Investigate Network Exposure on Prisma Cloud

An example work flow that demonstrates how to use the network query to investigate network exposure in your cloud environment.
Prisma Cloud ingests the relevant network security components when you onboard your cloud account and enables you to investigate the assets in your cloud environment for net effective reachability. You do not need any new IAM permissions because they are ingested when you onboard your cloud account.
To build network exposure queries, navigate to the
Investigate
page and execute a query using the following syntax:
config from network where
For example to query for a list of AWS instances that are reachable from any untrust Internet IP:
config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS' and protocol.ports in ('tcp/0:79','tcp/81:442','tcp/444:65535') and effective.action = 'Allow'
The results table displays the metadata related to each of the assets.
Click the
i
icon (
Network Path
) under
Actions
to view the detailed
Network Path Analysis
, which shows the path that the network traffic would take if traffic were to be initiated from Source A to Destination B. Every hop with a green bubble means that the traffic can move forward (
Allow
traffic) from one point to the next. A hop with a red bubble means that the traffic cannot move forward (
Deny
traffic).
An
i
icon (
View Details
) is displayed wherever there is a routing or security policy associated with the hop. Click the
i
icon to get more information about the routing-table configuration or the security policy that is either allowing or denying the traffic.

Recommended For You