Palo Alto Prisma Cloud

App Vendor: Palo Alto Networks

App Category: Network Security

Connector Version: 1.0.0

API Version: 1.0.0

About App

The Palo Alto Prisma Cloud enables you to engage with Prisma Cloud services programmatically.

The Palo Alto Prisma Cloud app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
List Alert Filters	This action retrieves an object whose keys are the available policy filters.
List Alerts	This action retrieves a list of alerts that match the constraints specified in the query parameters.
Alert Info	This action retrieves information about an alert for the specified ID.
Dismiss Alerts	This action dismisses one or more alerts on the Prisma Cloud platform.
List Alert Remediation	This action generates and retrieves a list of remediation commands for the specified alerts and policies.
Remediate Alert	This action remediates the alert with the specified ID if that alert is associated with a remediable policy.
Perform Event Search	This action retrieves the results of an RQL (Resource Query Language) audit event query.
Filter Event Search Results	This action filters the results of an event log search according to the specified parameters.
Search Alerts by ID	This action retrieves search data to investigate the alert with the specified ID.
Get Raw Event Data	This action retrieves the audit event data for the specified ID as raw metadata.
Perform Network Search	This action performs a search against flow logs with an RQL (Resource Query Language) query.
View Asset Inventory	This action retrieves asset inventory pass/fail data for the specified time period
List Inventory Filters	This action retrieves an object whose keys are supported asset inventory filters and values contain default recent options
Get Asset Inventory Trend View	This action retrieves asset inventory pass/fail trends for the specified time period.
Get Cloud Audit Logs	This action retrieves audit logs for events that took place on the Prisma Cloud platform.
List Cloud Accounts	This action lists all cloud accounts onboarded onto the Prisma Cloud platform.
Get Cloud Account	This action retrieves a list of cloud account IDs and names.
Add Cloud Account	This action onboards a new cloud account onto the Prisma Cloud platform
Get Cloud Account Information	This action retrieves top-level information about the cloud account.
Get All Compliance Statistics	This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections.
Get Compliance Statistics for Standard ID	This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections for the given compliance standard ID.
Get Compliance Trend	This action retrieves a compliance posture summary that describes the passed/failed statistics trend.
List Networks	This action retrieves an array of public networks.
Add Network	This action adds a public network.
List IP Addresses Allowed for Login	This action retrieves a list of data objects that contain the CIDRs in the allow list to access the Prisma Cloud tenant.
Add IP Address to Allow List	This action adds a named list of CIDRs (IP addresses) that are in the allow list to access Prisma cloud.
List Policies	This action retrieves system default and custom policies.
Add Policies	This action adds a new policy.
Get Policy	This action retrieves the policy that has the specified policy ID.
Update Policy	This action updates the existing policy that has the specified policy ID.
Download Report	This action downloads the compliance report with the specified ID.
List Report Configs	This action retrieves a list of compliance report generation configurations.
Get Report Config	This action retrieves the compliance report generation configuration with the specified ID.
List Historical Reports Data	This action retrieves a list of metadata for the scheduled compliance reports for the specified report ID.
Get Dashboard Alerts	This action retrieves counts of total objects, public objects, sensitive objects, and malware.
Get Dashboard Violations	This action list violations for the dashboard.
Get Classification Report	This action retrieves a data classification report.
List Inventory Objects	This action lists data for objects.
Get Malware Report	This action retrieves a malware report.
Get Inventory Resource Details	This action retrieves details for the resource (bucket) with the specified tenant ID and bucket name.
Get Inventory Resource Objects	This action retrieves the objects for the specified bucket.

Configuration Parameters

The following configuration parameters are required for the Palo Alto Prisma Cloud app to communicate with the Palo Alto Prisma Cloud enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional
Base URL	Enter the base URL to access Prisma Cloud.	Text	Required
Access ID	Enter the access ID.	Text	Required
Password	Enter the password.	Password	Required
Customer Name	Enter the customer's name.	Text	Optional
Prisma ID	Enter the Prisma ID.	Text	Optional

Action: List Alert Filters

This action retrieves an object whose keys are the available policy filters.

