9.2 Late Requests (#908)

* 9.2 Late Requests

* alerts RLP-151055 update

docs/en/enterprise-edition/content-collections/alerts/alerts.adoc

@@ -27,8 +27,8 @@ xref:../application-security/risk-management/monitor-and-manage-code-build/drift
 |Generate alert reports
 |xref:../reports/create-and-manage-reports.adoc#alerts[Generate reports on alerts]
 
-|Understand the different alert states and alert resolution reasons
-|xref:prisma-cloud-alert-resolution-reasons.adoc[Resolution reasons]
+|Understand the different alert states and alert status reasons
+|xref:prisma-cloud-alert-status-reasons.adoc[Status reasons]
 
 xref:alert-notifications-state-changes.adoc[State change notifications to external integrations]
 

docs/en/enterprise-edition/content-collections/alerts/collection-alerts.yml

@@ -42,7 +42,7 @@ topics:
 #   file: generate-reports-on-prisma-cloud-alerts.adoc
 # - name: Alert Payload
 #   file: alert-payload.adoc
-  - name: Prisma Cloud Alert Resolution Reasons
-    file: prisma-cloud-alert-resolution-reasons.adoc
+  - name: Prisma Cloud Alert Status Reasons
+    file: prisma-cloud-alert-status-reasons.adoc
   - name: Alert Notifications on State Change
     file: alert-notifications-state-changes.adoc

docs/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts.adoc

@@ -82,10 +82,16 @@ Select the alert ID link to open the side panel and review the alert details.
 
 ** As needed, *Download* the filtered list of alert details to a CSV file.
 //(image:alerts/download-alerts.png[])
-+
-When you add a cloud account on Prisma Cloud and then delete it, you can no longer view alerts associated with that account on *Alerts > Overview*, and the alert count does not include alerts for a deleted cloud account. If you add the account back on Prisma Cloud within a 24-hour period, the existing alerts will display again. After 24 hours, the alerts are resolved with the resolution reason *Account Deleted* and then permanently deleted.
-+
-NOTE: Alerts associated with active cloud accounts are currently kept for the duration of the service. When cloud accounts are deleted from Prisma Cloud, the associated alerts are held for an additional 24 hours after which they are permanently deleted. Configuration of assets active in the cloud environment is retained for the duration of the service as well. Upon termination of the service, data in live systems is stored for up to 60 days, after which it will be deleted from live systems. Purge of backup data may take up to an additional 60 days.
+
+//When you add a cloud account on Prisma Cloud and then delete it, you can no longer view alerts associated with that account on *Alerts > Overview*, and the alert count does not include alerts for a deleted cloud account. After you delete an account, all related data is purged after 24 hours. If you accidently deleted an account, you can add the account back on Prisma Cloud within a 24-hour period, and the data associated with the account will be restored and the existing alerts will display again. After 24 hours, the alerts are resolved with the resolution reason *Account Deleted* and then permanently deleted.
+
+NOTE: 
+
+* Cloud Account Deletion from Prisma Cloud: When you delete a cloud account, all associated data, including alerts, are retained for an additional 24 hours, after which they are permanently deleted. If you accidentally delete an account, you can restore it within 24 hours and recover all related data. 
+
+* Asset Deletion from a Cloud Account onboarded on Prisma Cloud: Asset configurations are retained on Prisma Cloud for 60 days after the assets data are deleted. 
+
+//Alerts associated with active cloud accounts are currently kept for the duration of the service. When cloud accounts are deleted from Prisma Cloud, the associated alerts are held for an additional 24 hours after which they are permanently deleted. Configuration of assets active in the cloud environment is retained for the duration of the service as well. Upon termination of the service, data in live systems is stored for up to 60 days, after which it will be deleted from live systems. Purge of backup data may take up to an additional 60 days.
 
 
 [#alert-actions]

docs/en/enterprise-edition/rn/limited-ga-features-prisma-cloud/limited-ga-features-prisma-cloud.adoc

@@ -9,6 +9,12 @@ The LGA features are not available on all stacks and are subject to change by th
 |FEATURE
 |DESCRIPTION
 
+// |*Secrets*
+//RLP- to create a doc ticket
+
+// | A new *Secrets* findings in Investigate helps you prioritize or find assets with secret exposure risks. 5 attributes of secret findings. secret type > dropdown multiple secret type supported.
+
+
 |*Tag-based RBAC with Resource Lists*
 //RLP-143394
 

docs/en/enterprise-edition/rn/look-ahead-planned-updates-prisma-cloud/look-ahead-secure-the-infrastructure.adoc

@@ -58,21 +58,21 @@ If you have any questions or feedback, contact your Prisma Cloud Customer Suppor
 |*Feature*
 |*Description*
 
-|*Update Google Kubernetes Engine*
-//RLP-150422, Check the fixversion again before moving the blurb in 10.1. The Fixversion may change to 11.1.
-
-|Starting with the 24.10.1 release, the JSON resource attributes `isMasterVersionSupported` and `isNodeVersionSupported` for *gcloud-container-describe-clusters* API will be updated to align with the CSP *GetServerConfig* API. This change will provide accurate results for policy violation alerts related to the default policies— *GCP GKE unsupported Master node version* and *GCP GKE unsupported node version*.
+|*Amazon Elastic Container Registry (ECR)*
+//RLP-150134; Added in LA in 9.1; updated text in 9.2; move to Features Introduced in October > Changes in Existing Behavior.
 
-*Impact—* No impact on existing alerts. New alerts will be generated against policy violations based on the complete GKE version used for clusters and nodes. If you have custom policies, you must manually update them to receive the alerts.
+|Starting with the 24.10.1 release, the format of `external_asset_id` for `aws-ecr-image` resources will change. As a result, all existing `aws-ecr-image` resources will be deleted in Prisma Cloud and the corresponding *Open* alerts will be resolved as *Closed*.
 
-|*Update Amazon Elastic Container Registry (ECR)*
-//RLP-150134
+Prisma Cloud will automatically fetch all the live ECR images from your cloud accounts and create them as new resources with the new `external_asset_id` format. New alerts will be generated for resources that match the active policies in your tenant.
 
-|Starting with the 24.10.1 release, the `external_asset_id` for `aws-ecr-image` in Prisma Cloud will be updated in the backend. As a result, all resources for `aws-ecr-image` API will be deleted and then regenerated on the management console.
+*Impact—* You may notice a temporary drop in `aws-ecr-image` resource count and open alert count. However, after the `aws-ecr-image` resources are automatically ingested, the corresponding live resource count and open alert count will return to the previous levels.
 
-Existing alerts corresponding to these resources will be resolved as Closed, and new alerts will be generated against policy violations.
 
-*Impact—* You may notice a reduced count for the number of alerts. However, once the resources for the aws-ecr-image API resumes ingesting data, the alert count will return to the original numbers.
+// |*Amazon Elastic Container Registry (ECR)*
+//RLP-150134
+// |Starting with the 24.10.1 release, the `external_asset_id` for `aws-ecr-image` in Prisma Cloud will be updated in the backend. As a result, all resources for `aws-ecr-image` API will be deleted and then regenerated on the management console.
+// Existing alerts corresponding to these resources will be resolved as Closed, and new alerts will be generated against policy violations.
+// *Impact—* You may notice a reduced count for the number of alerts. However, once the resources for the aws-ecr-image API resumes ingesting data, the alert count will return to the original numbers.
 
 
 |*Amazon EC2 Ingestion*
@@ -91,6 +91,15 @@ If you have any questions, contact your Prisma Cloud Customer Success Representa
 
 *Impact—* To detect role chaining, new permissions will be created where AWS roles as the source serves as the principal of another role. These new permissions could lead to new alerts being generated, where they did not exist before.
 
+
+|*Google Kubernetes Engine*
+//RLP-150422, Check the fixversion again before moving the blurb in 10.1. The Fixversion may change to 11.1.
+
+|Starting with the 24.10.1 release, the JSON resource attributes `isMasterVersionSupported` and `isNodeVersionSupported` for *gcloud-container-describe-clusters* API will be updated to align with the CSP *GetServerConfig* API. This change will provide accurate results for policy violation alerts related to the default policies— *GCP GKE unsupported Master node version* and *GCP GKE unsupported node version*.
+
+*Impact—* No impact on existing alerts. New alerts will be generated against policy violations based on the complete GKE version used for clusters and nodes. If you have custom policies, you must manually update them to receive the alerts.
+
+
 |*Updates to GCP Terraform Template*
 //RLP-150820
 
@@ -100,6 +109,24 @@ With this change, you need not manually enter the necessary API permissions unde
 
 *Impact—* This change will not affect the onboarding *Status* of your accounts.
 
