Based on the following information, which RQL query will satisfy the requirement to identify VM hosts deployed to organization public cloud environments exposed to network traffic from the internet and affected by Text4Shell RCE (CVE-2022-42889) vulnerability?
• Network flow logs from all virtual private cloud (VPC) subnets are ingested to the Prisma Cloud Enterprise Edition tenant.
• All virtual machines (VMs) have Prisma Cloud Defender deployed.
The query 'network from vpc.flow_record where bytes > 0 AND dest.resource IN (resource where finding.type IN ('Host Vulnerability') AND finding.source IN ('Prisma Cloud') AND finding.name IN ('CVE-2022-42889')) AND source.publicnetwork IN ('Internet IPs', 'Suspicious IPs')' correctly identifies VM hosts exposed to internet traffic and affected by the specified vulnerability. It leverages the network flow logs and correlates them with the security findings from Prisma Cloud, specifically targeting the CVE-2022-42889 vulnerability. This query structure ensures it meets the requirement of identifying VMs in public cloud environments with the specified vulnerability exposed to internet traffic.
https://live.paloaltonetworks.com/t5/prisma-cloud-articles/understanding-the-attack-surface-using-prisma-cloud-saas/ta-p/508347