Prisma Cloud Compute Connector Guide

Summary: How to set up and use the Prisma Cloud Compute connector in Ivanti Neurons RBVM/ASPM.

Overview

Prisma Cloud - Compute delivers cloud workload protection (CWPP) for modern enterprises, providing holistic protection across hosts, containers, and serverless deployments in any cloud, throughout the application lifecycle.

The Ivanti Neurons RBVM/ASPM platform provides an API-based connector that integrates with Prisma Cloud - Compute, enabling customers to bring in their findings. It allows customers to gain visibility into their overall risk due to vulnerabilities in their endpoint and a more straightforward, more efficient way to manage those vulnerabilities.

User Prerequisites/Prisma Cloud - Compute Setup

Ivanti Neurons requires a user account with the following access to communicate with and pull data from Prisma Cloud - Compute.

  • Read access to the assets and their associated issues.

  • API access.

  • The Ivanti Neurons integration supports the Self-Hosted/SaaS version of Prisma Cloud – Compute.

Prisma Cloud - Compute Connector API Calls

The following API calls are performed during a connector run to pull security vulnerabilities from Prisma Cloud Compute into Ivanti Neurons.

API Type

Endpoint

Authentication

/api/v1/authenticate

Get All Hosts

/api/v1/hosts

Get All Images

/api/v1/images

Configuring the Prisma Cloud - Compute Connector

Navigate to the Automate > Integrations page.

Using the search bar in the upper-right corner of the Integrations page, type Compute to find the connector.

Locate the Prisma Cloud - Compute card on the page and click Configuration. The connector is available for both Network and Application data.

Complete the required fields in the new window under Connection, as described below.

  • Username: The username of the instance.

  • Password: The password of the instance.

  • SSL: Optional instance SSL certificate in base64 format.

Click the Test Credentials button to ensure the credentials are correct and have the necessary access to make Prisma Cloud - Compute API calls.

Under Schedule, configure the desired schedule for the connector to retrieve results from the Prisma Cloud - Compute instance.

Under Connector Specific options, Users can optionally turn on Enable auto URBA (Update Remediation by Assessment).

Suppose Enable auto URBA (Update Remediation by Assessment) is turned on. In that case, we have an optional sub configuration, where the user can configure URBA to close the findings associated with assets that are no longer available. This textbox allows only whole numbers and specifies the number of consecutive uploads Ivanti Neurons must wait until the asset is no longer available. If the assets are not coming in as part of the specified consecutive uploads, then Ivanti Neurons will close the associated findings of the asset.

On marking the Create Assets that do not have vulnerabilities options, Ivanti Neurons will create assets with zero findings. This option will be selected by default, and the user can opt to turn it off.

Users can specify the type of vulnerability information from Prisma Cloud - Compute into Ivanti Neurons. The default option is All Data.

If the user clicks on Select Data, they can choose the type of asset data that needs to be pulled into Ivanti Neurons.

  • Host Security: Under this, we can pull Vulnerabilities/Compliance findings.

  • Image Security: Under this, we can pull Vulnerabilities/Compliance findings.

Click the Save button to save the connector’s configuration and create the connector. Once saved, the connector is visible on the Integrations page under Currently Configured Integrations.

Clicking the History button displays the connector details for each pull. The Sync button allows users to perform on-demand sync. The Edit button allows the user to edit the connector configuration. The Delete button allows the user to delete the connector.

Once files process on the Uploads page, view the ingested data by navigating to the Hosts and Host Findings pages in case of Host Security. In the case of Image Security, the data will be available on the Applications and Application Findings pages.

Mapping Prisma Cloud - Compute Fields

This table showcases the high-level mapping of Prisma Cloud - Compute API fields in Ivanti Neurons.

Section

Ivanti Neurons Field

Prisma Cloud - Compute Field

(Vulnerabilities)

Prisma Cloud - Compute Field

(Compliance)

Applications

Name

instances -> image

instances -> image

Address

id

id

Scanner Name

Prisma Cloud Compute App

Prisma Cloud Compute App

Application Findings

Scanner Plugin

vulnerabilities -> cve

complianceIssues -> id

Scanner Reported Severity

vulnerabilities -> severity

complianceIssues ->  severity

Location

vulnerabilities -> packageName +

vulnerabilities -> packageVersion 

complianceIssues -> title

Finding Type

IMAGE

PC

Possible solution

vulnerabilities ->status

 

vulnerabilities ->link

complianceIssues -> status

 

complianceIssues -> link

Hosts

Host Name

hostname

hostname

IP Address

hostDevices -> ip

hostDevices -> ip

Scanner Name

Prisma Cloud Compute Net

Prisma Cloud Compute Net

Host Findings

Scanner plugin

vulnerabilities -> cve

complianceIssues -> id

Scanner Reported Severity

vulnerabilities -> severity

complianceIssues ->  severity

WebApplication

Asset name

 

Title

vulnerabilities -> cve

vulnerabilities -> title

complianceIssues -> cve complianceIssues -> title

Possible solution

vulnerabilities ->status

vulnerabilities ->link

complianceIssues -> status

complianceIssues -> link

 

Ivanti Neurons Tags

The following fields from Prisma Cloud - Compute APIs are converted into Ivanti Neurons tags. Use these tags for searching, automating playbooks, and visualizing in dashboards. This information is available on both the Hosts and Application pages.

  • tags

  • repoTag

  • collections

Common Fields in Ivanti Neurons

The following fields in Ivanti Neurons are defined for Prisma Cloud - Compute, along with their default values.

  • For Hosts/Host Findings, the Scanner Name is Prisma Cloud Compute Net.

  • For Applications/Application Findings, the Scanner Name is Prisma Cloud Compute App.