April 16, 2021
VictoriaMetrics and new endpoints
The Microsegmentation Console offers better performance at scale by moving from InfluxDB to VictoriaMetrics for time-series data.
/statsinfo endpoints are now deprecated and will be removed very soon.
Ensure that your automations, scripts, and applications use the following new endpoints instead.
|New endpoint||apoctl documentation||API documentation|
Cloud accounts synchronized immediately
The cloud accounts you’ve onboarded to Prisma Cloud now sync with Microsegmentation immediately.
Web interface enhancements
A new Namespace > Settings tab allows you to modify settings of the namespace, such as its tag prefixes.
We now show the Agent > Deploy pane in all namespaces.
The namespace selector displays
~for the parent namespace instead of the Prisma ID for better readability. Clicking the Copy button copies the actual Prisma ID.
We now disable the To parent namespace button in the namespace selector if the user does not have permissions to access the parent.
Better logging and troubleshooting for enforcer installs
The enforcer now writes installation-related messages to the following LOG files for easier troubleshooting:
apoctl enforcer collect techsupportcommand allows you to execute all of the
collectsubcommands and download the results in a single compressed file. Refer to the reference documentation for more details.
CNS-172: Modifications to the
ignoreExpressionin an enforcer profile no longer require an enforcer restart to take effect.
CNS-1411: The web interface no longer includes
sudoin the command to install a
CNS-1687: The documentation and web interface commands for cloud enforcer installs no longer include an unnecessary Microsegmentation token.
CNS-153: When using relative time values with
apoctl, the values must be in relation to Pacific Standard Time (PST). For example, if you are in France and want to retrieve the last five minues of flow logs, you could use
-9h5m. Another workaround for this issue is to use absolute time values.
CNS-1651: The enforcer fails to recover after a third party removes some of its iptables rules.
Error: 'namespace' doesn't exist in the URL. Please make sure 'useInitUrlParam' is calledsometimes occurs when switching between panes under Dashboard.
CNS-1730: Traffic to the domain in an external network occasionally goes to
CNS-1733: Deselecting Show policed flows in the App Dependency Map pane produces unexpected results.
CNS-1750: Users with NetSecOps permissions have difficulty navigating between namespaces.
CNS-1755: Fonts in the web interface vanish on external monitors with a
CNS-1863: The initial attempt to install the enforcer on Red Hat Enterprise Linux (RHEL) 8.1 or 8.2 fails with the message
error: unable to run command 'yum install -y prisma-enforcer': signal: broken pipe. To work around this issue, rerun the command.
Namespace Editor role: If you have any API authorizations using this role, migrate them to the Namespace Administrator role. We will remove the Namespace Editor role in a future release.
Host services: If you are using host services, migrate to external networks and network rulesets. We will remove host services in a future release.