This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Start a conversation

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 5002 Views
  • 1 replies
  • 1 Likes

Prevent Prisma Access Key Secrets from being pushed into github

So, we want to prevent developers from pushing Prisma Access Keys' secrets into source-code repository. A push to a branch would trigger, git-secrets to evaluate a list of regex that detect known secrets. So, how to identify a Prisma Access Key Secret? This what I've observed thus far. 28 characters in length always ends with = the 1st 27 chara...

TommyHunt by L3 Networker
  • 2122 Views
  • 1 replies
  • 0 Likes

Resolved! CWPP SSL Certificate, self-signed or chain

Given that I am programming a custom https client When I invoke CWPP APIs over https Then I encounter SSLErrors [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain Where can I get a .pem or .crt file containing the CWPP certificates that I should trust? Although I found this resource in the...

TommyHunt by L3 Networker
  • 6590 Views
  • 5 replies
  • 0 Likes

Resolved! Mandatory Request Headers for Redlock API - x-redlock-auth

Hi- I'm trying to use the API with Python and am having some trouble getting authorized to obtain data using the x-redlock-auth request header. First, let me add the disclaimer that I'm no Python expert so the help is appreciated even if it seems basic. I also understand that PAN/ Redlock isn't here to teach us how to code but I'm looking for an...

Live Community - New Message - Live Community 2019-05-01 10-37-28.jpg

RQL Custom queries for AWS needed URGENTLY

I am new to RQL and I need to build custom queries quickly for compliance reporting an would appreciate if any SME can help with providing RQL queries for the below, rather than myself spending sleepless nights to re-invent the wheel when an expert somewhere would take them 5 min. Kindly assist Custom RQL queries needed for : ===================...

FKisambu by L0 Member
  • 3335 Views
  • 3 replies
  • 0 Likes

Resolved! Compute/Monitor/Runtime/App-embedded details missing?

I deployed an App-embedded container to an EKS Cluster on Fargate.I found the defended container in the console, Compute/Monitor/Runtime/App-embedded details. 1) Why can't Users with any role but System Administrator, see the events in that table? The user-roles are associated with an AccountGroup that the defended-container is a member of.2) Wh...

TommyHunt by L3 Networker
  • 3086 Views
  • 2 replies
  • 0 Likes

Resolved! twistcli app-embedded embed command format for EKS containers on Fargate?

Most of my API and twistcli commands work but I cannot get an app-embedded defender to be returned…. I have tried these two commands returns the same error… declare -x PRISMA_CLOUD_COMPUTE_CONSOLE_API_ADDR="https://us-east1.cloud.twistlock.com/us-1-XXXXXXXX" declare -x PRISMA_CLOUD_COMPUTE_SVC_ADDR="us-east1.cloud.twistlock.com" declare -x PRISM...

TommyHunt by L3 Networker
  • 3286 Views
  • 1 replies
  • 0 Likes

Resolved! Curl command to generate App Embedded Defender zip file for Deployment Type, Dockerfile

Given that I want to automate the generation of App Embedded Defender zip file And there exists a CWPP API documented here, https://prisma.pan.dev/api/cloud/cwpp/defenders#operation/post-defenders-app-embedded When I attempt to use the example command with my local Dockerfile curl -k \-H "Authorization: Bearer $token" \-H 'Content-Type: applicat...

TommyHunt by L3 Networker
  • 2854 Views
  • 1 replies
  • 0 Likes

Resolved! CWPP API Documentation or Examples on usage of query parameters search and fields

I want to see ALL of the docker labels for a scanned image so I am trying this API, https://prisma.pan.dev/api/cloud/cwpp/registry#operation/get-registry Invoking that API with query parameter name... curl -k \-u "${PRISMA_KEY_ID}:${PGE_PRISMA_SECRET}" \-H 'Content-Type: application/json' \-X GET \"${PRISMA_CLOUD_COMPUTE_CONSOLE_API_ADDR}/api/...

TommyHunt_1-1666375869052.png
TommyHunt by L3 Networker
  • 4587 Views
  • 5 replies
  • 0 Likes

Why are EKS Clusters defended with daemonsets NOT rendering in PCC/Radars/Containers?

Navigating to PCC/Radars/Containers, the console renders a single cluster. But we have many other clusters where Cloud Discovery reports the Clusters are Defended. for example... Why are neither of these two EKS Clusters that I defended with daemonsets rendering in Radars/Containers? Did I misconfigure something?

TommyHunt_0-1668614913378.png
TommyHunt_1-1668615005988.png
TommyHunt by L3 Networker
  • 2327 Views
  • 2 replies
  • 0 Likes

Agentless scanning on Google Cloud platform

Hi All, Hope you are doing well. Anyone using Agentless scanning for their GCP env? I have a GCP environment with some restrictions ie org policies applied for skip default network creation, external IPs not allowed (but exempted for test project). the service account has appropriate permission (Permissions by feature (paloaltonetworks.com) fo...

ASachan1 by L1 Bithead
  • 2442 Views
  • 2 replies
  • 0 Likes

Unable to get container defender to detect denied IP address on host

For some reason I am unable to see any events being generated for denied IP addresses when running a container defender on one of our hosts. Did the following: installed a container defender on a linux host. created a host policy that targets the host where the container defender runs. Added google dns (8.8.8.8) to list of denied IP addresses...

  • 476 Posts
  • 61 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks