1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Configure External Integrations on Prisma Cloud
    6. Integrate Prisma Cloud with Tenable

    Integrate Prisma Cloud with Tenable

    Learn how to integrate Prisma™ Cloud with Tenable.
    Prisma™ Cloud ingests vulnerability data from Tenable to provide you with additional context about risks in the cloud. With this integration, you can, for example, identify suspicious traffic to sensitive workloads such as databases with known vulnerabilities.
    AWS, Azure, and GCP clouds support the Prisma Cloud integration with Tenable.
    1. Tenable.io provides API access to assets and their vulnerability information. Configure the Tenable account to use the Tenable AWS, Azure, and GCP connectors. You cannot identify the cloud resource without these connectors.
      The Tenable API requires an access key and a secret key to be added to the request header. Generate an access key and secret key for each user on the Tenable.io app. (See Tenable documentation for information.) Also, ensure that the Tenable role you are using to enable this integration has administrator permissions that include
      vulns-request-export
       and
      assets-request-export
       API access.
    2. Set up Tenable integration on Prisma Cloud.
      1. Login to Prisma Cloud.
      2. Select
        Settings
        Integrations
        .
      3. Set the
        Add Integration
         to
        Tenable
        .
      4. Enter
        Name
         and
        Description
        .
      5. Enter the
        Access Key
         and the
        Secret Key
         that are generated in Tenable.io.
        See Tenable documentation for information.
      6. Click
        Next
         and then
        Test
         the integration.
      7. Review the Summary and
        Save
         the integration.
    3. View vulnerabilities detected by Tenable in Prisma Cloud.
      After Prisma Cloud has access to the Tenable findings, you can use the following RQL queries for visibility into the host vulnerability information collected from Tenable.
      1. Config Query
        config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.source = 'Tenable' AND finding.severity = 'high'
        1. Select a resource to get information about vulnerabilities. Select
          Audit Trail
           to view the CVE numbers.
        2. Select
          Findings
           to view the information related to vulnerabilities.
      2. Network Query
        network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'Host Vulnerability' )
        1. Select a resource to get the information about host vulnerabilities.
        2. Navigate to
          Alert Summary
           and choose
          Host Vulnerability
           to see details.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo