Build Image, Scan Image, Publish Scan, Commit to Registry (if scan result is passed)

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admincompute/compliance/ manage_compliance.html

In the context of Prisma Cloud by Palo Alto Networks, the correct navigation to identify alerted

compliance checks set by default is under the "Defend" section, specifically at "Defend >

Compliance." This section is designed to allow users to configure and manage compliance policies

and rules, monitor compliance statuses, and review alerts related to compliance violations. The

"Defend" section is tailored for setting up defenses, including compliance standards, against potential

security risks within the cloud environment, making it the logical location for managing and

reviewing compliance-related alerts and settings.

Install IntelliJ IDE

Add Prisma Cloud plugin

Configure the Prisma Cloud plugin

Scan using the Prisma Cloud plugin

To configure and use the Prisma Cloud plugin for scanning within the IntelliJ Integrated Development

Environment (IDE), you must follow a series of steps in a specific order to ensure proper setup and

functionality.

Firstly, you need to have the IntelliJ IDE installed on your system. Without the IDE, you cannot add or

use the Prisma Cloud plugin, as it is designed to work within this development environment.

Secondly, after installing the IntelliJ IDE, you add the Prisma Cloud plugin. This involves navigating to

the plugin marketplace within IntelliJ and selecting the Prisma Cloud plugin for installation.

Once the plugin is added to your IntelliJ IDE, the next step is to configure the Prisma Cloud plugin.

This configuration may include setting up your Prisma Cloud credentials, specifying your scan

options, and other settings that tailor the plugin's functionality to your needs.

Finally, after the plugin is installed and configured, you can proceed to scan your project using the

Prisma Cloud plugin. This will check your code against security policies and compliance standards,

providing feedback and recommendations for any identified issues.

Following these steps ensures that the Prisma Cloud plugin is properly integrated into your IntelliJ

development workflow, allowing for continuous security and compliance checks as part of the

development process.

Block — Defender stops the entire container if a process that violates your policy attempts to run.

https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense

_containers.html#_effect

Retrieving Prisma Cloud Console images involves accessing a specific registry provided by Palo Alto

Networks and authenticating using basic authentication with 'docker login'. Once authenticated, the

user can pull the Prisma Cloud Console images using the 'docker pull' command. This process is part

of the initial setup for deploying Prisma Cloud Console in an environment, allowing users to obtain

the necessary images to run the Console, which serves as the central management interface for

Prisma Cloud. The detailed steps, including the specific registry URL and authentication method, are

typically provided in the Prisma Cloud documentation, ensuring that users have the information

needed to successfully retrieve and deploy Console images.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-editionadmin/firewalls/deploy_cnaf

When configuring Cloud Native Application Firewall (CNAF) rules, the specified port should be the

one where the container itself listens for web traffic. In this scenario, since the NGINX container is

listening on port 8080, the CNAF rule should be configured to protect traffic on port 8080. This

ensures that the firewall rule is applied to the traffic intended for the container, regardless of the port

mapping on the host.

The documentation from Palo Alto Networks provides guidance on deploying CNAF and specifies

that the port in the firewall rule should match the container’s listening port, not the host’s mapped

port. This is an important distinction for properly securing containerized applications with CNAF.

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmZ4CAK

The error message encountered by the user trying to log into the Prisma Cloud console is likely due

to an incorrect configuration in the Just-In-Time (JIT) settings, specifically the attribute name used for

JIT authentication. This could prevent the user from being recognized correctly by the Prisma Cloud

console.

https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Palo_Alto_Networks_PCCSE/page_38_img_1.jpg

Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloudpolicies/create-a- policy.html

Select Policies and click Add Policy

Build the query

Add the compliance standards

Click Submit.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloudpolicies/create-a-policy

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admincompute/tools/twistcli_scan_images