turbot/prismacloud
steampipe plugin install prismacloud

Table: prismacloud_prioritized_vulnerability - Query Prisma Cloud Prioritized Vulnerabilities using SQL

The Prisma Cloud prioritized vulnerabilities table in Steampipe provides detailed information about vulnerabilities in different asset types. This table allows security engineers and cloud administrators to query vulnerabilities based on their priority, including exploitable, internet-exposed, and patchable vulnerabilities. The schema outlines various attributes, such as asset type, life cycle stage, and the counts of different types of vulnerabilities.

Table Usage Guide

The prismacloud_prioritized_vulnerability table in Steampipe provides information about prioritized vulnerabilities in various asset types within Prisma Cloud. This table allows you to query details such as the number of exploitable, internet-exposed, and patchable vulnerabilities, helping you to manage and monitor the vulnerability status of your cloud resources effectively.

Important Notes

  • To query this table you need vulnerabilityDashboard feature with View permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Dashboard > Vulnerability is enabled.
  • You must specify asset_type, and life_cycle in where clause in order to use this table.

Examples

Basic info

Retrieve basic information about the prioritized vulnerabilities, including the total number of vulnerabilities and the number of urgent vulnerabilities.

select
asset_type,
total_vulnerabilities,
urgent_vulnerability_count
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run';
select
asset_type,
total_vulnerabilities,
urgent_vulnerability_count
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run';

Vulnerabilities by asset type

Retrieve the prioritized vulnerabilities grouped by asset type. This helps in understanding the distribution of vulnerabilities across different asset types.

select
asset_type,
sum(total_vulnerabilities) as total_vulnerabilities,
sum(urgent_vulnerability_count) as urgent_vulnerabilities,
sum(exploitable_vulnerability_count) as exploitable_vulnerabilities
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
group by
asset_type;
select
asset_type,
sum(total_vulnerabilities) as total_vulnerabilities,
sum(urgent_vulnerability_count) as urgent_vulnerabilities,
sum(exploitable_vulnerability_count) as exploitable_vulnerabilities
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
group by
asset_type;

Recently updated vulnerabilities

Retrieve the prioritized vulnerabilities data that were updated within the last 30 days. This helps in tracking the recent updates in vulnerability data.

select
asset_type,
last_updated_date_time,
total_vulnerabilities,
urgent_vulnerability_count
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
and last_updated_date_time > now() - interval '30 days';
select
asset_type,
last_updated_date_time,
total_vulnerabilities,
urgent_vulnerability_count
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
and last_updated_date_time > datetime('now', '-30 days');

Vulnerabilities by life cycle stage

Retrieve the prioritized vulnerabilities data grouped by the life cycle stage of the asset. This helps in understanding the trends in vulnerability management at different stages of the asset's life cycle.

select
asset_type,
life_cycle,
sum(total_vulnerabilities) as total_vulnerabilities,
sum(urgent_vulnerability_count) as urgent_vulnerabilities,
sum(exploitable_vulnerability_count) as exploitable_vulnerabilities
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
group by
asset_type,
life_cycle;
select
asset_type,
life_cycle,
sum(total_vulnerabilities) as total_vulnerabilities,
sum(urgent_vulnerability_count) as urgent_vulnerabilities,
sum(exploitable_vulnerability_count) as exploitable_vulnerabilities
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
group by
asset_type,
life_cycle;

Vulnerabilities by severity and type

Retrieve the prioritized vulnerabilities data grouped by severity and type, such as exploitable and internet-exposed vulnerabilities. This helps in understanding the distribution of vulnerabilities by their severity and type.

select
asset_type,
sum(exploitable_vulnerability_count) as exploitable_vulnerabilities,
sum(internet_exposed_vulnerability_count) as internet_exposed_vulnerabilities,
sum(patchable_vulnerability_count) as patchable_vulnerabilities
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
group by
asset_type;
select
asset_type,
sum(exploitable_vulnerability_count) as exploitable_vulnerabilities,
sum(internet_exposed_vulnerability_count) as internet_exposed_vulnerabilities,
sum(patchable_vulnerability_count) as patchable_vulnerabilities
from
prismacloud_prioritized_vulnerability
where
asset_type = 'host'
and life_cycle = 'run'
group by
asset_type;

Schema for prismacloud_prioritized_vulnerability

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
asset_typetext=The type of asset. Possible values are: iac, package, deployedImage, serverlessFunction, host, registryImage, vmImage.
emailtext=, !=, ~~, ~~*, !~~, !~~*Email address of the current session user.
exploitable_asset_countbigintThe number of assets with exploitable vulnerabilities.
exploitable_vulnerability_countbigintThe number of exploitable vulnerabilities.
internet_exposed_asset_countbigintThe number of assets with internet-exposed vulnerabilities.
internet_exposed_vulnerability_countbigintThe number of internet-exposed vulnerabilities.
last_updated_date_timetimestamp with time zoneThe timestamp when the data was last updated.
life_cycletext=The life cycle stage of the asset. Possible values are: code, build, deploy, run.
package_in_use_asset_countbigintThe number of assets with vulnerabilities in packages currently in use.
package_in_use_vulnerability_countbigintThe number of vulnerabilities in packages currently in use.
patchable_asset_countbigintThe number of assets with patchable vulnerabilities.
patchable_vulnerability_countbigintThe number of patchable vulnerabilities.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
total_vulnerabilitiesbigintThe total number of vulnerabilities.
urgent_asset_countbigintThe number of assets with urgent vulnerabilities.
urgent_vulnerability_countbigintThe number of urgent vulnerabilities.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' prismacloud_prioritized_vulnerability