Prisma Cloud - Classifier

Classifies incoming Prisma Cloud alerts that are created through the 'fetch incidents' command in the Prisma Cloud integration.

Prisma Cloud by Palo Alto Networks Classification

Details

IDRedLock
Typeclassification
Version-1
From Version6.0.0
Default Incident TypePrisma Cloud
FeedNo

Key Type Map

KeyIncident Type
AWS EC2 instance not configured with Instance Metadata Service v2 (IMDSv2) Prisma Cloud - VM Alert Prioritization
AWS EC2 instance that is internet reachable with unrestricted access (0.0.0.0/0) Prisma Cloud - VM Alert Prioritization
AWS EC2 instance with unrestricted outbound access to internet Prisma Cloud - VM Alert Prioritization
Azure VM data disk is encrypted with the default encryption key instead of ADE/CMK Prisma Cloud - VM Alert Prioritization
Azure Virtual Machine in running state that is internet reachable with unrestricted access (0.0.0.0/0) Prisma Cloud - VM Alert Prioritization
Instance affected by Apache Log4j JDBC Appender remote code execution vulnerability is exposed to network traffic from the internet [CVE-2021-44832] Prisma Cloud - VM Alert Prioritization
Instance affected by Apache Log4j Thread Context Map remote code execution vulnerability is exposed to network traffic from the internet [CVE-2021-45046] Prisma Cloud - VM Alert Prioritization
Instance affected by Apache Log4j denial of service vulnerability is exposed to network traffic from the internet [CVE-2021-45105] Prisma Cloud - VM Alert Prioritization
Instance affected by Apache Log4j vulnerability is exposed to network traffic from the internet [CVE-2021-44228] Prisma Cloud - VM Alert Prioritization
Instance affected by Argo CD vulnerability is exposed to network traffic from the internet [CVE-2022-24348] Prisma Cloud - VM Alert Prioritization
Instance affected by Dirty Pipe vulnerability is exposed to network traffic from the internet [CVE-2022-0847] Prisma Cloud - VM Alert Prioritization
Instance affected by Java Psychic Signatures vulnerability is exposed to network traffic from the internet [CVE-2022-21449] Prisma Cloud - VM Alert Prioritization
Instance affected by Linux kernel container escape vulnerability is exposed to network traffic from the internet [CVE-2022-0185] Prisma Cloud - VM Alert Prioritization
Instance affected by OMIGOD vulnerability is exposed to network traffic from the internet [CVE-2021-38647] Prisma Cloud - VM Alert Prioritization
Instance affected by OpenSSL X.509 email address 4-Byte BOF (Spooky SSL) vulnerability is exposed to network traffic from the internet [CVE-2022-3602] Prisma Cloud - VM Alert Prioritization
Instance affected by SMB DCE/RPC remote code execution vulnerability is exposed to network traffic from the internet [CVE-2022-26809] Prisma Cloud - VM Alert Prioritization
Instance affected by Samba vfs_fruit module remote code execution vulnerability is exposed to network traffic from the internet [CVE-2021-44142] Prisma Cloud - VM Alert Prioritization
Instance affected by Spring Cloud Function SpringShell vulnerability is exposed to network traffic from the internet [CVE-2022-22963] Prisma Cloud - VM Alert Prioritization
Instance affected by Spring Framework SpringShell vulnerability is exposed to network traffic from the internet [CVE-2022-22965] Prisma Cloud - VM Alert Prioritization
Instance affected by Text4shell RCE vulnerability is exposed to network traffic from the internet [CVE-2022-42889] Prisma Cloud - VM Alert Prioritization
Instance is communicating with ports known to mine Bitcoin Prisma Cloud - VM Alert Prioritization
Instance is communicating with ports known to mine Ethereum Prisma Cloud - VM Alert Prioritization
Instances exposed to network traffic from the internet Prisma Cloud - VM Alert Prioritization
Internet connectivity via TCP over insecure port Prisma Cloud - VM Alert Prioritization
Prisma Cloud Prisma Cloud
RedisWannaMine vulnerable instances with active network traffic Prisma Cloud - VM Alert Prioritization
Azure AKS cluster HTTP application routing enabled Azure AKS Misconfiguration
Azure Network Security Group allows all traffic on SQL Server (UDP Port 1434) Azure Network Misconfiguration
AWS CloudTrail is not enabled on the account AWS CloudTrail Misconfiguration
Azure Network Security Group allows all traffic on ICMP (Ping) Azure Network Misconfiguration
Azure Network Security Group allows all traffic on NetBIOS DNS (TCP Port 53) Azure Network Misconfiguration
AWS CloudTrail trail logs is not integrated with CloudWatch Log AWS CloudTrail Misconfiguration
GCP VM Instances without any Custom metadata information GCP Compute Engine Misconfiguration
