Skip to content

Commit

Permalink
ar feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@jenjoe22
jenjoe22 committed Jan 17, 2025
1 parent a140780 commit 224b17d
Showing 1 changed file with 20 additions and 21 deletions.
41 changes: 20 additions & 21 deletions ...lease-info/features-introduced-in-2025/features-introduced-in-january-2025.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

Learn what's new on Prisma® Cloud in January 2025.

//* <<new-features>>
* <<enhancements>>
* <<new-features>>
//<<enhancements>>
* <<changes-in-existing-behavior>>
//* <<announcement>>
//* <<intelligence-stream-updates>>
Expand All @@ -16,8 +16,8 @@ Learn what's new on Prisma® Cloud in January 2025.
//* <<deprecation-notices>>
[#enhancements]
=== Enhancements
[#new-features]
=== New Features
[cols="30%a,70%a"]
|===
|*Feature*
Expand All @@ -31,7 +31,7 @@ tt:[Secure the Infrastructure]

tt:[25.1.1]

|Enhanced Remediation improves the quality and effectiveness of Prisma Cloud security alert remediation guidance. It leverages artificial intelligence (AI) to assist your teams in enhancing remediation content for existing alerts and policies, while ensuring all recommendations undergo rigorous human review and QA validation. The recommendations now provide AI-assisted remediation steps for Critical and High Alerts. It provides you with a seamless and intuitive experience allowing you to quickly access and understand the remediation steps.
|Enhanced Remediation improves the quality and effectiveness of Prisma Cloud security alert remediation guidance. It leverages artificial intelligence (AI) to assist your teams in enhancing remediation content for existing alerts and policies, while ensuring all recommendations undergo review and validation. The recommendations now provide AI-assisted remediation steps for Critical and High Alerts. It provides you with a seamless and intuitive experience allowing you to quickly access and understand the remediation steps.

* *Alerts* includes a new *Enhanced Remediation* Saved View. When you select *Enhanced Remediation* filter option as *Yes*, you can view the alerts that you can resolve using enhanced remediation.
+
Expand All @@ -57,7 +57,7 @@ tt:[Secure the Infrastructure]

tt:[25.1.1]

|Enhancements to Prisma Cloud's Cloud Infrastructure and Entitlement Management (CIEM) capabilities provide greater visibility and control over Microsoft Azure Entra ID permissions, helping you secure your identities with greater efficiency. You can now investigate not only Azure but also Entra ID specific permissions, such as identifying entities with the Global Administrator role. Use the `grantedby.level.type` attribute in combination with all existing RQL queries to investigate Entra ID permissions.
|Enhancements to the Cloud Infrastructure and Entitlement Management (CIEM) capabilities provide greater visibility and control over Microsoft Azure Entra ID permissions, helping you secure your identities with greater efficiency. You can now investigate not only Azure but also Entra ID specific permissions, such as identifying entities with the Global Administrator role. Use the `grantedby.level.type` attribute in combination with all existing RQL queries to investigate Entra ID permissions.


|*ARM Framework Support for Custom Build Policies*
Expand Down Expand Up @@ -161,7 +161,7 @@ tt:[33.03.138]
|*New Rate Limits for Search API*
//RLP-151274

|Starting with the current release, to improve user experience and enhance search performance, rate limits will be implemented for the following APIs:
|To improve user experience and enhance search performance, rate limits are implemented for the following APIs:

* *Config Search*
** https://pan.dev/prisma-cloud/api/cspm/search-config/[search/config]
Expand All @@ -178,12 +178,12 @@ Request Rate Limit = 150
|*Custom IAM Policies Alert Triggers*
//RLP-153861

|Starting with the current release, custom policies regarding unused permissions will trigger alerts when there is zero usage of the action with `""` regex across any of the destinations. If the action has been used on at least one resource that matches the `""` regex, the alert will be resolved.
|Custom policies regarding unused permissions will trigger alerts when there is zero usage of the action with `""` regex across any of the destinations. If the action has been used on at least one resource that matches the `""` regex, the alert will be resolved.

*Impact—* This change may impact existing alerts for unused permissions with `*` and could potentially dismiss them.


|*Downgraded permissions required to onboard GitLab*
|*Downgraded Permissions Required to Onboard GitLab*
//RLP-153897

|`Organization owner` permissions are no longer required for integrating https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab#user-permissions[GitLab SaaS] or https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/get-started/connect-code-and-build-providers/code-repositories/add-gitlab-selfmanaged[GitLab on-prem]. `Maintainer` permissions are sufficient. This change enhances security by adhering to the principle of least privilege.
Expand Down Expand Up @@ -697,7 +697,7 @@ You must update the Terraform template to enable the permissions.
|*AWS Connect instance not configured with contact flow logs*
//RLP-154132

|This Policy identifies the Amazon Connect instance configured with CONTACTFLOW_LOGS set to false in Amazon Connect. Enabling CONTACTFLOW_LOGS in Amazon Connect is crucial as it allows real-time logging of contact flow executions to CloudWatch. This helps in debugging, monitoring, and optimizing customer interactions by tracking steps, conditions, and errors.
|This policy identifies the Amazon Connect instance configured with CONTACTFLOW_LOGS set to false in Amazon Connect. Enabling CONTACTFLOW_LOGS in Amazon Connect is crucial as it allows real-time logging of contact flow executions to CloudWatch. This helps in debugging, monitoring, and optimizing customer interactions by tracking steps, conditions, and errors.

It is recommended to enable CONTACTFLOW_LOGS to enhance monitoring and ensure adherence to security policies and regulations.

Expand Down Expand Up @@ -730,7 +730,7 @@ config from cloud.resource where api.name = 'aws-connect-instance' AND json.rule
|*AWS Connect instance not configured with contact flow logs*
//RLP-154132
|This Policy identifies the Amazon Connect instance configured with CONTACTFLOW_LOGS set to false in Amazon Connect. Enabling CONTACTFLOW_LOGS in Amazon Connect is crucial as it allows real-time logging of contact flow executions to CloudWatch. This helps in debugging, monitoring, and optimizing customer interactions by tracking steps, conditions, and errors.
|This policy identifies the Amazon Connect instance configured with CONTACTFLOW_LOGS set to false in Amazon Connect. Enabling CONTACTFLOW_LOGS in Amazon Connect is crucial as it allows real-time logging of contact flow executions to CloudWatch. This helps in debugging, monitoring, and optimizing customer interactions by tracking steps, conditions, and errors.
It is recommended to enable CONTACTFLOW_LOGS to enhance monitoring and ensure adherence to security policies and regulations.
Expand Down Expand Up @@ -974,7 +974,7 @@ config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-stora
|*Azure VM disk configured with public network access*
//RLP-153728

|The policy name and description will be updated.
|The policy name and description are updated.

*Current Policy Name–* Azure VM disk configured with public network access

Expand All @@ -1000,11 +1000,10 @@ As a security best practice, it is recommended to disable public network access

|*AWS Security Group allows all traffic on CIFS port (445)*

tt:[Policy-Fix]

|With this new update, the policy search manager name changed from AWS Security Group allows all traffic on CIFS port (445) to AWS Security Group allows all ingress traffic on CIFS port (445)
|The policy search manager name is changed from AWS Security Group allows all traffic on CIFS port (445) to AWS Security Group allows all ingress traffic on CIFS port (445).

*Impact*: No impact on the alerts
*Impact*: No impact on alerts.

2+|*Policy Updates—RQL*

Expand Down Expand Up @@ -1033,7 +1032,7 @@ config from cloud.resource where api.name = 'azure-storage-account-list' AND jso
|*Azure Cosmos DB Virtual network is not configured*
//RLP-153625

|The policy RQL will be updated to reduce false positives by considering the public network access property.
|The policy RQL is updated to reduce false positives by considering the public network access property.

*Current RQL–*
----
Expand Down Expand Up @@ -1074,7 +1073,7 @@ config from cloud.resource where cloud.type = 'azure' AND api.name = 'azure-stor
|*Azure Storage account container storing activity logs is publicly accessible*
//RLP-153630

|The policy RQL will be updated to include Public network access and Private Endpoint check to increase the accuracy of RQL results.
|The policy RQL is updated to include Public network access and Private Endpoint check to increase the accuracy of RQL results.

*Current RQL–*
----
Expand All @@ -1095,7 +1094,7 @@ config from cloud.resource where api.name = 'azure-storage-account-list' AND jso
|*Azure Storage Account storing Machine Learning workspace high business impact data is publicly accessible*
//RLP-153630

|The policy RQL will be updated to include Public network access and Private Endpoint check to increase the accuracy of RQL results.
|The policy RQL is updated to include Public network access and Private Endpoint check to increase the accuracy of RQL results.

*Current RQL–*
----
Expand All @@ -1116,7 +1115,7 @@ config from cloud.resource where api.name = 'azure-machine-learning-workspace' A
|*Azure Storage Account storing Cognitive service diagnostic logs is publicly accessible*
//RLP-153630

|The policy RQL will be updated to include Public network access and Private Endpoint check to increase the accuracy of RQL results.
|The policy RQL is updated to include Public network access and Private Endpoint check to increase the accuracy of RQL results.

*Current RQL–*
----
Expand Down Expand Up @@ -1158,7 +1157,7 @@ config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-compu
|*GCP VPC Network subnets have Private Google access disabled*
//RLP-153623

|The policy RQL and recommendation steps will be updated to reduce false positives by excluding unsupported subnet purposes.
|The policy RQL and recommendation steps are updated to reduce false positives by excluding unsupported subnet purposes.

*Current RQL–*
----
Expand Down Expand Up @@ -1323,7 +1322,7 @@ You can now access this built-in compliance standard and related policies on the
tt:[25.1.1]
//RLP-153906

||The following new endpoint is added to the https://pan-dev-f1b58--pr814-h0b1x0qy.web.app/prisma-cloud/api/cspm/alerts/[Alerts API]:
|The following new endpoint is added to the https://pan-dev-f1b58--pr814-h0b1x0qy.web.app/prisma-cloud/api/cspm/alerts/[Alerts API]:

* https://pan-dev-f1b58--pr814-h0b1x0qy.web.app/prisma-cloud/api/cspm/get-remediation-for-policy/[Get Policy Remediation]
Expand Down

0 comments on commit 224b17d

Please sign in to comment.