Cloud security rules are a set of conditions that apply to a specific cloud, code, or host resource. They define security detection logic or XQL queries used to identify threats or misconfigurations. Cloud security rules are designed to examine specific attributes within asset configurations to determine if those configurations could lead to threats. The rules are checked against all matching assets in your environment and findings are generated if resources matching the rule criteria are found.
 |
Cortex Cloud includes out-of the box cloud security rules and allows you to create custom cloud security rules:
Rule type | Description |
|---|---|
Out-of-the-box (OOTB) | The out-of-the-box rules (or “Default” rules) are rule-based and heuristic-based (using AI and machine learning). The out-of-the-box cloud security rules are based on security research, CIS benchmarks, customer requests, and Palo Alto Network’s internal threat research. |
Custom | You can create custom cloud security rules and use them in rule-based cloud security policies. See LINK. |
Findings
Findings are pro-actively gathered from your cloud environment to provide security context and are often non-actionable on their own. For example: “Workload X is attached to a role that grants access to databases”.
For more information about findings, see Findings and events and Review findings.
Note
Findings are only generated for OOTB rules.