https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/471595#M466 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/210775">@JVasquez5</a>&nbsp;</P><P>&nbsp;</P><P>I think you can use this queries :</P><P>&nbsp;</P><LI-CODE lang="markup">config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' )</LI-CODE><P>&nbsp;</P><P>You can update the <STRONG><FONT face="courier new,courier">dest.cloud.type</FONT></STRONG> with the cloud account you want to test and also add new ports in <FONT face="courier new,courier"><STRONG>protocol.ports</STRONG></FONT> parameter.</P><P>&nbsp;</P><P>I hope this helps you,</P><P>&nbsp;</P><P>Jean-Baptiste</P> Wed, 09 Mar 2022 14:10:59 GMT JJoly 2022-03-09T14:10:59Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/468704#M463 <P>Hello Everyone,&nbsp;</P><P>&nbsp;</P><P>Wanting to see if anyone has queries for each cloud provider in relation to checking for external exposure to ports such as 443, 22, 3389, etc..</P><P>&nbsp;</P><P>We would like to be able to see what ports/endpoints we have open to the world from a&nbsp;<SPAN>&nbsp;0.0.0.0/0 context.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Many thanks in advance! </SPAN></P> Fri, 25 Feb 2022 16:40:00 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/468704#M463 JVasquez5 2022-02-25T16:40:00Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/471595#M466 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/210775">@JVasquez5</a>&nbsp;</P><P>&nbsp;</P><P>I think you can use this queries :</P><P>&nbsp;</P><LI-CODE lang="markup">config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ( 'tcp/0:79', 'tcp/81:442', 'tcp/444:65535' )</LI-CODE><P>&nbsp;</P><P>You can update the <STRONG><FONT face="courier new,courier">dest.cloud.type</FONT></STRONG> with the cloud account you want to test and also add new ports in <FONT face="courier new,courier"><STRONG>protocol.ports</STRONG></FONT> parameter.</P><P>&nbsp;</P><P>I hope this helps you,</P><P>&nbsp;</P><P>Jean-Baptiste</P> Wed, 09 Mar 2022 14:10:59 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/471595#M466 JJoly 2022-03-09T14:10:59Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/508912#M527 <P><SPAN data-sheets-value="{&quot;1&quot;:2,&quot;2&quot;:&quot;Q1: Wanting to see if anyone has queries for each cloud provider in relation to checking for external exposure to ports such as 443, 22, 3389, etc..\nWe would like to be able to see what ports/endpoints we have open to the world from a 0.0.0.0/0 context. \nA1: Here is the link to the queries to review and build from there - https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples&quot;}" data-sheets-userformat="{&quot;2&quot;:264961,&quot;3&quot;:{&quot;1&quot;:0},&quot;11&quot;:4,&quot;12&quot;:0,&quot;14&quot;:{&quot;1&quot;:2,&quot;2&quot;:4359668},&quot;21&quot;:0}">Q1: Wanting to see if anyone has queries for each cloud provider in relation to checking for external exposure to ports such as 443, 22, 3389, etc..<BR />We would like to be able to see what ports/endpoints we have open to the world from a 0.0.0.0/0 context. <BR />A1: Here is the link to the queries to review and build from there - <A href="https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples" target="_blank">https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples</A></SPAN></P> Thu, 14 Jul 2022 01:34:08 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/rql-query-to-detect-external-port-exposure-across-aws-gcp-azure/m-p/508912#M527 RPrasadi 2022-07-14T01:34:08Z