diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..d5031ac1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.DS_Store +admin_guide/.DS_Store diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..04688f10 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,6 @@ +services: +- docker + +script: +- make + diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..02ba6ce3 --- /dev/null +++ b/Makefile @@ -0,0 +1,8 @@ + +RESULT := $(shell (docker run --rm -v "$(PWD):/workdir" tmaier/hunspell -u3 -d en_US -p our_dict admin_guide/access_control/*.adoc)) + +test: + @echo "$(RESULT)" + @if [ "$(RESULT)" != "" ]; then\ + exit 1;\ + fi diff --git a/admin_guide/access_control/access_control.adoc b/admin_guide/access_control/access_control.adoc index 58424eaf..a83fb1cc 100644 --- a/admin_guide/access_control/access_control.adoc +++ b/admin_guide/access_control/access_control.adoc @@ -6,5 +6,5 @@ Prisma Cloud provides broad enterprise identity support, integrating with Active Define accounts and IAM roles to integrate with your cloud providers in one place and reuse them across the product. Pluggable cryptography allows you to bring your own certificates, not just for TLS, but also for smart card authentication to Console. -Prisma Cloud ships with prebuilt roles to provide least privilege access to your devops and security teams. +Prisma Cloud ships with prebuilt roles to provide least privilege access to your DevOps and security teams. Use Assigned Collections to precisely control what data teams can view or use built-in multi-tenancy to securely isolate entire business units or geographies within the same Console. diff --git a/admin_guide/access_control/access_keys.adoc b/admin_guide/access_control/access_keys.adoc index 6ef17ac0..194e2505 100644 --- a/admin_guide/access_control/access_keys.adoc +++ b/admin_guide/access_control/access_keys.adoc @@ -87,7 +87,7 @@ This role will be assigned to your service account. . (Optional) Allow your service account to authenticate directly with Prisma Cloud. + -If you've integrated Prisma Cloud with a directory service, creating a new user in your underlying auth provider can be tedious in some enterprise environments. +If you have integrated Prisma Cloud with a directory service, creating a new user in your underlying auth provider can be tedious in some enterprise environments. Prisma Cloud lets select users authenticate directly with Prisma Cloud using their email and a password that's registered separately after the user account is created. .. In Prisma Cloud, go to *Settings > SSO*. diff --git a/admin_guide/access_control/integrate_saml.adoc b/admin_guide/access_control/integrate_saml.adoc index 7edd5291..930112e3 100644 --- a/admin_guide/access_control/integrate_saml.adoc +++ b/admin_guide/access_control/integrate_saml.adoc @@ -76,7 +76,7 @@ image::integrate_saml_610136.png[width=600] .. In the *Single Sign On URL* field, enter *\https://:8083/api/v1/authenticate*. + -Note that if you've changed the default port you use for the HTTPS listener, you'd need to adjust the URL here accordingly. +Note that if you have changed the default port you use for the HTTPS listener, you'd need to adjust the URL here accordingly. Additionally, this URL must be visible from the Okta environment, so if you're in a virtual network or behind a load balancer, it must be configured to forward traffic to this port and it's address is what should be used here. .. Select *Use this for Recipient URL and Destination URL*. diff --git a/admin_guide/access_control/open_policy_agent.adoc b/admin_guide/access_control/open_policy_agent.adoc index 42ba86c5..ae37de97 100644 --- a/admin_guide/access_control/open_policy_agent.adoc +++ b/admin_guide/access_control/open_policy_agent.adoc @@ -87,7 +87,7 @@ For Kubernetes v1.16 or later, copy the v1.16 template from <<_templates,here>>. . Create the webhook configuration object. + -After creating the object, the Kubenetest API server directs AdmissionReview requests to Defender. +After creating the object, the Kubernetes API server directs AdmissionReview requests to Defender. $ kubectl apply -f webhook.yaml diff --git a/our_dict b/our_dict new file mode 100644 index 00000000..7a0e1223 --- /dev/null +++ b/our_dict @@ -0,0 +1,957 @@ +1a +4cba +5c770dca5feaa30001e9a3d8 +5cb138ec3fb74710869425df +7.4p1 +10m +15s +100M +256-bit +521-bit +_ +_Before +_You +AAD +aad +AccessReport +ACI +ack +ACL-based +ACLs +acme-dev +ACS +activeDefenders +add-scc-to-user +addressers +ADFS +adfs +adm +Admin +admin +Admins +admins +admissionregistration +AdmissionReview +admissionReviewVersions +adoc +AF_SOCKET +aG +air-gapped +AKS +aks +AllAPIActionsOnBooks +amd64 +ANDs +Ansible +antivirus +api +api-group +api-resources +api.aporeto.io +apiauthorizationpolicies +APIAuthorizationPolicy +apiauthorizationpolicy +APICheck +apiGroups +APIProxy +apiproxy +APIs +apiserver +apiServerArguments +APIVersion +apiVersion +apiVersions +Apobar +apoctl +APOCTL_API +APOCTL_NAMESPACE +Aporeto +aporeto +aporeto-crds +aporeto-operator +aporeto-operator-team-b +aporeto-operators +aporeto.io +aporeto.list +Aporeto.repo +app +AppArmor +appcred +AppCredential +appcredentials +appcreds +appID +applyPolicyMode +apps +aqsa +aqtaylor +aren +arn +ARNs +ASLR +aspx +associatedTags +attackTools +auditd +AuditProfile +AuditProfileMappingPolicy +auditprofilemappingpolicy +auditregistration +AuditReport +AuditSingle +AuditSink +auditsink +AuhorizationEndpoint +Auth0 +auth +auth0 +auth.log +Authn +Authorization_Endpoint +authorizer +Authy +autocomplete +autocompletion +autodiscover +autogenerated +Automations +automations +AutomationTemplate +aws +aws-ebs +AWS_IAM_ROLE +AWSAccount +AWSSecurityHubFullAccess +AWSSecurityToken +awssecuritytoken +backend +backends +Base64 +base64 +base64-encoded +baseurl +bash_profile +BatchGetItem +Bitcoin +bolded +boolean +booleans +busybox +butterbean +CA +caBundle +cantordemo +CAs +cd629cb5-2826-4126-82fd-3f2df5f5bc7 +CentOS +centos +central1 +central-usa +centralus +cerberus +cfg +CFS +ChangePassword +checkbox +CHILD_NAMESPACE +chmod +chrony +CIDRs +CIS +cis +ClaimMapping +claims_supported +ClaimsSupported +ClauseMatch +cli +clientConfig +clob +CLOUD_ID_TAG +CloudTrail +cloudtrail +CloudWatch +cloudwatch +cmd +CN +cn +CNAF +CNNF +CNs +CollectionID +collectionID +config +configs +conntrack +consoleaddr +ContainerCompliance +containerCompliance +containerd +containerPort +ContainerRuntime +ContextID +copytruncate +CoreOS +CounterReport +cpe +cray +CRD +crd +CRDs +CRI-O +cron +crypto +CSPM +CSV +cto +CVE +cve +cvss +CWPP +DaemonSet +daemonset +darwin +datapath +DataPathCertificate +datastream +Datastreams +dc +DDoS +debian +DeleteTable +Demisto +demisto +DEP +DependencyMap +depmaps +DescribeAlarms +DescribeCluster +DescribeClusters +DescribeConfigurationRecorders +DescribeConfigurationRecorderStatus +DescribeMetricFilters +DescribeRepositories +DescribeTrails +deselect +dev +DevHostA +DevOps +devs +DevSecOps +didn +diff +diffs +dima +dimastopel +directoryTraversal +disable-aporeto-ctrls +disallowedFile +DistroIndependent +DN +dnf +dns +DNSLookupReport +Docker +docker-ce +Dockerfile +doesn +dpkg +ds +DSS +dst +dvwa +DynamicAuditing +DynamoDB +dynamoDB +dynamodb +e.g. +ec2 +ec2-namespace-map +ECDSA +ecr +ECS +ecs +ef +EKS +eks +Elasticsearch +ELBs +endif +EndpointID +ENFORCER_ID_TAG +enforcerconfig +enforcerd +enforcerd-initd +enforcerd-sshplugin +enforcerd.conf +enforcerd.creds +enforcerd.service +ENFORCERD_API +ENFORCERD_APPCREDS +ENFORCERD_COMPRESSED_TAGS +ENFORCERD_NAMESPACE +ENFORCERD_PERSIST_CREDENTIALS +ENFORCERD_TOKEN +enforcerlog +enforcerlogs +EnforcerProfile +EnforcerProfileMappingPolicy +EnforcerReport +EnforcerTraceReport +enum +ENV +env +eq +eval +EventLog +exe +exfiltration +ExternalNetwork +externalnetwork +failover +failurePolicy +fi +Fibre +FileAccessPolicy +FileAccessReport +FilePath +filesystem +finalizers +FlowReport +FQDN +fqdn +FQDNs +frag +FreeBSD +fsSL +fsType +Fxq +gaia +Gauge +Gauges +gce-pd +gcloud +gcp +gcp-namespace-map +GCPIdentityToken +gcpidentitytoken +gcr +gcss +GDM +GDPR +GenerateCredentialReport +georedundancy +GetAccountPasswordPolicy +GetAccountSummary +GetBucketAcl +GetBucketLocation +GetBucketLogging +GetBucketPolicy +GetCredentialReport +GetEventSelectors +GetItem +GetKeyRotationStatus +GetObject +GetPolicyVersion +GetTrailStatus +GitHub +GitLab +gitlab +GKE +gke +glibc +global.integrations.slack.channel +global.integrations.slack.webhook +global.integrations.smtp.pass +global.integrations.smtp.receivers.monitor +global.integrations.smtp.server +global.integrations.smtp.systemEmail +global.integrations.smtp.user +Gogole +Golang +google +gp2 +gpgcheck +gpgkey +Grafana +GraphEdge +GraphGroup +GraphNode +GraphPolicyInfo +grep +group1 +group2 +group3 +GroupA +GroupB +gRPC +gz +hardcode +hfs +highwind +hijackedProcess +HIPAA +HookPolicy +host1 +hostname +HostService +HostServiceMappingPolicy +href +http +httpd +HTTPResourceSpec +https +i-0def01b1b215bbd1 +i-deadbeef12345 +i.e. +IAM +iam +ian +iat +ibm +id_token_signing_alg_values_supported +Idempotency +idempotency +IDP +IdP +IdPs +IDTokenSigningAlgValuesSupported +ifdef +ifndef +imagename1 +imagename2 +imjournalRatelimitBurst +imjournalRatelimitInterval +ImportReference +ImportRequest +IncomingTraffic +InfluxDB +influxdb +InfluxQL +informationLeak +infoslack +InfrastructurePolicy +init.d +InstalledApp +instanceid +instancename +IntermediateCA +ints +InvoiceRecord +io +iOS +IP +ip +IPADDR +IPInfo +IPs +IPsum +iptables +iSCSI +isn +IsolationProfile +iss +IssuingCA1 +IssuingCA2 +Istio +istio +itay +jdong +jira +journald +jpath +jq +js +JSON +json +JSON-encoded +JWKS +JWKS_URI +JWT-based +JWTCertificates +JWTCertificateType +JWTs +k8s +k8s.aporeto.io +Katacoda +key1 +key2 +KeyString +Kibana +kms +koko +kube +kube-apiserver +kubeadm +kubeapiserver +kubeconfig +kubectl +kubelet +Kubernetes +kubernetes +kubernetes-api +kubernetes-api-example +kubernetes.io +LastPass +LDAP +ldap +LDAPProvider +LDAPS +ldaps +ldapsearch +ldd +leveloffset +libc +linux +ListAliases +ListAllMyBuckets +ListAttachedUserPolicies +ListClusters +ListContainerInstances +ListEntitiesForPolicy +ListFunctions +ListKeys +ListPolicies +ListSubscriptions +ListSubscriptionsByTopic +ListUserPolicies +ListUsers +LoadBalancer +localhost +logon +logsEnabled +loopback +lsb_release +lzo2 +m4.2xlarge +m4.xlarge +m5.8xlarge +macOS +malformedRequest +malware +matchPolicy +MaxMessageSize +MD5 +md5 +md6GgsAZz58xseExGoIEyKqhS0Xu5lsi +MessagePack +metadata +mgmt +microservice +Microservices +microservices +midgard +Midguard +minSeverity +misconfigure +misconfigured +misconfiguring +missingok +mkdir +Mongo +MongoDB +mongodb +mountOptions +MpCmdRun +msg +multicast +multipart +myChecklist +mycompany +myinstance +myproject +MYSQL +n1-standard-4 +n1-standard-8 +n1-standard-32 +nameid +namespace +Namespaced +namespacemappingpolicies +NamespaceMappingPolicy +namespaces +NamespaceSelector +namespaceSelector +Netfilter +NetworkAccessPolicy +networkaccesspolicy +NfQueue +nginx +nip.io +NIST +NodePort +nodist +NoneOnDryRun +notifempty +ntp +OAuth +OAuth2 +OAUTHInfo +OAUTHKey +oc +oci +OIDC +oidc +OIDC-based +OIDC-compliant +OIDCProvider +Okta +onboarded +one-time +Onebox +online +OPA +OpenBSD +OpenID +OpenLDAP +OpenSCAP +openscap +OpenShift +openshift +OpenSSH +openssl +OpenStack +OpenSuSE +operationalize +operationalizes +operationalizing +OperatorHub +ORs +oscap +otp +OU +P50 +PacketReport +PagerDuty +pagerduty +param +params +PASS01 +PASS02 +PASSWD +PasswordReset +PCI +pd-ssd +PEM +pem +PEM-encoded +pid +PingFederate +PKI-based +PKIXName +plugin +plugins +png +PolicyGraph +PolicyRefresh +PolicyRenderer +PolicyRule +Postgres +postprocessing +PowerShell +pre-created +pre-existing +pre-install +prebuilt +preinstall +prepended +preprocessing +prewritten +Prisma +prisma +priv +ProcessingUnit +processingunit +ProcessingUnitPolicy +ProcessingUnitRefresh +processingunits +ProcessingUnitService +ProgramFiles +programmatically +projectid +projectnumber +Prometheus +prometheus +proxied +ps +pseudoterminal +pu +publicApplicationPort +python3 +qps +Quickstart +quickstart +QuotaCheck +QuotaPolicy +RabbitMQ +RateLimitBurst +RateLimitInterval +RBAC +rbac +RbacConfig +readme +rebalance +reCAPTCHA +RecipeOptions +reclaimPolicy +RedHat +redhat +Redis +Regex +Rego +releasever +RemoteProcessor +removedefinitions +RenderedPolicy +RenderTemplate +ReplicaSet +repo +repo_gpgcheck +repos +reprovision +RequestBin +requestee +resize +resourcetype +ResponseComplete +ResponseTypesSupported +RESTful +Rexray +RFC-7518 +RHEL +rolename +rolesessionname +RootCA +routable +rsyslog +runtime +runtimes +rw +s3 +SaaS +SamAccountName +sAMAccountName +samAccountName +SAML +saml +SAML2 +SAMLProvider +sandboxed +SandboxKey +scanTime +SCAP +scap +SCC +scc +ScopesSupported +screenshot +sds +searchable +secretv1 +secteam +securityContext +SerialNumber +serverless +ServiceAccount +ServiceDependency +ServiceToken +serviceViolation +set_value +sha256 +sharded +sharding +shellshock +shortlived +sideEffects +SIEM +signup +SKU +SMTPS +sns +sources.list.d +spamminess +specificities +SPIFFE +spyware +SQL +SQLi +sqli +src +SSHAuthorizationPolicy +sshauthorizationpolicy +SSHD +sshd +SSHIdentity +sSL +SSO +Stackdriver +StartInstances +startswith +stateful +StatefulSet +StatsInfo +StatsQuery +statsquery +stdout +step1 +step2 +step3 +step5 +step6 +step7 +step8 +step9 +step10 +step11 +step12 +step13 +StopLogging +storage.k8s.io +StorageClass +storageclass.kubernetes.io +sts +su +subcommand +SubjectTypesSupported +subnet +subnets +Sudo +sudo +SuggestedPolicy +svc +synack +sys +sysadmin +syscalls +Syslog +syslog +syslogs +systemctl +systemd +tag5 +tag7 +TagValue +tcp +templated +templating +tenantid +testsyscalls5 +ThinkPad +timeoutSeconds +TimeSeriesQueryResults +TimeSeriesRow +Timestamp +timestamp +TLS +tls +TLSType +tlsverify +TODO +TokenEndpointAuthMethodsSupported +tokenGroups +TokenScopePolicy +totalDefenders +TraceMode +TraceRecord +TrustedCA +TW +tw +Twistcli +twistcli +Twistlock +twistlock +txt +Ubuntu +ubuntu +udp +UI +uid +UIParameter +UIParameterVisibility +UIStep +unaryOp +uncomment +unencrypted +uninstallation +unlogged +unsupportedConfigOverrides +UpdateTrail +UPN +upn +UPNs +URIs +url +urllib3 +us-central1-a +us-central1-c +USER01 +USER02 +UserAccessPolicy +useraccesspolicy +userid +userland +usermod +username +usernames +userPrincipalName +usr +UTC +util +utils +v1 +v1alpha1 +v1beta +v1beta1 +v2 +v8 +ValidateUIParameter +ValidatingWebhookConfiguration +ValidatingWebookConfiguration +vCPU +vCPUs +ve +vince +violationsExceeded +VisualEditor0 +VisualEditor1 +VM +vm +VMs +vuln +weaveworksdemos +Webhook +webhook +webhooks +websocket +weren +whitelist +whitelisted +whitelisting +whoami +wildcard +Wildcards +wildcards +wistlock +wordpress +WORKDIR +workflow +workflows +ws +x509 +X.509 +xfs +xip.io +xml +xref +XSOAR +xsoar +xss +xvf +xxhash +yaml +yml +yona +yonath +YourGroup +yum-config-manager +yum.repos.d +yy \ No newline at end of file