CLOUD CONNECTOR

Palo Alto Networks Prisma

Prisma SaaS delivers complete visibility and granular enforcement across all user, folder, and file activity within sanctioned SaaS applications, providing detailed analysis and analytics on usage without requiring any additional hardware, software or network changes.

Securonix integrates with the Prisma SaaS API for suspicious file and user account behavior, malware, privilege escalation, data exfiltration and network based threats, as well as context enrichment for threat chains.

Prisma Cloud delivers complete security across the development lifecycle on any cloud, enabling secure development of cloud native applications on AWS, GCP, and Azure. S

ecuronix integrates with the Prisma Cloud API for email and web security events, account compromise indicators, malware, BEC (business email compromise) and phishing alerts, and context enrichment for threat chains.

Product Module Major Log/Event Types/Information Related Threats Use Cases/Threat Packages Details
Prisma SaaS Activity Monitoring Activity (File Access etc.), Action Taken (eg. Delete) DLP, Privilege Escalation, Account Compromise, Network-Based Threats Data Exfiltration, Privilege Escalation, Account Compromise, NTA, Access Analytics Log events related to specific activities such as file creation or deletion etc.
Prisma SaaS Incidents Incident Severity, Risk Item Details (Owner, Location/URL, Exposure Level - Public, Company, External or Internal, List of Collaborators With Access to the Item, WildFire Verdict - malware/benign/not available, Organization Serial Number, Timestamp Malware, Phishing Malware, Phishing Security incident logs
Prisma SaaS Remediation Action Taken, Action Taken By, Risk Item Details (owner, name and type etc.), Policy Rules Matched, Timestamp N/A SOAR Remediation action details
Prisma SaaS Policy Violation Violation Severity, Risk Item Details (owner/creator, contact information etc.), Organization Serial Number, Timestamp, Asset ID, Incident ID, Policy Rules Matched, Action Taken, Action Taken By DLP, Privilege Escalation, Account Compromise, Network-Based Threats Data Exfiltration, Privilege Escalation, Account Compromise, NTA Violations of predefined security policies
Prisma SaaS Admin Audit Item Name/Type, Action, Changed Field, Old and New Resource Values, Admin ID and Role Privilege Escalation, DLP/Data Exfiltration Privilege Escalation, Data Exfiltration Administrative audit logs
Prisma Cloud Misconfigurations Exposed Cloud Storage Instances DLP, Malware Data Exfiltration, Malware Misconfigurations in the cloud//on-premises infrastructure/endpoints
Prisma Cloud Advanced Network Threats Cryptojacking, Data Exfiltration, etc. DLP, Malware, Ransomware Data Exfiltration, Malware, Ransomware Advanced network threats detected
Prisma Cloud Compromised Accounts Stolen Access Keys Account Compromise, DLP/Data Exfiltration Account Compromise, Data Exfiltration Possible compromised accounts
Prisma Cloud Vulnerable Hosts Missing Updates Malware, Ransomware, Network-Based Threats NTA, Malware, Ransomware Hosts vulnerable to attack due to security gaps