Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
a week ago
8Posts
0Likes
0Solutions
Oct 13, 2020Last Visited
User
Activity
User
Profile
Latest posts by ramyfrahman
| Subject | Views | Posted |
|---|---|---|
| 227 | a month ago | |
| 290 | a month ago | |
| 292 | a month ago | |
| 247 | a month ago | |
| 614 | 09-09-2020 07:01 AM |
User Badges
Public Statistics
| Date Registered | 09-27-2016 04:13 PM |
| Date Last Visited | a week ago |
| Total Messages Posted | 16 |
a month ago
At first glance, it looks as if there is no real way to put a setting to the Anomaly Setting for "Port Scan Activity (External)". The rationale behind the question is, you're only looking at the amount of scans for the Conservative Moderate and Aggressive settings and looks at 500,200 and 50 ports respectively. 500 ports in a minute is obviously aggressive but 500 over a longer setting of time may be something else. Is there no way to modify the threshold of time of which it looks at this data?
... View more
a month ago
Looks like this was submitted and upvoted 15 times. https://prismacloud.ideas.aha.io/ideas/PANW-I-190 It is unclear if this is "will not implement" it is "New Idea". Any clarity if that is on the roadmap?
... View more
a month ago
Looking to see if this is on the roadmap. I will also ask on the Aha Feature Request site.
... View more
a month ago
Ok so I think we are getting closer. This was helpful but maybe I can ask this a different way If I wanted to get a list of all the alerts that were in a config query like below that have a finding severity of HIGH, is that possible? config where api.name = 'gcloud-compute-instances-list' and json.rule = status contains RUNNING
... View more
09-09-2020
07:01 AM
so is there any limitation to the data? Or Database ? If you have an extremely large volume of data is there any potential for corruption?
... View more
09-08-2020
07:42 PM
If you were to need to monitor a set of assets such as Google Cloud VPCs and any changes that have been made in a set date range, what would be an RQL you could write that would yield the audit trail and show those changes? I would have to imagine it starts with an event query based on something similar I pulled up for AWS: event where operation IN ('AuthorizeSecurityGroupEgress', 'AuthorizeSecurityGroupIngress', 'CreateVpc', 'DeleteFlowLogs', 'DeleteVpc', 'ModifyVpcAttribute', 'RevokeSecurityGroupIngress') or maybe RQL: config where cloud.type = 'aws' AND api.name = 'aws-elbv2-target-group' But how would be the best practice to possible get a list of a set of assets you want to monitor highly for changes. Maybe leveraging tags?
... View more
08-28-2020
01:46 PM
An kind of limitations on the metadata which gets collected on the either the CSPM side or CWPP side? As multi cloud environments grow, are there any limitations on retention of that data? If you want to run RQLs from 5 years ago or more is that something you would have available or is it limited to the retention of say CloudTrail logs in AWS etc?
... View more
Labels:
- Labels:
-
Cloud Security
-
Prisma Cloud
08-28-2020
10:18 AM
Is it possible to build an RQL query to look at a certain host and determine if it is talking to a suspicious IP address and create an auto-remediation rule that restricts the host traffic and isolates it so it is no longer talking to the suspicious IP or the internet at all? Looking at the video for creation of a custom remediation policy this looks to be possible but I need some ideas to build the query. If that is not an option are there any integrations or ways that we can create an isolation policy for hosts in the cloud or on prem to not talk to those suspicious IPs? Either with the CSPM side of Prisma Cloud Enterprise Edition or Prisma Cloud Compute tab? Thanks in advance.
... View more
Labels:
- Labels:
-
Prisma Cloud
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
a week ago
|
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
