Generate an API Access Key in Prisma Cloud - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-11-12
Category
User Guide
Solution
Cloud
Abstract

Steps for generating an API access key in Prisma Cloud to use in the API integration with Cortex Xpanse.

Before configuring the Prisma Cloud API connector in Cortex Xpanse Expander, you must generate an API access key in Prisma Cloud. While generating the API access key, gather the following information which will be required to create the API connector in Expander:

  • Access Key ID

  • Secret Access Key

  • Prisma Cloud API URL for your tenant

  1. Log into Prisma Cloud CSPM as an Administrator level user.

  2. Select Settings from the left-side menu.

    prisma-settings.png
  3. Within Settings, go to Account Groups and click Add Account Group.

    prisma-account-groups.png
  4. Name the new account group, and select the cloud accounts that you want to be accessible for this group.

    prisma-account-group-setup.png
  5. After creating the new Account Group, select Access ControlsRoles from the left-side menu. Click Add to add a new role.

    prisma-access-control-roles.png
  6. Give your new role a descriptive Name, select the permissions desired (the Xpanse integration requires a minimum of Account Group Read Only) and select your newly created Account Group (from step 4) as the Account Group.

    prisma-create-new-role.png
  7. After creating the new role, go to Access ControlUsers . Click Add and select Service Account.

    prisma-add-service-account.png
  8. Give your new service account a descriptive Service Account Name and select your newly created role as the assigned Role. Click Next.

    prisma-service-account-details.png
  9. On the Access Key Details screen, provide an Access Key Name for the generated access key. We recommend that you do not Enable Expiration for this access key since it will cause the connector to fail in Xpanse when the key expires.

    prisma-access-key-details.png
  10. Copy the generated Access Key ID and Secret Access Key and keep them secure. You will use these to configure a new API connector within Xpanse.

    prisma-access-key-results.png
  11. Find the correct API URL to use by referencing this table.

    https://prisma.pan.dev/api/cloud/api-urls/