Issues with RQL query with Cloud Account Group and negative cloud.account operators

Issues with RQL query with Cloud Account Group and negative cloud.account operators

2548
Created On 10/24/23 13:45 PM - Last Modified 10/24/23 13:47 PM


Symptom


When setting up Custom RQL queries using Cloud Account Groups and a NOT IN condition it might happen that the query results are returning wrong values as it brings resources that aren't part of the Account Group referred. Example below:
  
config from cloud.resource where cloud.accountgroup = '<account_group_name.' and cloud.account NOT IN ('examples') and resource.status = Active and api.name = 'aws-ec2-describe-instances'

 

Environment


Prisma Cloud Enterprise

Cause


No native support for using Cloud Account Groups with [cloud.account negative operator.

Resolution


Customers should create an account group that excludes the cloud accounts present in the "NOT IN" clause.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008VYJCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language