Prisma Cloud Integrations
Learn about different types of integrations that Prisma™ Cloud supports with third-party systems.
Prisma™ Cloud provides multiple out-of-the-box integration options that you can use to integrate Prisma Cloud in to your existing security workflows and with the technologies you already use. The Amazon GuardDuty, AWS Inspector, Qualys, and Tenable integrations are inbound or pull-based integrations where Prisma Cloud periodically polls for the data and retrieves it from the external integration system; all other integrations are outbound or push-based integrations where Prisma Cloud sends data about an alert or error to the external integration system.
- Amazon GuardDuty—Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. Prisma Cloud integrates with Amazon GuardDuty and ingests vulnerability data to provide you with additional context on risks in the cloud.
- AWS Inspector—AWS Inspector assesses applications for exposure, vulnerabilities, and deviations from best practices. It also produces a detailed list of security findings prioritized by level of severity. Prisma Cloud integrates with AWS inspector and ingests vulnerability data and Security best practices deviations to provide you with additional context about risks in the cloud.
- AWS Security Hub—AWS Security Hub is a central console where you can view and monitor the security posture of your cloud assets directly from the Amazon console. As the Prisma Cloud application monitors your assets on the AWS cloud and sends alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities, you have a comprehensive view of all your cloud assets across all your AWS accounts directly from the Security Hub console.
- Amazon SQS—Amazon Simple Queue Service (SQS) helps you send, receive, and store messages that pass between software components at any volume without losing messages and without requiring other services to be always available. Prisma Cloud integrates with Amazon SQS to receive alerts that you can consume through a Splunk add-on or through the AWS CloudFormation service to enable custom workflows.
- Demisto—Demisto is a Security Orchestration, Automation and Response (SOAR) platform that enables you to streamline your incident management workflows. With the Prisma Cloud and Demisto integration you can automate the process of managing Prisma Cloud alerts and the incident lifecycle with playbook-driven response actions.
- Google Cloud SCC—Google Cloud Security Command Center (SCC) is the security and data risk database for Google Cloud Platform. Google Cloud SCC enables you to understand your security and data attack surface by providing inventory, discovery, search, and management of your assets. Prisma Cloud integrates with Google Cloud SCC and sends alerts to the Google Cloud SCC console to provide centralized visibility in to security and compliance risks of your cloud assets.
- Jira—Jira is an issue tracking, ticketing, and project management tool. Prisma Cloud integrates with Jira and sends notifications of Prisma Cloud alerts to your Jira accounts.
- Microsoft Teams—Microsoft Teams is cloud-based team collaboration software that is part of the Office 365 suite of applications and is used for workplace chat, video meetings, file storage, and application integration. The Prisma Cloud integration with Microsoft Teams enables you to monitor your assets and send alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities—either as they happen or as consolidated summary cards.
- PagerDuty—PagerDuty enables alerting, on-call scheduling, escalation policies, and incident tracking to increase the uptime of your apps, servers, websites, and databases. The PagerDuty integration enables you to send Prisma Cloud alert information to PagerDuty service. The incident response teams can investigate and remediate the security incidents.
- QRadar—IBM QRadar is an enterprise security information and event management product. Integrate Prisma Cloud with QRadar so that you can view Prisma Cloud alerts on the QRadar console to proactively detect threats and continuously improve detection.
- Qualys—Qualys specializes in vulnerability management security software that scans hosts for potential vulnerabilities. Prisma Cloud integrates with the Qualys platform and ingests vulnerability data to provide you with additional context about risks in the cloud.
- ServiceNow—ServiceNow is an incident, asset, and ticket management tool. Prisma Cloud integrates with ServiceNow and sends notifications of Prisma Cloud alerts as ServiceNow tickets.
- Slack—Slack is an online instant messaging and collaboration system that enables you to centralize all your notifications. You can configure Prisma Cloud to send notifications of Prisma Cloud alerts through your slack channels.
- Splunk—Splunk is a software platform that searches, analyzes, and visualizes machine-generated data gathered from websites, applications, sensors, and devices. Prisma Cloud integrates with cloud-based Splunk deployments and enables you to view Prisma Cloud alerts through the Splunk event collector. Prisma Cloud can integrate with on-premises Splunk instances through the AWS SQS integration.
- Tenable—Tenable.io is a cloud-hosted vulnerability management solution that provides visibility and insight in to dynamic assets and vulnerabilities. Prisma Cloud integrates with Tenable and ingests vulnerability data to provide you with additional context about risks in the cloud.
- Webhooks—The webhooks integration enables you to pass information in JSON format to any third-party integrations that are not natively supported on Prisma Cloud. With a webhook integration, you can configure Prisma Cloud to send alerts to the webhook URL as an HTTP POST request so that any services or applications that subscribe to the webhook URL receive alert notifications as soon as Prisma Cloud detects an issue.
For the outbound integrations—with the exception of PagerDuty and email, Prisma Cloud performs periodic checks and background validation to identify exceptions or failures in processing notifications. The status checks are displayed on the Prisma Cloud administrator console: red if the integration fails validation checks for accessibility or credentials; yellow if one or more templates associated with the integration are invalid; or green when the integration is working and all templates are valid. Any state transitions are also displayed on the Prisma Cloud administrator console to help you find and fix potential issues.