Enabled the IAM module and added the Google Workspace (GSuite) group reader role to the prisma service account but have been not able to find the query to get group members or other workspace information. Only information I currently get is the cloudresourcemanager api results.
Also is it possible to get from workspace reports which accounts have 2SV enabled?
You must have administrator access to Google Workspace (GSuite) to grant Prisma Cloud Service Accounts the permissions to ingest data from groups on Google Workspace (GSuite). The permissions required for ingesting data on groups is either the predefined role Group Reader, or a custom role with groups:read permission.
Could you please provide me the RQL you are using.
Our administrator added group reader to the prisma account
But reading through the docs can´t find the RQL for getting the workspace specific information
For example changing the following with a group in workspace returns no results
config from iam where dest.cloud.type = 'GCP' and source.cloud.resource.type = 'user' and grantedby.cloud.entity.name = 'your group name'
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!