Palo Alto Networks - Prisma Generating Report

Posted Oct 18, 2020 Updated Oct 30, 2022

By Grace L

3 min read

[toc]

Prisma Cloud - Generating Report

–

Generate and Download Compliance Reports

Available Compliance Reports in Prisma Cloud

Unlike the Asset Inventory Dashboard that aggregates all your resources and displays the pass and fail count for all monitored resources,
the Compliance Dashboard only displays the results for monitored resources that match the policies included within a compliance standard.

Compliance Overview

Compliance Posture
- Gain risk oversight across all the supported cloud platforms and gauge the effectiveness of the security processes and controls you have implemented.
Compliance Standards
- For a complete list of the compliance standards supported by Prisma Cloud, reference the Prisma Cloud Administrators Guide.

Compliance Standards Reports

create compliance reports based on a cloud compliance standard for immediate online viewing or download, or schedule recurring reports, monitor compliance to the standard over time.
Compliance Standards
- Prisma Cloud also supports the downloading of reports on the details of the compliance standards configured in environment.
- This includes the name of the standard, and the requirements, sections, and descriptions that define the standard.
Custom Compliance Standards
- Prisma Cloud also supports creating a custom compliance standard.
- Once a new custom compliance standard has been created, policies can then associated to the new standard.
- The policies that are associated to the new standard can be out of the box default policies, or custom policies that you define.

Compliance > Standards

Demo: Create a Custom Compliance Standard

Compliance > Standards > add New
Default: no Policy

Demo: Add a Policy to a Custom Compliance Standard

Demo: Create a Custom Policy

Alerts Report

Prisma Cloud correlates configuration data with user behavior and network traffic to provide context around misconfigurations and threats, in the form of actionable alerts.

As soon as associate the account groups with an active alert rule, Prisma Cloud generates an alert when it detects a violation in a policy that is included in the alert rule.

Alert Statuses

4 alert statuses in Prism Cloud:
open, resolved, snoozed, and dismissed.
Open
- Prisma Cloud identified a policy violation that triggered the alert and the violation has not yet been resolved.
Resolved
- Alerts transition to Resolved when the issue that caused the policy violation is resolved.
- Alerts can change to Resolve due to a change in the policy or alert rule that triggered the alert.
- A resolved alert can transition back to the Open state.
Snoozed
- A Prisma Cloud administrator temporarily dismissed an alert for a specified time period.
- When the timer expires, the alert is automatically in an Open or Resolved state.
Dismissed
- A Prisma Cloud administrator manually dismissed the alert.
- Dismissed alerts can be manually re-opened, if needed.

Audit Logs Report

Audit Logs section enables companies to prepare for such audits and demonstrate compliance.

The Audit logs section lists out the actions performed by the users of the system.

Who: specifies the user who performed the action.
When: provided by Timestamp.
Where: the source IP address of the user.
What: provides the details of what has been updated, created, or deleted.

check

How are compliance reports generated in Prisma Cloud?

Compliance tab -> select the report to download in the Reports section

How can a user associate custom policies to a compliance standard?

When creating a new policy, select one or more compliance standards for the new rule

An Alert report can be downloaded in which file format?

.CSV

“groups”: {}, “toPort”: 15000, “fromPort”: 80, “ipRanges”: { “items”: [ { “cidrIp”: “10.0.0.0/8” } ] }, “ipProtocol”: “tcp”, “ipv6Ranges”: {}, “prefixListIds”: {}

SOC, PaloAlto

SOC Prisma

This post is licensed under CC BY 4.0 by the author.