diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml index 668df4a8645..9048302aa6d 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAccessKeysNotRotated.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Access keys are not rotated for 90 days description: | 'Detects access keys which were not rotated for 90 days.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -26,5 +27,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml index 0ac6f5a66b2..283083c3835 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowAllOut.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACL allow all outbound traffic description: | 'Detects network ACLs with outbound rule to allow all traffic.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -26,5 +27,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml index abeb289b3e6..017ee900491 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclAllowInToAdminPort.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACL allow ingress traffic to server admin description: | 'Detects Network ACLs allow ingress traffic to server administration ports.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -26,5 +27,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml index 23ab35c2899..37bfdc3b049 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAclInAllowAll.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Network ACLs Inbound rule to allow All Traffic description: | 'Detects Network ACLs with Inbound rule to allow All Traffic.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -26,5 +27,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml index 677ffc0bc71..3cf62b4777b 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudAnomalousApiKeyActivity.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Anomalous access key usage description: | 'Detects anomalous API key usage activity.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -29,5 +30,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml index d307363c744..851809932bf 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighRiskScoreAlert.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - High risk score alert description: | 'Detects alerts with high risk score value.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -28,5 +29,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml index 3138d87d4ee..fcff10aa916 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudHighSeverityAlertOpenedForXDays.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - High severity alert opened for several days description: | 'Detects high severity alert which is opened for several days.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -30,5 +31,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml index d7f9002a61c..a62418f1ead 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudIamAdminGroup.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - IAM Group with Administrator Access Permissions description: | 'Detects IAM Groups with Administrator Access Permissions.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -26,5 +27,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml index 310b5ebc02a..51d2f0fa3aa 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudInactiveUser.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Inactive user description: | 'Detects users inactive for 30 days.' severity: Low +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -25,5 +26,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml index 773ccb442c9..8fb2ee05da4 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMaxRiskScoreAlert.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Maximum risk score alert description: | 'Detects alerts with maximum risk score value.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -26,5 +27,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file diff --git a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml index 186340048e7..2e2cbe18505 100644 --- a/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml +++ b/Solutions/PaloAltoPrismaCloud/Analytic Rules/PaloAltoPrismaCloudMultipleFailedLoginsUser.yaml @@ -3,6 +3,7 @@ name: Palo Alto Prisma Cloud - Multiple failed logins for user description: | 'Detects multiple failed logins for the same user account.' severity: Medium +status: Available requiredDataConnectors: - connectorId: PaloAltoPrismaCloud dataTypes: @@ -29,5 +30,5 @@ entityMappings: fieldMappings: - identifier: Name columnName: AccountCustomEntity -version: 1.0.0 +version: 1.0.1 kind: Scheduled \ No newline at end of file