This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Start a conversation

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 5003 Views
  • 1 replies
  • 1 Likes

Where can I browse the Prisma Cloud Compute Alerts? Why are Alerts generated by CVEs failing Alert provider AWSSecurityHub?

I have configured Prisma CloudCompute Console/Manage/Alerts/Manage/Alert providers/AWSSecurityHub. When I <Send Test Alert>, the console reports success and the status of that integration is green, "Connected". I have also configured Registry scans and pushed images with CVEs. Overnight the registries were scanned and I can see the image...

TommyHunt by L3 Networker
  • 3506 Views
  • 1 replies
  • 1 Likes

Automate Newly created cloud account in Prisma cloud

Hi,Can anyone direct me to a document or script that can be used to automate account onboarding whenever a new AWS account is created in the organisation. I have this on github but the seems to be the entire process of onboarding Prisma cloud;https://github.com/PaloAltoNetworks/PrismaCFNOnboarding

Prisma Cloud Support for - AWS IDP OIDC

We need to be able to inventory, search, and create policies related to OIDC type IDPs within AWS. AWS supports via CLI with the use of: list-open-id-connect-providershttps://docs.aws.amazon.com/cli/latest/reference/iam/list-open-id-connect-providers.htmlIf there's a way to list all OIDC providers in all AWS accounts, please share which investig...

lloydc by L0 Member
  • 3780 Views
  • 1 replies
  • 0 Likes

How to write RQL to check the log activity/operations with respect any host name of the resource??

Is there a way to write RQL to check the traffic towards that resource/to know the operations/activity details with respect to particular resource host name?In the circumstances where we are not aware of the cloud type??and if can't atleast with cloud type details? Ex:-event where ip in (x.x.x.x) similar to this can we give with respect to res...

Resolved! Prisma Cloud Data Security - Malware Wildfire

I have a doubt about the Prisma Cloud data security module. The integration only supports monitor mode, but when a file with malware is found in a bucket, and the wildfire gives the malware verdict, is the file blocked or only notified that the file is infected?

RQL AWS Failed Login attempts > 5

Hello team.I can look for an event to see failed login attempts with;event where operation = 'ConsoleLogin' and json.rule = $.responseElements.ConsoleLogin != 'Success' Is there a way to count these (like we see in config with 'as X; count(X) greater than 5'). I want an alert which shows when the number of failed login attempts exceeds 5. Thank ...

MPestell by L2 Linker
  • 4044 Views
  • 2 replies
  • 0 Likes

What is the reason for the RQL filter of the RDS Multi-AZ disabled Policy?

Policy Name : AWS RDS instance with Multi-Availability Zone disabled.Policy Mode : Prisma Cloud DefaultRQL : config where cloud.type = 'aws' AND api.name = 'aws-rds-describe-db-instances' AND json.rule = '(engine does not contain aurora and engine does not contain sqlserver and engine does not contain docdb) and (multiAZ is false or multiAZ does...

KRyu by L1 Bithead
  • 3581 Views
  • 1 replies
  • 0 Likes

How to write RQL to list out the cloud account & account group details with the below query

Hi Friends, I wanted to look out the traffic where FTP/SSH port enabled from an internet/suspicious IP's to internal network.With the below query i am able to see the connection details. network where dest.port IN ( 21,22 ) AND source.publicnetwork IN ( 'Internet IPs' ) AND traffic.type IN ( 'ACCEPTED' ) But along with these i wanted to export t...

Resolved! Compute-Collections: How do I create a collection for a specific Docker LABEL's key-value pair?

Regarding https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-01/prisma-cloud-compute-edition-admin/configure/collections I want to specify a collection of images that have been labeled in the Dockerfile with "LABEL Environment=Development". However, the docker API returns labels in JSON format. Using the string wild cards, its easy to imag...

TommyHunt by L3 Networker
  • 3366 Views
  • 2 replies
  • 0 Likes

Retrieving and Creating Alert rules via API

- Api call add alert rule: I want to create alert rules via API for the CSPM. Are there any examples for this? It's not clear to me how to populate: alertRuleNotificationConfig https://prisma.pan.dev/api/cloud/cspm/alert-rules#operation/add-alert-rule POST https://{{api-endpoint}}/v2/alert/rule >> 405 Can we post events on this API e...

Yifan by L0 Member
  • 4368 Views
  • 2 replies
  • 0 Likes

Runtime custom rules

Hi team, Does any one know if you can create custom rule policy by app?, I tried by process name and parent process but I still see alerts despite I created and add ignored action. so I want to know if I could apply this ignored action to every process comes from one app.

Free Prisma Cloud training!

Hello to all on the youtube channel for the live community there is a free training. You can also request a trial license for 30 days for the Prisma Cloud and schedule a workshop if want to play with the technology a little more: https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVt9QjK3ARzQUSL0vU6fXno About registering to a Palo Alto free ...

Prisma Cloud - Cloned Policy not saving updated Query.

I'm attempting to clone a default Azure policy for overly permissive NSG's. The cloned policy is essentially the same with additional RQL at the end to only alert on NSG's that do not have a certain tag value. We've verified the RQL works, we've remove the auto-remediation capability. The modified Query will not save. I've looked in the do...

  • 476 Posts
  • 61 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks