Document:Prisma Cloud Compute Edition Administrator’s Guide

Prometheus

Filter

Welcome
- Releases
- Getting started
- Product architecture
- Support lifecycle
- Security Assurance Policy on Prisma Cloud Compute
- Licensing
- Prisma Cloud Enterprise Edition vs Compute Edition
- Utilities and plugins
Install
- Getting started
- System requirements
- Prisma Cloud container images
- Onebox
- Kubernetes
- OpenShift
- OpenShift
- Console on Fargate
- Docker Swarm
- Amazon ECS
- Windows
- Defender types
- Install Defender
Upgrade
- Support lifecycle for connected components
- Prisma Cloud’s backward compatibility and upgrade process
- Upgrade Onebox
- Kubernetes
- OpenShift
- Helm charts
- Docker Swarm
- Amazon ECS
- Manually upgrade single Container Defenders
- Manually upgrade Defender DaemonSets
- Manually upgrade Defender DaemonSets (Helm)
- Manually upgrade Docker Swarm Defenders
Technology overviews
- Intelligence Stream
- Prisma Cloud Advanced Threat Protection
- App-specific network intelligence
- Container Runtimes
- Radar
- Serverless Radar
- Prisma Cloud Rules Guide - Docker
- Defender architecture
- Host Defender architecture
- Telemetry
Configure
- Rule ordering and pattern matching
- Backup and restore
- Custom feeds
- Configuring Prisma Cloud proxy settings
- Custom certs for Console access
- Configure scanning
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Defender and Console (with DaemonSets)
- Authenticate to Console with certificates
- Configure custom certs from a predefined directory
- Customize terminal output
- Collections
- Tags
- Logon settings
- Reconfigure Prisma Cloud
- Subject Alternative Names
- WildFire settings
Authentication
- Logging into Prisma Cloud
- Integrate with Active Directory
- Integrate with OpenLDAP
- Integrate Prisma Cloud with Open ID Connect
- Integrate with Okta via SAML 2.0 federation
- Integrate Google G Suite via SAML 2.0 federation
- Integrate with Azure Active Directory via SAML 2.0 federation
- Integrate with PingFederate via SAML 2.0 federation
- Integrate with Windows Server 2016 & 2012r2 Active Directory Federation Services (ADFS) via SAML 2.0 federation
- Integrate Prisma Cloud with GitHub
- Integrate Prisma Cloud with OpenShift
- Non-default UPN suffixes
- Compute user roles
- Assign roles
- Use custom certificates for authorization
- Credentials store
Vulnerability management
- Prisma Cloud vulnerability feed
- Vulnerability Explorer
- Vulnerability management rules
- Search CVEs
- Scan reports
- Scanning procedure
- Customize image scanning
- Configure registry scans
- Registry scanning
  - Scan images in Alibaba Cloud Container Registry
  - Amazon EC2 Container Registry (ECR)
  - Azure Container Registry (ACR)
  - Docker Registry v2
  - Google Container Registry (GCR)
  - Harbor
  - IBM Cloud Container Registry
  - Scan images on Artifactory Docker Registry
  - OpenShift integrated Docker registry
  - Trigger registry scans with webhooks
- Base images
- Configure VM image scanning
- Configure code repository scanning
- Malware scanning
- Vulnerability risk tree
- Detect vulnerabilities in unpackaged software
- CVSS scoring
- Windows container image scanning
- Serverless function scanning
- VMware Tanzu blobstore scanning
- Scan Fargate tasks
- Troubleshoot vulnerability detection
Compliance
- Compliance Explorer
- Enforce compliance checks
- CIS Benchmarks
- Prisma Cloud Labs compliance checks
- Serverless functions compliance checks
- Windows compliance checks
- Docker Enterprise DISA STIG
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- Fargate scanning
- Detect secrets
- Cloud discovery
- OSS license management
Runtime defense
- Runtime defense for containers
- Runtime defense for hosts
- Runtime defense for App-Embedded
- Custom runtime rules
- Import and export individual rules
- ATT&CK Explorer
- Runtime Audits
- Event Aggregation
- Image analysis sandbox
- Incident Explorer
- Incident types
Access control
- Role-based access control for Docker Engine
- Admission control with Open Policy Agent
Continuous integration
- Jenkins plugin
- Jenkins Freestyle project
- Jenkins Maven project
- Jenkins Pipeline project
- Run Jenkins in a container
- Jenkins pipeline on Kubernetes
- CI plugin policy
- Code repo scanning
WAAS
- Web-Application and API Security (WAAS)
- Deploying WAAS
- Firewall Settings
- API Protection
- DoS protection
- Bot Protection
- WAAS Access Controls
- Advanced Settings
- WAAS Analytics
- API observations
- WAAS custom rules
- Detecting unprotected web apps
- WAAS Log Scrubbing
- WAAS Troubleshooting
Firewalls
- Cloud Native Network Firewall (CNNF)
Secrets
- Secrets manager
- Integrate with secrets stores
- Secrets Stores
- Inject secrets into containers
- Injecting secrets: end-to-end example
Alerts
- Alert mechanism
- AWS Security Hub
- Cortex XSOAR alerts
- Email alerts
- Google Cloud Pub/Sub
- Google Cloud Security Command Center
- IBM Cloud Security Advisor
- JIRA Alerts
- PagerDuty alerts
- ServiceNow alerts
- ServiceNow alerts
- Slack Alerts
- Webhook alerts
Audit
- Event viewer
- Host activity
- Administrative activity audit trail
- Annotate audit event records
- Delete audit logs
- Syslog and stdout integration
- Log rotation
- Throttling audits
- Prometheus
- Kubernetes auditing
Tools
- twistcli
- Scan images with twistcli
- Scan code repos with twistcli
- Install Console with twistcli
- Update the Intelligence Stream in offline environments
Deployment patterns
- Projects
- Migration options for scale projects
- Best practices for DNS and certificate management
- Disk capacity
- Migrating to a SaaS Console
- Performance planning
- Automated deployment
- High Availability and Disaster Recovery guidelines
API
Howto
- Configure an AWS Classic Load Balancer for ECS
- Configure the load balancer type for AWS EKS
- Configure Prisma Cloud Console’s listening ports
- Provision tenant projects in OpenShift
- Disable automatic learning
- Debug data

