Focus
Focus
Table of Contents

Network Query

Use Network Query to find real-time network security risks on your resources deployed in public cloud environments.
When you onboard your cloud accounts to Prisma Cloud, it monitors network configuration and traffic logs to and from your assets deployed on the cloud environment. You can then use this data to find previously unidentified network security risks:

Flow Log-based Network Query

Prisma Cloud provides the
network from vpc.flow_record
network query that is based on networking logs, such as VPC flow logs, which you can use to detect when services, applications, or databases are exposed to the Internet and fix risky configuration issues, or to search for assets that are receiving traffic and connections from suspicious IP addresses to prevent data exfiltration attempts before it is too late.
When you use the
network from vpc.flow_record where cloud.account=
RQL, the following are the list of resources for which you can visualize flow log information on Prisma Cloud:
Cloud Account
Resources that Support Flow Logs
AWS
  • AWS ElastiCache
  • AWS ELB
  • AWS Lambda
  • AWS NAT Gateway
  • AWS RDS
  • AWS Redshift
  • Container Management
  • Database
  • Email
  • FTP
  • FTP Client
  • HTTP
  • Kerberos Server
  • KVP Store
  • LDAP
  • Message Queue
  • Nagios Monitoring Server
  • Possible Cryptocurrency Miner
  • SSH
  • System Management
  • Telnet
  • Web Proxy
  • Web Server
  • VM Instance
Azure
  • Azure ELB
  • Container Management
  • Database
  • Email
  • FTP
  • Generic
  • HTTP
  • Kerberos Server
  • KVP Store
  • LDAP
  • Message Queue
  • Nagios Monitoring Server
  • SSH
  • System Management
  • Telnet
  • Web Proxy
  • Web Server
  • VM Instance
GCP
  • Google Kubernetes Engine (GKE) node
  • VM Instance
Network flow log queries are supported on AWS, Azure, and GCP cloud environments.
Also see:

Configuration-based Network Query

Prisma Cloud also provides the
config from network where
network query that is based on network configuration, which you can use to identify overly-exposed resources by providing end-to-end network path visibility from any source, such as AWS EC2 virtual machine, DB instance, or Lambda application to any destination, such as the Internet, another VPC, or on-premises networks. This visibility in to the associations between security groups and compute instances help you identify network security risks before they become incidents. Prisma Cloud does not send traffic or read network logs for performing network path analysis.
When you use the
config from network where=
RQL, the following are the list of resources for which you can query network exposure on Prisma Cloud:
Cloud Account
Resources that Support Network Exposure
AWS
  • Network (VPC)
  • Internet Gateway
  • Subnet
  • NACL
  • NAT Gateway
  • EC2
  • ENI
  • EIP
  • Security Group
  • VPC Service Endpoint/PrivateLink
  • Route Table
  • Transit Gateway and Route Table
  • VPC Peering
Azure
  • Virtual Machine (VM)
  • Virtual Machine Scale Set (flexible VMSS, uniform VMSS)
  • Network Interface (NIC)
  • Subnet
  • Public IP Addresses (PIP, PIP prefixes, shared PIP)
  • User Define Route (effective UDR)
  • Virtual Network (Vnet)
  • NAT Gateway
  • Loadbalancer (NLB, ALB)
  • Application Security Group (ASG)
  • Network Security Group (NSG)
  • PaaS Services (PgSQL)
GCP
  • Subnet
  • VPC Firewall
  • Hierarchical Firewall Rules
  • BackendService
  • FirewallPolicy
  • LB ForwardingRule
  • VM
  • InstanceGroup
  • VPC
  • NetworkEndpointGroup
  • TargetHttpProxy
  • TargetHttpsProxy
  • TargetInstance
  • TargetPool
  • TargetSslProxy
  • TargetTcpProxy
  • URLMap
Network exposure queries are currently supported only on AWS, Azure, and GCP cloud environments and are currently not available in the Government and China regions.
Also see:

Recommended For You