What happens if a RQL query contains two json.rule statements in Prisma Cloud?
7644
Created On 02/08/19 03:21 AM - Last Modified 12/10/19 19:20 PM
Question
What happens if a RQL query contains two json.rule statements?
Environment
Prisma Cloud
Answer
The query will run; however, only the second json.rule statement will be evaluated. For example, the following RQL:
config where api.name = 'aws-s3api-get-bucket-acl' AND json.rule = loggingConfiguration does not exist AND json.rule = serverSideEncrypted is false
Will produce the same result as this query:
config where api.name = 'aws-s3api-get-bucket-acl' AND json.rule = serverSideEncrypted is false