1. Expel Support Center
  2. Connect your technology
  3. Cloud integrations

Prisma Cloud Compute setup for Workbench

  • Updated

This article explains how to connect Prisma Cloud Compute to Workbench.

In this article

Step 1: Add service account

Service accounts differ from user accounts in that they don't need an email address associated with them and don't need to be validated or activated in an external system before they can be used. You must have the System Administrator role on Prisma Cloud Compute to add a service account.

Caution

Think carefully about the information you provide, because after you create a service account, you can't make changes. You must delete it and start over.

  1. Select Settings > Users and then select Add New > Service Account. The Account Details tab appears.

  2. Type these account details:

    • Service Account Name: expel_service_account

    • Role: System Admin

  3. Click Next. The Access Key Details tab appears.

  4. Type an Access Key Name (your choice).

    Caution

    Do NOT select Enable Expiration.

  5. Click Save & Create (1 of 2) to generate the key. The Access Key Results screen appears.

  6. Click Download .csv file to download your access key as a .csv file and then store it in a secure location.

    Note

    Access keys are not stored on Prisma Cloud Compute, so this is the only opportunity that you have to download it.

  7. To view the new service account, select Settings > Users and type the service account name in the Search field. If there is a problem with the service account, delete it and start over at Step 1.

Step 2: Determine Prisma Cloud Compute console URL

Prisma Cloud Compute can be either a self-hosted or SaaS installation. The Prisma Cloud Compute console URL depends on your specific installation. Use the following sections to determine your Prisma Cloud Compute console URL.

Self-hosted installation

For self-hosted environments, the Prisma Cloud Compute API is exposed on port 8083 (HTTPS). This port is specified at install time in twistlock.cfg.

  • For Kubernetes Installations (most common):

    • Console service is exposed by a LoadBalancer.

    • The console URL is the LoadBalancer followed by port 8083: https://<LOAD_BALANCER>:8083

  • For Onebox installations:

    • Console installed on a standalone host.

    • The Console URL is the IP address or DNS name of the host followed by port 8083: https://<IP_ADDRESS>:8083

SaaS installation

  1. Log into Console.

  2. Go to Manage > System > Utilities.

  3. The console URL is listed under Path to Console at the bottom of the page.

Step 3: Configure the technology in Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Workbench.

Note

Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Go to https://workbench.expel.io/settings/security-devices?setupIntegration=prisma_cloud_compute.

    mceclip0.png

  2. Do one of the following:

    • If you are running a Prisma Cloud Compute SaaS installation, then select Cloud for Where is your device.

    • If you are running a Prisma Cloud Compute self-hosted installation, select On-prem and then select Assembler from the list. Select the assembler you set up in Getting connected to Expel Workbench

  3. For Name and Location type Prisma and for Location either Cloud or On-prem.

  4. For Username type the Access Key ID created in Step 1.

  5. For Password type the Secret Access Key created in Step 1.

  6. For Server address type the console URL determined in Step 2.

  7. For Prisma Cloud Compute multi-tenant (only available for on-prem deployments), select Yes or No.

  8. Click Save.

You can see if the device is healthy on the Security Devices page. It may take a few minutes to see the device listed as healthy.

To check if alerts are coming through, navigate to the Alerts Analysis page. Scroll to the device you want to check and click View alerts. Switch to grid view, then check the list for device alerts. It can take 36 to 72 hours for alerts to appear after setup, as we tune your device.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

  • Was this article helpful?

  • 0 out of 1 found this helpful

Related articles