1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Resource Query Language (RQL) Reference
    5. Prisma Cloud RQL Reference
    6. Network Query

    Network Query

    Use Network Query to find real-time network security risks on your resources deployed in public cloud environments.
    When you onboard your cloud accounts to Prisma Cloud, it monitors network configuration and traffic logs to and from your assets deployed on the cloud environment. You can then use this data to find previously unidentified network security risks:

    Flow Log-based Network Query

    Prisma Cloud provides the
    network from vpc.flow_record
     network query that is based on networking logs, such as VPC flow logs, which you can use to detect when services, applications, or databases are exposed to the Internet and fix risky configuration issues, or to search for assets that are receiving traffic and connections from suspicious IP addresses to prevent data exfiltration attempts before it is too late.
    When you use the
    network from vpc.flow_record where cloud.account=
     RQL, the following are the list of resources for which you can visualize flow log information on Prisma Cloud:
    Cloud Account
    Resources that Support Flow Logs
    AWS
    • AWS ElastiCache
    • AWS ELB
    • AWS Lambda
    • AWS NAT Gateway
    • AWS RDS
    • AWS Redshift
    • Container Management
    • Database
    • Email
    • FTP
    • FTP Client
    • HTTP
    • Kerberos Server
    • KVP Store
    • LDAP
    • Message Queue
    • Nagios Monitoring Server
    • Possible Cryptocurrency Miner
    • SSH
    • System Management
    • Telnet
    • Web Proxy
    • Web Server
    • VM Instance
    Azure
    • Azure ELB
    • Container Management
    • Database
    • Email
    • FTP
    • Generic
    • HTTP
    • Kerberos Server
    • KVP Store
    • LDAP
    • Message Queue
    • Nagios Monitoring Server
    • SSH
    • System Management
    • Telnet
    • Web Proxy
    • Web Server
    • VM Instance
    GCP
    • Google Kubernetes Engine (GKE) node
    • VM Instance
    Network flow log queries are supported on AWS, Azure, and GCP cloud environments.
    Also see:

    Configuration-based Network Query

    Prisma Cloud also provides the
    config from network where
     network query that is based on network configuration, which you can use to identify overly-exposed resources by providing end-to-end network path visibility from any source, such as AWS EC2 virtual machine, DB instance, or Lambda application to any destination, such as the Internet, another VPC, or on-premises networks. This visibility in to the associations between security groups and compute instances help you identify network security risks before they become incidents. Prisma Cloud does not send traffic or read network logs for performing network path analysis.
    When you use the
    config from network where=
     RQL, the following are the list of resources for which you can query network exposure on Prisma Cloud:
    Cloud Account
    Resources that Support Network Exposure
    AWS
    • VPC
    • Internet Gateway
    • Subnet
    • NACL
    • NAT Gateway
    • EC2
    • ENI
    • EIP
    • Security Group
    • VPC Service Endpoint/PrivateLink
    • Route Table
    • Transit Gateway and Route Table
    • VPC Peering
    Azure
    • Virtual Machine (VM)
    • Virtual Machine Scale Set (flexible VMSS, uniform VMSS)
    • Network Interface (NIC)
    • Subnet
    • Public IP Addresses (PIP, PIP prefixes, shared PIP)
    • User Define Route (effective UDR)
    • Virtual Network (Vnet)
    • NAT Gateway
    • Loadbalancer (NLB, ALB)
    • Application Security Group (ASG)
    • Network Security Group (NSG)
    • PaaS Services (PgSQL)
    Network exposure queries are currently supported only on AWS and Azure cloud environments and are currently not available in the Government and China regions.
    Also see:

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo