This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex Cloud Discussions
Share ideas and post questions related to Cortex Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex Cloud Discussions
Share ideas and post questions related to Cortex Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Cortex Cloud Discussions
Share ideas and post questions related to Cortex Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Start a conversation

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 5038 Views
  • 1 replies
  • 1 Likes

Resolved! Not able to access API with token

I have Access Key and Secret Key, with the help of these we are getting Token and we are trying to use this Token to access list of cloud account (https://api.prismacloud.io/cloud) from the API Docs (api.docs.prismacloud.io/v4.2.1/reference) and from our tool ServiceNow but we are getting 401 (Unauthorized) response.Where are we doing wrong ?

Resolved! Redlock Query to get unauthorized operation details

I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert. I am referring to the mentioned article : ( Example: Authorization Failures )I need to capture this in cloudtrail logs:{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCo...

APaul by L0 Member
  • 5956 Views
  • 3 replies
  • 0 Likes

Resolved! RDS Snapshot information not showing

Hi everyone.We see occurances where we have RDS Snapshots showing in AWS console. I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.If I then run a very general investigate query of config where cloud.type = 'aws' and api.name='aws-rds-describe-db-snapshots' / download all results. I see all othe...

MPestell by L2 Linker
  • 5630 Views
  • 2 replies
  • 0 Likes

Resolved! How can I inform Prisma Cloud that a corporate IP range is not to be considered Public IP?

Prisma Cloud produces false positives when a corporate-owned IP space is considered part of the Internet IP range. Many companies own part of the public IP space. They connect using SSH or RDP from those spaces using VPNs or other secure means. They do not want these connections to be considered Prisma Cloud findings since they are internal conn...

DBrennan by L0 Member
  • 5235 Views
  • 1 replies
  • 0 Likes

Resolved! Need RQL to exclude NAT Gateway in alerts

I’m looking at some rules that detect traffic on ports and it seems to flag a lot of traffic to AWS resource like the NAT gateway that we do not control. Is it possible to exclude these based on the resource type? For example:Remove Network - Internet traffic over insecure port (22) Exclude Network - Internet traffic (21,23,80,443,8444,8443,22)...

Resolved! Configuration Search Using Prisma Cloud API

Hi,I'm trying to run a config search using the API. I can successfully get the JWT token and can use the token to do basic get options.However, when trying the configuration search I get a 401 unauthorized error if I format the data as json( using header1). And if I don't specify the Content-Type, then I get a 500 internal server error ( header2...

Resolved! How to use multiline aws-cli command in remediation

I am using below aws-cli command to remove/disable cloudfront distribution originprotocolssl:SSLv3aws cloudfront get-distribution-config --id E29BDBENPXM1VE | jq -c -r 'del(.DistributionConfig.Origins.Items[].CustomOriginConfig.OriginSslProtocols.Items[0])|.DistributionConfig.Origins.Items[].CustomOriginConfig.OriginSslProtocols.Quantity=3 | .Di...

Resolved! "aws-elb(v2)-describe-load-balancers" ingest API

Perhaps I missed the memo, but I did not see in the RQL documentation anywhere that the similiarly named ingest APIs as the AWS API are the same. So I was searching for for JSON structures that are not available, since the output is entirely different. Need something to note that somewhere.

Resolved! CloudWatch RQL

Hi all, Relatively new with Prisma and playing with the RQL. Would anyone be able to tell me if there's a query i can run that tells me if cloudwatch is enabled within an AWS environment? Report wise, I tried running something against CIS compliance and it's really just telling me that cloud trail is not integrated with cloud watch which doesn't...

Resolved! How can i see a list of open alerts in Red Lock for All Time

Hi, How can i see a list of open alerts for All Time? I do not want to see alerts that were open (in past) but fixed now. Here's what i am doing to see the list but not working as expected. The list shows all the alerts including alerts that were open in past but fixed now. In Alerts Tab, Select All Time and Open. Please let me know...

SAziz by L1 Bithead
  • 4207 Views
  • 1 replies
  • 0 Likes

Resolved! Check for snapshot taken using programmatic access

I need to write a query to check for events of a snapshot taken using programmatic access : event where cloud.type = 'aws' AND operation = 'CreateInstanceSnapshot' AND json.rule = $.userIdentity.type = "Consolepassword"Till now I have tried to do this, and I am pretty sure "json.rule = $.userIdentity.type = "Consolepassword" is 100% incorrect. I...

APaul by L0 Member
  • 6294 Views
  • 3 replies
  • 0 Likes

Resolved! RQL Filter Bug

I found that when I use the filter command in RQL, it requires you to assign two variables in order for the filter command to work appropriately. Even if you don’t use the other assigned variable in the filter command, the api requires the two variables to be assigned. Otherwise, a warning is returned with no output. I beleive this could be prob...

redlockerror.PNG
redlockerror2.PNG

Resolved! Has anyone succeeded at integrating Prisma cloud with Jira Cloud?

I have been trying to find how to integrate Jira Cloud with Prisma Cloud (aka Redlock). I found this guide: https://docs.paloaltonetworks.com/redlock/redlock-admin/configure-external-integrations-on-redlock/integrate-redlock-with-jira and also it says that it works for Jira Cloud too it only talks about Jira On Prem.Has anyone figured it out? Thx.

AHardy1 by L1 Bithead
  • 10807 Views
  • 6 replies
  • 0 Likes
  • 478 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks