Prisma Cloud Compute Edition Container Vulnerability Connector

Prisma Cloud Compute Edition is a comprehensive Cloud Native Security Platform (CNSP) which includes container vulnerability management.  This scanner was formerly known as Twistlock. 

Use the Prisma Cloud connector in Kenna to assist you in reducing risk across your containerized infrastructure.

The Prisma Cloud connector ingests information from containers and the images they run.  In Kenna, containers inherit the same CVEs as the images that they are running. You therefore can manage risk by focusing on either containers or images, depending on your preferred workflow.

Important: This connector DOES NOT support the Prisma Cloud Enterprise Edition.

Adding the Prisma Cloud Connector

To add the connector to your environment, navigate to the Connectors tab on the navigation bar and select Add Connector. 

Add_Connector.png

Select Prisma Cloud from the Vulnerability Management section as shown below.
Vuln_Mngmnt.png

Enter the appropriate information in the pop-up window.

Prisma_cloud.png

Click Save And Verify. Once complete, proceed to upload and run your connector. 

On the VM Explore right-hand navigation bar, there are multiple filters that provide the ability to view the assets and vulnerabilities specific to your Prisma Cloud environment.

Filters.png 

Note: It is possible to filter based on images, containers or both. 

Roles Required

For the purpose of least-privilege access needed, it is recommended you use a Prisma user with the DevSecOps User role for interacting with Kenna.

User_Role.png 

Important note when using Prisma Collections: For API users that are restricted to a specific set of Prisma Collections, the API requests will fail. For this reason, you must grant your API user access to all Collections.

Prisma Cloud Compute Edition Data in Kenna

When Prisma Cloud Compute Edition is enabled, the new Type column in the Explore page will allow you to easily distinguish one type of asset from another.

Important: Currently, the only supported asset types are container and image; others will not have a Type value.

Type_column.png

Note: In order to see the Type column, enable it using the Display dropdown.

Type_selection.png

Additionally, a new filter shows the counts of the Prisma Cloud asset types - container or image. container_or_image.png

Important: Disconnected projects in the Prisma Cloud environment can lead to connector run failures. To prevent this, all disconnected projects within Prisma Cloud must either be reconnected or have access to these projects restricted via the Prisma Cloud console.

Additional Settings

The following additional settings can be enabled in your connector.

Custom Ordered Locators

If a custom locator order is required, you must add the following additional two locators to the beginning of that list: container_locator, image_locator, ..., … .
Important: To have these enabled, or for more information, contact your Customer Experience (CX) Team.

Importing Image Data Only

When setting up your connector, you have the option to only import image data. This can be done by selecting the Do Not Import Container Data checkbox.

Importing_image.png

Frequently Asked Questions

  • Why do I see fewer or more containers and images in Kenna than I expect?

First, search Prisma Cloud for the same container or image to determine if assets appear as expected in Prisma Cloud.If assets do not appear as expected in Prisma Cloud, then you can adjust your Prisma scan settings to run more frequently.

Scheduling.png

Additionally, note that by default Prisma Cloud only present image vulnerabilities for those images which have been used by recent containers. You can disable this behavior, but it is recommended that you keep it enabled.

Running_images.png

Next, if the containers and images that expect appear in Prisma Cloud but not in Kenna, then a new connector run may be needed.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.