Prisma Cloud Remediation - AWS EC2 Security Group Misconfiguration

This playbook remediates the Prisma Cloud AWS EC2 alerts generated by the following policies: - AWS Default Security Group Does Not Restrict All Traffic - AWS Security Group allows all traffic on SSH port (22).

Prisma Cloud by Palo Alto Networks · 13 tasks · 1 input · 0 outputs

Inputs

  • policyId — Provides the Prisma Cloud policy Id.

Commands used

aws-ec2-describe-security-groups aws-ec2-revoke-security-group-ingress-rule

Flowchart

no yes yes alltraffic-port22 defaultSG yes no yes Start Start Get security group details - aws-ec2-describe-security-groups Get security group details aws-ec2-describe-security-groups Revoke all security group ingress rules - aws-ec2-revoke-security-group-ingress-rule Revoke all security group... aws-ec2-revoke-security-group... Done Done Did we encounter an error? - isError Did we encounter an error? isError Is there a default security group? Is there a default securi... Execute remediation Execute remediation Manually update security group Manually update security ... Default SG Does Not Restrict All Traffic Default SG Does Not Restr... Is AWS - EC2 integration available? - IsIntegrationAvailable Is AWS - EC2 integration ... IsIntegrationAvailable All Traffic Allowed on SSH Port All Traffic Allowed on SS... Revoke the 22 ingress rule - aws-ec2-revoke-security-group-ingress-rule Revoke the 22 ingress rule aws-ec2-revoke-security-group... Did we encounter an error? - isError Did we encounter an error? isError