turbot/prismacloud
steampipe plugin install prismacloud

Table: prismacloud_vulnerability_overview - Query Prisma Cloud Vulnerability Overview using SQL

The Prisma Cloud vulnerability overview table in Steampipe provides a comprehensive view of vulnerabilities in runtime assets. This table allows security engineers and cloud administrators to query the total number of vulnerabilities, the number of remediated vulnerabilities, and other key metrics. The schema outlines various attributes related to the vulnerability overview, helping users to monitor and manage vulnerabilities effectively.

Table Usage Guide

The prismacloud_vulnerability_overview table in Steampipe provides information about the vulnerability overview in runtime assets within Prisma Cloud. This table allows you to query details such as the total number of vulnerabilities, remediated vulnerabilities, and more, enabling you to manage and monitor your cloud resources effectively.

Important Notes

  • To query this table you need vulnerabilityDashboard feature with View permission to access this endpoint. Verify if your permission group includes this feature using the Get Permission Group by ID endpoint. You can also check this in the Prisma Cloud console by ensuring that Dashboard > Vulnerability is enabled.

Examples

Basic info

Retrieve basic information about the vulnerability overview, including the total number of vulnerabilities in runtime assets.

select
total_vulnerable_runtime_assets,
total_vulnerabilitiesin_runtime,
total_remediated_in_runtime
from
prismacloud_vulnerability_overview;
select
total_vulnerable_runtime_assets,
total_vulnerabilitiesin_runtime,
total_remediated_in_runtime
from
prismacloud_vulnerability_overview;

Get vulnerability overview

Retrieve detailed information about vulnerabilities, including the breakdown of vulnerabilities by severity levels and remediated vulnerabilities.

select
jsonb_pretty(total_vulnerable_runtime_assets) as total_vulnerable_runtime_assets,
jsonb_pretty(total_vulnerabilitiesin_runtime) as total_vulnerabilitiesin_runtime,
jsonb_pretty(total_remediated_in_runtime) as total_remediated_in_runtime,
jsonb_pretty(
values
) as
values
from
prismacloud_vulnerability_overview;
select
json(total_vulnerable_runtime_assets) as total_vulnerable_runtime_assets,
json(total_vulnerabilitiesin_runtime) as total_vulnerabilitiesin_runtime,
json(total_remediated_in_runtime) as total_remediated_in_runtime,
json(
values
) as
values
from
prismacloud_vulnerability_overview;

Get runtime vulnerabilities details

Retrieve the total number of vulnerabilities grouped by severity levels, helping in understanding the distribution of vulnerabilities.

select
total_vulnerabilitiesin_runtime ->> 'criticalCount' as critical_count,
total_vulnerabilitiesin_runtime ->> 'highCount' as high_count,
total_vulnerabilitiesin_runtime ->> 'mediumCount' as medium_count,
total_vulnerabilitiesin_runtime ->> 'lowCount' as low_count
from
prismacloud_vulnerability_overview;
select
json_extract(
total_vulnerabilitiesin_runtime,
'$.criticalCount'
) as critical_count,
json_extract(total_vulnerabilitiesin_runtime, '$.highCount') as high_count,
json_extract(total_vulnerabilitiesin_runtime, '$.mediumCount') as medium_count,
json_extract(total_vulnerabilitiesin_runtime, '$.lowCount') as low_count
from
prismacloud_vulnerability_overview;

Get remediated vulnerabilities

Retrieve the total number of remediated vulnerabilities, helping in tracking remediation efforts.

select
total_remediated_in_runtime ->> 'totalCount' as total_remediated
from
prismacloud_vulnerability_overview;
select
json_extract(total_remediated_in_runtime, '$.totalCount') as total_remediated
from
prismacloud_vulnerability_overview;

Schema for prismacloud_vulnerability_overview

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
emailtext=, !=, ~~, ~~*, !~~, !~~*Email address of the current session user.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
total_remediated_in_runtimejsonbThe total number of vulnerabilities that have been remediated in runtime.
total_vulnerabilitiesin_runtimejsonbThe total number of vulnerabilities identified in runtime.
total_vulnerable_runtime_assetsjsonbThe total number of runtime assets that are vulnerable.
valuesjsonbAdditional details related to the vulnerability overview.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloud

You can pass the configuration to the command with the --config argument:

steampipe_export_prismacloud --config '<your_config>' prismacloud_vulnerability_overview