turbot/prismacloud
steampipe plugin install prismacloud

Table: prismacloud_inventory_asset_view - Analyze Prisma Cloud assets using SQL

The Prisma Cloud asset view table in Steampipe provides you with comprehensive information about cloud assets within Prisma Cloud. This table allows you, as a security engineer or cloud administrator, to query asset-specific details, including account information, compliance standards, failed resources by severity, and vulnerability details. You can utilize this table to gather insights on cloud assets, such as compliance status, failure severity, and unscanned resources. The schema outlines the various attributes of the Prisma Cloud assets for you.

Table Usage Guide

The prismacloud_inventory_asset_view table in Steampipe provides detailed information about cloud assets within Prisma Cloud. This table allows you to query details such as account ID, compliance standards, failed resources, and vulnerability information, enabling you to manage and monitor your cloud assets effectively.

Important Notes

  • For improved performance, it is recommended to use the optional qualifiers (quals) to limit the result set.

  • Queries with optional qualifiers are optimized to use filters. The following columns support optional qualifiers:

    • account_name
    • cloud_type_name
    • compliance_requirement_name
    • compliance_standard_name
    • group_by
    • region_name
    • scan_status
    • service_name
  • The response includes an attribute groupedAggregates, whose content depends on the group_by query parameter. The following table shows the attributes that groupedAggregates will include for the specified group_by query parameter:

    group_bycolumn includes
    not specifiedservice_name, cloud_type_name
    cloudTypecloud_type_name
    cloud.accountaccount_name
    cloud.regionregion_name, cloud_type_name
    cloud.serviceservice_name, cloud_type_name
    resource.typeresource_type_name, cloud_type_name
  • By default, the table will return rows with the group_by query parameter value cloud.service. For more information, please see Asset Inventory View.

Examples

Basic Info

Retrieve basic information about Prisma Cloud assets, such as account ID, account name, and cloud type.

select
account_id,
account_name,
cloud_type_name
from
prismacloud_inventory_asset_view;
select
account_id,
account_name,
cloud_type_name
from
prismacloud_inventory_asset_view;

Compliance and scan status

Get the compliance standard name and scan status for each asset. This is useful for understanding the compliance posture and scan results of your assets.

select
compliance_standard_name,
scan_status
from
prismacloud_inventory_asset_view;
select
compliance_standard_name,
scan_status
from
prismacloud_inventory_asset_view;

Failed resources by severity

Identify the number of resources that failed by severity level. This helps in assessing the impact of policy failures on your assets.

select
critical_severity_failed_resources,
high_severity_failed_resources,
medium_severity_failed_resources,
low_severity_failed_resources,
informational_severity_failed_resources
from
prismacloud_inventory_asset_view;
select
critical_severity_failed_resources,
high_severity_failed_resources,
medium_severity_failed_resources,
low_severity_failed_resources,
informational_severity_failed_resources
from
prismacloud_inventory_asset_view;

Vulnerability details

Retrieve details about vulnerabilities, including the number of failed resources by vulnerability severity.

select
critical_vulnerability_failed_resources,
high_vulnerability_failed_resources,
medium_vulnerability_failed_resources,
low_vulnerability_failed_resources,
total_vulnerability_failed_resources
from
prismacloud_inventory_asset_view;
select
critical_vulnerability_failed_resources,
high_vulnerability_failed_resources,
medium_vulnerability_failed_resources,
low_vulnerability_failed_resources,
total_vulnerability_failed_resources
from
prismacloud_inventory_asset_view;

Unscanned resources

Get the total number of unscanned resources. This helps in identifying assets that have not been scanned for compliance or vulnerabilities.

select
unscanned_resources
from
prismacloud_inventory_asset_view;
select
unscanned_resources
from
prismacloud_inventory_asset_view;

Schema for prismacloud_inventory_asset_view

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtextThe ID of the cloud account.
account_nametext=The name of the cloud account.
allow_drill_downbooleanIndicates if it's possible to drill down further.
cloud_type_nametext=The name of the cloud type.
compliance_requirement_nametext=The name of the compliance requirement.
compliance_standard_nametext=The name of the compliance standard.
critical_severity_failed_resourcesbigintThe number of resources whose highest policy failure is critical.
critical_vulnerability_failed_resourcesbigintThe number of resources that failed with critical vulnerabilities.
emailtext=, !=, ~~, ~~*, !~~, !~~*Email address of the current session user.
failed_resourcesbigintThe number of failed resources.
group_bytext=The table content depends on the groupBy query parameter. Default value is 'cloud.service'. Possible values are: 'cloudType', 'cloud.account', 'cloud.region', 'cloud.service', and 'resource.type'.
high_severity_failed_resourcesbigintThe number of resources that failed high severity policies.
high_vulnerability_failed_resourcesbigintThe number of resources that failed with high vulnerabilities.
informational_severity_failed_resourcesbigintThe number of resources whose highest policy failure is informational.
low_severity_failed_resourcesbigintThe number of resources whose highest policy failure is low.
low_vulnerability_failed_resourcesbigintThe number of resources that failed with low vulnerabilities.
medium_severity_failed_resourcesbigintThe number of resources whose highest policy failure is medium.
medium_vulnerability_failed_resourcesbigintThe number of resources that failed with medium vulnerabilities.
passed_resourcesbigintThe number of passed resources.
region_nametext=The name of the cloud region.
resource_type_nametext=The name of the resource type.
scan_statustext=The scan status. Possible values are: 'passed' or 'failed'
service_nametext=The name of the cloud service.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
total_resourcesbigintThe total number of resources.
total_vulnerability_failed_resourcesbigintThe total number of resources that failed with vulnerabilities.
unscanned_resourcesbigintThe total number of unscanned resources.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' prismacloud_inventory_asset_view