Palo Alto Prisma Cloud
App Vendor: Palo Alto Networks
App Category: Network Security
Connector Version: 1.0.0
API Version: 1.0.0
About App
The Palo Alto Prisma Cloud enables you to engage with Prisma Cloud services programmatically.
The Palo Alto Prisma Cloud app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
List Alert Filters | This action retrieves an object whose keys are the available policy filters. |
List Alerts | This action retrieves a list of alerts that match the constraints specified in the query parameters. |
Alert Info | This action retrieves information about an alert for the specified ID. |
Dismiss Alerts | This action dismisses one or more alerts on the Prisma Cloud platform. |
List Alert Remediation | This action generates and retrieves a list of remediation commands for the specified alerts and policies. |
Remediate Alert | This action remediates the alert with the specified ID if that alert is associated with a remediable policy. |
Perform Event Search | This action retrieves the results of an RQL (Resource Query Language) audit event query. |
Filter Event Search Results | This action filters the results of an event log search according to the specified parameters. |
Search Alerts by ID | This action retrieves search data to investigate the alert with the specified ID. |
Get Raw Event Data | This action retrieves the audit event data for the specified ID as raw metadata. |
Perform Network Search | This action performs a search against flow logs with an RQL (Resource Query Language) query. |
View Asset Inventory | This action retrieves asset inventory pass/fail data for the specified time period |
List Inventory Filters | This action retrieves an object whose keys are supported asset inventory filters and values contain default recent options |
Get Asset Inventory Trend View | This action retrieves asset inventory pass/fail trends for the specified time period. |
Get Cloud Audit Logs | This action retrieves audit logs for events that took place on the Prisma Cloud platform. |
List Cloud Accounts | This action lists all cloud accounts onboarded onto the Prisma Cloud platform. |
Get Cloud Account | This action retrieves a list of cloud account IDs and names. |
Add Cloud Account | This action onboards a new cloud account onto the Prisma Cloud platform |
Get Cloud Account Information | This action retrieves top-level information about the cloud account. |
Get All Compliance Statistics | This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections. |
Get Compliance Statistics for Standard ID | This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections for the given compliance standard ID. |
Get Compliance Trend | This action retrieves a compliance posture summary that describes the passed/failed statistics trend. |
List Networks | This action retrieves an array of public networks. |
Add Network | This action adds a public network. |
List IP Addresses Allowed for Login | This action retrieves a list of data objects that contain the CIDRs in the allow list to access the Prisma Cloud tenant. |
Add IP Address to Allow List | This action adds a named list of CIDRs (IP addresses) that are in the allow list to access Prisma cloud. |
List Policies | This action retrieves system default and custom policies. |
Add Policies | This action adds a new policy. |
Get Policy | This action retrieves the policy that has the specified policy ID. |
Update Policy | This action updates the existing policy that has the specified policy ID. |
Download Report | This action downloads the compliance report with the specified ID. |
List Report Configs | This action retrieves a list of compliance report generation configurations. |
Get Report Config | This action retrieves the compliance report generation configuration with the specified ID. |
List Historical Reports Data | This action retrieves a list of metadata for the scheduled compliance reports for the specified report ID. |
Get Dashboard Alerts | This action retrieves counts of total objects, public objects, sensitive objects, and malware. |
Get Dashboard Violations | This action list violations for the dashboard. |
Get Classification Report | This action retrieves a data classification report. |
List Inventory Objects | This action lists data for objects. |
Get Malware Report | This action retrieves a malware report. |
Get Inventory Resource Details | This action retrieves details for the resource (bucket) with the specified tenant ID and bucket name. |
Get Inventory Resource Objects | This action retrieves the objects for the specified bucket. |
Configuration Parameters
The following configuration parameters are required for the Palo Alto Prisma Cloud app to communicate with the Palo Alto Prisma Cloud enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access Prisma Cloud. | Text | Required | |
Access ID | Enter the access ID. | Text | Required | |
Password | Enter the password. | Password | Required | |
Customer Name | Enter the customer's name. | Text | Optional | |
Prisma ID | Enter the Prisma ID. | Text | Optional |
Action: List Alert Filters
This action retrieves an object whose keys are the available policy filters.
Action Input Parameters
There are no input parameters required for this action.
