How to retrieve Cloud Asset Details using Prisma Cloud API?

How to retrieve Cloud Asset Details using Prisma Cloud API?

4952
Created On 07/21/24 05:22 AM - Last Modified 08/28/24 14:27 PM


Objective


  • This article highlights steps on how to retrieve Cloud Asset Details using Prisma Cloud API

Environment


  • Prisma Cloud Enterprise Edition

Procedure


  1.  Generate the JWT Token to be used in the API call for the field API_KEY_VALUE
  2.  Collect the 'rrn' or 'unified-asset-id'
  • The following API will list all the Assets along with their respective IDs, that can be used to retrieve asset details : Resource Scan Info V2 - GET
  • API output will have both rrn and unified-asset-id in it
Note: As this will list all the Assets, this may cause delay in response or generate error. Therefore, fill up the optional fields (shared below) to limit the result:
  • cloud.account  ---> Here give the account name (not the ID)
  • cloud.type
  • limit (numerical value)
  • scan.status 
For quick API call creation, fill in the details using the Request Body option on the API page itself

In the following example, the API call is created using the Request Body from the API page: 
curl -L -X GET 'https://api.sg.prismacloud.io/v2/resource/scan_info?cloud.account=APAC%20AWS%20ACCOUNT%20*****%20DO%20NOT%20DELETE*****&cloud.type=aws&scan.status=passed' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjxxxC4yMzguMTQuNzkiLCJpc3MiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInJlc3RyaWN0IjowLCJpc0FjY2Vzc0tleUxvZ2luIjp0cnVlLCJ1c2VyUm9sZVR5cGVEZXRhaWxzIjp7Imhhc09ubHlSZWFkQWNjZXNzIjpmYWxzZX0sInVzZXJSb2xlVHlwZU5hbWUiOiJTeXN0ZW0gQWRtaW4iLCJpc1NTT1Nlc3Npb24iOmZhbHNlLCJsYXN0TG9naW5UaW1lIjoxNzIxNTMzOTM0MzY5LCJhdWQiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInVzZXJSb2xlVHlwZUlkIjoxLCJhdXRoLW1ldGhvZCI6IlBBU1NXT1JEIiwic2VsZWN0ZWRDdXN0b21lck5hbWUiOiJQYWxvIEFsdG8gTmV0d29ya3MgKFRFU1QgQUNDVCkgLSAxMjk0MzI1MzM4NTAxMDczNTc1Iiwic2Vzc2lvblRpbWVvdXQiOjYwLCJ1c2VyUm9sZUlkIjoiODkyNzhjMjktYjRlYS00ZWU3LTg0MWQtYjE2NDExN2RmMDBiIiwiaGFzRGVmZW5kZXJQZXJtaXNzaW9ucyI6ZmFsc2UsImV4cCI6MTcyMTUzNjMxOCwiaWF0IjoxNzIxNTM1NzE4LCJ1c2VybmFtZSI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsInVzZXJSb2xlTmFtZSI6IlN5c3RlbSBBZG1pbiJ9.pJieaGBoxnqYaPsMrpSlZ94_fHMFVZaPUCyk9g5bIuc'
Result: 
{
  "timestamp": 1721534400000,
  "totalMatchedCount": 34262,
  "pageSize": 10000,
  "resources": [
    {
      "id": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "accountId": "1434695xxx80",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "cloudType": "aws",
      "rrn": "rrn:aws:cloudWatchAlarm:us-east-1:1434695xxx80:cf9dcecd60c4c70c7d22d61d8e2e34f4a8bf536c:arn%3Aaws%3Acloudwatch%3Aus-east-1%3A143469561880%3Aalarm%3Aaal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "alertStatus": {
        "high": 0,
        "medium": 0,
        "low": 0,
        "critical": 0,
        "informational": 0
      },
      "appNames": [
        "CSPM"
      ],
      "unifiedAssetId": "16e0c26096fb9a6bf81dxxx6546a0392",
      "resourceDetailsAvailable": true,
      "resourceConfigJsonAvailable": true,
      "assetType": "CloudWatch Alarm"
    }
  ]
}
  1. Use Get Asset API: Get Asset
curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: <API_KEY_VALUE>' \
--data-raw '{
"assetId": "[rrn or unified asset ID]",
"type": "asset"
}'


