Calculate Document
Dashboarding In Prisma Cloud
logo
Calculate Document

No results found

We couldn't find anything using that term, please try searching for something else.

Dashboarding In Prisma Cloud

By Richard Vega, Senior Customer Success Engineer     Dashboarding In Prisma Cloud ThePrisma Cloud Darwin release enables you to utilize out of th

Related articles

Best VPN for Russia 2024
Best VPN for Russia 2024 Gaming Streaming Best VPNs Windows Mac good VPN is Get for Russia in 2024 – Get russian IP Address If you ’re live in Russia or plan to visit the country soon , you is need will need to use a VPN . Although vpn are legal in Russia , it is is is illegal to use them to view block content unavailable in Russia . Since Russia attracts many visitors each year, it is important to have a VPN in your arsenal to ensure you can still browse the web freely while in the region. Similarly, if you’re based...
Do VPNs Still Work in China? (even in November 2024?)
Do VPNs Still Work in China? (even in November 2024?) Do VPNs still work in China? If you are currently in China, you’re probably aware of how difficult it is to connect to a VPN right now. Don’t worry – you’re not alone. This is a problem people are having all across the country. So what has happened? Do VPNs no longer work in China? Special Note: These past few years have been particularly hard on VPN users in China. With COVID-19, Hong Kong protests, the trade wars and other major narratives China wants to control, the Ministry of Information has been particularly harsh. All that to say this: no...
Gartner: Zero Trust Will Replace Your VPN by 2025
Gartner: Zero Trust Will Replace Your VPN by 2025 Zero Trust Network Access (ZTNA) is the fastest-growing segment in network security and is forecast to grow 31% in 2023, according to a Gartner study. The research firm notes that this is up from less than 10% at the end of 2021. The zero trust framework continues to gain interest in the data center industry due to the acceleration of the demand for “work from anywhere” network access fueled by the coronavirus pandemic.The growth will continue as organizations become familiar with ZTNA and elect to deploy it for office workers as well. Gartner predicts that the transition from virtual private networks...
PPTP Port Number: Essential Guide for VPN Setup
PPTP Port Number: Essential Guide for VPN Setup Unlocking the Secrets of PPTP Port Number: A Practical Guide When it comes to setting up a VPN, the term ‘port number’ often feels like a mysterious code only the tech-savvy can decipher. But, what if I told you that understanding the PPTP port number is not as complex as it seems? By the end of this article, you’ll be navigating your network settings with the confidence of a seasoned pro. Let’s delve into the world of Point-to-Point Tunneling Protocol and uncover the secrets of its port number. What is PPTP? PPTP, or Point-to-Point Tunneling Protocol, is a method used...
Best VPN for iPhone 2024: Paid & Free VPNs to Consider
Best VPN for iPhone 2024: Paid & Free VPNs to Consider Why you can trust us407 Cloud Software Products and Services Tested3056 Annual Software speed Tests2400 plus Hours Usability TestingOur team of experts thoroughly test each service, evaluating it for features, usability, security, value for money and more. Learn more about how we conduct our testing. Key Takeaways: These Are the Best VPNs for iPhone NordVPN — Best VPN overall with great speeds, advanced features and affordable pricing. A 74% (plus 3 months free) discount is available for users who choose NordVPN’s extended subscription options. Surfshark — Best VPN with unlimited simultaneous connections. New Surfshark subscribers get up to (for the...

By Richard Vega, Senior Customer Success Engineer

 

 

Dashboarding In Prisma Cloud

ThePrisma Cloud Darwin release enables you to utilize out of the box dashboards as well as custom dashboards. With the capabilities to track andmonitor your cloud security posture ranging from vulnerabilities to compliance. In this article, we will discuss the existing OOTB dashboards andthe capability of creating custom dashboards in Prisma Cloud.

 

I.   Out of the box Dashboards

 

prerequisite

 

To view the code to cloud dashboard, complete the following tasks:

 

A.   Code to Cloud Dashboard

 

 

 

 

figure 1 : codetoclouddashboard_palo – alto – network

 

A.   Code to Cloud Dashboard

 

late Events Tracker

 

TheDashboards > Code to Cloud > late Events Tracker provides a stream of updates to track changes across key metrics such as Threats Detected, Alerts Remediated, Critical Alerts etc., to help you assess the strength of your security posture in real time.

 

use the late event live stream to quickly assess the potential threat activity take place in your cloud environment . You is click can also double – click on any event to investigate critical vulnerability andbuild – time issue detect . selectSee All Events to see a list of the latest security events across your cloud estate. Select any event to navigate to the specific alert andinvestigate further.

