如何使用 Prisma Cloud API 检索云资产详细信息?

如何使用 Prisma Cloud API 检索云资产详细信息?

4954
Created On 07/21/24 05:22 AM - Last Modified 01/07/25 11:01 AM


Objective


  • 本文重点介绍如何使用 Prisma Cloud API 检索云资产详细信息的步骤

Environment


  • Prisma Cloud 企业版

Procedure


  1. 为字段API_KEY_VALUE 生成要在 API 调用中使用的 JWT 令牌
  2. 收集“rrn”“unified-asset-id”
  • 以下 API 将列出所有资产及其各自的 ID,可用于检索资产详细信息:资源扫描信息 V2 - GET
  • API 输出将包含rrnunified-asset-id
笔记: As this will list all the Assets, this may cause delay in response or generate error. Therefore, fill up the optional fields (shared below) to limit the result:
  • cloud.account --->这里给出账户名称(不是ID)
  • 云类型
  • 极限(数值)
  • 扫描状态
For quick API call creation, fill in the details using the 请求正文option on the API page itself

In the following example, the API call is created using the Request Body from the API page: 
curl -L -X GET 'https://api.sg.prismacloud.io/v2/resource/scan_info?cloud.account=APAC%20AWS%20ACCOUNT%20*****%20DO%20NOT%20DELETE*****&cloud.type=aws&scan.status=passed' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjxxxC4yMzguMTQuNzkiLCJpc3MiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInJlc3RyaWN0IjowLCJpc0FjY2Vzc0tleUxvZ2luIjp0cnVlLCJ1c2VyUm9sZVR5cGVEZXRhaWxzIjp7Imhhc09ubHlSZWFkQWNjZXNzIjpmYWxzZX0sInVzZXJSb2xlVHlwZU5hbWUiOiJTeXN0ZW0gQWRtaW4iLCJpc1NTT1Nlc3Npb24iOmZhbHNlLCJsYXN0TG9naW5UaW1lIjoxNzIxNTMzOTM0MzY5LCJhdWQiOiJodHRwczovL2FwaS5zZy5wcmlzbWFjbG91ZC5pbyIsInVzZXJSb2xlVHlwZUlkIjoxLCJhdXRoLW1ldGhvZCI6IlBBU1NXT1JEIiwic2VsZWN0ZWRDdXN0b21lck5hbWUiOiJQYWxvIEFsdG8gTmV0d29ya3MgKFRFU1QgQUNDVCkgLSAxMjk0MzI1MzM4NTAxMDczNTc1Iiwic2Vzc2lvblRpbWVvdXQiOjYwLCJ1c2VyUm9sZUlkIjoiODkyNzhjMjktYjRlYS00ZWU3LTg0MWQtYjE2NDExN2RmMDBiIiwiaGFzRGVmZW5kZXJQZXJtaXNzaW9ucyI6ZmFsc2UsImV4cCI6MTcyMTUzNjMxOCwiaWF0IjoxNzIxNTM1NzE4LCJ1c2VybmFtZSI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsInVzZXJSb2xlTmFtZSI6IlN5c3RlbSBBZG1pbiJ9.pJieaGBoxnqYaPsMrpSlZ94_fHMFVZaPUCyk9g5bIuc'
结果: 
{
  "timestamp": 1721534400000,
  "totalMatchedCount": 34262,
  "pageSize": 10000,
  "resources": [
    {
      "id": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "accountId": "1434695xxx80",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "cloudType": "aws",
      "rrn": "rrn:aws:cloudWatchAlarm:us-east-1:1434695xxx80:cf9dcecd60c4c70c7d22d61d8e2e34f4a8bf536c:arn%3Aaws%3Acloudwatch%3Aus-east-1%3A143469561880%3Aalarm%3Aaal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "alertStatus": {
        "high": 0,
        "medium": 0,
        "low": 0,
        "critical": 0,
        "informational": 0
      },
      "appNames": [
        "CSPM"
      ],
      "unifiedAssetId": "16e0c26096fb9a6bf81dxxx6546a0392",
      "resourceDetailsAvailable": true,
      "resourceConfigJsonAvailable": true,
      "assetType": "CloudWatch Alarm"
    }
  ]
}
  1. 使用获取资产 API:获取资产
curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: <API_KEY_VALUE>' \
--data-raw '{
"assetId": "[rrn or unified asset ID]",
"type": "asset"
}'


