Use Prisma Cloud to Investigate Network Incidents
Learn how to use Prisma Cloud to investigate network incidents.
Prisma Cloud ingests and monitors network traffic from cloud services and allows customers to query network events in their cloud environments. You can detect when services, applications or databases are exposed to the internet and if there are potential data exfiltration attempts. Network queries are currently supported for AWS and Azure cloud.
To view network traffic data, you can use Network queries. Enter your queries in the Search. If the search expression is valid and complete, you can see a green check mark and results of your query. You can choose to save the searches that you have created for investigating incidents in
My Saved Searches. Use these queries for future reuse, instead of typing the queries all over again. You can also use the Saved Searches to create a policy.
Saved Searcheshas list of search queries saved by any user in the system.
Network queries enable you to search for network resources or network flows. By using packets, bytes, source or destination resource, source or destination IP address, and source or destination port information, these queries enable you to monitor traffic and the interconnectivity of the resources that belong to your cloud accounts and regions.
To download network traffic details for your entire network, a node or an instance, or for a specific connection between a source and a destination node in a CSV format, click
Downloadon the top right hand corner. This report groups all connection details by port and includes details such as source and destination IP addresses and names, inbound and outbound bytes, inbound and outbound packets, and whether the node accepted the traffic connection
To see the details of a network resource, click the resource and view
Network Summary, or
To see the accepted and rejected traffic, from
To view details of a connection, click the connection and click
investigate Network Incidents on Redlock
Investigate Network Incidents on Redlock RedLock ingests and monitors network traffic from cloud services and allows customers to query network events in their cloud environments. ...
Investigate config incidents on Prisma Cloud
Use config queries to investigate configuration incidents so that you can identify misconfigurations and compliance violations. ...
Investigate config incidents on RedLock
Investigate Config Incidents on RedLock RedLock ingests various services and associated configuration data from AWS, Azure, and GCP cloud services. You can retrieve resource information ...
Investigate Incidents on Prisma Cloud
Learn how to use Prisma Cloud to investigate config, audit, and network incidents. ...
Investigate audit incidents on RedLock
Investigate Audit Incidents on RedLock RedLock ingests various services and associated user and event data from AWS, Azure, and GCP cloud services. You can investigate ...
Features Introduced in March 2019
Features Introduced in March 2019 Features Introduced on March 28, 2019 Features Introduced on March 1, 2019 Features Introduced on March 28, 2019 New Features ...