Prisma Cloud RQL query to list all the Hosts running on either Linux or Windows OS platforms across AWS Public Cloud

4546

Created On 07/31/22 10:06 AM - Last Modified 08/05/22 05:34 AM

AWS

Public Cloud

Prisma Cloud Enterprise Edition (SaaS)

Question

Prisma Cloud RQL query to list all the Hosts running on either Linux or Windows OS platforms across AWS Public Cloud

Environment

Prisma Cloud
AWS

Answer

To find Ec2 instances running on Windows OS Platform:

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = platform contains windows

Example

To find Ec2 instances running on Linux OS Platform:

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = platform does not exist

Example

Additional Information

If you wish to trim the above results to only 'running' Windows and Linux Ec2 Instances, run the following RQL queries

For Running Windows Ec2 Instances:

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = platform contains windows and state.name equals running

Example

For Running Linux Ec2 Instances:

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = platform does not exist and state.name equals running

Example

Note: For Windows Ec2 instances, to indicate the platform in the result, you can add an additional column by using 'addcolumn' in the RQL query.

Example

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = platform contains windows addcolumn platform

Prisma Cloud RQL query to list all the Hosts running on either Linux or Windows OS platforms across AWS Public Cloud

Question

Environment

Answer

Additional Information

Other users also viewed: