Throughout the security lifecycle of an application or cloud environment it is important to be able to understand the tools available to each security professional. One of the best tools for any security professional to be able to use is scripting. Scripting allows one to create a program that automates an individual task and, when coupled with the Prisma Cloud Compute Workload Protection Platform (CWPP), you can effectively complete your use cases with ease. All that it takes to create a script is an understanding of the tools available to you, practice, and studying the available documentation of API calls that can interface with your scripting program.    Through the CWPP API and this article, you will be able to begin to establish a new way to be able to solve your company’s problems while enhancing your available tools in problem solving. In this article, we are utilizing a SaaS CWPP console for the examples and a text editor which can save text files for scripting along with a linux command line available in MacOS terminal or in Windows with Subsystem for Linux.    When interacting with a command line, you can type directly into the command prompt. As an example, to help those of you who have not yet worked with a Linux command line, you can navigate to different directories using the “cd” or ‘current directory’ command. You can determine the path to your current directory by typing “pwd,” or ‘print working directory’, and you can list the files in the current directory using “ls”.

Effective risk prioritization and vulnerability management are essential for securing modern cloud-native environments. Prisma Cloud offers robust features that help organizations assess, prioritize, and mitigate vulnerabilities using contextual insights. This article outlines key strategies and workflows for leveraging Prisma Cloud's risk factors, focusing on optimizing vulnerability remediation efforts.Risk prioritization in vulnerability management is achieved by combining environmental context and Common Vulnerabilities and Exposures (CVE) risk factors, enabling organizations to focus on the most critical threats.   Prisma Cloud provides two categories of risk factors—CVE risk factors and Environmental risk factors—to identify and address vulnerabilities. These factors enable SecOps teams to assess vulnerabilities' potential impact and prioritize remediation based on the actual risk to their environment.

This guide describes how to configure agentless vulnerability and compliance scanning for virtual machines in Microsoft Azure subscriptions.   This article will use a credential dedicated to the agentless scanning process.  

Prisma Cloud collects data about cloud resources in your cloud accounts and allows extracting information about those cloud resources such that answers to common security questions can be answered, such as show me ec2 volumes that are not encrypted.   These queries are written in Resource Query Language (RQL), and can be debugged and run on the Investigate page in Prisma Cloud.

The Palo Alto Networks Prisma Cloud (CSPM and CWPP) not only can help the organizations to discover the impacted resources, but can also protect the exploit from happening.   Vulnerabilities or CVEs are publicly disclosed security vulnerabilities that threat actors can exploit to gain unauthorized access to systems or networks. CVEs are widely present in programs and operating systems until an organization works to remediate the known CVEs.  The list of known vulnerabilities continues to increase daily, and the prioritization of these vulnerabilities change rapidly as exploits are found.    This article will guide you on leveraging the Prisma Cloud Product to gain visibility of your cloud resources affected by any vulnerabilities/CVEs.  In this article, we will use Log4Shell and/or SpringShell as an example of a vulnerability to demonstrate how Prisma Cloud can help with understanding your Attack Surface. 

A best practice in security is alerting on the assets that you find most critical. The concept of vulnerability and exploit defines that a vulnerability can be exploited.   

Vulnerabilities or CVEs are publicly disclosed security vulnerabilities that threat actors can exploit to gain unauthorized access to systems or networks. CVEs are widely present in programs and operating systems until an organization works to remediate the known CVEs. For many organizations, one of the first steps with cloud and container security is to discover and patch vulnerabilities in their environments.