Network Query
Use Network Query to find real-time network security risks on your resources deployed in public cloud environments.
When you onboard your cloud accounts to Prisma Cloud, it monitors network configuration and traffic logs to and from your assets deployed on the cloud environment. You can then use this data to find previously unidentified network security risks:
- Flow Log-based Network Query: Query for incidents and threats that are based on flow logs.
- Configuration-based Network Query: Query for true exposures that are based on configuration.
Flow Log-based Network Query
Prisma Cloud provides the
network from vpc.flow_record
network query that is based on networking logs, such as VPC flow logs, which you can use to detect when services, applications, or databases are exposed to the Internet and fix risky configuration issues, or to search for assets that are receiving traffic and connections from suspicious IP addresses to prevent data exfiltration attempts before it is too late.When you use the
network from vpc.flow_record where cloud.account=
RQL, the following are the list of resources for which you can visualize flow log information on Prisma Cloud:Cloud Account | Resources that Support Flow Logs |
AWS |
|
Azure |
|
GCP |
|
Network flow log queries are supported on AWS, Azure, and GCP cloud environments.
Also see:
Configuration-based Network Query
Prisma Cloud also provides the
config from network where
network query that is based on network configuration, which you can use to identify overly-exposed resources by providing end-to-end network path visibility from any source, such as AWS EC2 virtual machine, DB instance, or Lambda application to any destination, such as the Internet, another VPC, or on-premises networks. This visibility in to the associations between security groups and compute instances help you identify network security risks before they become incidents. Prisma Cloud does not send traffic or read network logs for performing network path analysis.When you use the
config from network where=
RQL, the following are the list of resources for which you can query network exposure on Prisma Cloud:Cloud Account | Resources that Support Network Exposure |
AWS |
|
Azure |
|
Network exposure queries are currently supported only on AWS and Azure cloud environments and are currently not available in the Government and China regions.
Also see:
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.