updating access keys, users, groups, and roles. IAM write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|Elasticbeanstalk Platform with org write access level +|This policy identifies org write access that is defined as risky permissions. Ensure that the AWS Elasticbeanstalk Platform instances provisioned in your AWS account don't have a risky set of write permissions to minimize security risks. +|AWS Elastic Beanstalk Platform with AWS Organization management permissions +|This policy identifies IAM permissions that allows an Elastic Beanstalk Platform to manage AWS Organizations such as creating, deleting, updating AWS Organizations, accounts and Org level policies, features, and services. AWS Organization write permissions are very risky and should only be used under very strict controls. Unnecessary usage of these permissions can significantly increase your attack surface and make it easier for attackers to compromise your AWS environment. + +|=== + +[#new-compliance-benchmarks-and-updates] +=== New Compliance Benchmarks and Updates + +[cols="50%a,50%a"] +|=== +|*Compliance Benchmark* +|*Description* + +|*Support for RBI Compliance Standard* + +tt:[24.1.2] + +//RLP-127595 +|Prisma Cloud now supports the Reserve Bank of India (RBI) compliance standard. This comprehensive framework mandates a proactive stance on cybersecurity, ensuring secure networks and databases, constant protection of customer information, and immediate response plans for security incidents. + +You can now view this built-in standard and the associated policies on *Compliance > Standards*. You can also generate reports for immediate viewing or download, or schedule recurring reports to track this compliance standard over time. + +|*Support for SEBI Compliance Standard* + +tt:[24.1.2] + +//RLP-126826 +|Prisma Cloud now supports the Securities and Exchange Board of India (SEBI) compliance standard. This regulation lays down the listing obligations of companies that have listed their securities on stock exchanges in India. It also provides for the disclosure requirements that these companies must comply with. + +You can now view this built-in standard and the associated policies on *Compliance > Standards*. You can also generate reports for immediate viewing or download, or schedule recurring reports to track this compliance standard over time. + +|tt:[Update] *Policy Mappings for Azure CIS 2.0* + +tt:[24.1.2] + +//RLP-127603 +|The following compliance requirements in Azure CIS 2.0 Level 1 and Azure CIS 2.0 Level 2 are updated with new mappings: + +* Azure CIS 2.0 Level 1 + +* Database Services + +* Microsoft Defender + +* Storage Accounts + +* Azure CIS 2.0 Level 2 + +* Database Services + +* Microsoft Defender + +*Impact—* Compliance score can vary as new mappings are introduced. + +|=== + +[#rest-api-updates] +=== REST API Updates + +[cols="37%a,63%a"] +|=== +|*Change* +|*Description* + +|*New Alerts API* + +tt:[*24.1.2*] + +//RLP-126973 +|A new https://pan.dev/prisma-cloud/api/cspm/create-ondemand-notification/[Create On Demand Notification] endpoint is now available. It allows you to configure and share alert notifications through Email, Jira, or Slack. + +|*New Widget APIs* + +tt:[*24.1.2*] + +//RLP-125716 +|The following new APIs are added to get the data from some of the widgets used to create custom dashboards: + +* Get Alerts Count by Resolution Reason - https://pan.dev/prisma-cloud/api/cspm/value-widgets-alert-metrics-resolution-reason/[POST api/v1/metrics/alert-count-by-resolution-reason] +* Get Mean Resolution Time - https://pan.dev/prisma-cloud/api/cspm/value-widgets-alert-metrics/[POST /api/v1/metrics/alert-mean-resolution-time] + + +|*Unified Vulnerability Explorer API* + +tt:[*24.1.2*] + +//RLP-124666 +|A new https://pan.dev/prisma-cloud/api/cspm/prioritised-vulnerability-v-2/[Get Prioritized Vulnerabilities V2] API is now available. It allows to view the top priority vulnerabilities along with the number of assets in which they occur. + +|tt:[Update] *Policy APIs* + +tt:[*24.1.2*] + +//RLP-113033 +|The policy APIs now support the following types and subtypes: + +* *Policy types* - malware and grayware +* *Policy subtypes* - host and container_image + + +|*IAM APIs* + +tt:[*24.1.1*] + +//RLP-125757 +|New versions of https://pan.dev/prisma-cloud/api/cspm//iam/[IAM] endpoints are now available to get permissions, access details, and query suggestions. A few other new endpoints are also added to the https://pan.dev/prisma-cloud/api/cspm//iam/[IAM] category to get the least privilege access details and remediation command. + +|*Widget APIs* + +tt:[*24.1.1*] + +//RLP-125223 + +|The following new APIs are added to get the data from some of the widgets used to create custom dashboards: + +* Get Discovered and Secured Resources - https://pan.dev/prisma-cloud/api/cspm/value-widgets-get-discovered-vs-secured/[POST /adoptionadvisor/api/v2/compute/discovered-secured/trend] +* Get Vulnerabilities Trend - https://pan.dev/prisma-cloud/api/cspm/value-widgets-get-vulnerabilities-trend/[POST /adoptionadvisor/api/v2/compute/vulnerabilities/trend] +* Get Assets with Alerts - https://pan.dev/prisma-cloud/api/cspm/value-widgets-get-assets-with-alerts/[POST /adoptionadvisor/api/v2/cspm/riskyasset/trend] + + +|*Unified Vulnerability Explorer APIs* + +tt:[*24.1.1*] + +//RLP-123758 +|New APIs are available in the https://pan.dev/prisma-cloud/api/cspm/unified-vulnerability-explorer/[Unified Vulnerability Explorer] category to get the list of vulnerabilities based on CVE, priority, stage, RQL, and so on. In addition, you have endpoints to get the remediation status and create a remediation request. + +|*Background Job APIs* + +tt:[*24.1.1*] +//RLP-113024 + +|The following new endpoints are available to get background job reports: + +* Get Reports Metadata - https://pan.dev/prisma-cloud/api/cspm/list-reports/[GET /report-service/api/v1/report] +* Get Report Metadata by ID - https://pan.dev/prisma-cloud/api/cspm/get-report-metadata-by-id/[GET /report-service/api/v1/report/:reportId] +* Get Report Status - https://pan.dev/prisma-cloud/api/cspm/get-report-status-by-id/[GET /report-service/api/v1/report/:reportId/status] +* Download a Report - https://pan.dev/prisma-cloud/api/cspm/download-report-by-id/[GET /report-service/api/v1/report/:reportId/download] + +|*Add a New Collection* + +tt:[*24.1.1*] + +//CWP-51321 +|Collections that were added using the https://pan.dev/prisma-cloud/api/cwpp/post-collections/[Add a New Collection] did not display as expected in the Console. This issue has been resolved by making all request body fields, except `name`, optional. Any field that is not provided will default to the wildcard value '*'. + +|=== + +[#deprecation-notices] +=== Deprecation Notices + +[cols="37%a,63%a"] +|=== +|*Change* +|*Description* + +|*End of Life (EOL) for Prisma Cloud Microsegmentation in 24.1.2* +//RLP-115151, RLP-120133 - EOL was first announced with the 23.9.2 LA. + +tt:[*24.1.2*] + +_EOL was first announced in 23.9.2_ + +|The Prisma Cloud Microsegmentation module was announced as End-of-Sale effective 31 August, 2022. As of the 24.1.2 release, the Microsegmentation solution is disconnected and any active agents will no longer work. + +Make sure to uninstall all instances of the Enforcer (the Microsegmentation agent) deployed in your environment, as these agents will no longer enforce any security policies on traffic on or across your hosts. + +|*app.sg Stack Decommissioned for Prisma Cloud Data Security* + +tt:[*Secure the Infrastructure*] + +tt:[*24.1.1*] + +//PCDTUS-78 +|You will no longer be able to use the *app.sg* stack for Data Security since it's being decommissioned. If you want to use Data Security, contact your Prisma Cloud customer support representative. + +|*Support for BridgecrewCLI* + +tt:[*Secure the Source*] + +tt:[*24.1.1*] + +//RLP-112353 + +|BridgecrewCLI including GitHub Action, CircleCI Orb, and container have been deprecated. You can continue using Checkov and its compatible plugins without any disruptions. + +|*Alerts* + +tt:[*Secure the Runtime*] + +tt:[*24.1.1*] + +//CWP-40710 CWP-41766 +|Deprecated the `AccountID` and `Cluster` macros used in alerts. +This removes the `AccountID` and `Cluster` fields in the following alerts using the macros. + +* Webhook +* AWS SQS +* Prisma Cortex Alert +* Splunk + +|=== diff --git a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/prisma-cloud-release-info.adoc b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/prisma-cloud-release-info.adoc index fe92ffa6f8..1c39df885f 100644 --- a/docs/en/enterprise-edition/rn/prisma-cloud-release-info/prisma-cloud-release-info.adoc +++ b/docs/en/enterprise-edition/rn/prisma-cloud-release-info/prisma-cloud-release-info.adoc @@ -9,14 +9,14 @@ Prisma® Cloud is your code to cloud security platfrom that provides security at //Prisma Cloud Application Security identifies vulnerabilities, misconfigurations and compliance violations in Infrastructure as Code ( IaC) templates, container images and git repositories. -If you are using Runtime Security, the current version is 31.03.xxx. +If you are using Runtime Security, the current version is 32.01. //It will be upgraded to 32.00.xxx on >>>, 2023. To view the current operational status of Palo Alto Networks cloud services, see https://status.paloaltonetworks.com/[https://status.paloaltonetworks.com/]. Before you begin using Prisma Cloud, make sure you review the following information: -* xref:../prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-2023.adoc[Features Introduced in 2023] +* xref:../prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-2024.adoc[Features Introduced in 2024] * xref:../prisma-cloud-release-info/classic-releases/classic-releases.adoc[Classic Releases] * xref:../limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc[Limited GA Features] * xref:../look-ahead-planned-updates-prisma-cloud/look-ahead-planned-updates-prisma-cloud.adoc[Look Ahead—Planned Updates on Prisma Cloud] diff --git a/docs/sitemaps/sitemap-en-0.xml b/docs/sitemaps/sitemap-en-0.xml index ad0a630141..a65f760b5c 100644 --- a/docs/sitemaps/sitemap-en-0.xml +++ b/docs/sitemaps/sitemap-en-0.xml @@ -2,11 +2,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/cloud-application-security/cloud-application-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -18,11 +18,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/cloud-application-security/familiarize-application-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -34,11 +34,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/add-pre-receive-hooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -50,11 +50,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/code-repositories-policy-management/code-editor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -66,11 +66,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/code-repositories-policy-management/code-repositories-policy-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -82,11 +82,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/code-repositories-policy-management/custom-build-policy-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -98,11 +98,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/code-repositories-policy-management/visual-editor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -114,11 +114,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/code-security-licensing-configuration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -130,11 +130,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-aws-codebuild - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -146,11 +146,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-checkov - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -162,11 +162,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-circleci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -178,11 +178,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-github-actions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -194,11 +194,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-jenkins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -210,11 +210,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-terraform-cloud-sentinel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -226,11 +226,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-terraform-enterprise - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -242,11 +242,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-terraform-enterprise-run-tasks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -258,11 +258,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/add-terraform-run-tasks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -274,11 +274,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-runs/ci-cd-runs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -290,11 +290,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-systems/add-circleci-cicd-system - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -306,11 +306,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-systems/add-jenkins-cicd-system - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -322,11 +322,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/ci-cd-systems/ci-cd-systems - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -338,11 +338,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-azurerepos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -354,11 +354,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-bitbucket - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -370,11 +370,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-bitbucket-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -386,11 +386,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-github - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -402,11 +402,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-github-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -418,11 +418,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-gitlab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -434,11 +434,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/add-gitlab-selfmanaged - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -450,11 +450,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/code-repositories/code-repositories - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -466,11 +466,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/connect-your-repositories - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -482,11 +482,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-intellij - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -498,11 +498,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/connect-vscode - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -514,11 +514,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/integrate-ide/integrate-ide - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -530,11 +530,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/package-registries/add-private-registries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -546,11 +546,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/connect-your-repositories/package-registries/package-registries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -562,11 +562,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/create-and-manage-code-category-views - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -578,11 +578,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/drift-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -594,11 +594,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/enable-code-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -610,11 +610,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/finetune-configuration-settings/enable-notifications - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -626,11 +626,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/finetune-configuration-settings/finetune-configuration-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -642,11 +642,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/generate-access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -658,11 +658,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/get-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -674,11 +674,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/iac-tag-and-trace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -690,11 +690,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/manage-network-tunnel/deploy-transporter-helmcharts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -706,11 +706,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/manage-network-tunnel/manage-network-tunnel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -722,11 +722,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/manage-network-tunnel/setup-network-tunnel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -738,11 +738,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/manage-roles-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -754,11 +754,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/manage-workspace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -770,11 +770,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/quick-start - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -786,11 +786,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/secrets-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -802,11 +802,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/software-composition-analysis/license-compliance-in-sca - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -818,11 +818,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/software-composition-analysis/software-composition-analysis - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -834,11 +834,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/software-composition-analysis/supported-package-managers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -850,11 +850,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/ci-cd-risks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -866,11 +866,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/code/code - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -882,11 +882,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/code/code-reviews - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -898,11 +898,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/code/enforcement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -914,11 +914,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/code/fix-issues-in-a-scan-result - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -930,11 +930,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/code/monitor-fix-issues-in-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -946,11 +946,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/risk-prevention/risk-prevention - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -962,11 +962,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/code-security-dashboard - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -978,11 +978,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/repositories - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -994,11 +994,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/software-bill-of-materials-generation/sbom - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1010,11 +1010,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/software-bill-of-materials-generation/sbom-generation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1026,11 +1026,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/software-bill-of-materials-generation/software-bill-of-materials-generation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1042,11 +1042,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/supply-chain-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1058,11 +1058,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/technologies/jenkins-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1074,11 +1074,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/technologies/pipeline-tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1090,11 +1090,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/technologies/technologies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1106,11 +1106,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/technologies/technology-overview - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1122,11 +1122,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/technologies/vcs-third-parties - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1138,11 +1138,11 @@ https://docs.prismacloud.io/en/classic/appsec-admin-guide/visibility/visibility - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Administrator's Guide Prisma;Prisma Cloud @@ -1154,11 +1154,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/access-control/access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1170,11 +1170,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/access-control/open-policy-agent - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1186,11 +1186,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/agentless-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1202,11 +1202,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/agentless-scanning-modes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1218,11 +1218,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/agentless-scanning-results - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1234,11 +1234,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/configure-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1250,11 +1250,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/configure-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1266,11 +1266,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/configure-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1282,11 +1282,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/configure-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1298,11 +1298,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/onboard-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1314,11 +1314,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/onboard-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1330,11 +1330,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/onboard-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1346,11 +1346,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1362,11 +1362,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/agentless-scanning/onboard-accounts/onboard-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1378,11 +1378,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/alert-mechanism - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1394,11 +1394,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1410,11 +1410,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/aws-security-hub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1426,11 +1426,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/email - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1442,11 +1442,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/google-cloud-pub-sub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1458,11 +1458,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/google-cloud-scc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1474,11 +1474,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/ibm-cloud-security-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1490,11 +1490,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/jira - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1506,11 +1506,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1522,11 +1522,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/servicenow-sir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1538,11 +1538,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/servicenow-vr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1554,11 +1554,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/slack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1570,11 +1570,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/splunk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1586,11 +1586,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/webhook - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1602,11 +1602,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/xdr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1618,11 +1618,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/alerts/xsoar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1634,11 +1634,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/api/api - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1650,11 +1650,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/annotate-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1666,11 +1666,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/audit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1682,11 +1682,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/audit-admin-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1698,11 +1698,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/delete-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1714,11 +1714,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/event-viewer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1730,11 +1730,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/host-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1746,11 +1746,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/kubernetes-auditing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1762,11 +1762,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/log-rotation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1778,11 +1778,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1794,11 +1794,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/prometheus - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1810,11 +1810,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/audit/throttling - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1826,11 +1826,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1842,11 +1842,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/assign-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1858,11 +1858,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1874,11 +1874,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/aws-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1890,11 +1890,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/azure-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1906,11 +1906,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/credentials-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1922,11 +1922,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/gcp-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1938,11 +1938,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/gitlab-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1954,11 +1954,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/ibm-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1970,11 +1970,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/credentials-store/kubernetes-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -1986,11 +1986,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/prisma-cloud-user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2002,11 +2002,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/authentication/user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2018,11 +2018,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/cloud-service-providers/cloud-accounts-discovery-pcee - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2034,11 +2034,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/cloud-service-providers/cloud-service-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2050,11 +2050,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/cloud-service-providers/use-cloud-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2066,11 +2066,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2082,11 +2082,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/cis-benchmarks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2098,11 +2098,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2114,11 +2114,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/compliance-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2130,11 +2130,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/custom-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2146,11 +2146,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/detect-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2162,11 +2162,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/disa-stig-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2178,11 +2178,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/host-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2194,11 +2194,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/manage-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2210,11 +2210,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/oss-license-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2226,11 +2226,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/prisma-cloud-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2242,11 +2242,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2258,11 +2258,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/trusted-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2274,11 +2274,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2290,11 +2290,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/compliance/windows - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2306,11 +2306,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/authenticate-console-with-certs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2322,11 +2322,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/certificates - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2338,11 +2338,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/collections - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2354,11 +2354,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/configure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2370,11 +2370,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/configure-scan-intervals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2386,11 +2386,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/custom-feeds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2402,11 +2402,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/customize-terminal-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2418,11 +2418,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/disaster-recovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2434,11 +2434,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/enable-http-access-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2450,11 +2450,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2466,11 +2466,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2482,11 +2482,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/proxy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2498,11 +2498,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/rule-ordering-pattern-matching - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2514,11 +2514,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/set-diff-paths-daemon-sets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2530,11 +2530,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/tags - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2546,11 +2546,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/user-cert-validity-period - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2562,11 +2562,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/wildfire - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2578,11 +2578,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2594,11 +2594,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/continuous-integration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2610,11 +2610,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/jenkins-freestyle-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2626,11 +2626,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/jenkins-maven-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2642,11 +2642,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/jenkins-pipeline-k8s - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2658,11 +2658,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/jenkins-pipeline-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2674,11 +2674,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/jenkins-plugin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2690,11 +2690,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/run-jenkins-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2706,11 +2706,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/continuous-integration/set-policy-ci-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2722,11 +2722,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/deployment-patterns/best-practices-dns-cert-mgmt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2738,11 +2738,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/deployment-patterns/caps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2754,11 +2754,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/deployment-patterns/deployment-patterns - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2770,27 +2770,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/deployment-patterns/performance-planning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z - bookDetailPage - Prisma Cloud Administrator’s Guide (Compute) - Prisma;Prisma Cloud - prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Administrator’s Guide (Compute) - Classic - true - - - - https://docs.prismacloud.io/en/classic/compute-admin-guide/firewalls/cnns-saas - 2023-11-20T18:17:46.000Z - weekly - 1.0 - - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2802,11 +2786,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/firewalls/firewalls - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2818,11 +2802,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/howto/disable-automatic-learning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2834,11 +2818,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/howto/howto - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2850,11 +2834,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/howto/review-debug-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2866,11 +2850,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/cluster-context - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2882,11 +2866,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/app-embedded/app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2898,11 +2882,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2914,11 +2898,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2930,11 +2914,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2946,11 +2930,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2962,11 +2946,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2978,11 +2962,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/container/container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -2994,11 +2978,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/container/single-defender-cli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3010,11 +2994,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/defender-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3026,11 +3010,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/deploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3042,11 +3026,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/host/auto-defend-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3058,11 +3042,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/host/host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3074,11 +3058,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/host/windows-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3090,11 +3074,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/manage-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3106,11 +3090,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3122,11 +3106,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3138,11 +3122,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3154,11 +3138,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-gke - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3170,11 +3154,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3186,11 +3170,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3202,11 +3186,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-oc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3218,11 +3202,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/install-tas-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3234,11 +3218,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3250,11 +3234,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/orchestrator/orchestrator - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3266,11 +3250,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/redeploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3282,11 +3266,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/serverless/auto-defend-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3298,11 +3282,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3314,11 +3298,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/serverless/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3330,11 +3314,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/deploy-defender/uninstall-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3346,11 +3330,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3362,11 +3346,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3378,11 +3362,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/install/system-requirements - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3394,11 +3378,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3410,11 +3394,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3426,11 +3410,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/image-analysis-sandbox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3442,11 +3426,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/import-export-individual-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3458,11 +3442,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3474,11 +3458,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/altered-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3490,11 +3474,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/backdoor-admin-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3506,11 +3490,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/backdoor-ssh-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3522,11 +3506,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/brute-force - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3538,11 +3522,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/crypto-miners - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3554,11 +3538,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3570,11 +3554,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/incident-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3586,11 +3570,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/kubernetes-attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3602,11 +3586,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/lateral-movement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3618,11 +3602,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/malware - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3634,11 +3618,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/others - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3650,11 +3634,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/port-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3666,11 +3650,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/reverse-shell - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3682,11 +3666,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/incident-types/suspicious-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3698,11 +3682,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3714,11 +3698,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3730,11 +3714,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-aggregation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3746,11 +3730,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3762,11 +3746,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3778,11 +3762,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3794,11 +3778,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3810,11 +3794,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/inject-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3826,11 +3810,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/inject-secrets-example - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3842,11 +3826,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/integrate-with-secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3858,11 +3842,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3874,11 +3858,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3890,11 +3874,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-stores/aws-secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3906,11 +3890,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3922,11 +3906,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-stores/azure-key-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3938,11 +3922,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3954,11 +3938,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-stores/hashicorp-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3970,11 +3954,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/secrets/secrets-stores/secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -3986,11 +3970,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/app-specific-network-intelligence - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4002,11 +3986,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/container-runtimes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4018,11 +4002,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4034,11 +4018,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/host-defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4050,11 +4034,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/intel-stream - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4066,11 +4050,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4082,11 +4066,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/serverless-radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4098,11 +4082,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/technology-overviews - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4114,11 +4098,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/telemetry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4130,11 +4114,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/tls-v12-cipher-suites - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4146,11 +4130,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/twistlock-advanced-threat-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4162,11 +4146,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/technology-overviews/twistlock-rules-guide-docker - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4178,11 +4162,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/tools/tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4194,11 +4178,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/tools/twistcli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4210,11 +4194,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/tools/twistcli-scan-code-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4226,11 +4210,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/tools/twistcli-scan-iac - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4242,11 +4226,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/tools/twistcli-scan-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4258,11 +4242,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4274,11 +4258,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4290,11 +4274,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4306,11 +4290,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-defender-daemonset - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4322,11 +4306,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-defender-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4338,11 +4322,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-defender-single-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4354,11 +4338,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4370,11 +4354,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4386,11 +4370,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4402,11 +4386,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/upgrade-process-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4418,11 +4402,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4434,11 +4418,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/base-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4450,11 +4434,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4466,11 +4450,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/cvss-scoring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4482,11 +4466,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/malware-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4498,11 +4482,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4514,11 +4498,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4530,11 +4514,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/nexus-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4546,11 +4530,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4562,11 +4546,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-acr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4578,11 +4562,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4594,11 +4578,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-artifactory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4610,11 +4594,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4626,11 +4610,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4642,11 +4626,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-ecr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4658,11 +4642,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4674,11 +4658,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-gitlab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4690,11 +4674,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4706,11 +4690,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-harbor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4722,11 +4706,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4738,11 +4722,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4754,11 +4738,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4770,11 +4754,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4786,11 +4770,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/scan-procedure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4802,11 +4786,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/scan-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4818,11 +4802,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/search-cves - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4834,11 +4818,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/serverless-functions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4850,11 +4834,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/troubleshoot-vuln-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4866,11 +4850,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4882,11 +4866,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/vmware-tanzu-blobstore - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4898,11 +4882,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/vuln-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4914,11 +4898,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/vuln-management-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4930,11 +4914,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/vulnerability-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4946,11 +4930,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/windows-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4962,11 +4946,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/api-def-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4978,11 +4962,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deploy-oob-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -4994,11 +4978,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deploy-oob-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5010,11 +4994,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deploy-waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5026,11 +5010,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5042,11 +5026,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5058,11 +5042,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5074,11 +5058,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-sanity-tests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5090,11 +5074,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5106,11 +5090,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-troubleshooting - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5122,11 +5106,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/deploy-waas/deployment-vpc-mirroring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5138,11 +5122,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5154,11 +5138,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/unprotected-web-apps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5170,11 +5154,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5186,11 +5170,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5202,11 +5186,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-advanced-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5218,11 +5202,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-analytics - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5234,11 +5218,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-api-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5250,11 +5234,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-api-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5266,11 +5250,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-app-firewall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5282,11 +5266,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-bot-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5298,11 +5282,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-custom-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5314,11 +5298,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-dos-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5330,11 +5314,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5346,11 +5330,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/waas/waas-intro - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5362,11 +5346,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5378,11 +5362,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/licensing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5394,11 +5378,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/nat-gateway-ip-addresses - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5410,11 +5394,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/pcee-vs-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5426,11 +5410,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/product-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5442,11 +5426,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/saas-maintenance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5458,11 +5442,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/security-assurance-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5474,11 +5458,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5490,11 +5474,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/utilities-and-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5506,11 +5490,11 @@ https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/welcome - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator’s Guide (Compute) Prisma;Prisma Cloud @@ -5522,11 +5506,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5538,11 +5522,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-guardduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5554,11 +5538,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-s3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5570,11 +5554,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5586,11 +5570,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-inspector - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5602,11 +5586,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-security-hub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5618,11 +5602,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5634,11 +5618,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-demisto - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5650,11 +5634,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-google-cloud-security-command-center - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5666,11 +5650,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5682,11 +5666,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-microsoft-teams - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5698,11 +5682,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5714,11 +5698,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-qualys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5730,11 +5714,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5746,11 +5730,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-slack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5762,11 +5746,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-splunk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5778,11 +5762,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-tenable - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5794,11 +5778,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5810,11 +5794,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrations-feature-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5826,11 +5810,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/prisma-cloud-integrations - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5842,11 +5826,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/cloud-account-onboarding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5858,11 +5842,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/cloud-service-provider-regions-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5874,11 +5858,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/connect-your-cloud-platform-to-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5890,11 +5874,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/add-aws-member-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5906,11 +5890,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/automate-aws-onboarding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5922,11 +5906,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/aws-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5938,11 +5922,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5954,11 +5938,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-data-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5970,11 +5954,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-dns-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -5986,11 +5970,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-findings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6002,11 +5986,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/configure-flow-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6018,11 +6002,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/manually-set-up-prisma-cloud-role-for-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6034,11 +6018,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6050,11 +6034,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6066,11 +6050,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/onboard-aws-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6082,11 +6066,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/prisma-cloud-on-aws-china - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6098,11 +6082,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/troubleshoot-aws-errors - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6114,11 +6098,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6130,11 +6114,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-aws-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6146,11 +6130,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-aws/update-onboarded-aws-accnt-to-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6162,11 +6146,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/create-custom-role-on-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6178,11 +6162,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-organization - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6194,11 +6178,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/enable-flow-logs-for-gcp-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6210,11 +6194,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/flow-logs-compression - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6226,11 +6210,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/gcp-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6242,11 +6226,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6258,11 +6242,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6274,11 +6258,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/onboard-gcp-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6290,11 +6274,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/prerequisites-to-onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6306,11 +6290,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-gcp/update-onboarded-gcp-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6322,11 +6306,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-alibaba-account/add-alibaba-cloud-account-to-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6338,11 +6322,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-alibaba-account/alibaba-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6354,11 +6338,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-alibaba-account/onboard-your-alibaba-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6370,11 +6354,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-alibaba-account/set-up-your-alibaba-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6386,11 +6370,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/authorize-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6402,11 +6386,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6418,11 +6402,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6434,11 +6418,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-subscription - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6450,11 +6434,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/connect-azure-tenant - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6466,11 +6450,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/edit-onboarded-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6482,11 +6466,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/microsoft-azure-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6498,11 +6482,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/onboard-your-azure-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6514,11 +6498,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/troubleshoot-azure-account-onboarding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6530,11 +6514,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-azure-account/update-azure-application-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6546,11 +6530,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-oci-account/add-oci-tenant-to-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6562,11 +6546,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-oci-account/oci-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6578,11 +6562,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-oci-account/onboard-your-oci-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6594,11 +6578,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/connect-your-cloud-platform-to-prisma-cloud/onboard-your-oci-account/permissions-required-for-oci-tenant-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6610,11 +6594,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/access-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6626,11 +6610,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/access-the-prisma-cloud-api - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6642,11 +6626,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6658,11 +6642,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/get-prisma-cloud-from-aws-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6674,11 +6658,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/get-prisma-cloud-from-gcp-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6690,11 +6674,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/get-started-with-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6706,11 +6690,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6722,11 +6706,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/prisma-cloud-faqs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6738,11 +6722,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/prisma-cloud-first-look - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6754,11 +6738,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/prisma-cloud-how-it-works - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6770,11 +6754,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/prisma-cloud-licenses - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6786,11 +6770,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/prisma-cloud-next-steps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6802,11 +6786,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/investigate-incidents-on-prisma-cloud/investigate-audit-incidents-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6818,11 +6802,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/investigate-incidents-on-prisma-cloud/investigate-config-incidents-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6834,11 +6818,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/investigate-incidents-on-prisma-cloud/investigate-incidents-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6850,11 +6834,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/investigate-incidents-on-prisma-cloud/investigate-network-incidents-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6866,11 +6850,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-a-resource-list-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6882,11 +6866,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-prisma-cloud-users - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6898,11 +6882,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/add-service-account-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6914,11 +6898,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/adoption-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6930,11 +6914,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6946,11 +6930,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-account-groups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6962,11 +6946,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-custom-prisma-cloud-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6978,11 +6962,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-prisma-cloud-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -6994,11 +6978,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7010,11 +6994,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/get-started-with-oidc-sso - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7026,11 +7010,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/set-up-oidc-on-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7042,11 +7026,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-oidc-sso/set-up-oidc-on-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7058,11 +7042,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/get-started-with-saml-sso - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7074,11 +7058,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/set-up-jit-on-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7090,11 +7074,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7106,11 +7090,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-google - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7122,11 +7106,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-jit-on-onelogin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7138,11 +7122,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7154,11 +7138,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7170,11 +7154,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7186,11 +7170,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7202,11 +7186,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-prisma-cloud-administrators - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7218,11 +7202,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-roles-in-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7234,11 +7218,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/manage-your-prisma-cloud-profile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7250,11 +7234,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7266,11 +7250,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7282,11 +7266,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/setup-sso-integration-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7298,11 +7282,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/view-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7314,11 +7298,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alarms/manage-prisma-cloud-alarms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7330,11 +7314,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alarms/prisma-cloud-alarms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7346,11 +7330,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alarms/review-alarms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7362,11 +7346,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alarms/set-up-email-notifications-for-alarms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7378,11 +7362,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/alert-notifications-state-changes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7394,11 +7378,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/alert-payload - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7410,11 +7394,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7426,11 +7410,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/create-an-alert-rule - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7442,11 +7426,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/enable-prisma-cloud-alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7458,11 +7442,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/generate-reports-on-prisma-cloud-alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7474,11 +7458,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/manage-prisma-cloud-alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7490,11 +7474,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/prisma-cloud-alert-notifications - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7506,11 +7490,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/prisma-cloud-alert-resolution-reasons - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7522,11 +7506,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/saved-views - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7538,11 +7522,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/send-prisma-cloud-alert-notifications-to-third-party-tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7554,11 +7538,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/suppress-alerts-for-prisma-cloud-anomaly-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7570,11 +7554,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7586,11 +7570,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-alerts/view-respond-to-prisma-cloud-alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7602,11 +7586,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-compliance/add-a-new-compliance-report - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7618,11 +7602,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-compliance/compliance-dashboard - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7634,11 +7618,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-compliance/create-a-custom-compliance-standard - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7650,11 +7634,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-compliance/prisma-cloud-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7666,11 +7650,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-dashboards/asset-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7682,11 +7666,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-dashboards/assets-policies-and-compliance-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7698,11 +7682,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-dashboards/command-center-dashboard - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7714,11 +7698,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-dashboards/prisma-cloud-dashboards - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7730,11 +7714,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-dashboards/secops - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7746,11 +7730,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/disable-pcds-and-offboard-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7762,11 +7746,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-common-s3-bucket-for-aws-cloudtrail - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7778,11 +7762,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7794,11 +7778,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/add-a-new-azure-account-pcds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7810,11 +7794,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/edit-an-existing-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7826,11 +7810,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/enable-data-security-for-aws-org-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7842,11 +7826,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/enable-data-security-module - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7858,11 +7842,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/enable-data-security-module/get-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7874,11 +7858,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/guidelines-for-optimizing-data-security-cost - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7890,11 +7874,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-dashboard - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7906,11 +7890,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7922,11 +7906,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7938,11 +7922,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-security-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7954,11 +7938,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/exposure-evaluation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7970,11 +7954,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/mask-sensitive-data-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -7986,11 +7970,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/monitor-data-security-scan-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8002,11 +7986,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/object-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8018,11 +8002,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/resource-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8034,11 +8018,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/supported-file-extensions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8050,11 +8034,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8066,11 +8050,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/troubleshoot-data-security-errors - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8082,11 +8066,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/what-is-included-with-prisma-cloud-data-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8098,11 +8082,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/cloud-identity-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8114,11 +8098,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/context-used-to-calculate-effective-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8130,11 +8114,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/create-an-iam-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8146,11 +8130,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/enable-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8162,11 +8146,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-aws-id-center - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8178,11 +8162,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-idp-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8194,11 +8178,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8210,11 +8194,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/investigate-iam-incidents-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8226,11 +8210,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/prisma-cloud-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8242,11 +8226,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/remediate-alerts-for-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8258,11 +8242,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/what-is-prisma-cloud-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8274,11 +8258,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-network-security/create-a-network-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8290,11 +8274,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-network-security/investigate-network-exposure-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8306,11 +8290,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-network-security/prisma-cloud-network-analyzer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8322,11 +8306,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-network-security/prisma-cloud-network-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8338,11 +8322,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/anomaly-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8354,11 +8338,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/attack-path-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8370,11 +8354,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/create-a-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8386,11 +8370,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/manage-prisma-cloud-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8402,11 +8386,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/prisma-cloud-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8418,11 +8402,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/prisma-cloud-threat-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8434,11 +8418,11 @@ https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-policies/workload-protection-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Administrator's Guide Prisma;Prisma Cloud @@ -8450,11 +8434,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/alibaba-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8466,11 +8450,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/aws-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8482,11 +8466,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/config-query/config-query - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8498,11 +8482,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/config-query/config-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8514,11 +8498,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/config-query/config-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8530,11 +8514,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8546,11 +8530,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8562,11 +8546,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8578,11 +8562,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/gcp-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8594,11 +8578,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/iam-query/iam-query - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8610,11 +8594,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/iam-query/iam-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8626,11 +8610,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/iam-query/iam-query-conditions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8642,11 +8626,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/iam-query/iam-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8658,11 +8642,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/microsoft-azure-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8674,11 +8658,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/network-query/network-flow-log-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8690,11 +8674,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/network-query/network-flow-log-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8706,11 +8690,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/network-query/network-query - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8722,11 +8706,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/network-query/network-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8738,11 +8722,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/network-query/network-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8754,11 +8738,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/oci-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8770,11 +8754,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/operators - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8786,11 +8770,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/rql - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8802,11 +8786,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/rql-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8818,11 +8802,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/rql-faqs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8834,11 +8818,11 @@ https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/rql-reference - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Resource Query Language (RQL) Reference Prisma;Prisma Cloud @@ -8850,11 +8834,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/access-control/access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8865,11 +8849,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/access-control/open-policy-agent - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8880,11 +8864,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/access-control/rbac - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8895,11 +8879,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/agentless-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8910,11 +8894,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/agentless-scanning-results - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8925,11 +8909,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8940,11 +8924,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/onboard-accounts/onboard-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8955,11 +8939,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/onboard-accounts/onboard-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8970,11 +8954,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -8985,11 +8969,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/agentless-scanning/onboard-accounts/onboard-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9000,11 +8984,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/alert-mechanism - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9015,11 +8999,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9030,11 +9014,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/aws-security-hub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9045,11 +9029,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/email - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9060,11 +9044,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/google-cloud-pub-sub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9075,11 +9059,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/google-cloud-scc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9090,11 +9074,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/ibm-cloud-security-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9105,11 +9089,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/jira - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9120,11 +9104,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9135,11 +9119,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/servicenow-sir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9150,11 +9134,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/servicenow-vr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9165,11 +9149,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/slack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9180,11 +9164,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/splunk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9195,11 +9179,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/webhook - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9210,11 +9194,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/xdr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9225,11 +9209,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/alerts/xsoar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9240,11 +9224,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/api/api - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9255,11 +9239,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/annotate-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9270,11 +9254,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/audit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9285,11 +9269,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/audit-admin-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9300,11 +9284,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/delete-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9315,11 +9299,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/event-viewer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9330,11 +9314,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/host-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9345,11 +9329,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/kubernetes-auditing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9360,11 +9344,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/log-rotation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9375,11 +9359,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9390,11 +9374,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/prometheus - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9405,11 +9389,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/audit/throttling - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9420,11 +9404,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9435,11 +9419,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/assign-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9450,11 +9434,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9465,11 +9449,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/credentials-store/aws-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9480,11 +9464,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/credentials-store/azure-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9495,11 +9479,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/credentials-store/credentials-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9510,11 +9494,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/credentials-store/gcp-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9525,11 +9509,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/credentials-store/ibm-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9540,11 +9524,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/credentials-store/kubernetes-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9555,11 +9539,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/identity-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9570,11 +9554,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/login - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9585,11 +9569,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/non-default-upn-suffixes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9600,11 +9584,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/oauth2-github - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9615,11 +9599,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/oauth2-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9630,11 +9614,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/oidc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9645,11 +9629,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/openldap - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9660,11 +9644,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/saml - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9675,11 +9659,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/saml-active-directory-federation-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9690,11 +9674,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/saml-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9705,11 +9689,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/saml-google-g-suite - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9720,11 +9704,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/saml-ping-federate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9735,11 +9719,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/authentication/user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9750,11 +9734,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9765,11 +9749,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/cloud-service-providers/cloud-service-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9780,11 +9764,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/cloud-service-providers/configure-cloud-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9795,11 +9779,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9810,11 +9794,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/cis-benchmarks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9825,11 +9809,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9840,11 +9824,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/compliance-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9855,11 +9839,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/custom-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9870,11 +9854,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/detect-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9885,11 +9869,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/disa-stig-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9900,11 +9884,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/host-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9915,11 +9899,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/manage-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9930,11 +9914,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/oss-license-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9945,11 +9929,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/prisma-cloud-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9960,11 +9944,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9975,11 +9959,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/trusted-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -9990,11 +9974,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10005,11 +9989,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/compliance/windows - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10020,11 +10004,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/authenticate-console-with-certs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10035,11 +10019,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/certificates - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10050,11 +10034,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/clustered-db - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10065,11 +10049,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/collections - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10080,11 +10064,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/configure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10095,11 +10079,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/configure-scan-intervals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10110,11 +10094,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/custom-certs-predefined-dir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10125,11 +10109,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/custom-feeds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10140,11 +10124,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/customize-terminal-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10155,11 +10139,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/disaster-recovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10170,11 +10154,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/enable-http-access-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10185,11 +10169,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10200,11 +10184,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/logon-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10215,11 +10199,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10230,11 +10214,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/proxy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10245,11 +10229,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/reconfigure-twistlock - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10260,11 +10244,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/rule-ordering-pattern-matching - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10275,11 +10259,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/set-diff-paths-daemon-sets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10290,11 +10274,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/subject-alternative-names - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10305,11 +10289,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/tags - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10320,11 +10304,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/user-cert-validity-period - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10335,11 +10319,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/configure/wildfire - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10350,11 +10334,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10365,11 +10349,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/continuous-integration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10380,11 +10364,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/jenkins-freestyle-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10395,11 +10379,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/jenkins-maven-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10410,11 +10394,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/jenkins-pipeline-k8s - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10425,11 +10409,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/jenkins-pipeline-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10440,11 +10424,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/jenkins-plugin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10455,11 +10439,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/run-jenkins-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10470,11 +10454,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/continuous-integration/set-policy-ci-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10485,11 +10469,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/automated-deployment - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10500,11 +10484,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10515,11 +10499,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/caps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10530,11 +10514,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/deployment-patterns - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10545,11 +10529,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/high-availability - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10560,11 +10544,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/migrate-to-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10575,11 +10559,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/migration-options-for-scale-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10590,11 +10574,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/performance-planning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10605,11 +10589,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/deployment-patterns/projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10620,11 +10604,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/firewalls/cnnf-self-hosted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10635,11 +10619,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/firewalls/firewalls - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10650,11 +10634,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/configure-ecs-loadbalancer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10665,11 +10649,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/configure-listening-ports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10680,11 +10664,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/deploy-in-fips-mode - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10695,11 +10679,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/disable-automatic-learning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10710,11 +10694,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/howto - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10725,11 +10709,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/openshift-provision-tenant-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10740,11 +10724,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/review-debug-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10755,11 +10739,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/howto/twistcli-sandbox-third-party-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10770,11 +10754,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/cluster-context - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10785,11 +10769,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/defender-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10800,11 +10784,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10815,11 +10799,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10830,11 +10814,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-ack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10845,11 +10829,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-aks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10860,11 +10844,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10875,11 +10859,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-console-on-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10890,11 +10874,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/auto-defend-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10905,11 +10889,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/auto-defend-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10920,11 +10904,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/config-app-embedded-fs-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10935,11 +10919,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/decommission-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10950,11 +10934,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-app-embedded-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10965,11 +10949,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-app-embedded-defender-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10980,11 +10964,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-cluster-container-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -10995,11 +10979,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11010,11 +10994,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-defender-gcp-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11025,11 +11009,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-host-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11040,11 +11024,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-serverless-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11055,11 +11039,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-serverless-defender-layer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11070,11 +11054,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-single-container-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11085,11 +11069,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/install-tas-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11100,11 +11084,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/redeploy-defenders - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11115,11 +11099,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-defender/uninstall-defenders - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11130,11 +11114,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-eks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11145,11 +11129,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-gke - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11160,11 +11144,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-gke-autopilot - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11175,11 +11159,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-iks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11190,11 +11174,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11205,11 +11189,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-onebox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11220,11 +11204,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-openshift-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11235,11 +11219,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/install-windows - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11250,11 +11234,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/system-requirements - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11265,11 +11249,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/install/twistlock-container-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11280,11 +11264,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11295,11 +11279,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/custom-runtime-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11310,11 +11294,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/image-analysis-sandbox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11325,11 +11309,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/import-export-individual-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11340,11 +11324,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11355,11 +11339,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/altered-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11370,11 +11354,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11385,11 +11369,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/backdoor-ssh-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11400,11 +11384,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/brute-force - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11415,11 +11399,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/crypto-miners - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11430,11 +11414,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11445,11 +11429,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/incident-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11460,11 +11444,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/kubernetes-attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11475,11 +11459,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/lateral-movement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11490,11 +11474,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/malware - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11505,11 +11489,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/others - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11520,11 +11504,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/port-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11535,11 +11519,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/reverse-shell - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11550,11 +11534,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/incident-types/suspicious-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11565,11 +11549,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11580,11 +11564,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-defense - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11595,11 +11579,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-defense-aggregation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11610,11 +11594,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-defense-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11625,11 +11609,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-defense-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11640,11 +11624,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-defense-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11655,11 +11639,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/runtime-defense/runtime-defense-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11670,11 +11654,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/inject-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11685,11 +11669,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/inject-secrets-example - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11700,11 +11684,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/integrate-with-secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11715,11 +11699,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11730,11 +11714,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11745,11 +11729,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-stores/aws-secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11760,11 +11744,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11775,11 +11759,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-stores/azure-key-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11790,11 +11774,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11805,11 +11789,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-stores/hashicorp-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11820,11 +11804,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/secrets/secrets-stores/secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11835,11 +11819,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/app-specific-network-intelligence - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11850,11 +11834,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/container-runtimes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11865,11 +11849,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11880,11 +11864,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/host-defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11895,11 +11879,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/intel-stream - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11910,11 +11894,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11925,11 +11909,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/serverless-radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11940,11 +11924,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/technology-overviews - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11955,11 +11939,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/telemetry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11970,11 +11954,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/tls-v12-cipher-suites - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -11985,11 +11969,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/twistlock-advanced-threat-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12000,11 +11984,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/technology-overviews/twistlock-rules-guide-docker - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12015,11 +11999,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/tools/tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12030,11 +12014,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/tools/twistcli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12045,11 +12029,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/tools/twistcli-console-install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12060,11 +12044,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/tools/twistcli-scan-code-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12075,11 +12059,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/tools/twistcli-scan-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12090,11 +12074,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/tools/update-intel-stream-offline - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12105,11 +12089,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12120,11 +12104,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12135,11 +12119,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12150,11 +12134,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-defender-daemonset - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12165,11 +12149,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-defender-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12180,11 +12164,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-defender-single-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12195,11 +12179,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12210,11 +12194,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12225,11 +12209,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-onebox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12240,11 +12224,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12255,11 +12239,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/upgrade/upgrade-process-self-hosted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12270,11 +12254,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12285,11 +12269,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/base-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12300,11 +12284,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12315,11 +12299,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/cvss-scoring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12330,11 +12314,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/malware-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12345,11 +12329,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12360,11 +12344,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12375,11 +12359,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/nexus-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12390,11 +12374,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12405,11 +12389,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-acr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12420,11 +12404,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12435,11 +12419,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-artifactory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12450,11 +12434,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12465,11 +12449,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-ecr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12480,11 +12464,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12495,11 +12479,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12510,11 +12494,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-harbor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12525,11 +12509,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12540,11 +12524,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/scan-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12555,11 +12539,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/registry-scanning/webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12570,11 +12554,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12585,11 +12569,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/scan-procedure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12600,11 +12584,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/scan-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12615,11 +12599,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/search-cves - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12630,11 +12614,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/serverless-functions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12645,11 +12629,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/troubleshoot-vuln-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12660,11 +12644,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12675,11 +12659,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/vmware-tanzu-blobstore - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12690,11 +12674,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/vuln-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12705,11 +12689,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/vuln-management-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12720,11 +12704,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/vulnerability-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12735,11 +12719,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/vulnerability-management/windows-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12750,11 +12734,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/api-def-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12765,11 +12749,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deploy-oob-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12780,11 +12764,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deploy-oob-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12795,11 +12779,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deploy-waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12810,11 +12794,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12825,11 +12809,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12840,11 +12824,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12855,11 +12839,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-sanity-tests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12870,11 +12854,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12885,11 +12869,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-troubleshooting - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12900,11 +12884,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/deploy-waas/deployment-vpc-mirroring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12915,11 +12899,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12930,11 +12914,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/unprotected-web-apps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12945,11 +12929,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12960,11 +12944,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12975,11 +12959,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-advanced-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -12990,11 +12974,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-analytics - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13005,11 +12989,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-api-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13020,11 +13004,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-api-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13035,11 +13019,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-app-firewall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13050,11 +13034,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-bot-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13065,11 +13049,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-custom-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13080,11 +13064,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-dos-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13095,11 +13079,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13110,11 +13094,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/waas/waas-intro - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13125,11 +13109,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13140,11 +13124,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/licensing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13155,11 +13139,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/pcee-vs-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13170,11 +13154,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/product-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13185,11 +13169,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/releases - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13200,11 +13184,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/security-assurance-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13215,11 +13199,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13230,11 +13214,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/utilities-and-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13245,11 +13229,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/admin-guide/welcome/welcome - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13260,11 +13244,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/get-help/get-help - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13275,11 +13259,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/get-help/related-documentation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13290,11 +13274,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/get-help/request-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13305,11 +13289,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/known-issues-22-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13320,11 +13304,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13335,11 +13319,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-notes-22-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13350,11 +13334,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-notes-22-12-update1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13365,11 +13349,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-notes-22-12-update2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13380,11 +13364,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-notes-22-12-update2-build-22-12-585 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13395,11 +13379,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-notes-22-12-update3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13410,11 +13394,11 @@ https://docs.prismacloud.io/en/compute-edition/22-12/rn/release-information/release-notes-22-12-update4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -13425,11 +13409,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/access-control/access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13440,11 +13424,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/access-control/open-policy-agent - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13455,11 +13439,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/access-control/rbac - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13470,11 +13454,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/agentless-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13485,11 +13469,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/agentless-scanning-modes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13500,11 +13484,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/agentless-scanning-results - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13515,11 +13499,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/configure-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13530,11 +13514,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/configure-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13545,11 +13529,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/configure-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13560,11 +13544,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13575,11 +13559,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/onboard-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13590,11 +13574,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/onboard-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13605,11 +13589,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13620,11 +13604,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/agentless-scanning/onboard-accounts/onboard-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13635,11 +13619,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/alert-mechanism - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13650,11 +13634,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13665,11 +13649,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/aws-security-hub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13680,11 +13664,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/email - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13695,11 +13679,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/google-cloud-pub-sub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13710,11 +13694,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/google-cloud-scc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13725,11 +13709,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/ibm-cloud-security-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13740,11 +13724,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/jira - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13755,11 +13739,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13770,11 +13754,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/servicenow-sir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13785,11 +13769,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/servicenow-vr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13800,11 +13784,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/slack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13815,11 +13799,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/splunk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13830,11 +13814,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/webhook - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13845,11 +13829,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/xdr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13860,11 +13844,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/alerts/xsoar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13875,11 +13859,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/api/api - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13890,11 +13874,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/annotate-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13905,11 +13889,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/audit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13920,11 +13904,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/audit-admin-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13935,11 +13919,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/delete-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13950,11 +13934,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/event-viewer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13965,11 +13949,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/host-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13980,11 +13964,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/kubernetes-auditing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -13995,11 +13979,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/log-rotation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14010,11 +13994,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14025,11 +14009,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/prometheus - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14040,11 +14024,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/audit/throttling - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14055,11 +14039,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14070,11 +14054,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/assign-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14085,11 +14069,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14100,11 +14084,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/aws-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14115,11 +14099,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/azure-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14130,11 +14114,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/credentials-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14145,11 +14129,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/gcp-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14160,11 +14144,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/gitlab-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14175,11 +14159,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/ibm-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14190,11 +14174,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/credentials-store/kubernetes-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14205,11 +14189,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/identity-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14220,11 +14204,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/login - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14235,11 +14219,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/non-default-upn-suffixes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14250,11 +14234,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/oauth2-github - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14265,11 +14249,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/oauth2-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14280,11 +14264,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/oidc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14295,11 +14279,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/openldap - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14310,11 +14294,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/saml - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14325,11 +14309,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/saml-active-directory-federation-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14340,11 +14324,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/saml-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14355,11 +14339,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/saml-google-g-suite - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14370,11 +14354,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/saml-ping-federate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14385,11 +14369,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/authentication/user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14400,11 +14384,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14415,11 +14399,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/cloud-service-providers/cloud-service-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14430,11 +14414,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/cloud-service-providers/configure-cloud-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14445,11 +14429,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14460,11 +14444,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/cis-benchmarks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14475,11 +14459,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14490,11 +14474,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/compliance-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14505,11 +14489,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/custom-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14520,11 +14504,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/detect-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14535,11 +14519,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/disa-stig-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14550,11 +14534,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/host-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14565,11 +14549,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/manage-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14580,11 +14564,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/oss-license-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14595,11 +14579,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/prisma-cloud-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14610,11 +14594,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14625,11 +14609,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/trusted-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14640,11 +14624,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14655,11 +14639,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/compliance/windows - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14670,11 +14654,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/authenticate-console-with-certs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14685,11 +14669,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/certificates - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14700,11 +14684,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/clustered-db - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14715,11 +14699,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/collections - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14730,11 +14714,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/configure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14745,11 +14729,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/configure-scan-intervals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14760,11 +14744,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/custom-certs-predefined-dir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14775,11 +14759,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/custom-feeds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14790,11 +14774,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/customize-terminal-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14805,11 +14789,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/disaster-recovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14820,11 +14804,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/enable-http-access-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14835,11 +14819,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14850,11 +14834,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/logon-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14865,11 +14849,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14880,11 +14864,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/proxy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14895,11 +14879,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/reconfigure-twistlock - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14910,11 +14894,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/rule-ordering-pattern-matching - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14925,11 +14909,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/set-diff-paths-daemon-sets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14940,11 +14924,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/subject-alternative-names - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14955,11 +14939,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/tags - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14970,11 +14954,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/user-cert-validity-period - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -14985,11 +14969,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/configure/wildfire - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15000,11 +14984,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15015,11 +14999,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/continuous-integration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15030,11 +15014,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/jenkins-freestyle-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15045,11 +15029,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/jenkins-maven-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15060,11 +15044,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/jenkins-pipeline-k8s - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15075,11 +15059,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/jenkins-pipeline-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15090,11 +15074,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/jenkins-plugin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15105,11 +15089,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/run-jenkins-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15120,11 +15104,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/continuous-integration/set-policy-ci-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15135,11 +15119,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/automated-deployment - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15150,11 +15134,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15165,11 +15149,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/caps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15180,11 +15164,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/deployment-patterns - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15195,11 +15179,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/high-availability - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15210,11 +15194,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/migrate-to-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15225,11 +15209,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/migration-options-for-scale-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15240,11 +15224,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/performance-planning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15255,11 +15239,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/deployment-patterns/projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15270,11 +15254,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/firewalls/cnns-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15285,11 +15269,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/firewalls/firewalls - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15300,11 +15284,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/configure-ecs-loadbalancer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15315,11 +15299,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/configure-listening-ports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15330,11 +15314,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/deploy-in-fips-mode - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15345,11 +15329,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/disable-automatic-learning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15360,11 +15344,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/howto - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15375,11 +15359,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/openshift-provision-tenant-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15390,11 +15374,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/review-debug-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15405,11 +15389,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/howto/twistcli-sandbox-third-party-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15420,11 +15404,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/cluster-context - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15435,11 +15419,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-ack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15450,11 +15434,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-acs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15465,11 +15449,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-aks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15480,11 +15464,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15495,11 +15479,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-eks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15510,11 +15494,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15525,11 +15509,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-iks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15540,11 +15524,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15555,11 +15539,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-onebox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15570,11 +15554,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/console-on-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15585,11 +15569,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/container-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15600,11 +15584,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-console/deploy-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15615,11 +15599,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/app-embedded/app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15630,11 +15614,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15645,11 +15629,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15660,11 +15644,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15675,11 +15659,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15690,11 +15674,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15705,11 +15689,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/container/container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15720,11 +15704,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/container/single-defender-cli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15735,11 +15719,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/defender-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15750,11 +15734,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/deploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15765,11 +15749,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/host/auto-defend-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15780,11 +15764,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/host/host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15795,11 +15779,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/host/windows-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15810,11 +15794,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/manage-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15825,11 +15809,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15840,11 +15824,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15855,11 +15839,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15870,11 +15854,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-gke - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15885,11 +15869,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15900,11 +15884,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15915,11 +15899,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/install-tas-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15930,11 +15914,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15945,11 +15929,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/orchestrator/orchestrator - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15960,11 +15944,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/redeploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15975,11 +15959,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/serverless/auto-defend-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -15990,11 +15974,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16005,11 +15989,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/serverless/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16020,11 +16004,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/deploy-defender/uninstall-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16035,11 +16019,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16050,11 +16034,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16065,11 +16049,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/install/system-requirements - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16080,11 +16064,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16095,11 +16079,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/custom-runtime-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16110,11 +16094,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/image-analysis-sandbox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16125,11 +16109,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/import-export-individual-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16140,11 +16124,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16155,11 +16139,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/altered-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16170,11 +16154,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16185,11 +16169,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/backdoor-ssh-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16200,11 +16184,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/brute-force - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16215,11 +16199,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/crypto-miners - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16230,11 +16214,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16245,11 +16229,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/incident-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16260,11 +16244,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/kubernetes-attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16275,11 +16259,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/lateral-movement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16290,11 +16274,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/malware - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16305,11 +16289,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/others - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16320,11 +16304,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/port-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16335,11 +16319,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/reverse-shell - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16350,11 +16334,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/incident-types/suspicious-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16365,11 +16349,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16380,11 +16364,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-defense - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16395,11 +16379,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-defense-aggregation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16410,11 +16394,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-defense-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16425,11 +16409,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-defense-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16440,11 +16424,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-defense-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16455,11 +16439,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/runtime-defense-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16470,11 +16454,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/inject-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16485,11 +16469,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/inject-secrets-example - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16500,11 +16484,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/integrate-with-secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16515,11 +16499,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16530,11 +16514,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16545,11 +16529,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-stores/aws-secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16560,11 +16544,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16575,11 +16559,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-stores/azure-key-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16590,11 +16574,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16605,11 +16589,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-stores/hashicorp-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16620,11 +16604,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/secrets/secrets-stores/secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16635,11 +16619,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/app-specific-network-intelligence - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16650,11 +16634,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/container-runtimes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16665,11 +16649,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16680,11 +16664,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/host-defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16695,11 +16679,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/intel-stream - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16710,11 +16694,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16725,11 +16709,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/serverless-radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16740,11 +16724,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/technology-overviews - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16755,11 +16739,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/telemetry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16770,11 +16754,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/tls-v12-cipher-suites - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16785,11 +16769,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/twistlock-advanced-threat-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16800,11 +16784,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/technology-overviews/twistlock-rules-guide-docker - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16815,11 +16799,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/tools/tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16830,11 +16814,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/tools/twistcli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16845,11 +16829,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/tools/twistcli-console-install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16860,11 +16844,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/tools/twistcli-scan-code-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16875,11 +16859,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/tools/twistcli-scan-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16890,11 +16874,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/tools/update-intel-stream-offline - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16905,11 +16889,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16920,11 +16904,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16935,11 +16919,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16950,11 +16934,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-defender-daemonset - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16965,11 +16949,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-defender-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16980,11 +16964,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-defender-single-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -16995,11 +16979,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17010,11 +16994,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17025,11 +17009,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-onebox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17040,11 +17024,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17055,11 +17039,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/upgrade/upgrade-process-self-hosted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17070,11 +17054,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17085,11 +17069,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/base-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17100,11 +17084,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17115,11 +17099,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/cvss-scoring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17130,11 +17114,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/malware-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17145,11 +17129,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17160,11 +17144,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17175,11 +17159,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/nexus-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17190,11 +17174,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17205,11 +17189,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-acr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17220,11 +17204,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17235,11 +17219,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-artifactory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17250,11 +17234,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17265,11 +17249,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17280,11 +17264,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-ecr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17295,11 +17279,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17310,11 +17294,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-gitlab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17325,11 +17309,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17340,11 +17324,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-harbor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17355,11 +17339,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17370,11 +17354,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/scan-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17385,11 +17369,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/registry-scanning/webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17400,11 +17384,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17415,11 +17399,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/scan-procedure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17430,11 +17414,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/scan-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17445,11 +17429,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/search-cves - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17460,11 +17444,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/serverless-functions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17475,11 +17459,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/troubleshoot-vuln-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17490,11 +17474,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17505,11 +17489,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/vmware-tanzu-blobstore - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17520,11 +17504,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/vuln-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17535,11 +17519,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/vuln-management-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17550,11 +17534,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/vulnerability-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17565,11 +17549,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/vulnerability-management/windows-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17580,11 +17564,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/api-def-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17595,11 +17579,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deploy-oob-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17610,11 +17594,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deploy-oob-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17625,11 +17609,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deploy-waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17640,11 +17624,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17655,11 +17639,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17670,11 +17654,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17685,11 +17669,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-sanity-tests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17700,11 +17684,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17715,11 +17699,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-troubleshooting - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17730,11 +17714,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/deploy-waas/deployment-vpc-mirroring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17745,11 +17729,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17760,11 +17744,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/unprotected-web-apps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17775,11 +17759,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17790,11 +17774,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17805,11 +17789,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-advanced-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17820,11 +17804,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-analytics - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17835,11 +17819,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-api-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17850,11 +17834,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-api-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17865,11 +17849,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-app-firewall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17880,11 +17864,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-bot-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17895,11 +17879,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-custom-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17910,11 +17894,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-dos-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17925,11 +17909,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17940,11 +17924,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/waas/waas-intro - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17955,11 +17939,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17970,11 +17954,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/licensing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -17985,11 +17969,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/pcee-vs-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18000,11 +17984,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/product-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18015,11 +17999,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/releases - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18030,11 +18014,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/security-assurance-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18045,11 +18029,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18060,11 +18044,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/utilities-and-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18075,11 +18059,11 @@ https://docs.prismacloud.io/en/compute-edition/30/admin-guide/welcome/welcome - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud @@ -18090,11 +18074,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/get-help/get-help - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18105,11 +18089,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/get-help/get-help - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18120,11 +18104,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/get-help/related-documentation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18135,11 +18119,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/get-help/related-documentation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18150,11 +18134,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/get-help/request-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18165,11 +18149,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/get-help/request-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18180,11 +18164,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/known-issues-30-00 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18195,11 +18179,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18210,11 +18194,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18225,11 +18209,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-notes-30-00 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18240,11 +18224,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-notes-30-01-update1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18255,11 +18239,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-notes-30-01-update1-build-30-01-153 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18270,11 +18254,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-notes-30-02-update2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18285,11 +18269,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-notes-30-03-update3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18300,11 +18284,11 @@ https://docs.prismacloud.io/en/compute-edition/30/rn/release-information/release-notes-30-03-update3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud @@ -18315,5707 +18299,10518 @@ https://docs.prismacloud.io/en/compute-edition/31/admin-guide/access-control/access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/access-control/open-policy-agent - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/agentless-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/agentless-scanning-modes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/agentless-scanning-results - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/configure-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/configure-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/configure-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/onboard-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/onboard-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/agentless-scanning/onboard-accounts/onboard-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/alert-mechanism - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/aws-security-hub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/email - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/google-cloud-pub-sub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/google-cloud-scc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/ibm-cloud-security-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/jira - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/servicenow-sir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/servicenow-vr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/slack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/splunk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/webhook - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/xdr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/alerts/xsoar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/api/api - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/annotate-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/audit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/audit-admin-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/delete-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/event-viewer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/host-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/kubernetes-auditing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/log-rotation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/prometheus - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/audit/throttling - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/assign-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/aws-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/azure-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/credentials-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/gcp-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/gitlab-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/ibm-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/credentials-store/kubernetes-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/identity-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/login - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/non-default-upn-suffixes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/oauth2-github - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/oauth2-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/oidc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/openldap - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/saml - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/saml-active-directory-federation-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/saml-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/saml-google-g-suite - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/saml-ping-federate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/authentication/user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/cloud-service-providers/cloud-service-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/cloud-service-providers/configure-cloud-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/cis-benchmarks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/compliance-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/custom-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/detect-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/disa-stig-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/host-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/manage-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/oss-license-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/prisma-cloud-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/trusted-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/compliance/windows - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/authenticate-console-with-certs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/certificates - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/clustered-db - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/collections - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/configure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/configure-scan-intervals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/custom-certs-predefined-dir - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/custom-feeds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/customize-terminal-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/disaster-recovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/enable-http-access-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/logon-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/proxy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/reconfigure-twistlock - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/rule-ordering-pattern-matching - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/set-diff-paths-daemon-sets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/subject-alternative-names - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/tags - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/user-cert-validity-period - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/configure/wildfire - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/continuous-integration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/jenkins-freestyle-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/jenkins-maven-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/jenkins-pipeline-k8s - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/jenkins-pipeline-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/jenkins-plugin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/run-jenkins-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/continuous-integration/set-policy-ci-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/automated-deployment - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/caps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/deployment-patterns - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/high-availability - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/migrate-to-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/migration-options-for-scale-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/performance-planning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/deployment-patterns/projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/firewalls/cnns-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/firewalls/firewalls - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/configure-ecs-loadbalancer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/configure-listening-ports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/deploy-in-fips-mode - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/disable-automatic-learning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/howto - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/openshift-provision-tenant-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/review-debug-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/howto/twistcli-sandbox-third-party-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/cluster-context - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-ack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-acs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-aks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-eks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-iks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-onebox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/console-on-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/container-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-console/deploy-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/app-embedded/app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/container/container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/container/single-defender-cli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/defender-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/deploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/host/auto-defend-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/host/host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/host/windows-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/manage-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-gke - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/install-tas-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/orchestrator/orchestrator - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/redeploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/auto-defend-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/serverless/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/deploy-defender/uninstall-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/install/system-requirements - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/custom-runtime-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/image-analysis-sandbox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/import-export-individual-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/altered-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/backdoor-ssh-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/brute-force - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/crypto-miners - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/incident-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/kubernetes-attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/lateral-movement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/malware - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/others - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/port-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/reverse-shell - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/incident-types/suspicious-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-defense - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-defense-aggregation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-defense-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-defense-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-defense-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/runtime-defense/runtime-defense-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/inject-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/inject-secrets-example - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/integrate-with-secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-stores/aws-secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-stores/azure-key-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-stores/hashicorp-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/secrets/secrets-stores/secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/app-specific-network-intelligence - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/container-runtimes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/host-defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/intel-stream - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/serverless-radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/technology-overviews - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/telemetry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/tls-v12-cipher-suites - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/twistlock-advanced-threat-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/technology-overviews/twistlock-rules-guide-docker - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/tools/tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/tools/twistcli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/tools/twistcli-console-install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/tools/twistcli-scan-code-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/tools/twistcli-scan-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/tools/update-intel-stream-offline - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-defender-daemonset - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-defender-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-defender-single-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-onebox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/upgrade/upgrade-process-self-hosted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/base-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/cvss-scoring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/malware-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/nexus-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-acr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-artifactory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-ecr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-gitlab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-harbor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/scan-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/registry-scanning/webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/scan-procedure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/scan-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/search-cves - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/serverless-functions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/troubleshoot-vuln-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/vmware-tanzu-blobstore - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/vuln-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/vuln-management-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/vulnerability-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/vulnerability-management/windows-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/api-def-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deploy-oob-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deploy-oob-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deploy-waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-sanity-tests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-troubleshooting - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/deploy-waas/deployment-vpc-mirroring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/unprotected-web-apps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-advanced-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-analytics - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-api-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-api-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-app-firewall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-bot-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-custom-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-dos-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/waas/waas-intro - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/getting-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/licensing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/pcee-vs-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/product-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/releases - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/security-assurance-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/utilities-and-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/admin-guide/welcome/welcome - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Administrator’s Guide Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Administrator’s Guide 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/get-help/get-help - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/get-help/get-help - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/get-help/related-documentation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/get-help/related-documentation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/get-help/request-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/get-help/request-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/known-issues-31 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-notes-31-00 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-notes-31-01-update1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-notes-31-02-update2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-notes-31-02-update2-build-31-02-137 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-notes-31-03-update3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true https://docs.prismacloud.io/en/compute-edition/31/rn/release-information/release-notes-31-03-update3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Compute Edition Release Notes Prisma;Prisma Cloud prisma-cloud Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes 31 - true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/disa-stig - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/access-control/access-control + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/disa-stig-compliance-template/disa-stig-compliance-template - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/access-control/open-policy-agent + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/disa-stig-compliance-template/mapping - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/asd-v4-r11-cat1 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-modes + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/asd-v4-r11-cat2 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/agentless-scanning-results + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/asd-v4-r11-cat3 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-azure + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/findings - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-gcp + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/stig-asd-v4-r11 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/configure-oci + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/isolated-upgrades/isolated-upgrades - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-accounts + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/isolated-upgrades/releases - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-aws + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/methodology - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-azure + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/release-findings - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-gcp + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v22-12-415 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/agentless-scanning/onboard-accounts/onboard-oci + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v30-01-153 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/alert-mechanism + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v30-02-123 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/alerts + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v30-03-122 - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/aws-security-hub + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Prisma Cloud Compute Edition Public Sector + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/add-a-resource-list-on-prisma-cloud - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/email + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/add-prisma-cloud-users - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/google-cloud-pub-sub + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/add-service-account-prisma-cloud - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/google-cloud-scc + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/administration - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/ibm-cloud-security-advisor + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/alarm-center/alarm-center - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/jira + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/alarm-center/review-alarms - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/pagerduty + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/alarm-center/set-up-email-notifications-for-alarms - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/servicenow-sir + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/collections - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/servicenow-vr + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/slack + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/disable-pcds-and-offboard-aws-account - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/splunk + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/guidelines-for-optimizing-data-security-cost - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/webhook + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/asset-explorer - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/xdr + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-policies - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/alerts/xsoar + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-security-settings - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/api/api + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/exposure-evaluation - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/annotate-audits + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition + Prisma;Prisma Cloud-Administrator’s Guide + 32 true - https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/mask-sensitive-data-on-prisma-cloud - 2023-11-20T18:17:46.000Z + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/audit + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage - Content Collections + Administrator’s Guide Prisma;Prisma Cloud prisma-cloud - Prisma;Prisma Cloud-Content Collections + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/audit-admin-activity + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/delete-audit-logs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/event-viewer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/host-activity + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/kubernetes-auditing + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/log-rotation + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/logging + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/prometheus + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/audit/throttling + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/active-directory + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/assign-roles + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/authentication + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/aws-credentials + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/azure-credentials + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/credentials-store + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/gcp-credentials + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/gitlab-credentials + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/ibm-credentials + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/credentials-store/kubernetes-credentials + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/identity-providers + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/login + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/non-default-upn-suffixes + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/oauth2-github + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/oauth2-openshift + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/oidc + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/openldap + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/saml + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/saml-active-directory-federation-services + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/saml-azure-active-directory + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/saml-google-g-suite + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/saml-ping-federate + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/authentication/user-roles + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-accounts-discovery-pcce + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/cloud-service-providers/cloud-service-providers + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/cloud-service-providers/configure-cloud-discovery + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/app-embedded-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/cis-benchmarks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/compliance + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/compliance-explorer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/custom-compliance-checks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/detect-secrets + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/disa-stig-compliance-checks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/host-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/manage-compliance + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/oss-license-management + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/prisma-cloud-compliance-checks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/serverless + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/trusted-images + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/vm-image-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/compliance/windows + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/authenticate-console-with-certs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/certificates + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/clustered-db + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/collections + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/configure + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/configure-scan-intervals + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/custom-certs-predefined-dir + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/custom-feeds + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/customize-terminal-output + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/disaster-recovery + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/enable-http-access-console + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/log-scrubbing + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/logon-settings + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/permissions + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/proxy + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/reconfigure-twistlock + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/rule-ordering-pattern-matching + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/set-diff-paths-daemon-sets + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/subject-alternative-names + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/tags + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/user-cert-validity-period + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/configure/wildfire + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/code-repo-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/continuous-integration + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/jenkins-freestyle-project + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/jenkins-maven-project + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/jenkins-pipeline-k8s + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/jenkins-pipeline-project + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/jenkins-plugin + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/run-jenkins-container + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/continuous-integration/set-policy-ci-plugins + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/automated-deployment + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/best-practices-dns-cert-mgmt + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/caps + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/deployment-patterns + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/high-availability + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/migrate-to-saas + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/migration-options-for-scale-projects + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/performance-planning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/deployment-patterns/projects + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/firewalls/firewalls + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/configure-ecs-loadbalancer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/configure-listening-ports + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/deploy-in-fips-mode + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/disable-automatic-learning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/howto + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/openshift-provision-tenant-projects + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/review-debug-logs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/howto/twistcli-sandbox-third-party-scan + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/cluster-context + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-ack + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-acs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-amazon-ecs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-eks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-fargate + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-iks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-kubernetes + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-onebox + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-openshift + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/container-images + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/deploy-console + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/app-embedded + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-mon + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/config-app-embedded-fs-protection + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/container/container + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/container/single-defender-cli + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/defender-types + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/deploy-defender + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/host/auto-defend-host + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/host/host + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/host/windows-host + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/manage-defender + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-amazon-ecs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-cluster-container-defender + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-defender-gcp-marketplace + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-gke-autopilot + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-kubernetes-cri + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/install-tas-defender + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/openshift + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/redeploy-defender + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/auto-defend-serverless + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/install-serverless-defender-layer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/serverless/serverless + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/uninstall-defender + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/getting-started + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/install + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/system-requirements + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/attack + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/custom-runtime-rules + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/image-analysis-sandbox + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/import-export-individual-rules + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-explorer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/altered-binary + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-admin-accounts + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/backdoor-ssh-access + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/brute-force + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/crypto-miners + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/execution-flow-hijack-attempt + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/incident-types + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/kubernetes-attack + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/lateral-movement + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/malware + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/others + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/port-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/reverse-shell + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/incident-types/suspicious-binary + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-audits + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-aggregation + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-app-embedded + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-containers + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-hosts + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/runtime-defense/runtime-defense-serverless + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/inject-secrets + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/inject-secrets-example + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/integrate-with-secrets-stores + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-manager + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-secrets-manager + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-stores/aws-systems-manager-parameters-store + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-stores/azure-key-vault + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-stores/cyberark-enterprise-password-vault + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-stores/hashicorp-vault + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/secrets/secrets-stores/secrets-stores + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/app-specific-network-intelligence + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/container-runtimes + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/defender-architecture + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/host-defender-architecture + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/intel-stream + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/radar + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/serverless-radar + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/technology-overviews + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/telemetry + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/tls-v12-cipher-suites + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/twistlock-advanced-threat-protection + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/twistlock-rules-guide-docker + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/tools/tools + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/tools/twistcli + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/tools/twistcli-console-install + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/tools/twistcli-scan-code-repos + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/tools/twistcli-scan-images + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/tools/update-intel-stream-offline + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/support-lifecycle + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-amazon-ecs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-daemonset + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-helm + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-defender-single-container + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-helm + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-kubernetes + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-onebox + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-openshift + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/upgrade/upgrade-process-self-hosted + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/app-embedded-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/base-images + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/code-repo-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/cvss-scoring + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/malware-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/prisma-cloud-vulnerability-feed + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/configure-registry-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/nexus-registry + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/registry-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-acr + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-alibaba-container-registry + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-artifactory + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-coreos-quay + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-docker-registry-v2 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ecr + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gcr + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-gitlab + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-google-artifact-registry + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-harbor + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-ibm-cloud-container-registry + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/scan-openshift + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/registry-scanning/webhooks + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/scan-images-for-custom-vulnerabilities + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/scan-procedure + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/scan-reports + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/search-cves + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/serverless-functions + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/troubleshoot-vuln-detection + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vm-image-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vmware-tanzu-blobstore + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vuln-explorer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vuln-management-rules + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vulnerability-management + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/windows-image-scanning + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/api-def-scan + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-containers + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-oob-hosts + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deploy-waas + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-app-embedded + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-containers + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-hosts + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-sanity-tests + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-serverless + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-troubleshooting + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/deploy-waas/deployment-vpc-mirroring + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/log-scrubbing + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/unprotected-web-apps + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-access-control + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-advanced-settings + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-analytics + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-api-discovery + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-api-protection + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-app-firewall + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-bot-protection + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-custom-rules + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-dos-protection + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-explorer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/waas/waas-intro + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/getting-started + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/licensing + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/pcee-vs-pcce + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/product-architecture + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/releases + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/security-assurance-policy + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/support-lifecycle + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/utilities-and-plugins + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/admin-guide/welcome/welcome + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Administrator’s Guide + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Administrator’s Guide + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/get-help/get-help + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/get-help/get-help + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/get-help/related-documentation + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/get-help/related-documentation + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/get-help/request-support + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/get-help/request-support + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/release-information/known-issues-32 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/release-information/release-information + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/release-information/release-information + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/release-information/release-notes-32-00 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/release-information/release-notes-32-01 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/32/rn/release-information/release-notes-32-01 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Release Notes + 32 + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/disa-stig + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/disa-stig-compliance-template/disa-stig-compliance-template + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/disa-stig-compliance-template/mapping + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/asd-v4-r11-cat1 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/asd-v4-r11-cat2 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/asd-v4-r11-cat3 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/findings + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/disa-stig/stig-asd-v4-r11/stig-asd-v4-r11 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/isolated-upgrades/isolated-upgrades + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/isolated-upgrades/releases + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/methodology + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/release-findings + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v22-12-415 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v30-01-153 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v30-02-123 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/compute-edition/public-sector/release-findings/v30-03-122 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Compute Edition Public Sector + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Compute Edition Public Sector + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/add-a-resource-list-on-prisma-cloud + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/add-prisma-cloud-users + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/add-service-account-prisma-cloud + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/administration + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/alarm-center/alarm-center + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/alarm-center/review-alarms + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/alarm-center/set-up-email-notifications-for-alarms + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/collections + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/disable-pcds-and-offboard-aws-account + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/guidelines-for-optimizing-data-security-cost + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/asset-explorer + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-policies + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/data-security-settings + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/exposure-evaluation + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/mask-sensitive-data-on-prisma-cloud + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections Enterprise Edition true https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/monitor-data-security-scan - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24027,11 +28822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/object-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24043,11 +28838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/monitor-data-security-scan/supported-file-extensions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24059,11 +28854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/add-a-common-s3-bucket-for-aws-cloudtrail - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24075,11 +28870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24091,11 +28886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-aws-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24107,11 +28902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/data-security-for-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24123,11 +28918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/edit-an-existing-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24139,11 +28934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/subscribe-to-data-security/subscribe-to-data-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24155,11 +28950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/troubleshoot-data-security-errors - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24171,11 +28966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/what-is-included-with-prisma-cloud-data-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24187,11 +28982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/add-notification-template - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24203,11 +28998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/configure-external-integrations-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24219,11 +29014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-guardduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24235,11 +29030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-s3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24251,11 +29046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24267,11 +29062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-inspector - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24283,11 +29078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-aws-security-hub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24299,11 +29094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24315,11 +29110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-cortex-xsoar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24331,11 +29126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-google-cloud-security-command-center - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24347,11 +29142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-jira - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24363,11 +29158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-microsoft-teams - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24379,11 +29174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24395,11 +29190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-qualys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24411,11 +29206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-servicenow - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24427,11 +29222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-slack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24443,11 +29238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-splunk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24459,11 +29254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-tenable - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24475,11 +29270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24491,11 +29286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrations-feature-support - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24507,11 +29302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/prisma-cloud-integrations - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24523,11 +29318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/configure-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24539,11 +29334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/context-used-to-calculate-effective-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24555,11 +29350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/enable-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24571,11 +29366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-aws-id-center - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24587,11 +29382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-idp-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24603,11 +29398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24619,11 +29414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/investigate-iam-incidents-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24635,11 +29430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/remediate-alerts-for-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24651,11 +29446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/what-is-prisma-cloud-iam-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24667,11 +29462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24683,11 +29478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-custom-permission-groups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24699,11 +29494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-manage-account-groups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24715,11 +29510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-prisma-cloud-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24731,11 +29526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/define-prisma-cloud-enterprise-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24747,11 +29542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/manage-prisma-cloud-administrators - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24763,11 +29558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/manage-roles-in-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24779,11 +29574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/manage-your-prisma-cloud-profile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24795,11 +29590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24811,11 +29606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-administrator-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24827,11 +29622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-licenses - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24843,11 +29638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-oidc-sso/get-started-with-oidc-sso - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24859,11 +29654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-oidc-sso/set-up-oidc-on-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24875,11 +29670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-oidc-sso/set-up-oidc-on-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24891,11 +29686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/get-started-with-saml-sso - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24907,11 +29702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/set-up-jit-on-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24923,11 +29718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-adfs-sso-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24939,11 +29734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-google - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24955,11 +29750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-jit-on-onelogin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24971,11 +29766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-google - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -24987,11 +29782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-microsoft-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25003,11 +29798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-okta - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25019,11 +29814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/get-started-with-saml-sso/setup-sso-integration-on-prisma-cloud-for-onelogin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25035,11 +29830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/setup-sso-integration-on-prisma-cloud/setup-sso-integration-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25051,11 +29846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/subscribe-to-cdem - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25067,11 +29862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/trusted-ip-addresses-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25083,11 +29878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/view-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25099,11 +29894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/alert-notifications - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25115,11 +29910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/alert-notifications-state-changes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25131,11 +29926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25147,11 +29942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/create-an-alert-rule-cloud-infrastructure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25163,11 +29958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/create-an-alert-rule-cloud-workloads - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25179,11 +29974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25195,11 +29990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/risk-prioritization-remediation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25211,11 +30006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/send-prisma-cloud-alert-notifications-to-third-party-tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25227,11 +30022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/suppress-alerts-for-prisma-cloud-anomaly-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25243,11 +30038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25259,11 +30054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/application-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25275,11 +30070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/familiarize-application-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25291,11 +30086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/add-pre-receive-hooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25307,11 +30102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/application-security-license-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25323,11 +30118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/application-security-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25339,11 +30134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/enable-notifications - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25355,11 +30150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/application-security-settings/exclude-paths - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25371,11 +30166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/add-private-registries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25387,11 +30182,27 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-aws-codebuild - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-azure-pipelines + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25403,11 +30214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-checkov - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25419,11 +30230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-circleci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25435,11 +30246,27 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-github-actions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-gitlab-runner + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25451,11 +30278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-jenkins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25467,11 +30294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-terraform-cloud-sentinel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25483,11 +30310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-terraform-enterprise - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25499,11 +30326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-terraform-enterprise-run-tasks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25515,11 +30342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/add-terraform-run-tasks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25531,11 +30358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-runs/ci-cd-runs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25547,11 +30374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-systems/add-circleci-cicd-system - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25563,11 +30390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-systems/add-jenkins-cicd-system - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25579,11 +30406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ci-cd-systems/ci-cd-systems - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25595,11 +30422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-azurerepos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25611,11 +30438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-bitbucket - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25627,11 +30454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-bitbucket-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25643,11 +30470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-github - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25659,11 +30486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-github-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25675,11 +30502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25691,11 +30518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab-selfmanaged - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25707,11 +30534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/code-repositories - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25723,11 +30550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/connect-code-and-build-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25739,11 +30566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/connect-jetbrains - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25755,11 +30582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/connect-vscode - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25771,11 +30598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/ides/ides - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25787,11 +30614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/enable-application-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25803,11 +30630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/get-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25819,11 +30646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-docker - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25835,11 +30662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/deploy-transporter-helmcharts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25851,11 +30678,43 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/manage-network-tunnel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/select-transporter-domain-consistency + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/manage-network-tunnel/transporter-connectivity-overview + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25867,11 +30726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/manage-roles-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25883,11 +30742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/ci-cd-risks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25899,11 +30758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/drift-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25915,11 +30774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/enforcement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25931,11 +30790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/fix-code-issues - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25947,11 +30806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-and-manage-code-build - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25963,11 +30822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/monitor-code-build-issues - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25979,11 +30838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/secrets-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -25995,11 +30854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/software-composition-analysis/license-compliance-in-sca - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26011,11 +30870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/software-composition-analysis/software-composition-analysis - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26027,11 +30886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/software-composition-analysis/supported-package-managers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26043,11 +30902,27 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/suppress-code-issues - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/terraform-module-scan + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26059,11 +30934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/traceability-and-tagging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26075,11 +30950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/monitor-and-manage-code-build/unused-resources - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26091,11 +30966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/risk-management/risk-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26107,11 +30982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/supported-technologies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26123,11 +30998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/repositories - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26139,11 +31014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/sbom - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26155,11 +31030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/technologies/jenkins-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26171,11 +31046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/technologies/pipeline-tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26187,11 +31062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/technologies/technologies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26203,11 +31078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/technologies/technology-overview - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26219,11 +31094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/technologies/vcs-third-parties - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26235,11 +31110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/visibility - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26251,11 +31126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/api-endpoints-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26267,11 +31142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/asset-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26283,11 +31158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/cdem-unmanaged-assets-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26299,11 +31174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/cloud-and-software-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26315,11 +31190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/compute-workloads-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26331,11 +31206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/data-inventory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26347,11 +31222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/cloud-and-software-inventory/iac-resources - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26363,11 +31238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/compliance/compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26379,11 +31254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/compliance/compliance-standards - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26395,11 +31270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/compliance/custom-compliance-standard - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26411,11 +31286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/compliance/new-compliance-report - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26427,11 +31302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26443,11 +31318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/cloud-service-provider-regions-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26459,11 +31334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/connect-cloud-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26475,11 +31350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/add-aws-member-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26491,11 +31366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/automate-aws-onboarding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26507,11 +31382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/aws-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26523,11 +31398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26539,11 +31414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-data-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26555,11 +31430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-dns-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26571,11 +31446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-findings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26587,11 +31462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/configure-flow-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26603,11 +31478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/manually-set-up-prisma-cloud-role-for-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26619,11 +31494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26635,11 +31510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26651,11 +31526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/onboard-aws-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26667,11 +31542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/prisma-cloud-on-aws-china - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26683,11 +31558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/troubleshoot-aws-errors - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26699,11 +31574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-aws-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26715,11 +31590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-aws-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26731,11 +31606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-aws/update-onboarded-aws-accnt-to-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26747,11 +31622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/create-custom-role-on-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26763,11 +31638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-organization - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26779,11 +31654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/enable-flow-logs-for-gcp-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26795,11 +31670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/flow-logs-compression - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26811,11 +31686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/gcp-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26827,11 +31702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26843,11 +31718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26859,11 +31734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/onboard-gcp-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26875,11 +31750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/prerequisites-to-onboard-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26891,11 +31766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-gcp/update-onboarded-gcp-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26907,11 +31782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-alibaba-account/add-alibaba-cloud-account-to-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26923,11 +31798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-alibaba-account/alibaba-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26939,11 +31814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-alibaba-account/manage-alibaba-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26955,11 +31830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-alibaba-account/onboard-your-alibaba-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26971,11 +31846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-alibaba-account/set-up-your-alibaba-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -26987,11 +31862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/authorize-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27003,11 +31878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27019,11 +31894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-active-directory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27035,11 +31910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-subscription - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27051,11 +31926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/connect-azure-tenant - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27067,11 +31942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/edit-onboarded-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27083,11 +31958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/microsoft-azure-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27099,11 +31974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/onboard-your-azure-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27115,11 +31990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/troubleshoot-azure-account-onboarding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27131,11 +32006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-azure-account/update-azure-application-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27147,11 +32022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/add-oci-tenant-to-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27163,11 +32038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/data-ingestion-for-child-compartment - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27179,11 +32054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/manage-an-onboarded-oci-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27195,11 +32070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/oci-apis-ingested-by-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27211,11 +32086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/onboard-your-oci-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27227,11 +32102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/permissions-required-for-oci-tenant-on-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27243,11 +32118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/rotate-access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27259,11 +32134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-cloud-accounts/onboard-your-oci-account/update-oci-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27275,11 +32150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-code-and-build-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27291,11 +32166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/connect-image-registries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27307,11 +32182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/connect/deploy-defenders - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27323,11 +32198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/create-and-manage-dashboards - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27339,11 +32214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27355,11 +32230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-application-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27371,11 +32246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-code-to-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27387,11 +32262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-command-center - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27403,11 +32278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-discovery-exposure-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27419,11 +32294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-get-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27435,11 +32310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/dashboards/dashboards-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27451,11 +32326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27467,11 +32342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/access-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27483,11 +32358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/adoption-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27499,11 +32374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/console-prerequisites - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27515,11 +32390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/get-going - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27531,11 +32406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/get-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27547,11 +32422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/prisma-cloud-platform - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27563,11 +32438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/welcome-to-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27579,11 +32454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/anomaly-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27595,11 +32470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/attack-path-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27611,11 +32486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/create-a-network-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27627,11 +32502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/create-a-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27643,11 +32518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/create-an-iam-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27659,11 +32534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/custom-build-policies/code-editor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27675,11 +32550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/custom-build-policies/custom-build-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27691,11 +32566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/custom-build-policies/custom-build-policy-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27707,11 +32582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/custom-build-policies/visual-editor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27723,11 +32598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/governance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27739,11 +32614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/manage-prisma-cloud-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27755,11 +32630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/prisma-cloud-threat-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27771,11 +32646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/governance/workload-protection-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27787,11 +32662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/reports/create-and-manage-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27803,11 +32678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/reports/prisma-cloud-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27819,11 +32694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/reports/reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27835,11 +32710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/access-control/access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27851,11 +32726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/access-control/open-policy-agent - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27867,11 +32742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27883,11 +32758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning-modes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27899,11 +32774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/agentless-scanning-results - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27915,11 +32790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-aws - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27931,11 +32806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-azure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27947,11 +32822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-gcp - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27963,11 +32838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/configure-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27979,11 +32854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -27995,11 +32870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/agentless-scanning/onboard-accounts/onboard-oci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28011,11 +32886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/alert-mechanism - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28027,11 +32902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/alerts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28043,11 +32918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/email - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28059,11 +32934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/google-cloud-pub-sub - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28075,11 +32950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/ibm-cloud-security-advisor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28091,11 +32966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/pagerduty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28107,11 +32982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/alerts/xdr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28123,11 +32998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/api/api - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28139,11 +33014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/annotate-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28155,11 +33030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/audit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28171,11 +33046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/audit-admin-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28187,11 +33062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/delete-audit-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28203,11 +33078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/event-viewer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28219,11 +33094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/host-activity - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28235,11 +33110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/kubernetes-auditing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28251,11 +33126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/log-rotation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28267,11 +33142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28283,11 +33158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/prometheus - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28299,11 +33174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/review-debug-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28315,11 +33190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/audit/throttling - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28331,11 +33206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/access-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28347,11 +33222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/assign-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28363,11 +33238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28379,11 +33254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/aws-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28395,11 +33270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/azure-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28411,11 +33286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/credentials-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28427,11 +33302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/gcp-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28443,11 +33318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/gitlab-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28459,11 +33334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/ibm-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28475,11 +33350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/credentials-store/kubernetes-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28491,11 +33366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/prisma-cloud-user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28507,11 +33382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/authentication/user-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28523,11 +33398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/cloud-service-providers/cloud-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28539,11 +33414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/cloud-service-providers/cloud-service-providers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28555,11 +33430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/cloud-service-providers/use-cloud-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28571,11 +33446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28587,11 +33462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/app-embedded-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28603,11 +33478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/detect-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28619,11 +33494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/host-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28635,11 +33510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/manage-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28651,11 +33526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/operations - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28667,11 +33542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/oss-license-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28683,11 +33558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/trusted-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28699,11 +33574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/operations/vm-image-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28715,11 +33590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/cis-benchmarks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28731,11 +33606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/compliance-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28747,11 +33622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/custom-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28763,11 +33638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/disa-stig-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28779,11 +33654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/prisma-cloud-compliance-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28795,11 +33670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28811,11 +33686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/visibility - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28827,11 +33702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/compliance/visibility/windows - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28843,11 +33718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/authenticate-console-with-certs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28859,11 +33734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/certificates - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28875,11 +33750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/collections - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28891,11 +33766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/configure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28907,11 +33782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/configure-scan-intervals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28923,11 +33798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/custom-feeds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28939,11 +33814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/customize-terminal-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28955,11 +33830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/disaster-recovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28971,11 +33846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/enable-http-access-console - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -28987,11 +33862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29003,11 +33878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29019,11 +33894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/proxy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29035,11 +33910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/rule-ordering-pattern-matching - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29051,11 +33926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/set-diff-paths-daemon-sets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29067,11 +33942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/tags - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29083,11 +33958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/user-cert-validity-period - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29099,11 +33974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/configure/wildfire - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29115,11 +33990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/code-repo-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29131,11 +34006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/continuous-integration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29147,11 +34022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/jenkins-freestyle-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29163,11 +34038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/jenkins-maven-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29179,11 +34054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/jenkins-pipeline-k8s - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29195,11 +34070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/jenkins-pipeline-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29211,11 +34086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/jenkins-plugin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29227,11 +34102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/run-jenkins-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29243,11 +34118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/continuous-integration/set-policy-ci-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29259,11 +34134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/best-practices-dns-certificate-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29275,11 +34150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/caps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29291,11 +34166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/deployment-patterns - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29307,27 +34182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/deployment-patterns/performance-planning - 2023-11-20T18:17:46.000Z - weekly - 1.0 - - 2023-11-20T18:17:46.000Z - bookDetailPage - Content Collections - Prisma;Prisma Cloud - prisma-cloud - Prisma;Prisma Cloud-Content Collections - Enterprise Edition - true - - - - https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/firewalls/cnns-saas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29339,11 +34198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/firewalls/firewalls - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29355,11 +34214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/cluster-context - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29371,11 +34230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/app-embedded/app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29387,11 +34246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/app-embedded/configure-app-embedded-fs-mon - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29403,11 +34262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/app-embedded/configure-app-embedded-fs-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29419,11 +34278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/app-embedded/deploy-app-embedded-defender-aci - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29435,11 +34294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/app-embedded/deploy-app-embedded-defender-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29451,11 +34310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/app-embedded/install-app-embedded-defender-fargate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29467,11 +34326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29483,11 +34342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/single-defender-cli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29499,11 +34358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29515,11 +34374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/defender-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29531,11 +34390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/deploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29547,11 +34406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/auto-defend-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29563,11 +34422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29579,11 +34438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/host-defender-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29595,11 +34454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/windows-host - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29611,11 +34470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29627,11 +34486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/cluster-container-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29643,11 +34502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/declarative-object - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29659,11 +34518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/defender-gcp-marketplace - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29675,11 +34534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/gke - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29691,11 +34550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/gke-autopilot - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29707,11 +34566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29723,11 +34582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/kubernetes-cri - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29739,11 +34598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29755,11 +34614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/kubernetes/tas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29771,11 +34630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/manage-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29787,11 +34646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/redeploy-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29803,11 +34662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/auto-defend-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29819,11 +34678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/lambda-layer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29835,11 +34694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/serverless/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29851,11 +34710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/uninstall-defender - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29867,11 +34726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/get-started - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29883,11 +34742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29899,11 +34758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/install/system-requirements - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29915,11 +34774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/pcee-vs-pcce - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29931,11 +34790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/rs-architecture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29947,11 +34806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/rs-support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29963,11 +34822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29979,11 +34838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/custom-runtime-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -29995,11 +34854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/disable-automatic-learning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30011,11 +34870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/event-aggregation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30027,11 +34886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/image-analysis-sandbox - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30043,11 +34902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/import-export-individual-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30059,11 +34918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30075,11 +34934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/altered-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30091,11 +34950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/backdoor-admin-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30107,11 +34966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/backdoor-ssh-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30123,11 +34982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/brute-force - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30139,11 +34998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/crypto-miners - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30155,11 +35014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/execution-flow-hijack-attempt - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30171,11 +35030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/incident-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30187,11 +35046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/kubernetes-attack - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30203,11 +35062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/lateral-movement - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30219,11 +35078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/malware - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30235,11 +35094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/others - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30251,11 +35110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/port-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30267,11 +35126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/reverse-shell - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30283,11 +35142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/incident-types/suspicious-binary - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30299,11 +35158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-audits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30315,11 +35174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-defense - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30331,11 +35190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-defense-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30347,11 +35206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-defense-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30363,11 +35222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-defense-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30379,11 +35238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-defense-serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30395,11 +35254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30411,11 +35270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/advanced-threat-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30427,11 +35286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/app-specific-network-intelligence - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30443,11 +35302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/container-runtimes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30459,11 +35318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/intelligence-stream - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30475,11 +35334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/licensing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30491,11 +35350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/maintenance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30507,11 +35366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/licensing/security-assurance-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30523,11 +35382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/nat-gateway-ip-addresses - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30539,11 +35398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30555,11 +35414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/rules-guide - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30571,11 +35430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/runtime-security-components - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30587,11 +35446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/serverless-radar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30603,11 +35462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/telemetry - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30619,11 +35478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/tls-v12-cipher-suites - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30635,11 +35494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-security-components/utilities-and-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30651,11 +35510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/inject-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30667,11 +35526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/inject-secrets-example - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30683,11 +35542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/integrate-with-secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30699,11 +35558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30715,11 +35574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30731,11 +35590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-stores/aws-secrets-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30747,11 +35606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-stores/aws-systems-manager-parameters-store - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30763,11 +35622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-stores/azure-key-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30779,11 +35638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-stores/cyberark-enterprise-password-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30795,11 +35654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-stores/hashicorp-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30811,11 +35670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/secrets/secrets-stores/secrets-stores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30827,11 +35686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/tools/tools - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30843,11 +35702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/tools/twistcli - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30859,11 +35718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/tools/twistcli-scan-code-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30875,11 +35734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/tools/twistcli-scan-iac - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30891,11 +35750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/tools/twistcli-scan-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30907,11 +35766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/support-lifecycle - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30923,11 +35782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30939,11 +35798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-amazon-ecs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30955,11 +35814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-daemonset - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30971,11 +35830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-defender-single-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -30987,11 +35846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-helm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31003,11 +35862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31019,11 +35878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31035,11 +35894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/upgrade-process - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31051,11 +35910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/base-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31067,11 +35926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/cve-viewer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31083,11 +35942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/cvss-scoring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31099,11 +35958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/malware-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31115,11 +35974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/prisma-cloud-vulnerability-feed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31131,11 +35990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/configure-registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31147,11 +36006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/registry-scanning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31163,11 +36022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-acr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31179,11 +36038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-alibaba - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31195,11 +36054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-artifactory - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31211,11 +36070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-coreos-quay - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31227,11 +36086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-docker - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31243,11 +36102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-ecr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31259,11 +36118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-gar - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31275,11 +36134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-gcr - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31291,11 +36150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-gitlab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31307,11 +36166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-harbor - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31323,11 +36182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-ibm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31339,11 +36198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-nexus - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31355,11 +36214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/scan-openshift - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31371,11 +36230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/registry-scanning/webhooks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31387,11 +36246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31403,11 +36262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-blobstore - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31419,11 +36278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-code-repository - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31435,11 +36294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-custom-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31451,11 +36310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-process - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31467,11 +36326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-reports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31483,11 +36342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-serverless-functions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31499,11 +36358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-vm-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31515,11 +36374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/scan-windows-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31531,11 +36390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/troubleshoot-vulnerability-detection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31547,11 +36406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31563,11 +36422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31579,11 +36438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/vulnerability-management/vulnerability-management-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31595,11 +36454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/app-embedded - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31611,11 +36470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31627,11 +36486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/deploy-waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31643,11 +36502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31659,11 +36518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/oob-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31675,11 +36534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/oob-hosts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31691,11 +36550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/sanity-tests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31707,11 +36566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/serverless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31723,11 +36582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/troubleshooting - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31739,11 +36598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/deploy-waas/vpc-mirroring - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31755,11 +36614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/detect-unprotected-web-apps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31771,11 +36630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/log-scrubbing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31787,11 +36646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/scan-api-definition - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31803,11 +36662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31819,11 +36678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-access-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31835,11 +36694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-advanced-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31851,11 +36710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-analytics - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31867,11 +36726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-api-discovery - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31883,11 +36742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-api-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31899,11 +36758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-app-firewall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31915,11 +36774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-bot-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31931,11 +36790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-custom-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31947,11 +36806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-dos-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31963,11 +36822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/waas/waas-explorer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31979,11 +36838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/application-asset-queries/application-asset-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -31995,11 +36854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/application-asset-queries/application-asset-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32011,11 +36870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32027,11 +36886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32043,11 +36902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/asset-config-queries/asset-config-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32059,11 +36918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/asset-queries/asset-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32075,11 +36934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/asset-queries/asset-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32091,11 +36950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/audit-event-queries/audit-event-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32107,11 +36966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/audit-event-queries/audit-event-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32123,11 +36982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/audit-event-queries/audit-event-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32139,11 +36998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/build-modify-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32155,11 +37014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/explore-data - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32171,11 +37030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/launch-your-query - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32187,11 +37046,43 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-attributes + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-config-query-examples + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32203,11 +37094,43 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-attributes + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-flow-query-examples + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32219,11 +37142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/network-queries/network-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32235,11 +37158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32251,11 +37174,27 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-conditions + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32267,11 +37206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32283,11 +37222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/query-library - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32299,11 +37238,59 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/query-types - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/rql-examples + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/rql-faqs + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Content Collections + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Content Collections + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/rql-operators + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32315,11 +37302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/search-and-investigate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32331,11 +37318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-queries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32347,11 +37334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-attributes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32363,11 +37350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/content-collections/search-and-investigate/vulnerability-queries/vulnerability-query-examples - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Content Collections Prisma;Prisma Cloud @@ -32379,11 +37366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/alibaba-general-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32395,11 +37382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-database-instance-is-not-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32411,11 +37398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-disk-is-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32427,11 +37414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-disk-is-encrypted-with-customer-master-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32443,11 +37430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-kms-key-rotation-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32459,11 +37446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-mongodb-has-transparent-data-encryption-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32475,11 +37462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-has-transfer-acceleration-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32491,11 +37478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-has-versioning-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32507,11 +37494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-is-encrypted-with-customer-master-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32523,11 +37510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-oss-bucket-is-not-accessible-to-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32539,11 +37526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-has-log-disconnections-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32555,11 +37542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-has-log-disconnections-enabled-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32571,11 +37558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-has-log-duration-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32587,11 +37574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-instance-is-set-to-perform-auto-upgrades-for-minor-versions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32603,11 +37590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-cloud-rds-log-audit-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32619,11 +37606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-general-policies/ensure-alibaba-rds-instance-has-log-connections-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32635,11 +37622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/alibaba-iam-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32651,11 +37638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-account-maximal-login-attempts-is-less-than-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32667,11 +37654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-enforces-mfa - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32683,11 +37670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-expires-passwords-within-90-days-or-less - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32699,11 +37686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-prevents-password-reuse - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32715,11 +37702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-requires-at-least-one-lowercase-letter - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32731,11 +37718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-requires-at-least-one-number - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32747,11 +37734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-requires-at-least-one-symbol - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32763,11 +37750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-requires-at-least-one-uppercase-letter - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32779,11 +37766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-iam-policies/ensure-alibaba-cloud-ram-password-policy-requires-minimum-length-of-14-or-greater - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32795,11 +37782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-kubernetes-policies/alibaba-kubernetes-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32811,11 +37798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-kubernetes-policies/ensure-alibaba-cloud-kubernetes-installs-plugin-terway-or-flannel-to-support-standard-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32827,11 +37814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-kubernetes-policies/ensure-alibaba-cloud-kubernetes-node-pools-are-set-to-auto-repair - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32843,11 +37830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/alibaba-logging-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32859,11 +37846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-action-trail-logging-for-all-events - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32875,11 +37862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-action-trail-logging-for-all-regions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32891,11 +37878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-oss-bucket-has-access-logging-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32907,11 +37894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-rds-instance-sql-collector-retention-period-should-be-greater-than-180 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32923,11 +37910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-logging-policies/ensure-alibaba-cloud-transparent-data-encryption-is-enabled-on-instance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32939,11 +37926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/alibaba-networking-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32955,11 +37942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-alb-acl-restricts-public-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32971,11 +37958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-api-gateway-api-protocol-uses-https - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -32987,11 +37974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-cypher-policy-is-secured - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33003,11 +37990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-mongodb-instance-is-not-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33019,11 +38006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-mongodb-instance-uses-ssl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33035,11 +38022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-mongodb-is-deployed-inside-a-vpc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33051,11 +38038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-alibaba-cloud-rds-instance-uses-ssl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33067,11 +38054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-no-alibaba-cloud-security-groups-allow-ingress-from-00000-to-port-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33083,11 +38070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-networking-policies/ensure-no-alibaba-cloud-security-groups-allow-ingress-from-00000-to-port-3389 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33099,11 +38086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/alibaba-policies/alibaba-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33115,11 +38102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/api-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33131,11 +38118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-if-the-security-scheme-is-not-of-type-oauth2-the-array-value-must-be-empty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33147,11 +38134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-security-operations-is-not-empty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33163,11 +38150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-security-requirement-defined-in-securitydefinitions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33179,11 +38166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-security-schemes-dont-allow-cleartext-credentials-over-unencrypted-channel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33195,11 +38182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-securitydefinitions-is-defined-and-not-empty - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33211,11 +38198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-the-global-security-field-has-rules-defined - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33227,11 +38214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/openapi-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33243,11 +38230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/autoscaling-groups-should-supply-tags-to-launch-configurations - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33259,11 +38246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/aws-general-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33275,11 +38262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-100 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33291,11 +38278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-101 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33307,11 +38294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-102 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33323,11 +38310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-103 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33339,11 +38326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-104 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33355,11 +38342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-105 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33371,11 +38358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-106 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33387,11 +38374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-107 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33403,11 +38390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-109 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33419,11 +38406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-110 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33435,11 +38422,27 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-111 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-112 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33451,11 +38454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33467,11 +38470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-23 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33483,11 +38486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-24 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33499,11 +38502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-26 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33515,11 +38518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-27 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33531,11 +38534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-28 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33547,11 +38550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-29 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33563,11 +38566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-30 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33579,11 +38582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-31 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33595,11 +38598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-32 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33611,11 +38614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-33 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33627,11 +38630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-37 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33643,11 +38646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-38 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33659,11 +38662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-39 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33675,11 +38678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-40 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33691,11 +38694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-41 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33707,11 +38710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-42 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33723,11 +38726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-43 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33739,11 +38742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-47 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33755,11 +38758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-97 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33771,11 +38774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-99 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33787,11 +38790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-logging-32 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33803,11 +38806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-networking-62 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33819,11 +38822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-storage-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33835,11 +38838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-api-gateway-caching-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33851,11 +38854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-acm-certificates-has-logging-preference - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33867,11 +38870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-all-data-stored-in-the-elasticsearch-domain-is-encrypted-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33883,11 +38886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-ami-copying-uses-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33899,11 +38902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-ami-launch-permissions-are-limited - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33915,11 +38918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-amis-are-encrypted-by-key-management-service-kms-using-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33931,11 +38934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-api-deployments-enable-create-before-destroy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33947,11 +38950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-api-gateway-caching-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33963,11 +38966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-api-gateway-domain-uses-a-modern-security-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33979,11 +38982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-api-gateway-enables-create-before-destroy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -33995,11 +38998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-api-gateway-method-settings-enable-caching - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34011,11 +39014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-app-flow-connector-profile-uses-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34027,11 +39030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-app-flow-flow-uses-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34043,11 +39046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-appsync-api-cache-is-encrypted-at-rest - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34059,11 +39062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-appsync-api-cache-is-encrypted-in-transit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34075,11 +39078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-appsync-has-field-level-logs-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34091,11 +39094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-appsync-is-protected-by-waf - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34107,11 +39110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-appsyncs-logging-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34123,11 +39126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-authtype-for-your-lambda-function-urls-is-defined - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34139,11 +39142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-batch-job-is-not-defined-as-a-privileged-container - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34155,11 +39158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudfront-attached-wafv2-webacl-is-configured-with-amr-for-log4j-vulnerability - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34171,11 +39174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudfront-distribution-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34187,11 +39190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudfront-response-header-policy-enforces-strict-transport-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34203,11 +39206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudsearch-uses-https - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34219,11 +39222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudsearch-uses-the-latest-transport-layer-security-tls-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34235,11 +39238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudtrail-defines-an-sns-topic - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34251,11 +39254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cloudtrail-logging-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34267,11 +39270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-cluster-logging-is-encrypted-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34283,11 +39286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-code-artifact-domain-is-encrypted-by-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34299,11 +39302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-codecommit-branch-changes-have-at-least-2-approvals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34315,11 +39318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-codecommit-is-associated-with-an-approval-rule - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34331,11 +39334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-codepipeline-artifactstore-is-not-encrypted-by-key-management-service-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34347,11 +39350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-config-must-record-all-possible-resources - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34363,11 +39366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-config-recorder-is-enabled-to-record-all-supported-resources - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34379,11 +39382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-copied-amis-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34395,11 +39398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-dax-cluster-endpoint-uses-transport-layer-security-tls - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34411,11 +39414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-db-instance-gets-all-minor-upgrades-automatically - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34427,11 +39430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-dlm-cross-region-events-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34443,11 +39446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-dlm-cross-region-events-are-encrypted-with-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34459,11 +39462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-dlm-cross-region-schedules-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34475,11 +39478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-dlm-cross-region-schedules-are-encrypted-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34491,11 +39494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-dms-instance-receives-all-minor-updates-automatically - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34507,11 +39510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-ebs-volume-is-encrypted-by-key-management-service-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34523,11 +39526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-ecs-cluster-enables-logging-of-ecs-exec - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34539,11 +39542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-elasticache-redis-cluster-with-multi-az-automatic-failover-feature-set-to-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34555,11 +39558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-elasticsearch-domain-uses-an-updated-tls-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34571,11 +39574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-fsx-openzfs-file-system-is-encrypted-by-aws-key-management-service-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34587,11 +39590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-glue-component-is-associated-with-a-security-configuration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34603,11 +39606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-guardduty-detector-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34619,11 +39622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-image-builder-distribution-configuration-is-encrypting-ami-by-key-management-service-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34635,11 +39638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-image-recipe-ebs-disk-are-encrypted-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34651,11 +39654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-kendra-index-server-side-encryption-uses-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34667,11 +39670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-kendra-index-server-side-encryption-uses-customer-managed-keys-cmks-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34683,11 +39686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-key-management-service-kms-key-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34699,11 +39702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-keyspace-table-uses-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34715,11 +39718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-kinesis-firehose-delivery-streams-are-encrypted-with-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34731,11 +39734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-kinesis-firehoses-delivery-stream-is-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34747,11 +39750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-memorydb-data-is-encrypted-in-transit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34763,11 +39766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-memorydb-is-encrypted-at-rest-by-aws-key-management-service-kms-using-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34779,11 +39782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mqbroker-audit-logging-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34795,11 +39798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mqbroker-is-encrypted-by-key-management-service-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34811,11 +39814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mqbroker-version-is-up-to-date - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34827,11 +39830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mqbrokers-minor-version-updates-are-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34843,11 +39846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mwaa-environment-has-scheduler-logs-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34859,11 +39862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mwaa-environment-has-webserver-logs-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34875,11 +39878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-mwaa-environment-has-worker-logs-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34891,11 +39894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-rds-cluster-activity-streams-are-encrypted-by-key-management-service-kms-using-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34907,11 +39910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-rds-db-snapshot-uses-customer-managed-keys-cmks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34923,11 +39926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-rds-postgresql-instances-use-a-non-vulnerable-version-of-log-fdw-extension - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34939,11 +39942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-rds-uses-a-modern-cacert - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34955,11 +39958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-replicated-backups-are-encrypted-at-rest-by-key-management-service-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34971,11 +39974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-ssm-parameter-is-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -34987,11 +39990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-aws-terraform-does-not-send-ssm-secrets-to-untrusted-domains-over-http - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35003,11 +40006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-backup-vault-is-encrypted-at-rest-using-kms-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35019,11 +40022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-docdb-has-audit-logs-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35035,11 +40038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-dynamodb-point-in-time-recovery-is-enabled-for-global-tables - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35051,11 +40054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-ebs-default-encryption-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35067,11 +40070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-emr-cluster-security-configuration-encryption-uses-sse-kms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35083,11 +40086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-fx-ontap-file-system-is-encrypted-by-kms-using-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35099,11 +40102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-glacier-vault-access-policy-is-not-public-by-only-allowing-specific-services-or-principals-to-access-it - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35115,11 +40118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-glue-component-has-a-security-configuration-associated - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35131,11 +40134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-guardduty-is-enabled-to-specific-orgregion - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35147,11 +40150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-postgres-rds-has-query-logging-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35163,11 +40166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-provisioned-resources-are-not-manually-modified - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35179,11 +40182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-provisioned-resources-are-not-manually-modified - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35195,11 +40198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-qldb-ledger-permissions-mode-is-set-to-standard-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35211,11 +40214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-redshift-uses-ssl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35227,11 +40230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-route53-a-record-has-an-attached-resource - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35243,11 +40246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-session-manager-data-is-encrypted-in-transit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35259,11 +40262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-session-manager-logs-are-enabled-and-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35275,11 +40278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-sns-topic-policy-is-not-public-by-only-allowing-specific-services-or-principals-to-access-it - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35291,11 +40294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-sqs-queue-policy-is-not-public-by-only-allowing-specific-services-or-principals-to-access-it - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35307,11 +40310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-amazon-elasticache-redis-clusters-have-automatic-backup-turned-on - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35323,11 +40326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-athena-workgroup-is-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35339,11 +40342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-auto-scaling-is-enabled-on-your-dynamodb-tables - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35355,11 +40358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35371,11 +40374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-function-level-concurrent-execution-limit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35387,11 +40390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35403,11 +40406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-cloudwatch-log-group-is-encrypted-by-kms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35419,11 +40422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-codebuild-projects-are-encrypted-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35435,11 +40438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-dynamodb-tables-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35451,11 +40454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-ebs-are-added-in-the-backup-plans-of-aws-backup - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35467,11 +40470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-ec2-is-ebs-optimized - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35483,11 +40486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-ecr-repositories-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35499,11 +40502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-elastic-file-system-amazon-efs-file-systems-are-added-in-the-backup-plans-of-aws-backup - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35515,11 +40518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-elastic-load-balancers-uses-ssl-certificates-provided-by-aws-certificate-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35531,11 +40534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-emr-clusters-have-kerberos-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35547,11 +40550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-only-encrypted-ebs-volumes-are-attached-to-ec2-instances - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35563,11 +40566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-and-instances-have-deletion-protection-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35579,11 +40582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-clusters-has-backup-plan-of-aws-backup - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35595,11 +40598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-database-cluster-snapshot-is-encrypted-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35611,11 +40614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-global-clusters-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35627,11 +40630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-rds-instances-have-backup-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35643,11 +40646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-redshift-cluster-is-encrypted-by-kms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35659,11 +40662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-redshift-clusters-allow-version-upgrade-by-default - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35675,11 +40678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-cross-region-replication-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35691,11 +40694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-bucket-has-lock-configuration-enabled-by-default - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35707,11 +40710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-s3-buckets-are-encrypted-with-kms-by-default - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35723,11 +40726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35739,11 +40742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35755,11 +40758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-timestream-database-is-encrypted-with-kms-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35771,11 +40774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-workspace-root-volumes-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35787,11 +40790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-workspace-user-volumes-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35803,11 +40806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35819,11 +40822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35835,11 +40838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35851,11 +40854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-14 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35867,11 +40870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-15 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35883,11 +40886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-16-encrypt-sqs-queue - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35899,11 +40902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-17 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35915,11 +40918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-18 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35931,11 +40934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-25 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35947,11 +40950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-3-encrypt-ebs-volume - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35963,11 +40966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35979,11 +40982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -35995,11 +40998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36011,11 +41014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-73 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36027,11 +41030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36043,11 +41046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/general-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36059,11 +41062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/aws-iam-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36075,11 +41078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-iam-43 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36091,11 +41094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-iam-44 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36107,11 +41110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-iam-45 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36123,11 +41126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/bc-aws-iam-46 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36139,11 +41142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-role-is-attached-to-ec2-instance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36155,11 +41158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-an-iam-user-does-not-have-access-to-the-console-group - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36171,11 +41174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-aws-cloudfromt-distribution-with-s3-have-origin-access-set-to-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36187,11 +41190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-credentials-exposure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36203,11 +41206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-data-exfiltration - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36219,11 +41222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-permissions-management-resource-exposure-without-constraint - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36235,11 +41238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-do-not-allow-write-access-without-constraint - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36251,11 +41254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-iam-policies-does-not-allow-privilege-escalation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36267,11 +41270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-kms-key-policy-does-not-contain-wildcard-principal - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36283,11 +41286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-cluster-has-iam-authentication-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36299,11 +41302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-rds-database-has-iam-authentication-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36315,11 +41318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-s3-bucket-does-not-allow-access-to-all-authenticated-users - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36331,11 +41334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-that-all-iam-users-are-members-of-at-least-one-iam-group - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36347,11 +41350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-that-an-amazon-rds-clusters-have-iam-authentication-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36363,11 +41366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-that-iam-groups-include-at-least-one-iam-user - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36379,11 +41382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-that-respective-logs-of-amazon-relational-database-service-amazon-rds-are-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36395,11 +41398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/ensure-the-aws-execution-role-arn-and-task-role-arn-are-different-in-ecs-task-definitions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36411,11 +41414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36427,11 +41430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36443,11 +41446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-16-iam-policy-privileges-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36459,11 +41462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-23 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36475,11 +41478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-358 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36491,11 +41494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-48 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36507,11 +41510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36523,11 +41526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36539,11 +41542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36555,11 +41558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36571,11 +41574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-iam-policies/iam-9-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36587,11 +41590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/aws-kubernetes-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36603,11 +41606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36619,11 +41622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36635,11 +41638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36651,11 +41654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36667,11 +41670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-kubernetes-policies/bc-aws-kubernetes-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36683,11 +41686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/aws-logging-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36699,11 +41702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36715,11 +41718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36731,11 +41734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36747,11 +41750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36763,11 +41766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-23 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36779,11 +41782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-24 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36795,11 +41798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-31 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36811,11 +41814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/bc-aws-logging-33 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36827,11 +41830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-api-gateway-stage-have-logging-level-defined-as-appropiate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36843,11 +41846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-cloudtrail-trails-are-integrated-with-cloudwatch-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36859,11 +41862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-postgres-rds-as-aws-db-instance-has-query-logging-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36875,11 +41878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-that-cloudformation-stacks-are-sending-event-notifications-to-an-sns-topic - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36891,11 +41894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-that-detailed-monitoring-is-enabled-for-ec2-instances - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36907,11 +41910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/ensure-that-enhanced-monitoring-is-enabled-for-amazon-rds-instances - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36923,11 +41926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36939,11 +41942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36955,11 +41958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-15 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36971,11 +41974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-16 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -36987,11 +41990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-17 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37003,11 +42006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-18 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37019,11 +42022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-19 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37035,11 +42038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37051,11 +42054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-20 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37067,11 +42070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-5-enable-aws-config-regions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37083,11 +42086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37099,11 +42102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37115,11 +42118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-logging-policies/logging-9-enable-vpc-flow-logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37131,11 +42134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/aws-networking-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37147,11 +42150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-networking-37 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37163,11 +42166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-networking-63 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37179,11 +42182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-networking-64 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37195,11 +42198,27 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-networking-65 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/bc-aws-networking-66 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37211,11 +42230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-acm-certificate-enables-create-before-destroy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37227,11 +42246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-cloudfront-distribution-uses-custom-ssl-certificate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37243,11 +42262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-database-migration-service-endpoints-have-ssl-configured - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37259,11 +42278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-elasticache-security-groups-are-defined - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37275,11 +42294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-elasticsearch-does-not-use-the-default-security-group - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37291,11 +42310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-elb-policy-uses-only-secure-protocols - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37307,11 +42326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-nacl-does-not-allow-ingress-from-00000-to-port-20 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37323,11 +42342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-nacl-does-not-allow-ingress-from-00000-to-port-21 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37339,11 +42358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-nacl-does-not-allow-ingress-from-00000-to-port-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37355,11 +42374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-nacl-does-not-allow-ingress-from-00000-to-port-3389 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37371,11 +42390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-nat-gateways-are-utilized-for-the-default-route - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37387,11 +42406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-rds-security-groups-are-defined - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37403,11 +42422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-route-table-with-vpc-peering-does-not-contain-routes-overly-permissive-to-all-traffic - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37419,11 +42438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-group-does-not-allow-all-traffic-on-all-ports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37435,11 +42454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-aws-security-groups-do-not-allow-ingress-from-00000-to-port-80 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37451,11 +42470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-no-default-vpc-is-planned-to-be-provisioned - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37467,11 +42486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-public-api-gateway-are-protected-by-waf - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37483,11 +42502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-public-facing-alb-are-protected-by-waf - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37499,11 +42518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-redshift-is-not-deployed-outside-of-a-vpc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37515,11 +42534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-drops-http-headers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37531,11 +42550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-alb-redirects-http-requests-into-https-ones - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37547,11 +42566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-all-eip-addresses-allocated-to-a-vpc-are-attached-to-ec2-instances - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37563,11 +42582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-all-nacl-are-attached-to-subnets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37579,11 +42598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-amazon-emr-clusters-security-groups-are-not-open-to-the-world - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37595,11 +42614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-amazon-redshift-clusters-are-not-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37611,11 +42630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-auto-scaling-groups-that-are-associated-with-a-load-balancer-are-using-elastic-load-balancing-health-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37627,11 +42646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-direct-internet-access-is-disabled-for-an-amazon-sagemaker-notebook-instance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37643,11 +42662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-elasticsearch-is-configured-inside-a-vpc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37659,11 +42678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-elb-is-cross-zone-load-balancing-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37675,11 +42694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-load-balancer-networkgateway-has-cross-zone-load-balancing-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37691,11 +42710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-security-groups-are-attached-to-ec2-instances-or-elastic-network-interfaces-enis - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37707,11 +42726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-that-vpc-endpoint-service-is-configured-for-manual-acceptance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37723,11 +42742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-transfer-server-is-not-exposed-publicly - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37739,11 +42758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-vpc-subnets-do-not-assign-public-ip-by-default - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37755,11 +42774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/ensure-waf-prevents-message-lookup-in-log4j2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37771,11 +42790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-1-port-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37787,11 +42806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37803,11 +42822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-29 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37819,11 +42838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-31 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37835,11 +42854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-32 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37851,11 +42870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/networking-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37867,11 +42886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-networking-policies/s3-bucket-should-have-public-access-blocks-defaults-to-false-if-the-public-access-block-is-not-attached - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37883,11 +42902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37899,11 +42918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/aws-serverless-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37915,11 +42934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37931,11 +42950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-serverless-policies/bc-aws-serverless-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37947,11 +42966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elasticsearch-3-enable-encryptionatrest - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37963,11 +42982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elasticsearch-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37979,11 +42998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elasticsearch-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -37995,11 +43014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elasticsearch-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38011,11 +43030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/elastisearch-policies/elastisearch-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38027,11 +43046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-1-ecr-repositories-not-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38043,11 +43062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38059,11 +43078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38075,11 +43094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38091,11 +43110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38107,11 +43126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-6-api-gateway-authorizer-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38123,11 +43142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38139,11 +43158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/public-policies/public-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38155,11 +43174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-19 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38171,11 +43190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-20 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38187,11 +43206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-21 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38203,11 +43222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38219,11 +43238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-23 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38235,11 +43254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/bc-aws-s3-24 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38251,11 +43270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-1-acl-read-permissions-everyone - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38267,11 +43286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-13-enable-logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38283,11 +43302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-14-data-encrypted-at-rest - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38299,11 +43318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-16-enable-versioning - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38315,11 +43334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-2-acl-write-permissions-everyone - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38331,11 +43350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/s3-policies/s3-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38347,11 +43366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38363,11 +43382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38379,11 +43398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/bc-aws-secrets-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38395,11 +43414,411 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/secrets-policies/secrets-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-163 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-164 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-166 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-167 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-170 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-172 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-173 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-175 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-177 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-178 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-179 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-180 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-186 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-187 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-188 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-196 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-199 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-201 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-206 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-208 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-209 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-211 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-212 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-214 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-3 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38411,11 +43830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azr-general-85 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38427,11 +43846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/azure-general-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38443,11 +43862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38459,11 +43878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38475,11 +43894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-14 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38491,11 +43910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38507,11 +43926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38523,11 +43942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38539,11 +43958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38555,11 +43974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38571,11 +43990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/bc-azr-general-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38587,11 +44006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-allow-access-to-azure-services-for-postgresql-database-server-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38603,11 +44022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-built-in-logging-for-azure-function-app-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38619,11 +44038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-client-certificates-are-enforced-for-api-management - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38635,11 +44054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-cognitive-services-enables-customer-managed-keys-cmks-for-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38651,11 +44070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-data-exfiltration-protection-for-azure-synapse-workspace-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38667,11 +44086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-machine-learning-compute-cluster-minimum-nodes-is-set-to-0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38683,11 +44102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-postgresql-flexible-server-enables-geo-redundant-backups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38699,11 +44118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-resources-that-support-tags-have-tags - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38715,11 +44134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-sql-server-has-default-auditing-policy-configured - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38731,11 +44150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-azure-virtual-machine-does-not-enable-password-authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38747,11 +44166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-cognitive-services-account-encryption-cmks-are-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38763,11 +44182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-ftp-deployments-are-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38779,11 +44198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mssql-is-using-the-latest-version-of-tls-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38795,11 +44214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-mysql-is-using-the-latest-version-of-tls-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38811,11 +44230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-standard-pricing-tier-is-selected - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38827,11 +44246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38843,11 +44262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-active-directory-is-used-for-service-fabric-authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38859,11 +44278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-app-services-use-azure-files - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38875,11 +44294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-automatic-os-image-patching-is-enabled-for-virtual-machine-scale-sets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38891,11 +44310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-automation-account-variables-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38907,11 +44326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-active-directory-admin-is-configured - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38923,11 +44342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-batch-account-uses-key-vault-to-encrypt-data - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38939,11 +44358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-explorer-encryption-at-rest-uses-a-customer-managed-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38955,11 +44374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-explorer-uses-disk-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38971,11 +44390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-explorer-uses-double-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -38987,11 +44406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-factories-are-encrypted-with-a-customer-managed-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39003,11 +44422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-factory-uses-git-repository-for-source-control - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39019,11 +44438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-app-service - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39035,11 +44454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-azure-sql-database-servers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39051,11 +44470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-container-registries - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39067,11 +44486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-key-vault - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39083,11 +44502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-kubernetes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39099,11 +44518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-servers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39115,11 +44534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-sql-servers-on-machines - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39131,11 +44550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-azure-defender-is-set-to-on-for-storage - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39147,11 +44566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-cors-disallows-every-resource-to-access-app-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39163,11 +44582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-cors-disallows-every-resource-to-access-function-apps - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39179,11 +44598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-cosmos-db-accounts-have-customer-managed-keys-to-encrypt-data-at-rest - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39195,11 +44614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-data-lake-store-accounts-enables-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39211,11 +44630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-function-apps-enables-authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39227,11 +44646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-http-version-is-the-latest-if-used-to-run-the-function-app - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39243,11 +44662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-java-version-is-the-latest-if-used-to-run-the-web-app - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39259,11 +44678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-enables-purge-protection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39275,11 +44694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-enables-soft-delete - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39291,11 +44710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-key-is-backed-by-hsm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39307,11 +44726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39323,11 +44742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-managed-disks-use-a-specific-set-of-disk-encryption-sets-for-the-customer-managed-key-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39339,11 +44758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-managed-identity-provider-is-enabled-for-app-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39355,11 +44774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-mariadb-server-enables-geo-redundant-backups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39371,11 +44790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39387,11 +44806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-my-sql-server-enables-geo-redundant-backups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39403,11 +44822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-my-sql-server-enables-threat-detection-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39419,11 +44838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-mysql-server-enables-customer-managed-key-for-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39435,11 +44854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-net-framework-version-is-the-latest-if-used-as-a-part-of-the-web-app - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39451,11 +44870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-php-version-is-the-latest-if-used-to-run-the-web-app - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39467,11 +44886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-customer-managed-key-for-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39483,11 +44902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-geo-redundant-backups - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39499,11 +44918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-infrastructure-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39515,11 +44934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-infrastructure-encryption-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39531,11 +44950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-threat-detection-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39547,11 +44966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-python-version-is-the-latest-if-used-to-run-the-web-app - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39563,11 +44982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-remote-debugging-is-not-enabled-for-app-services - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39579,11 +44998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-security-contact-emails-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39595,11 +45014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-service-fabric-uses-available-three-levels-of-protection-available - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39611,11 +45030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-sql-servers-enables-data-security-policy - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39627,11 +45046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-storage-accounts-use-customer-managed-key-for-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39643,11 +45062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-unattached-disks-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39659,11 +45078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-va-setting-also-send-email-notifications-to-admins-and-subscription-owners-is-set-for-an-sql-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39675,11 +45094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-va-setting-periodic-recurring-scans-is-enabled-on-a-sql-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39691,11 +45110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-va-setting-send-scan-reports-to-is-configured-for-a-sql-server - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39707,11 +45126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machine-scale-sets-have-encryption-at-host-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39723,11 +45142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39739,11 +45158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-use-managed-disks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39755,11 +45174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-that-vulnerability-assessment-va-is-enabled-on-a-sql-server-by-setting-a-storage-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39771,11 +45190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-the-key-vault-is-recoverable - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39787,11 +45206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/ensure-virtual-machines-are-utilizing-managed-disks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39803,11 +45222,91 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-general-policies/set-an-expiration-date-on-all-keys - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/azr-iam-176 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/azr-iam-181 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/azr-iam-184 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/azr-iam-191 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/azr-iam-192 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39819,11 +45318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/azure-iam-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39835,11 +45334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/bc-azr-iam-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39851,11 +45350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/do-not-create-custom-subscription-owner-roles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39867,11 +45366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-acr-admin-account-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39883,11 +45382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-acr-disables-anonymous-image-pulling - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39899,11 +45398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-cosmosdb-has-local-authentication-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39915,11 +45414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-kubernetes-service-aks-local-admin-account-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39931,11 +45430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-machine-learning-compute-cluster-local-authentication-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39947,11 +45446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-iam-policies/ensure-azure-windows-vm-enables-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39963,11 +45462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/azure-kubernetes-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39979,11 +45478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -39995,11 +45494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40011,11 +45510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40027,11 +45526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40043,11 +45542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/bc-azr-kubernetes-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40059,11 +45558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/ensure-that-aks-enables-private-clusters - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40075,11 +45574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/ensure-that-aks-uses-azure-policies-add-on - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40091,11 +45590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-kubernetes-policies/ensure-that-aks-uses-disk-encryption-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40107,11 +45606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/azure-logging-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40123,11 +45622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40139,11 +45638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40155,11 +45654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40171,11 +45670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/enable-requests-on-storage-logging-for-queue-service - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40187,11 +45686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-audit-profile-captures-all-activities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40203,11 +45702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-storage-logging-is-enabled-for-blob-service-for-read-requests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40219,11 +45718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-storage-logging-is-enabled-for-table-service-for-read-requests - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40235,11 +45734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-that-app-service-enables-failed-request-tracing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40251,11 +45750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-that-app-service-enables-http-logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40267,11 +45766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/ensure-the-storage-container-storing-the-activity-logs-is-not-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40283,11 +45782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/set-activity-log-retention-to-365-days-or-greater - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40299,11 +45798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-logging-policies/tbdensure-that-app-service-enables-detailed-error-messages - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40315,11 +45814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-63 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40331,11 +45830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azr-networking-64 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40347,11 +45846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/azure-networking-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40363,11 +45862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40379,11 +45878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40395,11 +45894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40411,11 +45910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40427,11 +45926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40443,11 +45942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-17 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40459,11 +45958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40475,11 +45974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40491,11 +45990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40507,11 +46006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40523,11 +46022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40539,11 +46038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40555,11 +46054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40571,11 +46070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40587,11 +46086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/enable-trusted-microsoft-services-for-storage-account-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40603,11 +46102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-application-gateway-waf-prevents-message-lookup-in-log4j2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40619,11 +46118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-acr-is-set-to-disable-public-networking - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40635,11 +46134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-aks-cluster-nodes-do-not-have-public-ip-addresses - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40651,11 +46150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-app-service-slot-has-debugging-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40667,11 +46166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-apps-service-slot-uses-the-latest-version-of-tls-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40683,11 +46182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-cognitive-services-accounts-disable-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40699,11 +46198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-databricks-workspace-is-not-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40715,11 +46214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-function-app-uses-the-latest-version-of-tls-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40731,11 +46230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-http-port-80-access-from-the-internet-is-restricted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40747,11 +46246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-machine-learning-workspace-is-not-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40763,11 +46262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-postgresql-uses-the-latest-version-of-tls-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40779,11 +46278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-redis-cache-uses-the-latest-version-of-tls-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40795,11 +46294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-spring-cloud-api-portal-is-enabled-for-https - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40811,11 +46310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-spring-cloud-api-portal-public-access-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40827,11 +46326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-azure-web-app-redirects-all-http-traffic-to-https-in-azure-app-service-slot - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40843,11 +46342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-cosmos-db-accounts-have-restricted-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40859,11 +46358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-front-door-waf-prevents-message-lookup-in-log4j2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40875,11 +46374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-public-network-access-enabled-is-set-to-false-for-mysql-servers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40891,11 +46390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-api-management-services-uses-virtual-networks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40907,11 +46406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-application-gateway-enables-waf - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40923,11 +46422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-application-gateway-uses-waf-in-detection-or-prevention-modes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40939,11 +46438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-cache-for-redis-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40955,11 +46454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-cognitive-search-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40971,11 +46470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-container-container-group-is-deployed-into-virtual-network - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -40987,11 +46486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-cosmos-db-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41003,11 +46502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-data-factory-public-network-access-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41019,11 +46518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-event-grid-domain-public-network-access-is-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41035,11 +46534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-file-sync-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41051,11 +46550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-front-door-enables-waf - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41067,11 +46566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-front-door-uses-waf-in-detection-or-prevention-modes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41083,11 +46582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-iot-hub-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41099,11 +46598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-synapse-workspaces-enables-managed-virtual-networks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41115,11 +46614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-synapse-workspaces-have-no-ip-firewall-rules-attached - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41131,11 +46630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-function-apps-is-only-accessible-over-https - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41147,11 +46646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-key-vault-allows-firewall-rules-settings - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41163,11 +46662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-network-interfaces-disable-ip-forwarding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41179,11 +46678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-network-interfaces-dont-use-public-ips - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41195,11 +46694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-only-ssl-are-enabled-for-cache-for-redis - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41211,11 +46710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-postgresql-server-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41227,11 +46726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-sql-server-disables-public-network-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41243,11 +46742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-account-enables-secure-transfer - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41259,11 +46758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-storage-accounts-disallow-public-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41275,11 +46774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/ensure-that-udp-services-are-restricted-from-the-internet - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41291,11 +46790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/set-default-network-access-rule-for-storage-accounts-to-deny - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41307,11 +46806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/set-public-access-level-to-private-for-blob-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41323,11 +46822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41339,11 +46838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-secrets-policies/azure-secrets-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41355,11 +46854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-secrets-policies/bc-azr-secrets-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41371,11 +46870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41387,11 +46886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-storage-policies/azure-storage-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41403,11 +46902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41419,11 +46918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41435,11 +46934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-storage-policies/ensure-storage-accounts-adhere-to-the-naming-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41451,11 +46950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/public-policies-1/bc-azr-public-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41467,11 +46966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/public-policies-1/public-policies-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41483,11 +46982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/bitbucket-policies/bitbucket-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41499,11 +46998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/bitbucket-policies/merge-requests-should-require-at-least-2-approvals-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41515,11 +47014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/build-integrity-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41531,11 +47030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41547,11 +47046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41563,11 +47062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/found-artifact-build-without-evidence-of-cosign-sbom-attestation-in-pipeline - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41579,11 +47078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/github-actions-contain-workflow-dispatch-input-parameters - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41595,11 +47094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/github-actions-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41611,11 +47110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/no-evidence-of-signing - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41627,11 +47126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41643,11 +47142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41659,11 +47158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-2-admins-are-set-for-each-repository - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41675,11 +47174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-branch-protection-rules-are-enforced-on-administrators - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41691,11 +47190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-actions-secrets-are-encrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41707,11 +47206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-dismisses-stale-review-on-new-commit - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41723,11 +47222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-requires-codeowner-reviews - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41739,11 +47238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-requires-conversation-resolution - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41755,11 +47254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-requires-push-restrictions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41771,11 +47270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-requires-status-checks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41787,11 +47286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-restricts-who-can-dismiss-pr-reviews-cis-115 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41803,11 +47302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-rules-does-not-allow-deletions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41819,11 +47318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-rules-requires-linear-history - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41835,11 +47334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-branch-protection-rules-requires-signed-commits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41851,11 +47350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-organization-and-repository-webhooks-are-using-https - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41867,11 +47366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-organization-security-settings-has-ip-allow-list-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41883,11 +47382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-organization-security-settings-require-2fa - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41899,11 +47398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-organization-security-settings-require-sso - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41915,11 +47414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-organization-webhooks-are-using-https - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41931,11 +47430,27 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-github-repository-has-vulnerability-alerts-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma Cloud Application Security Policy Reference + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/ensure-repository-is-private + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41947,11 +47462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/github-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41963,11 +47478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/github-policies/merge-requests-should-require-at-least-2-approvals - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41979,11 +47494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-ci-policies/avoid-creating-rules-that-generate-double-pipelines - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -41995,11 +47510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-ci-policies/gitlab-ci-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42011,11 +47526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-ci-policies/suspicious-use-of-curl-with-ci-environment-variables-in-script - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42027,11 +47542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-policies/ensure-all-gitlab-groups-require-two-factor-authentication - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42043,11 +47558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-policies/ensure-gitlab-branch-protection-rules-does-not-allow-force-pushes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42059,11 +47574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-policies/ensure-gitlab-commits-are-signed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42075,11 +47590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-policies/ensure-gitlab-prevent-secrets-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42091,11 +47606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-policies/gitlab-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42107,11 +47622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/build-integrity-policies/gitlab-policies/merge-requests-do-not-require-two-or-more-approvals-to-merge - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42123,11 +47638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-certificate-unverified - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42139,11 +47654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42155,11 +47670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-fork-private-repo-allowed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42171,11 +47686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-insecure-def-secret-var - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42187,11 +47702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-internal-npm-package-not-scoped-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42203,11 +47718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-miss-npmlockfile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42219,11 +47734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-missing-integrity-check-download-exe - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42235,11 +47750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-npm-package-lockfile-weak-hash - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42251,11 +47766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-pr-review-notrequired-merge - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42267,11 +47782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-project-service-hook-sent-unencrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42283,11 +47798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-project-service-hook-ssl-ver-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42299,11 +47814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-requestors-self-approve-pr-defaultbranch - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42315,11 +47830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-secrets-npm-downloadurl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42331,11 +47846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repo-unencryptedchannel-download-dependencies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42347,11 +47862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repos-env-var-exposed-printlog - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42363,11 +47878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repos-pckg-insecure-npm-install - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42379,11 +47894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repos-pipelines-transmit-data-unencrypted-channel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42395,11 +47910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/azure-repo-cicd-pipeline-policies/azure-repos-secrets-in-pipeline-logs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42411,11 +47926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-active-repo-lacks-bp-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42427,11 +47942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-bprule-allows-push-db - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42443,11 +47958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-deploykey-weak-ssh - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42459,11 +47974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-excessive-app-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42475,11 +47990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-fork-private-repo-allow - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42491,11 +48006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-internal-npm-package-not-scoped-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42507,11 +48022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-npm-package-lockfile-weak-hash - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42523,11 +48038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-pr-review-merge-notrequired - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42539,11 +48054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-repo-miss-npmlockfile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42555,11 +48070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-repo-webhook-ssl-verif-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42571,11 +48086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-secrets-npm-downloadurl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42587,11 +48102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-secrets-webhook-url - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42603,11 +48118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-unencryotedchannel-download-dependencies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42619,11 +48134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-unrotate-accesskey - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42635,11 +48150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bb-webhooks-sent-unencrypted-channel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42651,11 +48166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/bitbucket-cicd-pipeline-policies/bitbucket-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42667,11 +48182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/ci-cd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42683,11 +48198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-accesses-cloudprovider-insecure-longtermcredentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42699,11 +48214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-cert-unverified - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42715,11 +48230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42731,11 +48246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-miss-integrity-check-download-exe - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42747,11 +48262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-mutable-orb - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42763,11 +48278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-packages-insecurely-installed-npminstall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42779,11 +48294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-secrets-console-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42795,11 +48310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-transmitdata-unsecuredchannel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42811,11 +48326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-var-exposed-printlog - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42827,11 +48342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/circleci-cicd-pipeline-policies/circleci-vulnerable-cmnd-injection - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42843,11 +48358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/cross-platform-cicd-pipeline-policies/cp-direct-poison-pipeline-exe - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42859,11 +48374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/cross-platform-cicd-pipeline-policies/cp-direct-poison-pipeline-exe-outside-collab - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42875,11 +48390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/cross-platform-cicd-pipeline-policies/cp-pub-private-repo-connect-share-ci-system - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42891,11 +48406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/cross-platform-cicd-pipeline-policies/cross-platform-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42907,11 +48422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/active-ghrepo-lacks-bp-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42923,11 +48438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/excessive-ghapp-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42939,11 +48454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/force-push-default-branch-allowed-gh - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42955,11 +48470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/force-push-default-branch-allowed-gh - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42971,11 +48486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-acc-miss-2fa - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -42987,11 +48502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-any-member-create-internal-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43003,11 +48518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-any-member-create-private-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43019,11 +48534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-bp-notenforced-onadmin - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43035,11 +48550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-code-owners-review-not-required-tomerge - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43051,11 +48566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-defaultbranch-doesnt-require-signed-commits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43067,11 +48582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-deploy-keys-assigned-write-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43083,11 +48598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-deploykey-weak-ssh - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43099,11 +48614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-excessive-perm-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43115,11 +48630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-fork-private-repo-allowed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43131,11 +48646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-fork-private-repo-inorg-allowed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43147,11 +48662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-inactive-useracc-progr-cred - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43163,11 +48678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-internal-npmpack-notscoped - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43179,11 +48694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-merge-outdated-code-allowed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43195,11 +48710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-npm-package-lockfile-weak-hash - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43211,11 +48726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-org-identity-notverified-badge - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43227,11 +48742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-org-secret-not-scoped - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43243,11 +48758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-org-webhook-ssl-verif-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43259,11 +48774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-outside-collab-access-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43275,11 +48790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-owner-rem-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43291,11 +48806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-poss-cmnd-inj-userevent - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43307,11 +48822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-pr-approvals-notrevoked-newcommits - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43323,11 +48838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-pr-reviews-not-required-merge-db - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43339,11 +48854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-private-repo-made-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43355,11 +48870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-privaterepo-forks-leak-code - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43371,11 +48886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-push-restrictions-not-enforced - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43387,11 +48902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-repo-miss-npmlockfile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43403,11 +48918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-repo-secrets-npm-dep-url - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43419,11 +48934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-repo-webhook-ssl-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43435,11 +48950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-reviews-not-require-merge - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43451,11 +48966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-secrets-webhook-url - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43467,11 +48982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-selfhosted-runner-group-allows-public-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43483,11 +48998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-unencrypt-channel-download-npm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43499,11 +49014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-unrotated-dep-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43515,11 +49030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gh-webhooks-sent-unencrypted-channel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43531,11 +49046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/gha-excessive-pipeline-permissions-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43547,11 +49062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghac-pipeline-secrets-console-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43563,11 +49078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghact-cert-unverified - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43579,11 +49094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghact-req-rev-bypassed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43595,11 +49110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghaction-vuln-cmnd-inj - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43611,11 +49126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-accesses-cloudprovider-insecure-longtermcredentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43627,11 +49142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-cnds-transmitdata-unsecuredchannel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43643,11 +49158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-default-workflow-perm-org-rw - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43659,11 +49174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-default-workflow-perm-repo-rw - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43675,11 +49190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-env-var-exposed-printlog - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43691,11 +49206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-miss-integrity-check-download-exe - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43707,11 +49222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-packages-insecurely-installed-npminstall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43723,11 +49238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-unrestrict-accross-org - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43739,11 +49254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/ghactions-unrestricted-usage-allowed-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43755,11 +49270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/github-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43771,11 +49286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/members-create-public-repos - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43787,11 +49302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/perm-gh-org-baseperm - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43803,11 +49318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/github-cicd-pipeline-policies/unpinned-github-actions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43819,11 +49334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/force-push-default-branch-allowed-gl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43835,11 +49350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gitlab-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43851,11 +49366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-access-server-unrestricted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43867,11 +49382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-active-repo-lacks-bprules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43883,11 +49398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-bprule-allows-push-db - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43899,11 +49414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-cert-notverified-cipipeline - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43915,11 +49430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-ci-env-var-exposed-printlog - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43931,11 +49446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-ci-miss-integrity-check-download-exe - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43947,11 +49462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-cicd-access-cloudprovider-longterm-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43963,11 +49478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-cipipeline-transmit-data-unencryptedchannel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43979,11 +49494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-deploy-keys-assigned-write-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -43995,11 +49510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-excessive-app-permissions - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44011,11 +49526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-fork-private-reo-allow - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44027,11 +49542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-inactive-user-acc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44043,11 +49558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-internal-npm-package-not-scoped-repo - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44059,11 +49574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-merge-request-appr-notrequired-defbranch - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44075,11 +49590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-npm-package-lockfile-weak-hash - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44091,11 +49606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-proj-webhook-ssl-verif-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44107,11 +49622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-project-config-group-access-job-token - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44123,11 +49638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-project-token-access-other-projects - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44139,11 +49654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-repo-miss-npmlockfile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44155,11 +49670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-secrets-npm-downloadurl - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44171,11 +49686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-secrets-webhook-url - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44187,11 +49702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-throttle-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44203,11 +49718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-unencryotedchannel-download-dependencies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44219,11 +49734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-unrotated-dep-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44235,11 +49750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-var-notscoped-env - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44251,11 +49766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/gl-webhooks-sent-unencrypted-channel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44267,11 +49782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/gitlab-cicd-pipeline-policies/glpipeline-packages-insecurely-installed-npminstall - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44283,11 +49798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-auditlog-notonstalled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44299,11 +49814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-cert-unverified - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44315,11 +49830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-cicd-pipeline-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44331,11 +49846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-credentials-stored-global-scope - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44347,11 +49862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-full-access-auth-useracc - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44363,11 +49878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-fullaccess-anon-visitors - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44379,11 +49894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-job-run-high-privileges - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44395,11 +49910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-jobs-default-high-priv - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44411,11 +49926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-jobs-exe-highpriv - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44427,11 +49942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-jobs-run-controller - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44443,11 +49958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-ldap-use-unencrypted-channel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44459,11 +49974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-miss-integrity-check-download-exe - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44475,11 +49990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-no-auth - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44491,11 +50006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-npm-install-insecure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44507,11 +50022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-pipeline-transmit-data-unencryptedchannel - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44523,11 +50038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-readaccess-anon-visitors - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44539,11 +50054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-secrets-console-output - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44555,11 +50070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-traffic-transmit-unencrypted - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44571,11 +50086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-var-exposed-printlog - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44587,11 +50102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-vuln-plugins - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44603,11 +50118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-vuln-version - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44619,11 +50134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/ci-cd-pipeline-policies/jenkins-cicd-pipeline-policies/jenkins-weak-auth-service - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44635,11 +50150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44651,11 +50166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/docker-policy-index - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44667,11 +50182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44683,11 +50198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44699,11 +50214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44715,11 +50230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44731,11 +50246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44747,11 +50262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-copy-is-used-instead-of-add-in-dockerfiles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44763,11 +50278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44779,11 +50294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-label-maintainer-is-used-instead-of-maintainer-deprecated - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44795,11 +50310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44811,11 +50326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-last-user-is-not-root - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44827,11 +50342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44843,11 +50358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/get-started-code-sec-policies/get-started-code-sec-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44859,11 +50374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44875,11 +50390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44891,11 +50406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44907,11 +50422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44923,11 +50438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44939,11 +50454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44955,11 +50470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44971,11 +50486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -44987,11 +50502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45003,11 +50518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45019,11 +50534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/bc-gcp-sql-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45035,11 +50550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/cloud-sql-policies/cloud-sql-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45051,11 +50566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45067,11 +50582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45083,11 +50598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45099,11 +50614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45115,11 +50630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-x - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45131,11 +50646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-gcp-general-y - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45147,11 +50662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/encrypt-boot-disks-for-instances-with-cseks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45163,11 +50678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-artifact-registry-repositories-are-encrypted-with-customer-supplied-encryption-keys-csek - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45179,11 +50694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45195,11 +50710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45211,11 +50726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-table-instances-are-encrypted-with-customer-supplied-encryption-keys-cseks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45227,11 +50742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-build-workers-are-private - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45243,11 +50758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45259,11 +50774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-data-flow-jobs-are-encrypted-with-customer-supplied-encryption-keys-csek - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45275,11 +50790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-data-fusion-instances-are-private - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45291,11 +50806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-datafusion-has-stack-driver-logging-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45307,11 +50822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-datafusion-has-stack-driver-monitoring-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45323,11 +50838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-dataproc-cluster-is-encrypted-with-customer-supplied-encryption-keys-cseks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45339,11 +50854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-kms-keys-are-protected-from-deletion - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45355,11 +50870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-memorystore-for-redis-is-auth-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45371,11 +50886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-memorystore-for-redis-uses-intransit-encryption - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45387,11 +50902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-pubsub-topics-are-encrypted-with-customer-supplied-encryption-keys-csek - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45403,11 +50918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-resources-that-suppot-labels-have-labels - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45419,11 +50934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-spanner-database-is-encrypted-with-customer-supplied-encryption-keys-cseks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45435,11 +50950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-sql-database-uses-the-latest-major-version - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45451,11 +50966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-subnet-has-a-private-ip-google-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45467,11 +50982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-vertex-ai-datasets-use-a-customer-manager-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45483,11 +50998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-vertex-ai-metadata-store-uses-a-customer-manager-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45499,11 +51014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-that-cloud-kms-cryptokeys-are-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45515,11 +51030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-that-there-are-only-gcp-managed-service-account-keys-for-each-service-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45531,11 +51046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/google-cloud-general-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45547,11 +51062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45563,11 +51078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45579,11 +51094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45595,11 +51110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45611,11 +51126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45627,11 +51142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45643,11 +51158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45659,11 +51174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45675,11 +51190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45691,11 +51206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/bc-gcp-iam-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45707,11 +51222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/ensure-gcp-cloud-kms-key-rings-is-not-publicly-accessible-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45723,11 +51238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/ensure-that-a-mysql-database-instance-does-not-allow-anyone-to-connect-with-administrative-privileges - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45739,11 +51254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-iam-policies/google-cloud-iam-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45755,11 +51270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45771,11 +51286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45787,11 +51302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45803,11 +51318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45819,11 +51334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45835,11 +51350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-14 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45851,11 +51366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-15 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45867,11 +51382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45883,11 +51398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45899,11 +51414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45915,11 +51430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45931,11 +51446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45947,11 +51462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45963,11 +51478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45979,11 +51494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/bc-gcp-kubernetes-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -45995,11 +51510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/enable-vpc-flow-logs-and-intranode-visibility - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46011,11 +51526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-clusters-are-created-with-private-nodes - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46027,11 +51542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-gke-clusters-are-not-running-using-the-compute-engine-default-service-account - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46043,11 +51558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-integrity-monitoring-for-shielded-gke-nodes-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46059,11 +51574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-legacy-compute-engine-instance-metadata-apis-are-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46075,11 +51590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-secure-boot-for-shielded-gke-nodes-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46091,11 +51606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-shielded-gke-nodes-are-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46107,11 +51622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-the-gke-metadata-server-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46123,11 +51638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-the-gke-release-channel-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46139,11 +51654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/ensure-use-of-binary-authorization - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46155,11 +51670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/google-cloud-kubernetes-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46171,11 +51686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-kubernetes-policies/manage-kubernetes-rbac-users-with-google-groups-for-gke - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46187,11 +51702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46203,11 +51718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46219,11 +51734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46235,11 +51750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46251,11 +51766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46267,11 +51782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46283,11 +51798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46299,11 +51814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46315,11 +51830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46331,11 +51846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46347,11 +51862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46363,11 +51878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/bc-gcp-networking-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46379,11 +51894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-cloud-armor-prevents-message-lookup-in-log4j2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46395,11 +51910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-cloud-function-http-trigger-is-secured - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46411,11 +51926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-compute-firewall-ingress-does-not-allow-unrestricted-mysql-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46427,11 +51942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-firewall-rule-does-not-allows-all-traffic-on-mysql-port-3306 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46443,11 +51958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-gcr-container-vulnerability-scanning-is-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46459,11 +51974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-ftp-port-20-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46475,11 +51990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-access-to-all-ports - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46491,11 +52006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-ftp-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46507,11 +52022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-google-compute-firewall-ingress-does-not-allow-unrestricted-http-port-80-access - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46523,11 +52038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-private-google-access-is-enabled-for-ipv6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46539,11 +52054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-legacy-networks-do-not-exist-for-a-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46555,11 +52070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/google-cloud-networking-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46571,11 +52086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46587,11 +52102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/bc-gcp-public-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46603,11 +52118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/bc-gcp-public-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46619,11 +52134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-cloud-run-service-is-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46635,11 +52150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-artifact-registry-repository-is-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46651,11 +52166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-bigquery-table-is-not-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46667,11 +52182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-cloud-dataflow-job-has-public-ips - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46683,11 +52198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-cloud-kms-cryptokey-is-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46699,11 +52214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-dataproc-cluster-does-not-have-a-public-ip - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46715,11 +52230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-dataproc-cluster-is-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46731,11 +52246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-pubsub-topic-is-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46747,11 +52262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-gcp-vertex-ai-workbench-does-not-have-public-ips - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46763,11 +52278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/ensure-google-container-registry-repository-is-not-anonymously-or-publicly-accessible - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46779,11 +52294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-public-policies/google-cloud-public-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46795,11 +52310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-gcs-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46811,11 +52326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46827,11 +52342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46843,11 +52358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/google-cloud-storage-gcs-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46859,11 +52374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/bc-gcp-logging-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46875,11 +52390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/ensure-that-cloud-audit-logging-is-configured-properly-across-all-services-and-all-users-from-a-project - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46891,11 +52406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/ensure-that-retention-policies-on-log-buckets-are-configured-using-bucket-lock - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46907,11 +52422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/logging-policies-1/logging-policies-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46923,11 +52438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46939,11 +52454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46955,11 +52470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46971,11 +52486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -46987,11 +52502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47003,11 +52518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47019,11 +52534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47035,11 +52550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-15 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47051,11 +52566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-16 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47067,11 +52582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-17 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47083,11 +52598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-18 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47099,11 +52614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47115,11 +52630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47131,11 +52646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47147,11 +52662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47163,11 +52678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47179,11 +52694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-23 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47195,11 +52710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-24 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47211,11 +52726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-25 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47227,11 +52742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-26 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47243,11 +52758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47259,11 +52774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47275,11 +52790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47291,11 +52806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47307,11 +52822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-30 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47323,11 +52838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-31 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47339,11 +52854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-32 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47355,11 +52870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-33 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47371,11 +52886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47387,11 +52902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47403,11 +52918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-36 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47419,11 +52934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47435,11 +52950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-38 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47451,11 +52966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47467,11 +52982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47483,11 +52998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-40 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47499,11 +53014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-41 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47515,11 +53030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47531,11 +53046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47547,11 +53062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47563,11 +53078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47579,11 +53094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47595,11 +53110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-clusterroles-that-grant-control-over-validating-or-mutating-admission-webhook-configurations-are-minimized - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47611,11 +53126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-clusterroles-that-grant-permissions-to-approve-certificatesigningrequests-are-minimized - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47627,11 +53142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-containers-do-not-run-with-allowprivilegeescalation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47643,11 +53158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-default-service-accounts-are-not-actively-used - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47659,11 +53174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-minimized-wildcard-use-in-roles-and-clusterroles - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47675,11 +53190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-roles-and-clusterroles-that-grant-permissions-to-bind-rolebindings-or-clusterrolebindings-are-minimized - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47691,11 +53206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-roles-and-clusterroles-that-grant-permissions-to-escalate-roles-or-clusterrole-are-minimized - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47707,11 +53222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47723,11 +53238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-alwaysadmit-is-not-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47739,11 +53254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-alwayspullimages-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47755,11 +53270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-eventratelimit-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47771,11 +53286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-namespacelifecycle-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47787,11 +53302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-noderestriction-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47803,11 +53318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-podsecuritypolicy-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47819,11 +53334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-securitycontextdeny-is-set-if-podsecuritypolicy-is-not-used - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47835,11 +53350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-admission-control-plugin-serviceaccount-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47851,11 +53366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-anonymous-auth-argument-is-set-to-false - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47867,11 +53382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-anonymous-auth-argument-is-set-to-false-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47883,11 +53398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-api-server-only-makes-use-of-strong-cryptographic-ciphers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47899,11 +53414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-maxage-argument-is-set-to-30-or-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47915,11 +53430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-maxbackup-argument-is-set-to-10-or-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47931,11 +53446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-maxsize-argument-is-set-to-100-or-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47947,11 +53462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-audit-log-path-argument-is-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47963,11 +53478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-includes-node - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47979,11 +53494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-includes-rbac - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -47995,11 +53510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-is-not-set-to-alwaysallow - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48011,11 +53526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-authorization-mode-argument-is-not-set-to-alwaysallow-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48027,11 +53542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-auto-tls-argument-is-not-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48043,11 +53558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-basic-auth-file-argument-is-not-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48059,11 +53574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-bind-address-argument-is-set-to-127001 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48075,11 +53590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-bind-address-argument-is-set-to-127001-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48091,11 +53606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-cert-file-and-key-file-arguments-are-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48107,11 +53622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-client-ca-file-argument-is-set-as-appropriate-scored - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48123,11 +53638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-client-cert-auth-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48139,11 +53654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-etcd-cafile-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48155,11 +53670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-etcd-cafile-argument-is-set-as-appropriate-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48171,11 +53686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-etcd-certfile-and-etcd-keyfile-arguments-are-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48187,11 +53702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-event-qps-argument-is-set-to-0-or-a-level-which-ensures-appropriate-event-capture - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48203,11 +53718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-hostname-override-argument-is-not-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48219,11 +53734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-insecure-bind-address-argument-is-not-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48235,11 +53750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-insecure-port-argument-is-set-to-0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48251,11 +53766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-certificate-authority-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48267,11 +53782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-client-certificate-and-kubelet-client-key-arguments-are-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48283,11 +53798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-https-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48299,11 +53814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-kubelet-only-makes-use-of-strong-cryptographic-ciphers - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48315,11 +53830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-make-iptables-util-chains-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48331,11 +53846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-peer-cert-file-and-peer-key-file-arguments-are-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48347,11 +53862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-peer-client-cert-auth-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48363,11 +53878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-profiling-argument-is-set-to-false - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48379,11 +53894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-profiling-argument-is-set-to-false-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48395,11 +53910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-profiling-argument-is-set-to-false-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48411,11 +53926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-protect-kernel-defaults-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48427,11 +53942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-read-only-port-argument-is-set-to-0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48443,11 +53958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-request-timeout-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48459,11 +53974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-root-ca-file-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48475,11 +53990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-rotate-certificates-argument-is-not-set-to-false - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48491,11 +54006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-rotatekubeletservercertificate-argument-is-set-to-true-for-controller-manager - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48507,11 +54022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-secure-port-argument-is-not-set-to-0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48523,11 +54038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-service-account-key-file-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48539,11 +54054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-service-account-lookup-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48555,11 +54070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-service-account-private-key-file-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48571,11 +54086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-streaming-connection-idle-timeout-argument-is-not-set-to-0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48587,11 +54102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-terminated-pod-gc-threshold-argument-is-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48603,11 +54118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-tls-cert-file-and-tls-private-key-file-arguments-are-set-as-appropriate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48619,11 +54134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-tls-cert-file-and-tls-private-key-file-arguments-are-set-as-appropriate-for-kubelet - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48635,11 +54150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-token-auth-file-parameter-is-not-set - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48651,11 +54166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-that-the-use-service-account-credentials-argument-is-set-to-true - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48667,11 +54182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/granting-create-permissions-to-nodesproxy-or-podsexec-sub-resources-allows-potential-privilege-escalation - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48683,11 +54198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/kubernetes-policy-index - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48699,11 +54214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/minimize-the-admission-of-containers-with-capabilities-assigned - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48715,11 +54230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/no-serviceaccountnode-should-be-able-to-read-all-secrets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48731,11 +54246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/no-serviceaccountnode-should-have-impersonate-permissions-for-groupsusersservice-accounts - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48747,11 +54262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/prevent-all-nginx-ingress-annotation-snippets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48763,11 +54278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/prevent-nginx-ingress-annotation-snippets-which-contain-alias-statements - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48779,11 +54294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/prevent-nginx-ingress-annotation-snippets-which-contain-lua-code-execution - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48795,11 +54310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/rolebinding-should-not-allow-privilege-escalation-to-a-serviceaccount-or-node-on-other-rolebinding - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48811,11 +54326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/serviceaccounts-and-nodes-potentially-exposed-to-cve-2020-8554 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48827,11 +54342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/compute/compute - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48843,11 +54358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/compute/ensure-oci-compute-instance-boot-volume-has-in-transit-data-encryption-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48859,11 +54374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/compute/ensure-oci-compute-instance-has-legacy-metadata-service-endpoint-disabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48875,11 +54390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/iam/iam - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48891,11 +54406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/iam/oci-iam-password-policy-for-local-non-federated-users-has-a-minimum-length-of-14-characters - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48907,11 +54422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/iam/oci-iam-password-policy-must-contain-lower-case - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48923,11 +54438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/iam/oci-iam-password-policy-must-contain-numeric-characters - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48939,11 +54454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/iam/oci-iam-password-policy-must-contain-special-characters - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48955,11 +54470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/iam/oci-iam-password-policy-must-contain-uppercase-characters - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48971,11 +54486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/logging/ensure-oci-compute-instance-has-monitoring-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -48987,11 +54502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/logging/logging - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49003,11 +54518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-group-has-stateless-ingress-security-rules - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49019,11 +54534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-groups-rules-do-not-allow-ingress-from-00000-to-port-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49035,11 +54550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49051,11 +54566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-oci-security-list-does-not-allow-ingress-from-00000-to-port-3389 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49067,11 +54582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-has-an-inbound-security-list - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49083,11 +54598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/ensure-vcn-inbound-security-lists-are-stateless - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49099,11 +54614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/networking/networking - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49115,11 +54630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/oci-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49131,11 +54646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/secrets-1/bc-oci-secrets-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49147,11 +54662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/secrets-1/secrets-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49163,11 +54678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-block-storage-block-volume-has-backup-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49179,11 +54694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-file-system-is-encrypted-with-a-customer-managed-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49195,11 +54710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-bucket-can-emit-object-events - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49211,11 +54726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-has-versioning-enabled - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49227,11 +54742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-is-encrypted-with-customer-managed-key - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49243,11 +54758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/ensure-oci-object-storage-is-not-public - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49259,11 +54774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/oci-block-storage-block-volumes-are-not-encrypted-with-a-customer-managed-key-cmk - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49275,11 +54790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/oci-policies/storage/storage - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49291,11 +54806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/openstack-policies/openstack-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49307,11 +54822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/bc-openstack-networking-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49323,11 +54838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/ensure-openstack-firewall-rule-has-destination-ip-configured - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49339,11 +54854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/ensure-openstack-instance-does-not-use-basic-credentials - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49355,11 +54870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/openstack-policies/openstack-policy-index/openstack-policy-index - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49371,27 +54886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policies - 2023-11-20T18:17:46.000Z - weekly - 1.0 - - 2023-11-20T18:17:46.000Z - bookDetailPage - Prisma Cloud Application Security Policy Reference - Prisma;Prisma Cloud - prisma-cloud - Prisma;Prisma Cloud-Prisma Cloud Application Security Policy Reference - Enterprise Edition - true - - - - https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/ensure-repository-is-private - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49403,11 +54902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-1 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49419,11 +54918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-100 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49435,11 +54934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-101 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49451,11 +54950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-102 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49467,11 +54966,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-103 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49483,11 +54982,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-104 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49499,11 +54998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-105 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49515,11 +55014,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-106 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49531,11 +55030,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-11 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49547,11 +55046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-12 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49563,11 +55062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-13 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49579,11 +55078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-14 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49595,11 +55094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-15 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49611,11 +55110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-16 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49627,11 +55126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-17 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49643,11 +55142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-18 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49659,11 +55158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-19 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49675,11 +55174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-2 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49691,11 +55190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-21 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49707,11 +55206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-22 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49723,11 +55222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-23 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49739,11 +55238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-24 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49755,11 +55254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-25 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49771,11 +55270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-26 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49787,11 +55286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-27 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49803,11 +55302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-28 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49819,11 +55318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-29 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49835,11 +55334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-3 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49851,11 +55350,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-30 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49867,11 +55366,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-31 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49883,11 +55382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-32 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49899,11 +55398,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-33 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49915,11 +55414,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-34 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49931,11 +55430,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-35 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49947,11 +55446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-36 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49963,11 +55462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-37 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49979,11 +55478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-38 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -49995,11 +55494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-39 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50011,11 +55510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-4 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50027,11 +55526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-40 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50043,11 +55542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-41 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50059,11 +55558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-42 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50075,11 +55574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-43 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50091,11 +55590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-44 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50107,11 +55606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-45 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50123,11 +55622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-46 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50139,11 +55638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-47 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50155,11 +55654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-48 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50171,11 +55670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-49 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50187,11 +55686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-5 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50203,11 +55702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-50 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50219,11 +55718,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-51 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50235,11 +55734,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-52 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50251,11 +55750,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-53 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50267,11 +55766,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-54 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50283,11 +55782,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-55 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50299,11 +55798,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-56 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50315,11 +55814,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-57 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50331,11 +55830,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-58 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50347,11 +55846,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-59 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50363,11 +55862,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50379,11 +55878,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-60 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50395,11 +55894,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-61 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50411,11 +55910,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-62 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50427,11 +55926,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-63 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50443,11 +55942,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-64 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50459,11 +55958,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-65 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50475,11 +55974,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-66 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50491,11 +55990,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-67 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50507,11 +56006,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-68 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50523,11 +56022,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-69 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50539,11 +56038,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-7 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50555,11 +56054,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-70 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50571,11 +56070,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-71 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50587,11 +56086,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-72 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50603,11 +56102,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-73 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50619,11 +56118,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-74 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50635,11 +56134,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-75 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50651,11 +56150,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-76 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50667,11 +56166,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-77 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50683,11 +56182,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-77 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50699,11 +56198,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-78 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50715,11 +56214,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-79 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50731,11 +56230,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-8 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50747,11 +56246,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-80 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50763,11 +56262,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-81 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50779,11 +56278,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-82 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50795,11 +56294,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-83 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50811,11 +56310,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-84 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50827,11 +56326,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-85 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50843,11 +56342,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-86 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50859,11 +56358,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-87 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50875,11 +56374,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-88 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50891,11 +56390,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-89 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50907,11 +56406,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-9 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50923,11 +56422,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-90 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50939,11 +56438,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-91 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50955,11 +56454,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-92 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50971,11 +56470,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-93 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -50987,11 +56486,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-94 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51003,11 +56502,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-95 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51019,11 +56518,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-96 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51035,11 +56534,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-97 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51051,11 +56550,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-98 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51067,11 +56566,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-99 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51083,11 +56582,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51099,11 +56598,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/supply-chain-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51115,11 +56614,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51131,11 +56630,11 @@ https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/terraform-policies - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma Cloud Application Security Policy Reference Prisma;Prisma Cloud @@ -51147,11 +56646,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/get-help/get-help - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51163,11 +56662,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/known-issues/known-fixed-issues - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51179,11 +56678,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/known-issues/known-issues - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51195,11 +56694,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51211,11 +56710,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-planned-updates-prisma-cloud - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51227,11 +56726,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-infrastructure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51243,11 +56742,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-runtime - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51259,11 +56758,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-source - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51275,11 +56774,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/classic-releases - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51291,11 +56790,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-april-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51307,11 +56806,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-august-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51323,11 +56822,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-february-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51339,11 +56838,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-january-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51355,11 +56854,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-july-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51371,11 +56870,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-june-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51387,11 +56886,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-march-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51403,11 +56902,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-may-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51419,11 +56918,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/features-introduced-in-code-security-september-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51435,11 +56934,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-code-security-release-information/prisma-cloud-code-security-release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51451,11 +56950,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-april-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51467,11 +56966,27 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-august-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma® Cloud Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma® Cloud Release Notes + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-december-2023 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51483,11 +56998,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-february-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51499,11 +57014,27 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-january-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma® Cloud Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma® Cloud Release Notes + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-january-2024 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51515,11 +57046,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-july-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51531,11 +57062,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-june-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51547,11 +57078,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-march-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51563,11 +57094,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-may-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51579,11 +57110,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-november-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51595,11 +57126,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-october-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51611,11 +57142,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/features-introduced-in-compute-september-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51627,11 +57158,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-compute-release-information/prisma-cloud-compute-release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51643,11 +57174,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-april-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51659,11 +57190,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-august-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51675,11 +57206,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-february-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51691,11 +57222,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-january-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51707,11 +57238,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-july-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51723,11 +57254,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-june-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51739,11 +57270,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-march-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51755,11 +57286,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-may-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51771,11 +57302,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-october-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51787,11 +57318,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/features-introduced-in-september-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51803,11 +57334,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/classic-releases/prisma-cloud-cspm-release-information/prisma-cloud-cspm-release-information - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51819,11 +57350,27 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma® Cloud Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma® Cloud Release Notes + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-december-2023 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51835,11 +57382,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-november-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51851,11 +57398,43 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2023/features-introduced-in-october-2023 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma® Cloud Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma® Cloud Release Notes + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-2024 + 2024-01-22T12:46:38.000Z + weekly + 1.0 + + 2024-01-22T12:46:38.000Z + bookDetailPage + Prisma® Cloud Release Notes + Prisma;Prisma Cloud + prisma-cloud + Prisma;Prisma Cloud-Prisma® Cloud Release Notes + Enterprise Edition + true + + + + https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-january-2024 + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51867,11 +57446,11 @@ https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/prisma-cloud-release-info - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Prisma® Cloud Release Notes Prisma;Prisma Cloud @@ -51883,11 +57462,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/achieve-regulatory-compliance - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51899,11 +57478,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/discover-and-protect-api-endpoints - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51915,11 +57494,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/discover-sensitive-data-in-datastores - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51931,11 +57510,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/gain-visibility-into-your-cloud-estate - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51947,11 +57526,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/gain-visibility-into-your-shadow-cloud-assets - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51963,11 +57542,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/identify-identity-risks - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51979,11 +57558,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/prioritize-and-fix-vulnerabilities - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -51995,11 +57574,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/risk-prioritization - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52011,11 +57590,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/secure-the-infrastructure - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52027,11 +57606,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-infrastructure/tailor-prisma-cloud-to-match-your-security-needs - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52043,11 +57622,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-runtime/protect-apis-and-web-application-in-runtime - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52059,11 +57638,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-runtime/secure-the-runtime - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52075,11 +57654,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-source/ci-cd-security - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52091,11 +57670,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-source/get-to-know-your-engineering-ecosystem - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52107,11 +57686,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-source/risk-prevention - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud @@ -52123,11 +57702,11 @@ https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-source/secure-the-source - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z weekly 1.0 - 2023-11-20T18:17:46.000Z + 2024-01-22T12:46:38.000Z bookDetailPage Use Cases Prisma;Prisma Cloud diff --git a/package-lock.json b/package-lock.json index 28c6433c37..8f1d777c5b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "prisma-cloud-docs", - "version": "1.0.61", + "version": "1.0.63", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "prisma-cloud-docs", - "version": "1.0.61", + "version": "1.0.63", "license": "Apache License 2.0", "dependencies": { "@asciidoctor/core": "3.0.0-rc.1", diff --git a/package.json b/package.json index 1543bfa31a..8362344194 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "prisma-cloud-docs", "private": true, - "version": "1.0.61", + "version": "1.0.63", "description": "Asciidocs to Franklin", "type": "module", "scripts": {