updated analytic rules

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Access keys are not rotated for 90 days
 description: |
   'Detects access keys which were not rotated for 90 days.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACL allow all outbound traffic
 description: |
   'Detects network ACLs with outbound rule to allow all traffic.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server admin
 description: |
   'Detects Network ACLs allow ingress traffic to server administration ports.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic
 description: |
   'Detects Network ACLs with Inbound rule to allow All Traffic.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Anomalous access key usage
 description: |
   'Detects anomalous API key usage activity.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -29,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - High risk score alert
 description: |
   'Detects alerts with high risk score value.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -28,5 +29,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - High severity alert opened for several days
 description: |
   'Detects high severity alert which is opened for several days.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -30,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions
 description: |
   'Detects IAM Groups with Administrator Access Permissions.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Inactive user
 description: |
   'Detects users inactive for 30 days.'
 severity: Low
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -25,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Maximum risk score alert
 description: |
   'Detects alerts with maximum risk score value.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -26,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled

Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml

@@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Multiple failed logins for user
 description: |
   'Detects multiple failed logins for the same user account.'
 severity: Medium
+status: Available
 requiredDataConnectors:
   - connectorId: PaloAltoPrismaCloud
     dataTypes:
@@ -29,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled