Prisma Cloud Compute must be configured for forensic data collection.

Finding ID	Version	Rule ID	IA Controls	Severity
V-253528	CNTR-PC-000260	SV-253528r960903_rule	CCI-000134	medium
Description
Prisma Cloud Compute correlates raw audit data to actionable security intelligence, enabling a more rapid and effective response to incidents. This reduces the manual, time-consuming task of correlating data. Prisma Cloud Forensics is a lightweight distributed data recorder that runs alongside all containers in the environment. Prisma Cloud continuously collects detailed runtime information to help incident response teams understand what happened before, during, and after a breach. Forensic data consists of additional supplemental runtime events that complement the data (audits) already captured by Prisma Cloud's runtime sensors. It provides additional context when trying to identify the root cause of an incident. Satisfies: SRG-APP-000099-CTR-000190, SRG-APP-000409-CTR-000990
STIG			Date
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide			2024-12-06

4 paths across 3 frameworks

NIST 800-531 mapping

1.00

NIST 800-1712 mappings

1.00

1.00

CCI1 mapping

CCI-000134

1.00

Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Forensics tab. If "Forensics data collection" is disabled, this is a finding.

Navigate to Prisma Cloud Compute Console's >> Manage >> System >> Forensics tab. Set "Forensics data collection" to "enabled".