Check: CNTR-PC-001470
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-001470
(in versions v1 r3 through v1 r1)
Title
Prisma Cloud Compute's Intelligence Stream must be kept up to date. (Cat II impact)
Discussion
The Prisma Cloud Compute Console pulls the latest vulnerability and threat information from the Intelligence Stream (intelligence.twistlock.com). The Prisma Cloud Intelligence Stream provides timely vulnerability data collected and processed from a variety of certified upstream sources.
Check Content
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Intelligence tab. If the "Last streams update" date is older than 36 hours, this is a finding.
Fix Text
Prisma Cloud Compute Console's ability to communicate with the Intelligence Stream endpoint (https://intelligence.twistlock.com) dictates the method of vulnerability updates. If the Console is able to communicate with the internet, ensure that intelligence.twistlock.com is resolvable, routable, and can establish a TLS session on TCP port 443. If the Console is in an isolated environment and is unable to communicate with the internet, configure the Console to receive Intelligence Stream updates using one of the following methods: - Manual import. - Central console. - HTTP/S distribution point. https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-admin/tools/update_intel_stream_offline.html
Additional Identifiers
Rule ID: SV-253550r879827_rule
Vulnerability ID: V-253550
Group Title: SRG-APP-000456-CTR-001130
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002575 |
The organization defines information systems, system components, or devices from which information is to be purged/wiped, either remotely or under the organization-defined conditions. |
CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |