Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
As a Prisma Cloud user, you have access to a specific Prisma Cloud stack. When a user logs in to a stack, it gets a JWT token to access that specific stack.
To access the CNA via the REST API, we need:
1 - A valid JWT token for a given PC stack
2 - Determine the corresponding CNS stack
3- Exchange the JWT token for a Token to access the CNS stack
4 - Make API calls to the CNS stack
First, you need to get a Prisma Cloud JWT token. For this, you can call the /login endpoint on your Prisma Cloud API URL with your username, password and tenant name.
curl "https://<prisma-api-url>.prismacloud.io/login"" \
-H "Content-Type: application/json" \
--data-raw $'{"username":"<your-username>","password":"<your-password>","customerName":"<tenant-name>"}'
{
"token": "<prisma-token>",
//…
}
As a result, you will receive a token in the response. This is the token we are going to exchange later.
Determine the corresponding CNS stack:
Given the prisma-api-url you have used above, you will get a CNS stack api url in the corresponding table:
|
If I used the following prisma-api-url… |
…I will use the following cns-api-url for the exchange |
Note: Refer to the Internal notes for all the URL mapping.
From the PC Token, you can ask the CNS stack to get a new token with a given validity. This token will be called cns-token and can be used to make calls to the Cloud Network Analyzer.
curl 'https://<cns-api-url>/issue'; \
-H "Content-Type: application/json" \
-d '
{
"metadata": {
"token": "<prisma-token>"
},
"realm": "PCIdentityToken",
"validity": "24h"
}'
{
"token": "<cns-token>"
}
Once you have your new JWT token, you can make a search query using the /cnssearches endpoint. You can pass the cns-token in the Authorization header. You should also pass the X-Namespace header which is equivalent to /<prismaID
Note: To find your prismaID, go to the UI → Settings → Licensing and get your prismaID from the License Information.
curl '<cns-api-url>/cnssearches' \
-H 'x-namespace: /<your-prismaID>' \
-H 'Authorization: Bearer <cns-token>' \
-d '
{
"query":"<your-rql-query>",
"timeRange": {
"type": "to_now",
"value": "epoch"
}
}'
|
If I used the following prisma-api-url… |
…I will use the following cns-api-url for the exchange |
Vinay Kumar M is a seasoned professional with over 8 years of invaluable experience in the dynamic realm of cloud computing. As a Senior Staff Engineer, Vinay specializes in navigating the intricate landscape of Prisma Cloud and Compute, showcasing his expertise in ensuring seamless operations for accounts across the Asia-Pacific region.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
| User | Likes Count |
|---|---|
| 5 | |
| 4 | |
| 2 | |
| 2 | |
| 2 |
