Steps for generating an API access key in Prisma Cloud to use in the API integration with Cortex Xpanse.
Before configuring the Prisma Cloud API connector in Cortex Xpanse Expander, you must generate an API access key in Prisma Cloud. While generating the API access key, gather the following information which will be required to create the API connector in Expander:
Access Key ID
Secret Access Key
Prisma Cloud API URL for your tenant
Log into Prisma Cloud CSPM as an Administrator level user.
Select Settings from the left-side menu.
Within Settings, go to Account Groups and click Add Account Group.
Name the new account group, and select the cloud accounts that you want to be accessible for this group.
After creating the new Account Group, select Access Controls > Roles from the left-side menu. Click Add to add a new role.
Give your new role a descriptive Name, select the permissions desired (the Xpanse integration requires a minimum of Account Group Read Only) and select your newly created Account Group (from step 4) as the Account Group.
After creating the new role, go to Access Control > Users. Click Add and select Service Account.
Give your new service account a descriptive Service Account Name and select your newly created role as the assigned Role. Click Next.
On the Access Key Details screen, provide an Access Key Name for the generated access key. We recommend that you do not Enable Expiration for this access key since it will cause the connector to fail in Xpanse when the key expires.
Copy the generated Access Key ID and Secret Access Key and keep them secure. You will use these to configure a new API connector within Xpanse.
Find the correct API URL to use by referencing this table.