¿Cómo recuperar detalles de activos en la nube mediante la API de Prisma Cloud?

¿Cómo recuperar detalles de activos en la nube mediante la API de Prisma Cloud?

4990
Created On 07/21/24 05:22 AM - Last Modified 01/07/25 10:59 AM


Objective


  • Este artículo destaca los pasos sobre cómo recuperar detalles de activos en la nube mediante la API de Prisma Cloud

Environment


  • Edición empresarial de Prisma Cloud

Procedure


  1. Generar el token JWT que se utilizará en la llamada API para el campo API_KEY_VALUE
  2. Recopilar el 'rrn' o 'unified-asset-id'
  • La siguiente API enumerará todos los activos junto con sus respectivas identificaciones, que se pueden usar para recuperar detalles de los activos: Información de escaneo de recursos V2 - GET
  • La salida de la API tendrá tanto rrn como unified-asset-id
Nota: As this will list all the Assets, this may cause delay in response or generate error. Therefore, fill up the optional fields (shared below) to limit the result:
  • cloud.account ---> Aquí indique el nombre de la cuenta (no el ID)
  • tipo de nube
  • límite (valor numérico)
  • estado
For quick API call creation, fill in the details using the Cuerpo de la solicitudoption on the API page itself

In the following example, the API call is created using the Request Body from the API page: 
curl -L -X GET 'https://api.sg.prismacloud.io/v2/resource/scan_info?cloud.account=APAC%20AWS%20ACCOUNT%20*****%20DO%20NOT%20DELETE*****&cloud.type=aws&scan.status=passed' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjxxxC4yMzguMTQuNzkiLCJpc3MiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInJlc3RyaWN0IjowLCJpc0FjY2Vzc0tleUxvZ2luIjp0cnVlLCJ1c2VyUm9sZVR5cGVEZXRhaWxzIjp7Imhhc09ubHlSZWFkQWNjZXNzIjpmYWxzZX0sInVzZXJSb2xlVHlwZU5hbWUiOiJTeXN0ZW0gQWRtaW4iLCJpc1NTT1Nlc3Npb24iOmZhbHNlLCJsYXN0TG9naW5UaW1lIjoxNzIxNTMzOTM0MzY5LCJhdWQiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInVzZXJSb2xlVHlwZUlkIjoxLCJhdXRoLW1ldGhvZCI6IlBBU1NXT1JEIiwic2VsZWN0ZWRDdXN0b21lck5hbWUiOiJQYWxvIEFsdG8gTmV0d29ya3MgKFRFU1QgQUNDVCkgLSAxMjk0MzI1MzM4NTAxMDczNTc1Iiwic2Vzc2lvblRpbWVvdXQiOjYwLCJ1c2VyUm9sZUlkIjoiODkyNzhjMjktYjRlYS00ZWU3LTg0MWQtYjE2NDExN2RmMDBiIiwiaGFzRGVmZW5kZXJQZXJtaXNzaW9ucyI6ZmFsc2UsImV4cCI6MTcyMTUzNjMxOCwiaWF0IjoxNzIxNTM1NzE4LCJ1c2VybmFtZSI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsInVzZXJSb2xlTmFtZSI6IlN5c3RlbSBBZG1pbiJ9.pJieaGBoxnqYaPsMrpSlZ94_fHMFVZaPUCyk9g5bIuc'
Resultado: 
{
  "timestamp": 1721534400000,
  "totalMatchedCount": 34262,
  "pageSize": 10000,
  "resources": [
    {
      "id": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "accountId": "1434695xxx80",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "cloudType": "aws",
      "rrn": "rrn:aws:cloudWatchAlarm:us-east-1:1434695xxx80:cf9dcecd60c4c70c7d22d61d8e2e34f4a8bf536c:arn%3Aaws%3Acloudwatch%3Aus-east-1%3A143469561880%3Aalarm%3Aaal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "alertStatus": {
        "high": 0,
        "medium": 0,
        "low": 0,
        "critical": 0,
        "informational": 0
      },
      "appNames": [
        "CSPM"
      ],
      "unifiedAssetId": "16e0c26096fb9a6bf81dxxx6546a0392",
      "resourceDetailsAvailable": true,
      "resourceConfigJsonAvailable": true,
      "assetType": "CloudWatch Alarm"
    }
  ]
}
  1. Utilice la API Obtener activo: Obtener activo
curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: <API_KEY_VALUE>' \
--data-raw '{
"assetId": "[rrn or unified asset ID]",
"type": "asset"
}'