Action Input Parameters

There are no input parameters required for this action.

Action: List Alerts

This action retrieves a list of alerts that match the constraints specified in the query parameters.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Use V2	Enter your preference to use V2. Example: yes	Boolean	Required
Time Type	Enter the time type. Example: "relative"	Text	Required
Duration	Enter the duration. Example: "2"	Text	Required
Time Unit	Enter the unit. Example: "minute"	Text	Required
Detailed	Enter your preference to retrieve the detailed result. Example: yes	Boolean	Required
Filters	Enter the filters to narrow down the result.	Key Value	Optional

Example Request

[
    {
        "use_v2": yes,
        "timetype":"relative",
        "timeamount": "2",
        "timeunit": "minute",
        "detailed": yes
    }
]

Action: Alert Info

This action retrieves information about an alert for the specified ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Alert ID

Enter the alert ID.

Text

Required

Detailed

Enter your preference to retrieve detailed alert information.

Example:

yes

Boolean

Optional

Default value:

Action: Dismiss Alerts

This action dismisses one or more alerts on the Prisma Cloud platform.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Filters	Enter the filters.	Key Value	Required
Alert IDs	Enter the alert IDs.	List	Optional
Dismissal Note	Enter the dismissal note.	Text	Optional
Time Range	Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}}	Key Value	Optional
Policies	Enter the policy IDs.	List	Optional

Action: List Alert Remediation

This action generates and retrieves a list of remediation commands for the specified alerts and policies.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Filters	Enter the filters.	Key Value	Required
Alert IDs	Enter the alert IDs	List	Optional
Policies	Enter the policy IDs.	List	Optional

Action: Remediate Alert

This action remediates the alert with the specified ID if that alert is associated with a remediable policy.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alert ID	Enter the alert ID.	Text	Required

Action: Perform Event Search

This action retrieves the results of an RQL (Resource Query Language) audit event query.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Action: Filter Event Search Results

This action filters the results of an event log search according to the specified parameters.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Action: Search Alerts by ID

This action retrieves search data that can be used to investigate the alert with the specified ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Alert ID	Enter the alert ID.	Text	Required

Action: Get Raw Event Data

This action retrieves the audit event data for the specified ID as raw metadata.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Audit Event ID	Enter the audit event ID.	Text	Required

Action: Perform Network Search

This action performs a search against flow logs with an RQL (Resource Query Language) query.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Query	Enter the RQL query.	Text	Required
Time Range	Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}}	Key Value	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Parameter

Description

Field Type

Required/Optional

Comments

Query

Enter the RQL query.

Text

Required

Time Range

Enter the time range.

Example:

{"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}}

Key Value

Required

Extra Parameters

Enter the extra parameters.

Key Value

Optional

Example Request

[
   {
      "timerange":{
         "relativetimetype":"backward",
         "type":"relative",
         "value":{
            "amount":0,
            "unit":"minute"
         }
      }
   }
]

Action: View Asset Inventory

This action retrieves asset inventory pass/fail data for the specified time period.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Time Type	Enter the type. Example: "relative"	Text	Required
Duration	Enter the duration. Example: "2"	Text	Required
Time unit	Enter the unit. Example: "minute"	Text	Required
Extra parameters	Enter the extra parameters.	Key Value	Optional

Example Request

[
   {
      "timetype":"relative",
      "timeamount":"2",
      "timeunit":"minute"
   }
]

Action: List Inventory Filters

This action retrieves an object whose keys are supported asset inventory filters and values containing default recent options.

Action Input Parameters

This action does not require any input parameters.

Action: Get Asset Inventory Trend View

This action retrieves asset inventory pass/fail trends for the specified time period.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Time Type	Enter the type. Example: "relative'	Text	Required
Duration	Enter the duration. Example: "2"	Text	Required
Time Unit	Enter the unit. Example: "minute"	Text	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Example Request

[
   {
      "timetype":"relative",
      "timeamount":"2",
      "timeunit":"minute"
   }
]

Action: Get Cloud Audit Logs

This action retrieves audit logs for events that took place on the Prisma Cloud platform.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Time Type	Enter the type. Example: "relative"	Text	Optional
Duration	Enter the duration. Example: "2"	Text	Optional
Time Unit	Enter the unit. Example: "hour"	Text	Optional

Parameter

Description

Field Type

Required/Optional

Comments

Time Type

Enter the type.

Example:

"relative"

Text

Optional

Duration

Enter the duration.

Example:

"2"

Text

Optional

Time Unit

Enter the unit.

Example:

"hour"

Text

Optional

Example Request

[
   {
      "timetype":"relative",
      "timeamount":"2",
      "timeunit":"hour"
   }
]

Action: List Cloud Accounts

This action lists all cloud accounts onboarded onto the Prisma Cloud platform.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Exclude Account Group Details	Enter your preference to exclude account group details. Example: yes	Boolean	Optional	Default value: no

Parameter

Description

Field Type

Required/Optional

Comments

Exclude Account Group Details

Enter your preference to exclude account group details.

Example:

yes

Boolean

Optional

Default value:

Action: Get Cloud Account

This action retrieves a list of cloud account IDs and names.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Account group IDs	Enter the account group IDs.	List	Required
Cloud Type	Enter the cloud type. Example: "aws"	Text	Required
Only Active	Enter your preference to return the IDs and names of active accounts. Example: yes	Boolean	Optional	Default value: no

Parameter

Description

Field Type

Required/Optional

Comments

Account group IDs

Enter the account group IDs.

List

Required

Cloud Type

Enter the cloud type.

Example:

"aws"

Text

Required

Only Active

Enter your preference to return the IDs and names of active accounts.

Example:

yes

Boolean

Optional

Default value: no

Example Request

[
    {
        "cloud_type": "aws"
    }
]

Action: Add Cloud Account

This action onboards a new cloud account onto the Prisma Cloud platform.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Account ID	Enter the AWS account ID.	Text	Required
External ID	Enter the AWS account external ID.	Text	Required
Group IDs	Enter the list of account group IDs for this account.	List	Required
Role Arn	Enter the unique identifier for an AWS resource.	Text	Required
Name	Enter the name to be used for the account on the Prisma Cloud platform.	Text	Required
Enabled	Enter yes if the account is enabled.	Boolean	Optional	Default value: no
Protective Mode	Enter the protective mode. Example: "monitor"	Text	Optional
Skip Status Checks	Enter your preference to skip account status checks to improve response time. Example: yes	Boolean	Optional	Default value: no

Action: Get Cloud Account Information

This action retrieves top-level information about the cloud account.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Cloud Type	Enter the cloud type. Example: "aws"	Text	Required
Account ID	Enter the account ID.	Text	Required
Include Group Info	Enter your preference to include account group information. Example: yes	Boolean	Optional	Default value: no

Parameter

Description

Field Type

Required/Optional

Comments

Cloud Type

Enter the cloud type.

Example:

"aws"

Text

Required

Account ID

Enter the account ID.

Text

Required

Include Group Info

Enter your preference to include account group information.

Example:

yes

Boolean

Optional

Default value:

Example Request

[
   {
      "cloud_type":"aws",
      "include_group_info": yes
   }
]

Action: Get All Compliance Statistics

This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Time Type	Enter the type. Example: "relative"	Text	Required
Duration	Enter the duration. Example: "1"	"Text	Required
Time Unit	Enter the unit. Example: "day"	Text	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Example Request

[
   {
      "timetype":"relative",
      "timeamount":"1",
      "timeunit":"day"
   }
]

Action: Get Compliance Statistics for Standard ID

This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections for the given compliance standard ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Compliance ID	Enter the compliance ID.	Text	Required
Time Type	Enter the type. Example: "relative"	Text	Required
Duration	Enter the duration. Example: "1"	Text	Required
Time Unit	Enter the unit. Example: "minute"	Text	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Example Request

[
   {
      "timetype":"relative",
      "timeamount":"2",
      "timeunit":"minute"
   }
]

Action: Get Compliance Trend

This action retrieves a compliance posture summary that describes the passed/failed statistics trend.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Time Type	Enter the type. Example: "relative"	Text	Required
Duration	Enter the duration. Example: "1"	Text	Required
Time Unit	Enter the unit. Example: "minute"	Text	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional

Example Request

[
   {
      "timetype":"relative",
      "timeamount":"1",
      "timeunit":"minute"
   }
]

Action: List Networks

This action returns an array of public networks.

