Comment récupérer les détails des actifs Cloud à l'aide de l'API Prisma Cloud ?

Comment récupérer les détails des actifs Cloud à l'aide de l'API Prisma Cloud ?

4998
Created On 07/21/24 05:22 AM - Last Modified 01/07/25 10:56 AM


Objective


  • Cet article présente les étapes à suivre pour récupérer les détails des ressources cloud à l'aide de l'API Prisma Cloud

Environment


  • Prisma Cloud Édition Entreprise

Procedure


  1. Générer le jeton JWT à utiliser dans l'appel d'API pour le champ API_KEY_VALUE
  2. Collectez le « rrn » ou « unified-asset-id »
  • L'API suivante répertorie tous les actifs ainsi que leurs identifiants respectifs, qui peuvent être utilisés pour récupérer les détails des actifs : Resource Scan Info V2 - GET
  • La sortie de l'API contiendra à la fois rrn et unified-asset-id
Note: As this will list all the Assets, this may cause delay in response or generate error. Therefore, fill up the optional fields (shared below) to limit the result:
  • cloud.account ---> Indiquez ici le nom du compte (pas l'ID)
  • type de nuage
  • limite (valeur numérique)
  • scan. état
For quick API call creation, fill in the details using the Corps de la requêteoption on the API page itself

In the following example, the API call is created using the Request Body from the API page: 
curl -L -X GET 'https://api.sg.prismacloud.io/v2/resource/scan_info?cloud.account=APAC%20AWS%20ACCOUNT%20*****%20DO%20NOT%20DELETE*****&cloud.type=aws&scan.status=passed' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjxxxC4yMzguMTQuNzkiLCJpc3MiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInJlc3RyaWN0IjowLCJpc0FjY2Vzc0tleUxvZ2luIjp0cnVlLCJ1c2VyUm9sZVR5cGVEZXRhaWxzIjp7Imhhc09ubHlSZWFkQWNjZXNzIjpmYWxzZX0sInVzZXJSb2xlVHlwZU5hbWUiOiJTeXN0ZW0gQWRtaW4iLCJpc1NTT1Nlc3Npb24iOmZhbHNlLCJsYXN0TG9naW5UaW1lIjoxNzIxNTMzOTM0MzY5LCJhdWQiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInVzZXJSb2xlVHlwZUlkIjoxLCJhdXRoLW1ldGhvZCI6IlBBU1NXT1JEIiwic2VsZWN0ZWRDdXN0b21lck5hbWUiOiJQYWxvIEFsdG8gTmV0d29ya3MgKFRFU1QgQUNDVCkgLSAxMjk0MzI1MzM4NTAxMDczNTc1Iiwic2Vzc2lvblRpbWVvdXQiOjYwLCJ1c2VyUm9sZUlkIjoiODkyNzhjMjktYjRlYS00ZWU3LTg0MWQtYjE2NDExN2RmMDBiIiwiaGFzRGVmZW5kZXJQZXJtaXNzaW9ucyI6ZmFsc2UsImV4cCI6MTcyMTUzNjMxOCwiaWF0IjoxNzIxNTM1NzE4LCJ1c2VybmFtZSI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsInVzZXJSb2xlTmFtZSI6IlN5c3RlbSBBZG1pbiJ9.pJieaGBoxnqYaPsMrpSlZ94_fHMFVZaPUCyk9g5bIuc'
Résultat: 
{
  "timestamp": 1721534400000,
  "totalMatchedCount": 34262,
  "pageSize": 10000,
  "resources": [
    {
      "id": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "accountId": "1434695xxx80",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "cloudType": "aws",
      "rrn": "rrn:aws:cloudWatchAlarm:us-east-1:1434695xxx80:cf9dcecd60c4c70c7d22d61d8e2e34f4a8bf536c:arn%3Aaws%3Acloudwatch%3Aus-east-1%3A143469561880%3Aalarm%3Aaal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "alertStatus": {
        "high": 0,
        "medium": 0,
        "low": 0,
        "critical": 0,
        "informational": 0
      },
      "appNames": [
        "CSPM"
      ],
      "unifiedAssetId": "16e0c26096fb9a6bf81dxxx6546a0392",
      "resourceDetailsAvailable": true,
      "resourceConfigJsonAvailable": true,
      "assetType": "CloudWatch Alarm"
    }
  ]
}
  1. Utiliser l'API Get Asset : Get Asset
curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: <API_KEY_VALUE>' \
--data-raw '{
"assetId": "[rrn or unified asset ID]",
"type": "asset"
}'


