Table: prismacloud_vulnerability_burndown - Query Prisma Cloud Vulnerability Burndown using SQL
The Prisma Cloud vulnerability burndown table in Steampipe provides a historical view of vulnerabilities and their remediation over time for various asset types. This table helps security engineers and cloud administrators to track the progress of vulnerability remediation and understand the trends in vulnerability management. The schema outlines various attributes related to the vulnerability burndown, including the type of asset, life cycle stage, severity, and the number of vulnerabilities recorded and remediated each day.
Table Usage Guide
The prismacloud_vulnerability_burndown
table in Steampipe provides information about the historical trends of vulnerabilities in different asset types within Prisma Cloud. This table allows you to query details such as the number of vulnerabilities recorded and remediated each day, helping you to track and manage the progress of vulnerability remediation effectively.
Important Notes
- To query this table you need
vulnerabilityDashboard
feature withView
permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Dashboard > Vulnerability is enabled. - You must specify
asset_type
,life_cycle
, andseverities
inwhere
clause in order to use this table.
Examples
Basic info
Retrieve basic information about the vulnerability burndown, including the total number of vulnerabilities recorded each day and the number of vulnerabilities remediated each day.
select asset_type, day_num, epoch_timestamp, total_count, remediated_countfrom prismacloud_vulnerability_burndown;
select asset_type, day_num, epoch_timestamp, total_count, remediated_countfrom prismacloud_vulnerability_burndown;
Vulnerability burndown by asset type
Retrieve the burndown of vulnerabilities grouped by asset type. This helps in understanding the trends in vulnerability management for different types of assets.
select asset_type, sum(total_count) as total_vulnerabilities, sum(remediated_count) as total_remediatedfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical'group by asset_type;
select asset_type, sum(total_count) as total_vulnerabilities, sum(remediated_count) as total_remediatedfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical'group by asset_type;
Recent vulnerability burndown
Retrieve the vulnerability burndown data for the last 30 days. This helps in tracking the recent progress of vulnerability remediation.
select asset_type, day_num, epoch_timestamp, total_count, remediated_countfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical' and epoch_timestamp > now() - interval '30 days';
select asset_type, day_num, epoch_timestamp, total_count, remediated_countfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical' and epoch_timestamp > now() - interval '30 days';
Vulnerability burndown for critical severity
Retrieve the vulnerability burndown data grouped by severity levels. This helps in understanding the distribution of vulnerabilities by severity and tracking their remediation.
select asset_type, severities, sum(total_count) as total_vulnerabilities, sum(remediated_count) as total_remediatedfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical'group by asset_type, severities;
select asset_type, severities, sum(total_count) as total_vulnerabilities, sum(remediated_count) as total_remediatedfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical'group by asset_type, severities;
Vulnerability burndown life cycle stage run
Retrieve the vulnerability burndown data grouped by the life cycle stage of the asset. This helps in understanding the trends in vulnerability management at different stages of the asset's life cycle.
select asset_type, life_cycle, sum(total_count) as total_vulnerabilities, sum(remediated_count) as total_remediatedfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical'group by asset_type, life_cycle;
select asset_type, life_cycle, sum(total_count) as total_vulnerabilities, sum(remediated_count) as total_remediatedfrom prismacloud_vulnerability_burndownwhere asset_type = 'host' and life_cycle = 'run' and severities = 'critical'group by asset_type, life_cycle;
Schema for prismacloud_vulnerability_burndown
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
asset_type | text | = | The type of asset. Possible values are: iac, package, deployedImage, serverlessFunction, host, registryImage, vmImage. |
day_num | bigint | Count down of the day backwards from present day. | |
text | =, !=, ~~, ~~*, !~~, !~~* | Email address of the current session user. | |
epoch_timestamp | timestamp with time zone | Time up to which the entry was recorded. | |
life_cycle | text | = | The life cycle stage of the asset. Possible values are: code, build, deploy, run. |
remediated_count | bigint | Number of vulnerabilities remediated for the given day. | |
severities | text | = | The severities of the asset. Possible values are: low, medium, high, critical. |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
total_count | bigint | Number of vulnerabilities in the given day. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud
You can pass the configuration to the command with the --config
argument:
steampipe_export_prismacloud --config '<your_config>' prismacloud_vulnerability_burndown