Skip to main content

Palo Alto Prisma Cloud

Visualize Palo Alto Prisma Cloud hosts, defender agents, container images, and vulnerabilities, and monitor changes through queries and alerts.

Installation

Palo Alto Prisma Cloud Setup Requirements

Before configuring this integration in JupiterOne, you need to set up API access in Palo Alto Prisma Cloud Compute:

Required in Prisma Cloud:

  • Your Prisma Cloud Compute Console URL
  • Your Prisma Cloud Compute version number
  • A dedicated service account username and password with read-only permissions

Authentication: This integration uses HTTP Basic authentication to connect to the Prisma Cloud Compute API.

Required Permissions: The service account should have the Auditor role or any role with read access to:

  • Monitor data (hosts and defender agents)
  • Vulnerabilities data (container images and host vulnerabilities)

Supported Edition: This integration currently supports Prisma Cloud Compute Edition. Please inform your customer success rep if you are interested in integrating with Prisma Cloud Enterprise Edition.

For more information about API access and roles, see the Prisma Cloud Compute API documentation.

This integration connects to Palo Alto Prisma Cloud Compute Edition to ingest hosts, defender agents, deployed images, and vulnerability data.

note

This integration currently supports Prisma Cloud Compute Edition. Please inform your customer success rep if you are interested in integrating with Prisma Cloud Enterprise Edition.

Prerequisites in Palo Alto Prisma Cloud

Before configuring the integration in JupiterOne, you need to gather the following information:

1. Console URL

Your Prisma Cloud Compute Console URL can be found by:

  1. Log into your Prisma Cloud Console
  2. Navigate to Compute > Manage > System > Downloads
  3. The Console URL is displayed on this page

The URL format varies by deployment type:

  • SaaS deployments: https://[region].cloud.twistlock.com/[tenant-id]
  • Self-hosted deployments: Your self-hosted Console URL

2. Version

Find your Prisma Cloud Compute version:

  1. Log into your Prisma Cloud Compute console
  2. Click the bell icon in the top right of the page
  3. Your version is displayed (e.g., 34.02)

3. Username and Password

Create a dedicated service account for JupiterOne with read-only permissions to access the Compute API.

Required Permissions: The account must be able to:

  • Read host information and vulnerabilities
  • Read defender agent data
  • Read container image information

A user with the Auditor role or any role with read access to Monitor and Vulnerabilities data will work for this integration.

Configuration in JupiterOne

To install the Palo Alto Prisma Cloud integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Palo Alto Prisma Cloud. Click New Instance to begin configuring your integration.

Creating an instance requires the following:

  • The Account Name used to identify the Palo Alto Prisma Cloud account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Palo Alto Prisma Cloud Compute Console URL, Version, Username, and Password.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.