例子:

curl -L -X POST 'https://api.sg.prismacloud.io/uai/v1/asset' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'x-redlock-auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NLZXlJZCI6ImQ2MDJkNzk0LWU5MDYtNDY0ZS1hZGQ1LTE5MzlmODBjOTgwMCIsInN1YiI6ImFrcmFzdG9naUBwYWxvYWx0b25ldHdvcmtzLmNvbSIsImZpcnN0TG9naW4iOmZhbHNlLCJwcmlzbWFJZCI6Ijg3NDY1NDI4MDY5OTIyMzA0MCIsImlwQWRkcmVzcyI6IjEzNC4yMzguMTYuMjA3IiwiaXNzIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJyZXN0cmljdCI6MCwiaXNBY2Nlc3NLZXlMb2dpbiI6dHJ1ZSwidXNlclJvbGVUeXBlRGV0YWlscyI6eyJoYXNPbmx5UmVhZEFjY2VzcyI6ZmFsc2V9LCJ1c2VyUm9sZVR5cGVOYW1lIjoiU3lzdGVtIEFkbWluIiwiaXNTU09TZXNzaW9uIjpmYWxzZSwibGFzdExvZ2luVGltZSI6MTcyMTUzMzkzNDM2OSwiYXVkIjoiaHR0cHM6Ly9hcGkuc2cucHJpc21hY2xvdWQuaW8iLCJ1c2VyUm9sZVR5cGVJZCI6MSwiYXV0aC1tZXRob2QiOiJQQVNTV09SRCIsInNlbGVjdGVkQ3VzdG9tZXJOYW1lIjoiUGFsbyBBbHRvIE5ldHdvcmtzIChURVNUIEFDQ1QpIC0gMTI5NDMyNTMzODUwMTA3MzU3NSIsInNlc3Npb25UaW1lb3V0Ijo2MCwidXNlclJvbGVJZCI6Ijg5Mjc4YzI5LWI0ZWEtNGVlNy04NDFkLWIxNjQxMTdkZjAwYiIsImhhc0RlZmVuZGVyUGVybWlzc2lvbnMiOmZhbHNlLCJleHAiOjE3MjE1NDAyOTksImlhdCI6MTcyMTUzOTY5OSwidXNlcm5hbWUiOiJha3Jhc3RvZ2lAcGFsb2FsdG9uZXR3b3Jrcy5jb20iLCJ1c2VyUm9sZU5hbWUiOiJTeXN0ZW0gQWRtaW4ifQ.Pwogr0XRyKg1YCLJAyQ4oIoV8lz0j71kpBz5THdyIrU' \
--data-raw '{
  "assetId": "16e0c26096fb9a6bf81d5d26546a0392",
  "type": "asset"
}'


输出:

{
  "data": {
    "asset": {
      "id": "16e0c26096fb9a6bf81d5d26546a0392",
      "externalAssetId": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "cloudType": "aws",
      "createdTs": 1660285739000,
      "insertTs": 1660285739000,
      "dynamicData": null,
      "data": {
        "tags": [],
        "unit": "Percent",
        "period": 900,
        "metrics": [],
        "alarmArn": "arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "alarmName": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
        "namespace": "aal-fw-aws-gwlb-stack_FW_PANW_ASG",
        "okactions": [],
        "statistic": "Average",
        "threshold": 20,
        "dimensions": [],
        "metricName": "DataPlaneCPUUtilizationPct",
        "alarmActions": [
          "arn:aws:autoscaling:us-east-1:1434695xxx80:scalingPolicy:715a500c-87eb-466b-b869-e1ff69fc8cc2:autoScalingGroupName/aal-fw-aws-gwlb-stack_FW_PANW_ASG:policyName/aal-fw-aws-gwlb-stack_FW_PANW_ASG-scalein"
        ],
        "actionsEnabled": true,
        "alarmDescription": "DataPlane CPU Utilization Low",
        "evaluationPeriods": 1,
        "comparisonOperator": "LessThanThreshold",
        "insufficientDataActions": []
      },
      "name": "aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "regionId": "us-east-1",
      "regionName": "AWS Virginia",
      "riskGrade": "n_a",
      "stateId": null,
      "url": "https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#alarm:name=arn:aws:cloudwatch:us-east-1:1434695xxx80:alarm:aal-fw-aws-gwlb-stack_FW_PANW_ASG-cw-cpu-low",
      "vpcId": null,
      "vpcName": "",
      "relationshipCounts": 0,
      "vulnerabilityCounts": null,
      "vpcExternalAssetId": "",
      "tags": {
        "": ""
      },
      "assetType": "CloudWatch Alarm",
      "serviceName": "Amazon CloudWatch",
      "resourceType": "CloudWatch Alarm",
      "accountGroup": "account",
      "accountName": "APAC AWS ACCOUNT ***** DO NOT DELETE*****",
      "assetClassId": "other",
      "assetClass": "Other",
      "deleted": false,
      "problem": [],
      "alertsCount": [],
      "attributes": {},
      "alertCountBySeverity": [],
      "ipAddresses": [],
      "trueInternetExposure": null
    }
  },
  "errors": []
}


Additional Information


资源扫描信息 V2 - GET
获取资产
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDfmCAG&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language