1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Connect Your Cloud Platform to Prisma Cloud
    6. Onboard Amazon Web Services
    7. Configure Findings

    Configure Findings

    Prisma Cloud ingests findings and vulnerability data from AWS GuardDuty and Inspector, which you can use to build more meaningful insights and for vulnerability management of potentially compromised resources. Once you enable malware protection and configure it on Prisma Cloud, if malware is detected during a scan, an additional finding is generated that you can view on Prisma Cloud Resource page.
    • GuardDuty is currently supported only for AWS standalone and member accounts onboarded on Prisma Cloud.
    • Enable EventBridge before you configure findings using GuardDuty or Inspector.
    • You can use Inspector only for accounts that were onboarded as standalone accounts.
    • If you are currently using Inspector Classic, you do not need to make any configuration changes and can continue to use it as is.
    1. After you Onboard Your AWS Account, select
      Settings
      Cloud Accounts
      .
    2. Click the
      View
       ( ) icon next to the AWS account for which you want to configure findings. Make sure that EventBridge is successfully configured for that account.
    3. Click
      Misconfigurations
      .
    4. Under
      Findings
      , toggle the
      Disabled
       button to
      Enabled
       for both GuardDuty and Inspector.
    5. Click
      Configure Findings
      .
    6. Configure Details
      .
      1. Click
        Download EventBridge Cloud Formation Template
        .
        As part of the initial onboarding when you deploy the EventBridge CFT, Prisma Cloud creates 2 separate rules on AWS, one each for GuardDuty and Inspector. Depending on your selection the corresponding rule is enabled.
      2. Log in to your AWS account and follow the steps to create a stack.
        • Select
          I acknowledge that AWS CloudFormation might create IAM resources with custom names
          .
        • Click
          Create Stack
          .
        • Wait for status to display CREATE_COMPLETE.
    7. Return to your Prisma Cloud console.
    8. Click
      Next
      .
    9. Review Status
      .
      Once the template is run successfully, a
      Successful
       message displays for each region.
      If a Warning status displays for a region(s), click
      Configure Details
      , download the CFT again, and complete the steps listed above.
    10. Click
      Save
      .
      Verify that a
      Successful
       message displays for
      Findings
       on the account overview page.
      You can view the vulnerability and malware findings generated by AWS GuardDuty or vulnerabilities generated by AWS Inspector by running the following query on
      Investigate
       in Prisma Cloud:
      config from cloud.resource where api.name = 'aws-iam-list-access-keys' AND finding.source = 'AWS GuardDuty'

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo