As more and more companies expand their cloud footprints, it gradually becomes harder to maintain visibility and compliance across their whole environments. Coupled with the fact that cloud service providers are constantly adding new services and updating existing ones, scaling one’s cloud security strategy becomes a massive challenge. This is originally why Prisma Cloud developed Resource Query Language (RQL).
What is RQL?
RQL is a proprietary language designed with the goal of allowing anyone—including those without any particular programming experience—to quickly and easily build custom policies that act as guardrails for your cloud environment. Behind every compliance standard is a set of policies, and behind every policy is an RQL query: it acts as the underlying engine that drives Prisma Cloud’s misconfiguration detection capabilities.
For those familiar with databases, RQL is similar to Structured Query Language, or SQL, a set of conditions that match on a particular combination of data within your cloud environment (the “data” here referring to your cloud resources’ configuration data). All configuration data ingested by Prisma Cloud is in JSON format, allowing for a simple and standardized way for RQL to match data on. By matching on the particular configurations you want to monitor, you can ensure that your resources will be continuously monitored by Prisma Cloud for security violations.
Introducing JSON Preview
Starting with our 21.6.2 release, Prisma Cloud users will be able to create custom policies and begin investigating incidents even more quickly using our fast and intuitive JSON Preview. While we already offer a robust, context-aware auto-suggestion mechanism to guide users through creating an RQL query today, it became challenging to remember which parts of a resource’s JSON were relevant, especially when there are so many APIs and services across multiple cloud service providers. This new feature makes the query building process dramatically easier by simply showing you a preview of the entire JSON schema as you craft your query.
To get started, login to Prisma Cloud and navigate to the Investigate page. Turn on the JSON Preview toggle and begin creating a Config RQL query. When you get to the JSON rule, you will see a preview depending on the API that you’ve chosen:
You can explore the JSON schema visually by scrolling through the preview. All attributes are sorted alphabetically. You can also minimize, maximize any sections by clicking on the chevron icons. Hover over any attribute of the preview to see what the corresponding JSON path will look like:
If you’re looking for a specific attribute, you can use the search bar in the JSON Preview to filter by matches only, including attributes that may be nested within other ones:
Once you’ve found the path that you want, click on the attribute to automatically append the correct path to your RQL query:
And just like that, you have built your first RQL query without ever having to look through an example resource configuration file.
The feature also works for chaining together multiple JSON paths:
Lastly, JSON Preview works for complex Join queries referencing multiple APIs, and the correct API will automatically be chosen for the preview:
The Future of RQL
The JSON Preview is the first of many steps in improving the query building experience. For example, support for more complex nested array rules, functions, and descriptions of what each attribute means in context are all planned enhancements for the RQL building experience. Our ultimate goal is to enable all users—no matter their technical backgrounds—to be able to create the necessary policy guardrails to maintain their security posture and investigate critical incidents happening in their cloud environments.
Want to try Prisma Cloud? Request a trial today to start securing your cloud environments.