 

Cloud Inventory andGraph

Figure 2: Cloud Inventory_palo-alto-networks

 

Code to Cloud Inventory provides a panoramic view of your entire cloud estate, helping you understand how well your organization is embracing security best practices across your cloud environment, from individual resources to the entire code pipeline.

 

  • Graph data is sourced from incident, attack Paths, Vulnerability Explorer data andIaC scans. Percentages are calculated by taking the latest snapshot andcomparing it against data for the last 30 days, to derive the percentage difference.
  • Metrics do not include data from non-onboarded accounts.  Cloud accounts must be fully onboarded on the platform to view metrics.

 

Code/Build Inventory

Figure 3: Code&Build_palo-alto-networks

 

TheCode/Build Inventory widget surfaces metrics derived from the monitoring andscanning of hundreds of code repositories across the three repository systems secured by Prisma Cloud scanners including IaC/SCA, andSecrets. Historical developer data for code issues andpull requests are also surfaced.

 

TheCode Issues in Repositories graph captures code errors in the default branch of all onboarded repositories over the last thirty days. Use this graph to track your team’s progress in resolving code errors before they affect your production systems.

Code andBuild Inventory provides you with a quick rundown of your protected repositories. Select any metric such as Repositories Systems to see a full catalog of all theCode & Build Providers with flags for Code Issues.

 

Deploy Inventory

Figure 4: DeployInventory_palo-alto-networks

 

TheDeploy Inventory graph visualizes the critical andhigh severity alerts triggered by vulnerabilities detected in container images andregistries in the last 30 days. Here you can monitor trends in the rate of vulnerabilities identified across your workloads.

 

Select any metric in the Deploy Inventory table to further investigate the following:

  • Container Registries: View all the registries that currently scanned for vulnerabilities
  • Container Images: View details on container images with detected vulnerabilities
  • Trusted Images: View all the running images in your environment andtheir trust status

 

Runtime Inventory

Figure 5: Runtime Inventory_palo-alto-networks

 

Runtime Inventory helps you quantify anddemonstrate your progress in securing your workloads. TheRuntime graph captures the top critical andhigh severity incidents andalerts triggered by attack path policies in the last 30 days. Review the trendline to track your team’s progress in the remediation andthe burn down of urgent incidents.

 

select any metric on the Runtime Inventory table to view the total number ofcloud provider andasset, andworkload protect by agent . For instance , you is select can select theWorkloads Protected by Agents metric to view potentially compromised workloads that may be infected with malware.

 

TheInventory data above is sourced from Prisma Cloud incident, attack Paths, Vulnerability Explorer, andIaC scanning data. Percentages are calculated by tabulating the difference between the latest snapshot anddata points for the last 30 days.

 

Top Issues by Collection

 

TheCode to Cloud dashboard, also provides you with the option to define your applications orteams andassign owners to track andmonitor progress. You can compare key metrics such as Code Issues in Repositories orUrgent Vulnerabilities in Images across team , business unit andapplication to benchmark security standard .

 

Thefirst row of the table captures the aggregate of all issues across the tenants in your onboarded accounts. Use the Sort By drop-down to categorize your business unit view across Code/Build, Deploy andRun phases of the application lifecycle.

 

add row also allows you to create your own custom collection of accounts, application owners orbusiness units to obtain more granular results on risks by individual applications andstakeholders.

 

Thefollowing caveats apply to Collections:

  • Only System Administrators can create oradd Collections.
  • TheCode to Cloud Row trendline is initiated after at least one row is added. Trendline data is populated only after regularly scheduled Prisma Cloud system updates. Trendlines may display a no data available message prior to system update.
  • You can add Repositories to Collections. If a Repository is deleted at the source, it may still appear in a Collection 

    B.   Command Center Dashboard 

Figure 6: Command Center Dashboard_palo-alto-networks

 

B.   Command Center Dashboard 

 

TheCommand Center dashboard provides you with a unified view of the top cloud security incidents andrisks uncovered across the assets monitored by Prisma Cloud. It provides security teams with a picture of the highest priority incidents andrisks that require attention across the following attack vectors:

 

  • incident
  • attack Paths
  • misconfiguration
  • Vulnerabilities
  • exposure
  • identity Risks
  • Data Risks

 

TheCommand Center dashboard is only available to users with a System Admin role.


total Urgent Alerts

 

Thetotal Urgent Alerts bar provides a tally of alerts grouped by incident, misconfiguration, exposure, Identity, andData Risks. TheFilter controls above the Alerts bar allowing you to narrow your investigation to a specific Time Range orAccount Group.  

 

You can select multiple account groups at once to view data from multiple account sources. Filter data retrieved is updated across all the alert visualizations on the dashboard. Therevert icon on the right above the total Urgent Alerts bar allows you to revert back to default filter settings.

 

figure 7 : Urgent Issues_palo – alto – network

 

Alerts Visualization

 

Actionable alert data is further grouped into the following areas by risk type:

 

  • incident: Retrieves data for critical andhigh severity alerts, generated by policies that detect potential security issues from misconfiguration orexposure, across your cloud infrastructure.
  • attack Paths: provide the total number of critical andhigh severity alert , trigger by policy cover issue that when take together indicate a heighten risk of attack .
  • misconfiguration: Captures data for alerts generated by policies with configuration errors.
  • Vulnerabilities: Provides insight into potentially compromised assets in your cloud environment, capturing the top five assets with vulnerabilities that triggered the most number of Critical andHigh alerts. Click on any listed image orasset to access the Assets Explorer to investigate further andtake remedial action, if necessary.
  • exposure: Retrieves data for alerts generated by violations in network policies; in addition to the policy subtype config.
  • identity Risks: Lists alerts generated by violations in Identity andAccess Management policies. This view is only available by subscription.
  • Data Risks: Retrieves data for alerts generated by exceptions in the policy type Data. This view is only enabled by subscription.

 

Alerts Actions

 

Each alerts visualization allows you to further drill down andview the source of the alert by the policy name orthe asset it originated from:

 

Figure 8: incident Widgets_palo-alto-networks

Theincident widget above for instance, provides three visualizations of urgent alerts activity:

 

  • Urgent incident: Provides a donut chart visualization of Critical andHigh severity incident. Select any alert for an in depth look at alerts generated by policies that detect potential security issues from misconfiguration orexposure.
  • Top incident by Policy: Lists the top five policies that triggered an alert. Select a policy oran alert total for a detailed view of policy coverage incidents. You can also investigate alerts within individual policy .
  • Top Attack Path by Policy: Lists top five attack paths by policy, type, severity, andnumber of alerts. Learn more about respond to alert generate for a specific attack path .
  • Top incident by Asset: Lists top five incidents by asset name, number of alerts, service, andaccount name. Learn more about respond to alert generated in a specific asset.

C.   Vulnerability Dashboard

Figure 9: Vulnerability Dashboard_palo-alto-networks

 

C.   Vulnerability Dashboard


Prisma Cloud Vulnerabilities Dashboard gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. An overview of the top impacting CVEs enables you to prioritize vulnerabilities based on existing risks andtrace them from runtime back to the source.  

 

This risk assessment capability helps you to make informed decisions with findings andfix the vulnerable package orbase image in code. This capability will allow you to remediate the root cause andresolve the issue when the build is next executed.

 

Thedashboard helps you answer:

 

  • What are all the vulnerable assets is are across my entire application lifecycle ?
  • Where should I is focus focus to find andfix the vulnerability ? What are the critical andurgent ones is are , andthe one that are patchable ?
  • What actions can I take to remediate ormitigate the vulnerabilities in Code orCloud?

Discover Vulnerabilities

figure 10 : PrioritizedVulnerabilities_palo – alto – network

 

OnDashboard > Vulnerabilities you can discover all the vulnerabilities across your environment. Let’s say, there are 25K vulnerabilities in your environment out of which only 20,637 are critical andhigh, 7,470 are exploitable, out of which 7,400 are patchable meaning these vulnerabilities are actionable for you to fix them.  

 

Thefunnel in the Prioritized Vulnerabilities further narrows down to just 35 vulnerable packages that are in use in the runtime that you can focus on.

 

prerequisite

 

 

Thefollowing visualizations are available for you to help contextualize risks from vulnerabilities:

 

  • vulnerability Overview – Provides a summarized view of the total vulnerabilities in your environment further divided into Vulnerabilities by Asset andVulnerabilities that have already been remediated.  
    • Allowing you to track andshare your progress in securing your environment. Visualize the trends with Total Vulnerable Assets, andtheir metadata ,Total Vulnerabilities is Remediated remediate, andTotal Vulnerabilities count in the current snapshot.
  • Prioritized Vulnerabilities – Discover all the vulnerabilities across your workloads andidentify the top-priority vulnerabilities (aggregated vulnerabilities that are urgent, exploitable, patchable, andvulnerable packages in use).
    • Thevulnerabilities sourced from Compute andCAS (Cloud App Sec) are prioritized andaggregated based on the most urgent, exploitable, patchable, andvulnerable packages in use. This prioritization helps you to identify the top-priority vulnerabilities to focus on.
    • Theaggregation is based on vulnerabilities that are:
      • Urgent: Critical, High
      • Exploitable: Exploit in the Wild andExploit in POC
      • Patchable: Vulnerabilities that are actionable andhave a patch to fix ormitigate.
      • Vulnerable packages in use.
  • Top Impacting vulnerability – Provides a ranked list of the most critical vulnerabilities in your environment based on the risk score. Theranked list consists of CVEs affecting the environment. Each CVE includes data about its risk factors, severity, CVSS, risk factors, andassets impacted.
    • Review the top-impacting vulnerabilities based on the CVE severity, CVSS score, Risk Factors, andthe assets impacted across your CI/CD pipeline.
  • Vulnerability Impact by Stage – Visualize the sources of the vulnerabilities andthe impact of the vulnerability across app stages of your application lifecycle. Trace vulnerabilities from runtime back to the repositories they originate from.
    • At each stage , you is select can select andinvestigate any of the impact asset such as Packages , Images in IaC Files , host VM Images , Registry Images , deploy Images , Serverless Functions , andHosts .  
      • This makes it easier for you to trace back the packages andimages that were used to build a workload that is now vulnerable in the deploy stage, orruntime.

D.   Compliance Dashboard

 

Figure 11: Compliance Dashboard_palo-alto-networks

 

D.   Compliance Dashboard


Prisma Cloud’s Compliance dashboard provides a snapshot view of your overall compliance posture across multiple compliance standards. Thedashboard provides you with an interactive look at how your compliance coverage maps to the established compliance frameworks available within Prisma Cloud.

use the Compliance dashboard as a tool for risk oversight across all the support cloud platform andquickly evaluate your compliance posture using real – time datum . use the provideFilters to hone in on the time period, cloud account, oraccount group you would like to focus on.  

 

By default, the dashboard shows your compliance state for the last 24 hour period. TheCompliance dashboard is available to users with the System Administrator role on all stacks, with the exception of app.gov  andapp.cn .
 

Compliance Overview

figure 12 : compliance Overview_palo – alto – network

 

Thecompliance score presents data on the total unique resources that are passing orfailing the policy checks that match compliance standards. Use this score to audit how many unique resources are failing compliance checks andget a quick count on the severity of these failures.  

 

Thelinks allow you to view the list of all resources on the Inventory page, andthe View Alerts link enables you to view all the open alerts of Low, Medium, orHigh severity.

Compliance Trend

 

Thecompliance trendline is a line chart that shows you how the compliance posture of your monitored resources have changed over time (on the horizontal X axis). You can view the total number of resources monitored (in blue), andthe number of resources that passed (in green) andfailed (in red) over that time period.

 

Compliance Coverage

 

TheCompliance coverage bar graph highlights the passed andfailed resource count across all compliance standards for easy comparison. Select any given compliance standard to view the total number of failed assets for that standard. Click on the compliance standard to view policy details.

E. Code Security Dashboard 

figure 13 : Code Security dashboard_palo – alto – network

 

E. Code Security Dashboard 

 

As a part of Application Security , the Code Security dashboard is provides provide you with a contextual view of the top code security vulnerability andmisconfiguration identify in scan across the code andbuild integration on Prisma Cloud .

 

It gives you a contextual understanding of high priority errors that require attention across these vectors:

  • high – risk code error by severity
  • historical datum for code issue andpull request
  • common policy error
  • license error in non – compliant package
  • IaC error in code category
  • Vulnerabilities seen in CVE from CVSS score

 

You can view the dashboard on Dashboards > Code Security. TheCode Security dashboard is only available if you have subscribed to Application Security on Prisma Cloud. To know more on user role permissions see Prisma Cloud Administrator Permissions.

 

TheCode Security dashboard is available to users with the System Administrator role on all stacks, with the exception of app.gov and app.cn .

 

Errors by severity

 

TheTotal Errors bar provides a summary of code errors across severity of Critical, High, Medium, Low, andInfo. You can see custom results for all Code Security errors using filters that allow you to narrow your investigation to a specific repository , Code Category , orseverity .  

 

You can select multiple repositories, code categories, andseverities at once to narrow your investigation to find critical errors that may need immediate remediation. Filtering the data updates all visualizations on the dashboard. Thereset filters allow you to revert back to default filter settings.  

 

You can also see contextual results for code errors by severity when selecting the number corresponding to the severity giving you access to the results from Prisma Cloud switcher Application Security Projects > Overview. OnProjects, you can execute remedial actions, if necessary.

 

Code Errors Visualization

 

Thecode errors are actionable andare grouped in these areas:

 

  • high – risk code error by severity: TheTop Repositories by High Risk Code Error Count provides a bar graph visualization of the top trending repositories to have a maximum number of Critical orHigh severity errors. Therepresenting data is periodically updated, andyou can verify the accuracy of the last scan by hovering on the timestamp.

 

Figure 14: Code Errors_palo-alto-networks

  • historical datum for code issue andpull request: View the trend for code errors andpull requests for repositories that are scanned using Prisma Cloud.
  • Code Issues over time: Visualizes the trendline of code errors from the last 30 days of a default branch in an integrated repository. Thedata also gives you an understanding of when the errors occurred by monitoring data on Opened Earlier, Fix Pending, andSuppressed. You is see can also see if any remedial action were take on the same day by monitor datum onFixed Today andOpened Today.


Figure 15: Code Issues_palo-alto-networks

 

  • Pull Requests over time: Visualizes a trendline of pull requests created on specific branches of integrated repositories from the last 30 days. Monitor the vulnerability status of the PR across Failed Earlier, fail today, Resolved, andpass.


Figure 16: Pull Requests_palo-alto-networks

 

  • common policy error: TheCommon Errors by Policy provides a view of policies that have the highest error count. Thedata contextualized here is after periodic scans with timestamp available for you to see. With the high count of errors within a policy, you can also have information of the type of policy by Labels, andthe severity.  
    • Selecting the policy directs you to policy for more actionable information . While select the error count direct you toApplication Security > Projects > Overview to execute a remedial action , if necessary .

figure 17 : Common Errors _ palo – alto – network

 

  • license error in non – compliant package: TheTop Non-compliant Package licenses provides insight into non-compliant package licenses that are being used in the repositories. Thedata shows the number of repositories that are potentially exposed due to usage of non-compliant package licenses.
    •  Thecount shows the total number of instances the non-compliant package is used. Selecting the count directs you to Application Security > Projects > Overview with the non – compliant package already filter . You is choose can choose to execute a manual remedial action onOverview, if necessary.

  • IaC error in code category: TheIaC Errors by Category provides a summarized view for misconfigurations seen in IaC category. Thecount in each category is the number of misconfigurations identified andon selecting the count directs you to Application Security > Projects > IaC Misconfiguration where you can choose to execute a remedial action on Resource Explorer.

  • Vulnerabilities seen in CVE from CVSS score: TheTop CVSS Score Code Vulnerabilities lists the highest CVSS score identified across vulnerability scans. You also see the Risk Factors, the potentially compromised CVE with severity, andCount. Selecting the count directs you to Application Security > Projects > Vulnerabilities with the CVE errors preselected.

F.   Custom Dashboards

figure 18 : manage dashboards_palo – alto – network

 

F.   Custom Dashboards

Custom Dashboards are an option you have in Prisma Cloud to create your own customized views for the different personas in your organization. You can use a combination of the functionality discussed above as well as customize for your organization’s desired result.

You can add andmanage dashboards enable, disable, share, andclone as seen above.


You can also add a new custom dashboard from scratch to fit your specific needs:

figure 19 : add dashboard_palo – alto – network

From here, you can add widgets to customize your dashboard view andshare your dashboard with other Prisma Cloud users.

Figure 20: Custom Dashboard_palo-alto-networks

 

Prisma Cloud has a number of widgets that can be used to customize your dashboard andslice anddice data as you see fit. Each of these widgets has their own settings as well so you can include things like account groups oredit existing widgets to only contain certain data points – you can be as granular as need be.

To enable shareability of your custom dashboards you will need to make sure the access permissions are set to public:

Figure 21: Access Settings_palo-alto-networks

 

II.   Summary

 

In this article we talked about the Code To Cloud, Command Center, Vulnerability, Compliance, Code Security, And Custom dashboards that allow you to track, visualize, andshare the metrics that matter most to you andyour team. Widgets with visual representations in various formats such as line andbar graphs andpie charts are available to track key metrics such as assets with the most urgent alerts andvulnerabilities, resource compliance trend charts, andtop risks to remediate. Share dashboard visualizations with your management team to quantify your progress in hardening your security posture.

 

III.   References

 


IV.   About the Author

 

Richard Vega is a Senior Customer Success Engineer at Palo Alto Networks specializing in securing Multi-Cloud infrastructure andbeing a trusted advisor to large andstrategic customers. Rich is no stranger to wearing many hats andhas worked in Sales, Product, Engineering andCustomer Success in his career so he brings a unique perspective to the table when it comes to working with customers on securing their cloud assets.