How to resolve error: Insufficient Query for Policy Creation in Prisma Cloud
8371
Created On 01/09/22 19:50 PM - Last Modified 02/01/23 05:16 AM
Symptom
When trying to create a policy with generic RQL, following error is observed
error: Insufficient Query for Policy Creation Request ID: 8fe6f4235c574f9abf4b974cb9ba5792.
Note: The Request ID: 8fe6f4235c574f9abf4b974cb9ba5792 is for this example and changes for each customer.
Environment
- Prisma Cloud
- Policy
Cause
The RQL is too generic to create a policy.
Generic RQL example:
config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-sns-get-subscription-attributes'Resolution
Add specific requirement to RQL query. The following query resolves the issue after we add specific json.rule.
config from cloud.resource where cloud.type = 'aws' AND api.name = 'aws-sns-get-subscription-attributes' AND json.rule = 'protocol equals http'
Additional Information
Config Query Attributes
Note: json.rule
- Prisma Cloud ingests data and updates events in JSON format.
- Use the json.rule attribute to query or filter specific elements included in the JSON configuration related to a cloud resource.
- The json.rule attribute enables you to look for specific configurations: parse JSON-encoded values, extract data from JSON, or search for value within any configuration policy for cloud accounts that you are monitoring using Prisma Cloud.
- This json.rule attribute allows you to create boolean combinations and find data in selected fields within the JSON data that represents the resource.
- When you include the json.rule attribute in a configuration query, the auto-complete displays the elements or resources that match your search criteria. Because JSON has a nested structure, you can search for elements at the root level, inside the JSON tree, or in an array object.