Check: CNTR-PC-001030
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-001030
(in versions v1 r3 through v1 r1)
Title
The node that runs Prisma Cloud Compute containers must have sufficient disk space to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. (Cat II impact)
Discussion
To ensure sufficient storage capacity in which to write the audit logs, Prisma Cloud compute must be able to allocate audit record storage capacity.
Check Content
When deploying Prisma Cloud Compute within a Kubernetes cluster, the Console's persistent value is by default 100GB. The logs are stored within this persistent volume. Within the Kubernetes cluster, issue the command "kubectl get pv". If the twistlock/twistlock-console claim's capacity is not 100GB or greater, this is a finding.
Fix Text
When deploying the Prisma Cloud Console, specify the size of the persistent volume with the "—persistent-volume-storage" parameter.
Additional Identifiers
Rule ID: SV-253542r879730_rule
Vulnerability ID: V-253542
Group Title: SRG-APP-000357-CTR-000800
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001819 |
The organization implements approved configuration-controlled changes to the information system. |
CCI-001849 |
The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements. |