Prisma Cloud Integrations
Learn about different types of integrations that Prisma™ Cloud supports with third-party systems.
Prisma™ Cloud provides multiple out-of-the-box integration options that you can use to integrate Prisma Cloud in to your existing security workflows and with the technologies you already use. The Amazon GuardDuty, AWS Inspector, Qualys, and Tenable integrations are inbound or pull-based integrations where Prisma Cloud periodically polls for the data and retrieves it from the external integration system; all other integrations are outbound or push-based integrations where Prisma Cloud sends data about an alert or error to the external integration system.
Alibaba Cloud in the Mainland China regions does not support all the integrations listed below. The supported
Integrationsare Amazon SQS, Email, Splunk and Webhooks.
- Amazon GuardDuty—Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. Prisma Cloud integrates with Amazon GuardDuty and ingests vulnerability data to provide you with additional context on risks in the cloud.
- AWS Inspector—AWS Inspector assesses applications for exposure, vulnerabilities, and deviations from best practices. It also produces a detailed list of security findings prioritized by level of severity. Prisma Cloud integrates with AWS inspector and ingests vulnerability data and Security best practices deviations to provide you with additional context about risks in the cloud.
- Amazon S3—Amazon Simple Storage Service (Amazon S3) is designed to make web-scale computing easier. You can use Amazon S3 to store and retrieve any amount of data using highly scalable, reliable, fast, and inexpensive data storage. Prisma Cloud can send alerts to an Amazon S3 bucket/folder.
- AWS Security Hub—AWS Security Hub is a central console where you can view and monitor the security posture of your cloud assets directly from the Amazon console. As the Prisma Cloud application monitors your assets on the AWS cloud and sends alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities, you have a comprehensive view of all your cloud assets across all your AWS accounts directly from the Prisma Cloud console.
- Amazon SQS—Amazon Simple Queue Service (SQS) helps you send, receive, and store messages that pass between software components at any volume without losing messages and without requiring other services to be always available. Prisma Cloud can send alerts to Amazon SQS, and you can set up the AWS CloudFormation service to enable custom workflows.
- Azure Sentinel—Azure Sentinel is a scalable, cloud-native, Security Information Event Management (SIEM), and Security Orchestration Automated Response (SOAR) solution. You can configure Prisma Cloud to send alerts to Azure Sentinel by creating a Logic Apps workflow and Webhook integration.
- Azure Service Bus Queue—Azure Service Bus is a managed messaging infrastructure designed to transfer data between applications as messages. With the Prisma Cloud and Azure Service Bus queue integration, you can send alerts to the queue and set up custom workflows to process the alert payload.
- Cortex XSOAR—Cortex XSOAR (formerly Demisto) is a Security Orchestration, Automation and Response (SOAR) platform that enables you to streamline your incident management workflows. With the Prisma Cloud and Cortex XSOAR integration you can automate the process of managing Prisma Cloud alerts and the incident lifecycle with playbook-driven response actions.
- Google Cloud SCC—Google Cloud Security Command Center (SCC) is the security and data risk database for Google Cloud Platform. Google Cloud SCC enables you to understand your security and data attack surface by providing inventory, discovery, search, and management of your assets. Prisma Cloud integrates with Google Cloud SCC and sends alerts to the Google Cloud SCC console to provide centralized visibility in to security and compliance risks of your cloud assets.
- Jira—Jira is an issue tracking, ticketing, and project management tool. Prisma Cloud integrates with Jira and sends notifications of Prisma Cloud alerts to your Jira accounts.
- Microsoft Teams—Microsoft Teams is cloud-based team collaboration software that is part of the Office 365 suite of applications and is used for workplace chat, video meetings, file storage, and application integration. The Prisma Cloud integration with Microsoft Teams enables you to monitor your assets and send alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities—either as they happen or as consolidated summary cards.
- PagerDuty—PagerDuty enables alerting, on-call scheduling, escalation policies, and incident tracking to increase the uptime of your apps, servers, websites, and databases. The PagerDuty integration enables you to send Prisma Cloud alert information to PagerDuty service. The incident response teams can investigate and remediate the security incidents.
- Qualys—Qualys specializes in vulnerability management security software that scans hosts for potential vulnerabilities. Prisma Cloud integrates with the Qualys platform and ingests vulnerability data to provide you with additional context about risks in the cloud.
- ServiceNow—ServiceNow is an incident, asset, and ticket management tool. Prisma Cloud integrates with ServiceNow and sends notifications of Prisma Cloud alerts as ServiceNow tickets.
- Slack—Slack is an online instant messaging and collaboration system that enables you to centralize all your notifications. You can configure Prisma Cloud to send notifications of Prisma Cloud alerts through your slack channels.
- Splunk—Splunk is a software platform that searches, analyzes, and visualizes machine-generated data gathered from websites, applications, sensors, and devices. Prisma Cloud integrates with cloud-based Splunk deployments and enables you to view Prisma Cloud alerts through the Splunk event collector. Prisma Cloud can integrate with on-premises Splunk instances through the AWS SQS integration.
- Tenable—Tenable.io is a cloud-hosted vulnerability management solution that provides visibility and insight in to dynamic assets and vulnerabilities. Prisma Cloud integrates with Tenable and ingests vulnerability data to provide you with additional context about risks in the cloud.
- Webhooks—The webhooks integration enables you to pass information in JSON format to any third-party integrations that are not natively supported on Prisma Cloud. With a webhook integration, you can configure Prisma Cloud to send alerts to the webhook URL as an HTTP POST request so that any services or applications that subscribe to the webhook URL receive alert notifications as soon as Prisma Cloud detects an issue.
For outbound integrations:
- You can check status updates on demand inby clicking theSettingsIntegrationsGet Statusicon for the relevant integration. The status check displays red if the integration fails validation checks for accessibility or credentials; or green when the integration is working and all templates are valid. To review the list of integrations that do not support the status checks see Prisma Cloud Integrations—Supported Capabilities. Status errors are displayed to help you find and fix potential issues.If any exception or failure in processing notification occurs, an alarm gets generated. You can view those under Alarm Center, provided you have enabled Alarms.
- When you Send Prisma Cloud Alert Notifications to Third-Party Tools, the value of the cloud service provider in the cloudType field for the resource that generated the alert the values is in lowercase letters, for example aws or alibaba_cloud.
Recommended For You
Recommended videos not found.