← Back to Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

V-253528

CAT II (Medium)

Prisma Cloud Compute must be configured for forensic data collection.

Rule ID

SV-253528r960903_rule

STIG

Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000134, CCI-002884

Discussion

Prisma Cloud Compute correlates raw audit data to actionable security intelligence, enabling a more rapid and effective response to incidents. This reduces the manual, time-consuming task of correlating data. Prisma Cloud Forensics is a lightweight distributed data recorder that runs alongside all containers in the environment. Prisma Cloud continuously collects detailed runtime information to help incident response teams understand what happened before, during, and after a breach. Forensic data consists of additional supplemental runtime events that complement the data (audits) already captured by Prisma Cloud's runtime sensors. It provides additional context when trying to identify the root cause of an incident. Satisfies: SRG-APP-000099-CTR-000190, SRG-APP-000409-CTR-000990

Check Content

Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Forensics tab. 

If "Forensics data collection" is disabled, this is a finding.

Fix Text

Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Forensics tab. 

Set "Forensics data collection" to "enabled".