Configure Cloud Discovery
Table of Contents
Configure Cloud Discovery
Set up Prisma Cloud to scan your cloud service provider accounts for cloud-native resources and services.
Then configure Prisma Cloud to protect them with a single click.
Prerequisite:
You create service accounts for your cloud service providers with the minimum required permissions.- Log in to Prisma Cloud Compute Console.
- SelectCompute > Manage > Cloud Accounts.
- Select the accounts to scan. If there are no accounts in the table, use the+ Add accountbutton to onboard your cloud accounts.
- On GCP: If you select organization level GCP credentials, for an organization with hundreds of projects, the performance of the Google Cloud Registry discovery might be affected due to long query time from GCP. The best approach to reduce scan time and avoid potential timeouts is to divide the projects in your organization into multiple GCP folders. Then create a service account and credential for each folder, and use these credentials for cloud discovery.
- On Azure: If you create a credential in the credentials store underManage > Authentication > Credentials store, your service principal authenticates with a password. To authenticate with a certificate, onboard the cloud service provider.
- EnableCloud discovery.
- ClickAdd accountto save the changes.
- Review the scan report.
- Go toCompute > Manage > Cloud Accountsto view the scan report as a table.
- Select theShow account detailsicon to see the discovery scan results for resources within the cloud account.
- Go toRadarand selectCloudto view the scan report as a graphic.
- ClickDefendfor the entities you want Prisma Cloud to scan for vulnerabilities.When you clickDefend, a new scan rule is proposed. Select the appropriate credential, tweak the scan rule as desired, then clickAdd.
- Go to the scan reports underMonitor > Vulnerabilities
- SelectHosts,Registry, orFunctionsto see the pertinent report.