Error "unknown compliance vulnerability id 420 on the rule" not allowing creation of New CI images Compliance Policy in Prisma Cloud Compute

Error "unknown compliance vulnerability id 420 on the rule" not allowing creation of New CI images Compliance Policy in Prisma Cloud Compute

3759
Created On 07/14/22 16:20 PM - Last Modified 07/18/22 19:37 PM


Symptom


  • Error "unknown compliance vulnerability id 420 on the rule" not allowing creation of New CI images Compliance Policy in Prisma Cloud Compute.
Screenshot 2022-07-18 at 11.28.43 AM.png

 

Environment


  • Prisma Cloud

Cause


  • Compliance Vulnerability ID 420 was deprecated, but for some reason this wasn’t cleaned from the affected Policy Rules.

Resolution


Though the Compliance Vulnerability ID 420 can’t be removed using the Prisma Cloud Console UI, this can be done manually using API calls:
  1. Retrieve current policy with GET `/api/v1/policies/compliance/ci/images` and save the JSON response : Curl for GET
  2. Remove the Compliance Vulnerability ID 420 from all the affected Rules.
  3. Save changes with PUT `/api/v1/policies/compliance/ci/images` using the edited JSON as a body : Curl for PUT

Additional Information


Example
  • In the following example, Postman (API platform) has been used to perform this task via API calls.
  • While accessing CI images compliance policy, open Developer Tools in Browser.

02.png
 
  • Go to the Request URL that contains /api/v1/policies/compliance/ci/images

03.png
 
  • Copy the Request URL value and save it in a notepad or text file.

04.png
 
  • Scroll down to the Request Headers, copy the Authorization value and save it in a notepad or text file.

05.png
 
  • Open Postman and access Import tab > Raw text

06.png
 
  • Give the curl command to submit HTTP GET request (syntax shared below).
curl -k -H 'Content-Type: application/json' -H 'Authorization: VALUE' -X GET 'URL'
Note: Replace the VALUE and URL field with the values copied earlier.

07.png
  • Sample for Authorization Field shared below.

08.png
 
  • Sample for URL Field shared below.

09.png
 
  • Import the Curl Command once entered.

010.png
 
  • As confirmed, 2 Additional Headers added in the GET Request.

011.png
 
  • Click on Send to Submit the GET Request. Once Status 200 OK response received, Copy the Response Body in JSON format.

012.png
 
  • Save this response in a notepad or text file.

014.png
 
  • Identify and remove id 420 from the rule.

015.png

016.png
 
  • Go back to Postman > replace GET with PUT > select Body > select raw > select type JSON > Paste the modified Policy > Click on Send.

017.png
 
  • Status 200 OK once received indicates that the resource has been updated successfully

018.png
 
  • Confirm this change on the Prisma Cloud Console.


019.png
 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqXgCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language