Prisma Cloud: "No matching finding id(s) were found for this query" or "Invalid entries detected in your query have been highlighted" error happen when running Saved Search of Attach Path Policies.
1804
Created On 03/06/24 07:44 AM - Last Modified 09/04/24 03:39 AM
Symptom
This article is regarding the error when running Saved Search of Attach Path Policies.
- Error Message: "No matching finding id(s) were found for this query"
- Error Message: "Invalid entries detected in your query have been highlighted"
The issue could be reproduced via the following steps:
- Investigate > Query Library > Search the target Attack Path policy.
- Then click "Open search" on the "Actions" column.
Or:
- Go to "Governance" and search the target Attack Path policy.
- Eidt the policy and move to "Create Query" tab.
- Click "Launch Search".
Environment
- Prisma Cloud
- Attack Path Policies
Cause
This could happen when the Attack Path policy's any of the finding name(policies) are in disabled status.
For example:
- Cloud breach risk due to publicly exposed admin ports on Azure Virtual Machine with risky storage account permissions
- Azure Virtual Machine that is internet reachable with unrestricted access (0.0.0.0/0) to Admin ports
- Azure VM instance with risky Storage account permissions
Resolution
Enable the included finding name(policies) via the following steps.
- Go to "Governance" and search the policy.
- Turn on the Status column toggle button.
Additional Information
Regarding how to confirmed the included finding name(policies) of the target Attack Path policy, please refer to the following steps.
- Go to "Investigate" > "Query Library" and search the attack path policy name.
- Hover the "Query" column, then it shows the finding and appends the "Disabled" keyword if the policy is disabled.
Reference: