Vulnerabilities report in Prisma Cloud

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerabilities report in Prisma Cloud

L0 Member

Hi All,

 

I hope you are well. 
The reason why I am writing this one is that I need help of some PRISMA practitioners. 
With all of the shiny features being present in the platform, I realized I am unable to get relevant and simple information. 

I need PRISMA to tell me the amount of vulnerabilities seen in the system for specific CVSS, and discovered X days ago. 
When I go to Investigate module, prepare corresponding query [FIND Vulnerability WHERE CVSS score >=7 Age(Days) <7 ] and hit on Search I got some findings. 
What PRISMA is telling me is number of detected records (or CVEs) not vulnerabilities. 
Ergo, to get the number of vulnerabilities I need to export CSV, and sum all of the impacted assets to get the real number of them. 

Is there an easier way than this to have all of the vulnerabilities listed for specific CVSS for specific period?

Thanks


3 REPLIES 3

L1 Bithead

Hello Kociou,

 

Thanks for the query. We don’t have a way just to bulk export all the Vulnerabilities for all the affected CVEs yet based on your query.

Sugathri Tumiki, Prisma Cloud Customer Success Engineer (PCCSE)

Hi Stumiki,

 

thanks for your reply. 
I realized that even when I do what you suggested (checking each individual CVE) it still doesn't show me all vulns for specific CVE ID. 
To give you an example - if I run a query FIND VULNERABILITY WHERE ASSET TYPE IS DEPLOYED IMAGE) , and I see the line of an exemplary record I have:

| CVE | SEVERITY | CVSS | RISK FACTORS | IMPACTED ASSETS |

What I am after should be in I IMPACTED ASSETS | column but it is not. 
The column displays specific CVEs with the affected number of assets, not necessarily number of of vulnerabilities. 
If exemplary CVE-ABC-2024 is present in the runtime of VM1, above report would print 1. 
If however, there may be a case that preceding VM1, having in its runtime 12 packages that are vulnerable to that CVE, number would be slightly different.
Is there any workaround to get the detailed list of total vulnerabilities ?

Thanks,
Kociou


Hello Kociou,

 

For getting the Impacted assets - Navigate to Investigate -> Query -> FIND Vulnerability, where CVE-ID is CVE-ABC-2024 -> Search the query for results. Under the results click on Vulnerabilities, CVE Icon -> View Details. You will now be able to see a tab with Impacted Assets for that specific CVE-ABC-2024, you have an option to download the CSV for this.
You will have another tab with Distro Information that will provide you with the packages that were impacted for that specific CVE-ABC-2024. You will have an option to download the CSV for individual packages results shown.

For getting the detailed list of total vulnerabilities for a specific CVE-ABC-2024. Navigate to Monitor -> Vulnerabilities -> Vulnerability Explorer -> Filter by a CVE ID for getting the total list of vulnerabilities and an option to export a CSV file.

For getting the detailed list of total vulnerabilities. Navigate to Monitor -> Vulnerabilities -> Images -> Download CSV.

Sugathri Tumiki, Prisma Cloud Customer Success Engineer (PCCSE)
  • 2246 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!