PaloAltoPrismaCloudAlert_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Ingestion API Supported	✓ Yes

Schema
Solutions
Connectors
Content Items
Parsers

Schema (74 columns)

Source: KQL validation test schema

Column Name	Type
_ResourceId	string
alertRules_s	string
alertTime_s	string
Computer	string
firstSeen_s	string
history_s	string
id_s	string
lastSeen_s	string
ManagementGroupName	string
MG	string
policy_deleted_s	string
policy_description_s	string
policy_labels_s	string
policy_lastModifiedBy_s	string
policy_lastModifiedOn_s	string
policy_name_s	string
policy_policyId_s	string
policy_policyType_s	string
policy_recommendation_s	string
policy_remediable_s	string
policy_remediation_cliScriptTemplate_s	string
policy_remediation_description_s	string
policy_remediation_impact_s	string
policy_severity_s	string
policy_systemDefault_s	string
RawData	string
reason_s	string
resource_account_s	string
resource_accountId_s	string
resource_additionalInfo_accessKeyAge_s	string
resource_additionalInfo_inactiveSinceTs_s	string
resource_cloudAccountGroups_s	string
resource_cloudType_s	string
resource_data_access_key_1_active_s	string
resource_data_access_key_1_last_rotated_s	string
resource_data_access_key_1_last_used_date_s	string
resource_data_access_key_1_last_used_region_s	string
resource_data_access_key_1_last_used_service_s	string
resource_data_access_key_2_active_s	string
resource_data_access_key_2_last_rotated_s	string
resource_data_access_key_2_last_used_date_s	string
resource_data_access_key_2_last_used_region_s	string
resource_data_access_key_2_last_used_service_s	string
resource_data_arn_s	string
resource_data_cert_1_active_s	string
resource_data_cert_1_last_rotated_s	string
resource_data_cert_2_active_s	string
resource_data_cert_2_last_rotated_s	string
resource_data_mfa_active_s	string
resource_data_password_enabled_s	string
resource_data_password_last_changed_s	string
resource_data_password_last_used_s	string
resource_data_password_next_rotation_s	string
resource_data_user_creation_time_s	string
resource_data_user_s	string
resource_id_g	string
resource_id_s	string
resource_name_s	string
resource_region_s	string
resource_regionId_s	string
resource_resourceApiName_s	string
resource_resourceTs_s	string
resource_resourceType_s	string
resource_rrn_s	string
resource_url_s	string
riskDetail_rating_s	string
riskDetail_riskScore_maxScore_s	string
riskDetail_riskScore_score_s	string
riskDetail_score_s	string
SourceSystem	string
status_s	string
TenantId	string
TimeGenerated	datetime
Type	string

Solutions (1)

This table is used by the following solutions:

PaloAltoPrismaCloud

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
[DEPRECATED] Palo Alto Prisma Cloud CSPM

Content Items Using This Table (21)

Analytic Rules (11)

In solution PaloAltoPrismaCloud:

Analytic Rule	Selection Criteria
Palo Alto Prisma Cloud - Access keys are not rotated for 90 days
Palo Alto Prisma Cloud - Anomalous access key usage
Palo Alto Prisma Cloud - High risk score alert
Palo Alto Prisma Cloud - High severity alert opened for several days
Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions
Palo Alto Prisma Cloud - Inactive user
Palo Alto Prisma Cloud - Maximum risk score alert
Palo Alto Prisma Cloud - Multiple failed logins for user
Palo Alto Prisma Cloud - Network ACL allow all outbound traffic
Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server administration ports
Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic

Hunting Queries (9)

In solution PaloAltoPrismaCloud:

Hunting Query	Selection Criteria
Palo Alto Prisma Cloud - Access keys used
Palo Alto Prisma Cloud - High risk score opened alerts
Palo Alto Prisma Cloud - High severity alerts
Palo Alto Prisma Cloud - New users
Palo Alto Prisma Cloud - Opened alerts
Palo Alto Prisma Cloud - Top recources with alerts
Palo Alto Prisma Cloud - Top sources of failed logins
Palo Alto Prisma Cloud - Top users by failed logins
Palo Alto Prisma Cloud - Updated resources

Workbooks (1)

In solution PaloAltoPrismaCloud:

Workbook	Selection Criteria
PaloAltoPrismaCloudOverview

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
PaloAltoPrismaCloud	PaloAltoPrismaCloud

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

PaloAltoPrismaCloudAlert_CL

Contents

Schema (74 columns)

Solutions (1)

Connectors (1)

Content Items Using This Table (21)

Analytic Rules (11)

Hunting Queries (9)

Workbooks (1)

Parsers Using This Table (1)

Other Parsers (1)