All Collections
Connectors
Cloud
Prisma CSPM Connector
Prisma CSPM Connector

Learn all about integrating Prisma CSPM into the Vulcan Platform

Updated over a week ago

Overview

About

Prisma CSPM is a unique Cloud Security Posture Management (CSPM) solution that reduces the complexity of securing multi-cloud environments, while radically simplifying compliance. Prisma CSPM focuses on detecting and preventing the misconfigurations and threats that lead to data breaches and compliance violations that are growing ever more difficult as cloud architectures become increasingly complex.

Why Integrating Prisma CSPM into the Vulcan platform?

The Prisma CSPM connector by Vulcan integrates with Prisma CSPM platform to enable you to ingest Cloud Resources type assets and vulnerabilities into your Vulcan Platform. Once the integration is complete, the Vulcan Platform correlates, consolidates, and contextualizes the ingested data to impact risk and remediation priority. Read more here.

Connector details

Category: Vulnerability Assessment

Ingested assets type: Cloud Resources
Ingested vulnerabilities: Vulnerabilities only ("Misconfigurations" aren't imported into the Vulcan Platform).


Prerequisites and User Permissions

  1. Login to Prisma CSM as System Admin > go to Settings > Access Control and create a new READER Role with the following configurations:

    • Permission Group: Account Group Read Only

    • Account Group: select the account groups for scanning

      The rest of the fields are optional.

      Example:

  2. Create a user and assign them the Reader role you just created

  3. Login to the Prisma CSM with the Reader user and Generate the Access Key ID and Secret Key. Save the keys somewhere safe for later use.


Configure the Prisma Cloud CSPM connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Prisma Cloud CSPM icon.

  4. Set up the connector as follows:

    • Server URL: The URL of the API server

    • Access Key ID: The access key ID you retrieved earlier

    • Secret Access Key: The secret access key you retrieved earlier

  5. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  6. Click the Integration Tests (Optional) button to verify that Vulcan Cyber can connect to your Prisma CSPM instance.

  7. If the test passes successfully, click Create (or Save Changes).
    If the test doesn't pass, click on Show more to review the errors and troubleshoot, then try again.

  8. Allow some time for the sync to complete. You can review the sync status under Log.

  9. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Prisma CSPM icon shows Connected, the connection is complete.


From Prisma CSM to the Vulcan Platform - Fields Mapping

Cloud Resources

Prisma CSPM field

Vulcan field

id

Uniqueness criteria

name

Asset name

id

Resource ID

resourceType

Resource Type

cloudType

Cloud )Provider)

rrn
accountId
accountName
RegionId
RegionName
Service
Deleted
vpcID
vpcName
riskGrade
hasNatwork
hasExternalFinding
hasExternalIntegration
allowDrillDown
hasExtFindingRiskFactors
Mac address "{{ data.networkInterfaces[0].macAddress }}
IP "{{ data.networkInterfaces[0].association.publicIp }}"

Asset details

Cloud Resources

Asset type

Tags

Asset tags - vendor's tags

accountName
accoundID

Asset tags - additional

CreationDate

First seen

inserTs

Last seen

By x days according to last seen

Archive Mechanism

policyId

Vulnerability instance uniqueness criteria

firstSeen

Vulnerability instance first seen

lastSeen

Vulnerability instance last seen

severity

Vulnerability score

by status

Vulnerability instance Fixed mechanism

policyId

Unique vulnerability uniqueness criteria

policy.name

Vulnerability title

policy.description

Vulnerability description

policy.severity
policyType
reason
policy.labels
MITRE Tactics

Vulnerability details

Recommendation for {{ policy.name }}

Fix title

Recommendation

Fix description

Alert ID

Asset-Vulnerability instance connection (info tooltip)

PrismaCSPM assets whose resource type is “instance” are mapped to Vulcan hosts.

fields mapping.

IP:

gcp - networkInterfaces.networkIP

aws - privateIpAddress

Mac address:

aws - macAddress

Vulnerability status mapping

Prisma CSPM status

Vulcan status

open , snoozed

Vulnerable

resolved

Fixed

dismissed

Ignored - false positive

-

Ignored - risk acknowledged

Vulnerability score mapping

Prisma CSPM score

Vulcan score

high

10

medium

7

-

5

low

3

-

0


Locating Prisma CSPM vulnerabilities in the Vulcan Platform

As Prisma CSPM discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. In the Vulcan Platform, navigate to Vulnerabilities > Unique Vulnerabilities.

  2. Click on the "Search or filter vulnerabilities" search box and select the Vulnerability Source option.

  3. Locate Prisma CSPM on the vulnerability source/Connector list and click to filter results.

  4. Click on a vulnerability on the results list for more information on the vulnerability.


Locating Prisma CSPM assets

To locate all retrieved Cloud Resources assets from Prisma CSPM:

  1. In the Vulcan Platform, navigate to Assets > Cloud Resources.

  2. Click on the "Search or filter hosts" input box and select the Connector option.

  3. Locate the Prisma CSPM option to view all synced assets


Automating remediation actions on vulnerabilities detected by Prisma CSPM

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Prisma CSPM connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.

Did this answer your question?