Action Input Parameters

There are no input parameters required for this action.

Action: Add Network

This action adds a public network.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Network Name	Enter the network name.	Text	Required

Action: Add IP Address to Allow List

This action adds a named list of CIDRs (IP addresses) that are in the allow list to access Prisma Cloud.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
CIDRs	Enter the list of CIDRs to allow the list for login access.	List	Required	You can include values from 1 to 10 CIDRs.
Name	Enter the unique name for CIDR (IP addresses) allow list.	Text	Required
Description	Enter the description of CIDR (IP addresses) allow list.	Text	Optional

Action: List Policies

This action retrieves all available policies, both system default, and custom.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Filters	Enter the filters to narrow down the returned policy list.	Key Value	Optional	You can apply filters to narrow the returned policy list to a subset of policies or potentially to a specific policy.

Action: Add Policies

This action adds a new policy.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Policy Name	Enter the policy name.	Text	Required
Policy Type	Enter the policy type. Example: "config"	Text	Required
Criteria	Enter the saved search ID that defines the rule criteria.	Text	Required
Rule Name	Enter the rule name.	Text	Required
Parameter	Enter the parameters. Example: {"savedsearch": "true"}	Key Value	Required
Type	Enter the type. Example: "network"	Text	Required
Severity	Enter the severity. Example: "high"	Text	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional
Cloud Type	Enter the cloud type. Example: "azure"	Text	Optional	Default value: all
Data Criteria	Enter the data criteria.	Key Value	Optional

Example Request

[
   {
      "policy_type":"config",
      "parameter":{
         "savedsearch":"true"
      },
      "type":"network",
      "severity":"high"
   }
]

Action: Get Policy

This action retrieves the policy that has the specified policy ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Policy ID	Enter the policy ID.	Text	Required

Action: Update Policy

This action updates the existing policy that has the specified policy ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Policy ID	Enter the policy ID.	Text	Required
Policy Name	Enter the policy name.	Text	Required
Policy Type	Enter the policy type. Example: "config"	Text	Required
Criteria	Enter the saved search ID that defines the rule criteria.	Text	Required
Rule Name	Enter the rule name.	Text	Required
Parameter	Enter the parameters. Example: {"savedsearch": "true"}	Key Value	Required
Type	Enter the type. Example: "auditevent"	Text	Required
Severity	Enter the severity. Example: "medium"	Text	Required
Extra Parameters	Enter the extra parameters.	Key Value	Optional
Cloud Type	Enter the cloud type. Example: "aws"	Text	Optional	Default value:all
Data Criteria	Enter the data criteria.	Key Value	Optional

Example Request

[
   {
      "policy_type":"config",
      "parameter":{
         "savedsearch":"true"
      },
      "type":"network",
      "severity":"high"
   }
]

Action: Download Report

This action downloads the compliance report with the specified ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Report ID	Enter the report ID.	Text	Required

Action: List Report Configs

This action retrieves a list of compliance report generation configurations, including the ID for each configuration.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Extra Parameters	Enter the extra parameters to narrow down the returned policy list.	Key Value	Optional	Accepts query parameters to narrow the list.

