Prisma Cloud REST Messages

Xanadu Security Management

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

Prisma Cloud REST Messages

Release version: Xanadu

Updated August 1, 2024

1 minute to read

Prisma REST messages are used to make calls to the Prisma Application Programming Interface (API) to fetch the compliance data.

The following REST messages are shipped with the base system.

Prisma Cloud integrations

All Prisma Cloud integrations use the JSON Web Token (JWT) for authentication and authorization.

Table 1. Prisma Login REST message
Endpoint	Description	Method	Body	API documentation link
/login	Obtains the JWT token for use in all subsequent integrations.	POST	`{ "username": <<access key id >>, "password": <<secret access key>>}`	https://pan.dev/prisma-cloud/api/cspm/app-login/

Table 2. Prisma Refresh Token REST message
Endpoint	Description	Method	Body	API documentation link
/auth_token/extend	Automatically renews the JWT token on expiration. The default duration for token expiry is 60 minutes.	GET	NA	https://pan.dev/prisma-cloud/api/cspm/extend-session/

Table 3. Prisma Policy REST message
Endpoint	Description	Method	Body	API documentation link
/v2/policy	Retrieves all the policy data from Prisma.	GET	NA	https://pan.dev/prisma-cloud/api/cspm/get-policies/

Endpoint Description Method Body API documentation link

/v2/alert

Retrieves all alerts from Prisma.

Table 4. Prisma Alert REST Message
Endpoint	Description	Method	Body	API documentation link
/v2/alert	Retrieves all alerts from Prisma.	POST	`{ "detailed": "false", "filters": [ { "name": "timeRange.type", "operator": "=", "value": "ALERT_STATUS_UPDATED" } ], "sortBy": [ "resource.id" ], "pageToken": "", "offset": 0, "limit": 2000, "timeRange": { "type": "absolute", "value": { "startTime": <<Import since at integration level>>, "endTime": << Current integration run time>> } } }`	https://pan.dev/prisma-cloud/api/cspm/post-alerts/

POST

{
    "detailed": "false",
    "filters": [
	{

		"name": "timeRange.type",
                "operator": "=",
                "value": "ALERT_STATUS_UPDATED"
        }
    ],
    "sortBy": [
        "resource.id"
    ],
    "pageToken": "",
    "offset": 0,
    "limit": 2000,
    "timeRange": {
        "type": "absolute",
        "value": {
            "startTime": <<Import since at integration level>>,
            "endTime": << Current integration  run time>>
        }
    }
}

https://pan.dev/prisma-cloud/api/cspm/post-alerts/

For Prisma Comprehension Alert integration, the filters in the above POST body must be replaced as follows:

"filters": [
	{
                    "name": "alert.status",
                    "operator": "=",
                    "value": "open"
                },
                {
                    "name": "alert.status",
                    "operator": "=",
                    "value": "dismissed"
                },
                {
                    "name": "alert.status",
                    "operator": "=",
                    "value": "snoozed"
                },
                {
                    "name": "alert.status",
                    "operator": "=",
                    "value": "pending_resolution"
                },
                {
                    "name": "timeRange.type",
                    "operator": "=",
                    "value": "ALERT_UPDATED"
                }
 
    ],