turbot/prismacloud
steampipe plugin install prismacloud

Prisma Cloud + Steampipe

Steampipe is an open-source platform that allows you to query cloud APIs using SQL.

Prisma Cloud is a comprehensive cloud security solution by Palo Alto Networks that provides protection across the entire cloud-native technology stack.

For example:

select
name,
cloud_type,
compliance_standard_id,
status
from
prismacloud_report;
+--------------------------+-----------+-------------------------+----------+
| name | cloud_type| compliance_standard_id | status |
+--------------------------+-----------+-------------------------+----------+
| Compliance Report | AWS | CIS | ACTIVE |
| Vulnerability Report | Azure | SOC2 | ACTIVE |
| Configuration Audit | GCP | HIPAA | INACTIVE |
+--------------------------+-----------+-------------------------+----------+

Documentation

Get started

Install

Download and install the latest Prisma plugin:

steampipe plugin install prismacloud

Credentials

ItemDescription
CredentialsThe Prisma plugin uses a URL and either username/password or a JSON Web Token (JWT) to authenticate to the Prisma APIs.
PermissionsYou must create a Prisma Cloud account with the necessary permissions to query the API.
RadiusThe Prisma plugin query scope is generally the same as the Prisma API. You can list resources and details that you have access to within your Prisma Cloud account.
ResolutionCredentials in the Steampipe configuration file (~/.steampipe/config/prismacloud.spc)

Configuration

Installing the latest prismacloud plugin will create a config file (~/.steampipe/config/prismacloud.spc) with a single connection named prismacloud:

connection "prismacloud" {
plugin = "prismacloud"
# Required: URL of the Prisma Cloud instance excluding the protocol.
# https://pan.dev/prismacloud-cloud/api/cspm/api-urls/
# url = "api.anz.prismacloud.io"
# Using username, password authentication
# Username for authentication.
# username = "87ef938r-e89c-2ff9-9834-8936d88333s8"
# Password for authentication.
# password = "JU+HJS8SDMsCk6yjRqd5cHhsj4k="
# Using JSON Web Token
# JSON Web Token for authentication.
# token = "eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6IjA4Y...H6BNc_Xonw"
# Customer name for the Prisma Cloud account.
# customer_name = "My Name - 123236897770856499123"
# Protocol to be used (http or https).
# protocol = "https"
# Port to connect to Prisma Cloud API.
# port = 443
# Timeout for API requests in seconds.
# timeout = 30
# Skip SSL certificate verification (true/false).
# skip_ssl_cert_verification = false
# Logging settings.
# logging = {
# # Enable or disable logging for specific components.
# "LogAction" = true
# }
# Disable automatic reconnection (true/false).
# disable_reconnect = false
# Maximum number of retries for API requests.
# max_retries = 9
# Maximum delay between retries in milliseconds.
# retry_max_delay = 5000
# Number of retries for API requests.
# retries = 3
}
  • url - The URL of the Prisma Cloud instance excluding the protocol (e.g., api.anz.prismacloudcloud.io).
  • username - The username for authentication to the Prisma Cloud API.
  • password - The password for authentication to the Prisma Cloud API.
  • token - The JSON Web Token (JWT) for authentication to the Prisma Cloud API.
  • customer_name - The customer name for the Prisma Cloud account.
  • protocol - The protocol to be used (http or https).
  • port - The port to connect to Prisma Cloud API.
  • timeout - The timeout for API requests in seconds.
  • skip_ssl_cert_verification - Whether to skip SSL certificate verification.
  • logging - The logging settings.
  • disable_reconnect - Whether to disable automatic reconnection.
  • max_retries - The maximum number of retries for API requests.
  • retry_max_delay - The maximum delay between retries in milliseconds.
  • retries - The number of retries for API requests.

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- prismacloud

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_prismacloud;
CREATE SERVER steampipe_prismacloud FOREIGN DATA WRAPPER steampipe_postgres_prismacloud OPTIONS (config '<your_config>');
CREATE SCHEMA prismacloud;
IMPORT FOREIGN SCHEMA prismacloud FROM SERVER steampipe_prismacloud INTO prismacloud;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- prismacloud

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_prismacloud function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_prismacloud.so
sqlite> select steampipe_configure_prismacloud('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' <table_name>