1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Connect Your Cloud Platform to Prisma Cloud
    6. Onboard Your AWS Account
    7. Configure Vulnerability Findings

    Configure Vulnerability Findings

    Prisma Cloud ingests findings and vulnerability data from AWS GuardDuty and Inspector, which you can use to build more meaningful insights and for vulnerability management of potentially compromised resources. Once you enable malware protection and configure it on Prisma Cloud, if malware is detected during a scan, an additional finding is generated that you can view on Prisma Cloud Resource page.
    • GuardDuty is currently supported only for AWS standalone and member accounts onboarded on Prisma Cloud.
    • Enable EventBridge before you configure vulnerability findings using GuardDuty or Inspector.
    • If you are currently using Inspector Classic, you do not need to make any configuration changes and can continue to use it as is.
    1. Onboard your AWS account.
    2. Configure near real-time visibility through Amazon EventBridge.
    3. Configure vulnerability findings.
      1. Edit
         the AWS account for which you want to configure vulnerability findings. Make sure that EventBridge is successfully configured for that account.
      2. On the Account Overview page, scroll to
        Vulnerability Findings
        .
      3. Toggle
        Disabled
         to
        Enabled
         and click
        Configure Findings
        .
        Enable
         both GuardDuty and Inspector.
      4. Download EventBridge CFT
        .
        As part of the initial onboarding when you deploy the EventBridge CFT, Prisma Cloud creates 2 separate rules on AWS, one each for GuardDuty and Inspector. Depending on your selection the corresponding rule is enabled.
      5. Log in to your AWS account and follow the steps to create a stack, select
        I acknowledge that AWS CloudFormation might create IAM resources with custom names.
        , and click
        Create Stack
        .
      6. Wait for status to display CREATE_COMPLETE.
      7. Return to your Prisma Cloud console and click
        Next
        .
      8. Once the template is run successfully,
        Review Status
         displays
        Successful
         for each region.
        If a Warning status displays for a region(s), click
        Configure Details
        , download the CFT again, and complete the steps.
      9. Click
        Save
        .
      10. Once a
        Successful
         message displays for
        Vulnerability Findings
         on the account overview page.
        You can view the vulnerability and malware findings generated by AWS GuardDuty or vulnerabilities generated by AWS Inspector on the Prima Cloud
        Investigate
         page.
        config from cloud.resource where api.name = 'aws-iam-list-access-keys' AND finding.source = 'AWS GuardDuty'

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo