Prisma Cloud: Network config policy detects some alerts even if an instance doesn't have any public IP

Prisma Cloud: Network config policy detects some alerts even if an instance doesn't have any public IP

2653
Created On 03/31/24 02:33 AM - Last Modified 10/09/24 20:55 PM


Question


In this scenario a VPC has a public ip range, with some EC2 instances that don't have any public IPs yet detected by network config (CNS) policies?

Environment


  • Prisma Cloud Enterprise Edition
  • CNS (Cloud Network Security)

Answer


Yes, even if the instances don't have any public IPs, some alerts will be triggered as the instances can be accessible from the public internet.

This behavior was added on the release 24.3.1.

Additional Information


* Policy Name: AWS EC2 instance that is reachable from untrust internet source to ports with high risk 

GUI Path: Cloud Security > Alerts > Overview

image.png

* The Instance doesn't have any public IP

GUI Path: AWS console > EC2 > click instance > View Details under properties

image.png

* The VPC has a public ip range CIDR

GUI Path: AWS Console > EC2 > click instance > CIDR

image.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004Ob0CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language