AWS IAM password policy does not have a minimum of 14 characters AWS IAM Policy Misconfiguration
Azure Network Security Group allows all traffic on NetBIOS (UDP Port 137) Azure Network Misconfiguration
AWS Default Security Group does not restrict all traffic AWS EC2 Instance Misconfiguration
AWS IAM password policy does not have an uppercase character AWS IAM Policy Misconfiguration
AWS CloudTrail is not enabled with multi trail and not capturing all management events AWS CloudTrail Misconfiguration
Azure Network Security Group allows all traffic on NetBIOS (UDP Port 138) Azure Network Misconfiguration
AWS CloudTrail log validation is not enabled in all regions AWS CloudTrail Misconfiguration
Azure Network Security Group allows all traffic on SQL Server (TCP Port 1433) Azure Network Misconfiguration
Azure Network Security Group allows all traffic on SSH port 22 Azure Network Misconfiguration
Azure Network Security Group allows all traffic on FTP (TCP Port 21) Azure Network Misconfiguration
Azure Network Security Group allows all traffic on Windows RPC (TCP Port 135) Azure Network Misconfiguration
Azure Network Security Group allows all traffic on Windows SMB (TCP Port 445) Azure Network Misconfiguration
GCP Kubernetes Engine Clusters have binary authorization disabled GCP Kubernetes Engine Misconfiguration
GCP Kubernetes Engine Clusters have Cloud Logging disabled GCP Kubernetes Engine Misconfiguration
Azure Network Security Group having Inbound rule overly permissive to all traffic on TCP protocol Azure Network Misconfiguration
Azure Network Security Group allows all traffic on MSQL (TCP Port 4333) Azure Network Misconfiguration
Azure Network Security Group allows all traffic on MySQL (TCP Port 3306) Azure Network Misconfiguration
GCP Kubernetes Engine Clusters have Network policy disabled GCP Kubernetes Engine Misconfiguration
Azure Network Security Group allows all traffic on NetBIOS DNS (UDP Port 53) Azure Network Misconfiguration
GCP VM instances have block project-wide SSH keys feature disabled GCP Compute Engine Misconfiguration
Azure storage account has a blob container with public access Azure Storage Misconfiguration
Azure Network Security Group having Inbound rule overly permissive to all traffic on any protocol Azure Network Misconfiguration
Azure SQL databases Defender setting is set to Off Azure SQL Misconfiguration
Azure Network Security Group allows all traffic on VNC Listener (TCP Port 5500) Azure Network Misconfiguration
Azure Network Security Group allows all traffic on Telnet (TCP Port 23) Azure Network Misconfiguration
Azure SQL database auditing is disabled Azure SQL Misconfiguration
AWS IAM password policy does not have a number AWS IAM Policy Misconfiguration
Azure Network Security Group allows all traffic on PostgreSQL (TCP Port 5432) Azure Network Misconfiguration
AWS IAM password policy allows password reuse AWS IAM Policy Misconfiguration
GCP Kubernetes Engine Clusters have HTTP load balancing disabled GCP Kubernetes Engine Misconfiguration
Azure Network Security Group allows all traffic on RDP Port 3389 Azure Network Misconfiguration
AWS IAM password policy does not have password expiration period AWS IAM Policy Misconfiguration
Azure Network Security Group allows all traffic on SMTP (TCP Port 25) Azure Network Misconfiguration
AWS IAM Password policy is unsecure AWS IAM Policy Misconfiguration
AWS Security Group allows all traffic on RDP port (3389) AWS EC2 Instance Misconfiguration
Azure Storage Account without Secure transfer enabled Azure Storage Misconfiguration
Azure Network Security Group allows all traffic on CIFS (UDP Port 445) Azure Network Misconfiguration
Azure AKS cluster monitoring not enabled Azure AKS Misconfiguration
GCP Kubernetes cluster intra-node visibility disabled GCP Kubernetes Engine Misconfiguration
GCP Kubernetes Engine Clusters have Cloud Monitoring disabled GCP Kubernetes Engine Misconfiguration
Azure Network Security Group having Inbound rule overly permissive to all traffic on UDP protocol Azure Network Misconfiguration
GCP Kubernetes Engine Clusters have Master authorized networks disabled GCP Kubernetes Engine Misconfiguration
AWS IAM password policy does not have a lowercase character AWS IAM Policy Misconfiguration
Azure Network Security Group allows all traffic on FTP-Data (TCP Port 20) Azure Network Misconfiguration
AWS IAM password policy does not expire in 90 days AWS IAM Policy Misconfiguration
GCP Kubernetes Engine Clusters have Legacy Authorization enabled GCP Kubernetes Engine Misconfiguration
Azure SQL Database with Auditing Retention less than 90 days Azure SQL Misconfiguration
AWS IAM password policy does not have a symbol AWS IAM Policy Misconfiguration