Action: Get Report Config

This action retrieves the compliance report generation configuration with the specified ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Report ID	Enter the report ID.	Text	Required

Action: List Historical Reports Data

This action retrieves a list of metadata for the scheduled compliance reports that have been run for the specified report ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Report ID	Enter the report ID.	Text	Required

Action: Get Dashboard Alerts

This action retrieves counts of total objects, public objects, sensitive objects, and malware.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Account group IDs	Enter the list of cloud account group IDs.	List	Required
Account Group Names	Enter the list of AWS account group names.	List	Required
Account IDs	Enter the list of cloud account IDs.	List	Required
Classifications	Enter the list of data classifications.	List	Required
Limit	Enter the limit of the records returned.	Integer	Required
Time Range	Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}}	Key Value	Required

Example Request

[
   {
      "timerange":{
         "relativetimetype":"backward",
         "type":"relative",
         "value":{
            "amount":0,
            "unit":"minute"
         }
      }
   }
]

Action: Get Dashboard Violations

This action list violations for the dashboard.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Account Group IDs	Enter the list of cloud account group IDs.	List	Required
Account Group Names	Enter the list of AWS account group names.	List	Required
Account IDs	Enter the list of cloud account IDs.	List	Required
Classifications	Enter the list of data classifications.	List	Required
Limit	Enter a value to limit the records returned.	Integer	Required
Time Range	Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}}	Key Value	Required

Example Request

[
   {
      "timerange":{
         "relativetimetype":"backward",
         "type":"relative",
         "value":{
            "amount":0,
            "unit":"minute"
         }
      }
   }
]

Action: Get Classification Report

This action retrieves a data classification report.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Tenant ID	Enter the tenant ID to retrieve the data classification report.	Text	Required
Object ID	Enter the object ID to retrieve the data classification report.	Text	Required

Action: List Inventory Objects

This action lists data for objects.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Table Level	Enter the table level. Example: 4	Integer	Required	The response data depends on the table level you specify in the request body parameters.
Extra Parameters	Enter the extra parameters.	Key Value	Optional	Supported parameters: "detailed" "fields" "groupby" "limit" "sortby"

Parameter

Description

Field Type

Required/Optional

Comments

Table Level

Enter the table level.

Example:

Integer

Required

The response data depends on the table level you specify in the request body parameters.

Extra Parameters

Enter the extra parameters.

Key Value

Optional

Supported parameters:

"detailed"
"fields"
"groupby"
"limit"
"sortby"

Example Request

[
   {
      "table_level": 4
   }
]

Action: Get Malware Report

This action retrieves a malware report.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Tenant ID	Enter the tenant ID.	Text	Required
Object ID	Enter the object ID.	Text	Required
File Hash	Enter the file hash value.	Text	Required

Action: Get Inventory Resource Objects

This action retrieves the objects for the specified bucket.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Tenant ID	Enter the tenant ID.	Text	Required
Object ID	Enter the object ID.	Text	Required

Action: Get Inventory Resource Details

This action retrieves details for the resource (bucket) with the specified tenant ID and bucket name.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Tenant ID	Enter the tenant ID.	Text	Required
Object ID	Enter the object ID.	Text	Required

Cyware Orchestrate

Palo Alto Prisma Cloud

About App

Configuration Parameters

Action: List Alert Filters

Action: List Alerts

Action: Alert Info

Action: Dismiss Alerts

Action: List Alert Remediation

Action: Remediate Alert

Action: Perform Event Search

Action: Filter Event Search Results

Action: Search Alerts by ID

Action: Get Raw Event Data

Action: Perform Network Search

Action: View Asset Inventory

Action: List Inventory Filters

Action: Get Asset Inventory Trend View

Action: Get Cloud Audit Logs

Action: List Cloud Accounts

Action: Get Cloud Account

Action: Add Cloud Account

Action: Get Cloud Account Information

Action: Get All Compliance Statistics

Action: Get Compliance Statistics for Standard ID

Action: Get Compliance Trend

Action: List Networks

Action: Add Network

Action: List IP Addresses Allowed for Login

Action: Add IP Address to Allow List

Action: List Policies

Action: Add Policies

Action: Get Policy

Action: Update Policy

Action: Download Report

Action: List Report Configs

Action: Get Report Config

Action: List Historical Reports Data

Action: Get Dashboard Alerts

Action: Get Dashboard Violations

Action: Get Classification Report

Action: List Inventory Objects

Action: Get Malware Report

Action: Get Inventory Resource Objects

Action: Get Inventory Resource Details

Search results