Prisma CSPM is a unique Cloud Security Posture Management (CSPM) solution that reduces the complexity of securing multi-cloud environments, while radically simplifying compliance. Prisma CSPM focuses on detecting and preventing the misconfigurations and threats that lead to data breaches and compliance violations that are growing ever more difficult as cloud architectures become increasingly complex.
Prerequisites and User Permissions
Login to Prisma CSM as System Admin > go to Settings > Access Control and create a new READER Role with the following configurations:
Permission Group: Account Group Read Only
Account Group: select the account groups for scanning
The rest of the fields are optional.
Create a user and assign them the Reader role you just created
Login to the Prisma CSM with the Reader user and Generate the Access Key ID and Secret Key. Save the keys somewhere safe for later use.
Configure the Prisma Cloud CSPM connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Prisma Cloud CSPM icon.
Set up the connector as follows:
Server URL: The URL of the API server
Access Key ID: The access key ID you retrieved earlier
Secret Access Key: The secret access key you retrieved earlier
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Click the Integration Tests (Optional) button to verify that Vulcan Cyber can connect to your Prisma CSPM instance.
If the test passes successfully, click Create (or Save Changes).
If the test doesn't pass, click on Show more to review the errors and troubleshoot, then try again.
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Prisma CSPM icon shows Connected, the connection is complete.
From Prisma CSM to the Vulcan Platform - Fields Mapping
Connector Fields Mapping - Cloud Resources
Prisma CSPM field
Most asset-specific data
Most vulnerability-specific data
Vulnerability status mapping
Prisma CSPM status
Ignored - false positive
Ignored - risk acknowledged
Vulnerability score mapping
Prisma CSPM score
Locating Prisma CSPM vulnerabilities in the Vulcan Platform
As Prisma CSPM discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate PrismaCSPM on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locating Prisma CSPM assets
To locate all retrieved Cloud Resources assets from Prisma CSPM:
Open the Vulcan Cyber dashboard and navigate to Assets.
Click on the Cloud Resources
Click on the Search or filter websites input box and select Connector from the drop-down selection > then select Prisma CPSM.
The results will be filtered to show PrismaCSPM only.
Automating remediation actions on vulnerabilities detected by Prisma CSPM
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Prisma CSPM connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.