Prisma Cloud SQS poller to syslog

Prisma Cloud SQS poller to Syslog

Version: 1.2 Author: Eddie Beuerlein


This script will poll an AWS SQS queue for Prisma Cloud alerts and then format them and send them to a syslog listener (locally or remote). This can be used for QRadar as well.

Requirements and Dependencies

  1. Python 3.x or newer

  2. Requests (Python library)

sudo pip install requests

  1. YAML (Python library)

sudo pip install pyyaml


  1. Set environment variables for AWS Key/Secret per boto3 instructions
Boto3 will check these environment variables for credentials:

The access key for your AWS account.
The secret key for your AWS account.
The session key for your AWS account. This is only needed when you are using temporary credentials. The AWS_SECURITY_TOKEN environment variable can also be used, but is only supported for backwards compatibility purposes. AWS_SESSION_TOKEN is supported by multiple AWS SDKs besides python.
  1. Navigate to sqs_to_syslog/config/configs.yml

  2. Setup the sqs queue and aws region as well as syslog server(defaults to localhost) in the config/configs.yml

  3. Schedule to run the main script via cron or something similar: python poll_n_write.py


python poll_n_write.py

Developer Sites


Copyright © 2023 Palo Alto Networks, Inc. All rights reserved.