Prisma Cloud collector

[ 1 Overview ] [ 2 Devo collector features ] [ 3 Data sources ] [ 4 Flattening preprocessing ] [ 5 Accepted authentication methods ] [ 6 Minimum configuration required for basic pulling ] [ 7 Run the collector ] [ 8 Collector services detail ] [ 9 Change log ]

Overview

The Prisma Cloud API allows you to programmatically access and manage your Prisma Cloud resources, making it easy to automate tasks, integrate with other tools, and build custom integrations. With a variety of endpoints available, Prisma Cloud API aims to automate tasks and facilitate integrations with a wide range of application types while covering the majority of workflows and use cases currently supported by the Prisma Cloud web interface.

Devo collector features

Feature	Details

Feature	Details
Allow parallel downloading (`multipod`)	`not allowed`
Running environments	`collector server`
Populated Devo events	`table`
Flattening preprocessing	`no`

Data sources

Data source	Description	API endpoint	Collector service name	Devo table	Available from release

Data source	Description	API endpoint	Collector service name	Devo table	Available from release
Alert	Get the list of alerts.	`/v2/alert`	`alert`	`cloud.paloalto.prisma.alert`	`v1.0.0`
Audit	Get the audit logs.	`/audit/redlock`	`audit`	`cloud.paloalto.prisma.audit`	`v1.0.0`
Inventory View	Get the latest inventory view data	`/v3/inventory`	`inventory_view`	`cloud.paloalto.prisma.inventory_view`	`v1.0.0`
Inventory Trend	Get the data related to historical inventory trends	`/v3/inventory/trend`	`inventory_trend`	`cloud.paloalto.prisma.inventory_trend`	`v1.0.0`

For more information on how the events are parsed, visit our page

Flattening preprocessing

Data source	Collector service	Optional	Flattening details

Data source	Collector service	Optional	Flattening details
Alert	alert	yes	not required
Audit	audit	yes	not required
Inventory View	inventory_view	yes	not required
Inventory Trend	inventory_trend	yes	not required

Accepted authentication methods

Authentication method	access_key_id	secret_key

Authentication method	access_key_id	secret_key
JWT auth token	REQUIRED	REQUIRED

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details

Setting	Details
access_key_id	The access key id to generate the JWT token for authentication.
secret_key	The secret key to generate the JWT token for authentication.

The auth token timeout specified in Prisma Cloud API official documentation is 600 seconds, but we are using it as 540 seconds to avoid authentication failure due to any possible lag.

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Events service

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

2025-01-23T10:47:53.524    INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2025-01-23T10:47:53.524    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_2) -> Starting thread (every 300 seconds)
2025-01-23T10:47:53.524    INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_2) -> Starting thread
2025-01-23T10:47:53.525    INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_2) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2025-01-23T10:47:53.525    INFO InputProcess::MainThread -> Validating common input config
2025-01-23T10:47:53.526    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2025-01-23T10:47:53.526    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2025-01-23T10:47:53.526    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Elapsed seconds: 0.00
2025-01-23T10:47:53.527    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2025-01-23T10:47:53.527    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Elapsed seconds: 0.00
2025-01-23T10:47:53.527    INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2025-01-23T10:47:53.527    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_2) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2025-01-23T10:47:53.528    INFO InputProcess::MainThread -> Validating service input config
2025-01-23T10:47:53.528    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2025-01-23T10:47:53.528    INFO OutputProcess::MainThread -> OutputMetricsThread -> Started thread for updating metrics values (update_period=10.0)
2025-01-23T10:47:53.529    INFO InputProcess::MainThread -> Running overriding rules
2025-01-23T10:47:53.529    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_2) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2025-01-23T10:47:53.529    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_2) -> [EMERGENCY_PERSISTENCE_SYSTEM] Elapsed seconds: 0.00
2025-01-23T10:47:53.529    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2025-01-23T10:47:53.529    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2025-01-23T10:47:53.529    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2025-01-23T10:47:53.529    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Elapsed seconds: 0.00
2025-01-23T10:47:53.529    INFO InputProcess::MainThread -> Adding raw config to the collector store
2025-01-23T10:47:53.530    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_sent_counter" created: "Number of messages sent to the defined output", unit: "1"
2025-01-23T10:47:53.530    INFO InputProcess::MainThread -> Running custom validation rules
2025-01-23T10:47:53.530    INFO InputProcess::MainThread -> PrismaCloudPuller(prisma_cloud#23451,audit#predefined) Finalizing the execution of init_variables()
2025-01-23T10:47:53.532    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/not_used/prisma_cloud;23451;inventory_view;predefined;PrismaCloudInventoryPuller.json
2025-01-23T10:47:53.533    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2025-01-23T10:47:53.533    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 2), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/ae8b4e96b60a096f3f54d9d4be5d6f13"
2025-01-23T10:47:53.533    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/b0c8166a1a3a1693da67377fa9a0d99b"
2025-01-23T10:47:53.534    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] Checking if old persisted data must be removed
2025-01-23T10:47:53.534    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists (Version 2), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/ae8b4e96b60a096f3f54d9d4be5d6f13"
2025-01-23T10:47:53.534    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists (Version 1), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/b0c8166a1a3a1693da67377fa9a0d99b"
2025-01-23T10:47:53.535    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) Starting the execution of init_variables()
2025-01-23T10:47:53.535    INFO InputProcess::MainThread -> Validating service metadata
2025-01-23T10:47:53.536    INFO InputProcess::MainThread -> Validating defined module definition
2025-01-23T10:47:53.540    INFO InputProcess::MainThread -> Validating common input config
2025-01-23T10:47:53.541    INFO InputProcess::MainThread -> Validating service input config
2025-01-23T10:47:53.542    INFO InputProcess::MainThread -> Running overriding rules
2025-01-23T10:47:53.542    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2025-01-23T10:47:53.543    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2025-01-23T10:47:53.543    INFO InputProcess::MainThread -> Adding raw config to the collector store
2025-01-23T10:47:53.543    INFO InputProcess::MainThread -> Running custom validation rules
2025-01-23T10:47:53.543    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) Finalizing the execution of init_variables()
2025-01-23T10:47:53.544    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/not_used/prisma_cloud;23451;inventory_trend;predefined;PrismaCloudInventoryPuller.json
2025-01-23T10:47:53.545    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2025-01-23T10:47:53.545    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 2), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/898ba6ca8f3097b447bc601f7b6b0df7"
2025-01-23T10:47:53.545    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/656d472346fc85529936965f9bfa5e8c"
2025-01-23T10:47:53.545    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] Checking if old persisted data must be removed
2025-01-23T10:47:53.545    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists (Version 2), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/898ba6ca8f3097b447bc601f7b6b0df7"
2025-01-23T10:47:53.545    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists (Version 1), filename_path: "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/state/656d472346fc85529936965f9bfa5e8c"
2025-01-23T10:47:53.546    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) Starting the execution of init_variables()
2025-01-23T10:47:53.546    INFO InputProcess::MainThread -> Validating service metadata
2025-01-23T10:47:53.547    INFO InputProcess::MainThread -> Validating defined module definition
2025-01-23T10:47:53.548    INFO InputProcess::MainThread -> Validating common input config
2025-01-23T10:47:53.550    INFO InputProcess::MainThread -> Validating service input config
2025-01-23T10:47:53.550    INFO InputProcess::MainThread -> Running overriding rules
2025-01-23T10:47:53.550    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2025-01-23T10:47:53.550    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2025-01-23T10:47:53.551    INFO InputProcess::MainThread -> Adding raw config to the collector store
2025-01-23T10:47:53.551    INFO InputProcess::MainThread -> Running custom validation rules
