Prisma Cloud API Connectors - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-14
End_of_Life
EoL
Category
User Guide
Abstract

Cortex Xpanse supports an integration with Prisma Cloud.

Cortex Xpanse can ingest cloud context, like publicly exposed cloud services, through Prisma Cloud in Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, and Oracle Cloud Infrastructure.

The Cortex Xpanse API Connector for Prisma Cloud is a multi-purpose integration that enables you to accomplish the following:

  • Add context to cloud assets, services, and issues that are only available in your IaaS provider, such as instance ID and resource type.

  • Audit all publicly accessible IaaS resources and any services or issues on those resources.

  • Compare what you are already tracking in your known IaaS accounts with what Cortex Xpanse identifies independently.

  • Take down or move rogue assets from unsanctioned to sanctioned IaaS accounts.

  • Improve the visibility and effectiveness of security products that use APIs to build the asset list they monitor.

Cortex Xpanse Expander loads services and issues on everything ingested and marks the services and issues that are discovered by Cortex Xpanse and not present in Prisma Cloud as Unmanaged Cloud. Cortex Xpanse also provides a summary dashboard, called Unmanaged Cloud Overview, and the ability to filter on Cloud Management Status in Services and Issues.

To set up the integration between Cortex Xpanse and Prisma Cloud, perform the following tasks: