Prisma Cloud collector
- Shivank Shukla
- Virginia Camuñas Núñez
Overview
The Prisma Cloud API allows you to programmatically access and manage your Prisma Cloud resources, making it easy to automate tasks, integrate with other tools, and build custom integrations. With a variety of endpoints available, Prisma Cloud API aims to automate tasks and facilitate integrations with a wide range of application types while covering the majority of workflows and use cases currently supported by the Prisma Cloud web interface.
Devo collector features
Feature | Details |
|---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening preprocessing |
|
Data sources
Data source | Description | API endpoint | Collector service name | Devo table | Available from release |
|---|---|---|---|---|---|
Alert | Get the list of alerts. |
|
|
|
|
Audit | Get the audit logs. |
|
|
|
|
Inventory View | Get the latest inventory view data |
|
|
|
|
Inventory Trend | Get the data related to historical inventory trends |
|
|
|
|
For more information on how the events are parsed, visit our page
Flattening preprocessing
Data source | Collector service | Optional | Flattening details |
|---|---|---|---|
Alert | alert | yes | not required |
Audit | audit | yes | not required |
Inventory View | inventory_view | yes | not required |
Inventory Trend | inventory_trend | yes | not required |
Accepted authentication methods
Authentication method | access_key_id | secret_key |
|---|---|---|
JWT auth token | REQUIRED | REQUIRED |
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.
Setting | Details |
|---|---|
access_key_id | The access key id to generate the JWT token for authentication. |
secret_key | The secret key to generate the JWT token for authentication. |
The auth token timeout specified in Prisma Cloud API official documentation is 600 seconds, but we are using it as 540 seconds to avoid authentication failure due to any possible lag.
See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector services detail
This section is intended to explain how to proceed with specific actions for services.
Events service
Change log
Release | Released on | Release type | Details | Recommendations |
|---|---|---|---|---|
| Jan 15, 2025 | IMPROVEMENTSecurity | Refactor codebase and upgraded to DCSDK 1.13.1 |
|
| Nov 6, 2023 | IMPROVEMENT | Added new `debug` property for logging messages. By default `false` |
|
| Nov 3, 2023 | IMPROVEMENT | Added new `lag_time` property and logging messages |
|
| Apr 26, 2023 | Changed | Changed request method for alerts endpoint from `GET` to `POST` |
|
| Jul 9, 2020 | Improvements | Added delta_time for inventory_view and inventory_view log types |
|
| Jul 7, 2020 | Feature | Initial version |
|