PDF PCCSE Study Guide

Visual Studio Code IntelliJ IDEA

This section describes the incident types surfaced in Incident Explorer.

Altered binary

Backdoor admin accounts

Backdoor SSH access

Brute force

Crypto miners

Execution flow hijack attempt

Kubernetes attack

Lateral movement

Malware

Port scanning

Reverse shell

Suspicious binary

To scan container images in Jenkins pipelines, two effective methods are using twistcli and the Compute Jenkins plugin. twistcli is a command-line tool provided by Prisma Cloud that allows for the scanning of container images for vulnerabilities and compliance issues directly from the CI/CD pipeline. It can be integrated into Jenkins jobs as a build or post-build step to automatically scan images as part of the build process.

The Compute Jenkins plugin is specifically designed for integration with Jenkins, providing a more seamless and automated way to include Prisma Cloud's security scanning capabilities within Jenkins pipelines. This plugin enables Jenkins to trigger image scans with Prisma Cloud directly and can fail builds based on scan results, ensuring that only secure and compliant images are pushed through the CI/CD pipeline.

Both twistcli and the Compute Jenkins plugin are designed to integrate Prisma Cloud's security capabilities into the CI/CD process, enabling DevOps teams to identify and fix security issues early in the development lifecycle.

In Prisma Cloud, to automatically enable all severity levels for alerts, a user would need to navigate to the Policies section, then to Settings. Within this area, there is an option for "auto-enable default policies," which, when checked for all severity levels, ensures that any default policies related to those severities are automatically activated. This is a configuration setting that streamlines the alerting process by ensuring that all relevant severity levels are covered by the default policies without the need for manual intervention.

Step 1- To enable global settings for Prisma Cloud default policies click "Settings" and select "Enterprise Settings" Step 2- To enable policies based on severity, select Auto enable new default policies of the type—Critical, High, Medium, Low or Informational.