Prisma Cloud Compute
Prisma Cloud Compute Edition provides protection for your hosts, containers, and serverless deployments, whether they are located in on-premises data centers or cloud environments. You can bring code, container, host, and security data from Prisma Cloud Compute into Brinqa to gain a more comprehensive view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Prisma Cloud Compute and how to obtain that information from Prisma Cloud. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Prisma Cloud Compute from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Prisma Cloud Compute with Brinqa:
-
Server URL: The Prisma Cloud Compute Server URL.
-
API key and Secret key: The access keys associated with the Prisma Cloud Compute account, which must have permissions to log in to the API server and return data.
If you use the on-premises version of Prisma Cloud Compute, you must use the username in the API key field and the password in the Secret key field. In either case, the credentials associated with the Prisma Cloud Compute account must have permissions to log in to the API server and return data.
Generate Prisma Cloud Compute access keys
For the cloud instance of the Prisma Cloud Compute connector to use the Prisma Cloud Compute API, you must provide the API credentials from Prisma Cloud Compute. To do so, follow these steps:
-
Log in to your organization's Prisma Cloud Compute server.
-
Navigate to Settings > Access Control > Access Keys.
-
Select Add > Access Key.
-
Enter a name for the key, enable key expiration, and set a expiry date and time.
-
Click Save to create the key.
Your new access keys display. You cannot view the secret key after this, so copy the key and save it to a secure location.
If you do not have the permissions to create access keys, contact your Prisma Cloud Compute administrator. For additional information, see Prisma Cloud Compute documentation.
Additional settings
The Prisma Cloud Compute connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 50. It is not recommended to go over 50.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Prisma Cloud Compute connector can retrieve the following types of data from the Prisma Cloud Compute API:
Table 1: Data retrieved from Prisma Cloud Compute
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Cloud Service | No | Not mapped |
| Code Repository | Yes | Code Repository |
| Container | Yes | Container |
| Container Image | Yes | Container Image |
| Host | Yes | Host |
| Serverless | No | Not mapped |
| Violation | Yes | Violation |
| Violation Definition | Yes | Violation Definition |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
For detailed steps on how to view the data retrieved from Prisma Cloud Compute in the Brinqa Platform, see How to view your data.
Operation options
The Prisma Cloud Compute connector supports the following operation options. See connector operation options for information about how to apply them.
Click the tabs below to view the supported operation options per connector object.
- Code Repository
- Container
- Container Image
- Host
- Violation & Vulnerability
Table 2: Code Repository operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Code Repository | collections | Any Prisma Cloud Compute code repository collection | Key: collections Value: FrontendTeam. This key and value combination only retrieves code repositories from Prisma Cloud Compute that pertains to the FrontendTeam collection. |
| compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from code repositories. | |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: web-app. This key and value combination only retrieves data for the web-app project from your code repositories. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for code repositories. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for code repositories. |
Table 3: Container operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Container | collections | Any Prisma Cloud Compute container collection | Key: collections Value: Production. This key and value combination only retrieves containers from Prisma Cloud Compute that are part of the Production collection. |
| compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from containers. | |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: api-service. This key and value combination only retrieves data for the api-service project from your containers. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for containers. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for containers. |
Table 4: Container Image operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Container Image | collections | Any Prisma Cloud Compute container image collection | Key: collections Value: Production. This key and value combination only retrieves container images from Prisma Cloud Compute that are associated with the Production collection. |
| compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from container images. | |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: api-service. This key and value combination only retrieves data for the api-service project from your container images. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for container images. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for container images. | |
| resources | Any specific container image resource string. | Key: resources Value: library/alpine:latest. This key and value combination retrieves data for the specified resource library/alpine:latest from container images. |
