List Policies
Returns all available system default and custom policies. You can apply filters to narrow the returned policy list to either subset of policies or a specific one. For improved performance, response does not include open alert counts.
Parameters
Parameter | Description |
---|---|
Cloud Type | Specify this field to filter alerts only to those of a specific type. |
Policy Compliance Requirement Name | Specify this field to filter alerts only to those with a specific policy compliance requirement name. |
Policy Compliance Section ID | Specify this field to filter alerts only to those with a specific policy compliance section ID. |
Policy Compliance Standard Name | Specify this field to filter alerts only to those with a specific policy compliance standard name. |
Policy Is Enabled | Specify this field to filter alerts only to those which are enabled. |
Policy Is Remediable | Specify this field to filter alerts only to those of remediable/non-remediable policy. |
Policy Label | Specify this field to filter alerts only to those with a specific policy label. |
Policy Name | Specify this field to filter alerts only to those with a specific policy name. |
Policy Severity | Specify this field to filter alerts only to those with a specific policy severity. |
Policy Type | Specify this field to filter alerts only to those with a specific policy type. |
Example Output
[
{
"policyId": "4daa435b-fa46-457a-9359-6a4b4a43a442",
"name": "AWS Access logging not enabled on S3 buckets",
"policyType": "config",
"policySubTypes": [
"run",
"build"
],
"systemDefault": true,
"policyUpi": "PC-AWS-S3-30",
"description": "Checks for S3 buckets without access logging turned on. Access logging allows customers to view complete audit trail on sensitive workloads such as S3 buckets. It is recommended that Access logging is turned on for all S3 buckets to meet audit & compliance requirement",
"severity": "medium",
"rule": {
"name": "s3 bucket logging should be enabled",
"cloudType": "AWS",
"resourceType": "bucketLoggingConfig",
"resourceIdPath": "$.bucketName",
"criteria": "4daa435b-fa46-457a-9359-6a4b4a43a442",
"parameters": {
"withIac": "true",
"savedSearch": "true"
},
"type": "Config",
"children": [
{
"criteria": "{\"category\":\"Storage\",\"resourceTypes\":[\"aws_s3_bucket\"]}",
"type": "build",
"metadata": {
"checkovId": "CKV_AWS_18"
},
"recommendation": "Refer the documentation for more details,\nhttps://docs.bridgecrew.io/docs/s3_13-enable-logging"
}
]
},
"recommendation": "1. Login to the AWS Console and navigate to the 'S3' service.\n2. Click on the the S3 bucket that was reported.\n3. Click on the 'Properties' tab.\n4. Under the 'Server access logging' section, select 'Enable logging' option.",
"cloudType": "aws",
"complianceMetadata": [
{
"standardId": "762aa016-5981-4a3e-8f20-eed430c05dca",
"standardName": "PCI DSS v3.2.1",
"standardDescription": "Payment Card Industry Data Security Standard version 3.2.1",
"requirementId": "10",
"requirementName": "Track and monitor all access to network resources and cardholder data",
"sectionId": "10.1",
"sectionDescription": "Implement audit trails to link all access to system components to each individual user.",
"policyId": "4daa435b-fa46-457a-9359-6a4b4a43a442",
"complianceId": "c0932a34-5aff-4f2d-ae47-877eda7c1326",
"sectionLabel": "1",
"sectionViewOrder": 159,
"requirementViewOrder": 10,
"systemDefault": true,
"customAssigned": false
},
{
"standardId": "ab2d2b47-0e8e-466b-8988-289281f47255",
"standardName": "APRA (CPS 234) Information Security",
"standardDescription": "Australian Prudential Regulation Authority (APRA) Prudential Standard (CPS 234)",
"requirementId": "APRA notification",
"requirementName": "APRA notification",
"sectionId": "CPS234-36",
