UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Prisma Cloud Compute Defender must reestablish communication to the Console via mutual TLS v1.2 WebSocket session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253545 CNTR-PC-001250 SV-253545r840473_rule Medium
Description
When the secure WebSocket session between the Prisma Cloud Compute Console and Defenders is disconnected, the Defender will continually attempt to reestablish the session. Without reauthentication, unidentified or unknown devices may be introduced; thereby facilitating malicious activity. The Console must be configured to remove a Defender that has not established a connection in a specified period of days.
STIG Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-56997r840471_chk )
Navigate to Prisma Cloud Compute Console's >> Manage >> Defenders.

Select the "Manage" tab. Select the "Defenders" tab.

Click "Advanced Settings".

If "Automatically remove disconnected Defenders after (days)" is not configured to the organization's policies, this is a finding.
Fix Text (F-56948r840472_fix)
Navigate to Prisma Cloud Compute's Manage >> Defenders.

Select the "Manage" tab. Select the "Defenders" tab.

Click "Advanced Settings".

Set the "Automatically remove disconnected Defenders after (days)" value to the organization's defined period.