Action: List Alerts
This action retrieves a list of alerts that match the constraints specified in the query parameters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Use V2 | Enter your preference to use V2. Example: yes | Boolean | Required | |
Time Type | Enter the time type. Example: "relative" | Text | Required | |
Duration | Enter the duration. Example: "2" | Text | Required | |
Time Unit | Enter the unit. Example: "minute" | Text | Required | |
Detailed | Enter your preference to retrieve the detailed result. Example: yes | Boolean | Required | |
Filters | Enter the filters to narrow down the result. | Key Value | Optional |
Example Request
[
{
"use_v2": yes,
"timetype":"relative",
"timeamount": "2",
"timeunit": "minute",
"detailed": yes
}
]Action: Alert Info
This action retrieves information about an alert for the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. | Text | Required | |
Detailed | Enter your preference to retrieve detailed alert information. Example: yes | Boolean | Optional | Default value: no |
Action: Dismiss Alerts
This action dismisses one or more alerts on the Prisma Cloud platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Enter the filters. | Key Value | Required | |
Alert IDs | Enter the alert IDs. | List | Optional | |
Dismissal Note | Enter the dismissal note. | Text | Optional | |
Time Range | Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}} | Key Value | Optional | |
Policies | Enter the policy IDs. | List | Optional |
Action: List Alert Remediation
This action generates and retrieves a list of remediation commands for the specified alerts and policies.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Enter the filters. | Key Value | Required | |
Alert IDs | Enter the alert IDs | List | Optional | |
Policies | Enter the policy IDs. | List | Optional |
Action: Remediate Alert
This action remediates the alert with the specified ID if that alert is associated with a remediable policy.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. | Text | Required |
Action: Perform Event Search
This action retrieves the results of an RQL (Resource Query Language) audit event query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Action: Filter Event Search Results
This action filters the results of an event log search according to the specified parameters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Action: Search Alerts by ID
This action retrieves search data that can be used to investigate the alert with the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. | Text | Required |
Action: Get Raw Event Data
This action retrieves the audit event data for the specified ID as raw metadata.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Audit Event ID | Enter the audit event ID. | Text | Required |
Action: Perform Network Search
This action performs a search against flow logs with an RQL (Resource Query Language) query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the RQL query. | Text | Required | |
Time Range | Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}} | Key Value | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Example Request
[
{
"timerange":{
"relativetimetype":"backward",
"type":"relative",
"value":{
"amount":0,
"unit":"minute"
}
}
}
]Action: View Asset Inventory
This action retrieves asset inventory pass/fail data for the specified time period.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Time Type | Enter the type. Example: "relative" | Text | Required | |
Duration | Enter the duration. Example: "2" | Text | Required | |
Time unit | Enter the unit. Example: "minute" | Text | Required | |
Extra parameters | Enter the extra parameters. | Key Value | Optional |
Example Request
[
{
"timetype":"relative",
"timeamount":"2",
"timeunit":"minute"
}
]Action: List Inventory Filters
This action retrieves an object whose keys are supported asset inventory filters and values containing default recent options.
Action Input Parameters
This action does not require any input parameters.
Action: Get Asset Inventory Trend View
This action retrieves asset inventory pass/fail trends for the specified time period.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Time Type | Enter the type. Example: "relative' | Text | Required | |
Duration | Enter the duration. Example: "2" | Text | Required | |
Time Unit | Enter the unit. Example: "minute" | Text | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Example Request
[
{
"timetype":"relative",
"timeamount":"2",
"timeunit":"minute"
}
]Action: Get Cloud Audit Logs
This action retrieves audit logs for events that took place on the Prisma Cloud platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Time Type | Enter the type. Example: "relative" | Text | Optional | |
Duration | Enter the duration. Example: "2" | Text | Optional | |
Time Unit | Enter the unit. Example: "hour" | Text | Optional |
Example Request
[
{
"timetype":"relative",
"timeamount":"2",
"timeunit":"hour"
}
]Action: List Cloud Accounts
This action lists all cloud accounts onboarded onto the Prisma Cloud platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Exclude Account Group Details | Enter your preference to exclude account group details. Example: yes | Boolean | Optional | Default value: no |
Action: Get Cloud Account
This action retrieves a list of cloud account IDs and names.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Account group IDs | Enter the account group IDs. | List | Required | |
