Check: CNTR-PC-000260
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-000260
(in versions v1 r3 through v1 r1)
Title
Prisma Cloud Compute must be configured for forensic data collection. (Cat II impact)
Discussion
Prisma Cloud Compute correlates raw audit data to actionable security intelligence, enabling a more rapid and effective response to incidents. This reduces the manual, time-consuming task of correlating data. Prisma Cloud Forensics is a lightweight distributed data recorder that runs alongside all containers in the environment. Prisma Cloud continuously collects detailed runtime information to help incident response teams understand what happened before, during, and after a breach. Forensic data consists of additional supplemental runtime events that complement the data (audits) already captured by Prisma Cloud's runtime sensors. It provides additional context when trying to identify the root cause of an incident. Satisfies: SRG-APP-000099-CTR-000190, SRG-APP-000409-CTR-000990
Check Content
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Forensics tab. If "Forensics data collection" is disabled, this is a finding.
Fix Text
Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Forensics tab. Set "Forensics data collection" to "enabled".
Additional Identifiers
Rule ID: SV-253528r879567_rule
Vulnerability ID: V-253528
Group Title: SRG-APP-000099-CTR-000190
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000134 |
The information system generates audit records containing information that establishes the outcome of the event. |
CCI-002854 |
The organization defines the alternative communications protocols the information system must be capable of providing in support of maintaining continuity of operations. |
CCI-002884 |
The organization audits nonlocal maintenance and diagnostic sessions^ organization-defined audit events. |