Prisma Cloud - Classifier
Classifies incoming Prisma Cloud alerts that are created through the 'fetch incidents' command in the Prisma Cloud integration.
Prisma Cloud by Palo Alto Networks Classification
Details
| ID | RedLock |
|---|---|
| Type | classification |
| Version | -1 |
| From Version | 6.0.0 |
| Default Incident Type | Prisma Cloud |
| Feed | No |
Key Type Map
| Key | Incident Type |
|---|---|
AWS EC2 instance not configured with Instance Metadata Service v2 (IMDSv2) |
Prisma Cloud - VM Alert Prioritization |
AWS EC2 instance that is internet reachable with unrestricted access (0.0.0.0/0) |
Prisma Cloud - VM Alert Prioritization |
AWS EC2 instance with unrestricted outbound access to internet |
Prisma Cloud - VM Alert Prioritization |
Azure VM data disk is encrypted with the default encryption key instead of ADE/CMK |
Prisma Cloud - VM Alert Prioritization |
Azure Virtual Machine in running state that is internet reachable with unrestricted access (0.0.0.0/0) |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Apache Log4j JDBC Appender remote code execution vulnerability is exposed to network traffic from the internet [CVE-2021-44832] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Apache Log4j Thread Context Map remote code execution vulnerability is exposed to network traffic from the internet [CVE-2021-45046] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Apache Log4j denial of service vulnerability is exposed to network traffic from the internet [CVE-2021-45105] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Apache Log4j vulnerability is exposed to network traffic from the internet [CVE-2021-44228] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Argo CD vulnerability is exposed to network traffic from the internet [CVE-2022-24348] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Dirty Pipe vulnerability is exposed to network traffic from the internet [CVE-2022-0847] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Java Psychic Signatures vulnerability is exposed to network traffic from the internet [CVE-2022-21449] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Linux kernel container escape vulnerability is exposed to network traffic from the internet [CVE-2022-0185] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by OMIGOD vulnerability is exposed to network traffic from the internet [CVE-2021-38647] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by OpenSSL X.509 email address 4-Byte BOF (Spooky SSL) vulnerability is exposed to network traffic from the internet [CVE-2022-3602] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by SMB DCE/RPC remote code execution vulnerability is exposed to network traffic from the internet [CVE-2022-26809] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Samba vfs_fruit module remote code execution vulnerability is exposed to network traffic from the internet [CVE-2021-44142] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Spring Cloud Function SpringShell vulnerability is exposed to network traffic from the internet [CVE-2022-22963] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Spring Framework SpringShell vulnerability is exposed to network traffic from the internet [CVE-2022-22965] |
Prisma Cloud - VM Alert Prioritization |
Instance affected by Text4shell RCE vulnerability is exposed to network traffic from the internet [CVE-2022-42889] |
Prisma Cloud - VM Alert Prioritization |
Instance is communicating with ports known to mine Bitcoin |
Prisma Cloud - VM Alert Prioritization |
Instance is communicating with ports known to mine Ethereum |
Prisma Cloud - VM Alert Prioritization |
Instances exposed to network traffic from the internet |
Prisma Cloud - VM Alert Prioritization |
Internet connectivity via TCP over insecure port |
Prisma Cloud - VM Alert Prioritization |
Prisma Cloud |
Prisma Cloud |
RedisWannaMine vulnerable instances with active network traffic |
Prisma Cloud - VM Alert Prioritization |
Azure AKS cluster HTTP application routing enabled |
Azure AKS Misconfiguration |
Azure Network Security Group allows all traffic on SQL Server (UDP Port 1434) |
Azure Network Misconfiguration |
AWS CloudTrail is not enabled on the account |
AWS CloudTrail Misconfiguration |
Azure Network Security Group allows all traffic on ICMP (Ping) |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on NetBIOS DNS (TCP Port 53) |
Azure Network Misconfiguration |
AWS CloudTrail trail logs is not integrated with CloudWatch Log |
AWS CloudTrail Misconfiguration |
GCP VM Instances without any Custom metadata information |
GCP Compute Engine Misconfiguration |
AWS IAM password policy does not have a minimum of 14 characters |
