Palo Alto Networks Prisma Cloud (CSPM)
The Prisma Cloud Connector centralizes cloud asset inventory from AWS, Azure, and GCP into Qualys Enterprise TruRisk Management, enabling security teams to correlate and analyze cloud resources within a unified platform.
By normalizing metadata and retaining cloud tags from Prisma Cloud, it provides consistent visibility across multiple cloud environments without manual data collection.
The connector supports incremental synchronization, allowing teams to maintain current asset information with minimal overhead. This integration solves the fragmentation problem by consolidating cloud assets across separate systems for comprehensive risk analysis and asset correlation.
Connector Details
The following table provides details related to the Prisma connector.
| Vendor | Palo Alto Networks |
| Product | Prisma Cloud |
| Connector Category | Cloud Inventory |
| Asset Types Supported | Cloud resources (Compute, Storage, Container) |
| Finding Types Supported | Assets (Inventory) |
| Supported Version & Type | SaaS (Prisma Cloud API / latest) |
| Integration Method | API Integration (REST) |
| Direction | Unidirectional (Prisma > Qualys) |
| Incremental Sync (Delta) | Supported (connector supports incremental inventory pulls) |
| Import of Source Tags | Supported (cloud tags retained) |
Connection Settings
User Roles and Permissions
The connector requires a Prisma Cloud access key/secret created in Prisma Cloud Settings > Access Control > Access Keys. The access key must have permissions to read asset inventory and resource listings.
Authentication Details
Provide the following values in the connector configuration screen:
| Name | Key | Type | Description / Example |
|---|---|---|---|
| Base URL (Prisma Pod) | domainName |
String | Prisma Cloud API base URL (e.g. https://api.prismacloud.io or region-specific pod). |
| Access Key | access_key |
String | Prisma Cloud Access Key ID generated from Access Keys. |
| Secret Key | secret_key |
Encrypted | Prisma Cloud Secret corresponding to the Access Key (store encrypted). |
| Accounts / Projects (Optional) | accounts |
Array | Optional list to restrict ingestion to specific cloud accounts or projects. |
Connector Configuration
Minimal steps to register the connector in ETM:
- Log in to Qualys ETM.
- Navigate to Connectors > Integration and locate Prisma Connector.
- Click Manage, provide Name and Description.
- Select findings type: Assets.
- Enter authentication values: Base URL, Access Key, Secret Key.
- Save the connector. Create profiles (schedules) as required.
Schedule
Schedules control ingestion frequency and transform maps used during execution.
- Configure a Schedule: Single Occurrence or Recurring (start/end dates/times).
- Set Assets and Findings to ingest during the connector run.
How Does a Connection Work?
On schedule (or on-demand), the connector authenticates to Prisma using the configured access key/secret, fetches resource inventory and related metadata, applies the selected transform map, and imports the normalized assets into ETM where Identification Rules correlate them with existing assets. After a successful run, the connector state appears as Processed.
Connector States
A successfully configured connector goes through 4 states.
- Registered - The connector is successfully created and registered to fetch data from the vendor.
- Scheduled - The connector is scheduled to execute a connection with the vendor.
- Processing - A connection is executed and the connector is fetching the asset and findings data.
- Processed - The connector has successfully fetched the assets, it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.
The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets and findings. This process (specifically for findings) may take some time.
This entire process may take up to 2 hours for completion. Once it is done, you can find the imported data in Enterprise TruRisk Management (ETM).
Viewing Assets and Findings in ETM
After ingestion, view Prisma assets in ETM Inventory.
- Assets: Enterprise TruRisk Management > Inventory > Assets > Cloud. Use the tag or vendor filter:
tags.name:"Prisma Cloud"orfinding.vendorProductName:"Palo Alto Networks".
- Findings: Enterprise TruRisk Management > Risk Management > Findings > Vulnerability. Filter by vendor product name as above.
