This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.
About Prisma Cloud Discussions
Share ideas and post questions related to Prisma Cloud — the industry's most comprehensive cloud native security platform — and the compute capabilities available within it in this forum.

Discussions

Start a conversation

Welcome to the Prisma Cloud Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4992 Views
  • 1 replies
  • 1 Likes

Resolved! Redlock Query to get unauthorized operation details

I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert. I am referring to the mentioned article : ( Example: Authorization Failures )I need to capture this in cloudtrail logs:{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCo...

APaul by L0 Member
  • 5920 Views
  • 3 replies
  • 0 Likes

Resolved! RDS Snapshot information not showing

Hi everyone.We see occurances where we have RDS Snapshots showing in AWS console. I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.If I then run a very general investigate query of config where cloud.type = 'aws' and api.name='aws-rds-describe-db-snapshots' / download all results. I see all othe...

MPestell by L2 Linker
  • 5604 Views
  • 2 replies
  • 0 Likes

Resolved! How can I inform Prisma Cloud that a corporate IP range is not to be considered Public IP?

Prisma Cloud produces false positives when a corporate-owned IP space is considered part of the Internet IP range. Many companies own part of the public IP space. They connect using SSH or RDP from those spaces using VPNs or other secure means. They do not want these connections to be considered Prisma Cloud findings since they are internal conn...

DBrennan by L0 Member
  • 5207 Views
  • 1 replies
  • 0 Likes

Resolved! Need RQL to exclude NAT Gateway in alerts

I’m looking at some rules that detect traffic on ports and it seems to flag a lot of traffic to AWS resource like the NAT gateway that we do not control. Is it possible to exclude these based on the resource type? For example:Remove Network - Internet traffic over insecure port (22) Exclude Network - Internet traffic (21,23,80,443,8444,8443,22)...

Resolved! Configuration Search Using Prisma Cloud API

Hi,I'm trying to run a config search using the API. I can successfully get the JWT token and can use the token to do basic get options.However, when trying the configuration search I get a 401 unauthorized error if I format the data as json( using header1). And if I don't specify the Content-Type, then I get a 500 internal server error ( header2...

Resolved! How to use multiline aws-cli command in remediation

I am using below aws-cli command to remove/disable cloudfront distribution originprotocolssl:SSLv3aws cloudfront get-distribution-config --id E29BDBENPXM1VE | jq -c -r 'del(.DistributionConfig.Origins.Items[].CustomOriginConfig.OriginSslProtocols.Items[0])|.DistributionConfig.Origins.Items[].CustomOriginConfig.OriginSslProtocols.Quantity=3 | .Di...

Resolved! "aws-elb(v2)-describe-load-balancers" ingest API

Perhaps I missed the memo, but I did not see in the RQL documentation anywhere that the similiarly named ingest APIs as the AWS API are the same. So I was searching for for JSON structures that are not available, since the output is entirely different. Need something to note that somewhere.

Resolved! CloudWatch RQL

Hi all, Relatively new with Prisma and playing with the RQL. Would anyone be able to tell me if there's a query i can run that tells me if cloudwatch is enabled within an AWS environment? Report wise, I tried running something against CIS compliance and it's really just telling me that cloud trail is not integrated with cloud watch which doesn't...

Resolved! How can i see a list of open alerts in Red Lock for All Time

Hi, How can i see a list of open alerts for All Time? I do not want to see alerts that were open (in past) but fixed now. Here's what i am doing to see the list but not working as expected. The list shows all the alerts including alerts that were open in past but fixed now. In Alerts Tab, Select All Time and Open. Please let me know...

SAziz by L1 Bithead
  • 4186 Views
  • 1 replies
  • 0 Likes

Resolved! Check for snapshot taken using programmatic access

I need to write a query to check for events of a snapshot taken using programmatic access : event where cloud.type = 'aws' AND operation = 'CreateInstanceSnapshot' AND json.rule = $.userIdentity.type = "Consolepassword"Till now I have tried to do this, and I am pretty sure "json.rule = $.userIdentity.type = "Consolepassword" is 100% incorrect. I...

APaul by L0 Member
  • 6254 Views
  • 3 replies
  • 0 Likes

Resolved! RQL Filter Bug

I found that when I use the filter command in RQL, it requires you to assign two variables in order for the filter command to work appropriately. Even if you don’t use the other assigned variable in the filter command, the api requires the two variables to be assigned. Otherwise, a warning is returned with no output. I beleive this could be prob...

redlockerror.PNG
redlockerror2.PNG

Resolved! Has anyone succeeded at integrating Prisma cloud with Jira Cloud?

I have been trying to find how to integrate Jira Cloud with Prisma Cloud (aka Redlock). I found this guide: https://docs.paloaltonetworks.com/redlock/redlock-admin/configure-external-integrations-on-redlock/integrate-redlock-with-jira and also it says that it works for Jira Cloud too it only talks about Jira On Prem.Has anyone figured it out? Thx.

AHardy1 by L1 Bithead
  • 10713 Views
  • 6 replies
  • 0 Likes

Resolved! What is frequency at which redlock scans cloud accounts ?

I am curious to know the frequency at which redlock scans /make api calls to cloud accounts, I undersatnd once policy is created and alert rule is configured & also wanted to know if there is any feature in redlock to capture the exact details api calls made. However I have been configured redlock service with my multiple AWS accounts and I ...

SBk by L0 Member
  • 8592 Views
  • 4 replies
  • 0 Likes

Error while adding GCP account (permission denied)

Hi,I am trying out RedLock using the trial and I am having issues trying to configure my GCP project. I followed the instructions carefully at https://docs.paloaltonetworks.com/redlock/redlock-admin/connect-your-cloud-platform-to-redlock/onboard-your-gcp-account/set-up-gcp-account-for-redLock-service.html I got permissions error. I even tried te...

image.png
FAllard by L1 Bithead
  • 9662 Views
  • 6 replies
  • 0 Likes
  • 476 Posts
  • 61 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks