Resolved! rql to bring back account_names that are not running a 'named' CloudTrail

Hello team.

I have a named CloudTrail which every account must have.  aws-landing-zone-logs-us-east-1

Some accounts have additional CloudTrails in addition to the above for there own purposes.

I want an alert that tells me if 'any' account does

Resolved! Alert Dismissal Error response via API

Anyone have experience using the Prisma Cloud API with dismissing alert, i've been testing the but always getting 404 or 400 response, check parameters below

url = "https://api.prismacloud.io/alert/dismiss"

Resolved! RQL query for S3 Bucket activity

Does anyone know how to write a query to look for S3 bucket activity i.e someone logging in to S3 buckets and performing some task as creating objects etc. 

Resolved! User is always getting access to API Key

I am inserting a user into "Prisma Cloud" through API (https://api.prismacloud.io/user) with the request body as,

var userDetails = {
"email": email,
"firstName": firstName,
"lastName": lastName,
"timeZone": "America/Los_Angeles",
"roleId": <role id of sys

Resolved! RQL - display all VPC's, except DEFAULT, that do not have FlowLogs

Hello all.

New to RQL.  I have the below RQL that identifies DEFAULT VPC's;

config where cloud.account IN ( 'AWS_EBU_Networked_Prod_DR_DA_01' ) and api.name = 'aws-ec2-describe-vpcs' AND json.rule = isDefault is true

I have the below RQL that shows al

Resolved! Prisma Cloud - Azure Scan Frequency and Config change detection

Hi, I'm using the Prisma Cloud (previously Redlock). Is there a way I can change the frequency of the scans to check for misconfiguration. Also where can I check the current frequency. Does the scan run every hr or every 24 hr. Is it the same for AWS

Resolved! Not able to access API with token

I have Access Key and Secret Key, with the help of these we are getting Token and we are trying to use this Token to access list of cloud account (https://api.prismacloud.io/cloud) from the API Docs (api.docs.prismacloud.io/v4.2.1/reference) and from

Resolved! Prisma/Redlock API documentation

Hi team.  

Can someone share the URI for Prisma Cloud API REST documentation please.

(Can't find it anywhere)

Resolved! Redlock Query to get unauthorized operation details

I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert.

I am referring to the mentioned article : ( Example: Authorization Failures )

I

Resolved! RDS Snapshot information not showing

Hi everyone.

We see occurances where we have RDS Snapshots showing in AWS console. 

I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.

If I then run a very general investigate query of config where cloud.

Resolved! How to check for EC2 Instances with non allowed AMIs

Hi,

  I want to write a query to list EC2 instances with unapproved AMIs. In order to write the query i need to store approved AMIs list some where in Prisma.

    Q1. Where and How  to store List of AMIs ?

    Q2. How to use that list in query.

Thanks
Sa

Resolved! How can I inform Prisma Cloud that a corporate IP range is not to be considered Public IP?

Prisma Cloud produces false positives when a corporate-owned IP space is considered part of the Internet IP range. Many companies own part of the public IP space. They connect using SSH or RDP from those spaces using VPNs or other secure means. They

Resolved! Need RQL to exclude NAT Gateway in alerts

I’m looking at some rules that detect traffic on ports and it seems to flag a lot of traffic to AWS resource like the NAT gateway that we do not control.

Is it possible to exclude these based on the resource type? 

For example:

Remove Network - Intern

Resolved! Configuration Search Using Prisma Cloud API

Hi,

I'm trying to run a config search using the API. I can successfully get the JWT token and can use the token to do basic get options.

However, when trying the configuration search I get a 401 unauthorized error if I format the data as json( using he

Resolved! How to use multiline aws-cli command in remediation

I am using below aws-cli command to remove/disable cloudfront distribution originprotocolssl:SSLv3