Hello, I have an error when we are implementing a RQL query in the Investigate tab.We make a join query searching in a VMs list and a NICs list in the prisma platform over a Azure suscription.The problem seems to be over the filter part when we use t...
Hi, Am trying to fetch alerts based upon an absolute timerange to ensure I don't continuously run into timeouts with my queries (want to get all open alerts for long running accounts that customers never looked at or that simply have way too many mis...
Hello team. I have a named CloudTrail which every account must have. aws-landing-zone-logs-us-east-1 Some accounts have additional CloudTrails in addition to the above for there own purposes. I want an alert that tells me if 'any' account does not ha...
Anyone have experience using the Prisma Cloud API with dismissing alert, i've been testing the but always getting 404 or 400 response, check parameters below url = "https://api.prismacloud.io/alert/dismiss"payload = { "alerts": [param.get("alert_id")...
We have a custom AWS security checklist that we are manually running against each AWS account, and in that, we have a check to see if key pairs of all EC2 instances are created per function and per region when creating an instance with AMI. I'm looki...
Hi everyone. I want to be able to list any AWS account that is not monitored by Prisma We have AWS Organizations configured. However I don't see any RQL to interrogate that to show the accounts in Organizations and compare to _AWSCloudAccount.isRedLo...
I am inserting a user into "Prisma Cloud" through API (https://api.prismacloud.io/user) with the request body as,var userDetails = {"email": email,"firstName": firstName,"lastName": lastName,"timeZone": "America/Los_Angeles","roleId": ,"accessKeysAll...
Does anyone know how to write a query to look for S3 bucket activity i.e someone logging in to S3 buckets and performing some task as creating objects etc.
Hello all. New to RQL. I have the below RQL that identifies DEFAULT VPC's;config where cloud.account IN ( 'AWS_EBU_Networked_Prod_DR_DA_01' ) and api.name = 'aws-ec2-describe-vpcs' AND json.rule = isDefault is true I have the below RQL that shows all...
Hi, I'm using the Prisma Cloud (previously Redlock). Is there a way I can change the frequency of the scans to check for misconfiguration. Also where can I check the current frequency. Does the scan run every hr or every 24 hr. Is it the same for AWS...
I have Access Key and Secret Key, with the help of these we are getting Token and we are trying to use this Token to access list of cloud account (https://api.prismacloud.io/cloud) from the API Docs (api.docs.prismacloud.io/v4.2.1/reference) and from...
Hi team. Can someone share the URI for Prisma Cloud API REST documentation please.(Can't find it anywhere)
I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert. I am referring to the mentioned article : ( Example: Authorization Failures )I...
Hi everyone.We see occurances where we have RDS Snapshots showing in AWS console. I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.If I then run a very general investigate query of config where cloud....
Im running a query in Investigate, likeevent where cloud.account = 'XXX ' AND crud = 'login' and IP addresses are not converted to locations, the Location and Country columns are displaying Unknown.am I overlooking something?
