source address translation

destination address translation

port address translation

source and destination address translation

Elastic Compute Cloud (EC2) instances

Network Address Translation (NAT) gateways

CloudFront distributions

Security groups

Cloud Network Security

Cloud Security Posture Management

Cloud Identity Security

Cloud Workload Protection (CWP)

Configure an Inventory report from the "Alerts" tab.

Write an RQL query from the "Investigate" tab.

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

Generate a compliance report from the Compliance dashboard.

The thresholds can be set to informational, low, medium, high, and critical.

The alert threshold always has precedence over, and can be greater than, the block threshold.

The block threshold must always be equal to or greater than the alert threshold.

The block threshold always has precedence over, and can be less than, the alert threshold.

Override the value and commit the configuration.

Clone the existing policy and change the value.

Manually create the RQL statement.

Click the Gear icon next to the policy name to open the Edit Policy dialog

Host and serverless rules support blocking, whereas container rules do not.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

Policies for containers, hosts, and serverless functions are not separate.

Rules are evaluated in an undefined order.

The image will pass the CI policy, but will be blocked by the deployed policy; therefore, it will not be deployed.

The CI policy will fail the build; therefore, the image will not be deployed.

The image will be deployed successfully, and all vulnerabilities will be reported.

The image will be deployed successfully, but no vulnerabilities will be reported.

Create alert rules.

Whitelist IP addresses.

Configure User-ID.

Define enterprise settings.

VM-100 BYOL on Microsoft Azure to VM-100 BYOL on Amazon Web Services

VM-300 BYOL on Microsoft Azure to VM-300 PAY6 on Amazon Web Services

VM-100 BYOL on Microsoft Azure to VM-300 BYOL on Microsoft Azure

VM-100 BYOL on Microsoft Azure to VM-300 PAYG on Amazon Web Services

It requires Linux images to rely on optimizing registry scans due to various Linux elements.

It is only necessary in registries with tens of thousands of repositories and millions of images.

It is best practice to always optimize registry scans for faster results.

It is rarely successful in the Windows Operating System (OS).

CloudFormation is a procedural configuration management tool.

CloudFormation templates can be used on both Amazon Web Services and Microsoft Azure

CloudFormation templates can be written in JSON or YAML

CloudFormation is a declarative orchestration tool.

Azure Application Insight

Resource Group

Azure Security Center

Bootstrapping

ARM Template

config

alert

event

data

If options are listed after the image name; they will be ignored.

If option "--user" is used, it is mandatory to use option "--password.

If option "--address" is unspecified, all images are scanned.

Option "--output-file" cannot be used in conjunction with option "--details."

Palo Alto Networks provides full support if a valid support license is in place.

Support for the templates is available through Professional Services from Palo Alto Networks.

Unless otherwise noted, these templates are released under an as-is. best effort support policy.

The author of the template provides full support as long as the PAN-OS version specific to the template is supported.

config where api.name = 'aws-ec2-describe-volumes, AND json.rule = tags[*]key contains DataClassification

config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*]key != DataClassification

config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*].key exists

config where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key = 1

RQL queries

alert rules

notification templates

policies

Azure SQL database instances

Google Kubernetes Engine

Oracle Functions service

Kubernetes DaemonSet

It inspects the application program interface (API) call made to public cloud and blocks the change if a policy violation is found.

It makes changes after a policy violation has been identified in monitoring.

It locks all changes to public cloud infrastructure and stops any configuration changes without prior approval.

It uses machine learning (ML) to identify unusual changes to infrastructure.

credential stuffing

cross-site scripting (XSS)

shoulder surfing

distributed denial of service (DDoS)

Allow Prisma Cloud to automatically optimize registry scans with version pattern matching.

Allow Prisma Cloud to automatically distribute the scan job across a pool of available Defenders.

Explicitly specify the Defender to do the job.

Explicitly specify the predefined version pattern-matching algorithm.

network

audit

anomaly

config

self-managed in a customer's own container platform

self-contained hardware appliance

as a stand-alone Windows application

Cloud-hosted as part of a Prisma Cloud Enterprise tenant from Palo Alto Networks

Direct Connect

Fast Connect

IPsecVPN

ExpressRoute

config from cloud.resource where api.name = 'gcloud-compute-instances-list' and json.rule = is TERMINATED

config from cloud.resource where api.name = 'gcloud-compute-instances-list' = TERMINATED

config from cloud.resource where api.name = 'gcloud-compute-instances-list* and json.rule == status TERMINATED

config from cloud.resource where api.name = 'gcloud-compute-instances-list' and json.rule = status contains TERMINATED

CloudLog

CloudEvent

CloudWatch

CIoudTrail

SNS

SQS

CodeDeploy

Lambda

Google Kubernetes Engine

BigQuery

Compute Engine

App Engine

Google Virtual Private Cloud

Monitor > Compliance > Trusted Images

Monitor > Compliance > Images

Defend > Compliance > Trusted Images

Defend > Compliance > Images

Operating System (OS)

browser

location

time