Use config queries to investigate configuration incidents
so that you can identify misconfigurations and compliance violations.
Prisma Cloud ingests various
services and associated configuration data from AWS, Azure, Alibaba,
and GCP cloud services. You can retrieve resource information to identify
resource misconfigurations, and detect policy violations that expose
your business to undue risk and non-compliance to industry benchmarks.
You can also view the audit trail for information on who created,
modified, deleted resources on the cloud platform and when the change
To investigate configuration issues ,you can use Config queries.
You can enter your query in the Search bar and if the search expression
is valid and complete, a green check mark displays along with your
You can choose to save the searches that you have created for
investigating incidents in
My Saved Searches
A saved search enables you to use the same query at a later time,
instead of typing the query again, and it enables you to use the
saved search to create a policy.
has list of search queries
saved by any Prisma Cloud administrator.
Select a record to view additional details about Audit Trail
or Host Findings in the Resource Explorer. The alerts are displayed
when you select the red exclamation mark.
Hover over the configuration record to see the option to view
the details of the resource configuration. You can also search directly
within the JSON Resource configuration to easily find something
that is part of the metadata ingested on Prisma Cloud, and speed
up your investigation.
To analyze your configuration events offline, you can download
the event search details in a CSV format, click