Prisma Cloud - Network API and Anomaly Incidents
This playbook handles incidents of internet exposed services and detect potential risky configurations that can make your cloud environment vulnerable to attacks, and incidents of unusual network and user activity for all users, and are especially critical for privileged users and assumed roles where detecting unusual activity may indicate the first steps in a potential misuse or account compromise.
Prisma Cloud by Palo Alto Networks · 39 tasks · 20 inputs · 0 outputs
Inputs
CreateTicket— Whether to create a ticket in ZenDesk or ServiceNow. Insert True or FalseStopForRecommendations—EarlyContainment— Whether to perform early containment.CloudResponse— Whether to perform cloud response.serviceNowShortDescription— A short description of the ticket.serviceNowImpact— The impact for the new ticket. Leave empty for ServiceNow default impact.serviceNowUrgency— The urgency of the new ticket. Leave empty for ServiceNow default urgency.serviceNowSeverity— The severity of the new ticket. Leave empty for ServiceNow default severity.serviceNowTicketType— The ServiceNow ticket type. Options are "incident", "problem", "change_request", "sc_request", "sc_task", or "sc_req_item". Default is "incident".serviceNowCategory— The category of the ServiceNow ticket.serviceNowAssignmentGroup— The group to which to assign the new ticket.ZendeskPriority— The urgency with which the ticket should be addressed. Allowed values are "urgent", "high", "normal", or "low".ZendeskRequester— The user who requested this ticket.ZendeskStatus— The state of the ticket. Allowed values are "new", "open", "pending", "hold", "solved", or "closed".ZendeskSubject— The value of the subject field for this ticket.ZendeskTags— The array of tags applied to this ticket.ZendeskType— The type of this ticket. Allowed values are "problem", "incident", "question", or "task".ZendeskAssigne— The agent currently assigned to the ticket.ZendeskCollaborators— The users currently CC'ed on the ticket.ZenDeskDescription— The ticket description.
Commands used
core-list-risky-users
cve
ip
prisma-cloud-alert-get-details
prisma-cloud-host-finding-list
setAlert