Integrate Prisma Cloud with AWS Inspector

Learn how to integrate Prisma™ Cloud with AWS Inspector.
Prisma™ Cloud ingests vulnerability data and security best practices deviations from AWS Inspector to provide organizations with additional context about risks in the cloud. You can identify suspicious traffic to sensitive workloads, such as databases with known vulnerabilities.
  1. Enable AWS Inspector on your EC2 instances. To set up AWS Inspector, see Amazon documentation.
  2. Enable read-access permissions to AWS Inspector on the IAM Role policy.
    The Prisma Cloud IAM Role policy that you use to onboard your AWS setup needs these permissions:
    inspector:Describe* inspector:List*
    If you used the CFT templates to onboard your AWS account, the Prisma Cloud IAM Role policy already has the permissions required for AWS Inspector.
  3. After the Prisma Cloud service begins ingesting AWS Inspector data, you can use the following RQL queries for visibility into the host vulnerability information collected from AWS Inspector.
    inspector-query-on-prisma-cloud.png
    • Config queries:
      config where hostfinding.type = 'AWS Inspector Runtime Behavior Analysis'
      config where hostfinding.type = 'AWS Inspector Security Best Practices'
      inspector-query-runtime-analysis.png
      AWS Inspector Runtime Behavior Analysis
      —Fetches all resources which are in violation of one or more rules reported by the AWS Runtime Behavior Analysis package.
      AWS Inspector Security Best Practices
      —Fetches all resources which are in violation of one or more rules reported by the AWS Inspector security best practices package.
    • Network queries:
      network where dest.resource IN ( resource where hostfinding.type = 'AWS Inspector Runtime Behavior Analysis' )
      network where dest.resource IN ( resource where hostfinding.type = 'AWS Inspector Security Best Practices' )
    Click on the resource to see an Audit trail.
    inspector-audit-trail.png
    Click
    Host Findings
    for information related to vulnerabilities.
    inspector-host-findings.png

Related Documentation