Troubleshoot Data Security Errors

Review this section for information on how to resolve some common errors when you use Data Security on Prisma Cloud.

Subscription for SNS Topic Not Found

When you opt to use Prisma Cloud Data Security for scanning objects within an AWS account, the Prisma Cloud Terraform template creates an SNS topic and a subscription within the topic. The subscription has a UUID that is randomly generated by Prisma Cloud for the session, and is valid for a limited-time. In case you log out of Prisma Cloud or close the Cloud Onboarding Setup wizard when the CFT stack creation is in progress, and do not complete the account onboarding workflow in the same session, the UUID becomes invalid. In such cases, you see this error because the UUID in the callback URL is invalid and Prisma Cloud cannot publish messages to the SNS endpoint. To fix this error, use the following instructions to copy the SNS Call Back URL and update the SNS topic on the AWS console.
Youtube video to fix the error.
  1. On the Prisma Cloud management console, select
    Settings
    Cloud Accounts
    and find the AWS account that displays the error.
  2. Copy the
    Callback URL
    from
    Settings
    Cloud Accounts
    Configure Account
    .
    For example:
    https://cel.dlp-us.prismacloud.io/dlp/api/v1/cloudtrail/consume/uuid/2a71f761-xxxx-4db2-9665-af62c980a945
  3. Log in to the AWS management console.
  4. Select
    Services
    SNS
    Topics
    .
  5. Select the SNS Topic ARN that matches what you see on Prisma Cloud.
  6. Click
    Create Subscription
    .
  7. Select Protocol
    HTTPS
    .
  8. Paste the Callback URL you copied to the
    Endpoint
    field, and
    Save
    .
  9. On Prisma Cloud, verify that the onboarding Status is green.

Storage Size Estimate Not Available

To estimate the storage size, Prisma Cloud requires the permissions for configuring the Inventory configuration. The inventory configuration lists the objects and metadata associated with each object within the S3 bucket that you want to scan using Prisma Cloud Data Security. Without the permissions, the data cannot be retrieved and the message displays
Not Available
. To fix this issue, you must grant the Prisma Cloud role permissions for
s3:PutInventoryConfiguration
and complete the set up.
  1. Update CFT through the onboarding flow.
  2. Select the storage estimate retrieval schedule.

Unauthorized Access Error

After onboarding your cloud account on Prisma Cloud, if the connection to storage has failed because of the Unauthorized Access error, you may have specified the incorrect SNS topic name during onboarding.
See
Youtube video to fix the issue.

CloudTrail is not Configured to send Notification to SNS Topic

After onboarding your cloud account on Prisma Cloud, if the connection to storage failed because of a CloudTrail configuration error, the following error displays:
See
Youtube video to fix the error.

Recommended For You