Integrate Prisma Cloud with Azure Service Bus Queue

Learn how to integrate Prisma™ Cloud with Azure Service Bus Queue.
Prisma™ Cloud can send alerts to a queue on the Azure Service Bus messaging service. To authorize access, you can either use a Shared Access Signature for limiting access permissions to the Service Bus namespace or queue, or use the service principal credentials associated with the Azure Cloud account you have onboarded to Prisma Cloud. If you plan to use the service principal that uses Azure Active Directory to authorize requests, you must include the additional role—Azure Service Bus Data Sender— and enable send access to the Service Bus namespace and queues.
When configured, as soon as an alert is generated, the entire alert payload is sent to the queue.
  1. Configure the Azure Service Bus to receive Prisma Cloud alerts.
    1. Log in to the Azure portal, to create a Service Bus namespace and add a queue.
      Copy the queue URL.
      azure-service-bus-queue-url.png
    2. Choose your authentication method.
      To authenticate and authorize access to Azure Service Bus resources, you can either use Azure Activity Directory (Azure AD) or Shared Access Signatures (SAS).
      • If you want to use Azure AD
        Add the
        Azure Service Bus Data Sender
        role to the service principal associated with the Prisma Cloud App registered on your Azure AD tenant.
        Refer to the Azure documentation on assigning roles.
        azure-service-bus-queue-role-assignment-2.png
      • If you want to use a SAS
        Get the connection string to enable Prisma Cloud to authenticate to the Azure Service Bus namespace or queue.
        You can define the scope for the connection string to be the namespace or a specific queue. Refer to the Azure documentation for getting the connection string.
        You can either use the
        RootManageSharedAccessKey
        policy that enables access to the Service Bus namespace, and is created by default. This policy includes a Shared Access Signature (SAS) rule with an associated pair of primary and secondary keys that you can use on Prisma Cloud.
        Or, you can limit access to a specific queue, and create a policy with the minimum permissions for send access to the Azure Service Bus queue.
        azure-service-bus-queue-policy.png
        azure-service-bus-queue-policy-2.png
  2. Add the Azure Service Bus Queue on Prisma Cloud.
    1. Log in to Prisma Cloud.
    2. Select
      Settings
      Integrations
      .
    3. Set the
      Integration Type
      to
      Azure Service Bus Queue
      .
    4. Enter a
      Name
      and
      Description
      for the integration.
    5. Enter the
      Queue URL
      that you copied earlier.
    6. Select the method to authorize access to the queue.
      • Select
        Azure Account
        if you want to access the queue with the Prisma Cloud credentials which you used to onboard your Azure subscription. If you missed adding the
        Azure Service Bus Data Sender
        role to the service principal, an error message will display when you save the integration. Select the Azure account from the drop-down.
      • Select
        Shared Access Signature
        , if you want to use a role with limited permissions, and paste the connection string value for the scope selection.
    7. Click
      Next
      and then
      Test
      .
      You should receive a success message.
      azure-service-bus-integration.png
      And can verify that the message count increments on the queue on the Azure portal.
      azure-service-bus-integration-verify.png
    8. Click
      Save
      .
      When the communication is successful, the status of the integration is green (
      Settings
      Integrations
      ). If the Queue URL is unreachable or if permissions are insufficient, the status turns red.
  3. Create an Alert Rule for Run-Time Checks or modify an existing rule to enable the Azure Service Bus Queue integration.

Recommended For You