Prisma Cloud Integrations

Learn about different types of integrations that Prisma Cloud supports with third-party systems.
Prisma Cloud provides multiple out-of-the-box integration options so that you can integrate Prisma Cloud into your existing security workflows and with the technologies you already use. The Amazon GuardDuty, AWS Inspector, Qualys, and Tenable integrations are inbound or pull-based integrations where Prisma Cloud polls for the data periodically and retrieves it from the external integration system; all the other integrations are outbound or push-based integrations where Prisma Cloud sends data about an alert or error to the external integration system.
  • Amazon GuardDuty
    —Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. Prisma Cloud integrates with Amazon GuardDuty and ingests vulnerability data to provide you with additional context on risks in the cloud.
  • AWS Inspector
    —Amazon Inspector assesses applications for exposure, vulnerabilities, and deviations from best practices. It also produces a detailed list of security findings prioritized by level of severity. Prisma Cloud integrates with AWS inspector and ingests vulnerability data and security best practices deviations to provide you with additional context on risks in the cloud.
  • AWS SecurityHub
    —AWS Security Hub acts as a central console to view and monitor the security posture of your cloud assets directly on the Amazon console. As the Prisma Cloud application monitors your assets on the AWS cloud and sends alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities, you have a comprehensive view of all your cloud assets across all your AWS accounts directly to the Security Hub console.
  • Amazon SQS
    —Amazon Simple Queue Service helps you send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be always available. Prisma Cloud integrates with Amazon SQS to receive alerts. You can consume them through Splunk add-on or through CloudFormation to enable custom workflows.
  • Email
    —Configure Prisma Cloud to send alerts as email to your email inbox.
  • Google Cloud SCC
    —Google Cloud Security Command Center (Google Cloud SCC) is the security and data risk database for Google Cloud Platform. Google Cloud SCC enables you to understand your security and data attack surface by providing asset inventory, discovery, search, and management. Prisma Cloud integrates wtih Google Cloud SCC and sends alerts to the Google Cloud SCC console to provide centralized visibility into security and compliance risks of your cloud assets.
  • Jira
    —Jira is an issue tracking, ticketing, and project management tool. Prisma Cloud integrates with Jira and sends notifications of Prisma Cloud alerts to your Jira accounts.
  • Microsoft Teams
    —Microsoft Teams is a cloud-based team collaboration software that is part of the Office 365 suite of applications and is used for workplace chat, video meetings, file storage, and application integration. The Prisma Cloud integration with Microsoft Teams enables you to monitors your assets and sends alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities either as they happen or as consolidated summary cards.
  • PagerDuty
    —PagerDuty enables alerting, on-call scheduling, escalation policies and incident tracking to increase uptime of your apps, servers, websites and databases. The PagerDuty integration enables you to send Prisma Cloud alert information to PagerDuty service. The incident response teams can investigate and remediate the security incidents.
  • QRadar
    —IBM QRadar is an enterprise security information and event management product. Integrate Prisma Cloud with QRadar to view Prisma Cloud alerts on the QRadar console to help you proactively detect threats and continuously improve detection
  • Qualys
    —Qualys specializes in vulnerability management security software. They scan hosts for potential vulnerabilities. Prisma Cloud integrates with the Qualys platform and ingests vulnerability data to provide you with additional context on risks in the cloud.
  • ServiceNow
    —ServiceNow is an incident, asset, and ticket management tool. Prisma Cloud integrates with Servicenow and sends notifications of Prisma Cloud alerts as ServiceNow tickets.
  • Slack
    —Slack is an online instant messaging and collaboration system that enables you to centralize all your notifications. You can configure Prisma Cloud to send notifications of Prisma Cloud alerts through your slack channels.
  • Splunk
    —Splunk is a software platform to search, analyze and visualize machine-generated data gathered from the websites, applications, sensors, and devices. Prisma Cloud integrates with cloud-based Splunk deployments and see Prisma Cloud alerts through Splunk event collector. Prisma Cloud can integrate with on-premises Splunk instances through the AWS SQS integration.
  • Tenable
    —Tenable.io is a cloud-hosted Vulnerability Management solution designed to provide accurate visibility and insight about dynamic assets and vulnerabilities. Prisma Cloud integrates with the Tenable and ingests vulnerability data to provide you with additional context on risks in the cloud.
  • Webhooks
    —The webhooks integration enables you to pass information in a JSON format to any third-party integrations that are not natively supported on Prisma Cloud. With a webhook integration you can configure Prisma Cloud to send alerts to the webhook URL as an HTTP POST request, so that any services or applications that subscribe to the webhook URL can receive alert notifications as soon as Prisma Cloud detects an issue.
For the outbound integrations with the exception of PagerDuty and email, Prisma Cloud performs periodic checks and background validation to identify exceptions or failures in processing notifications. The status checks are displayed on the Prisma Cloud administrator console—red if the integration fails validation checks for accessibility or credentials, yellow if one or more templates associated with the integration are invalid, or green when the integration is working and all templates are valid. Any state transitions are also displayed on the Prisma Cloud administrator console to help you find and fix potential issues.

Related Documentation