topic Re: Vulnerabilities report in Prisma Cloud in Prisma Cloud Discussions

Vulnerabilities report in Prisma Cloud

M.Kotlowski — Thu, 02 May 2024 09:42:46 GMT

Hi All,

I hope you are well.
The reason why I am writing this one is that I need help of some PRISMA practitioners.
With all of the shiny features being present in the platform, I realized I am unable to get relevant and simple information.

I need PRISMA to tell me the amount of vulnerabilities seen in the system for specific CVSS, and discovered X days ago.
When I go to Investigate module, prepare corresponding query [FIND Vulnerability WHERE CVSS score >=7 Age(Days) <7 ] and hit on Search I got some findings.
What PRISMA is telling me is number of detected records (or CVEs) not vulnerabilities.
Ergo, to get the number of vulnerabilities I need to export CSV, and sum all of the impacted assets to get the real number of them.

Is there an easier way than this to have all of the vulnerabilities listed for specific CVSS for specific period?

Thanks

Re: Vulnerabilities report in Prisma Cloud

stumiki — Tue, 14 May 2024 21:50:15 GMT

Hello Kociou,

Thanks for the query. We don’t have a way just to bulk export all the Vulnerabilities for all the affected CVEs yet based on your query.

So, after running the query you will get the results, for every row in the table, you need to download the CSV file for that specific vulnerability (CVE) individually.

The bulk download feature is going to be available in the near future.

Re: Vulnerabilities report in Prisma Cloud

M.Kotlowski — Thu, 23 May 2024 15:20:23 GMT

Hi Stumiki,

thanks for your reply.
I realized that even when I do what you suggested (checking each individual CVE) it still doesn't show me all vulns for specific CVE ID.
To give you an example - if I run a query FIND VULNERABILITY WHERE ASSET TYPE IS DEPLOYED IMAGE) , and I see the line of an exemplary record I have:

| CVE | SEVERITY | CVSS | RISK FACTORS | IMPACTED ASSETS |

What I am after should be in I IMPACTED ASSETS | column but it is not.
The column displays specific CVEs with the affected number of assets, not necessarily number of of vulnerabilities.
If exemplary CVE-ABC-2024 is present in the runtime of VM1, above report would print 1.
If however, there may be a case that preceding VM1, having in its runtime 12 packages that are vulnerable to that CVE, number would be slightly different.
Is there any workaround to get the detailed list of total vulnerabilities ?

Thanks,
Kociou

Re: Vulnerabilities report in Prisma Cloud

stumiki — Wed, 29 May 2024 19:49:58 GMT

Hello Kociou,

For getting the Impacted assets - Navigate to Investigate -> Query -> FIND Vulnerability, where CVE-ID is CVE-ABC-2024 -> Search the query for results. Under the results click on Vulnerabilities, CVE Icon -> View Details. You will now be able to see a tab with Impacted Assets for that specific CVE-ABC-2024, you have an option to download the CSV for this.
You will have another tab with Distro Information that will provide you with the packages that were impacted for that specific CVE-ABC-2024. You will have an option to download the CSV for individual packages results shown.

For getting the detailed list of total vulnerabilities for a specific CVE-ABC-2024. Navigate to Monitor -> Vulnerabilities -> Vulnerability Explorer -> Filter by a CVE ID for getting the total list of vulnerabilities and an option to export a CSV file.

For getting the detailed list of total vulnerabilities. Navigate to Monitor -> Vulnerabilities -> Images -> Download CSV.