generated from adobe/aem-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Content Collections] AppDNA feature updates for 10.1 (#920)
* Includes Application Inventory url * Added Application URL under What's next * Added Application Query related details * Added Application inventory images * Url edits for application inventory * New RQL topic for Application queries * format fix for cdem unmanaged assets inventory * Includes new applications inventory and new application queries * Updates to Application RBAC details * New Application inventory page * URL and note fixes for app inventory page * url fix for get started in application inventory page * url fix for get started in app inventory (v2) * URL fix for get started note (v3) * Remove note tag from get started in app inventory (v4) * Remove Note tag from select repositories step.
- Loading branch information
Showing
18 changed files
with
317 additions
and
2 deletions.
There are no files selected for viewing
Binary file added
BIN
+67.2 KB
...tions/_graphics/cloud-and-software-inventory/app-add-dna-discovery-criteria.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+86.8 KB
...ntent-collections/_graphics/cloud-and-software-inventory/app-dna-create-app.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+15.4 MB
...nt-collections/_graphics/cloud-and-software-inventory/app-dna-download-abom.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+438 KB
...-collections/_graphics/cloud-and-software-inventory/app-dna-edit-create-app.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+25.5 MB
...ion/content-collections/_graphics/cloud-and-software-inventory/app-dna-tabs.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+91.6 KB
...ions/_graphics/cloud-and-software-inventory/app-edit-dna-discovery-criteria.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+142 KB
...ent-collections/_graphics/cloud-and-software-inventory/appdna-get-started-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+201 KB
...ent-collections/_graphics/cloud-and-software-inventory/appdna-get-started-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+443 KB
...-collections/_graphics/cloud-and-software-inventory/appdna-reqd-permissions.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
183 changes: 183 additions & 0 deletions
183
...on/content-collections/cloud-and-software-inventory/applications-inventory.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,183 @@ | ||
== Prisma Cloud Applications Inventory | ||
|
||
Once you onboard your cloud accounts, Prisma Cloud automatically initiates a scan to discover assets based on predefined criteria. This process intelligently groups the scanned assets into *Applications*, which are essential constructs within your cloud environment. | ||
|
||
The application-centric grouping provides visibility into all your applications and their assets, and understand their relationships across your cloud environment. | ||
|
||
By leveraging this application context, you can gain valuable insights into your security landscape. You will be able to investigate alerts, prioritize risk mitigation efforts, and swiftly remediate vulnerabilities based on the business criticality of your applications. | ||
|
||
Use the *Applications Inventory* to inspect and review applications with critical alerts and vulnerabilities. This will help you gain deeper insights into the impacted applications. | ||
|
||
|
||
[#app-inventory-prereq] | ||
=== Prerequisites | ||
|
||
. Ensure you have all the required permissions enabled in Prisma Cloud to view the applications. To assign permissions for various roles, see the xref:../administration/prisma-cloud-admin-permissions.adoc[permissions page]. | ||
+ | ||
image::cloud-and-software-inventory/appdna-reqd-permissions.png[] | ||
|
||
. If you want to include your code *Repositories* to be scanned in the application, ensure you have enabled xref:../application-security/get-started/enable-application-security.adoc[Application Security] with the *System Admin* role on Prisma Cloud. Only users with the system admin can view the *Code Assets* and *Code Issues* tabs to review the application. | ||
|
||
//[.task] | ||
[appinventory-get-started] | ||
=== Get Started | ||
|
||
There are two ways to get started: | ||
|
||
//[.procedure] | ||
|
||
. Log into Prisma Cloud and on the Home Page, select *Applications > Go to Application Inventory* to access information about your applications with critical alerts and vulnerabilities. | ||
+ | ||
image::cloud-and-software-inventory/appdna-get-started-1.png[] | ||
+ | ||
If you do not see any *Applications*, you can define custom xref:../cloud-and-software-inventory/applications-inventory.adoc#appdna-discovery-criteria[Discovery Criteria] or xref:../cloud-and-software-inventory/applications-inventory.adoc#appdna-create-apps[Create Application] and enable application scanning. | ||
|
||
. Log into Prisma Cloud and select *Inventory > Applications* to access information about your applications. | ||
