How do I validate resources that have 443 publicly exposed have a WAF ?

If you have an AWS EC2 instance with 443 exposed to the internet, you would get an alert but what would be a good way to validate that a particular instance has a WAF protecting it?  One thing I was thinking of would be to do a joins looking at the E

Unusual server port activity Internal Alerts Potential False Positives

I have the thresholds for Unusual Server Port Internal activity set to the most conservative settings to minimize false positives but it seems like the highest port consistently gets flagged as "unusual".  In the example below there are 15 ports labe

PRISMA CLOUD APP For QRADAR Released on 7th Oct 2020

PrismaCloud API: Resource Scan Info

Hello

We are getting resources information by the api call /resource/scan_info (POST method), but we want to get the resource.type and the cloud.service associated to the resource in the response.

In the API reference there is a field named fields wich

Is it possible to export a list of all the Kubernetes CIS benchmarks v1.4 that Prisma Cloud checks?

Hello, 

I have 5 questions, regarding the use of K8s CIS benchmarks v1.4 in Prisma Cloud, any help appreciated!!

1) Does anyone know if there is a way to export a list of all the Kubernetes CIS benchmarks v1.4 that Prisma Cloud checks? (exporting in a

Configure Github enterprise API as oauth2.0

Hello all,

I've been trying to configure github enterprise as provider on the OAUTH2.0 authentication page. For what I can experience the API URL is hardcoded to https://api.github.com/ as I can see in the logs. My question is if it's possible to con

Prisma Internet access from remote site

Hi everyone, hope you're all safe and well. My company is in the process of rolling out Palo Alto, Prisma and Global Protect worldwide. I've come across an issue that is causing me a bit of a headache. I hope someone can help.

Current setup

• Site A - 1

CSPM API changed?

It seems to be (from the content in the response) that the API of Prisma Cloud CSPM has changed. When I call 'https://api.prismacloud.io/v2/alert?timeType=relative&timeAmount=1&timeUnit=day&detailed=true' the response (according to the documentation

Requirement Id is blank when creating Compliance Requirement using POST API

While creating compliance requirement via API even though by passing Requirement Id field value but in backend Requirement Id is blank.

GitLab SCM self hosted supported?

We have a self-hosted GitLab SCM and want to scan the IaC templates with Prisma Cloud.

However, when we want to generate the webhook token following the instructions, it seems to default to gitlab.com. and also there seems to be no way of changing thi

Json Error when sending POST request to https://api.prismacloud.io/search/config

Hello, 

I am getting the below error when sending the POST request to "https://api.prismacloud.io/search/config",

Error:

RQL to unassociated/unused security group in AWS/Azure

Do you guys have any experience of using custom policies to find unused/unattached security group in any cloud environment? Would like to see and take reference. Thanks

Where do I investigate Radars/Hosts => Network/Outbound destinations?

On the Network tab for my hosts in the Radars/Hosts view, Cuba is being flagged as an outbound destination.
I'm curious how to drill down into why that's the case to determine whether this is erroneous or not.

This is on a self-hosted deployment versio

RQL query for tag-based exception

Hi,

I'm trying to help a customer filter out false-positives in the Prisma Cloud policies. For instance, we have a customised "Internet exposed instances" where they previously have white listed specific IP addresses, which is not very dynamic. Instea