Skip to content

Commit

Permalink
document Python details
Browse files Browse the repository at this point in the history
  • Loading branch information
@tkishel
tkishel committed Feb 17, 2021
1 parent 636db31 commit 99cb8d1
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,34 +4,39 @@

The `pcs-inspect.py` script queries the Prisma Cloud API for all enabled Policies
and for all Alerts within a Relative Time Range (with a default of one month),
and outputs the results to CSV files, including:
and outputs results to tab-delimited CSV files, including:

* Alerts By Compliance Standard
* Alerts By Policy
* Alert Totals

It's output utilizes tabs, allowing for import into a spreadsheet.
### Requirements

* (Developed and tested on) Python 3.x with the `requests` library.
* Prisma Cloud Access Key with `ACCOUNT GROUP READ ONLY` or `SYSTEM ADMIN` privileges.

### Usage

* Download the `pcs-inspect.py` script.
* Download this repository.
* If necessary, install the `requests` library.
* Execute `pcs-inspect.py` to collect and process the data.
* Import the data into Google Sheets, and/or Google Slides (for example: [PCS Inspect Report](https://docs.google.com/presentation/d/10x_PGAu0ZPUGZMc4Tfevf9gpXvhIUOwGrBuRBkI6Jjc/edit?usp=sharing))
* Profit!

(You can independently execute the collect and process steps of the script by specifying `--mode collect` or `--mode process`)

Note that collection requires a Prisma Cloud Access Key with `ACCOUNT GROUP READ ONLY` privileges configured for all accounts, or `SYSTEM ADMIN` privileges.

As an alternative to using a customer-specific Access Key, you can query a subset of data by specifying an Access Key associated with a `LIGHT AGENT` Support User in the same stack as the customer (for example: in the `SESandBox` tenant for the `https://app.prismacloud.io/` stack) by specifying `--support_api`.
As an alternative to using a customer-specific Access Key,
you can query a subset of data by specifying an Access Key associated with a `LIGHT AGENT` Support User in the same stack as the customer
(for example: in the `SESandBox` tenant in the `https://app.prismacloud.io/` stack)
by specifying `--support_api`.

Use `./pcs-inspect.py -h` for a complete list of parameters.

### Example

```
chmod +x pcs-inspect.py
pip3 install -r requirements.txt
./pcs-inspect.py --customer_name example -u "https://api.prismacloud.io" -a "aaaaaaaa-1111-aaaa-1111-aaaaaaaa1111" -s "ssss1111ssss1111ssss1111="
```

Expand Down

0 comments on commit 99cb8d1

Please sign in to comment.