Integrate Prisma Cloud with Amazon SQS

Learn how to integrate Prisma™ Cloud with Amazon Simple Queue Service (SQS).
Prisma™ Cloud supports Amazon Simple Queue Service (SQS) to send alerts, and you can use the AWS CloudFormation service to enable custom workflows, as needed.
As soon as an alert is generated, the entire alert payload is sent to Amazon SQS. The alert payload also includes the command-line interface (CLI) remediation (the CLI commands and any instructions for those commands).
  1. Configure Amazon SQS to receive Prisma Cloud alerts.
    1. Log in to the Amazon console with the necessary credentials to create and configure the SQS.
    2. Click
      Simple Queue Services
      (under
      Application Integration
      ).
    3. Create New Queue
      or use an existing queue.
      sqs-create-new-queue.png
    4. Enter a Queue Name and choose a Queue Type—
      Standard
      or
      FIFO
      .
    5. Click
      Configure Queue
      .
      For the attributes specific to the Queue, use either the AWS default selection or set them per your company policies.
      Use SSE
      to keep all messages in the Queue encrypted, and select the default AWS KMS Customer Master Key (CMK) or enter your CMK ARN.
      sqs-confiqure-queue.png
    6. Create Queue
      .
      This creates and displays your SQS Queue
    7. Click the Queue that you created and view the
      Details
      and copy the
      URL
      for this queue.
      You provide this value in Prisma Cloud to integrate Prisma Cloud notifications in to this Queue.
      sqs-queue-details.png
  2. If you are using a Customer Managed Key to encrypt queues in Amazon SQS, you must configure the Prisma Cloud Role with explicit permission to read the key.
    1. On the Amazon console, select
      KMS
      Customer Managed Keys
      and
      Create Key
      .
      Refer to the AWS documentation for details on creating keys.
      sqs-create-encrypted-key.png
    2. Enter an Alias and Description, and add any required
      Tags
      and click
      Next
      .
    3. Select the IAM users and roles who can use this key through the
      KMS
      API and click
      Next
      .
    4. Select the IAM users and roles who can use this key to encrypt and decrypt the data.
    5. Review the key policy and click
      Finish
      .
  3. Enable read-access permissions to Amazon SQS on the IAM Role policy.
    The Prisma Cloud IAM Role policy you use to onboard your AWS setup needs these permissions:
    "sqs:GetQueueAttributes", "sqs:ListQueues","sqs:SendMessage", "sqs:SendMessageBatch", "tag:GetResources"
    If you used the CFT templates to onboard your AWS account and the SQS queue belongs to the same cloud account, Prisma Cloud IAM Role policy already has the permissions required for Amazon SQS. If the SQS belongs to a different cloud account, you must provide the relevant IAM credentials (Access Key and Secret Key) when you enable the SQS integration in the next step.
  4. Set up Amazon SQS integration in Prisma Cloud.
    1. Log in to Prisma Cloud.
    2. Select
      Settings
      Integrations
      .
    3. Set the
      Integration Type
      to
      Amazon SQS
      .
    4. Enter a
      Name
      and
      Description
      for the integration.
    5. Enter the
      Queue URL
      that you copied when you configured Prisma Cloud in Amazon SQS.
    6. Select
      More Options
      to provide the credentials if you want to use a different IAM role to access SQS.
      By default, Prisma Cloud uses the same credentials with which you onboarded the AWS account to Prisma Cloud to access the SQS queue. If you want to include a different IAM role, you must enter the IAM Security Credentials—Access Key and Secret Key.
      This IAM user must have
      sqs:SendMessage
      and
      sqs:SendMessageBatch
      permissions.
    7. Click
      Next
      and then
      Test
      .
      You should receive a success message.
      sqs-create-integration-in-prisma-cloud.png
    8. Click
      Save
      .
      After you set up the integration successfully, if the SQS URL is unresponsive, the status red (
      Settings
      Integrations
      ) and green when the issue is resolved.
  5. Create an Alert Rule or modify an existing rule to enable the Amazon SQS Integration.

Recommended For You