The node that runs Prisma Cloud Compute containers must have sufficient disk space to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-253542 | CNTR-PC-001030 | SV-253542r840464_rule | Medium |
| Description |
|---|
| To ensure sufficient storage capacity in which to write the audit logs, Prisma Cloud compute must be able to allocate audit record storage capacity. |
| STIG | Date |
|---|---|
| Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-56994r840462_chk ) |
|---|
| When deploying Prisma Cloud Compute within a Kubernetes cluster, the Console's persistent value is by default 100GB. The logs are stored within this persistent volume. Within the Kubernetes cluster, issue the command "kubectl get pv". If the twistlock/twistlock-console claim's capacity is not 100GB or greater, this is a finding. |
| Fix Text (F-56945r840463_fix) |
|---|
| When deploying the Prisma Cloud Console, specify the size of the persistent volume with the "—persistent-volume-storage" parameter. |