Integrate Prisma Cloud with AWS Inspector
Learn how to integrate Prisma™ Cloud with AWS Inspector.
Prisma™ Cloud ingests vulnerability data and
security best practices deviations from AWS Inspector to
provide organizations with additional context about risks in the
cloud. You
can identify suspicious traffic to sensitive workloads, such as
databases with known vulnerabilities.
- Enable AWS Inspector on your EC2 instances. To set up AWS Inspector, see Amazon documentation.
- Enable read-access permissions to AWS Inspector on the IAM Role policy.The Prisma Cloud IAM Role policy that you use to onboard your AWS setup needs these permissions:inspector:Describe* inspector:List*If you used the CFT templates to onboard your AWS account, the Prisma Cloud IAM Role policy already has the permissions required for AWS Inspector.
- After the Prisma Cloud service begins ingesting AWS Inspector data, you can use the following RQL queries for visibility into the host vulnerability information collected from AWS Inspector.
- Config queries:config from cloud.resource where finding.type = 'AWS Inspector Runtime Behavior Analysis'config from cloud.resource where finding.type = 'AWS Inspector Security Best Practices'
AWS Inspector Runtime Behavior Analysis—Fetches all resources which are in violation of one or more rules reported by the AWS Runtime Behavior Analysis package.AWS Inspector Security Best Practices—Fetches all resources which are in violation of one or more rules reported by the AWS Inspector security best practices package. - Network queries:network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'AWS Inspector Runtime Behavior Analysis' )network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'AWS Inspector Security Best Practices' )
Click on the resource to see an Audit trail.
ClickHost Findingsfor information related to vulnerabilities.
