Prisma Cloud Quick Start Setup Guide

Prisma Cloud Quick Start Setup Guide

20952
Created On 06/04/19 22:25 PM - Last Modified 12/09/19 22:37 PM


Objective
Prisma Cloud setup and integration with cloud account(s).

Environment
Prisma Cloud, AWS, Azure, GCP

Procedure
Quick Start Setup Guide

These steps will help you with a successful Prisma Cloud integration with your cloud account(s). For more detailed Prisma Cloud documentation, please refer to the Prisma Cloud Tech Docs and digital learning training Prisma Cloud: Securing the Public Cloud (EDU-150).

STEP 1 - Onboard your Cloud Account(s).

To begin monitoring the resources in your cloud environments, you must first connect your public cloud accounts to the Prisma Cloud platform. When you add your cloud account to the Prisma Cloud platform, the API integration between your cloud service provider and Prisma Cloud is established and you can begin monitoring resources and identify potential security risks in your infrastructure.

How to Connect Cloud Accounts with Prisma Cloud

STEP 2 - Construct Account Groups

Account Groups is a way to combine multiple cloud accounts with similar or different applications that span across multiple divisions or business units, so that you can manage administrative access to these accounts from Prisma Cloud.
Alerts on Prisma Cloud are applied at the cloud account group level, which means you can setup separate alert rules and notification flows for different cloud environments.

How to Create Account Groups



STEP 3 - Assign Roles and Add Users

Appoint the account group(s) created in step 2 to roles defined here. A user is someone who has been assigned administrative privileges, and a role defines the type of access that the administrator has on the service. When you define a role, you specify the permission group and the account groups that the administrator can manage.

How to Create Roles

How to Add Users

STEP 4 - Default and Custom Policies

A policy is a set of one or more constraints or conditions that must be adhered to. Prisma Cloud provides predefined policies for configurations and access controls that adhere to established security best practices such as CIS, PCI, GDPR, and NIST. These Prisma Cloud default policies cannot be modified.

Additionally, you can create your own custom policies based on your organization standards to monitor for violations. You can use the default policies as templates to create custom policies. Once you set up the policies, any new or existing resources that violate these policies will automatically be detected.

When creating a new policy, you can build the query using Resource Query Language (RQL) or utilize a saved search to automatically populate the query you need to match on your cloud resources.

You can create three types of policies:

  • Config: Configuration policies monitor your resource configurations for potential policy violations.
  • Network: Network policies monitor network activities in your environment.
  • Event: Event policies monitor audit events in your environment for potential policy violations. You create audit policies to flag sensitive events such as root activities or configuration changes that may potentially put your cloud environment at risk.

STEP 5 - Enable and Create Alert Rules

Although Prisma Cloud begins monitoring your cloud environments as soon as you onboard a cloud account, in order to receive alerts you must first enable alerting for each cloud account you onboard.

Alert rules allow you to define what policy violations in a selected set of cloud accounts you want to trigger alerts. When you create an alert rule, you select the account groups to which the rule applies and the corresponding set of policies you want to trigger alerts.

How to Create Alert Rules

STEP 6 - External Integrations

Alert rules define what policy violations trigger an alert in a selected set of cloud accounts. When you create an alert rule, you can also configure the rule to send the Alert Payload that the rule triggers to one or more third-party tools. This enables you to integrate notification of policy violations in your cloud environments into your existing operational workflows. Before you can set up the notification channel (for all channels except email), you must integrate Prisma Cloud with the third-party tool.



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PM69CAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language