2025-01-23T10:47:53.551    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) Finalizing the execution of init_variables()
2025-01-23T10:47:53.551    INFO InputProcess::MainThread -> InputThread(prisma_cloud,23451) - Starting thread (execution_period=60s)
2025-01-23T10:47:53.552    INFO InputProcess::MainThread -> ServiceThread(prisma_cloud,23451,alert,predefined) - Starting thread (execution_period=60s)
2025-01-23T10:47:53.552    INFO InputProcess::MainThread -> PrismaCloudPullerSetup(prisma_cloud#23451,alert#predefined) -> Starting thread
2025-01-23T10:47:53.552    INFO InputProcess::MainThread -> PrismaCloudPuller(prisma_cloud#23451,alert#predefined) - Starting thread
2025-01-23T10:47:53.552 WARNING InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,alert#predefined) -> The token/header/authentication has not been created yet
2025-01-23T10:47:53.553 WARNING InputProcess::PrismaCloudPuller(prisma_cloud#23451,alert#predefined) -> Waiting until setup will be executed
2025-01-23T10:47:53.553    INFO InputProcess::MainThread -> ServiceThread(prisma_cloud,23451,audit,predefined) - Starting thread (execution_period=60s)
2025-01-23T10:47:53.553    INFO InputProcess::MainThread -> PrismaCloudPullerSetup(prisma_cloud#23451,audit#predefined) -> Starting thread
2025-01-23T10:47:53.554    INFO InputProcess::MainThread -> PrismaCloudPuller(prisma_cloud#23451,audit#predefined) - Starting thread
2025-01-23T10:47:53.554 WARNING InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,audit#predefined) -> The token/header/authentication has not been created yet
2025-01-23T10:47:53.554 WARNING InputProcess::PrismaCloudPuller(prisma_cloud#23451,audit#predefined) -> Waiting until setup will be executed
2025-01-23T10:47:53.556    INFO InputProcess::MainThread -> ServiceThread(prisma_cloud,23451,inventory_view,predefined) - Starting thread (execution_period=60s)
2025-01-23T10:47:53.557    INFO InputProcess::MainThread -> PrismaCloudPullerSetup(prisma_cloud#23451,inventory_view#predefined) -> Starting thread
2025-01-23T10:47:53.557    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) - Starting thread
2025-01-23T10:47:53.557 WARNING InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,inventory_view#predefined) -> The token/header/authentication has not been created yet
2025-01-23T10:47:53.557 WARNING InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Waiting until setup will be executed
2025-01-23T10:47:53.558    INFO InputProcess::MainThread -> ServiceThread(prisma_cloud,23451,inventory_trend,predefined) - Starting thread (execution_period=60s)
2025-01-23T10:47:53.559    INFO InputProcess::MainThread -> PrismaCloudPullerSetup(prisma_cloud#23451,inventory_trend#predefined) -> Starting thread
2025-01-23T10:47:53.560    INFO InputProcess::MainThread -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) - Starting thread
2025-01-23T10:47:53.560 WARNING InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,inventory_trend#predefined) -> The token/header/authentication has not been created yet
2025-01-23T10:47:53.560 WARNING InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_trend#predefined) -> Waiting until setup will be executed
2025-01-23T10:47:53.561    INFO OutputProcess::MainThread -> [GC] global: 37.3% -> 37.4%, process: RSS(62.25MiB -> 62.87MiB), VMS(1.08GiB -> 1.08GiB)
2025-01-23T10:47:53.561    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_sent_bytes" created: "Number of bytes sent to the defined output", unit: "1"
2025-01-23T10:47:53.561    INFO InputProcess::MainThread -> InputMetricsThread -> Started thread for updating metrics values (update_period=10.0)
2025-01-23T10:47:53.564    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "vendor_requests" created: "Number of requests received from the vendor API", unit: "requests"
2025-01-23T10:47:53.592    INFO InputProcess::MainThread -> [GC] global: 37.4% -> 37.4%, process: RSS(62.75MiB -> 63.25MiB), VMS(1.15GiB -> 1.15GiB)
2025-01-23T10:47:53.593    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_incoming_received" created: "Number of messages received from the vendor API", unit: "1"
2025-01-23T10:47:53.593    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_incoming_removed" created: "Number of messages removed by the collector", unit: "1"
2025-01-23T10:47:53.594    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_incoming_filtered" created: "Number of messages filtered by the collector", unit: "1"
2025-01-23T10:47:53.594    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_enqueued_standard_counter" created: "Number of messages enqueued", unit: "1"
2025-01-23T10:47:53.595    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_enqueued_standard_bytes" created: "Number of bytes enqueued", unit: "1"
2025-01-23T10:47:53.595    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_enqueued_lookup_counter" created: "Number of messages enqueued", unit: "1"
2025-01-23T10:47:53.596    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_enqueued_lookup_bytes" created: "Number of messages enqueued", unit: "1"
2025-01-23T10:47:53.596    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_enqueued_internal_counter" created: "Number of messages enqueued in the queue", unit: "1"
2025-01-23T10:47:53.596    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Counter "msg_enqueued_internal_bytes" created: "Number of messages enqueued in the queue", unit: "1"
2025-01-23T10:47:53.597    INFO MainProcess::MetricsConsumerThread -> OpenTelemetryServer -> [METRIC] Gauge "module_global_status" created: "Global status of current module", unit: "1"
2025-01-23T10:47:54.245    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/certs/chain.crt", "cert_path": "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/certs/int-if-integrations-india.crt", "key_path": "/home/shivank/PycharmProjects/Devo/devo-prismacloud-collector/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "shivank", session_id: "137403887435248"
2025-01-23T10:47:54.245    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2025-01-23T10:47:55.513    INFO InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,audit#predefined) -> Token is valid. Skipping the generation of new auth token 
2025-01-23T10:47:55.515    INFO InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,audit#predefined) -> Token is valid. Skipping the generation of new auth token 
2025-01-23T10:47:55.516    INFO InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,audit#predefined) -> Setup for module <PrismaCloudPuller> has been successfully executed
2025-01-23T10:47:55.560    INFO InputProcess::PrismaCloudPuller(prisma_cloud#23451,audit#predefined) -> PrismaCloudPuller(prisma_cloud#23451,audit#predefined) Starting the execution of pre_pull()
2025-01-23T10:47:55.561    INFO InputProcess::PrismaCloudPuller(prisma_cloud#23451,audit#predefined) -> Reading persisted data

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

2025-01-23T10:47:56.579    INFO InputProcess::PrismaCloudPuller(prisma_cloud#23451,alert#predefined) -> Pull Started
2025-01-23T10:47:56.581    INFO InputProcess::PrismaCloudPuller(prisma_cloud#23451,alert#predefined) -> Fetching data From : 2025-01-22T11:30:00.000000Z
2025-01-23T10:47:59.446    INFO InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,inventory_view#predefined) -> Token is valid. Skipping the generation of new auth token 
2025-01-23T10:47:59.456    INFO InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,inventory_view#predefined) -> Token is valid. Skipping the generation of new auth token 
2025-01-23T10:47:59.467    INFO InputProcess::PrismaCloudPullerSetup(prisma_cloud#23451,inventory_view#predefined) -> Setup for module <PrismaCloudInventoryPuller> has been successfully executed
2025-01-23T10:47:59.571    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) Starting the execution of pre_pull()
2025-01-23T10:47:59.592    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Reading persisted data
2025-01-23T10:47:59.632    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Data retrieved from the persistence: None
2025-01-23T10:47:59.633 WARNING InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Persistence will be overridden due to the retrieved state is empty
2025-01-23T10:47:59.633    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Running the persistence upgrade steps
2025-01-23T10:47:59.635    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Running the persistence corrections steps
2025-01-23T10:47:59.635    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Running the persistence corrections steps
2025-01-23T10:47:59.635 WARNING InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Some changes have been detected and the persistence needs to be updated. Previous content: None. New content: {'@persistence_version': 1, 'start_time': None, 'last_ids': []}
2025-01-23T10:47:59.638    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Updating the persistence
2025-01-23T10:47:59.640 WARNING InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Persistence has been updated successfully
2025-01-23T10:47:59.640    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) Finalizing the execution of pre_pull()
2025-01-23T10:47:59.640    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Starting data collection every 60 seconds
2025-01-23T10:47:59.642    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Pull Started
2025-01-23T10:47:59.644    INFO InputProcess::PrismaCloudInventoryPuller(prisma_cloud#23451,inventory_view#predefined) -> Fetching data
2025-01-23T10:47:59.838    INFO InputProcess::PrismaCloudPuller(prisma_cloud#23451,audit#predefined) -> Sent 28966 audit events to Devo.

