PrismaCloud v2
Prisma Cloud secures infrastructure, workloads and applications, across the entire cloud-native technology stack.
Network Security · Prisma Cloud by Palo Alto Networks
Configuration parameters
url— Server URL (required)credentials— Username / Access Key ID (required)proxy— Use system proxy settingsinsecure— Trust any certificate (not secure)incidentType— Incident typemax_fetch— Maximum number of incidents to fetchfirst_fetch— First fetch time intervallook_back— Advanced: Time in minutes to look back when fetching incidentsfilters— Fetch only incidents matching these filtersisFetch— Fetch incidentsmirror_direction— Incident Mirroring Directionclose_incident— Close Mirrored XSOAR Incidentclose_alert— Close Mirrored Prisma Cloud Alertoutput_old_format— Output results of V1 commands to the context data in the old format
Commands (47)
-
get-modified-remote-dataGet the list of incidents that were modified since the last update time. This method is used for debugging purposes. The get-modified-remote-data command is used as part of the Mirroring feature that was introduced in Cortex XSOAR version 6.1.
-
get-remote-dataGet remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes only.
-
prisma-cloud-access-key-createAdds a new access key for the current user. If you have API access, you can create up to two access keys.
-
prisma-cloud-access-key-deleteDeletes the access key that has the specified ID.
-
prisma-cloud-access-key-disableDeactivates the access key that has the specified ID.
-
prisma-cloud-access-key-enableActivates the access key that has the specified ID. You cannot activate an expired access key.
-
prisma-cloud-access-keys-listReturns all access keys for your tenant if you have a Prisma Cloud System Admin role. Returns just your access keys if you don't have this role.
-
prisma-cloud-account-listList accounts.
-
prisma-cloud-account-owner-listGet the owners of the provided accounts.
-
prisma-cloud-account-status-getGet the statuses of the provided accounts.
-
prisma-cloud-alert-dismissDismiss or snooze the alerts matching the given filter. Either policy IDs or alert IDs must be provided. When no absolute time nor relative time arguments are provided, the default time range is all times. For snoozing, provide "snooze_unit" and "snooze_value" arguments.
-
prisma-cloud-alert-filter-listList the acceptable filters and values for alerts.
-
prisma-cloud-alert-get-detailsGets the details of an alert based on the alert ID.
-
prisma-cloud-alert-remediateRemediates the alert with the specified ID, if that alert is associated with a remediable policy. In order to check what remediation would run, use the "prisma-cloud-remediation-command-list" command first.
-
prisma-cloud-alert-reopenRe-open the alerts matching the given filter. Either policy IDs or alert IDs must be provided. When no absolute time nor relative time arguments are provided, the default time range is all times.
-
prisma-cloud-alert-searchSearch alerts on the Prisma Cloud platform. When no absolute time nor relative time arguments are provided, the search will show alerts from the last 7 days.
-
prisma-cloud-asset-alerts-getReturns detailed information for the asset alerts with the given ID.
-
prisma-cloud-asset-findings-getReturns detailed information for the asset findings with the given ID.
-
prisma-cloud-asset-generic-getReturns detailed information for the asset with the given ID.
-
prisma-cloud-asset-getReturns detailed information for the asset with the given ID.
-
prisma-cloud-asset-network-getReturns detailed information for the asset network with the given ID.
-
prisma-cloud-asset-relationships-getReturns detailed information for the asset relationships with the given ID.
-
prisma-cloud-asset-vulnerabilities-getReturns detailed information for the asset vulnerabilities with the given ID.
-
prisma-cloud-code-issues-listRetrieves the code errors detected by Application Security during periodic scans. At least one filtering argument is required, excluding `search_scopes`, `search_term`, and `limit`. For example, `fixable_only` or 'branch`.
-
prisma-cloud-config-searchSearch configuration inventory on the Prisma Cloud platform using RQL language. Use this command for all queries that start with "config". When no absolute time nor relative time arguments are provided, the default time range is all times.
-
prisma-cloud-error-file-listDeprecatedThis command is deprecated. Use prisma-cloud-code-issues-list instead.
-
prisma-cloud-event-searchSearch events inventory on the Prisma Cloud platform using RQL language. Use this command for all queries that start with "event". When no absolute time nor relative time arguments are provided, the default time range is all times. In order to reduce the returned data, set the "include_resource_json" argument to "false".
-
prisma-cloud-host-finding-listGet resource host finding list.
-
prisma-cloud-network-searchSearch networks inventory on the Prisma Cloud platform using RQL language. Use this command for all queries that start with "networks". When no absolute time nor relative time arguments are provided, the default time range is all times. In order to limit the results returning, use "limit search records to" at the end of the RQL query, followed by a value from one of these options: 1, 10, 100, 1000, and 10,000.
-
prisma-cloud-permission-listGet permission list. You must provide either "query" or "next_token".
-
prisma-cloud-remediation-command-listGenerates and returns a list of remediation commands for the specified alerts and policies. Data returned for a successful call include fully constructed commands for remediation. Either a policy ID or alert IDs must be provided. The returned information can be retrieved in the UI by clicking the "Remediate" button under the "Actions" column for supported alerts. When no absolute time nor relative time arguments are provided, the default time range is all times.
-
prisma-cloud-resource-getGet resource details.
-
prisma-cloud-resource-listReturns all the resource lists. Maps to the Resource Lists under Settings > Resource Lists in the Console UI.
-
prisma-cloud-trigger-scanTrigger asynchronous scan of all resources to refresh the current state at Prisma Cloud Code Security. In order to use this command, the "Code Security" module needs to be enabled and accessible in the Prisma Cloud UI.
-
prisma-cloud-user-roles-listRetrieves user roles. Maps to Settings > Access Control > Roles in the Console UI.
-
prisma-cloud-users-listLists all users and service accounts for your tenant. Maps to Settings > Access Control > Users in the Console UI.
-
redlock-dismiss-alertsDeprecatedDismiss the alerts matching the given filter. Must provide either policy IDs or alert IDs.
-
redlock-get-alert-detailsDeprecatedGets the details of an alert based on the alert ID.
-
redlock-get-remediation-detailsDeprecatedGets remediation details for the given alert.
-
redlock-get-rql-responseDeprecatedReturns the results of an RQL config query.
-
redlock-list-alert-filtersDeprecatedList the acceptable filters and values for alerts.
-
redlock-reopen-alertsDeprecatedRe-open the alerts matching the given filter. Must provide either policy IDs or alert IDs.
-
redlock-search-alertsDeprecatedSearch alerts on the Prisma Cloud platform. If no time-range arguments are given, the search will filter only alerts from the last 7 days.
-
redlock-search-configDeprecatedSearch the configuration inventory on the Prisma Cloud platform using RQL language.
-
redlock-search-eventDeprecatedSearch events on the Prisma Cloud platform using RQL language.
-
redlock-search-networkDeprecatedSearch networks on the Prisma Cloud platform using RQL language.
-
update-remote-systemUpdates the remote incident with local incident changes. This method is only used for debugging purposes and will not update the current incident.