|
<< Click to Display Table of Contents >> Raynet One Data Hub > 2026.2 > Connectors > Alphabetic Connector List > Palo Alto Prisma Cloud Extracted Data |
The Palo Alto Prisma Cloud connector retrieves data from two API surfaces: the Prisma Cloud CSPM (Cloud Security Posture Management) API and the Prisma Cloud Runtime Security (Compute) API. Each connector run collects all available data in a single execution and writes results to multiple output files.
The following API endpoints are used:
CSPM Usage Endpoint: |
<cspm_api_url>/v2/license/api/v2/usage/count |
Description: |
Returns cloud account usage metrics grouped by cloud type. |
Runtime Security Endpoint: |
<rs_console_instance>/api/<rs_console_version>/ |
Description: |
Returns host, virtual machine, container image, and container inventory data with vulnerability and application details. |
The connector collects cloud account usage metrics from the Prisma Cloud CSPM API. The results are written to the output file cloud_account_usage.csv and contain the following fields. Additional metric columns are included dynamically based on the usage metrics available for each cloud account.
Field |
Type |
AccountId |
String |
AccountName |
String |
CloudType |
String |
TotalUsage |
Integer |
<metric key> |
Integer (dynamic, one column per metric) |
The connector collects inventory data for physical hosts from the Runtime Security API. The results are written to the output file hosts.csv and contain the following fields:
Field |
Type |
Id |
String |
Hostname |
String |
OsDistro |
String |
OsDistroVersion |
String |
OsDistroRelease |
String |
Clusters |
String (comma-separated) |
ClusterType |
String |
IsAgentless |
Boolean |
ScanTime |
DateTime |
FirstScanTime |
DateTime |
The connector collects application inventory data for each physical host. The results are written to the output file host_applications.csv. Each row represents one application associated with a host and contains the following fields:
Field |
Type |
ParentId |
String |
ParentType |
String |
Name |
String |
Version |
String |
Path |
String |
InstalledFromPackage |
Boolean |
IsService |
Boolean |
KnownVulnerabilities |
Integer |
OriginPackageName |
String |
The connector collects vulnerability findings for each physical host. The results are written to the output file host_vulnerabilities.csv. Each row represents one vulnerability associated with a host and contains the following fields:
Field |
Type |
ParentId |
String |
ParentType |
String |
Cve |
String |
Title |
String |
Severity |
String |
Cvss |
Float |
Status |
String |
PackageName |
String |
PackageVersion |
String |
PackageType |
String |
FixLink |
String |
IsCustom |
Boolean |
IsBlocked |
Boolean |
Discovered |
DateTime |
The connector collects inventory data for cloud virtual machines from the Runtime Security API. The results are written to the output file virtual_machines.csv and contain the following fields:
Field |
Type |
Id |
String |
Hostname |
String |
VmId |
String |
VmImageId |
String |
Provider |
String |
Region |
String |
AccountId |
String |
OsDistro |
String |
OsDistroVersion |
String |
OsDistroRelease |
String |
IsAgentless |
Boolean |
ScanTime |
DateTime |
FirstScanTime |
DateTime |
The connector collects application inventory data for each cloud virtual machine. The results are written to the output file vm_applications.csv. The fields are identical to those in the Host Applications output, with ParentType set to host (referencing the virtual machine record).
The connector collects vulnerability findings for each cloud virtual machine. The results are written to the output file vm_vulnerabilities.csv. The fields are identical to those in the Host Vulnerabilities output.
The connector collects container image data from the Prisma Cloud Runtime Security registry scanner. The results are written to the output file registry_images.csv and contain the following fields:
Field |
Type |
Id |
String |
Registry |
String |
Repository |
String |
Tag |
String |
Digest |
String |
RegistryNamespace |
String |
RegistryType |
String |
OsDistro |
String |
OsDistroVersion |
String |
VulnerabilitiesCount |
Integer |
CriticalCount |
Integer |
HighCount |
Integer |
MediumCount |
Integer |
LowCount |
Integer |
ScanTime |
DateTime |
PushTime |
DateTime |
The connector collects application inventory data found within each registry image. The results are written to the output file registry_image_applications.csv. The fields are identical to those in the Host Applications output, with ParentType set to registry_image.
The connector collects vulnerability findings for each registry image. The results are written to the output file registry_image_vulnerabilities.csv. The fields are identical to those in the Host Vulnerabilities output.
The connector collects inventory data for running containers from the Runtime Security API. The results are written to the output file containers.csv and contain the following fields:
Field |
Type |
ScanId |
String |
ContainerId |
String |
ContainerName |
String |
Hostname |
String |
Namespace |
String |
Cluster |
String |
ClusterType |
String |
ImageId |
String |
ImageName |
String |
IsAgentless |
Boolean |
ScanTime |
DateTime |
StartTime |
DateTime |
The connector collects application inventory data for each running container, resolved through the associated registry image. The results are written to the output file container_applications.csv. The fields are identical to those in the Host Applications output, with ParentType set to container.
The connector collects compliance issue data for each running container from the Runtime Security API. The results are written to the output file container_vulnerabilities.csv. The fields are identical to those in the Host Vulnerabilities output.