Prisma Cloud: EventBus Errors appearing under Audit Logs Status

Prisma Cloud: EventBus Errors appearing under Audit Logs Status

2991
Created On 09/26/24 11:52 AM - Last Modified 10/30/24 18:54 PM


Symptom


EventBus Errors appearing under Audit Logs Status although there might have been no changes to either Prisma Cloud or AWS environments. 

If you have configured your AWS account or organization to ingest audit logs through EventBridge, you might see a warning message stating: 

Rule <prisma-cloud-your-tenant-id-audit-logs-rule> does not exist on EventBus default in <region>


Settings > Cloud Providers > Edit Cloud Acct
Screenshot 2024-09-24 at 2.49.46 PM.png

Environment


  • Prisma Cloud
  • AWS
  • Audit logs

Cause


This warning is due to performance enhancements in the EventBridge rule configuration, which do not affect system functionality. 

Resolution


  1. To resolve the warning, download the CloudFormation Template (CFT) from Misconfigurations > Near Real-Time Visibility > Edit, and update your CFT stack in AWS.
  2. Updating the CFT will result in an increase in the number of EventBridge rules enabling Prisma Cloud to ingest only the relevant audit logs.

Additional Information


For additional information regarding Audit Logs please refer here .
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HEC7CAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language