08-13-2019 04:45 AM - last edited on 09-02-2020 10:18 AM by kwadsack
Hi all,
Relatively new with Prisma and playing with the RQL. Would anyone be able to tell me if there's a query i can run that tells me if cloudwatch is enabled within an AWS environment?
Report wise, I tried running something against CIS compliance and it's really just telling me that cloud trail is not integrated with cloud watch which doesn't directly answer the question, for compliance purposes.
08-13-2019 07:05 AM
You can use this to see the various alarms that might be setup in CloudWatch: config where api.name = 'aws-cloudwatch-describe-alarms'
There is a policy that will also look to see if cloudtrail is not integrated with cloudwatch: config where cloud.type = 'aws' AND api.name = 'aws-cloudtrail-describe-trails' AND json.rule = 'cloudWatchLogsRoleArn equals null or cloudWatchLogsRoleArn does not exist'
08-13-2019 07:05 AM
You can use this to see the various alarms that might be setup in CloudWatch: config where api.name = 'aws-cloudwatch-describe-alarms'
There is a policy that will also look to see if cloudtrail is not integrated with cloudwatch: config where cloud.type = 'aws' AND api.name = 'aws-cloudtrail-describe-trails' AND json.rule = 'cloudWatchLogsRoleArn equals null or cloudWatchLogsRoleArn does not exist'
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
