Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Discussions

Resolved! Not able to access API with token

I have Access Key and Secret Key, with the help of these we are getting Token and we are trying to use this Token to access list of cloud account (https://api.prismacloud.io/cloud) from the API Docs (api.docs.prismacloud.io/v4.2.1/reference) and from

...

Resolved! Redlock Query to get unauthorized operation details

I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert.

 

I am referring to the mentioned article : ( Example: Authorization Failures )

I

...

APaul by L0 Member
  • 4752 Views
  • 3 replies
  • 0 Likes

Resolved! RDS Snapshot information not showing

Hi everyone.

We see occurances where we have RDS Snapshots showing in AWS console. 

I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.

If I then run a very general investigate query of config where cloud.

...

MPestell by L2 Linker
  • 4520 Views
  • 2 replies
  • 0 Likes

Resolved! How to check for EC2 Instances with non allowed AMIs

Hi,

  I want to write a query to list EC2 instances with unapproved AMIs. In order to write the query i need to store approved AMIs list some where in Prisma.

    Q1. Where and How  to store List of AMIs ?

    Q2. How to use that list in query.

 

Thanks
Sa

...

SAziz by L1 Bithead
  • 3456 Views
  • 1 replies
  • 0 Likes

Resolved! Need RQL to exclude NAT Gateway in alerts

I’m looking at some rules that detect traffic on ports and it seems to flag a lot of traffic to AWS resource like the NAT gateway that we do not control.

 

Is it possible to exclude these based on the resource type? 

For example:

Remove Network - Intern

...

Resolved! Configuration Search Using Prisma Cloud API

Hi,

I'm trying to run a config search using the API. I can successfully get the JWT token and can use the token to do basic get options.

However, when trying the configuration search I get a 401 unauthorized error if I format the data as json( using he

...

Resolved! CloudWatch RQL

Hi all,

 

Relatively new with Prisma and playing with the RQL. Would anyone be able to tell me if there's a query i can run that tells me if cloudwatch is enabled within an AWS environment?

 

Report wise, I tried running something against CIS compliance

...

Resolved! Check for snapshot taken using programmatic access

I need to write a query to check for events of a snapshot taken using programmatic access :

 

event where cloud.type = 'aws' AND operation = 'CreateInstanceSnapshot' AND json.rule = $.userIdentity.type = "Consolepassword"

Till now I have tried to do thi

...

APaul by L0 Member
  • 5055 Views
  • 3 replies
  • 0 Likes

Resolved! RQL Filter Bug

I found that when I use the filter command in RQL, it requires you to assign two variables in order for the filter command to work appropriately. Even if you don’t use the other assigned variable in the filter command, the api requires the two variab

...

redlockerror.PNG
redlockerror2.PNG