Prisma Access

Prisma Access Integration

Integrate with Prisma Access to monitor the status of the Service, alert and take actions. The integration uses both the Panorama XML API and SSH into the PAN-OS CLI.

Common parameters

The Server Host or IP parameter is required by both.

SSH connection

The following commands require the SSH access to be configured:

  • prisma-access-active-users
  • prisma-access-cli-command
  • prisma-access-query

The SSH connection requires the SSH Credentials for CLI, Password and SSH Port are provided.

SSH credentials should be your username and password for the PAN-OS CLI - they can be tested using a standalone SSH client to verify that you are able to connect to the CLI on the SSH port.

API connection

The following commands require the API access to be configured:

  • prisma-access-logout-user

The API connection requires the API Port and API Key parameters as well as a Device Group or Vsys.

This integration was integrated and tested with version 9.0.7 of Prisma Access

Configure Prisma Access on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Prisma Access.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
serverServer Host or IP (e.g., 10.1.1.9 or panorama.my.domain)True
portAPI Port (e.g 443)False
keyAPI KeyFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
device_groupDevice group - Panorama instances only (write shared for Shared location)False
vsysVsys - Firewall instances onlyFalse
sshportSSH PortFalse
UsernameSSH Credentials for CLIFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

prisma-access-logout-user


Force logout a specific user from Prisma Access

Base Command

prisma-access-logout-user

Input
Argument NameDescriptionRequired
userUsername to logout. (Without domain name - e.g. jsmith)Required
domainDomain name of the user to logout.Required
computerComputer name to logout.Required
Context Output
PathTypeDescription
PrismaAccess.LogoutUserunknownLogoutUser command results
Command Example

!prisma-access-logout-user user="jsmith" domain="acme" computer="jsmithPC"

prisma-access-query


Run a query via the Prisma Access CLI

Base Command

prisma-access-query

Input
Argument NameDescriptionRequired
queryQuery to run. Example input: querystring limit=2000 action getGPaaSLast90DaysUniqueUsersRequired
Context Output
PathTypeDescription
PrismaAccess.QueryResultsunknownQuery results
Command Example

!prisma-access-query query="querystring limit=2 action getGPaaSActiveUsers"

prisma-access-cli-command


Run a custom CLI command on Prisma Access

Base Command

prisma-access-cli-command

Input
Argument NameDescriptionRequired
cmdCLI command to run (e.g. debug plugins cloud_services gpcs query querystring limit=9000 action getGPaaSLast90DaysUniqueUsers)Required
Context Output

There is no context output for this command.

Command Example

!prisma-access-cli-command cmd="show system info | match hostname"

prisma-access-active-users


Query currently active users.

Base Command

prisma-access-active-users

Input
Argument NameDescriptionRequired
limitMaximum number of entries to return. Default is 20.Optional
Context Output
PathTypeDescription
PrismaAccess.ActiveUsersunknownActive Users on Prisma Access
Command Example

!prisma-access-active-users limit=10