Integrate Prisma Cloud with Amazon Inspector
Table of Contents
Integrate Prisma Cloud with Amazon Inspector
Learn how to integrate Prisma™ Cloud with Amazon Inspector.
Prisma™ Cloud ingests vulnerability data and security best practices deviations from Amazon Inspector to provide organizations with additional context about risks in the cloud.
You can identify suspicious traffic to sensitive workloads, such as databases with known vulnerabilities.
- Enable Amazon Inspector on your EC2 instances. To set up Amazon Inspector, see Amazon documentation.
- Enable read-access permissions to Amazon Inspector on the IAM Role policy.The Prisma Cloud IAM Role policy that you use to onboard your AWS setup needs these permissions:inspector:Describe*,
If you used the CFT templates to onboard your AWS account, the Prisma Cloud IAM Role policy already has the permissions required for Amazon Inspector.inspector:List* - After the Prisma Cloud service begins ingesting Amazon Inspector data, you can use the following RQL queries for visibility into the host vulnerability information collected from it.
- Config queries:config from cloud.resource where finding.type = 'AWS Inspector Runtime Behavior Analysis'config from cloud.resource where finding.type = 'AWS Inspector Security Best Practices'
AWS Inspector Runtime Behavior Analysis—Fetches all resources which are in violation of one or more rules reported by the AWS Runtime Behavior Analysis package.AWS Inspector Security Best Practices—Fetches all resources which are in violation of one or more rules reported by the AWS Inspector security best practices package. - Network queries:network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'AWS Inspector Runtime Behavior Analysis' )network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'AWS Inspector Security Best Practices' )Click on the resource to see an Audit trail.
ClickHost Findingsfor information related to vulnerabilities.