Event Query Examples
Some examples for Event Queries for all cloud types.
Use this section to review examples that show you how to use Event Query Attributes in RQL for investigating issues on each cloud platform:
AWS—Event Query Examples
Detect activities from non-automated events and from specific IP addresses.
Detect potentially sensitive or suspicious changes to the network configuration that impact your Security posture.
Detect potentially sensitive or suspicious changes to configuration settings.
Detect risky changes executed by a root user.
Exclude results that match a specific string within an array in the event details.
To exclude results that include a specific string within an array, use the matches or does not match operator instead of contains/does not contain or exists/does not exist.
Azure—Event Query Examples
List specific operations performed on a specific Microsoft Azure account.
List Classic compute register operations performed by a specific user on a specifid Microsoft Azure account.
GCP—Event Query Examples
View sensitive network configuration updates on GCP
View sensitive SQL instance updates in GCP.
List all events with sensitive user actions on GCP.
Recommended For You
Recommended videos not found.