Prisma Cloud Compute Defender must reestablish communication to the Console via mutual TLS v1.2 WebSocket session.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-253545	SRG-APP-000390-CTR-000930	CNTR-PC-001250	SV-253545r986174_rule	2024-12-06	2

Description
When the secure WebSocket session between the Prisma Cloud Compute Console and Defenders is disconnected, the Defender will continually attempt to reestablish the session. Without reauthentication, unidentified or unknown devices may be introduced; thereby facilitating malicious activity. The Console must be configured to remove a Defender that has not established a connection in a specified period of days.

Description

When the secure WebSocket session between the Prisma Cloud Compute Console and Defenders is disconnected, the Defender will continually attempt to reestablish the session. Without reauthentication, unidentified or unknown devices may be introduced; thereby facilitating malicious activity. The Console must be configured to remove a Defender that has not established a connection in a specified period of days.

ℹ️ Check
Navigate to Prisma Cloud Compute Console's >> Manage >> Defenders. Select the "Manage" tab. Select the "Defenders" tab. Click "Advanced Settings". If "Automatically remove disconnected Defenders after (days)" is not configured to the organization's policies, this is a finding.

✔️ Fix
Navigate to Prisma Cloud Compute's Manage >> Defenders. Select the "Manage" tab. Select the "Defenders" tab. Click "Advanced Settings". Set the "Automatically remove disconnected Defenders after (days)" value to the organization's defined period.