turbot/prismacloud
steampipe plugin install prismacloud

Table: prismacloud_inventory_asset_explorer - Explore Prisma Cloud assets using SQL

The Prisma Cloud asset explorer table in Steampipe provides you with comprehensive information about cloud assets within Prisma Cloud. This table allows you, as a security engineer or cloud administrator, to query asset-specific details, including account information, alert statuses, compliance standards, and vulnerability details. You can utilize this table to gather insights on cloud assets, such as compliance status, alert severity, and vulnerability counts. The schema outlines the various attributes of the Prisma Cloud assets for you.

Table Usage Guide

The prismacloud_inventory_asset_explorer table in Steampipe provides detailed information about cloud assets within Prisma Cloud. This table allows you to query details such as account ID, alert statuses, compliance standards, and vulnerability information, enabling you to manage and monitor your cloud assets effectively.

Important Notes

  • For improved performance, it is recommended to use the optional qualifiers (quals) to limit the result set.
  • Queries with optional qualifiers are optimized to use filters. The following columns support optional qualifiers:
    • account_name
    • cloud_type
    • compliance_requirement_name
    • compliance_standard_name
    • region_name
    • scan_status

Examples

Basic info

Retrieve basic information about Prisma Cloud assets, such as account ID, account name, and asset type.

select
account_id,
account_name,
asset_type
from
prismacloud_inventory_asset_explorer;
select
account_id,
account_name,
asset_type
from
prismacloud_inventory_asset_explorer;

Get asset alert statuses

Get the count of alert statuses for each asset by severity level. This is useful for understanding the alert distribution across your assets.

select
name,
alert_status_critical,
alert_status_high,
alert_status_medium,
alert_status_low,
alert_status_informational
from
prismacloud_inventory_asset_explorer;
select
name,
alert_status_critical,
alert_status_high,
alert_status_medium,
alert_status_low,
alert_status_informational
from
prismacloud_inventory_asset_explorer;

Get compliance standard details of assets

Retrieve the compliance standard name and scan status for each asset. This helps in understanding the compliance posture and scan results of your assets.

select
e.compliance_standard_name,
s.policies_assigned_count,
s.system_default,
e.scan_status
from
prismacloud_inventory_asset_explorer as e
join prismacloud_compliance_standard as s on s.name = e.compliance_standard_name;
select
e.compliance_standard_name,
s.policies_assigned_count,
s.system_default,
e.scan_status
from
prismacloud_inventory_asset_explorer as e
join prismacloud_compliance_standard as s on s.name = e.compliance_standard_name;

Get vulnerability statuses of assets

Identify the number of vulnerabilities by severity level for each asset. This helps in assessing the impact of vulnerabilities on your assets.

select
name,
vulnerability_status_critical,
vulnerability_status_high,
vulnerability_status_medium,
vulnerability_status_low
from
prismacloud_inventory_asset_explorer;
select
name,
vulnerability_status_critical,
vulnerability_status_high,
vulnerability_status_medium,
vulnerability_status_low
from
prismacloud_inventory_asset_explorer;

Get assets overall passed resources

Get the list of resources that passed overall checks. This helps in identifying compliant and secure resources within your cloud environment.

select
name,
overall_passed
from
prismacloud_inventory_asset_explorer
where
overall_passed = true;
select
name,
overall_passed
from
prismacloud_inventory_asset_explorer
where
overall_passed = 1;

Schema for prismacloud_inventory_asset_explorer

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtextThe unique identifier for the account.
account_nametext=The name of the account.
alert_status_criticalbigintThe critical alert status count.
alert_status_highbigintThe high alert status count.
alert_status_informationalbigintThe informational alert status count.
alert_status_lowbigintThe low alert status count.
alert_status_mediumbigintThe medium alert status count.
app_namesjsonbThe application names associated with the resource.
asset_typetextThe type of the asset.
cloud_typetext=The type of cloud (e.g., AWS, Azure, GCP).
compliance_requirement_nametext=The name of the compliance requirement.
compliance_standard_nametext=The name of the compliance standard.
emailtext=, !=, ~~, ~~*, !~~, !~~*Email address of the current session user.
idtextThe unique identifier for the resource.
nametextThe name of the resource.
overall_passedbooleanIndicates if the resource passed overall checks.
region_idtextThe ID of the region.
region_nametext=The name of the region.
resource_config_json_availablebooleanIndicates if the resource config JSON is available.
resource_details_availablebooleanIndicates if the resource details are available.
rrntextThe resource RRN.
scan_statustext=The scan status. Possible values are: 'passed' or 'failed'
scanned_policiesjsonbThe policies that have been scanned for the resource.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
timestamptimestamp with time zoneThe timestamp of the response.
titletextTitle of the asset.
unified_asset_idtextThe unified asset ID.
vulnerability_status_criticalbigintThe critical vulnerability status count.
vulnerability_status_highbigintThe high vulnerability status count.
vulnerability_status_lowbigintThe low vulnerability status count.
vulnerability_status_mediumbigintThe medium vulnerability status count.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' prismacloud_inventory_asset_explorer