Ingestion not seen for APIs 'gcloud-api-key' and 'gcloud-bigquery-dataset-list'

Ingestion not seen for APIs 'gcloud-api-key' and 'gcloud-bigquery-dataset-list'

4231
Created On 10/02/23 12:52 PM - Last Modified 10/02/23 12:54 PM


Symptom


When running RQL queries for the below policies:
GCP API key not rotating in every 90 days
GCP API key not restricting any specific API
GCP BigQuery dataset is publicly accessible

There's no result returning in the investigation tab, neither these policies are being triggered when an Alert Rule is created, even though one knows for sure there's at least one triggering resource.

Environment


Prisma Cloud Enterprise
GCP

Cause


Missing permissions for the Prisma Cloud Service Account upon creation or update.

Resolution


Below permissions need to be added to the Prisma Cloud Service Account:

service: apikeysv2
action: apikeys.projects.locations.keys.list
service: apikeysv2
action: apikeys.projects.locations.keys.get
service: cloudassetv1
action: cloudasset.searchAllResources

Below APIs needed to be enabled on the source project having the Prisma Cloud Service Account and Target Project(s):

API Keys API
Cloud Asset API

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XgjHCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language