turbot/prismacloud
steampipe plugin install prismacloud

Table: prismacloud_inventory_api_endpoint - Query Prisma Cloud API endpoints using SQL

The Prisma Cloud API endpoint table in Steampipe provides you with comprehensive information about API endpoints within Prisma Cloud. This table allows you, as a security engineer or cloud administrator, to query API endpoint-specific details, including account information, API paths, HTTP methods, and risk factors. You can utilize this table to gather insights on API endpoints, such as discovery methods, inspection types, and usage statistics. The schema outlines the various attributes of the Prisma Cloud API endpoints for you.

Table Usage Guide

The prismacloud_inventory_api_endpoint table in Steampipe provides detailed information about API endpoints within Prisma Cloud. This table allows you to query details such as account ID, API paths, HTTP methods, and risk factors, enabling you to manage and monitor your API endpoints effectively.

Examples

Basic info

Retrieve basic information about Prisma Cloud API endpoints, such as account ID, account name, and API path.

select
account_id,
account_name,
api_path
from
prismacloud_inventory_api_endpoint;
select
account_id,
account_name,
api_path
from
prismacloud_inventory_api_endpoint;

Get API endpoints HTTP methods and hits

Get the count of hits for each API endpoint by HTTP method. This is useful for understanding the usage patterns of your API endpoints.

select
api_path,
http_method,
hits
from
prismacloud_inventory_api_endpoint;
select
api_path,
http_method,
hits
from
prismacloud_inventory_api_endpoint;

Get API endpoints risk factors

Retrieve the risk factors associated with each API endpoint. This helps in assessing the security posture of your API endpoints.

select
api_path,
path_risk_factors ->> 'internetExposed' as internet_exposed,
path_risk_factors -> 'owaspAPIAttacks' as owasp_api_attacks,
path_risk_factors -> 'requestSensitiveData' as request_sensitive_data,
path_risk_factors ->> 'requiresAuthentication' as requires_authentication,
path_risk_factors -> 'responseSensitiveData' as response_sensitive_data
from
prismacloud_inventory_api_endpoint;
select
api_path,
json_extract(path_risk_factors, '$.internetExposed') as internet_exposed,
json_extract(path_risk_factors, '$.owaspAPIAttacks') as owasp_api_attacks,
json_extract(path_risk_factors, '$.requestSensitiveData') as request_sensitive_data,
json_extract(path_risk_factors, '$.requiresAuthentication') as requires_authentication,
json_extract(path_risk_factors, '$.responseSensitiveData') as response_sensitive_data
from
prismacloud_inventory_api_endpoint;

Discovery methods and inspection types

Identify the discovery methods and inspection types for each API endpoint. This helps in understanding how the endpoints were discovered and inspected.

select
api_path,
discovery_method,
inspection_type
from
prismacloud_inventory_api_endpoint;
select
api_path,
discovery_method,
inspection_type
from
prismacloud_inventory_api_endpoint;

Get API endpoint recent changes and observations

Get the timestamp of when each API endpoint was last changed and last observed. This helps in tracking the activity and updates of your API endpoints.

select
api_path,
last_changed,
current_date - last_changed :: date as days_since_last_change,
last_observed,
current_date - last_observed :: date as days_since_last_observed
from
prismacloud_inventory_api_endpoint;
select
api_path,
last_changed,
julianday('now') - julianday(last_changed) as days_since_last_change,
last_observed,
julianday('now') - julianday(last_observed) as days_since_last_observed
from
prismacloud_inventory_api_endpoint;

Schema for prismacloud_inventory_api_endpoint

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtextThe account ID.
account_nametextThe account name.
api_pathtextThe API path.
api_servertextThe API server URL.
asset_idtextThe unique identifier for the asset.
cloud_typetextThe type of cloud.
countbigintThe count of items.
discovery_methodtextThe method of discovery.
emailtext=, !=, ~~, ~~*, !~~, !~~*Email address of the current session user.
hitsbigintThe number of hits.
http_methodtextThe HTTP method.
inspection_typetextThe type of inspection.
last_changedtimestamp with time zoneThe timestamp when the asset was last changed.
last_observedtimestamp with time zoneThe timestamp when the asset was last observed.
path_risk_factorsjsonbThe risk factors associated with the path.
regiontextThe region of the asset.
service_nametextThe name of the service.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the asset.
totalbigintThe total number of items.
workloadsjsonbThe workloads associated with the asset.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' prismacloud_inventory_api_endpoint