Palo Alto Prisma Cloud

Palo Alto Prisma Cloud cloud security platform safeguards data and applications across various cloud environments. It offers threat detection, vulnerability management in a unified solution. More information can be found at Prisma Cloud website.

Integration Method: API

Tables: Compliance Finding Class (2003)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have access to the Prisma Cloud for creating Secret Access key and Key Id.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate the Secret Access key and Key Id on the Prisma Cloud.

2. Add the Prisma Cloud data feed integration in the DataBee console with the required Secret Access key and Key Id.

   DataBee Parameter	Prisma Cloud Parameter
   Secret Key	Secret Access Key
   Key Id	Access Key Id

Prisma Cloud Configuration

Start by creating an API Token for the integration.

1. Login to Prisma Cloud account with your account credentials. In the web link you can find the tenant’s instance.
   

2. In Palo Alto Prisma Cloud Platform, navigate to Settings > Access Control.
    

   3. Select Access Keys and then click on Add Button on the upper right corner.

   

   4. Add the Name of that access key and click on Save.

   
   

   5. Copy the Access Key ID and Secret Access Key. You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.

   
   

   Note:

   You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

   

2. Search for the Palo Alto Prisma Cloud and click it as shown below.
    

3. Click on the API Ingest option for collection method.
    

4. Enter feed contact information and click Next.
    

5. In the configuration page, confirm the following:

• API Base URL: this is the base URL that DataBee will interact with. Replace the placeholder <instance> with instance information.

• Authorization Method: Token URL Auth

• Token URL: replace the placeholder <instance> with instance information.

• Secret Key: paste the  Secret Access Key value generated earlier.

• Key Id: paste the Access Key Id value generated earlier.

• Event types: preselected for all the event types that integration pulls.
   

  6. Click Submit.

Troubleshooting Tips

• Ensure the Secret Key and Key Id are pasted correctly. Since you cannot view the keys after the 1^st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• Ensure the placeholder <instance> is replaced with instance information in API Base URL and Token URL.