Table: prismacloud_prioritized_vulnerability - Query Prisma Cloud Prioritized Vulnerabilities using SQL
The Prisma Cloud prioritized vulnerabilities table in Steampipe provides detailed information about vulnerabilities in different asset types. This table allows security engineers and cloud administrators to query vulnerabilities based on their priority, including exploitable, internet-exposed, and patchable vulnerabilities. The schema outlines various attributes, such as asset type, life cycle stage, and the counts of different types of vulnerabilities.
Table Usage Guide
The prismacloud_prioritized_vulnerability
table in Steampipe provides information about prioritized vulnerabilities in various asset types within Prisma Cloud. This table allows you to query details such as the number of exploitable, internet-exposed, and patchable vulnerabilities, helping you to manage and monitor the vulnerability status of your cloud resources effectively.
Important Notes
- To query this table you need
vulnerabilityDashboard
feature withView
permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Dashboard > Vulnerability is enabled. - You must specify
asset_type
, andlife_cycle
inwhere
clause in order to use this table.
Examples
Basic info
Retrieve basic information about the prioritized vulnerabilities, including the total number of vulnerabilities and the number of urgent vulnerabilities.
select asset_type, total_vulnerabilities, urgent_vulnerability_countfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run';
select asset_type, total_vulnerabilities, urgent_vulnerability_countfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run';
Vulnerabilities by asset type
Retrieve the prioritized vulnerabilities grouped by asset type. This helps in understanding the distribution of vulnerabilities across different asset types.
select asset_type, sum(total_vulnerabilities) as total_vulnerabilities, sum(urgent_vulnerability_count) as urgent_vulnerabilities, sum(exploitable_vulnerability_count) as exploitable_vulnerabilitiesfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run'group by asset_type;
select asset_type, sum(total_vulnerabilities) as total_vulnerabilities, sum(urgent_vulnerability_count) as urgent_vulnerabilities, sum(exploitable_vulnerability_count) as exploitable_vulnerabilitiesfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run'group by asset_type;
Recently updated vulnerabilities
Retrieve the prioritized vulnerabilities data that were updated within the last 30 days. This helps in tracking the recent updates in vulnerability data.
select asset_type, last_updated_date_time, total_vulnerabilities, urgent_vulnerability_countfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run' and last_updated_date_time > now() - interval '30 days';
select asset_type, last_updated_date_time, total_vulnerabilities, urgent_vulnerability_countfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run' and last_updated_date_time > datetime('now', '-30 days');
Vulnerabilities by life cycle stage
Retrieve the prioritized vulnerabilities data grouped by the life cycle stage of the asset. This helps in understanding the trends in vulnerability management at different stages of the asset's life cycle.
select asset_type, life_cycle, sum(total_vulnerabilities) as total_vulnerabilities, sum(urgent_vulnerability_count) as urgent_vulnerabilities, sum(exploitable_vulnerability_count) as exploitable_vulnerabilitiesfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run'group by asset_type, life_cycle;
select asset_type, life_cycle, sum(total_vulnerabilities) as total_vulnerabilities, sum(urgent_vulnerability_count) as urgent_vulnerabilities, sum(exploitable_vulnerability_count) as exploitable_vulnerabilitiesfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run'group by asset_type, life_cycle;
Vulnerabilities by severity and type
Retrieve the prioritized vulnerabilities data grouped by severity and type, such as exploitable and internet-exposed vulnerabilities. This helps in understanding the distribution of vulnerabilities by their severity and type.
select asset_type, sum(exploitable_vulnerability_count) as exploitable_vulnerabilities, sum(internet_exposed_vulnerability_count) as internet_exposed_vulnerabilities, sum(patchable_vulnerability_count) as patchable_vulnerabilitiesfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run'group by asset_type;
select asset_type, sum(exploitable_vulnerability_count) as exploitable_vulnerabilities, sum(internet_exposed_vulnerability_count) as internet_exposed_vulnerabilities, sum(patchable_vulnerability_count) as patchable_vulnerabilitiesfrom prismacloud_prioritized_vulnerabilitywhere asset_type = 'host' and life_cycle = 'run'group by asset_type;
Schema for prismacloud_prioritized_vulnerability
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
asset_type | text | = | The type of asset. Possible values are: iac, package, deployedImage, serverlessFunction, host, registryImage, vmImage. |
text | =, !=, ~~, ~~*, !~~, !~~* | Email address of the current session user. | |
exploitable_asset_count | bigint | The number of assets with exploitable vulnerabilities. | |
exploitable_vulnerability_count | bigint | The number of exploitable vulnerabilities. | |
internet_exposed_asset_count | bigint | The number of assets with internet-exposed vulnerabilities. | |
internet_exposed_vulnerability_count | bigint | The number of internet-exposed vulnerabilities. | |
last_updated_date_time | timestamp with time zone | The timestamp when the data was last updated. | |
life_cycle | text | = | The life cycle stage of the asset. Possible values are: code, build, deploy, run. |
package_in_use_asset_count | bigint | The number of assets with vulnerabilities in packages currently in use. | |
package_in_use_vulnerability_count | bigint | The number of vulnerabilities in packages currently in use. | |
patchable_asset_count | bigint | The number of assets with patchable vulnerabilities. | |
patchable_vulnerability_count | bigint | The number of patchable vulnerabilities. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
total_vulnerabilities | bigint | The total number of vulnerabilities. | |
urgent_asset_count | bigint | The number of assets with urgent vulnerabilities. | |
urgent_vulnerability_count | bigint | The number of urgent vulnerabilities. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud
You can pass the configuration to the command with the --config
argument:
steampipe_export_prismacloud --config '<your_config>' prismacloud_prioritized_vulnerability