The Prisma Cloud Beat is developed to maintain cloud security posture management (CSPM) Alert and Audit Logs. This section will take you through the process of configuring Prisma Cloud to send logs to the Open Collector.
Prisma Cloud API URLs
The URL for the Prisma Cloud service varies depending on the cluster on which your tenant is deployed. Your order fulfillment email includes the URL for your Prisma Cloud service tenant. The admin console URLs and corresponding API URLs are in the table below.
|Prisma Cloud Admin Console URL||Prisma Cloud API URL|
Prisma Cloud Alert Logs
Prisma Cloud provides a range of alerts and notifications to keep users informed of security events and policy violations across their cloud environments. Refer to the Official Prisma Cloud Documentation to learn more about alerts and notifications.
Prisma Cloud provides an API for managing alerts in its Cloud Security Posture Management (CSPM) solution. The Prisma Cloud Beat uses List Alerts - Get API to fetch all alert logs.
The format of the URL parameter to collect alert logs using the Prisma Cloud Beat is <API URL for your tenant>/alert/.
For example: api4.prismacloud.io/alert/
Prisma Cloud Audit Logs
Prisma Cloud Audit Logs are detailed records of user activities, system events, and data access in Prisma Cloud that allows administrators to monitor and analyze user behavior, track changes to configurations and policies, and detect potential security threats. Refer to the Official Prisma Cloud Documentation to learn more about audit logs.
Prisma Cloud provides an API for accessing audit logs from their CSPM solution. The API allows organizations to retrieve audit logs programmatically and integrate them with other security tools and platforms.
To use the Prisma Cloud Audit Logs API, organizations must first enable audit logging in their Prisma Cloud account. Once enabled, Prisma Cloud Audit Logs can be accessed using the API.
The format of the URL parameter to collect audit logs using the Prisma Cloud Beat is <API URL for your tenant>/audit/redlock/.
For example: api4.prismacloud.io/audit/redlock/
Client ID (Access Key ID) and Client Secret (Secret Key)
Prisma Cloud uses Access Keys to integrate with the environments where you host your templates, source code, or pipelines. Access keys are specific to a user and they enforce the role and permissions assigned to the specified user.
In order to collect logs using the Prisma Cloud Beat, generate a new set of Access Keys using the steps below:
- From the Prisma Cloud console, click Settings, and then Access Control.
- Click Access Keys, and then Add Access Key.
- Enter a unique access key Name.
(Optional.) Check the Key Expiry box, and then enter an expiration date and time.
As a security best practice, set an expiration time for the validity of your access key.
- Click Create.
The API Key Generated screen appears.
Copy and save your new Access Key ID and Secret Key in a secure location.
These keys are inaccessible after leaving this screen. Be sure to copy them to a text document before leaving this screen.
You can optionally select Download .csv file to download this information.