This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

How can i confirm whether log ingestion frm respective cloud accnts is successfully happening or not

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How can i confirm whether log ingestion frm respective cloud accnts is successfully happening or not

MPalagiri
L0 Member

‎11-19-2020 02:58 AM

Hello Guys,

 

Can somebody please answer my query.

 

From the cloud accounts section of Prisma Cloud UI, I can able to see all the status checks got passed for Config,Flow,Audit logs for one of the cloud accounts.

MPalagiri_1-1605783030320.png

 

However when I ran the simple query(Ex:- event where cloud.account="X.X.X.X") from investigate blade for audit/flow logs, there were no logs as shown below.

 
 
 
 
 
 
 
 
 
 
 

Capture.JPG

 

I was under assumption that, if cloud account status checks is pass and if it's in green color then log ingestion was successfully happening. Please correct me if my understanding is wrong here. If my assumption is wrong, how can we rely on knowing the log ingestion is happening or not? Is it by manually running the queries??

 

Please help me to understand this functionality if cloud account status.

 

 

0 Likes Likes
2 REPLIES 2

tostern
L3 Networker

‎11-19-2020 03:14 AM

Hi @MPalagiri ,

 

the result what you get is expected because you didn't finished the query, i get the same result because there no real output expected here. Event queries are used to search and audit all the console and API access events in the cloud environment. Try event where commands like below.

 

event where cloud.type = 'azure'

 

I hope that helped you?

 

Regards,

Torsten

 

 

"With unity we can do great things"
0 Likes Likes

MPalagiri
L0 Member
In response to tostern

‎11-19-2020 04:10 AM

Hello Torsten,

 

Thanks for your kind response.

 

The query was completed and here the objective is, I want to validate whether audit logs are ingesting from specific cloud account that we onboarded or not?

Anyhow I ran the query that you suggested but no luck.

 

MPalagiri_0-1605787643217.png

 

If we run only this as you suggested, event where cloud.type = 'azure. This scouts for the events across all the cloud accounts which we have onboarded but we need from specific account as i highlited above.

 

 

 

Thank you.

Mahesh.

0 Likes Likes
  • 3543 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks