RQL - how to filter tags in addcolumn section

How do we deploy defender on windows kubernetes

Hi,

It has been a real pain trying to work out how to deploy Prisma defender on Kubernetes AKS cluster windows nodes after following this site instructions but no joy: Kubernetes (paloaltonetworks.com) 

Can anyone help please?

Thank you

Abdel

Trying to find a way to generate TW_POLICY key value pair for deploying serverless single defender using Prisma Cloud SAAS APIs

Hi Everyone,

• My team is trying to find a way to generate TW_POLICY key value pair for deploying serverless single defender using Prisma Cloud SAAS APIs and any help in this regard will be much appreciated.
• Also, we observed that the value of the TW_PO

Pulling Metrics from Prisma CLoud via API Integration with PowerBI

We are trying to figure out how to connect to our Prisma Cloud Tenant via API and pull metrics into PowerBI dashboards. Has anyone been able to pull metrics automatically with PowerBI or any tool for that matter?

Reporting

For Prisma cloud what are folks using for reporting?  The canned reports are lacking and we need to customize reports to make them actionable by groups.  Customization in the tool is restricted to occurrence and one other item.  

Prisma Cloud - Cloned Policy not saving updated Query.

I'm attempting to clone a default Azure policy for overly permissive NSG's.  The cloned policy is essentially the same with additional RQL at the end to only alert on NSG's that do not have a certain tag value.   We've verified the RQL works, we've r

Prisma cloud integration with LogRhythm

Hi there,

is there any way to integrate Prisma cloud with LogRhythm, to send the alert to the SIEM?

@PrismaCloud 

Not Able to triggered alert on Prisma cloud after integration with Service now

Hi Team,

We recently integrated our Prisma Cloud Solution with Service Now tool to get the auto generated ticket on service now. 

we reverify the configuration and looks good.

Thereafter , we violate the policy from AWS account but alert is not gettin

IAM PassRole RQL with Conditionals

Hello!  I'm attempting to write some RQL to detect policies with the following permissions and struggling a bit.

Action: "iam:PassRole"

Effect: "Allow"

Resource: "*"

Now, in general this isn't too bad to figure out.  The RQL below accomplishes this nic

Automated compliance checking

We are looking to automate a check on a new resource to see if it passes our compliance policies.   As part of this automated checking we are wondering how long we should wait after a resource is created before we run the check.    Is there an estima

twistcli with buildah?

Hi There,

We have a build process that we are migrating to a rootless containerized builder, and are using buildah to build and push the images instead of docker. If I pull an image with buildah, it downloads the image but when I run twistcli on that

RQL query for tag-based exception

Hi,

I'm trying to help a customer filter out false-positives in the Prisma Cloud policies. For instance, we have a customised "Internet exposed instances" where they previously have white listed specific IP addresses, which is not very dynamic. Instea

When will the podman 3 be supported to prisma-cloud-compute-edition v21.04

We use podman <v2.4 to build docker using jenkins CI pipeline. We have already moved to podman 3 and the lower has some issues as well as vulnerabilities however we are yet forced to use it just because prisma cloud doesn't support it yet. Can you he

Managing Compute Defender False Positives?

I'm finding what appears to be a lot of false positives for alerts within Compute Defender > Events and Runtime. What is best practice for marking these false positive to prevent additional alerts from being generated? I noticed some options for re-l