Prometheus

Prometheus is a monitoring platform that collects metrics from targets by scraping their published endpoints. Prisma Cloud can be configured to be a Prometheus target.

You can use Prometheus to monitor time series data across your environment and show high-level, dashboard-like, stats to visualize trends and changes. Prisma Cloud’s instrumentation lets you track metrics such as the total number of connected Defenders and the total number of container images in your environment being protected by Defender.

Metrics

Metrics are a core Prometheus concept. Instrumented systems expose metrics. Prometheus stores the metrics in its time-series database, and makes them easily available to query to understand how systems behave over time.

Prisma Cloud has two types of metrics:

Counters: Single monotonically increasing values. A counter’s value can only increase or be reset to zero.

Gauges: Single numerical values that can arbitrarily go up or down.

Prisma Cloud metrics

All Prisma Cloud metrics are listed in the following table. Vulnerability and compliance metrics are updated every 24 hours. The rest of the metrics are updated every 10 minutes.

Note that *_vulnerabilities and *_compliance metrics report how many entities (images, containers, hosts, etc) are at risk by the highest severity issue that impacts them. In other words, images_critical_vulnerabilities is not a total count of critical vulnerabilities in the images in your environment. Rather, it is a total count of images where the highest severity CVE is critical. For a thorough explanation of how this type of metric is used, see Vulnerability Explorer.

Metric	Type	Description
totalDefenders	Gauge	Total number of Defenders connected to Console. Connected and disconnected Defenders can be reviewed in Console under Manage > Defenders > Manage .
activeDefenders	Gauge	Total number of all Defenders for which a license is allocated, regardless of whether it is currently connected to Console or not.
images_critical_vulnerabilities	Gauge	Total number of containers impacted by critical vulnerabilities.
images_high_vulnerabilities	Gauge	Total number of containers impacted by high vulnerabilities.
images_medium_vulnerabilities	Gauge	Total number of containers impacted by medium vulnerabilities.
images_low_vulnerabilities	Gauge	Total number of containers impacted by low vulnerabilities.
hosts_critical_vulnerabilities	Gauge	Total number of hosts impacted by critical vulnerabilities.
hosts_high_vulnerabilities	Gauge	Total number of hosts impacted by high vulnerabilities.
hosts_medium_vulnerabilities	Gauge	Total number of hosts impacted by medium vulnerabilities.
hosts_low_vulnerabilities	Gauge	Total number of hosts impacted by low vulnerabilities.
serverless_critical_vulnerabilities	Gauge	Total number of serverless functions impacted by critical vulnerabilities.
serverless_high_vulnerabilities	Gauge	Total number of serverless functions impacted by high vulnerabilities.
serverless_medium_vulnerabilities	Gauge	Total number of serverless functions impacted by medium vulnerabilities.
serverless_low_vulnerabilities	Gauge	Total number of serverless functions impacted by low vulnerabilities.
images_critical_compliance	Gauge	Total number of images impacted by critical compliance issues.
images_high_compliance	Gauge	Total number of images impacted by high compliance issues.
images_medium_compliance	Gauge	Total number of images impacted by medium compliance issues.
images_low_compliance	Gauge	Total number of images impacted by low compliance issues.
containers_critical_compliance	Gauge	Total number of containers impacted by critical compliance issues.
containers_high_compliance	Gauge	Total number of containers impacted by high compliance issues.
containers_medium_compliance	Gauge	Total number of containers impacted by medium compliance issues.
containers_low_compliance	Gauge	Total number of containers impacted by low compliance issues.
hosts_critical_compliance	Gauge	Total number of hosts impacted by critical compliance issues.
hosts_high_compliance

Document:Prisma Cloud Compute Edition Administrator’s Guide

Prometheus

Table of Contents

Prometheus

Metrics

Prisma Cloud metrics