Prisma Cloud Compute
Prisma Cloud Compute Edition provides protection for your hosts, containers, and serverless deployments, whether they are located in on-premises data centers or cloud environments. You can bring code, container, host, and security data from Prisma Cloud Compute into Brinqa to gain a more comprehensive view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Prisma Cloud Compute and how to obtain that information from Prisma Cloud. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Prisma Cloud Compute from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Prisma Cloud Compute with Brinqa:
-
Server URL: The Prisma Cloud Compute Server URL.
-
API key and Secret key: The access keys associated with the Prisma Cloud Compute account, which must have permissions to log in to the API server and return data.
ImportantIf you use the on-premises version of Prisma Cloud Compute, you must use the username in the API key field and the password in the Secret key field. In either case, the credentials associated with the Prisma Cloud Compute account must have permissions to log in to the API server and return data.
Generate Prisma Cloud Compute access keys
For the cloud instance of the Prisma Cloud Compute connector to use the Prisma Cloud Compute API, you must provide the API credentials from Prisma Cloud Compute. To do so, follow these steps:
-
Log in to your organization's Prisma Cloud Compute server.
-
Navigate to Settings > Access Control > Access Keys.
-
Select Add > Access Key.
-
Enter a name for the key, enable key expiration, and set a expiry date and time.
-
Click Save to create the key.
Your new access keys display. You cannot view the secret key after this, so copy the key and save it to a secure location.
If you do not have the permissions to create access keys, contact your Prisma Cloud Compute administrator. For additional information, see Prisma Cloud Compute documentation.
Additional settings
The Prisma Cloud Compute connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 50. It is not recommended to go over 50.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Prisma Cloud Compute connector can retrieve the following types of data from the Prisma Cloud Compute API:
Table 1: Data retrieved from Prisma Cloud Compute
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Cloud Resource | No | Not mapped |
| Code Repository | Yes | Code Repository |
| Container | Yes | Container |
| Container Image | Yes | Container Image |
| Host | Yes | Host |
| Serverless | No | Not mapped |
| Violation | Yes | Violation |
| Violation Definition | Yes | Violation Definition |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
For detailed steps on how to view the data retrieved from Prisma Cloud Compute in the Brinqa Platform, see How to view your data.
Operation options
The Prisma Cloud Compute connector supports the following operation options. See connector operation options for information about how to apply them.
Click the tabs below to view the supported operation options per connector object.
- Code Repository
- Container
- Container Image
- Host
- Violation & Vulnerability
Table 2: Code Repository operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Code Repository | compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from code repositories. |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: web-app. This key and value combination only retrieves data for the web-app project from your code repositories. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for code repositories. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for code repositories. |
Table 3: Container operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Container | compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from containers. |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: api-service. This key and value combination only retrieves data for the api-service project from your containers. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for containers. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for containers. |
Table 4: Container Image operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Container Image | compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from container images. |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: api-service. This key and value combination only retrieves data for the api-service project from your container images. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for container images. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for container images. | |
| resources | Any specific container image resource string. | Key: resources Value: library/alpine:latest. This key and value combination retrieves data for the specified resource library/alpine:latest from container images. |
Table 5: Host operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Host | compact | true | Key: compact Value: true. This key and value combination only retrieves essential data from hosts. |
| project | Any valid Prisma Cloud Compute project name or ID | Key: project Value: database-cluster. This key and value combination only retrieves data for the database-cluster project from your hosts. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for hosts. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for hosts. |
Table 6: Violation, Violation Definition, Vulnerability, and Vulnerability Definition operation options
| Connector Object | Option | All Possible Values | Example |
|---|---|---|---|
| Violation, Violation Definition, Vulnerability, Vulnerability Definition | functionLayers | Any Prisma Cloud Compute function layer identifiers | Key: functionLayers Value: layer1. This key and value combination only retrieves security data from the specified function layers. |
| hostname | Any Prisma Cloud Compute hostname | Key: hostname Value: hostname1. This key and value combination only retrieves security data associated with the specified hostname. | |
| name | Any Prisma Cloud Compute security data name identifiers | Key: name Value: name1,name2. This key and value combination only retrieves security data with the specified names. | |
| project | Any valid Prisma Cloud Compute project name or ID identifiers | Key: project Value: "web-app,data-service. This key and value combination only retrieves security data from the specified projects. | |
| provider | Any Prisma Cloud Compute cloud provider identifier | Key: provider Value: aws,azure. This key and value combination only retrieves security data from the specified providers. | |
| region | Any Prisma Cloud Compute region identifiers | Key: region Value: us-east-1,eu-west-1. This key and value combination only retrieves security data associated with the specified regions. | |
| registry | Any Prisma Cloud Compute registry identifiers | Key: registry Value: registry1,registry2. This key and value combination only retrieves security data from the specified registries. | |
| repository | Any Prisma Cloud Compute repository identifiers | Key: repository Value: repo1,repo2. This key and value combination only retrieves security data from the specified repositories. | |
| resources | Any Prisma Cloud Compute resource identifiers | Key: resources Value: resource1,resource2. This key and value combination only retrieves security data associated with the specified resources. | |
| runtime | Any Prisma Cloud Compute runtime identifiers | Key: runtime Value: nodejs12.x,python3.8. This key and value combination only retrieves security data associated with the specified runtimes. | |
| useCollections | true | Key: useCollections Value: true. This key and value combination retrieves collection-specific details for security data. | |
| useProjects | true | Key: useProjects Value: true. This key and value combination retrieves project-specific details for security data. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Prisma Cloud Compute connector uses the Prisma Cloud Workload Protection REST API v1. Specifically, it uses the following endpoints:
Table 7: Prisma Cloud Compute API endpoints by the connector
| Connector Object | API Endpoints |
|---|---|
| Cloud Resource | GET /api/v1/cloud/discovery/entities |
| Code Repository | POST /api/v1/coderepos |
| Container | GET /api/v1/containers |
| Container Image | GET /api/v1/images |
GET /api/v1/registry | |
| Host | GET /api/v1/hosts |
| Violation | GET /api/v1/containers |
GET /api/v1/hosts | |
GET /api/v1/images | |
GET /api/v1/registry | |
GET /api/v1/serverless | |
| Violation Definition | GET /api/v1/containers |
GET /api/v1/hosts | |
GET /api/v1/images | |
GET /api/v1/registry | |
GET /api/v1/serverless | |
| Vulnerability | POST /api/v1/settings/coderepos |
GET /api/v1/hosts | |
GET /api/v1/images | |
GET /api/v1/registry | |
GET /api/v1/serverless | |
| Vulnerability Definition | POST /api/v1/settings/coderepos |
GET /api/v1/hosts | |
GET /api/v1/images | |
GET /api/v1/registry | |
GET /api/v1/serverless |
Changelog
The Prisma Cloud Compute connector has undergone the following changes:
3.1.2
- Added the NAMESPACES attribute to the Container Image object.
3.1.1
- Code clean up and general maintenance.
3.1.0
-
Fixed an issue where vulnerabilities existed in the Brinqa Platform that were not present in an API call, causing inaccurate counts.
-
Fixed an issue with the REGISTRY and REPOSITORY attributes on the Code Repository object.
-
Added the HOST_NAMES attribute to the Host object.
3.0.13
-
Set the status to "Active" for all violations and vulnerabilities retrieved by the connector. This change addresses the possibility that the status of vulnerabilities can be modified in Prisma Cloud Compute after the fix date.
-
Updated the discovery date on the Violation and Vulnerability objects to use LAST_FOUND instead of FIRST_FOUND.
3.0.12
- Added the RESOURCE_ID attribute to the Host object.
3.0.11
- The Cloud Service object has been renamed to Cloud Resource.
3.0.9
- Fixed an issue where syncing vulnerabilities from Code Repository resulted in a 404 error.
3.0.6
- Standardized the STATUS_CATEGORY attribute across the Vulnerability and Violation objects.
3.0.5
- Updated the NAME attribute in the Container Image object to avoid duplicates.
3.0.4
- Refactored the code to reduce memory consumption.
3.0.0
- Initial Integration+ release.