Prisma Cloud Discussions

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

RQL Query to search for suspicious activity on specific S3 Bucket

We have a specific S3 bucket that we'd like to watch for events and alert on them. I've used this query:

event from cloud.audit_logs where operation IN ( 'AddUserToGroup', 'AttachGroupPolicy', 'AttachGroupPolicy', 'AttachUserPolicy' , 'AttachRoleP

...

Resolved! Unable to use the Prisma Cloud CSPM API to POST the Compliance Trend

Hello everyone,

I have been unable to retrieve using the Prisma Cloud CSPM API the Compliance Posture Trend using the following function.

The PowerShell function is as follows, taking into account that the $URI variable is already set to the correc

...

How to implement different rule in Azure DevOps CI and CD stage?

RQL query for resources outside the authorized regions

Hello Prisma Cloud users,

I'm sharing with you some research I did this morning that you may find interesting. We want to detect and prevent when a resource is created in an unauthorized region.

config from cloud.resource where cloud.type = 'azur...

Database Acitivity Monitoring for Cloud

how do you deal with issues related to Database Activity Monitoring (DAM) and File Integrity Monitoring (FIM) in the cloud? Does Prisma Cloud have something related to this?

Remove deleted containers from results

Hello I have two very simple questions! 

When I push image to registry and run the scanner the results in the UI exists but when I delete the image from registry and scan it again the result for removed container still exists. Is it possible to remov

...

Prisma Cloud Compute Edition console installation on Fargate

Hello,

I'm trying to run Prisma Cloud Compute Edition on AWS Fargate. I'm following the next guide https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/install/deploy-console/console-on-fargate everything was

...

Exception for IAM policy

Hi,

We have a dev/PoC project that is testing some flows that create and delete VMs, so every week for a couple of hours we had some alerts for an IAM Policy "VM instance with data destruction permissions" when it is a permanente VM we ask to follo

...

AWS Marketplace でのサブスクライブ後のメール受信について

以下AWS MarketplaceでPrismaCloudをサブスクライブしました。

https://aws.amazon.com/marketplace/pp/prodview-5nfwvchajk4wi?qid=1615827921296&sr=0-8&ref_=srh_res_product_title

サブスクライブ後、AWSからはサブスクライブ登録完了のメールを受信しましたが、２４時間を経過してもPrisma Cloud のテナント情報に関するメールが届いておりません。

現状有償サ

...

Resource Scan Info POST Fields filtering

Hello,

I'm trying to use this endpoint:

https://pan.dev/prisma-cloud/api/cspm/post-resource-scan-info/

WIth this payload:

{

"limit": 2,

"timeRange": {"type": "to_now"},

"fields": ["id","name","accountId","accountName","regionId","resourceDetailsAv

...

RQL - how to filter tags in addcolumn section

Hi, I'm looking for help with a query.

config from cloud.resource where cloud.type = 'aws' AND cloud.service = 'Amazon Elastic Load Balancing' AND json.rule = scheme equals "internet-facing" addcolumn tags

This adds a new column with all of the resou

...

RQL to identify if logging is disabled within a project in GCP

Need help with the RQL to alert when the "state": "DISABLED"

{"name": "*/logging.googleapis.com",

"state": "ENABLED",

"parent": "projects/*"

},

How to list all inventory assets via Prisma Cloud API

Hi,

Was looking for some guidance in using the Prisma Cloud API to retrieve information. I am wanting to list all inventory assets (and hopefully their detail) via the API. Basically similar to information that can viewed via the portal e.g. listing

...

Installing Prisma applicatioin for QRadar fails.

I am not sure this is the correct place to post this.

I am trying to install the Prisma Cloud QRadar ( RedLock-1.0.1 ) application in my QRadar deployment and it fails pretty quickly with "An error occured. See console logs for details." Curious if

...

Run different versions of Twistlock defender

Hi,

We are planning to upgrade our Twistlock console from 22.12.415 to 30.03.122

We have 2 environments which we would like to stagger the twistlock defender upgrade.

Is it possible to have 2 different versions of twistlock defender connecting to t

...

Prisma Cloud Discussions

Discussions

Welcome to the Prisma Cloud Discussions!

Rules and Best Practices

RQL Query to search for suspicious activity on specific S3 Bucket

Resolved! Unable to use the Prisma Cloud CSPM API to POST the Compliance Trend

How to implement different rule in Azure DevOps CI and CD stage?

RQL query for resources outside the authorized regions

Database Acitivity Monitoring for Cloud

Remove deleted containers from results

Prisma Cloud Compute Edition console installation on Fargate

Exception for IAM policy

AWS Marketplace でのサブスクライブ後のメール受信について

Resource Scan Info POST Fields filtering

RQL - how to filter tags in addcolumn section

RQL to identify if logging is disabled within a project in GCP

How to list all inventory assets via Prisma Cloud API

Installing Prisma applicatioin for QRadar fails.

Run different versions of Twistlock defender

Prisma Cloud scan GitHub action permissions

Which policies will be triggered after integrating Tenable.io

List of policies which gives alert based on VPC flow logs in Prisma Cloud for AWS, Azure, and GCP

Can we Ingest Flow logs from VNet in Azure?

Prisma Cloud Best Deployment Practice (SaaS)

Re: AWS Security Hub integration with Prisma Cloud

Re: Prisma Compliance Reports in Excel or Alert Reports that include all Compliance alerts

Unlock your full community experience!

Prisma Cloud Discussions

Rules and Best Practices

Resolved! Unable to use the Prisma Cloud CSPM API to POST the Compliance Trend