Ejemplo:

curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjEzNC4yMzguMTYuMjA3IiwiaXNzIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJyZXN0cmljdCI6MCwiaXNBY2Nlc3NLZXlMb2dpbiI6dHJ1ZSwidXNlclJvbGVUeXBlRGV0YWlscyI6eyJoYXNPbmx5UmVhZEFjY2VzcyI6ZmFsc2V9LCJ1c2VyUm9sZVR5cGVOYW1lIjoiU3lzdGVtIEFkbWluIiwiaXNTU09TZXNzaW9uIjpmYWxzZSwibGFzdExvZ2luVGltZSI6MTcyMTUzMzkzNDM2OSwiYXVkIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJ1c2VyUm9sZVR5cGVJZCI6MSwiYXV0aC1tZXRob2QiOiJQQVNTV09SRCIsInNlbGVjdGVkQ3VzdG9tZXJOYW1lIjoiUGFsbyBBbHRvIE5ldHdvcmtzIChURVNUIEFDQ1QpIC0gMTI5NDMyNTMzODUwMTA3MzU3NSIsInNlc3Npb25UaW1lb3V0Ijo2MCwidXNlclJvbGVJZCI6Ijg5Mjc4YzI5LWI0ZWEtNGVlNy04NDFkLWIxNjQxMTdkZjAwYiIsImhhc0RlZmVuZGVyUGVybWlzc2lvbnMiOmZhbHNlLCJleHAiOjE3MjE1NDAyOTksImlhdCI6MTcyMTUzOTY5OSwidXNlcm5hbWUiOiJha3Jhc3RvZ2lAcGFsb2FsdG9uZXR3b3Jrcy5jb20iLCJ1c2VyUm9sZU5hbWUiOiJTeXN0ZW0gQWRtaW4ifQ.Pwogr0XRyKg1YCLJAyQ4oIoV8lz0j71kpBz5THdyIrU' \
--data-raw '{
  "assetId": "16e0c26096fb9a6bf81d5d26546a0392",
  "type": "asset"
}'


Producción:

{
  "data": {
    "asset": {
      "id": "16e0c26096fb9a6bf81d5d26546a0392",
      "externalAssetId": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "cloudType": "aws",
      "createdTs": 1660285739000,
      "insertTs": 1660285739000,
      "dynamicData": null,
      "data": {
        "tags": [],
        "unit": "Percent",
        "period": 900,
        "metrics": [],
        "alarmArn": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "alarmName": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "namespace": "aal-fw-aws-gwlb-stack_FW_PANW_ASG",
        "okactions": [],
        "statistic": "Average",
        "threshold": 20,
        "dimensions": [],
        "metricName": "DataPlaneCPUUtilizationPct",
        "alarmActions": [
          "arn:aws:autoscaling:us-east-1:1434695xxx80:scalingPolicy:715a500c-87eb-466b-b869-e1ff69fc8cc2:autoScalingGroupName/aal-fw-aws-gwlb-stack_FW_PANW_ASG:policyName/aal-fw-aws-gwlb-stack_FW_PANW_ASG-scalein"
        ],
        "actionsEnabled": true,
        "alarmDescription": "DataPlane CPU Utilization Low",
        "evaluationPeriods": 1,
        "comparisonOperator": "LessThanThreshold",
        "insufficientDataActions": []
      },
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "riskGrade": "n_a",
      "stateId": null,
      "url": "https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#alarm:name=arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "vpcId": null,
      "vpcName": "",
      "relationshipCounts": 0,
      "vulnerabilityCounts": null,
      "vpcExternalAssetId": "",
      "tags": {
        "": ""
      },
      "assetType": "CloudWatch Alarm",
      "serviceName": "Amazon CloudWatch",
      "resourceType": "CloudWatch Alarm",
      "accountGroup": "account",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "assetClassId": "other",
      "assetClass": "Other",
      "deleted": false,
      "problem": [],
      "alertsCount": [],
      "attributes": {},
      "alertCountBySeverity": [],
      "ipAddresses": [],
      "trueInternetExposure": null
    }
  },
  "errors": []
}


Additional Information


Información de escaneo de recursos V2 - OBTENER
Obtener activos
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDfmCAG&lang=es&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language