Check: CNTR-PC-000240
Palo Alto Networks Prisma Cloud Compute STIG:
CNTR-PC-000240
(in versions v1 r3 through v1 r1)
Title
Prisma Cloud Compute Defender must be deployed to containerization nodes that are to be monitored. (Cat II impact)
Discussion
Container platforms distribute workloads across several nodes. The ability to uniquely identify an event within an environment is critical. Prisma Cloud Compute Container Runtime audits record the time, container, corresponding image, and node where the event occurred. Satisfies: SRG-APP-000097-CTR-000180, SRG-APP-000100-CTR-000200
Check Content
Navigate to Prisma Cloud Compute Console's >> Manage >> Defenders >> Manage tab. Verify Prisma Cloud Compute Defenders have been deployed to all container runtime nodes to be monitored. Review the list of deployed Defenders. If a Defender is missing, this is a finding.
Fix Text
Navigate to Prisma Cloud Compute Console's >> Manage >> Defenders >> Manage tab. Deploy Defender to containerization node: - Select the method of Defender deployment. - Configure the Defender policy.
Additional Identifiers
Rule ID: SV-253527r879565_rule
Vulnerability ID: V-253527
Group Title: SRG-APP-000097-CTR-000180
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000132 |
The information system generates audit records containing information that establishes where the event occurred. |
CCI-001487 |
The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |