Create a Network Exposure Policy

Create network exposure policies in Prisma Cloud to monitor resources/assets in your AWS environment.
You have the ability to create network exposure policies based on your organization’s requirements. You can build a new network exposure policy based on the
config from network where
RQL query to monitor the network exposure of an asset across your cloud environment.
  1. Select
    Policies
    Add Policy
    Network
    .
  2. Enter your policy details.
    1. Add the
      Policy Name
      and
      Severity
      .
    2. Description
      and
      Labels
      are optional.
    3. Click
      Next
      .
  3. Enter your RQL query in the search bar.
    The default option of
    New Search
    enables you to build a new RQL query from scratch while
    Saved Search
    enables you to use a RQL query that you previously saved. For example, the following RQL query finds the interfaces that are accessible from any untrusted Internet source:
    config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.tag = 'env=prod'
    A green check mark indicates that you have a valid query and you can view the query results.
    You cannot associate compliance standards to network exposure policies.
  4. Save
    the policy.
    After you successfully create your new policy, it is displayed in the
    Policies
    table.
    Refer to Network Query in the RQL Reference to learn about network exposure query attributes and to see examples.

Recommended For You