Prisma Cloud Discussions
cancel
Showing results for 
Search instead for 
Did you mean: 
Prisma Cloud Discussions

Discussions

RQL - how to filter tags in addcolumn section

Hi, I'm looking for help with a query.
 
config from cloud.resource where cloud.type = 'aws' AND cloud.service = 'Amazon Elastic Load Balancing' AND json.rule = scheme equals "internet-facing" addcolumn tags
 
This adds a new column with all of the resou
...

PDawson by L0 Member
  • 566 Views
  • 0 replies
  • 0 Likes

Reporting

For Prisma cloud what are folks using for reporting?  The canned reports are lacking and we need to customize reports to make them actionable by groups.  Customization in the tool is restricted to occurrence and one other item.  

SSiggins by L0 Member
  • 444 Views
  • 0 replies
  • 0 Likes

IAM PassRole RQL with Conditionals

Hello!  I'm attempting to write some RQL to detect policies with the following permissions and struggling a bit.

 

Action: "iam:PassRole"

Effect: "Allow"

Resource: "*"

 

Now, in general this isn't too bad to figure out.  The RQL below accomplishes this nic

...

Automated compliance checking

We are looking to automate a check on a new resource to see if it passes our compliance policies.   As part of this automated checking we are wondering how long we should wait after a resource is created before we run the check.    Is there an estima

...

SReis by L0 Member
  • 487 Views
  • 0 replies
  • 0 Likes

twistcli with buildah?

Hi There,

We have a build process that we are migrating to a rootless containerized builder, and are using buildah to build and push the images instead of docker. If I pull an image with buildah, it downloads the image but when I run twistcli on that

...

RQL query for tag-based exception

Hi,

I'm trying to help a customer filter out false-positives in the Prisma Cloud policies. For instance, we have a customised "Internet exposed instances" where they previously have white listed specific IP addresses, which is not very dynamic. Instea

...

Managing Compute Defender False Positives?

I'm finding what appears to be a lot of false positives for alerts within Compute Defender > Events and Runtime. What is best practice for marking these false positive to prevent additional alerts from being generated? I noticed some options for re-l

...

CGoff12 by L0 Member
  • 690 Views
  • 0 replies
  • 1 Likes

Resolved! RQL find excessive sts:AssumeRole

Trying to put together a query to identify excessive assumeRole permissions. For example it would identify if the following is in a policy.

 

"Action": ["sts:AssumeRole"],
"Effect": "Allow",
"Resource": "*"

 

I've been messing around with some queries, I h

...