Created
November 22, 2019 18:24
-
-
Save dustinbutterworth/ad7833c3208e7c947b9b9789c855c7a8 to your computer and use it in GitHub Desktop.
Useful RQL Queries for Prisma Cloud
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If you want to tag something so that Prisma Cloud doesn't alert on it if the tag contains a certain string value | |
| # And you want to continue alerting if something does not have this specific tag at all, tag this onto your already existing query: | |
| and ((tags[?(@.key=='PrismaCloudMonitored' && @.value!='no')] size > 0) or (tags[*].key does not contain PrismaCloudMonitored)) | |
| # If you don't want prisma cloud to alert on SQL Express, since you can't encrypt SQL express: | |
| json.rule="(engine does not contain 'sqlserver-ex') and (dbiResourceId does not equal null and storageEncrypted is false)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment