Table: prismacloud_inventory_asset_view - Analyze Prisma Cloud assets using SQL
The Prisma Cloud asset view table in Steampipe provides you with comprehensive information about cloud assets within Prisma Cloud. This table allows you, as a security engineer or cloud administrator, to query asset-specific details, including account information, compliance standards, failed resources by severity, and vulnerability details. You can utilize this table to gather insights on cloud assets, such as compliance status, failure severity, and unscanned resources. The schema outlines the various attributes of the Prisma Cloud assets for you.
Table Usage Guide
The prismacloud_inventory_asset_view
table in Steampipe provides detailed information about cloud assets within Prisma Cloud. This table allows you to query details such as account ID, compliance standards, failed resources, and vulnerability information, enabling you to manage and monitor your cloud assets effectively.
Important Notes
For improved performance, it is recommended to use the optional qualifiers (quals) to limit the result set.
Queries with optional qualifiers are optimized to use filters. The following columns support optional qualifiers:
account_name
cloud_type_name
compliance_requirement_name
compliance_standard_name
group_by
region_name
scan_status
service_name
The response includes an attribute
groupedAggregates
, whose content depends on thegroup_by
query parameter. The following table shows the attributes thatgroupedAggregates
will include for the specifiedgroup_by
query parameter:group_by column includes not specified service_name, cloud_type_name cloudType cloud_type_name cloud.account account_name cloud.region region_name, cloud_type_name cloud.service service_name, cloud_type_name resource.type resource_type_name, cloud_type_name By default, the table will return rows with the
group_by
query parameter valuecloud.service
. For more information, please see Asset Inventory View.
Examples
Basic Info
Retrieve basic information about Prisma Cloud assets, such as account ID, account name, and cloud type.
select account_id, account_name, cloud_type_namefrom prismacloud_inventory_asset_view;
select account_id, account_name, cloud_type_namefrom prismacloud_inventory_asset_view;
Compliance and scan status
Get the compliance standard name and scan status for each asset. This is useful for understanding the compliance posture and scan results of your assets.
select compliance_standard_name, scan_statusfrom prismacloud_inventory_asset_view;
select compliance_standard_name, scan_statusfrom prismacloud_inventory_asset_view;
Failed resources by severity
Identify the number of resources that failed by severity level. This helps in assessing the impact of policy failures on your assets.
select critical_severity_failed_resources, high_severity_failed_resources, medium_severity_failed_resources, low_severity_failed_resources, informational_severity_failed_resourcesfrom prismacloud_inventory_asset_view;
select critical_severity_failed_resources, high_severity_failed_resources, medium_severity_failed_resources, low_severity_failed_resources, informational_severity_failed_resourcesfrom prismacloud_inventory_asset_view;
Vulnerability details
Retrieve details about vulnerabilities, including the number of failed resources by vulnerability severity.
select critical_vulnerability_failed_resources, high_vulnerability_failed_resources, medium_vulnerability_failed_resources, low_vulnerability_failed_resources, total_vulnerability_failed_resourcesfrom prismacloud_inventory_asset_view;
select critical_vulnerability_failed_resources, high_vulnerability_failed_resources, medium_vulnerability_failed_resources, low_vulnerability_failed_resources, total_vulnerability_failed_resourcesfrom prismacloud_inventory_asset_view;
Unscanned resources
Get the total number of unscanned resources. This helps in identifying assets that have not been scanned for compliance or vulnerabilities.
select unscanned_resourcesfrom prismacloud_inventory_asset_view;
select unscanned_resourcesfrom prismacloud_inventory_asset_view;
Schema for prismacloud_inventory_asset_view
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | The ID of the cloud account. | |
account_name | text | = | The name of the cloud account. |
allow_drill_down | boolean | Indicates if it's possible to drill down further. | |
cloud_type_name | text | = | The name of the cloud type. |
compliance_requirement_name | text | = | The name of the compliance requirement. |
compliance_standard_name | text | = | The name of the compliance standard. |
critical_severity_failed_resources | bigint | The number of resources whose highest policy failure is critical. | |
critical_vulnerability_failed_resources | bigint | The number of resources that failed with critical vulnerabilities. | |
text | =, !=, ~~, ~~*, !~~, !~~* | Email address of the current session user. | |
failed_resources | bigint | The number of failed resources. | |
group_by | text | = | The table content depends on the groupBy query parameter. Default value is 'cloud.service'. Possible values are: 'cloudType', 'cloud.account', 'cloud.region', 'cloud.service', and 'resource.type'. |
high_severity_failed_resources | bigint | The number of resources that failed high severity policies. | |
high_vulnerability_failed_resources | bigint | The number of resources that failed with high vulnerabilities. | |
informational_severity_failed_resources | bigint | The number of resources whose highest policy failure is informational. | |
low_severity_failed_resources | bigint | The number of resources whose highest policy failure is low. | |
low_vulnerability_failed_resources | bigint | The number of resources that failed with low vulnerabilities. | |
medium_severity_failed_resources | bigint | The number of resources whose highest policy failure is medium. | |
medium_vulnerability_failed_resources | bigint | The number of resources that failed with medium vulnerabilities. | |
passed_resources | bigint | The number of passed resources. | |
region_name | text | = | The name of the cloud region. |
resource_type_name | text | = | The name of the resource type. |
scan_status | text | = | The scan status. Possible values are: 'passed' or 'failed' |
service_name | text | = | The name of the cloud service. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
total_resources | bigint | The total number of resources. | |
total_vulnerability_failed_resources | bigint | The total number of resources that failed with vulnerabilities. | |
unscanned_resources | bigint | The total number of unscanned resources. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud
You can pass the configuration to the command with the --config
argument:
steampipe_export_prismacloud --config '<your_config>' prismacloud_inventory_asset_view