- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-28-2024 07:35 PM - edited 11-12-2024 12:51 PM
By Richard Vega, Senior Customer Success Engineer
Dashboarding In Prisma Cloud
The Prisma Cloud Darwin release enables you to utilize out of the box dashboards as well as custom dashboards. With the capabilities to track and monitor your cloud security posture ranging from vulnerabilities to compliance. In this article, we will discuss the existing OOTB dashboards and the capability of creating custom dashboards in Prisma Cloud.
Prerequisites
To view the code to cloud dashboard, complete the following tasks:
Enable agent-based or agentless security for cloud workload scanning
Figure 1: CodetoCloudDashboard_palo-alto-networks
A. Code to Cloud Dashboard
The Dashboards > Code to Cloud > Latest Events Tracker provides a stream of updates to track changes across key metrics such as Threats Detected, Alerts Remediated, Critical Alerts etc., to help you assess the strength of your security posture in real time.
Use the Latest Events live stream to quickly assess the potential threat activity taking place in your cloud environment. You can also double-click on any event to investigate critical vulnerabilities and build-time issues detected. Select See All Events to see a list of the latest security events across your cloud estate. Select any event to navigate to the specific alert and investigate further.
Figure 2: Cloud Inventory_palo-alto-networks
Code to Cloud Inventory provides a panoramic view of your entire cloud estate, helping you understand how well your organization is embracing security best practices across your cloud environment, from individual resources to the entire code pipeline.
Figure 3: Code&Build_palo-alto-networks
The Code/Build Inventory widget surfaces metrics derived from the monitoring and scanning of hundreds of code repositories across the three repository systems secured by Prisma Cloud scanners including IaC/SCA, and Secrets. Historical developer data for code issues and pull requests are also surfaced.
The Code Issues in Repositories graph captures code errors in the default branch of all onboarded repositories over the last thirty days. Use this graph to track your team’s progress in resolving code errors before they affect your production systems.
Code and Build Inventory provides you with a quick rundown of your protected repositories. Select any metric such as Repositories Systems to see a full catalog of all the Code & Build Providers with flags for Code Issues.
Figure 4: DeployInventory_palo-alto-networks
The Deploy Inventory graph visualizes the critical and high severity alerts triggered by vulnerabilities detected in container images and registries in the last 30 days. Here you can monitor trends in the rate of vulnerabilities identified across your workloads.
Select any metric in the Deploy Inventory table to further investigate the following:
Figure 5: Runtime Inventory_palo-alto-networks
Runtime Inventory helps you quantify and demonstrate your progress in securing your workloads. The Runtime graph captures the top critical and high severity incidents and alerts triggered by attack path policies in the last 30 days. Review the trendline to track your team’s progress in the remediation and the burn down of urgent incidents.
Select any metric on the Runtime Inventory table to view the total number of cloud providers and assets, and workloads protected by agents. For instance, you can select the Workloads Protected by Agents metric to view potentially compromised workloads that may be infected with malware.
The Inventory data above is sourced from Prisma Cloud Incidents, Attack Paths, Vulnerability Explorer, and IaC scanning data. Percentages are calculated by tabulating the difference between the latest snapshot and data points for the last 30 days.
The Code to Cloud dashboard, also provides you with the option to define your applications or teams and assign owners to track and monitor progress. You can compare key metrics such as Code Issues in Repositories or Urgent Vulnerabilities in Images across teams, business units and applications to benchmark security standards.
The first row of the table captures the aggregate of all issues across the tenants in your onboarded accounts. Use the Sort By drop-down to categorize your business unit view across Code/Build, Deploy and Run phases of the application lifecycle.
Add Row also allows you to create your own custom collection of accounts, application owners or business units to obtain more granular results on risks by individual applications and stakeholders.
The following caveats apply to Collections:
Figure 6: Command Center Dashboard_palo-alto-networks
B. Command Center Dashboard
The Command Center dashboard provides you with a unified view of the top cloud security incidents and risks uncovered across the assets monitored by Prisma Cloud. It provides security teams with a picture of the highest priority incidents and risks that require attention across the following attack vectors:
The Command Center dashboard is only available to users with a System Admin role.
The Total Urgent Alerts bar provides a tally of alerts grouped by Incidents, Misconfigurations, Exposures, Identity, and Data Risks. The Filter controls above the Alerts bar allowing you to narrow your investigation to a specific Time Range or Account Group.
You can select multiple account groups at once to view data from multiple account sources. Filter data retrieved is updated across all the alert visualizations on the dashboard. The revert icon on the right above the Total Urgent Alerts bar allows you to revert back to default filter settings.
Figure 7: Urgent Issues_palo-alto-networks
Actionable alert data is further grouped into the following areas by risk type:
Each alerts visualization allows you to further drill down and view the source of the alert by the policy name or the asset it originated from:
Figure 8: Incidents Widgets_palo-alto-networks
The Incidents widget above for instance, provides three visualizations of urgent alerts activity:
Figure 9: Vulnerability Dashboard_palo-alto-networks
C. Vulnerability Dashboard
Prisma Cloud Vulnerabilities Dashboard gives you a holistic graphical view of all the vulnerabilities across your Code to Cloud environment. An overview of the top impacting CVEs enables you to prioritize vulnerabilities based on existing risks and trace them from runtime back to the source.
This risk assessment capability helps you to make informed decisions with findings and fix the vulnerable package or base image in code. This capability will allow you to remediate the root cause and resolve the issue when the build is next executed.
The dashboard helps you answer:
Figure 10: PrioritizedVulnerabilities_palo-alto-networks
On Dashboard > Vulnerabilities you can discover all the vulnerabilities across your environment. Let’s say, there are 25K vulnerabilities in your environment out of which only 20,637 are critical and high, 7,470 are exploitable, out of which 7,400 are patchable meaning these vulnerabilities are actionable for you to fix them.
The funnel in the Prioritized Vulnerabilities further narrows down to just 35 vulnerable packages that are in use in the runtime that you can focus on.
The following visualizations are available for you to help contextualize risks from vulnerabilities:
Figure 11: Compliance Dashboard_palo-alto-networks
D. Compliance Dashboard
Prisma Cloud’s Compliance dashboard provides a snapshot view of your overall compliance posture across multiple compliance standards. The dashboard provides you with an interactive look at how your compliance coverage maps to the established compliance frameworks available within Prisma Cloud.
Use the Compliance dashboard as a tool for risk oversight across all the supported cloud platforms and quickly evaluate your compliance posture using real-time data. Use the provided Filters to hone in on the time period, cloud account, or account group you would like to focus on.
By default, the dashboard shows your compliance state for the last 24 hour period. The Compliance dashboard is available to users with the System Administrator role on all stacks, with the exception of app.gov and app.cn.
Figure 12: Compliance Overview_palo-alto-networks
The compliance score presents data on the total unique resources that are passing or failing the policy checks that match compliance standards. Use this score to audit how many unique resources are failing compliance checks and get a quick count on the severity of these failures.
The links allow you to view the list of all resources on the Inventory page, and the View Alerts link enables you to view all the open alerts of Low, Medium, or High severity.
The compliance trendline is a line chart that shows you how the compliance posture of your monitored resources have changed over time (on the horizontal X axis). You can view the total number of resources monitored (in blue), and the number of resources that passed (in green) and failed (in red) over that time period.
The Compliance coverage bar graph highlights the passed and failed resource count across all compliance standards for easy comparison. Select any given compliance standard to view the total number of failed assets for that standard. Click on the compliance standard to view policy details.
Figure 13: Code Security Dashboard_palo-alto-networks
E. Code Security Dashboard
As a part of Application Security, the Code Security dashboard provides you with a contextual view of the top code security vulnerabilities and misconfigurations identified in scans across the code and build integrations on Prisma Cloud.
It gives you a contextual understanding of high priority errors that require attention across these vectors:
You can view the dashboard on Dashboards > Code Security. The Code Security dashboard is only available if you have subscribed to Application Security on Prisma Cloud. To know more on user role permissions see Prisma Cloud Administrator Permissions.
The Code Security dashboard is available to users with the System Administrator role on all stacks, with the exception of app.gov and app.cn.
The Total Errors bar provides a summary of code errors across severity of Critical, High, Medium, Low, and Info. You can see custom results for all Code Security errors using filters that allow you to narrow your investigation to a specific Repository, Code Category, or Severity .
You can select multiple repositories, code categories, and severities at once to narrow your investigation to find critical errors that may need immediate remediation. Filtering the data updates all visualizations on the dashboard. The reset filters allow you to revert back to default filter settings.
You can also see contextual results for code errors by severity when selecting the number corresponding to the severity giving you access to the results from Prisma Cloud switcher Application Security Projects > Overview. On Projects, you can execute remedial actions, if necessary.
The code errors are actionable and are grouped in these areas:
Figure 14: Code Errors_palo-alto-networks
Figure 15: Code Issues_palo-alto-networks
Figure 16: Pull Requests_palo-alto-networks
Figure 17: Common Errors _palo-alto-networks
Figure 18: Manage Dashboards_palo-alto-networks
F. Custom Dashboards
Custom Dashboards are an option you have in Prisma Cloud to create your own customized views for the different personas in your organization. You can use a combination of the functionality discussed above as well as customize for your organization’s desired result.
You can add and manage dashboards enable, disable, share, and clone as seen above.
You can also add a new custom dashboard from scratch to fit your specific needs:
Figure 19: Add Dashboard_palo-alto-networks
From here, you can add widgets to customize your dashboard view and share your dashboard with other Prisma Cloud users.
Figure 20: Custom Dashboard_palo-alto-networks
Prisma Cloud has a number of widgets that can be used to customize your dashboard and slice and dice data as you see fit. Each of these widgets has their own settings as well so you can include things like account groups or edit existing widgets to only contain certain data points - you can be as granular as need be.
To enable shareability of your custom dashboards you will need to make sure the access permissions are set to public:
Figure 21: Access Settings_palo-alto-networks
In this article we talked about the Code To Cloud, Command Center, Vulnerability, Compliance, Code Security, And Custom dashboards that allow you to track, visualize, and share the metrics that matter most to you and your team. Widgets with visual representations in various formats such as line and bar graphs and pie charts are available to track key metrics such as assets with the most urgent alerts and vulnerabilities, resource compliance trend charts, and top risks to remediate. Share dashboard visualizations with your management team to quantify your progress in hardening your security posture.
Richard Vega is a Senior Customer Success Engineer at Palo Alto Networks specializing in securing Multi-Cloud infrastructure and being a trusted advisor to large and strategic customers. Rich is no stranger to wearing many hats and has worked in Sales, Product, Engineering and Customer Success in his career so he brings a unique perspective to the table when it comes to working with customers on securing their cloud assets.
For the vulnerability dashboard, how does PRISMA build this overview?
Lets say I see a docker image in this overview, how did PRISMA find it?
An external scan, or a resource dump from our AWS accounts, or something else?
Where can I read more about how PRISMA Cloud actually works?
Hi CHOUMANN!
Prisma Cloud gathers vulnerability information for the Vulnerability funnel in several ways. The "easiest" is through scans conducted by deployed Defenders. Also, if you have Agentless scanning configured, then Vulnerability data is captured through those scans as well. Vulnerabilities can also be discovered for Docker images if you have configured registry scanning. Asside from those methods, Vulnerability information is collected and assessed from the data that is collected during regular ingestion cycles. Of course, this is different for each CSP, and can be greatly enhanced by adding flow logs. Finally, a lot of the information on the inner workings of how Prisma Cloud works is proprietary, and I like my job, so I can't divulge all of the secrets!