https://live.paloaltonetworks.com/t5/general-topics/unsupported-cloud-type-for-remediation/m-p/314189#M81067 <P>Given the Prisma Cloud SaaS, I am trying to create my 1st custom policy to detect and remediate overly permissive SecurityGroupIngress rules in AWS cloud.</P><P>My RQL below is valid and returns a half-dozen or so results...</P><P><FONT face="terminal,monaco">event where cloud.type = 'aws' AND cloud.account.group = 'Test' AND operation IN ('AuthorizeSecurityGroupIngress') AND json.rule = ( $.requestParameters.ipPermissions.items[*].ipRanges.items[*].cidrIp contains '0.0.0.0/0' OR $.requestParameters.ipPermissions.items[*].ipv6Ranges.items[*].cidrIpv6 contains '::/0' )</FONT></P><P>My AWS CLI remediation command looks like this...</P><P><FONT face="terminal,monaco">aws ec2 revoke-security-group-ingress --group-id ${resourceId} --region ${region} --ip-permissions '[{"IpProtocol":"${protocol}", "FromPort":${fromPort}, "ToPort":${toPort}, "Ip${ipV4/6}Ranges":[{"CidrIp${ipV4/6}":"${cidr}"}]}]'</FONT></P><P>When I push the&nbsp; "<STRONG>Validate Syntax</STRONG>" button, the system renders a dialog box, "<STRONG>Unsupported Cloud Type For Remediation</STRONG>".</P><P>&nbsp;</P><P>This policy closely resembles the Prisma Cloud Default Policy, <U>AWS Security groups allows internet traffic</U></P><P>&nbsp;</P><P>What am I doing wrong?</P> Tue, 03 Mar 2020 21:35:51 GMT TommyHunt 2020-03-03T21:35:51Z https://live.paloaltonetworks.com/t5/general-topics/unsupported-cloud-type-for-remediation/m-p/314189#M81067 <P>Given the Prisma Cloud SaaS, I am trying to create my 1st custom policy to detect and remediate overly permissive SecurityGroupIngress rules in AWS cloud.</P><P>My RQL below is valid and returns a half-dozen or so results...</P><P><FONT face="terminal,monaco">event where cloud.type = 'aws' AND cloud.account.group = 'Test' AND operation IN ('AuthorizeSecurityGroupIngress') AND json.rule = ( $.requestParameters.ipPermissions.items[*].ipRanges.items[*].cidrIp contains '0.0.0.0/0' OR $.requestParameters.ipPermissions.items[*].ipv6Ranges.items[*].cidrIpv6 contains '::/0' )</FONT></P><P>My AWS CLI remediation command looks like this...</P><P><FONT face="terminal,monaco">aws ec2 revoke-security-group-ingress --group-id ${resourceId} --region ${region} --ip-permissions '[{"IpProtocol":"${protocol}", "FromPort":${fromPort}, "ToPort":${toPort}, "Ip${ipV4/6}Ranges":[{"CidrIp${ipV4/6}":"${cidr}"}]}]'</FONT></P><P>When I push the&nbsp; "<STRONG>Validate Syntax</STRONG>" button, the system renders a dialog box, "<STRONG>Unsupported Cloud Type For Remediation</STRONG>".</P><P>&nbsp;</P><P>This policy closely resembles the Prisma Cloud Default Policy, <U>AWS Security groups allows internet traffic</U></P><P>&nbsp;</P><P>What am I doing wrong?</P> Tue, 03 Mar 2020 21:35:51 GMT https://live.paloaltonetworks.com/t5/general-topics/unsupported-cloud-type-for-remediation/m-p/314189#M81067 TommyHunt 2020-03-03T21:35:51Z https://live.paloaltonetworks.com/t5/general-topics/unsupported-cloud-type-for-remediation/m-p/328603#M83513 <P>Customers are not allowed to use the parameters that the "out-of-the-box" remediation uses.</P> Mon, 18 May 2020 20:22:42 GMT https://live.paloaltonetworks.com/t5/general-topics/unsupported-cloud-type-for-remediation/m-p/328603#M83513 TommyHunt 2020-05-18T20:22:42Z