Table 5: Host operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Host | collections | Any Prisma Cloud Compute host collection | Key: collections Value: DMZServers. This key and value combination only retrieves hosts from Prisma Cloud Compute that are part of the DMZServers collection. |
| compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from hosts. | |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: database-cluster. This key and value combination only retrieves data for the database-cluster project from your hosts. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for hosts. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for hosts. |
Table 6: Violation, Violation Definition, Vulnerability, and Vulnerability Definition operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Violation, Violation Definition, Vulnerability, Vulnerability Definition | collections | Any Prisma Cloud Compute security data collection identifiers | Key: collections Value: Prod. This key and value combination only retrieves security data from the specified collection. |
| functionLayers | Any Prisma Cloud Compute function layer identifiers | Key: functionLayers Value: layer1. This key and value combination only retrieves security data from the specified function layers. | |
| hostname | Any Prisma Cloud Compute hostname | Key: hostname Value: hostname1. This key and value combination only retrieves security data associated with the specified hostname. | |
| name | Any Prisma Cloud Compute security data name identifiers | Key: name Value: name1,name2. This key and value combination only retrieves security data with the specified names. | |
| project | Any valid Prisma Cloud Compute project name or ID identifiers | Key: project Value: "web-app,data-service. This key and value combination only retrieves security data from the specified projects. | |
| provider | Any Prisma Cloud Compute cloud provider identifier | Key: provider Value: aws,azure. This key and value combination only retrieves security data from the specified providers. | |
| region | Any Prisma Cloud Compute region identifiers | Key: region Value: us-east-1,eu-west-1. This key and value combination only retrieves security data associated with the specified regions. | |
| registry | Any Prisma Cloud Compute registry identifiers | Key: registry Value: registry1,registry2. This key and value combination only retrieves security data from the specified registries. | |
| repository | Any Prisma Cloud Compute repository identifiers | Key: repository Value: repo1,repo2. This key and value combination only retrieves security data from the specified repositories. | |
| resources | Any Prisma Cloud Compute resource identifiers | Key: resources Value: resource1,resource2. This key and value combination only retrieves security data associated with the specified resources. | |
| runtime | Any Prisma Cloud Compute runtime identifiers | Key: runtime Value: nodejs12.x,python3.8. This key and value combination only retrieves security data associated with the specified runtimes. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for security data. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for security data. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Prisma Cloud Compute connector uses the Prisma Cloud Workload Protection REST API v1. Specifically, it uses the following endpoints:
Table 7: Prisma Cloud Compute API endpoints by the connector
| Connector Object | API Endpoints |
|---|---|
| Code Repository | POST https://api.prismacloud.io/api/v1/coderepos |
| Container | GET https://api.prismacloud.io/api/v1/containers |
| Container Image | GET https://api.prismacloud.io/api/v1/images |
GET https://api.prismacloud.io/api/v1/registry | |
| Host | GET https://api.prismacloud.io/api/v1/hosts |
| Violation | GET https://api.prismacloud.io/api/v1/containers |
GET https://api.prismacloud.io/api/v1/hosts | |
GET https://api.prismacloud.io/api/v1/images | |
GET https://api.prismacloud.ioapi/v1/registry | |
GET https://api.prismacloud.io/api/v1/serverless | |
| Violation Definition | GET https://api.prismacloud.io/api/v1/containers |
GET https://api.prismacloud.io/api/v1/hosts | |
GET https://api.prismacloud.io/api/v1/images | |
GET https://api.prismacloud.ioapi/v1/registry | |
GET https://api.prismacloud.io/api/v1/serverless | |
| Vulnerability | POST https://api.prismacloud.io/api/v1/settings/coderepos |
GET https://api.prismacloud.io/api/v1/hosts | |
GET https://api.prismacloud.io/api/v1/images | |
GET https://api.prismacloud.ioapi/v1/registry | |
GET https://api.prismacloud.io/api/v1/serverless | |
| Vulnerability Definition | POST https://api.prismacloud.io/api/v1/settings/coderepos |
GET https://api.prismacloud.io/api/v1/hosts | |
GET https://api.prismacloud.io/api/v1/images | |
GET https://api.prismacloud.ioapi/v1/registry | |
GET https://api.prismacloud.io/api/v1/serverless |
Changelog
The Prisma Cloud Compute connector has undergone the following changes:
3.0.9
- Fixed an issue where syncing vulnerabilities from Code Repository resulted in a 404 error.
3.0.6
- Standardized the STATUS_CATEGORY attribute across the Vulnerability and Violation objects.
3.0.5
- Updated the NAME attribute in the Container Image object to avoid duplicates.
3.0.4
- Refactored the code to reduce memory consumption.
3.0.0
- Initial Integration+ release.