PaloAltoNetworks_PrismaCloudCompute
Use the Prisma Cloud Compute integration to fetch incidents from your Prisma Cloud Compute environment.
Network Security · Prisma Cloud Compute by Palo Alto Networks
Configuration parameters
isFetch— Fetch incidentsaddress— Prisma Cloud Compute Console URL and Port (required)project— Prisma Cloud Compute Project Name (if applicable)insecure— Trust any certificate (not secure)proxy— Use system proxy settingscredentials— Username (required)certificate— Prisma Cloud Compute CA CertificateincidentType— Incident typeintegration_reliability— Source Reliability
Commands (38)
-
cveGet information about the CVEs in the system. Will return a maximum of 50 records. It is possible to query for a partial CVE description such as cve-2020 or cve-2014 or by severity/distro/package.
-
prisma-cloud-compute-archive-audit-incidentAcknowledges an incident and moves it to an archived state.
-
prisma-cloud-compute-ci-scan-results-listRetrieves all scan reports for images scanned by the Jenkins plugin or twistcli. Maps to Monitor > Vulnerabilities > Images > CI in the Console UI. The default will retrieve only the passed scans.
-
prisma-cloud-compute-collections-listRetrieves a list of all collections.
-
prisma-cloud-compute-console-version-infoGet the console version.
-
prisma-cloud-compute-container-namespace-listGet the containers namespaces names.
-
prisma-cloud-compute-container-scan-results-listRetrieves container scan reports. Maps to Monitor > Compliance > Containers in the Console UI.
-
prisma-cloud-compute-custom-feeds-ip-addAdd a list of banned IP addresses to be blocked by the system.
-
prisma-cloud-compute-custom-feeds-ip-listGet all the blacklisted IP addresses in the system.
-
prisma-cloud-compute-custom-feeds-ip-removeRemove a list of IPs from the system's block list.
-
prisma-cloud-compute-custom-feeds-malware-addAdd custom MD5 malware hashes.
-
prisma-cloud-compute-custom-feeds-malware-listList all custom uploaded md5 malwares.
-
prisma-cloud-compute-custom-feeds-malware-removeRemove custom MD5 malware hashes.
-
prisma-cloud-compute-defenders-listRetrieve a list of defenders and their information.
-
prisma-cloud-compute-get-alert-profilesGet the available alert alert profiles from a specific project.
-
prisma-cloud-compute-get-audit-firewall-container-alertsGet the audits for the firewall container policies.
-
prisma-cloud-compute-get-backupsReturns the available backups.
-
prisma-cloud-compute-get-file-integrity-eventsGet runtime file integrity audit events.
-
prisma-cloud-compute-get-settings-defenderGet the Defender settings.
-
prisma-cloud-compute-get-waas-policiesGet the Waas Container Policies from Defend >> WAAS >> Containers.
-
prisma-cloud-compute-host-forensic-listGet forensics on a specific host.
-
prisma-cloud-compute-hosts-listReturns minimal information that includes hostname, distro, distro-release, collections, clusters, and agentless about all deployed hosts.
-
prisma-cloud-compute-hosts-scan-listGet hosts scan report. The report includes vulnerabilities, compliance issues, binaries, etc.
-
prisma-cloud-compute-images-scan-listGet images scan report. The report includes vulnerabilities, compliance issues, binaries, etc.
-
prisma-cloud-compute-logs-defenderDownload the Defender logs.
-
prisma-cloud-compute-logs-defender-downloadDownload a zip of all Defender logs.
-
prisma-cloud-compute-profile-container-forensic-listGet runtime forensics data for a specific container on a specific. host.
-
prisma-cloud-compute-profile-container-hosts-listGet the hosts where a specific container is running.
-
prisma-cloud-compute-profile-container-listGet information about the containers and their profile events. This command supports asterisks which allows you to get container profiles by filtering its fields according to a specific substring.
-
prisma-cloud-compute-profile-host-listGet information about the hosts and their profile events. This command supports asterisks which allows you to get host profiles by filtering its fields according to a specific substring.
-
prisma-cloud-compute-runtime-container-audit-events-listRetrieves all container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model.
-
prisma-cloud-compute-runtime-container-policy-listRetrieves the runtime policy for containers protected by Defender. A policy consists of ordered rules.
-
prisma-cloud-compute-runtime-host-audit-events-listRetrieves the runtime host audit events.
-
prisma-cloud-compute-trusted-images-listReturns the trusted registries, repositories, and images. Maps to the image table in Defend > Compliance > Trusted Images in the Console UI.
-
prisma-cloud-compute-trusted-images-updateUpdates a trusted image to the system. Specify trusted images using either the image name or layers properties. This is a potentially harmful command which overwrites the existing list, so use with caution. We recommend that is only be used in a playbook by a script that uses it.
-
prisma-cloud-compute-unstuck-fetch-streamUse this command to unstuck the fetch stream in case it's getting duplicated incidents.
-
prisma-cloud-compute-update-waas-policiesUpdate the Waas Policy for containers.
-
prisma-cloud-compute-vulnerabilities-impacted-resources-listGet the list of Prisma Cloud Compute vulnerabilities resources.