Configure Findings

Prisma Cloud ingests findings and vulnerability data from AWS GuardDuty and Inspector, which you can use to build more meaningful insights and for vulnerability management of potentially compromised resources. Once you enable malware protection and configure it on Prisma Cloud, if malware is detected during a scan, an additional finding is generated that you can view on Prisma Cloud Resource page.
  • GuardDuty is currently supported only for AWS standalone and member accounts onboarded on Prisma Cloud.
  • Enable EventBridge before you configure findings using GuardDuty or Inspector.
  • You can use Inspector only for accounts that were onboarded as standalone accounts.
  • If you are currently using Inspector Classic, you do not need to make any configuration changes and can continue to use it as is.
  1. After you Onboard Your AWS Account, select
    Settings
    Cloud Accounts
    .
  2. Click the
    View
    ( ) icon next to the AWS account for which you want to configure findings. Make sure that EventBridge is successfully configured for that account.
  3. Click
    Misconfigurations
    .
  4. Under
    Findings
    , toggle the
    Disabled
    button to
    Enabled
    for both GuardDuty and Inspector.
  5. Click
    Configure Findings
    .
  6. Configure Details
    .
    1. Click
      Download EventBridge Cloud Formation Template
      .
      As part of the initial onboarding when you deploy the EventBridge CFT, Prisma Cloud creates 2 separate rules on AWS, one each for GuardDuty and Inspector. Depending on your selection the corresponding rule is enabled.
    2. Log in to your AWS account and follow the steps to create a stack.
      • Select
        I acknowledge that AWS CloudFormation might create IAM resources with custom names
        .
      • Click
        Create Stack
        .
      • Wait for status to display CREATE_COMPLETE.
  7. Return to your Prisma Cloud console.
  8. Click
    Next
    .
  9. Review Status
    .
    Once the template is run successfully, a
    Successful
    message displays for each region.
    If a Warning status displays for a region(s), click
    Configure Details
    , download the CFT again, and complete the steps listed above.
  10. Click
    Save
    .
    Verify that a
    Successful
    message displays for
    Findings
    on the account overview page.
    You can view the vulnerability and malware findings generated by AWS GuardDuty or vulnerabilities generated by AWS Inspector by running the following query on
    Investigate
    in Prisma Cloud:
    config from cloud.resource where api.name = 'aws-iam-list-access-keys' AND finding.source = 'AWS GuardDuty'

Recommended For You