Resolved! Redlock Query to get unauthorized operation details

I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert.

I am referring to the mentioned article : ( Example: Authorization Failures )

I

Resolved! RDS Snapshot information not showing

Hi everyone.

We see occurances where we have RDS Snapshots showing in AWS console. 

I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.

If I then run a very general investigate query of config where cloud.

Resolved! How to check for EC2 Instances with non allowed AMIs

Hi,

  I want to write a query to list EC2 instances with unapproved AMIs. In order to write the query i need to store approved AMIs list some where in Prisma.

    Q1. Where and How  to store List of AMIs ?

    Q2. How to use that list in query.

Thanks
Sa

Resolved! How can I inform Prisma Cloud that a corporate IP range is not to be considered Public IP?

Prisma Cloud produces false positives when a corporate-owned IP space is considered part of the Internet IP range. Many companies own part of the public IP space. They connect using SSH or RDP from those spaces using VPNs or other secure means. They

Resolved! Need RQL to exclude NAT Gateway in alerts

I’m looking at some rules that detect traffic on ports and it seems to flag a lot of traffic to AWS resource like the NAT gateway that we do not control.

Is it possible to exclude these based on the resource type? 

For example:

Remove Network - Intern