Prisma Cloud Discussions
Showing results for 
Search instead for 
Did you mean: 
Prisma Cloud Discussions

Forum Posts

Resolved! Error with RQL joint and atributes with dot

Hello, I have an error when we are implementing a RQL query in the Investigate tab.We make a join query searching in a VMs list and a NICs list in the prisma platform over a Azure suscription.The problem seems to be over the filter part when we use t...

VRuiz by L1 Bithead
  • 5 replies

Resolved! timeRange absolute 400 Bad Request

Hi, Am trying to fetch alerts based upon an absolute timerange to ensure I don't continuously run into timeouts with my queries (want to get all open alerts for long running accounts that customers never looked at or that simply have way too many mis...

Resolved! Alert Dismissal Error response via API

Anyone have experience using the Prisma Cloud API with dismissing alert, i've been testing the but always getting 404 or 400 response, check parameters below url = ""payload = { "alerts": [param.get("alert_id")...

Resolved! How to find Accounts not monitored

Hi everyone. I want to be able to list any AWS account that is not monitored by Prisma We have AWS Organizations configured. However I don't see any RQL to interrogate that to show the accounts in Organizations and compare to _AWSCloudAccount.isRedLo...

MPestell by L2 Linker
  • 5 replies

Resolved! User is always getting access to API Key

I am inserting a user into "Prisma Cloud" through API ( with the request body as,var userDetails = {"email": email,"firstName": firstName,"lastName": lastName,"timeZone": "America/Los_Angeles","roleId": ,"accessKeysAll...

Resolved! Not able to access API with token

I have Access Key and Secret Key, with the help of these we are getting Token and we are trying to use this Token to access list of cloud account ( from the API Docs ( and from...

Resolved! Redlock Query to get unauthorized operation details

I am trying to write a custom query to get the unauthorized access details or Access denied details captured and after a certain number of attempts is there it will alert. I am referring to the mentioned article : ( Example: Authorization Failures )I...

APaul by L0 Member
  • 3 replies

Resolved! RDS Snapshot information not showing

Hi everyone.We see occurances where we have RDS Snapshots showing in AWS console. I see from Cloudwatch/trail that primsa is connecting and issueing the call to DescribeDBSnapshots.If I then run a very general investigate query of config where cloud....

MPestell by L2 Linker
  • 2 replies

IP address to Location

Im running a query in Investigate, likeevent where cloud.account = 'XXX ' AND crud = 'login' and IP addresses are not converted to locations, the Location and Country columns are displaying I overlooking something?

PFabian by L1 Bithead
  • 9 replies