AWS IAM Policy Misconfiguration |
Azure Network Security Group allows all traffic on NetBIOS (UDP Port 137) |
Azure Network Misconfiguration |
AWS Default Security Group does not restrict all traffic |
AWS EC2 Instance Misconfiguration |
AWS IAM password policy does not have an uppercase character |
AWS IAM Policy Misconfiguration |
AWS CloudTrail is not enabled with multi trail and not capturing all management events |
AWS CloudTrail Misconfiguration |
Azure Network Security Group allows all traffic on NetBIOS (UDP Port 138) |
Azure Network Misconfiguration |
AWS CloudTrail log validation is not enabled in all regions |
AWS CloudTrail Misconfiguration |
Azure Network Security Group allows all traffic on SQL Server (TCP Port 1433) |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on SSH port 22 |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on FTP (TCP Port 21) |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on Windows RPC (TCP Port 135) |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on Windows SMB (TCP Port 445) |
Azure Network Misconfiguration |
GCP Kubernetes Engine Clusters have binary authorization disabled |
GCP Kubernetes Engine Misconfiguration |
GCP Kubernetes Engine Clusters have Cloud Logging disabled |
GCP Kubernetes Engine Misconfiguration |
Azure Network Security Group having Inbound rule overly permissive to all traffic on TCP protocol |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on MSQL (TCP Port 4333) |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on MySQL (TCP Port 3306) |
Azure Network Misconfiguration |
GCP Kubernetes Engine Clusters have Network policy disabled |
GCP Kubernetes Engine Misconfiguration |
Azure Network Security Group allows all traffic on NetBIOS DNS (UDP Port 53) |
Azure Network Misconfiguration |
GCP VM instances have block project-wide SSH keys feature disabled |
GCP Compute Engine Misconfiguration |
Azure storage account has a blob container with public access |
Azure Storage Misconfiguration |
Azure Network Security Group having Inbound rule overly permissive to all traffic on any protocol |
Azure Network Misconfiguration |
Azure SQL databases Defender setting is set to Off |
Azure SQL Misconfiguration |
Azure Network Security Group allows all traffic on VNC Listener (TCP Port 5500) |
Azure Network Misconfiguration |
Azure Network Security Group allows all traffic on Telnet (TCP Port 23) |
Azure Network Misconfiguration |
Azure SQL database auditing is disabled |
Azure SQL Misconfiguration |
AWS IAM password policy does not have a number |
AWS IAM Policy Misconfiguration |
Azure Network Security Group allows all traffic on PostgreSQL (TCP Port 5432) |
Azure Network Misconfiguration |
AWS IAM password policy allows password reuse |
AWS IAM Policy Misconfiguration |
GCP Kubernetes Engine Clusters have HTTP load balancing disabled |
GCP Kubernetes Engine Misconfiguration |
Azure Network Security Group allows all traffic on RDP Port 3389 |
Azure Network Misconfiguration |
AWS IAM password policy does not have password expiration period |
AWS IAM Policy Misconfiguration |
Azure Network Security Group allows all traffic on SMTP (TCP Port 25) |
Azure Network Misconfiguration |
AWS IAM Password policy is unsecure |
AWS IAM Policy Misconfiguration |
AWS Security Group allows all traffic on RDP port (3389) |
AWS EC2 Instance Misconfiguration |
Azure Storage Account without Secure transfer enabled |
Azure Storage Misconfiguration |
Azure Network Security Group allows all traffic on CIFS (UDP Port 445) |
Azure Network Misconfiguration |
Azure AKS cluster monitoring not enabled |
Azure AKS Misconfiguration |
GCP Kubernetes cluster intra-node visibility disabled |
GCP Kubernetes Engine Misconfiguration |
GCP Kubernetes Engine Clusters have Cloud Monitoring disabled |
GCP Kubernetes Engine Misconfiguration |
Azure Network Security Group having Inbound rule overly permissive to all traffic on UDP protocol |
Azure Network Misconfiguration |
GCP Kubernetes Engine Clusters have Master authorized networks disabled |
GCP Kubernetes Engine Misconfiguration |
AWS IAM password policy does not have a lowercase character |
AWS IAM Policy Misconfiguration |
Azure Network Security Group allows all traffic on FTP-Data (TCP Port 20) |
Azure Network Misconfiguration |
AWS IAM password policy does not expire in 90 days |
AWS IAM Policy Misconfiguration |
GCP Kubernetes Engine Clusters have Legacy Authorization enabled |
GCP Kubernetes Engine Misconfiguration |
Azure SQL Database with Auditing Retention less than 90 days |
Azure SQL Misconfiguration |
AWS IAM password policy does not have a symbol |
AWS IAM Policy Misconfiguration |