Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Resolved! Need RQL to exclude NAT Gateway in alerts

I’m looking at some rules that detect traffic on ports and it seems to flag a lot of traffic to AWS resource like the NAT gateway that we do not control.

 

Is it possible to exclude these based on the resource type? 

For example:

Remove Network - Intern

...

Resolved! Configuration Search Using Prisma Cloud API

Hi,

I'm trying to run a config search using the API. I can successfully get the JWT token and can use the token to do basic get options.

However, when trying the configuration search I get a 401 unauthorized error if I format the data as json( using he

...

Resolved! CloudWatch RQL

Hi all,

 

Relatively new with Prisma and playing with the RQL. Would anyone be able to tell me if there's a query i can run that tells me if cloudwatch is enabled within an AWS environment?

 

Report wise, I tried running something against CIS compliance

...

Resolved! Check for snapshot taken using programmatic access

I need to write a query to check for events of a snapshot taken using programmatic access :

 

event where cloud.type = 'aws' AND operation = 'CreateInstanceSnapshot' AND json.rule = $.userIdentity.type = "Consolepassword"

Till now I have tried to do thi

...

APaul by L0 Member
  • 4761 Views
  • 3 replies
  • 0 Likes

Resolved! RQL Filter Bug

I found that when I use the filter command in RQL, it requires you to assign two variables in order for the filter command to work appropriately. Even if you don’t use the other assigned variable in the filter command, the api requires the two variab

...

redlockerror.PNG
redlockerror2.PNG

Capture JSON for Alerts that are sent to SQS

I have configured Redlock to send alert to SQS queue. I am getting the below fields in JSON body when I fetch it from SQS:

However, When I try to fetch the alert details using Alert API I get the complete different schema.

 

 

SQS_JSON_Fields

Alert_API_JS

...

SQS_json.JPG
Alert_API_Detailed.JPG
APaul by L0 Member
  • 3698 Views
  • 1 replies
  • 0 Likes

Python API for Compliance Reports

Hi all,

 

I'd like to create, read, update and/or delete Compliance Reports via the API but there's no documentation on compliance reports in the REST API documentation. It was confirmed that the API does support CRUD for compliance reports and that a

...

JBox by L1 Bithead
  • 5078 Views
  • 2 replies
  • 0 Likes
  • 382 Posts
  • 46 Subscriptions
Top Liked Authors