- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-23-2022 12:29 PM - last edited on 10-19-2022 10:08 AM by jennaqualls
I have configured Prisma CloudCompute Console/Manage/Alerts/Manage/Alert providers/AWSSecurityHub.
When I <Send Test Alert>, the console reports success and the status of that integration is green, "Connected".
I have also configured Registry scans and pushed images with CVEs.
Overnight the registries were scanned and I can see the images/repos with their CVEs in the Monitor/Vulnerabitlity Explorer.
However, I cannot find the Alerts that should have been generated by Prisma CloudCompute Console/Defend/Vulnerabilities/Images/CI/Rules.
It appears that the CVEs did trigger Alert creation because now the Alert provider, AWSSecurityHub, is reporting this error...
failed to add findings: [{ ErrorCode: "InvalidInput", ErrorMessage: "Finding does not adhere to Amazon Finding Format. data.Resources[0].Id should NOT be shorter than 1 characters, data.Resources[0].Id should NOT be shorter than 12 characters, data.Resources[0].Id should match pattern \"^arn:(aws|aws-cn|aws-us-gov):[A-Za-z0-9\\-]{1,63}:[a-z0-9\\-]*:([0-9]{12})?:.+$\", data.Resources[0].Id should match some schema in anyOf.", Id: "us-west-2/twistlock/vulnerabilities/" }]
Two Questions:
09-23-2022 01:53 PM
Hi TommyHunt,
I hope you are doing well. Following are the answers to your questions:
Ans: Currently, there is no place in the Prisma Cloud Compute console where you can browse for the alerts that are being generated. You can set up an alert by using the following doc but you can browse the generated alerts:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/alerts
You can create a feature request for it by using the following link:
https://prismacloud.ideas.aha.io/ideas
Ans: There must be some permissions that are missing in the AWS which is why you are getting this error while setting up the alert. Can you please go through the console logs and look for the error message? It should look something like this:
ERRO 2020-05-18T21:04:37.751 serverless_radar_scanner.go:125 AWS Twistlock Security Hub
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!