Connecting Prisma to Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-1408693%22%20slang%3D%22en-US%22%3EConnecting%20Prisma%20to%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1408693%22%20slang%3D%22en-US%22%3E%3CP%3EWhile%20working%20with%20the%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FPlaybooks%2FIngest-Prisma%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EPrisma%20Logic%20App%3C%2FA%3E%20built%20by%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F225494%22%20target%3D%22_blank%22%3E%40Nathan%20Swift%3C%2FA%3E%26nbsp%3BI%20ran%20into%20a%20question%20with%20what%20needed%20to%20be%20provided%20to%20Prisma.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20working%20with%20Nathan%2C%20it%20looks%20like%20the%20only%20required%20field%20within%20Prisma%20is%20the%20Webhook%20URL%20itself.%20The%20Auth%20Token%20is%20not%20required%20(image%20below)%20to%20be%20inputted%20to%20Prisma%20because%20the%20Auth%20requirement%20is%20already%20built%20into%20the%20Webhook%20URL.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20the%20the%20Logic%20App%20is%20setup%20you%20will%20new%20need%20to%20enable%20the%20alerts%20to%20be%20sent%20to%20the%20Logic%20App%20within%20Prisma.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Prisma3.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193566i95BB1247D13FDC4A%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Prisma3.png%22%20alt%3D%22Prisma3.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ELogic%20App%20listener%20URL%3C%2FP%3E%3CP%3E%E2%80%83%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Prisma.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193567i0A302657D2DB8163%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Prisma.png%22%20alt%3D%22Prisma.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EPrisma%20Webhook%20setup%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Prisma2.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F193570i39E238D4195CE222%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Prisma2.png%22%20alt%3D%22Prisma2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAlert%20destination%2C%20Enable%20Webhook%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20thanks%20to%20Nick%20DiCola%20(who%20I%20was%20unable%20to%20mention%20because%20the%20post%20was%20rejecting%20the%20it)%3C%2FP%3E%3CP%3E%E2%80%83%E2%80%83%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

While working with the Prisma Logic App built by @Nathan Swift I ran into a question with what needed to be provided to Prisma.

 

After working with Nathan, it looks like the only required field within Prisma is the Webhook URL itself. The Auth Token is not required (image below) to be inputted to Prisma because the Auth requirement is already built into the Webhook URL.

 

After the the Logic App is setup you will new need to enable the alerts to be sent to the Logic App within Prisma.

 

 

Prisma3.png

Logic App listener URL

Prisma.png

Prisma Webhook setup

 

 

Prisma2.png

Alert destination, Enable Webhook

 

Also, thanks to Nick DiCola (who I was unable to mention because the post was rejecting the it)

  

0 Replies