What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?
What is the frequency to create a compliance report? (Choose two.)
In Prisma Cloud, compliance reports can be generated on a one-time basis or on a recurring schedule. The option for a one-time report allows users to generate a specific report instantly based on the current state of the environment. The recurring option enables users to set up automatic generation of reports at regular intervals, such as weekly or monthly, to track compliance over time. This functionality ensures continuous compliance monitoring and helps in maintaining security standards across cloud resources.
Which two integrations enable ingesting host findings to generate alerts? (Choose two.)
To ingest host findings and generate alerts in Prisma Cloud, integrations with Tenable (B) and Qualys (D) are supported. These integrations allow Prisma Cloud to ingest vulnerability and compliance data from Tenable and Qualys, which are renowned vulnerability management solutions. By integrating these tools, Prisma Cloud can enhance its visibility into the security posture of hosts within the cloud environment, enabling more comprehensive threat detection and response capabilities. The integration facilitates the aggregation and correlation of findings from these external sources, enriching the overall security intelligence and enabling more informed and timely decision-making regarding threat mitigation and compliance management.
Given the following information, which twistcli command should be run if an administrator were to exec into a running container and scan it from within using an access token for authentication?
* Console is located at https://prisma-console.mydomain.local
* Token is: TOKEN_VALUE
* Report ID is: REPORTJD
* Container image running is: myimage:latest
The response from Jihe would be correct if this wasn't be run from within the container. In the question, we are running from inside the container, and therefor there is no need to specify an image/tarball. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_image Further down in the documentation linked by Jihe, there is a section that shows the proper syntax when running twistcli from within a container. The example there is almost a perfect copy of this question. Spippolo has the correct response.
$ docker run \
-v /PATH/TO/TWISTCLI_DIR:/tools \
-e TW_TOKEN=<API_TOKEN> \
-e TW_CONSOLE=<COMPUTE_CONSOLE> \
--entrypoint='' \
<IMAGE_NAME> \
/tools/twistcli images scan \
--containerized \
--details \
--address $TW_CONSOLE \
--token $TW_TOKEN \
<REPORT_ID>
Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)
This section describes the incident types surfaced in Incident Explorer.
Altered binary
Backdoor admin accounts
Backdoor SSH access
Brute force
Crypto miners
Execution flow hijack attempt
Kubernetes attack
Lateral movement
Malware
Port scanning
Reverse shell
Suspicious binary
