Overview


About

Prisma CSPM is a unique Cloud Security Posture Management (CSPM) solution that reduces the complexity of securing multi-cloud environments, while radically simplifying compliance. Prisma CSPM focuses on detecting and preventing the misconfigurations and threats that lead to data breaches and compliance violations that are growing ever more difficult as cloud architectures become increasingly complex.


Prerequisites and User Permissions

  1. Login to Prisma CSM as System Admin > go to Settings > Access Control and create a new READER Role with the following configurations:

    • Permission Group: Account Group Read Only

    • Account Group: select the account groups for scanning

      The rest of the fields are optional.

      Example:

  2. Create a user and assign them the Reader role you just created

  3. Login to the Prisma CSM with the Reader user and Generate the Access Key ID and Secret Key. Save the keys somewhere safe for later use.


Configure the Prisma Cloud CSPM connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Prisma Cloud CSPM icon.

  4. Set up the connector as follows:

    • Server URL: The URL of the API server

    • Access Key ID: The access key ID you retrieved earlier

    • Secret Access Key: The secret access key you retrieved earlier

  5. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  6. Click the Integration Tests (Optional) button to verify that Vulcan Cyber can connect to your Prisma CSPM instance.

  7. If the test passes successfully, click Create (or Save Changes).
    If the test doesn't pass, click on Show more to review the errors and troubleshoot, then try again.

  8. Allow some time for the sync to complete. You can review the sync status under Log.

  9. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Prisma CSPM icon shows Connected, the connection is complete.


From Prisma CSM to the Vulcan Platform - Fields Mapping

Connector Fields Mapping - Cloud Resources

Prisma CSPM field

Vulcan field

name

Asset name

id

Resource ID

cloudType

Cloud (provider)

Most asset-specific data

Asset details

Cloud Resources

Asset type

[{% for tag in data.tags %}\"{{ tag.key }}: {{ tag.value }}\", {% endfor %}]

Asset tags

policy.name

Vulnerability title

{% if policy.severity == 'low' %}3{% endif %}{% if policy.severity == 'medium' %}7{% endif %}{% if policy.severity == 'high' %}10{% endif %}

Vulnerability score

policy.description

Vulnerability description

Most vulnerability-specific data

Vulnerability details

{% if status == 'open' %}vulnerable{% endif %}{% if status == 'dismissed' %}riskAcknowledged{% endif %}{% if status == 'snoozed' %}vulnerable{% endif %}{% if status == 'resolved' %}fixed{% endif %}

Vulnerability status

Recommendation for {{ name }}

Fix title

recommendation 

Fix description

Vulnerability status mapping

Prisma CSPM status

Vulcan status

open , snoozed

Vulnerable

resolved

Fixed

dismissed

Ignored - false positive

-

Ignored - risk acknowledged

Vulnerability score mapping

Prisma CSPM score

Vulcan score

high

10

medium

7

-

5

low

3

-

0


Locating Prisma CSPM vulnerabilities in the Vulcan Platform

As Prisma CSPM discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  2. Locate PrismaCSPM on the vulnerability source/Connector list and click to filter results.

  3. Click on any vulnerability to view further information.


Locating Prisma CSPM assets

To locate all retrieved Cloud Resources assets from Prisma CSPM:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click on the Cloud Resources

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection > then select Prisma CPSM.

  4. The results will be filtered to show PrismaCSPM only.


Automating remediation actions on vulnerabilities detected by Prisma CSPM

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Prisma CSPM connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.

Did this answer your question?