"sectionDescription": "An APRA-regulated entity must notify APRA as soon as possible and, in any case, no later than 10 business days, after it becomes aware of a material information security control weakness which the entity expects it will not be able to remediate in a timely manner.",
"policyId": "4daa435b-fa46-457a-9359-6a4b4a43a442",
"complianceId": "c15198fc-3d3b-497d-92ee-02afbd4946f6",
"sectionLabel": "CPS234-36",
"sectionViewOrder": 24,
"requirementViewOrder": 9,
"systemDefault": true,
"customAssigned": false
}
],
"labels": [
"PCI DSS v3.2"
],
"enabled": true,
"createdOn": 1492359274997,
"createdBy": "Prisma Cloud System Admin",
"lastModifiedOn": 1667009011129,
"lastModifiedBy": "Prisma Cloud System Admin",
"ruleLastModifiedOn": 1667009011129,
"deleted": false,
"owner": "Prisma Cloud",
"policyMode": "redlock_default",
"policyCategory": "risk",
"policyClass": "exposure",
"remediable": false
},
{
"policyId": "88db4b66-4dec-48c0-9013-c7871d61b1c8",
"name": "AWS Access key enabled on root account",
"policyType": "config",
"policySubTypes": [
"run"
],
"systemDefault": true,
"policyUpi": "PC-AWS-IAM-6",
"description": "This policy identifies root accounts for which access keys are enabled. Access keys are used to sign API requests to AWS. Root accounts have complete access to all your AWS services. If the access key for a root account is compromised, an unauthorized users will have complete access to your AWS account.",
"severity": "low",
"rule": {
"name": "Account Summary property AccountAccessKeysPresent should have value '0'",
"cloudType": "AWS",
"resourceType": "iamAccountSummary",
"criteria": "88db4b66-4dec-48c0-9013-c7871d61b1c8",
"parameters": {
"savedSearch": "true"
},
"type": "Config"
},
"recommendation": "1. Sign in to AWS Console as the root user.\n2. Click root account name and on the top right select 'Security Credentials' from the dropdown.\n3. For each key in 'Access Keys', click on \"X\" to delete the keys.",
"cloudType": "aws",
"complianceMetadata": [
{
"standardId": "d3d69560-5e87-40ca-83e2-a6b321484555",
"standardName": "CIS v1.2.0 (AWS)",
"standardDescription": "Center for Internet Security Standard version 1.2.0",
"requirementId": "1",
"requirementName": "Identity and Access Management",
"sectionId": "1.12",
"sectionDescription": "Ensure no root account access key exists ",
"policyId": "88db4b66-4dec-48c0-9013-c7871d61b1c8",
"complianceId": "85d2f5d2-b67b-43fc-a002-2dca2b28e06b",
"sectionLabel": "12",
"sectionViewOrder": 12,
"requirementViewOrder": 1,
"systemDefault": true,
"customAssigned": false
},
{
"standardId": "762aa016-5981-4a3e-8f20-eed430c05dca",
"standardName": "PCI DSS v3.2.1",
"standardDescription": "Payment Card Industry Data Security Standard version 3.2.1",
"requirementId": "8",
"requirementName": "Identify and authenticate access to system components",
"sectionId": "8.3",
"sectionDescription": "Secure all individual non-console administrative access and all remote access to the CDE using multi-factor authentication.",
"policyId": "88db4b66-4dec-48c0-9013-c7871d61b1c8",
"complianceId": "63acb197-ccaa-44db-a842-49b41c7ccbc1",
"sectionLabel": "3",
"sectionViewOrder": 123,
"requirementViewOrder": 8,
"systemDefault": true,
"customAssigned": false
}
],
"labels": [
"Prisma_Cloud"
],
"enabled": true,
"createdOn": 1478594207481,
"createdBy": "Prisma Cloud System Admin",
"lastModifiedOn": 1667009035879,
"lastModifiedBy": "Prisma Cloud System Admin",
"ruleLastModifiedOn": 1667009035879,
"deleted": false,
"owner": "Prisma Cloud",
"policyMode": "redlock_default",
"policyCategory": "risk",
"policyClass": "exposure",
"remediable": false
}
]
Workflow Library Example
List Policies with Prisma Cloud Cspm and Send Results Via Email
Preview this Workflow on desktop