Overview
About
Prisma CSPM is a unique Cloud Security Posture Management (CSPM) solution that reduces the complexity of securing multi-cloud environments, while radically simplifying compliance. Prisma CSPM focuses on detecting and preventing the misconfigurations and threats that lead to data breaches and compliance violations that are growing ever more difficult as cloud architectures become increasingly complex.
Why Integrating Prisma CSPM into the Vulcan platform?
The Prisma CSPM connector by Vulcan integrates with Prisma CSPM platform to enable you to ingest Cloud Resources type assets and vulnerabilities into your Vulcan Platform. Once the integration is complete, the Vulcan Platform correlates, consolidates, and contextualizes the ingested data to impact risk and remediation priority. Read more here.
Connector details
Category: Vulnerability Assessment
Ingested assets type: Cloud Resources
Ingested vulnerabilities: Vulnerabilities only ("Misconfigurations" aren't imported into the Vulcan Platform).
Prerequisites and User Permissions
Login to Prisma CSM as System Admin > go to Settings > Access Control and create a new READER Role with the following configurations:
Permission Group: Account Group Read Only
Account Group: select the account groups for scanning
The rest of the fields are optional.
Example:
Create a user and assign them the Reader role you just created
Login to the Prisma CSM with the Reader user and Generate the Access Key ID and Secret Key. Save the keys somewhere safe for later use.
Configure the Prisma Cloud CSPM connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Prisma Cloud CSPM icon.
Set up the connector as follows:
Server URL: The URL of the API server
Access Key ID: The access key ID you retrieved earlier
Secret Access Key: The secret access key you retrieved earlier
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Click the Integration Tests (Optional) button to verify that Vulcan Cyber can connect to your Prisma CSPM instance.
If the test passes successfully, click Create (or Save Changes).
If the test doesn't pass, click on Show more to review the errors and troubleshoot, then try again.Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Prisma CSPM icon shows Connected, the connection is complete.
From Prisma CSM to the Vulcan Platform - Fields Mapping
Cloud Resources
Prisma CSPM field | Vulcan field |
id | Uniqueness criteria |
name | Asset name |
id | Resource ID |
resourceType | Resource Type |
cloudType | Cloud )Provider) |
rrn | Asset details |
Cloud Resources | Asset type |
Tags | Asset tags - vendor's tags |
accountName | Asset tags - additional |
CreationDate | First seen |
inserTs | Last seen |
By x days according to last seen | Archive Mechanism |
policyId | Vulnerability instance uniqueness criteria |
firstSeen | Vulnerability instance first seen |
lastSeen | Vulnerability instance last seen |
severity | Vulnerability score |
by status | Vulnerability instance Fixed mechanism |
policyId | Unique vulnerability uniqueness criteria |
policy.name | Vulnerability title |
policy.description | Vulnerability description |
policy.severity | Vulnerability details |
Recommendation for {{ policy.name }} | Fix title |
Recommendation | Fix description |
Alert ID | Asset-Vulnerability instance connection (info tooltip) |
PrismaCSPM assets whose resource type is “instance” are mapped to Vulcan hosts.
fields mapping.
IP:
gcp - networkInterfaces.networkIP
aws - privateIpAddress
Mac address:
aws - macAddress
Vulnerability status mapping
Prisma CSPM status | Vulcan status |
| Vulnerable |
| Fixed |
| Ignored - false positive |
- | Ignored - risk acknowledged |
Vulnerability score mapping
Prisma CSPM score | Vulcan score |
high | 10 |
medium | 7 |
- | 5 |
low | 3 |
- | 0 |
Locating Prisma CSPM vulnerabilities in the Vulcan Platform
As Prisma CSPM discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
In the Vulcan Platform, navigate to Vulnerabilities > Unique Vulnerabilities.
Click on the "Search or filter vulnerabilities" search box and select the Vulnerability Source option.
Locate Prisma CSPM on the vulnerability source/Connector list and click to filter results.
Click on a vulnerability on the results list for more information on the vulnerability.
Locating Prisma CSPM assets
To locate all retrieved Cloud Resources assets from Prisma CSPM:
In the Vulcan Platform, navigate to Assets > Cloud Resources.
Click on the "Search or filter hosts" input box and select the Connector option.
Locate the Prisma CSPM option to view all synced assets
Automating remediation actions on vulnerabilities detected by Prisma CSPM
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Prisma CSPM connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.