Cloud Type | Enter the cloud type. Example: "aws" | Text | Required | |
Only Active | Enter your preference to return the IDs and names of active accounts. Example: yes | Boolean | Optional | Default value: no |
Example Request
[
{
"cloud_type": "aws"
}
]Action: Add Cloud Account
This action onboards a new cloud account onto the Prisma Cloud platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Account ID | Enter the AWS account ID. | Text | Required | |
External ID | Enter the AWS account external ID. | Text | Required | |
Group IDs | Enter the list of account group IDs for this account. | List | Required | |
Role Arn | Enter the unique identifier for an AWS resource. | Text | Required | |
Name | Enter the name to be used for the account on the Prisma Cloud platform. | Text | Required | |
Enabled | Enter yes if the account is enabled. | Boolean | Optional | Default value: no |
Protective Mode | Enter the protective mode. Example: "monitor" | Text | Optional | |
Skip Status Checks | Enter your preference to skip account status checks to improve response time. Example: yes | Boolean | Optional | Default value: no |
Action: Get Cloud Account Information
This action retrieves top-level information about the cloud account.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Cloud Type | Enter the cloud type. Example: "aws" | Text | Required | |
Account ID | Enter the account ID. | Text | Required | |
Include Group Info | Enter your preference to include account group information. Example: yes | Boolean | Optional | Default value: no |
Example Request
[
{
"cloud_type":"aws",
"include_group_info": yes
}
]Action: Get All Compliance Statistics
This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Time Type | Enter the type. Example: "relative" | Text | Required | |
Duration | Enter the duration. Example: "1" | "Text | Required | |
Time Unit | Enter the unit. Example: "day" | Text | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Example Request
[
{
"timetype":"relative",
"timeamount":"1",
"timeunit":"day"
}
]Action: Get Compliance Statistics for Standard ID
This action retrieves a breakdown of the passed/failed statistics and associated policies for compliance standards, requirements, and sections for the given compliance standard ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Compliance ID | Enter the compliance ID. | Text | Required | |
Time Type | Enter the type. Example: "relative" | Text | Required | |
Duration | Enter the duration. Example: "1" | Text | Required | |
Time Unit | Enter the unit. Example: "minute" | Text | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Example Request
[
{
"timetype":"relative",
"timeamount":"2",
"timeunit":"minute"
}
]Action: Get Compliance Trend
This action retrieves a compliance posture summary that describes the passed/failed statistics trend.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Time Type | Enter the type. Example: "relative" | Text | Required | |
Duration | Enter the duration. Example: "1" | Text | Required | |
Time Unit | Enter the unit. Example: "minute" | Text | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional |
Example Request
[
{
"timetype":"relative",
"timeamount":"1",
"timeunit":"minute"
}
]Action: List Networks
This action returns an array of public networks.
Action Input Parameters
There are no input parameters required for this action.
Action: Add Network
This action adds a public network.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Network Name | Enter the network name. | Text | Required |
Action: List IP Addresses Allowed for Login
This action retrieves a list of data objects that contain the CIDRs in the allow list to access the Prisma Cloud tenant.
Action Input Parameters
There are no input parameters required for this action.
Action: Add IP Address to Allow List
This action adds a named list of CIDRs (IP addresses) that are in the allow list to access Prisma Cloud.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CIDRs | Enter the list of CIDRs to allow the list for login access. | List | Required | You can include values from 1 to 10 CIDRs. |
Name | Enter the unique name for CIDR (IP addresses) allow list. | Text | Required | |
Description | Enter the description of CIDR (IP addresses) allow list. | Text | Optional |
Action: List Policies
This action retrieves all available policies, both system default, and custom.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Enter the filters to narrow down the returned policy list. | Key Value | Optional | You can apply filters to narrow the returned policy list to a subset of policies or potentially to a specific policy. |
Action: Add Policies
This action adds a new policy.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy Name | Enter the policy name. | Text | Required | |
Policy Type | Enter the policy type. Example: "config" | Text | Required | |
Criteria | Enter the saved search ID that defines the rule criteria. | Text | Required | |
Rule Name | Enter the rule name. | Text | Required | |
Parameter | Enter the parameters. Example: {"savedsearch": "true"} | Key Value | Required | |
Type | Enter the type. Example: "network" | Text | Required | |
Severity | Enter the severity. Example: "high" | Text | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional | |
Cloud Type | Enter the cloud type. Example: "azure" | Text | Optional | Default value: all |
