Configure the Prisma Cloud Integration in Cortex Xpanse - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Enable Cortex Xpanse to ingest Prisma Cloud data.

Before you begin this task, you must generate an API access key and secret key in Prisma Cloud. See Generate an API Access Key in Prisma Cloud.

  1. Navigate to SettingsConfigurationsData CollectionCollection Integrations.

  2. Click + Add Instance for Prisma Cloud.

  3. In the Collection Integration window, complete the information as follows:

    1. Enter a descriptive Name of your choice.

    2. In the Access Key ID field, enter your Prisma Cloud API access key ID.

    3. In the Secret Key field, enter your Prisma Cloud secret key.

    4. In the Service URL field, enter the URL for your Prisma Cloud instance.

      The Prisma Cloud URL is different between the UI and APIs. Customers that log into should input as the Service URL.

    5. In the Business Unit field, select the business unit you’d like to assign these assets to in Xpanse.

  4. Click Add Integration.

    Prisma Cloud data may take up to 48 hours to be ingested into your Cortex Xpanse Expander instance.

Once you've configured the Prisma Cloud collection integration it may take up to 48 hours for new asset records, services, websites, alerts, and incidents to appear. This is because the collection process must run multiple times to ensure that data is only loaded for high confidence resources and can be properly combined with Xpanse global scan findings.

If after 48 hours you don't see new assets, services, websites, alerts, or incidents, check for errors on the collection integration configuration page in Settings. You should also confirm that you've properly configured access to all of the desired account groups in Prisma Cloud.