In this article you will find:

  1. Pre-requisite

  2. How to configure Prisma Cloud Compute connector in Vulcan platform

  3. How to pull assets and vulnerabilities from Prisma Cloud Compute into Vulcan platform

  4. How to automate remediation actions with Prisma Cloud Compute

  5. Used API Calls

1. Pre-requisite

Supported products: Compute Edition (self hosted) and Enterprise Edition.

Supported version: V.20.04

User and permissions: Valid user with vulnerabilityManager role

Prisma Cloud SaaS can use access token and secret key, see how to configure.

2. Configure Prisma Cloud Compute Connector

In the Connectors page, click on Add a Connector.

Click on the Prisma Cloud Compute connector

Fill all relevant fields:

Server URL - URL of your Prisma Cloud Compute account.

You can get the relevant address under Manage --> System --> Downloads. For example:

Username - Valid user with relevant permissions (as mentioned under Pre-requisite section)

Password - Password of the user

3. How to pull assets and vulnerabilities from Prisma Cloud Compute into Vulcan platform

Vulcan's provides the option to remediate vulnerabilities from 2 different angles:

  • Assets

  • Vulnerabilities

Assets

There are 2 types of assets types pulled from Prisma Cloud Compute:

  1. Hosts - These are the same hosts you have in your Prima Cloud interface under Monitor --> Vulnerabilities --> Hosts --> Running Hosts

  2. Images - These are the same hosts you have in your Prima Cloud interface under Monitor --> Vulnerabilities --> Images

Hosts

This data from Prisma Cloud Compute will be displayed under Hosts - This tab gathers all data came from Vulnerability Scanners, Cloud Providers, CMDBs and more. To filter only Prisma Cloud Compute data, simply use the Search Bar.

This view is similar in its data to Monitor --> Vulnerabilities --> Hosts --> Running Hosts

The Name column will indicate the running hosts you have in Prisma Cloud Compute.

The OS column will indicate the hosts's OS as reported from Prisma Cloud Compute.

The IP column will indicate the hosts's IP as reported from Prisma Cloud Compute.

The Sources column will indicate the connectors which reported the host. For example: Prisma Cloud Compute and AWS both reported the same host.

The Last Seen column will indicate the last scanned time in Prisma Cloud Compute.

The Vulnerabilities column will indicate the number of vulnerabilities that exist on an host.

The Top Risk column will indicate the highest risk-value from all risks that exist on an host.

The Tags column will indicate all the tags that related to host. Note that by default, there are no tags associated from Prisma Cloud Compute to Vulcan

Clicking on each host will open its Asset Card where you can see all the vulnerabilities, packages and relevant details.

Images

This data from Prisma Cloud Compute will be displayed under Images. To filter only Prisma Cloud Compute data, simply use the Search Bar.

This view is similar in its data to Monitor --> Vulnerabilities --> Hosts --> Deployed Images and Monitor --> Vulnerabilities --> Hosts --> Registries

The Name column will indicate the Image name as you have in Prisma Cloud Compute.

The Type column will indicate if the image is reported from Deployed Images or Registries from Prisma Cloud Compute.

The Repository column will indicate the image's repository as reported from Prisma Cloud Compute.

The Sources column will indicate the connectors which reported the image. For example: Prisma Cloud Compute and AWS ECR both reported the same image.

The Last Seen column will indicate the last scanned time in Prisma Cloud Compute.

The Vulnerabilities column will indicate the number of vulnerabilities that exist on an host.

The Top Risk column will indicate the highest risk-value from all risks that exist on an host.

The Tags column will indicate all the tags that related to host. Note that by default, there are no tags associated from Prisma Cloud Compute to Vulcan

Clicking on each image will open its Asset Card where you can see all the vulnerabilities, components and relevant details.

Vulnerabilities

You can view all vulnerabilities data from Prisma Cloud Compute in Vulnerabilities. In order to filter only Prisma Cloud Compute data, simply use the Search Bar.

You can start the remediation process by clicking on a vulnerability and view all details fetched from your Prisma Cloud Compute account.

5. Used API Calls

The following API calls are being used by the connector. For each API call attached the requested role in Prisma Cloud Compute to perform it:

  • POST /authenticate - Anyone

  • GET /registry - vulnerabilityManager

  • GET /images - vulnerabilityManager

  • GET /hosts - vulnerabilityManager

Did this answer your question?