Focus
Focus
Table of Contents

Event Query

Use Event Query for insight into privileged activities, and suspicious or anamolous activities in your cloud environment.
Event queries help you to detect and investigate console and API access events, monitor privileged activities, detect account compromise, and detect unusual user behavior in your cloud environments.
To investigate events, use
event from cloud.audit_logs where
queries in the search box on the
Investigate
tab of the Prisma Cloud administrative console. The query uses the event data that Prisma Cloud ingested from the audit logs to help you learn who did what and when on your cloud assets.

Recommended For You