Configure Vulnerability Findings

Prisma Cloud ingests findings and vulnerability data from AWS GuardDuty and Inspector, which you can use to build more meaningful insights and for vulnerability management of potentially compromised resources. Once you enable malware protection and configure it on Prisma Cloud, if malware is detected during a scan, an additional finding is generated that you can view on Prisma Cloud Resource page.
  • GuardDuty is currently supported only for AWS standalone and member accounts onboarded on Prisma Cloud.
  • Enable EventBridge before you configure vulnerability findings using GuardDuty or Inspector.
  • If you are currently using Inspector Classic, you do not need to make any configuration changes and can continue to use it as is.
  1. Onboard your AWS account.
  2. Configure near real-time visibility through Amazon EventBridge.
  3. Configure vulnerability findings.
    1. Edit
      the AWS account for which you want to configure vulnerability findings. Make sure that EventBridge is successfully configured for that account.
    2. On the Account Overview page, scroll to
      Vulnerability Findings
      .
    3. Toggle
      Disabled
      to
      Enabled
      and click
      Configure Findings
      .
      Enable
      both GuardDuty and Inspector.
    4. Download EventBridge CFT
      .
      As part of the initial onboarding when you deploy the EventBridge CFT, Prisma Cloud creates 2 separate rules on AWS, one each for GuardDuty and Inspector. Depending on your selection the corresponding rule is enabled.
    5. Log in to your AWS account and follow the steps to create a stack, select
      I acknowledge that AWS CloudFormation might create IAM resources with custom names.
      , and click
      Create Stack
      .
    6. Wait for status to display CREATE_COMPLETE.
    7. Return to your Prisma Cloud console and click
      Next
      .
    8. Once the template is run successfully,
      Review Status
      displays
      Successful
      for each region.
      If a Warning status displays for a region(s), click
      Configure Details
      , download the CFT again, and complete the steps.
    9. Click
      Save
      .
    10. Once a
      Successful
      message displays for
      Vulnerability Findings
      on the account overview page.
      You can view the vulnerability and malware findings generated by AWS GuardDuty or vulnerabilities generated by AWS Inspector on the Prima Cloud
      Investigate
      page.
      config from cloud.resource where api.name = 'aws-iam-list-access-keys' AND finding.source = 'AWS GuardDuty'

Recommended For You