Prisma Cloud - Cloned Policy not saving updated Query.

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prisma Cloud - Cloned Policy not saving updated Query.

L0 Member

I'm attempting to clone a default Azure policy for overly permissive NSG's.  The cloned policy is essentially the same with additional RQL at the end to only alert on NSG's that do not have a certain tag value.   We've verified the RQL works, we've remove the auto-remediation capability.  The modified Query will not save.   I've looked in the documentation for cloning a default query and followed them step by step.  


User has System Admin permissions.  


L4 Transporter

Greetings Coldstone2,


I hope that this note finds you well! I know that it has been a while since you had posted this question but I wanted to see if you still potentially needed any help. Thank you for your time and I hope that you have a good remainder of your day.


Kind Regards,

J. Avery King

J. Avery King | Prisma Cloud | Customer Success Engineer

L1 Bithead


Policy name: Azure Network Security Group with overly permissive outbound rule

The default policies include additional variables that are restricted for use in default policies only, and are not supported in custom policies. Syntax validation displays an error if you use the restricted variables.

A possible solution is not to use CLI command with the cloned policy.

Ref Doc link:

Sr. Technical Support Engineer - Prisma Cloud | PCCSE
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!