Prisma Cloud On Board Error

Hi all, i'm trying to on board an AWS cloud account(i'm admin) on Prisma Cloud tenant (i'm system admin), but after successful creation of Read-only Role on AWS, with guided procedure, i get "not account owner" error (screenshot attached) Someone already encounter this error? Any idea? Thanks in advance

Error: Unable to ingest data from one or more accounts

Cloud account cannot be monitored due to missing permissions. Hit the Review button to see the current status and update settings. Error: Unable to ingest data from one or more services.

Manual Azure Onboarding Fail

HI,after carrying out all the steps reported in the official guide, Azure onboarding fails.Part of the error is as follows:Prisma Cloud application is not assigned following action(s): ["Microsoft.Logic/integrationAccounts/read", "Microsoft.Insights/actionGroups/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.RecoveryServices/V...

Data Ingestion Error

Hello Team Hope you are doing well. Prisma cloud palo Alto: I just have one query as I am getting"Unable to ingest data from one or more service,click for more details" error what could be the possibility reason. I didn't change anything to my any accounts. Thnx in advance

RQL Query to search for suspicious activity on specific S3 Bucket

We have a specific S3 bucket that we'd like to watch for events and alert on them. I've used this query: event from cloud.audit_logs where operation IN ( 'AddUserToGroup', 'AttachGroupPolicy', 'AttachGroupPolicy', 'AttachUserPolicy' , 'AttachRolePolicy' , 'CreateAccessKey', 'CreateKeyPair', 'DeleteKeyPair', 'DeleteLogGroup' ) but need to mo...

How to implement different rule in Azure DevOps CI and CD stage?

RQL query for resources outside the authorized regions

Hello Prisma Cloud users, I'm sharing with you some research I did this morning that you may find interesting. We want to detect and prevent when a resource is created in an unauthorized region. config from cloud.resource where cloud.type = 'azure' AND cloud.region NOT IN ( 'Azure France Central' , 'Azure France South' , 'Azure Germany Centr...

Database Acitivity Monitoring for Cloud

how do you deal with issues related to Database Activity Monitoring (DAM) and File Integrity Monitoring (FIM) in the cloud? Does Prisma Cloud have something related to this?

Remove deleted containers from results

Hello I have two very simple questions! 😉When I push image to registry and run the scanner the results in the UI exists but when I delete the image from registry and scan it again the result for removed container still exists. Is it possible to remove results for deleted containers? I know that they will remove themselves after 24 hours but can...

Prisma Cloud Compute Edition console installation on Fargate

Hello, I'm trying to run Prisma Cloud Compute Edition on AWS Fargate. I'm following the next guide https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/install/deploy-console/console-on-fargate everything was fine until step with the generation of Fargate Task Definition, it requires or singed repo url or...

Exception for IAM policy

Hi, We have a dev/PoC project that is testing some flows that create and delete VMs, so every week for a couple of hours we had some alerts for an IAM Policy "VM instance with data destruction permissions" when it is a permanente VM we ask to follow the recommendations. How would I be able to except the specific project from this policy or ...

AWS Marketplace でのサブスクライブ後のメール受信について

以下AWS MarketplaceでPrismaCloudをサブスクライブしました。 https://aws.amazon.com/marketplace/pp/prodview-5nfwvchajk4wi?qid=1615827921296&sr=0-8&ref_=srh_res_product_title サブスクライブ後、AWSからはサブスクライブ登録完了のメールを受信しましたが、２４時間を経過してもPrisma Cloud のテナント情報に関するメールが届いておりません。 現状有償サポートもない状態のため、こちらでお伺いするしかない状態なのですが、どちらでどのようにアプローチすればよいか、もしくは、対処法についてわかりましたら教えていただけないでしょうか。 ...

Resource Scan Info POST Fields filtering

Hello, I'm trying to use this endpoint: https://pan.dev/prisma-cloud/api/cspm/post-resource-scan-info/ WIth this payload: { "limit": 2, "timeRange": {"type": "to_now"}, "fields": ["id","name","accountId","accountName","regionId","resourceDetailsAvailable","resourceConfigJsonAvailable"] } But the results that we get contains all the fields, ...