Prisma Cloud Discussions

Deployment of AWS SecurityHub and PrismaCloud

I'm a new Prisma Cloud user and I'm here to ask for help. I have AWS Security Hub with all the rules allowed forwarding logs to Prisma Cloud, but I cannot validate that the logs are being forwarded correctly to Prisma Cloud.
Even using the alerts sess

Where can I browse the Prisma Cloud Compute Alerts? Why are Alerts generated by CVEs failing Alert provider AWSSecurityHub?

I have configured Prisma CloudCompute Console/Manage/Alerts/Manage/Alert providers/AWSSecurityHub.

When I <Send Test Alert>, the console reports success and the status of that integration is green, "Connected".

I have also configured Registry scans

Automate Newly created cloud account in Prisma cloud

Hi,

Can anyone direct me to a document or script that can be used to automate account onboarding whenever a new AWS account is created in the organisation. I have this on github but the seems to be the entire process of onboarding Prisma cloud;

https:/

Prisma Cloud Support for - AWS IDP OIDC

We need to be able to inventory, search, and create policies related to OIDC type IDPs within AWS. AWS supports via CLI with the use of: list-open-id-connect-providers

https://docs.aws.amazon.com/cli/latest/reference/iam/list-open-id-connect-providers

How to write RQL to check the log activity/operations with respect any host name of the resource??

Is there a way to write RQL to check the traffic towards that resource/to know the operations/activity details with respect to particular resource host name?In the circumstances where we are not aware of the cloud type??and if can't atleast with clou

RQL AWS Failed Login attempts > 5

Hello team.

I can look for an event to see failed login attempts with;

event where operation = 'ConsoleLogin' and json.rule = $.responseElements.ConsoleLogin != 'Success'

Is there a way to count these (like we see in config with 'as X; count(X) greater

What is the reason for the RQL filter of the RDS Multi-AZ disabled Policy?

Policy Name : AWS RDS instance with Multi-Availability Zone disabled.

Policy Mode : Prisma Cloud Default

RQL : config where cloud.type = 'aws' AND api.name = 'aws-rds-describe-db-instances' AND json.rule = '(engine does not contain aurora and engine do

Prisma Cloud able to check passwords on servers?

Is it possible with Prisma Cloud to check that passwords (e.g. Linux root, Windows local administrator) are unique on each server hosted in AWS, Azure, etc.?

How to write RQL to list out the cloud account & account group details with the below query

Hi Friends,

I wanted to look out the traffic where FTP/SSH port enabled from an internet/suspicious IP's to internal network.With the below query i am able to see the connection details.

network where dest.port IN ( 21,22 ) AND source.publicnetwork I

Retrieving and Creating Alert rules via API

- Api call add alert rule: 

I want to create alert rules via API for the CSPM. Are there any examples for this? It's not clear to me how to populate: 

alertRuleNotificationConfig

 https://prisma.pan.dev/api/cloud/cspm/alert-rules#operation/add-aler

Runtime custom rules

Hi team,

Does any one know if you can create custom rule policy by app?, I tried by process name and parent process but I still see alerts despite I created and add ignored action. so I want to know if I could apply this ignored action to every pro

Free Prisma Cloud training!

Hello to all on the youtube channel for the live community there is a free training. You can also request a trial license for 30 days for the Prisma Cloud and schedule a workshop if want to play with the technology a little more:

https://www.youtub

Prisma Cloud - Cloned Policy not saving updated Query.

I'm attempting to clone a default Azure policy for overly permissive NSG's.  The cloned policy is essentially the same with additional RQL at the end to only alert on NSG's that do not have a certain tag value.   We've verified the RQL works, we've r