PaloAltoNetworks_PrismaCloudCompute

Use the Prisma Cloud Compute integration to fetch incidents from your Prisma Cloud Compute environment.

Network Security · Prisma Cloud Compute by Palo Alto Networks

Configuration parameters

  • isFetch — Fetch incidents
  • address — Prisma Cloud Compute Console URL and Port (required)
  • project — Prisma Cloud Compute Project Name (if applicable)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • credentials — Username (required)
  • certificate — Prisma Cloud Compute CA Certificate
  • incidentType — Incident type
  • integration_reliability — Source Reliability

Commands (38)

  • cve

    Get information about the CVEs in the system. Will return a maximum of 50 records. It is possible to query for a partial CVE description such as cve-2020 or cve-2014 or by severity/distro/package.

  • prisma-cloud-compute-archive-audit-incident

    Acknowledges an incident and moves it to an archived state.

  • prisma-cloud-compute-ci-scan-results-list

    Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli. Maps to Monitor > Vulnerabilities > Images > CI in the Console UI. The default will retrieve only the passed scans.

  • prisma-cloud-compute-collections-list

    Retrieves a list of all collections.

  • prisma-cloud-compute-console-version-info

    Get the console version.

  • prisma-cloud-compute-container-namespace-list

    Get the containers namespaces names.

  • prisma-cloud-compute-container-scan-results-list

    Retrieves container scan reports. Maps to Monitor > Compliance > Containers in the Console UI.

  • prisma-cloud-compute-custom-feeds-ip-add

    Add a list of banned IP addresses to be blocked by the system.

  • prisma-cloud-compute-custom-feeds-ip-list

    Get all the blacklisted IP addresses in the system.

  • prisma-cloud-compute-custom-feeds-ip-remove

    Remove a list of IPs from the system's block list.

  • prisma-cloud-compute-custom-feeds-malware-add

    Add custom MD5 malware hashes.

  • prisma-cloud-compute-custom-feeds-malware-list

    List all custom uploaded md5 malwares.

  • prisma-cloud-compute-custom-feeds-malware-remove

    Remove custom MD5 malware hashes.

  • prisma-cloud-compute-defenders-list

    Retrieve a list of defenders and their information.

  • prisma-cloud-compute-get-alert-profiles

    Get the available alert alert profiles from a specific project.

  • prisma-cloud-compute-get-audit-firewall-container-alerts

    Get the audits for the firewall container policies.

  • prisma-cloud-compute-get-backups

    Returns the available backups.

  • prisma-cloud-compute-get-file-integrity-events

    Get runtime file integrity audit events.

  • prisma-cloud-compute-get-settings-defender

    Get the Defender settings.

  • prisma-cloud-compute-get-waas-policies

    Get the Waas Container Policies from Defend >> WAAS >> Containers.

  • prisma-cloud-compute-host-forensic-list

    Get forensics on a specific host.

  • prisma-cloud-compute-hosts-list

    Returns minimal information that includes hostname, distro, distro-release, collections, clusters, and agentless about all deployed hosts.

  • prisma-cloud-compute-hosts-scan-list

    Get hosts scan report. The report includes vulnerabilities, compliance issues, binaries, etc.

  • prisma-cloud-compute-images-scan-list

    Get images scan report. The report includes vulnerabilities, compliance issues, binaries, etc.

  • prisma-cloud-compute-logs-defender

    Download the Defender logs.

  • prisma-cloud-compute-logs-defender-download

    Download a zip of all Defender logs.

  • prisma-cloud-compute-profile-container-forensic-list

    Get runtime forensics data for a specific container on a specific. host.

  • prisma-cloud-compute-profile-container-hosts-list

    Get the hosts where a specific container is running.

  • prisma-cloud-compute-profile-container-list

    Get information about the containers and their profile events. This command supports asterisks which allows you to get container profiles by filtering its fields according to a specific substring.

  • prisma-cloud-compute-profile-host-list

    Get information about the hosts and their profile events. This command supports asterisks which allows you to get host profiles by filtering its fields according to a specific substring.

  • prisma-cloud-compute-runtime-container-audit-events-list

    Retrieves all container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model.

  • prisma-cloud-compute-runtime-container-policy-list

    Retrieves the runtime policy for containers protected by Defender. A policy consists of ordered rules.

  • prisma-cloud-compute-runtime-host-audit-events-list

    Retrieves the runtime host audit events.

  • prisma-cloud-compute-trusted-images-list

    Returns the trusted registries, repositories, and images. Maps to the image table in Defend > Compliance > Trusted Images in the Console UI.

  • prisma-cloud-compute-trusted-images-update

    Updates a trusted image to the system. Specify trusted images using either the image name or layers properties. This is a potentially harmful command which overwrites the existing list, so use with caution. We recommend that is only be used in a playbook by a script that uses it.

  • prisma-cloud-compute-unstuck-fetch-stream

    Use this command to unstuck the fetch stream in case it's getting duplicated incidents.

  • prisma-cloud-compute-update-waas-policies

    Update the Waas Policy for containers.

  • prisma-cloud-compute-vulnerabilities-impacted-resources-list

    Get the list of Prisma Cloud Compute vulnerabilities resources.