RQL AWS Failed Login attempts > 5

Hello team.

I can look for an event to see failed login attempts with;

event where operation = 'ConsoleLogin' and json.rule = $.responseElements.ConsoleLogin != 'Success'

Is there a way to count these (like we see in config with 'as X; count(X) greater

What is the reason for the RQL filter of the RDS Multi-AZ disabled Policy?

Policy Name : AWS RDS instance with Multi-Availability Zone disabled.

Policy Mode : Prisma Cloud Default

RQL : config where cloud.type = 'aws' AND api.name = 'aws-rds-describe-db-instances' AND json.rule = '(engine does not contain aurora and engine do

Prisma Cloud able to check passwords on servers?

Is it possible with Prisma Cloud to check that passwords (e.g. Linux root, Windows local administrator) are unique on each server hosted in AWS, Azure, etc.?

How to write RQL to list out the cloud account & account group details with the below query

Hi Friends,

I wanted to look out the traffic where FTP/SSH port enabled from an internet/suspicious IP's to internal network.With the below query i am able to see the connection details.

network where dest.port IN ( 21,22 ) AND source.publicnetwork I

Retrieving and Creating Alert rules via API

- Api call add alert rule: 

I want to create alert rules via API for the CSPM. Are there any examples for this? It's not clear to me how to populate: 

alertRuleNotificationConfig

 https://prisma.pan.dev/api/cloud/cspm/alert-rules#operation/add-aler

Runtime custom rules

Hi team,

Does any one know if you can create custom rule policy by app?, I tried by process name and parent process but I still see alerts despite I created and add ignored action. so I want to know if I could apply this ignored action to every pro

Free Prisma Cloud training!

Hello to all on the youtube channel for the live community there is a free training. You can also request a trial license for 30 days for the Prisma Cloud and schedule a workshop if want to play with the technology a little more:

https://www.youtub

Prisma Cloud - Cloned Policy not saving updated Query.

I'm attempting to clone a default Azure policy for overly permissive NSG's.  The cloned policy is essentially the same with additional RQL at the end to only alert on NSG's that do not have a certain tag value.   We've verified the RQL works, we've r

After entering the credentials of visibility(AppDependencyMap)

/usr/local/bin/apoctl: line 1: syntax error near unexpected token `<'
/usr/local/bin/apoctl: line 1: `<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>'

Prisma Cloud DevOps Dashboard permissions

Hello,

Currently working with DevOps team to incorporate IaC into Azure DevOps Server and Azure Devops (cloud).  I've created a role for the DevOps Engineers with the ACCOUNT GROUP READ ONLY permissions.  The one problem that cropped up, the DevOps e

automatic stack updates

has anybody setup a pipeline to automatically update the AWS Cloudformation stack and stack set when new templates are available?

Automated compliance checking

We are looking to automate a check on a new resource to see if it passes our compliance policies.   As part of this automated checking we are wondering how long we should wait after a resource is created before we run the check.    Is there an estima