Prisma Alerts

Overview

Prisma Cloud is the industry's most comprehensive cloud native security platform (CNSP), with the industry's broadest security and compliance coverage for users, applications, data, and the entire cloud native technology stack throughout the development lifecycle and across hybrid and multi-cloud environments.

The Prisma Alerts connector fetches the alerts generated by Prisma Cloud when it detects a violation in a policy that is included in an active alert rule.

Reference:
https://api.docs.prismacloud.io/reference#alerts

Pre-requisites

1. Connectivity with Prisma Cloud API using valid credentials.

2. Required credentials:

   • Username
   • Password
   • CustomerName

CustomerName is required only if you are a multi-tenant user and the body parameters of your login call include a username and password instead of an access key ID and secret key, then you will also need to provide the customerName. Otherwise it is not required.

Reference to create credentials: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html

Configurations

The following are the configurations to forward Prisma Alerts Connector logs to DNIF.‌

• Click Save after entering all the required details and click Test Connection, to test the configuration.
• A Connection successful message will be displayed on screen along with the time stamp.
• If the connection is not successful an error message will be displayed. Refer Troubleshooting Connector Validations for more details on the error message.