Investigate Config Incidents on Prisma Cloud

Use config queries to investigate configuration incidents so that you can identify misconfigurations and compliance violations.
Prisma Cloud ingests various services and associated configuration data from AWS, Azure, Alibaba, and GCP cloud services. You can retrieve resource information to identify resource misconfigurations, and detect policy violations that expose your business to undue risk and non-compliance to industry benchmarks. You can also view the audit trail for information on who created, modified, deleted resources on the cloud platform and when the change was made.
To investigate configuration issues ,you can use Config queries. You can enter your query in the Search bar and if the search expression is valid and complete, a green check mark displays along with your query results.
You can choose to save the searches that you have created for investigating incidents in
My Saved Searches
. A saved search enables you to use the same query at a later time, instead of typing the query again, and it enables you to use the saved search to create a policy.
Saved Searches
has list of search queries saved by any Prisma Cloud administrator.
Select a record to view additional details about Audit Trail or Host Findings in the Resource Explorer. The alerts are displayed when you select the red exclamation mark.
Hover over the configuration record to see the option to view the details of the resource configuration. You can also search directly within the JSON Resource configuration to easily find something that is part of the metadata ingested on Prisma Cloud, and speed up your investigation.
To analyze your configuration events offline, you can download the event search details in a CSV format, click
Download
on the right hand corner.

Recommended For You