This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Start a conversation

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 5003 Views
  • 1 replies
  • 1 Likes

Resolved! Error with RQL joint and atributes with dot

Hello, I have an error when we are implementing a RQL query in the Investigate tab.We make a join query searching in a VMs list and a NICs list in the prisma platform over a Azure suscription.The problem seems to be over the filter part when we use the ['xxx.xxx'] format in a query when an atribute have a dot inside, because when we change to ot...

VRuiz by L1 Bithead
  • 8827 Views
  • 5 replies
  • 0 Likes

IP address to Location

Im running a query in Investigate, likeevent where cloud.account = 'XXX ' AND crud = 'login' and IP addresses are not converted to locations, the Location and Country columns are displaying Unknown.am I overlooking something?

PFabian by L1 Bithead
  • 10453 Views
  • 9 replies
  • 0 Likes

Resolved! How to check a resource still exists and not been deleted

Hi guys.I am looking at a implementation that has been running for over a year - however little work has been done just yet. The system has 54000 OPEN alerts. I want to check which alerts are still valid (ie. do the resource at the end of the alert even exist anymore?) Is it possible to do that from within REDLOCK/Prism please?

MPestell by L2 Linker
  • 10239 Views
  • 5 replies
  • 0 Likes

How to exclude a resource by TAG from network traffic query

RQL: network where src.publicnetwork in ('Suspicious IPs','Internet IPs') and dest.port in (1433, 1521, 3306, 5000, 5432, 5984, 6379, 6380, 8080, 9042, 11211, 27017, 28015, 29015, 50000) AND dest.resource IN ( resource where tag ( 'Aviatrix-Created-Resource' ) = 'Do-Not-Delete-Aviatrix-Created-Resource' ) I want network where src.publicnetwork ...

JustinB by L0 Member
  • 3421 Views
  • 1 replies
  • 0 Likes

Resolved! RQL to find out custom AWS EC2 instance keypair

We have a custom AWS security checklist that we are manually running against each AWS account, and in that, we have a check to see if key pairs of all EC2 instances are created per function and per region when creating an instance with AMI. I'm looking for an RQL to find out custom Keypair. I started with the following RQL but doesnt seem to get...

Resolved! timeRange absolute 400 Bad Request

Hi, Am trying to fetch alerts based upon an absolute timerange to ensure I don't continuously run into timeouts with my queries (want to get all open alerts for long running accounts that customers never looked at or that simply have way too many misconfigured resources). Whenever I execute the call I however keep running into 400 Bad Request st...

Resolved! rql to bring back account_names that are not running a 'named' CloudTrail

Hello team. I have a named CloudTrail which every account must have. aws-landing-zone-logs-us-east-1 Some accounts have additional CloudTrails in addition to the above for there own purposes. I want an alert that tells me if 'any' account does not have a CloudTrail called aws-landing-zone-logs-us-east-1 but IMPORTANTLY ignoring any other ...

MPestell by L2 Linker
  • 5737 Views
  • 1 replies
  • 0 Likes

Resolved! User is always getting access to API Key

I am inserting a user into "Prisma Cloud" through API (https://api.prismacloud.io/user) with the request body as,var userDetails = {"email": email,"firstName": firstName,"lastName": lastName,"timeZone": "America/Los_Angeles","roleId": <role id of system admin>,"accessKeysAllowed": false}; This user has access to "Access Key" but I am passi...

Resolved! RQL - display all VPC's, except DEFAULT, that do not have FlowLogs

Hello all. New to RQL. I have the below RQL that identifies DEFAULT VPC's;config where cloud.account IN ( 'AWS_EBU_Networked_Prod_DR_DA_01' ) and api.name = 'aws-ec2-describe-vpcs' AND json.rule = isDefault is true I have the below RQL that shows all VPC's that do not have FlowLogs enabled;config where cloud.account IN ( 'AWS_EBU_Networked_Prod...

MPestell by L2 Linker
  • 8919 Views
  • 3 replies
  • 0 Likes

Resolved! Prisma Cloud - Azure Scan Frequency and Config change detection

Hi, I'm using the Prisma Cloud (previously Redlock). Is there a way I can change the frequency of the scans to check for misconfiguration. Also where can I check the current frequency. Does the scan run every hr or every 24 hr. Is it the same for AWS/Azure/GCP? Also if someone makes a mistake and changes the resources while the scan is going on ...

nugentec by L1 Bithead
  • 9485 Views
  • 3 replies
  • 0 Likes

Resolved! Not able to access API with token

I have Access Key and Secret Key, with the help of these we are getting Token and we are trying to use this Token to access list of cloud account (https://api.prismacloud.io/cloud) from the API Docs (api.docs.prismacloud.io/v4.2.1/reference) and from our tool ServiceNow but we are getting 401 (Unauthorized) response.Where are we doing wrong ?

  • 476 Posts
  • 61 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks