Configure Vulnerability Findings

Prisma Cloud ingests findings and vulnerability data from AWS GuardDuty and Inspector, which you can use to build more meaningful insights and for vulnerability management of potentially compromised resources. Once you enable malware protection and configure it on Prisma Cloud, if malware is detected during a scan, an additional finding is generated that you can view on Prisma Cloud Resource page.
  • GuardDuty is currently supported only for AWS standalone and member accounts onboarded on Prisma Cloud.
  • Enable EventBridge before you configure vulnerability findings using GuardDuty or Inspector.
  • If you are currently using Inspector Classic, you do not need to make any configuration changes and can continue to use it as is.
  1. Onboard your AWS account.
  2. Configure near real-time visibility through Amazon EventBridge.
  3. Configure vulnerability findings.
    1. Edit
      the AWS account for which you want to configure vulnerability findings. Make sure that EventBridge is successfully configured for that account.
    2. On the Account Overview page, scroll to
      Vulnerability Findings
    3. Toggle
      and click
      Configure Findings
      both GuardDuty and Inspector.
    4. Download EventBridge CFT
      As part of the initial onboarding when you deploy the EventBridge CFT, Prisma Cloud creates 2 separate rules on AWS, one each for GuardDuty and Inspector. Depending on your selection the corresponding rule is enabled.
    5. Log in to your AWS account and follow the steps to create a stack, select
      I acknowledge that AWS CloudFormation might create IAM resources with custom names.
      , and click
      Create Stack
    6. Wait for status to display CREATE_COMPLETE.
    7. Return to your Prisma Cloud console and click
    8. Once the template is run successfully,
      Review Status
      for each region.
      If a Warning status displays for a region(s), click
      Configure Details
      , download the CFT again, and complete the steps.
    9. Click
    10. Once a
      message displays for
      Vulnerability Findings
      on the account overview page.
      You can view the vulnerability and malware findings generated by AWS GuardDuty or vulnerabilities generated by AWS Inspector on the Prima Cloud
      config from cloud.resource where = 'aws-iam-list-access-keys' AND finding.source = 'AWS GuardDuty'

Recommended For You