This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Start a conversation

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 5010 Views
  • 1 replies
  • 1 Likes

Prisma Cloud RQL join operator

Hello, I would like to gain a clearer understanding of how the join operator functions within RQL. Below is an example query I am currently working with: Full Query: config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*].value does not start with "prismacloud" AND tags[*].value doe...

Intelligence Stream 504 Error, PCC v.33

I have two Prisma Cloud Compute instances which have their intelligence streams updated via the twistcli (v31).31.03.103 - updates with no issues whatsoever. 33.00.169 - stopped accepting updates a few days ago with a 504 gateway error. As a test, I have tried: Setting 33.00.169 to get updates from 31.03.103 server, but I get the same 504 gatewa...

cmpatterson_0-1776361283059.png

Automatic report on base image vulnerabilities

In Prisma Cloud (SaaS version), under Runtime Security > Defend > Vulnerabilities > Base Images, I have defined base images, and I can also search for them under Monitor > Vulnerabilities > Registries I need a weekly report on the vulnerabilities detected in these base images. How can I automate this so that a CSV file is automati...

P.Tomala by L0 Member
  • 678 Views
  • 2 replies
  • 0 Likes

Prisma Cloud RQL json.rule options

Hello,Is it possible to use an array or list of values when comparing few values for a json.rule within an RQL? For example, in the following RQL, can we combine the "tags[*].key" comparison values to a list of items (such as something like 'does not contain ["PatchGroup", "Patch Group", "patch-window", "prismacloud-scan"]') rather than ha...

Regarding impoper tagging of node-tar vulnerability with alpine-tar package when using prisma scan tool

Below are docker file instruction FROM docker.io/library/alpine:latest RUN apk update && apk add --no-cache tar With this only tar package is being installed within image. But during scan of same image with Prisma security scan tool, it is incorrectly mapping same with "https://nvd.nist.gov/vuln/detail/CVE-2018-20834" having node-tar v...

registro Agentless

tenemos implementado prisma cloud y durante el proceso de implementación nos indicaron que se requería una MV donde se guardarían los registro diario de Agentless, la MV la tenemos funcional, sin embargo no sabemos como identificar si se guardan los reportes en la MV y en que momento lo hace.

obravo by L0 Member
  • 3206 Views
  • 1 replies
  • 0 Likes

Prisma cloud API access key permissions

Hi I have aquestion for Prisma cloud's API access key. Quoted from docs, when generating access key, it's tied to current login user's Role. https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-access-keys I tried some test to see if it works. I made a role that do not have access to view, update, delete a...

ssublue by L0 Member
  • 4526 Views
  • 2 replies
  • 0 Likes

Twistlock CDX SBOM generation - components > scope field

Hi I am interesting in the SBOMs that Twistlock generates using the CDX Specification Specifically in relation to the components > scope field The values for scope are: Required - the default Optional Excluded - where the package exists in the product (Image/Container), but is not used by the product. Does or can Twistlock generate ...

nzw19lh by L0 Member
  • 928 Views
  • 0 replies
  • 0 Likes

Unable to Access Prisma Cloud DSPM (Data Security) APIs – 403 Forbidden Error

I am encountering a 403 Forbidden error when trying to access Prisma Cloud Data Security (DSPM) APIs, such as:POST https://api.ind.prismacloud.io/dlp/api/v1/inventory/objects/aggregateHowever, I am able to successfully access CSPM APIs (for example, /compliance/standards). DSPM is enabled on my tenant, and I have checked by assigning a custom ...

N.Modi by L1 Bithead
  • 5107 Views
  • 4 replies
  • 0 Likes

Can Prisma Cloud Defender attempt to connect to ports?

I understood that Prisma Cloud Defender does not directly attempt to connect to ports or perform scans, but it seems to have executed the curl -X OPTIONS http://localhost:8355 command on the tomcat shutdown port. Since such a command was executed, there are daily logs of it being blocked by the tomcat shutdown port. Please tell me the reason why...

Prisma Cloud Runtime and Cloud Security Integration to Microsoft Sentinel

I am trying to integrate Palo Prisma Runtime Security and Cloud Security with all the alerts to Microsoft Sentinel Try1: Palo Alto Prisma Cloud CWPP (using REST API) - This is the data connector available from Microsoft, status is Connected but no data received although there are new alerts in Palo Prisma. Can advise what configuration is requ...

RQL Query Works in Investigate > Search but Fails in Policy Definition (Terraform v1.5.7 Example Included)

Hi Community, I’m facing an issue where RQL queries that work perfectly in the Investigate > Search console do not work when used in policy definitions via Terraform (v1.5.7). For example: Query that works in Investigate > Search: config from cloud.resource where api.name = 'aws-ec2-describe-internet-gateways' as X; config from cloud.resou...

Prisma Cloud – What happens to existing Azure subscriptions if I remove a Tenant account?

HI, I’m currently onboarding Azure cloud accounts into Prisma Cloud Enterprise and I’d like some clarification before I make a change in production.Initially, I onboarded several subscriptions individually (scope = Subscription), later I mistakenly onboarded the entire Tenant (scope = Tenant) instead of a single subscription.Now, in the Cloud Ac...

Add labels to twistcli scan results

We're currently running scans on our containers in our Jenkins CI/CD pipelines, running twistcli on the command line. When we view the scan results for these images on the Prisma Cloud site (Monitor > Vulnerabilities > Images > CI or Monitor > Compliance > Images > CI.), the "Labels" tab of the scan result shows things like JO...

  • 476 Posts
  • 61 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks