Prisma Cloud Compute Connector Guide
Summary: How to set up and use the Prisma Cloud Compute connector in Ivanti Neurons RBVM/ASOC.
Overview
Prisma Cloud - Compute delivers cloud workload protection (CWPP) for modern enterprises, providing holistic protection across hosts, containers, and serverless deployments in any cloud, throughout the application lifecycle.
The Ivanti Neurons RBVM/ASOC platform provides an API-based connector that integrates with Prisma Cloud - Compute, enabling customers to bring in their findings. It allows customers to gain visibility into their overall risk due to vulnerabilities in their endpoint and a more straightforward, more efficient way to manage those vulnerabilities.
User Prerequisites/Prisma Cloud - Compute Setup
Ivanti Neurons requires a user account with the following access to communicate with and pull data from Prisma Cloud - Compute.
-
Read access to the assets and their associated issues.
-
API access.
-
The Ivanti Neurons integration supports the Self-Hosted/SaaS version of Prisma Cloud – Compute.
Prisma Cloud - Compute Connector API Calls
The following API calls are performed during a connector run to pull security vulnerabilities from Prisma Cloud Compute into Ivanti Neurons.
|
API Type |
Endpoint |
|---|---|
|
Authentication |
/api/v1/authenticate |
|
Get All Hosts |
/api/v1/hosts |
|
Get All Images |
/api/v1/images |
Configuring the Prisma Cloud - Compute Connector
Navigate to the Automate > Integrations page.
Using the search bar in the upper-right corner of the Integrations page, type Compute to find the connector.
Locate the Prisma Cloud - Compute card on the page and click Configuration. The connector is available for both Network and Application data.
Complete the required fields in the new window under Connection, as described below.
-
Name: The connector’s name.
-
URL: The URL to access Prisma Compute.
-
Follow these steps to retrieve the URL for the SAAS version: https://prisma.pan.dev/docs/cloud/cwpp/access-api-saas#accessing-the-api-using-basic-authentication
-
Follow these steps to retrieve the URL for the hosted version: https://prisma.pan.dev/docs/cloud/cwpp/access-api-self-hosted
-
-
Username: The username of the instance.
-
Password: The password of the instance.
-
SSL: Optional instance SSL certificate in base64 format.
Click the Test Credentials button to ensure the credentials are correct and have the necessary access to make Prisma Cloud - Compute API calls.
Under Schedule, configure the desired schedule for the connector to retrieve results from the Prisma Cloud - Compute instance.
Under Connector Specific options, Users can optionally turn on Enable auto URBA (Update Remediation by Assessment).
Suppose Enable auto URBA (Update Remediation by Assessment) is turned on. In that case, we have an optional sub configuration, where the user can configure URBA to close the findings associated with assets that are no longer available. This textbox allows only whole numbers and specifies the number of consecutive uploads Ivanti Neurons must wait until the asset is no longer available. If the assets are not coming in as part of the specified consecutive uploads, then Ivanti Neurons will close the associated findings of the asset.
On marking the Create Assets that do not have vulnerabilities options, Ivanti Neurons will create assets with zero findings. This option will be selected by default, and the user can opt to turn it off.
Users can specify the type of vulnerability information from Prisma Cloud - Compute into Ivanti Neurons. The default option is All Data.
If the user clicks on Select Data, they can choose the type of asset data that needs to be pulled into Ivanti Neurons.
-
Host Security: Under this, we can pull Vulnerabilities/Compliance findings.
-
Image Security: Under this, we can pull Vulnerabilities/Compliance findings.
Click the Save button to save the connector’s configuration and create the connector. Once saved, the connector is visible on the Integrations page under Currently Configured Integrations.
Clicking the History button displays the connector details for each pull. The Sync button allows users to perform on-demand sync. The Edit button allows the user to edit the connector configuration. The Delete button allows the user to delete the connector.
Once files process on the Uploads page, view the ingested data by navigating to the Hosts and Host Findings pages in case of Host Security. In the case of Image Security, the data will be available on the Applications and Application Findings pages.
Mapping Prisma Cloud - Compute Fields
This table showcases the high-level mapping of Prisma Cloud - Compute API fields in Ivanti Neurons.
|
Section |
Ivanti Neurons Field |
Prisma Cloud - Compute Field (Vulnerabilities) |
Prisma Cloud - Compute Field (Compliance) |
|---|---|---|---|
|
Applications |
Name |
instances -> image |
instances -> image |
|
Address |
id |
id |
|
|
Scanner Name |
Prisma Cloud Compute App |
Prisma Cloud Compute App |
|
|
Application Findings |
Scanner Plugin |
vulnerabilities -> cve |
complianceIssues -> id |
|
Scanner Reported Severity |
vulnerabilities -> severity |
complianceIssues -> severity |
|
|
Location |
vulnerabilities -> packageName + |
complianceIssues -> title |
|
|
Finding Type |
IMAGE |
PC |
|
|
Possible solution |
vulnerabilities ->status
vulnerabilities ->link |
complianceIssues -> status
complianceIssues -> link |
|
|
Hosts |
Host Name |
hostname |
hostname |
|
IP Address |
hostDevices -> ip |
hostDevices -> ip |
|
|
Scanner Name |
Prisma Cloud Compute Net |
Prisma Cloud Compute Net |
|
|
Host Findings |
Scanner plugin |
vulnerabilities -> cve |
complianceIssues -> id |
|
Scanner Reported Severity |
vulnerabilities -> severity |
complianceIssues -> severity |
|
|
WebApplication |
Asset name |
|
|
|
Title |
vulnerabilities -> cve vulnerabilities -> title |
complianceIssues -> cve complianceIssues -> title |
|
|
Possible solution |
vulnerabilities ->status vulnerabilities ->link |
complianceIssues -> status complianceIssues -> link |
Ivanti Neurons Tags
The following fields from Prisma Cloud - Compute APIs are converted into Ivanti Neurons tags. Use these tags for searching, automating playbooks, and visualizing in dashboards. This information is available on both the Hosts and Application pages.
-
tags
-
repoTag
-
collections
Common Fields in Ivanti Neurons
The following fields in Ivanti Neurons are defined for Prisma Cloud - Compute, along with their default values.
-
For Hosts/Host Findings, the Scanner Name is Prisma Cloud Compute Net.
-
For Applications/Application Findings, the Scanner Name is Prisma Cloud Compute App.