Data Criteria | Enter the data criteria. | Key Value | Optional |
Example Request
[
{
"policy_type":"config",
"parameter":{
"savedsearch":"true"
},
"type":"network",
"severity":"high"
}
]Action: Get Policy
This action retrieves the policy that has the specified policy ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter the policy ID. | Text | Required |
Action: Update Policy
This action updates the existing policy that has the specified policy ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy ID | Enter the policy ID. | Text | Required | |
Policy Name | Enter the policy name. | Text | Required | |
Policy Type | Enter the policy type. Example: "config" | Text | Required | |
Criteria | Enter the saved search ID that defines the rule criteria. | Text | Required | |
Rule Name | Enter the rule name. | Text | Required | |
Parameter | Enter the parameters. Example: {"savedsearch": "true"} | Key Value | Required | |
Type | Enter the type. Example: "auditevent" | Text | Required | |
Severity | Enter the severity. Example: "medium" | Text | Required | |
Extra Parameters | Enter the extra parameters. | Key Value | Optional | |
Cloud Type | Enter the cloud type. Example: "aws" | Text | Optional | Default value:all |
Data Criteria | Enter the data criteria. | Key Value | Optional |
Example Request
[
{
"policy_type":"config",
"parameter":{
"savedsearch":"true"
},
"type":"network",
"severity":"high"
}
]Action: Download Report
This action downloads the compliance report with the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID. | Text | Required |
Action: List Report Configs
This action retrieves a list of compliance report generation configurations, including the ID for each configuration.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Parameters | Enter the extra parameters to narrow down the returned policy list. | Key Value | Optional | Accepts query parameters to narrow the list. |
Action: Get Report Config
This action retrieves the compliance report generation configuration with the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID. | Text | Required |
Action: List Historical Reports Data
This action retrieves a list of metadata for the scheduled compliance reports that have been run for the specified report ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID. | Text | Required |
Action: Get Dashboard Alerts
This action retrieves counts of total objects, public objects, sensitive objects, and malware.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Account group IDs | Enter the list of cloud account group IDs. | List | Required | |
Account Group Names | Enter the list of AWS account group names. | List | Required | |
Account IDs | Enter the list of cloud account IDs. | List | Required | |
Classifications | Enter the list of data classifications. | List | Required | |
Limit | Enter the limit of the records returned. | Integer | Required | |
Time Range | Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}} | Key Value | Required |
Example Request
[
{
"timerange":{
"relativetimetype":"backward",
"type":"relative",
"value":{
"amount":0,
"unit":"minute"
}
}
}
]Action: Get Dashboard Violations
This action list violations for the dashboard.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Account Group IDs | Enter the list of cloud account group IDs. | List | Required | |
Account Group Names | Enter the list of AWS account group names. | List | Required | |
Account IDs | Enter the list of cloud account IDs. | List | Required | |
Classifications | Enter the list of data classifications. | List | Required | |
Limit | Enter a value to limit the records returned. | Integer | Required | |
Time Range | Enter the time range. Example: {"relativetimetype": "backward","type": "relative","value": {"amount": 0,"unit": "minute"}} | Key Value | Required |
Example Request
[
{
"timerange":{
"relativetimetype":"backward",
"type":"relative",
"value":{
"amount":0,
"unit":"minute"
}
}
}
]Action: Get Classification Report
This action retrieves a data classification report.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID to retrieve the data classification report. | Text | Required | |
Object ID | Enter the object ID to retrieve the data classification report. | Text | Required |
Action: List Inventory Objects
This action lists data for objects.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Table Level | Enter the table level. Example: 4 | Integer | Required | The response data depends on the table level you specify in the request body parameters. |
Extra Parameters | Enter the extra parameters. | Key Value | Optional | Supported parameters:
|
Example Request
[
{
"table_level": 4
}
]Action: Get Malware Report
This action retrieves a malware report.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. | Text | Required | |
Object ID | Enter the object ID. | Text | Required | |
File Hash | Enter the file hash value. | Text | Required |
Action: Get Inventory Resource Objects
This action retrieves the objects for the specified bucket.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. | Text | Required | |
Object ID | Enter the object ID. | Text | Required |
Action: Get Inventory Resource Details
This action retrieves details for the resource (bucket) with the specified tenant ID and bucket name.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. | Text | Required | |
Object ID | Enter the object ID. | Text | Required |