Example:

curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjEzNC4yMzguMTYuMjA3IiwiaXNzIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJyZXN0cmljdCI6MCwiaXNBY2Nlc3NLZXlMb2dpbiI6dHJ1ZSwidXNlclJvbGVUeXBlRGV0YWlscyI6eyJoYXNPbmx5UmVhZEFjY2VzcyI6ZmFsc2V9LCJ1c2VyUm9sZVR5cGVOYW1lIjoiU3lzdGVtIEFkbWluIiwiaXNTU09TZXNzaW9uIjpmYWxzZSwibGFzdExvZ2luVGltZSI6MTcyMTUzMzkzNDM2OSwiYXVkIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJ1c2VyUm9sZVR5cGVJZCI6MSwiYXV0aC1tZXRob2QiOiJQQVNTV09SRCIsInNlbGVjdGVkQ3VzdG9tZXJOYW1lIjoiUGFsbyBBbHRvIE5ldHdvcmtzIChURVNUIEFDQ1QpIC0gMTI5NDMyNTMzODUwMTA3MzU3NSIsInNlc3Npb25UaW1lb3V0Ijo2MCwidXNlclJvbGVJZCI6Ijg5Mjc4YzI5LWI0ZWEtNGVlNy04NDFkLWIxNjQxMTdkZjAwYiIsImhhc0RlZmVuZGVyUGVybWlzc2lvbnMiOmZhbHNlLCJleHAiOjE3MjE1NDAyOTksImlhdCI6MTcyMTUzOTY5OSwidXNlcm5hbWUiOiJha3Jhc3RvZ2lAcGFsb2FsdG9uZXR3b3Jrcy5jb20iLCJ1c2VyUm9sZU5hbWUiOiJTeXN0ZW0gQWRtaW4ifQ.Pwogr0XRyKg1YCLJAyQ4oIoV8lz0j71kpBz5THdyIrU' \
--data-raw '{
  "assetId": "16e0c26096fb9a6bf81d5d26546a0392",
  "type": "asset"
}'


Output:

{
  "data": {
    "asset": {
      "id": "16e0c26096fb9a6bf81d5d26546a0392",
      "externalAssetId": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "cloudType": "aws",
      "createdTs": 1660285739000,
      "insertTs": 1660285739000,
      "dynamicData": null,
      "data": {
        "tags": [],
        "unit": "Percent",
        "period": 900,
        "metrics": [],
        "alarmArn": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "alarmName": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "namespace": "aal-fw-aws-gwlb-stack_FW_PANW_ASG",
        "okactions": [],
        "statistic": "Average",
        "threshold": 20,
        "dimensions": [],
        "metricName": "DataPlaneCPUUtilizationPct",
        "alarmActions": [
          "arn:aws:autoscaling:us-east-1:1434695xxx80:scalingPolicy:715a500c-87eb-466b-b869-e1ff69fc8cc2:autoScalingGroupName/aal-fw-aws-gwlb-stack_FW_PANW_ASG:policyName/aal-fw-aws-gwlb-stack_FW_PANW_ASG-scalein"
        ],
        "actionsEnabled": true,
        "alarmDescription": "DataPlane CPU Utilization Low",
        "evaluationPeriods": 1,
        "comparisonOperator": "LessThanThreshold",
        "insufficientDataActions": []
      },
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "riskGrade": "n_a",
      "stateId": null,
      "url": "https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#alarm:name=arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "vpcId": null,
      "vpcName": "",
      "relationshipCounts": 0,
      "vulnerabilityCounts": null,
      "vpcExternalAssetId": "",
      "tags": {
        "": ""
      },
      "assetType": "CloudWatch Alarm",
      "serviceName": "Amazon CloudWatch",
      "resourceType": "CloudWatch Alarm",
      "accountGroup": "account",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "assetClassId": "other",
      "assetClass": "Other",
      "deleted": false,
      "problem": [],
      "alertsCount": [],
      "attributes": {},
      "alertCountBySeverity": [],
      "ipAddresses": [],
      "trueInternetExposure": null
    }
  },
  "errors": []
}


Additional Information


Resource Scan Info V2 - GET
Get Asset
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDfmCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language