Exemple:

curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjEzNC4yMzguMTYuMjA3IiwiaXNzIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJyZXN0cmljdCI6MCwiaXNBY2Nlc3NLZXlMb2dpbiI6dHJ1ZSwidXNlclJvbGVUeXBlRGV0YWlscyI6eyJoYXNPbmx5UmVhZEFjY2VzcyI6ZmFsc2V9LCJ1c2VyUm9sZVR5cGVOYW1lIjoiU3lzdGVtIEFkbWluIiwiaXNTU09TZXNzaW9uIjpmYWxzZSwibGFzdExvZ2luVGltZSI6MTcyMTUzMzkzNDM2OSwiYXVkIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJ1c2VyUm9sZVR5cGVJZCI6MSwiYXV0aC1tZXRob2QiOiJQQVNTV09SRCIsInNlbGVjdGVkQ3VzdG9tZXJOYW1lIjoiUGFsbyBBbHRvIE5ldHdvcmtzIChURVNUIEFDQ1QpIC0gMTI5NDMyNTMzODUwMTA3MzU3NSIsInNlc3Npb25UaW1lb3V0Ijo2MCwidXNlclJvbGVJZCI6Ijg5Mjc4YzI5LWI0ZWEtNGVlNy04NDFkLWIxNjQxMTdkZjAwYiIsImhhc0RlZmVuZGVyUGVybWlzc2lvbnMiOmZhbHNlLCJleHAiOjE3MjE1NDAyOTksImlhdCI6MTcyMTUzOTY5OSwidXNlcm5hbWUiOiJha3Jhc3RvZ2lAcGFsb2FsdG9uZXR3b3Jrcy5jb20iLCJ1c2VyUm9sZU5hbWUiOiJTeXN0ZW0gQWRtaW4ifQ.Pwogr0XRyKg1YCLJAyQ4oIoV8lz0j71kpBz5THdyIrU' \
--data-raw '{
  "assetId": "16e0c26096fb9a6bf81d5d26546a0392",
  "type": "asset"
}'


Sortir:

{
  "data": {
    "asset": {
      "id": "16e0c26096fb9a6bf81d5d26546a0392",
      "externalAssetId": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "cloudType": "aws",
      "createdTs": 1660285739000,
      "insertTs": 1660285739000,
      "dynamicData": null,
      "data": {
        "tags": [],
        "unit": "Percent",
        "period": 900,
        "metrics": [],
        "alarmArn": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "alarmName": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "namespace": "aal-fw-aws-gwlb-stack_FW_PANW_ASG",
        "okactions": [],
        "statistic": "Average",
        "threshold": 20,
        "dimensions": [],
        "metricName": "DataPlaneCPUUtilizationPct",
        "alarmActions": [
          "arn:aws:autoscaling:us-east-1:1434695xxx80:scalingPolicy:715a500c-87eb-466b-b869-e1ff69fc8cc2:autoScalingGroupName/aal-fw-aws-gwlb-stack_FW_PANW_ASG:policyName/aal-fw-aws-gwlb-stack_FW_PANW_ASG-scalein"
        ],
        "actionsEnabled": true,
        "alarmDescription": "DataPlane CPU Utilization Low",
        "evaluationPeriods": 1,
        "comparisonOperator": "LessThanThreshold",
        "insufficientDataActions": []
      },
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "riskGrade": "n_a",
      "stateId": null,
      "url": "https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#alarm:name=arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "vpcId": null,
      "vpcName": "",
      "relationshipCounts": 0,
      "vulnerabilityCounts": null,
      "vpcExternalAssetId": "",
      "tags": {
        "": ""
      },
      "assetType": "CloudWatch Alarm",
      "serviceName": "Amazon CloudWatch",
      "resourceType": "CloudWatch Alarm",
      "accountGroup": "account",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "assetClassId": "other",
      "assetClass": "Other",
      "deleted": false,
      "problem": [],
      "alertsCount": [],
      "attributes": {},
      "alertCountBySeverity": [],
      "ipAddresses": [],
      "trueInternetExposure": null
    }
  },
  "errors": []
}


Additional Information


Informations sur l'analyse des ressources V2 - OBTENIR
Obtenir un actif
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDfmCAG&lang=fr&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language