Table: prismacloud_vulnerability_asset - Query Prisma Cloud Vulnerability Assets using SQL
The Prisma Cloud vulnerability asset table in Steampipe provides detailed information about vulnerability assets within Prisma Cloud. This table allows security engineers and cloud administrators to query asset-specific details, including asset types, life cycle stages, and associated vulnerabilities. The schema outlines various attributes such as asset type, life cycle, severity, and statistics of the vulnerable assets.
Table Usage Guide
The prismacloud_vulnerability_asset
table in Steampipe provides detailed information about vulnerability assets within Prisma Cloud. This table allows you to query details such as asset types, life cycle stages, and associated vulnerabilities. This helps in managing and monitoring the security status of your cloud assets effectively.
Important Notes
- To query this table you need
vulnerabilityDashboard
feature withView
permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Dashboard > Vulnerability is enabled. - For improved performance, it is recommended to use the optional qualifiers (quals) to limit the result set.
- Queries with optional qualifiers are optimized to use filters. The following columns support optional qualifiers:
asset_type
life_cycle
severities
Examples
Basic Info
Retrieve basic information about Prisma Cloud vulnerability assets, including asset type, life cycle, and total vulnerabilities.
select asset_type, life_cycle, total_vulnerabilitiesfrom prismacloud_vulnerability_asset;
select asset_type, life_cycle, total_vulnerabilitiesfrom prismacloud_vulnerability_asset;
List assets by severity
Retrieve the assets categorized by their severity levels. This helps in identifying assets with critical vulnerabilities that need immediate attention.
select asset_type, life_cycle, severities, total_assets, total_vulnerabilitiesfrom prismacloud_vulnerability_assetwhere severities = 'critical';
select asset_type, life_cycle, severities, total_assets, total_vulnerabilitiesfrom prismacloud_vulnerability_assetwhere severities = 'critical';
List assets by life cycle stage
Retrieve the assets based on their life cycle stages. This helps in understanding the distribution of vulnerabilities across different stages of the asset lifecycle.
select asset_type, life_cycle, total_assets, total_vulnerabilitiesfrom prismacloud_vulnerability_assetwhere life_cycle = 'run';
select asset_type, life_cycle, total_assets, total_vulnerabilitiesfrom prismacloud_vulnerability_assetwhere life_cycle = 'run';
Asset statistics
Retrieve detailed statistics of the vulnerable assets, including the total number of assets and vulnerabilities. This helps in gaining insights into the overall security posture of your assets.
select asset_type, stats, total_assets, total_vulnerabilitiesfrom prismacloud_vulnerability_asset;
select asset_type, stats, total_assets, total_vulnerabilitiesfrom prismacloud_vulnerability_asset;
Get statistics of vulnerability assets
This query retrieves detailed statistics of vulnerability assets, including the number of users, assets, packages, providers, registries, repositories, and vulnerabilities categorized by severity levels. It helps in understanding the distribution of vulnerabilities across different asset types and providers.
select asset_type, s ->> 'users' as users, s ->> 'assets' as assets, s ->> 'packages' as packages, s ->> 'provider' as provider, s ->> 'registries' as registries, s ->> 'repositories' as repositories, s -> 'vulnerabilities' ->> 'lowCount' as low_count, s -> 'vulnerabilities' ->> 'highCount' as highCount, s -> 'vulnerabilities' ->> 'mediumCount' as mediumCount, s -> 'vulnerabilities' ->> 'criticalCount' as criticalCountfrom prismacloud_vulnerability_asset, jsonb_array_elements(stats) as sorder by provider;
select asset_type, json_extract(s.value, '$.users') as users, json_extract(s.value, '$.assets') as assets, json_extract(s.value, '$.packages') as packages, json_extract(s.value, '$.provider') as provider, json_extract(s.value, '$.registries') as registries, json_extract(s.value, '$.repositories') as repositories, json_extract(s.value, '$.vulnerabilities.lowCount') as low_count, json_extract(s.value, '$.vulnerabilities.highCount') as high_count, json_extract(s.value, '$.vulnerabilities.mediumCount') as medium_count, json_extract(s.value, '$.vulnerabilities.criticalCount') as critical_countfrom prismacloud_vulnerability_asset, json_each(stats) as sorder by provider;
Schema for prismacloud_vulnerability_asset
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
asset_type | text | = | The type of asset. Possible values are: iac, package, deployedImage, serverlessFunction, host, registryImage, vmImage. |
text | =, !=, ~~, ~~*, !~~, !~~* | Email address of the current session user. | |
life_cycle | text | = | The life cycle stage of the asset. Possible values are: code, build, deploy, run. |
severities | text | = | The severities of the asset. Possible values are: low, medium, high, critical. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
stats | jsonb | Statistics of the vulnerable assets. | |
total_assets | bigint | The total number of assets. | |
total_vulnerabilities | bigint | The total number of vulnerabilities. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud
You can pass the configuration to the command with the --config
argument:
steampipe_export_prismacloud --config '<your_config>' prismacloud_vulnerability_asset