Prisma Cloud Compute: Does Prisma Cloud currently support detection for the NPM Supply Chain Attack?

Does Prisma Cloud currently support detection for the NPM Supply Chain Attack?

• Prisma Cloud Compute v34.02.133

Prisma Cloud has two possible detections for the NPM supply chain attacks.

 1. The first method of detection is hash-based detection via Palo Alto Networks' Wildfire malware feed.

• Currently, the wildfire malware detection service is able to detect the compromised npm packages via their known hashes.
• When a Prisma Cloud Defender encounters a new binary, and Wildfire is enabled, it will query Wildfire to see the verdict of that executable. If is it malicious it will block the execution.
• Please review the following documentation for further information on malware detection capabilities within Prisma Cloud as well as the wildfire service documentation here

2. Prisma Cloud is capable of detecting these vulnerable NPM packages through the implementation of custom vulnerabilities as well. It is necessary to create custom vulnerabilities associated with the affected packages and package versions:

• Please refer to the following article for a list of affected packages here
• Please refer to the following for a guide on creating custom vulnerabilities in Prisma Cloud here