Use Network Query to find real-time network security risks on your resources deployed in public cloud environments.
When you onboard your cloud accounts to Prisma Cloud, it monitors network configuration and traffic logs to and from your assets deployed on the cloud environment. You can then use this data to find previously unidentified network security risks:
network query that is based on networking logs, such as VPC flow logs, which you can use to detect when services, applications, or databases are exposed to the Internet and fix risky configuration issues, or to search for assets that are receiving traffic and connections from suspicious IP addresses to prevent data exfiltration attempts before it is too late.
When you use the
network from vpc.flow_record where cloud.account=
RQL, the following are the list of resources for which you can visualize flow log information on Prisma Cloud:
Cloud Account
Resources that Support Flow Logs
AWS
AWS ElastiCache
AWS ELB
AWS Lambda
AWS NAT Gateway
AWS RDS
AWS Redshift
Container Management
Database
Email
FTP
FTP Client
HTTP
Kerberos Server
KVP Store
LDAP
Message Queue
Nagios Monitoring Server
Possible Cryptocurrency Miner
SSH
System Management
Telnet
Web Proxy
Web Server
VM Instance
Azure
Azure ELB
Container Management
Database
Email
FTP
Generic
HTTP
Kerberos Server
KVP Store
LDAP
Message Queue
Nagios Monitoring Server
SSH
System Management
Telnet
Web Proxy
Web Server
VM Instance
GCP
Google Kubernetes Engine (GKE) node
VM Instance
Network flow log queries are supported on AWS, Azure, and GCP cloud environments.
network query that is based on network configuration, which you can use to identify overly-exposed resources by providing end-to-end network path visibility from any source, such as AWS EC2 virtual machine, DB instance, or Lambda application to any destination, such as the Internet, another VPC, or on-premises networks. This visibility in to the associations between security groups and compute instances help you identify network security risks before they become incidents. Prisma Cloud does not send traffic or read network logs for performing network path analysis.
When you use the
config from network where=
RQL, the following are the list of resources for which you can query network exposure on Prisma Cloud:
Cloud Account
Resources that Support Network Exposure
AWS
Network (VPC)
Internet Gateway
Subnet
NACL
NAT Gateway
EC2
ENI
EIP
Security Group
VPC Service Endpoint/PrivateLink
Route Table
Transit Gateway and Route Table
VPC Peering
Azure
Virtual Machine (VM)
Virtual Machine Scale Set (flexible VMSS, uniform VMSS)
Network Interface (NIC)
Subnet
Public IP Addresses (PIP, PIP prefixes, shared PIP)
User Define Route (effective UDR)
Virtual Network (Vnet)
NAT Gateway
Loadbalancer (NLB, ALB)
Application Security Group (ASG)
Network Security Group (NSG)
PaaS Services (PgSQL)
GCP
Subnet
VPC Firewall
Hierarchical Firewall Rules
BackendService
FirewallPolicy
LB ForwardingRule
VM
InstanceGroup
VPC
NetworkEndpointGroup
TargetHttpProxy
TargetHttpsProxy
TargetInstance
TargetPool
TargetSslProxy
TargetTcpProxy
URLMap
Network exposure queries are currently supported only on AWS, Azure, and GCP cloud environments and are currently not available in the Government and China regions.
