Palo Alto Networks - Prisma Advanced Tools

[toc]

---

Advanced Tools

–

Prisma Cloud API

Prisma Cloud REST API

• representational state transfer (REST) API that Prisma Cloud supports.
• Application programming interfaces (APIs) allow one software program to communicate with another.
• The REST API works like a web server where an API call is made from a client and sent to a server.
• REST uses the HTTP protocol where data is exchanged using JSON structured data, and uses HTTP methods POST, PUT, GET, OPTIONS, DELETE, and PATCH to read and write data.

Prisma Cloud has a REST API that allows to configure custom integrations for cloud security needs.

1. Create Access Key
   1. Admin generates Access Key and Secret Key.
2. Submit Login API Request
   1. The user submits the login API request to generate the token and to receive the token back from the API call.
3. REST API Server
   1. Processes the JSON Web Token (JWT) Request and returns the token to the requester.
4. JWT Returned
   1. The JWT is valid for 10min, and must be refreshed for continued access to the Prisma Cloud API.
   2. If an API request is made with an expired JWT request, the request will return an HTTP 401 Unauthorized response
5. Use JWT
   1. The JWT then is used to authenticate all subsequent REST API requests on Prisma Cloud.

Logging In

• The API can be accessed via the API Docs > Help Center > API.
• Using Prisma Cloud Login
  • Log in with Prisma Cloud login credentials: username and password.
  • Caution: The password is visible as it is being typed.
  • The customerName is optional and can be used if have multiple tenants. -
• Using the Access Key Login
  • In order to generate an Access Key, must be a user with a system admin role.
  • generate an Access Key
  • 
  • Downloading the Access Key and Secret Key
    • From the API Key Generated dialog box, can download a copy of the Access Key ID and Secret Key to a .CSV file.
    • There are also options to copy and paste the values.
    • must select the download option to continue.
    • This is the only opportunity to download the Secret Key.
    • If it is lost or deleted, must generate a new Access Key.
    • are limited to a maximum of two Access Keys.
  • Updating an Access Key
    • After generate an Access Key, it is listed in the Access Keys table.
    • The keys are listed by the Access Key ID.
    • can update an Access Key from the table.
    • This provides the opportunity to update the Key Expiry date and extend use of the key.

Demo: Accessing the API Reference

help center > doc > api > api reference

---

Interactive CLI Tool

The Interactive CLI tool can be used to extract data and automate manual workflows.

• Commands supported by the CLI can present a series of questions that can help with
  • bulk onboarding and deboarding of cloud accounts,
  • getting the status of cloud accounts,
  • role-based access control (RBAC),
  • fetching relevant alerts and policies,
  • and cloning policies from within and across accounts.

The CLI Tool

• CLI Tool Installation
• can be installed and executed from the Windows Powershell.
• Requires Node.js
  • npm I –g redlock-cli to install the JavaScript runtime on local system.
• Enabling Scripts
  • enable execution of scripts on your system.
  • If you receive an error that scripts are disabled on your system, you can run a command to allow script execution.
  • For Windows 10: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
• Using the CLI Tool
  • redlock-cli command
• Creating a Profile to use for authentication.
  • redlock-cli profiles
  • 
• Testing the CLI Connection
  • Use redlock-cli ping to test your connection.
  • The response will contain the body response payload and the HTTP response statusCode.
  • 
• login
  • redlock-cli login
  • redlock-cli cloud-account fetch > 1.json
  • redlock-cli users add

help center > doc > api > api reference > CLI

---

.