Prisma Cloud Network traffic Accepted field value is not captured correctly in the downloaded csv report
8454
Created On 04/25/19 20:14 PM - Last Modified 12/13/19 22:36 PM
Symptom
- Run the following example RQL in Investigate tab:
network where source.publicnetwork IN ( 'Suspicious IPs', 'Internet IPs' ) AND dest.port IN ( 11211 )
- From the resulting network diagram, click on a traffic line to a resource. On the right side, note the value YES for the field Accepted traffic.
Internet IPs → TestLB
Bytes Accepted
1.7 kB
Bytes Attempted
0 B
Bytes Accepted
1.7 kB
Bytes Attempted
0 B
| PORT | TRAFFIC VOLUME | ACCEPTED |
|---|---|---|
| 11211 | 1.7 kB | Yes |
- Download the report by clicking on the download icon on the Investigate page.
- Note the value for Accepted field reported as 'NO'.
| Source Name | Source IP | Destination Name | Destination IP | Destination Port | Classification | Accepted | Inbound Bytes | Outbound Bytes | Total Bytes | Inbound Packets | Outbound Packets | Total Packets | Classified as Suspicious on | Reason for Suspicious Classification | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Parfumuri Femei.com SRL | 0.0.0.0 | TestLB | 172.31.59.121 | 11211 | unavailable | no | 1760 | 0 | 1760 | 40 | 0 | 0 | ||||
Note: All values show No for Accepted traffic in csv, irrespective of the value in the network diagram
Environment
Prisma Cloud console
Cause
Defect.
Resolution
Defect being worked by Engineering.
Please use the network diagram information at this time, not the csv report.