This article explains how to connect Palo Alto Networks Prisma Cloud Compute to Workbench.

Step 1: Add service account

Service accounts differ from user accounts in that they don't need an email address associated with them and don't need to be validated or activated in an external system before they can be used. You must have the System Administrator role on Prisma Cloud Compute to add a service account.

Caution

Think carefully about the information you provide, because after you create a service account, you can't make changes. You must delete it and start over.

  1. Select Settings > Users and then select Add New > Service Account. The Account Details tab appears.

  2. Type these account details:

    • Service Account Name: expel_service_account

    • Role: System Admin

  3. Click Next. The Access Key Details tab appears.

  4. Type an Access Key Name (your choice).

    Caution

    Do NOT select Enable Expiration.

  5. Click Save & Create (1 of 2) to generate the key. The Access Key Results screen appears.

  6. Click Download .csv file to download your access key as a .csv file and then store it in a secure location.

    Note

    Access keys are not stored on Prisma Cloud Compute, so this is the only opportunity that you have to download it.

  7. To view the new service account, select Settings > Users and type the service account name in the Search field. If there is a problem with the service account, delete it and start over at Step 1.

Step 2: Determine Prisma Cloud Compute console URL

Prisma Cloud Compute can be either a self-hosted or SaaS installation. The Prisma Cloud Compute console URL depends on your specific installation. Use the following sections to determine your Prisma Cloud Compute console URL.

Self-hosted installation

For self-hosted environments, the Prisma Cloud Compute API is exposed on port 8083 (HTTPS). This port is specified at install time in twistlock.cfg.

  • For Kubernetes Installations (most common):

    • Console service is exposed by a LoadBalancer.

    • The console URL is the LoadBalancer followed by port 8083: https://<LOAD_BALANCER>:8083

  • For Onebox installations:

    • Console installed on a standalone host.

    • The Console URL is the IP address or DNS name of the host followed by port 8083: https://<IP_ADDRESS>:8083

SaaS installation

  1. Log into Console.

  2. Go to Manage > System > Utilities.

  3. The console URL is listed under Path to Console at the bottom of the page.

Step 3: Configure the technology in Workbench

Note

Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Go to https://workbench.expel.io/settings/security-devices?setupIntegration=prisma_cloud_compute.

    mceclip0.png
  2. Do one of the following:

    • If you are running a Prisma Cloud Compute SaaS installation, then select Cloud for Where is your device.

    • If you are running a Prisma Cloud Compute self-hosted installation, select On-prem and then select Assembler from the list. Select the assembler you set up in Getting connected to Expel Workbench

  3. For Name and Location type Prisma and for Location either Cloud or On-prem.

  4. For Username type the Access Key ID created in Step 1.

  5. For Password type the Secret Access Key created in Step 1.

  6. For Server address type the console URL determined in Step 2.

  7. For Prisma Cloud Compute multi-tenant (only available for on-prem deployments), select Yes or No.

Tip

This page was accurate at the time of writing, but changes happen. If you find the instructions are outdated, let us know via your engagement manager or account representative.