turbot/prismacloud
steampipe plugin install prismacloud

Table: prismacloud_inventory_workload_host - Query Prisma Cloud workload hosts using SQL

The Prisma Cloud workload host table in Steampipe provides you with comprehensive information about hosts within workloads in Prisma Cloud. This table allows you, as a security engineer or cloud administrator, to query host-specific details, including unique identifiers, names, and vulnerability details. You can utilize this table to gather insights on hosts, such as their unique identifiers, names, and vulnerability funnel details. The schema outlines the various attributes of the Prisma Cloud workload hosts for you.

Table Usage Guide

The prismacloud_inventory_workload_host table in Steampipe provides detailed information about hosts within Prisma Cloud workloads. This table allows you to query details such as the host's unique identifier, name, title, and vulnerability funnel details, enabling you to manage and monitor your hosts effectively.

Examples

Basic Info

Retrieve basic information about Prisma Cloud workload hosts, such as their unique identifiers, names, and titles. This query helps you understand the overall configuration and status of your hosts.

select
id,
name,
title
from
prismacloud_inventory_workload_host;
select
id,
name,
title
from
prismacloud_inventory_workload_host;

Vulnerability funnel details

Get the vulnerability funnel details for each host. This is useful for understanding the security posture and vulnerability status of your hosts.

select
id,
name,
vuln_funnel
from
prismacloud_inventory_workload_host;
select
id,
name,
vuln_funnel
from
prismacloud_inventory_workload_host;

Hosts by unique identifier

Retrieve hosts based on their unique identifiers. This helps in identifying and managing specific hosts within your workloads.

select
id,
name,
title
from
prismacloud_inventory_workload_host
where
id = 'us-binalyze-console.us-central1-a.c.chronicle-coe-351809.internal';
select
id,
name,
title
from
prismacloud_inventory_workload_host
where
id = 'us-binalyze-console.us-central1-a.c.chronicle-coe-351809.internal';

Get the vulnerability funnel of workload hosts

Retrieve the vulnerability funnel details for each host, including the total number of vulnerabilities, urgent vulnerabilities, patchable vulnerabilities, exploitable vulnerabilities, and vulnerabilities in packages currently in use. This query helps in understanding the security posture and vulnerability status of your hosts.

select
name,
vuln_funnel ->> 'total' as total,
vuln_funnel ->> 'urgent' as urgent,
vuln_funnel ->> 'patchable' as patchable,
vuln_funnel ->> 'exploitable' as exploitable,
vuln_funnel ->> 'packageInUse' as package_in_use
from
prismacloud_inventory_workload_host;
select
name,
json_extract(vuln_funnel, '$.total') as total,
json_extract(vuln_funnel, '$.urgent') as urgent,
json_extract(vuln_funnel, '$.patchable') as patchable,
json_extract(vuln_funnel, '$.exploitable') as exploitable,
json_extract(vuln_funnel, '$.packageInUse') as package_in_use
from
prismacloud_inventory_workload_host;

Schema for prismacloud_inventory_workload_host

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
emailtext=, !=, ~~, ~~*, !~~, !~~*Email address of the current session user.
idtextThe unique identifier of the host.
nametextThe name of the container image.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the host.
uai_idtextThe unique identifier of the UAI.
vuln_funneljsonbThe vulnerability funnel details.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' prismacloud_inventory_workload_host