Configure the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute application

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • Install and configure the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute application. Import data from Prisma Cloud Compute. You can use the imported data to prioritize and remediate vulnerabilities for your docker images.

    Before you begin

    Role required: admin

    Procedure

    1. Open the email from ServiceNow that you received about the integration.
    2. Log in to your instance as an admin.
    3. Follow the instructions in the email to get the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute.
    4. Navigate to All > Prisma Cloud Compute Integration > Administration > Configuration.
      On the Prisma Cloud Compute Configuration form, fill in the fields. For more information, see Prisma Cloud Compute Configuration form.
    5. From the Projects list, select either All Projects or Specific Projects to configure either all projects or selected projects respectively.
      If you select Specific Projects, you can select the projects from the Available list.
    6. Complete the configuration by clicking either Finish or Save and Test Credentials.
      • If you configured a project, click Finish.
      • If you did not configure a project, click Save and Test Credentials
    7. View the newly created instance by navigating to Prisma Cloud Compute Integration > Administration > Integration Instances.
    8. View the projects you configured earlier by clicking Integration Instance Parameters.
    9. Run the newly created integration instance to import the following data:
      • Docker Images: Lists the Docker images, which are created using an identification and reconciliation engine (IRE). Each Docker image also provides information on the relationship between the repositories and the versions installed.
      • Discovered Container Images: The Discovered container images module provides information on the image ID, Docker image, and the image repository. It also stores the layer information and associates it with the discovered image. You can also view the projects and container count here. For a discovered container image, you can view cloud metadata such as cloud provider, cloud region, cloud account ID, and cloud resource IDs.
      • Container Image Packages: It provides information about the packages where the vulnerabilities exist. The Binary package details are also provided as a comma-separated value.
      • Container Image Layers: This screen displays the record for each image layer.
      • Container Image Findings: This screen displays the list of findings along with information on the associated vulnerabilities, image layer, docker image, image repository, and discovered image. Currently, the vulnerability information is limited to just the ID. Additional information is populated when NVD integration is triggered.
      • Container Vulnerable Items: Each finding has a corresponding vulnerability. The CVITs are further created based on the granularity.
    10. Configure the granularity of a vulnerable item.
      1. Navigate to Prisma Cloud Compute Integration > Configure Image Vulnerability Keys
      2. Configure the granularity of the CVITs by selecting the required check boxes.
        The vulnerable items are created based on the selected keys, during the next import.
        Note:
        By default, a CVIT is created for a combination of Image Repository, Vulnerability, and Image tag. You can add components to the key for further granularity. For example, you can create a CVIT for a combination of Image Repository, Vulnerability, Image tag, and Cluster. Once the vulnerable items or vulnerable item findings are created, the check boxes are no longer editable.