PaloAltoPrismaCloudAudit_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items
• Parsers

Schema (18 columns)

Source: KQL validation test schema

Column Name	Type
_ResourceId	string
action_s	string
Computer	string
IPAddress	string
ManagementGroupName	string
MG	string
RawData	string
resourceName_g	string
resourceName_s	string
ResourceType	string
result_s	string
SourceSystem	string
TenantId	string
TimeGenerated	datetime
timestamp_s	string
Type	string
user_g	string
user_s	string

Solutions (1)

This table is used by the following solutions:

• PaloAltoPrismaCloud

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
[DEPRECATED] Palo Alto Prisma Cloud CSPM

---

Content Items Using This Table (21)

Analytic Rules (11)

In solution PaloAltoPrismaCloud:

Analytic Rule	Selection Criteria
Palo Alto Prisma Cloud - Access keys are not rotated for 90 days
Palo Alto Prisma Cloud - Anomalous access key usage
Palo Alto Prisma Cloud - High risk score alert
Palo Alto Prisma Cloud - High severity alert opened for several days
Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions
Palo Alto Prisma Cloud - Inactive user
Palo Alto Prisma Cloud - Maximum risk score alert
Palo Alto Prisma Cloud - Multiple failed logins for user
Palo Alto Prisma Cloud - Network ACL allow all outbound traffic
Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports
Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic

Hunting Queries (9)

In solution PaloAltoPrismaCloud:

Hunting Query	Selection Criteria
Palo Alto Prisma Cloud - Access keys used
Palo Alto Prisma Cloud - High risk score opened alerts
Palo Alto Prisma Cloud - High severity alerts
Palo Alto Prisma Cloud - New users
Palo Alto Prisma Cloud - Opened alerts
Palo Alto Prisma Cloud - Top recources with alerts
Palo Alto Prisma Cloud - Top sources of failed logins
Palo Alto Prisma Cloud - Top users by failed logins
Palo Alto Prisma Cloud - Updated resources

Workbooks (1)

In solution PaloAltoPrismaCloud:

Workbook	Selection Criteria
PaloAltoPrismaCloudOverview

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
PaloAltoPrismaCloud	PaloAltoPrismaCloud

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index