Prisma Cloud Discussions

Resolved! which policy will it take to trigger the alerts??

Hi Friends,

We have a policy called "Azure SQL Server audit log retention is less than 91 days" with several alerts triggered for this.Now we have cloned the same policy with modified query inside the policy as 90 days.Here my doubt is what will happ

Resolved! How to find Accounts not monitored

Hi everyone.

I want to be able to list any AWS account that is not monitored by Prisma

We have AWS Organizations configured.  However I don't see any RQL to interrogate that to show the accounts in Organizations and compare to _AWSCloudAccount.isRedL

Resolved! List user policies and actions

Hi,

Can someone help me with an RQL to display the list of Users, policies attached, and the actions allowed in the policies.

I want to be able to export this into a CSV. Any help here is much appreciated.

Thanks,

Sultan 

Resolved! Error with RQL joint and atributes with dot

Hello,

I have an error when we are implementing a RQL query in the Investigate tab.

We make a join query searching in a VMs list and a NICs list in the prisma platform over a Azure suscription.

The problem seems to be over the filter part when we use t

Resolved! Multiline-awscli command in auto-remedation

Hi Team,

I am curious to know when prisma-cloud team is coming up with new feature multi-line aws cli command in auto remediation.Can we expect it in next release?

Resolved! How to check a resource still exists and not been deleted

Hi guys.

I am looking at a implementation that has been running for over a year - however little work has been done just yet.  The system has 54000 OPEN alerts.  I want to check which alerts are still valid (ie. do the resource at the end of the alert

Resolved! RQL to find out custom AWS EC2 instance keypair

We have a custom AWS security checklist that we are manually running against each AWS account, and in that, we have a check to see if key pairs of all EC2 instances are created per function and per region when creating an instance with AMI. I'm looki

Resolved! timeRange absolute 400 Bad Request

Hi,

Am trying to fetch alerts based upon an absolute timerange to ensure I don't continuously run into timeouts with my queries (want to get all open alerts for long running accounts that customers never looked at or that simply have way too many mis

Resolved! rql to bring back account_names that are not running a 'named' CloudTrail

Hello team.

I have a named CloudTrail which every account must have.  aws-landing-zone-logs-us-east-1

Some accounts have additional CloudTrails in addition to the above for there own purposes.

I want an alert that tells me if 'any' account does

Resolved! RQL query for S3 Bucket activity

Does anyone know how to write a query to look for S3 bucket activity i.e someone logging in to S3 buckets and performing some task as creating objects etc.