+
+|*Audit Logs Pagination and Filter*
+//RLP-151119
+
+|Starting with the 24.11.1 release, the Audit Logs will include enhancements to improve performance, reduce data load times, and provide more granular control over data retrieval:
+
+* The Audit Logs page will display paginated data, which will enhance navigation through extensive logs and the filtering options will provide you with more control over your log data. 
+
+* You will also be able to use the new API to programatically leverage the new pagination and filter capabilities to streamline your use cases. 
+
+
+// |*RQL API Rate Limits* 
+//to create RLP
+
+// |Starting with the 24.12.1 release, to improve the user experience, a response size limit of 100K records is now implemented for the https://pan.dev/prisma-cloud/api/cspm/rl-audit-logs/[GET - /audit/redlock] Audit Logs endpoint.
+
+// *Impact—* Requests exceeding 100K records limit results in a *413 Payload Too Large* error with _X-Record-Count_ header, which indicates the number of records that were being requested.
+
 |===
 
 
@@ -672,6 +699,20 @@ No API ingestions planned for 24.10.1 release.
 |*Sunset Release*
 |*Replacement Endpoints*
 
+|tt:[*Audit Logs API*]
+//RLP-151119
+
+Starting from November 2024, you must transition to the new Audit Logs API. Prisma Cloud will provide a migration period of six months after which the https://pan.dev/prisma-cloud/api/cspm/rl-audit-logs/[current API] will be deprecated.
+
+Once the deprecation period is over, you will have access to only the new API with pagination and filter support.
+
+|24.11.1
+
+|25.5.1
+
+|Will be provided in the 24.11.1 Release Notes.
+
+
 |tt:[*Vulnerabilities Dashboard APIs*]
 //RLP-147410
 

docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-august-2024.adoc

@@ -121,7 +121,7 @@ tt:[24.8.2]
 
 |*Data Security Posture Management and Artificial Intelligence Security Posture Management*
 
-tt:[Secure the Infrastructure]
+tt:[Secure the Data]
 
 tt:[24.8.1] 
 
@@ -131,10 +131,14 @@ tt:[24.8.1]
 
 * https://docs.prismacloud.io/en/enterprise-edition/content-collections/data-security-posture-management/welcome-to-prisma-cloud-aispm/introduction-ai[AI-SPM] provides complete visibility in to your AI pipelines. It prioritizes misconfigurations and strengthens the overall integrity of your AI framework and minimizes the risk of data exposure and compliance breaches.
 
+You can subscribe to DSPM from the Prisma Cloud console. Select your user *Profile icon > View Subscriptions* and click *Subscribe* under Data Security Posture Management.
+
+image::dspm-subscription.png[]
+
 |*DSPM Permissions and Default Permission Group*
 //RLP-146508, RLP-147749
 
-tt:[Secure the Infrastructure]
+tt:[Secure the Data]
 
 tt:[24.8.1] 
 

docs/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-september-2024.adoc

@@ -57,6 +57,29 @@ tt:[24.9.2]
 
 | https://docs.prismacloud.io/en/enterprise-edition/content-collections/application-security/visibility/sbom/sbom#package-op-risk[Package Operational Risk] assesses the operational risk and potential impact of each open-source package in your codebase. This analysis results in package operational risk severity levels categorized into *High*, *Medium*, and *Low*. By prioritizing risks based on these categories, you can effectively focus remediation efforts on the most critical issues.
 
+|*DSPM Integration with Attack Path and Asset Inventory*
+//RLP-149791
+
+tt:[Secure the Data]
+
+tt:[24.9.2]
+
+|If an Attack Path has access to a data store, you can now view the sensitivity, sensitivity label, data types, and record of data for the data store in that Attack Path. Prisma Cloud decorates the data store that contains sensitive data with a crown jewel icon. Note that the icon is displayed for individual assets and not for grouped nodes.
+
+Prisma Cloud supports the following list of assets that are currently in the attack path and in the DSPM module:
+
+* AWS: S3, EC2 Instance, RDS, DynamoDB, Redshift
+
+* Azure: Azure Blob Storage, Cosmos DB, Azure Virtual Machine
+
+* GCP: Cloud SQL, Spanner, Cloud Storage, Bigtable
+
+image::dspm-attack-path-1.png[]
+
+Additionally, when you select an asset on the Asset Inventory page a new *Data* tab in the asset sidecar displays data findings such as data types and labels. 
+
+image::dspm-asset-data-1.png[]
+
 
 |*Improved Shared Views*
 //RLP-147440