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

2025-01-23T10:47:59.839    INFO InputProcess::PrismaCloudPuller(prisma_cloud#23451,audit#predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1737609475560):Number of requests made: 1; Number of events received: 28966; Number of duplicated events filtered out: 0; Number of events generated and sent: 28966; Average of events per second: 6812.879.

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the reset_persistence_auth parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution

Error type	Error ID	Error message	Cause	Solution
InitVariablesError	1	`initial_start_time_in_utc is not set as per the datetime_format : {datetime_format}`	The date in config is not as per required format	Ensure the date format is correct.
InitVariablesError	2	`Date {initial_start_time_str} is in the future`	The date in config is greater than current time	Ensure the datetime is less than current time
InitVariablesErrorSetupError	100	`HTTP Error occurred while generating auth token from prisma server`	Wrong credentials	Check the credentials and ensure that the collector has the necessary permissions to access the Prisma API.
	101	`Some error occurred while generating auth token from prisma server. Error details: {e}`	Generate auth token api failed	Contact the developer with exact error message.
	102	`HTTP Error occurred while refreshing auth token. Summary: {e}`	Extend auth token api failed	Check the credentials and ensure that the collector has the necessary permissions to access the Prisma API.
	103	`Failed to refresh auth token. Reason {e}`	Prisma API call is failing	Check the credentials and ensure that the collector has the necessary permissions to access the Prisma API.
	104	`HTTP Error occurred while trying to reach endpoint`	Service endpoint is failing	Check the credentials and ensure that the collector has the necessary permissions to access the Prisma API.
	105	`Failed to reach out to endpoint. Reason {e}`	Service endpoint is failing	Check the credentials and ensure that the collector has the necessary permissions to access the Prisma API.
PullError	300	`HTTP Error occurred while fetching apim incident from prisma cloud server`	Prisma API call is failing	Check the credentials and ensure that the collector has the necessary permissions to access the Prisma API.
PullError	301	`Some error occurred while fetching apim incident from prisma cloud server. Error details: {e}`	Prisma API call is failing	Contact the developer with exact error message.

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the global value.
All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.

To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.
To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.

For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.

Change log

Release	Released on	Release type	Details	Recommendations

Release	Released on	Release type	Details	Recommendations
`v2.0.0`	Jan 15, 2025	IMPROVEMENTSecurity	Refactor codebase and upgraded to DCSDK 1.13.1	`Recommended version`
`v1.0.5`	Nov 6, 2023	IMPROVEMENT	Added new `debug` property for logging messages. By default `false`	`Update`
`v1.0.4`	Nov 3, 2023	IMPROVEMENT	Added new `lag_time` property and logging messages	`Update`
`v1.0.3`	Apr 26, 2023	Changed	Changed request method for alerts endpoint from `GET` to `POST`	`Update`
`v1.0.1`	Jul 9, 2020	Improvements	Added delta_time for inventory_view and inventory_view log types	`Update`
`v1.0.0`	Jul 7, 2020	Feature	Initial version	`Update`

Devo latest