Add a Resource List on Prisma Cloud

Use tags to identify resources deployed in your cloud environments.
A Resource List is a way to identify resources that are assigned with a specific tag or label. Resource lists can include tags or types of workloads.

Identify Cloud Resources by Tags

A resource list for tags can reference tags that have been assigned to the resource as a part of a template deployment workflow or added manually. After you create the list to identify resources based on assigned tags, to use this list for scanning IaC templates using the Prisma Cloud plugins, you need to attach the resource list to a Prisma Cloud role and to an alert rule for build-time checks.
  1. Select
    Settings
    Resource Lists
    .
  2. Add Resource List
    Tag
    .
  3. Enter a
    Resource List Name
    .
    You can optionally enter a description.
  4. Specify the
    Key
    and
    Value
    to identify the tag.
    You can add up to 20 key-value pairs in a resource list. When you specify multiple tags in a resource list, the IaC template must include at least one tag defined in the resource list to be scanned against the policies in the alert rule.
  5. Save
    the list.
  6. Next Steps:
    1. Attach the resource list to a Prisma Cloud role.
      When you Create Prisma Cloud Roles, users who are associated with the selected role can review the scan results on the
      DevOps Inventory
      .

Create a Resource List for Compute Resources

The Compute Access Group resource list on Prisma Cloud enables you to restrict access to the data that is visible on the
Compute
tab to your read-only roles. You can define the scope for the types of workloads or resources, such as hosts, containers, images, serverless functions that are accessible to a role and assign that role to a Prisma Cloud read-only role. For a user to view data, they must be assigned to an account group or an on-prem provider. The workloads you include in the list match criteria are within scope and accessible to the user who is assigned to the role.
On Compute, this resource list is referred to as an assigned collection and is a way to enable granular access to a specified set of resources instead of granting access to all resources within an account.
  1. Select
    Settings
    Resource Lists
    .
  2. Add Resource List
    Compute Access Group
    .
  3. Enter a
    Resource List Name
    .
    You can optionally enter a description.
  4. Specify the filters to define the scope of what is accessible within each type of resource.
    By default, each field is populated with a wildcard to match all objects of a specific type, such as containers, images, hosts. The Individual fields are combined using AND logic. You can customize how a field is evaluated with string matching. When you use a wildcard in a resource name, it evaluates the resource name according to the position of the wildcard—If the string starts with a wildcard, it is evaluated as string-starts-with; If the string terminates with a wildcard, it is evaluated as string-ends-with; If a string is starts and terminates with a wildcard, it is evaluated as string-contains.
    As an example, to match host names that start with production and image names that use the latest version of Ubuntu, and disregard the container name or label, you must enter the value
    production*
    for
    Hosts
    and
    */ubuntu:latest
    for
    Images
    to match image names /library/ubuntu:latest or docker.io/library/ubuntu:latest. For more examples, refer to pattern matching.
  5. Save
    the list.
  6. View this resource list on
    Compute
    .
    The resource list is automatically added to the list of Collections. Select
    Manage
    Collections And Tags
    Collections
    and find the resource list by name. Although the Resource List for Compute Access Group is included in the list of collections, you cannot edit it on the
    Compute
    tab or use it when you add or edit rules for enforcing security checks on your resources.
  7. Attach the resource list to a Prisma Cloud role.
    1. When you Create Prisma Cloud Roles, verify that the role is assigned at least one account group or is enabled for access to data from
      On-prem/ Other cloud providers
      .
    2. Assign the role to a user so that they can review data on
      Compute
      for the scope you defined in the resource list.

Create a Resource List for Azure Resource Groups

Create resource lists for Azure Resource Groups and assign it to roles to restrict access. Then, filter these in the Compliance and Asset inventory dashboards.
The Azure Resource Group resource list enables you to specify roles on Prisma Cloud who can view the data associated with it. This enables you to restrict access to the data and also provides you greater visibility by allowing you to zoom in on that data using filters. You can filter azure resource groups to generate compliance standard reports which shows only the data within them, or you can apply filters in the Asset inventory dashboard to pick and choose one-or-more azure resource groups data that you want to observe.
Contact Prisma Cloud customer support to enable Azure Resource Group resource lists on your Prisma Cloud tenant.
  1. Select
    Settings
    Resource Lists
    .
  2. Add Resource List
    Azure Resource Group
    .
  3. Enter the resource list details.
    • Name
      —Enter the name of your resource list.
    • Description
      —Enter the purpose of your resource list.
    • Azure Resource Group(s)
      —Click the dialog box and select the Azure Resource Groups that you want to add to the resource list.
  4. Click
    Submit
    .
  5. (Optional)
    Attach the resource list to a Prisma Cloud role.
    When you assign an Azure Resource Group Resource List to a role, that role will have access to azure resource groups in the resource list for the Compliance and Asset inventory dashboards. If no resource list is assigned to a role that you switch to, then no resource list data will display in the corresponding dashboards.
  6. Filter the resource list to view data on the Compliance and Asset Inventory dashboards.
    1. Apply a filter on the Compliance dashboard.
      • Select
        Compliance
        Overview
        and click the plus icon ( ) to view and add filter menu items.
      • Select
        Azure Resource Group
        to view the resource list data associated with your role.
  7. Apply a filter on the Asset inventory dashboard.
    • Select
      Inventory
      Assets
      and click the plus icon to view and add filter menu items.
    • Select
      Azure Resource Group
      to view the resource list data associated with your role.

Recommended For You