Prisma Cloud Resource Query Language (RQL)

Learn what RQL is and how to use this powerful tool to investigate issues in real-time in your cloud environments.
Prisma Cloud Resource Query Language (RQL) is a powerful and flexible tool that helps you gain security and operational insights about your deployments in public cloud environments. You can use RQL to perform configuration checks on resources deployed on different cloud platforms and to gain visibility and insights into user and network events. You can use these security insights to create policy guardrails that secure your cloud environments.
RQL is a structured query language that resembles Structured Query Language (SQL). RQL supports the following types of queries:
  • Config
    —Use Config Query to search for the configuration of the cloud resources.
  • Event
    —Use Event Query to search and audit all the console and API access events in your cloud environment.
  • Network
    —Use Network Query to search real-time network events in your environment.
Use RQL to find answers to fundamental questions that help you understand what is happening on your network. For example, you can find answers to the following questions:
  • Do I have S3 buckets with encryption disabled?
  • Do I have databases that are directly accessible from the internet?
  • Who uses a root account to manage day-to-day administrative activities on my network?
  • Which cloud resources are missing critical patches that make them exploitable?

Related Documentation