Prisma Cloud Resource Query Language (RQL)
Learn what RQL is and how to use this powerful tool to
investigate issues in real-time in your cloud environments.
Prisma Cloud Resource Query Language
(RQL) is a powerful and flexible tool that helps you gain security
and operational insights about your deployments in public cloud
environments. You can use RQL to perform configuration checks on
resources deployed on different cloud platforms and to gain visibility
and insights into user and network events. You can use these security insights
to create policy guardrails that secure your cloud environments.
RQL is a structured query language that resembles Structured
Query Language (SQL). RQL supports the following types of queries:
Config
—Use
Config Query to search
for the configuration of the cloud resources.
Event
—Use
Event Query to search
and audit all the console and API access events in your cloud environment.
Network
—Use
Network Query to search
real-time network events in your environment.
Use RQL to find answers to fundamental questions that help you
understand what is happening on your network. For example, you can
find answers to the following questions:
Do I have S3 buckets with encryption disabled?
Do I have databases that are directly accessible from the
internet?
Who uses a root account to manage day-to-day administrative
activities on my network?
Which cloud resources are missing critical patches that make
them exploitable?