+ | ||
At the top of the page, the application snapshot widget allows you to quickly assess the security status of all your applications at a glance based on the number of *Apps with Critical Alerts*, *Apps with Critical Vulnerabilities*, and *Newly discovered applications from the last 7 days* across your cloud estate. | ||
+ | ||
In the applications inventory table, each row displays the *Application Name* and details about its *Business Criticality*, *Critical Alerts*, *Critical Vulnerabilities*, *Finding Types*, *Business Owner*, *Environment*, and many more. | ||
+ | ||
image::cloud-and-software-inventory/appdna-get-started-2.png[] | ||
|
||
[#filter-appdna-apps] | ||
=== Filter your Applications | ||
|
||
To make your search more efficient, use the following filters: | ||
|
||
* *Application Name*: Enter the name of the application you want to find. | ||
* *Business Criticality*: Enter the business criticality details to filter applications categorized by their importance. | ||
* *Environment*: Enter the environment details to filter applications available in that specific environment. | ||
* *Business Owner*: Enter the business owner details to filter applications associated with the designated owner. | ||
|
||
[.task] | ||
[#appdna-discovery-criteria] | ||
=== Customize Discovery Criteria | ||
|
||
To refine the scanning criteria further to better fit your needs, you can *Edit* the default discovery criteria, *Add* new custom discovery criteria, or *Delete* existing ones. | ||
|
||
[.procedure] | ||
|
||
. Select *Discovery Criteria > Add Discovery Criteria*. | ||
|
||
. Enter a *Discovery Criteria Name*. | ||
|
||
. Select cloud asset tags from the dropdown list to define the *Application Discovery Criteria*. | ||
+ | ||
[NOTE] | ||
==== | ||
(tt:[NOTE]) | ||
* Prisma Cloud finds applications using the case-sensitive cloud asset tags you select. | ||
* You can select up to 5 asset tags. These asset tags operate using an *AND* function, meaning all selected tags must match for an application to be included in the scan. | ||
* You can add up to 100 custom discovery criteria to enhance the scan parameters. Once you reach the maximum criteria limit, you must delete an existing one to add new criteria. | ||
==== | ||
|
||
. (tt:[Optional]) Select an asset tag from the list to associate the *Business Criticality* of that application. | ||
|
||
. (tt:[Optional]) Select an asset tag from the list to associate with the *Business Owner* of that application. | ||
|
||
. *Save* the criteria. | ||
+ | ||
These custom discovery criteria will be applied during the next scan cycle, ensuring the scan results are tailored to your specific needs. | ||
+ | ||
image::cloud-and-software-inventory/app-add-dna-discovery-criteria.png[] | ||
|
||
. After successfully adding the discovery criteria, you will find it listed on the Discovery Criteria side panel. Use the *Actions* panel to *Edit* or *Delete* the criteria. | ||
+ | ||
image::cloud-and-software-inventory/app-edit-dna-discovery-criteria.png[] | ||
|
||
[.task] | ||
[#appdna-create-apps] | ||
=== Create Applications | ||
|
||
You can manually create a new application that will be included in the next scan. To create a new application, perform the following steps: | ||
|
||
[.procedure] | ||
|
||
. Click on *Create Application*. | ||
|
||
. Enter an *Application Name*. | ||
|
||
. (tt:[Optional]) Enter a *Description* of the application. | ||
|
||
. Under *Application Definition*, add the required *Tag Keys* and *Tag Values* by selecting from the list to define the application tags. | ||
+ | ||
[NOTE] | ||
==== | ||
(tt:[NOTE]) | ||
* Prisma Cloud finds applications based on the case-sensitive cloud asset tags you select. Once you save the definition tags, you cannot modify them. You must create a new application and specify the tag keys and values again. | ||
* You can select up to 5 tags. These tags operate using an *AND* function, meaning all selected tags must match for an application to be included in the scan. | ||
==== | ||
|
||
. (tt:[Optional]) Select Repositories. | ||
+ | ||
You can only select repositories if you are subscribed to xref:../application-security/get-started/enable-application-security.adoc[Application Security] on Prisma Cloud. You can include up to 100 repositories to be associated with the application. | ||
|
||
. (tt:[Optional]) Enter additional information to define the application, such as: | ||
+ | ||
.. *Business Criticality*. | ||
|
||
.. *Business Owner*. | ||
|
||
.. *Environment* where the application is deployed. | ||
|
||
.. *Business Unit* associated with the application. | ||
|
||
. *Save* the custom application. | ||
+ | ||
The newly created application will be included in the next scan, ensuring that it is monitored for risks and vulnerabilities based on your specified criteria. | ||
+ | ||
image::cloud-and-software-inventory/app-dna-create-app.png[] | ||
|
||
. After successfully creating the application, it is listed on the *Application Inventory* page. Use the Actions panel to *Edit* or *Delete* the application. You can also select multiple applications from the application inventory page and use *Bulk Edit* to edit all selected applications simultaneously. | ||
+ | ||
image::cloud-and-software-inventory/app-dna-edit-create-app.png[] | ||
|
||
[#review-appdna-apps] | ||
=== Review your Applications | ||
|
||
To review and inspect your scanned applications, go to the *Application Name* in the inventory table and select the link in each row to be redirected to the *Applications* view. This view allows you to deep dive into application details and explore the security context uncovered by Prisma Cloud. It provides you with a focused view of the following application details: | ||
|
||
image::cloud-and-software-inventory/app-dna-tabs.gif[] | ||
|
||
* *Header* | ||
|
||
** *Application Name* is displayed at the top of the header. | ||
|
||
** *Business Criticality* is also displayed at the top of the header. | ||
|
||
** *Finding Types* lists the various categories of security issues associated with the assets belonging to the application. | ||
|
||
* *Tabs* | ||
|
||
** *Overview—* This default tab provides a comprehensive overview of the selected application, including details such as *Description*, *Criteria*, *Business Criticality*, *Business Owner*, *Business Unit*, *Alerts*, *Environments*, *Alerts*, *Vulnerabilities*, *Repositories*, and many more. | ||
|
||
** *Alerts—* Displays alerts grouped by severity levels—*Critical*, *High*, *Medium*, *Low*, and *Informational*. You can select a severity level to view the list of impacted assets and its associated alerts. Using this information, you can correlate these alerts from an application perspective, allowing you to understand how the alert affects the application as a whole. You can also *Snooze* or *Dismiss* the alert directly from the side panel. | ||
|
||
** *Vulnerabilities—* Displays Common Vulnerabilities and Exposures (CVE) discovered on the application, helping to identify vulnerable asset types within the application. The vulnerabilities are grouped by asset classes such as Compute. | ||
|
||
** *Assets—* Displays the assets associated with the application, grouped by *Asset Classes* such as *Compute*, *Database*, *Storage*, *Network*, and more. You can select an asset class to access more granular information about that asset. | ||
|
||
** *Code Assets—* Displays the *Repositories* associated with the application, allowing you to track and manage the code repositories included in the scan. To view this tab, make sure that you are subscribed to xref:../application-security/get-started/enable-application-security.adoc[Application Security] and have the *System Admin* role. | ||
|
||
** *Code Issues—* Displays the code issues based on the repositories included in the scan, grouped according to various issues such as *IaC*, *CI/CD*, *SAST*, *SCA*, and *Secrets*. To view this tab, make sure that you are subscribed to xref:../application-security/get-started/enable-application-security.adoc[Application Security] and have the *System Admin* role. | ||
|
||
After reviewing the application, you can take appropriate action to better manage your applications and its assets. | ||
|
||
[#download-abom] | ||
=== Download Application Inventory | ||
|
||
You can download the complete inventory details for a specific application in *.csv format*. To do this, locate the application in the inventory table, go to the *Actions* panel, and select *Download ABOM* (Application Bill of Materials), which will generate and download a .zip file containing separate .csv files for metadata, alerts, assets, and vulnerabilities related to that application. | ||
|
||
Additionally, you can also download *.csv files* directly from the *Alerts*, *Vulnerabilities*, and *Assets* tabs in the *Applications* View side panel. This allows you to extract detailed data such as alert information, vulnerability reports, and asset details, making it easier to conduct further analysis or integrate the data into external systems for operational purposes. | ||
|
||
image::cloud-and-software-inventory/app-dna-download-abom.gif[] | ||
|
||
*Next Step* | ||
|
||
Use the xref:../search-and-investigate/application-queries/application-query-attributes.adoc[Application Query Attributes] to search and investigate your applications. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
...collections/search-and-investigate/application-queries/application-queries.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
== Application Queries | ||
|
||
Use the `application where` RQL clause on *Investigate > Search* to search and query the applications and their associated assets in your Cloud environment. |
45 changes: 45 additions & 0 deletions
45
...ns/search-and-investigate/application-queries/application-query-attributes.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
== Application Query Attributes | ||
|
||
Learn about Application query attributes on *Investigate* page. | ||
|
||
Review your options when using `application where`. Each attribute allows you to narrow your search criteria. As you use these attributes, the auto-suggestion feature shows the available expressions and the operators that are applicable for each attribute. | ||
|
||
* `business.criticality` | ||
+ | ||
Use the `business.criticality` attribute and enter a string value to find applications by the name of the defined criticality of the business. | ||
* `environment` | ||
+ | ||
Use the `environment` attribute enter a string value to find applications by the defined name environment. | ||
* `name` | ||
+ | ||
Use the `name` attribute and enter a string value to find specific applications. Note that the application names are not case sensitive. | ||
* `owner` | ||
+ | ||
Use the `owner` attribute and enter a string value to find all the applications associated with a specific business owner. | ||
* `with.asset` | ||
+ | ||
Use the `with.asset` attribute along with `Has Finding` or `Has Vulnerability` attributes to narrow down an application search and its impacted assets. | ||
** `finding` | ||
+ | ||
Use the `finding` attribute to search an application based on xref:../prisma-cloud-findings.adoc[findings]. Findings are driven by security policies and inherit the attributes of the policy, such as name, severity, and description. Finding type is a set of findings with a specific security focus. You can select specific `finding.type` and `finding.name` to see the list of applications, its impacted assets, and findings. | ||
|
||
** `vulnerability` | ||
+ | ||
Use the `vulnerability` attribute to see the list of applications, their impacted assets, and vulnerabilities. Use the vulnerability attribute along with the following attributes: | ||
+ | ||
*** `cve.id` | ||
+ | ||
Use the `cve.id` attribute to search and show all the assets across your lifecycle impacted by this CVE ID. | ||
*** `cvss.score` | ||
+ | ||
The `cvss.score` attribute queries all the vulnerabilities with a CVSS score that you select. | ||
|
||
*** `severity` | ||
+ | ||
The `severity` attribute queries the vulnerabilities with the severity levels (Critical, High, Informational, Low, Medium) that you select. |
57 changes: 57 additions & 0 deletions
57
...ions/search-and-investigate/application-queries/application-query-examples.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
== Application Query Examples | ||
|
||
[cols="49%a,51%a"] | ||
|=== | ||
|*Description* | ||
|*RQL* | ||
|
||
|Find all the applications that have a business criticality. | ||
|---- | ||
application where business.criticality = 'all' | ||
---- | ||
|
||
|Find applications that have a specific business criticality. | ||
|---- | ||
application where business.criticality = 'high' | ||
---- | ||
|
||
|Find all the applications that are deployed in the stage environment.. | ||
|---- | ||
application where environment = 'stage' | ||
---- | ||
|
||
|Find all the applications with a specific name. Note that the application names are not case-sensitive. | ||
|---- | ||
application where name = 'Devops' | ||
---- | ||
|
||
|Find all the applications belonging to the same designated business owner. | ||
|---- | ||
application where owner = 'Cortex' | ||
---- | ||
|
||
|Find all applications, their impacted assets, and findings using `finding.type` and `finding.name` attributes | ||
|---- | ||
application where business.criticality = 'high' AND environment = 'stage' AND owner = 'Cortex' with : (asset with : finding where finding.type IN ( 'INTERNET_EXPOSURE' ) AND finding.name CONTAINS ALL ( 'Aws Api Gateway Endpoints Without Client Certificate Authentication' ) ) | ||
---- | ||
|
||
|Find all impacted applications, their assets, and vulnerabilities. | ||
|---- | ||
application where business.criticality = 'all' AND environment = 'stage' AND name = 'Devops' with : (asset with : vuln where cve.id IN ( 'CVE-2016-0718' ) AND cvss.score > 9.1 AND severity IN ( 'Critical', 'High' ) ) | ||
---- | ||
|
||
|Identify if one of the assets is vulnerable to CVE-XXXX-XXXX. | ||
|---- | ||
application where business.criticality = 'all' AND environment = 'stage' AND name = 'Devops' with : (asset with : vuln where cve.id IN ( 'CVE-2016-0718' )) | ||
---- | ||
|
||
|Find all the vulnerabilities with a CVSS score greater than 9.1. | ||
|---- | ||
application where business.criticality = 'all' AND environment = 'stage' AND name = 'Devops' with : (asset with : vuln where cvss.score > 9.1) ) | ||
---- | ||
|
||
|Find all vulnerabilities with critical and high severity. | ||
|---- | ||
application where business.criticality = 'all' AND environment = 'stage' AND name = 'Devops' with : (asset with : vuln where severity IN ( 'Critical', 'High' ) ) | ||
---- | ||
|=== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters