07-13-2021 08:31 AM
I'm attempting to clone a default Azure policy for overly permissive NSG's. The cloned policy is essentially the same with additional RQL at the end to only alert on NSG's that do not have a certain tag value. We've verified the RQL works, we've remove the auto-remediation capability. The modified Query will not save. I've looked in the documentation for cloning a default query and followed them step by step.
User has System Admin permissions.
09-09-2022 08:35 AM
Greetings Coldstone2,
I hope that this note finds you well! I know that it has been a while since you had posted this question but I wanted to see if you still potentially needed any help. Thank you for your time and I hope that you have a good remainder of your day.
Kind Regards,
J. Avery King
09-09-2022 08:35 PM
Greeting,
Policy name: Azure Network Security Group with overly permissive outbound rule
The default policies include additional variables that are restricted for use in default policies only, and are not supported in custom policies. Syntax validation displays an error if you use the restricted variables.
A possible solution is not to use CLI command with the cloned policy.
Ref Doc link:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/creat....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
