PaloAltoPrismaCloudAlertV2_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Ingestion API Supported	✓ Yes

Schema
Solutions
Connectors
Content Items
Parsers

Schema (100 columns)

Source: KQL validation test schema

Column Name	Type
AlertRules	string
AlertTime	datetime
FirstSeen	datetime
History	string
ID	string
InvestigateOptions	string
LastSeen	datetime
Metadata	dynamic
MetadataRemediable	bool
Policy	dynamic
PolicyaiRemediable	bool
PolicyDeleted	bool
PolicyDescription	string
PolicyFindingTypes	string
PolicyhasSearchExecutionSupport	bool
PolicyId	string
PolicyLabels	string
PolicyLastModifiedBy	datetime
PolicyLastModifiedOn	datetime
PolicyName	string
PolicyPolicyId	string
PolicyPolicyType	string
PolicyRecommendation	string
PolicyRemediable	string
PolicyRemediationcliScriptTemplate	string
PolicyRemediationDescription	string
PolicyRemediationImpact	string
PolicySeverity	string
PolicySystemDefault	bool
Reason	string
Resource	dynamic
ResourceAccount	string
ResourceAccountId	string
ResourceAdditionalInfoAccessKeyAge	datetime
ResourceAdditionalInfoInactiveSinceTs	datetime
ResourceCloudAccountGroups	string
ResourceCloudServiceName	string
ResourceDataAccesskey1Active	bool
ResourceDataAccesskey1LastRotated	datetime
ResourceDataAccesskey1LastUsedDate	datetime
ResourceDataAccesskey1LastUsedRegion	string
ResourceDataAccesskey1LastUsedService	string
ResourceDataAccesskey2Active	bool
ResourceDataAccesskey2LastRotated	datetime
ResourceDataAccesskey2LastUsedDate	datetime
ResourceDataAccesskey2LastUsedRegion	string
ResourceDataAccesskey2LastUsedService	string
ResourceDataAdditionalInfo	string
ResourceDataArn	string
ResourceDataAssignIpv6AddressOnCreation	string
ResourceDataAvailabilityZone	string
ResourceDataAvailabilityZoneId	string
ResourceDataBlockPublicAccessStates	string
ResourceDataCert1Active	bool
ResourceDatacert1LastRotated	datetime
ResourceDataCert2Active	bool
ResourceDatacert2LastRotated	datetime
ResourceDatacidrBlock	string
ResourceDataCloudType	string
ResourceDataDefaultForAz	bool
ResourceDataGroupName	string
ResourceDataipPermissions	string
ResourceDataipPermissionsEgress	string
ResourceDataipv6CidrBlockAssociationSet	string
ResourceDataIsShared	bool
ResourceDataMapCustomerOwnedIpOnLaunch	string
ResourceDataMapPublicIpOnLaunch	bool
ResourceDataMfaActive	bool
ResourceDataOwnerId	string
ResourceDataPasswordEnabled	bool
ResourceDatapasswordLastChanged	datetime
ResourceDatapasswordLastUsed	datetime
ResourceDataPasswordNextRotation	datetime
ResourceDataResourceConfigJsonAvailable	bool
ResourceDataResourceDetailsAvailable	bool
ResourceDataResourceTs	datetime
ResourceDataSecurityGroupArn	string
ResourceDataState	string
ResourceDataSubnetArn	string
ResourceDataSubnetId	string
ResourceDataTags	string
ResourceDataUnifiedAssetId	string
ResourceDataUser	string
ResourceDataUserCreationTime	datetime
ResourceDatavpcId	string
ResourceId	string
ResourceName	string
ResourceRegion	string
ResourceRegionId	string
ResourceResourceApiName	string
ResourceResourceType	string
Resourcerrn	string
Resourceurl	string
RiskDetailRating	string
RiskDetailRiskScoreMaxScore	string
RiskDetailRiskScoreScore	string
RiskDetailScore	string
SaveSearchId	string
Status	string
TimeGenerated	datetime

Solutions (1)

This table is used by the following solutions:

PaloAltoPrismaCloud

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Palo Alto Prisma Cloud CSPM (via Codeless Connector Framework)

Content Items Using This Table (21)

Analytic Rules (11)

In solution PaloAltoPrismaCloud:

Analytic Rule	Selection Criteria
Palo Alto Prisma Cloud - Access keys are not rotated for 90 days
Palo Alto Prisma Cloud - Anomalous access key usage
Palo Alto Prisma Cloud - High risk score alert
Palo Alto Prisma Cloud - High severity alert opened for several days
Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions
Palo Alto Prisma Cloud - Inactive user
Palo Alto Prisma Cloud - Maximum risk score alert
Palo Alto Prisma Cloud - Multiple failed logins for user
Palo Alto Prisma Cloud - Network ACL allow all outbound traffic
Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports
Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic

Hunting Queries (9)

In solution PaloAltoPrismaCloud:

Hunting Query	Selection Criteria
Palo Alto Prisma Cloud - Access keys used
Palo Alto Prisma Cloud - High risk score opened alerts
Palo Alto Prisma Cloud - High severity alerts
Palo Alto Prisma Cloud - New users
Palo Alto Prisma Cloud - Opened alerts
Palo Alto Prisma Cloud - Top recources with alerts
Palo Alto Prisma Cloud - Top sources of failed logins
Palo Alto Prisma Cloud - Top users by failed logins
Palo Alto Prisma Cloud - Updated resources

Workbooks (1)

In solution PaloAltoPrismaCloud:

Workbook	Selection Criteria
PaloAltoPrismaCloudOverview

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
PaloAltoPrismaCloud	PaloAltoPrismaCloud

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

PaloAltoPrismaCloudAlertV2_CL

Contents

Schema (100 columns)

Solutions (1)

Connectors (1)

Content Items Using This Table (21)

Analytic Rules (11)

Hunting Queries (9)

Workbooks (1)

Parsers Using This Table (1)

Other Parsers (1)