This script analyzes resources with active Attack Path Policies in Prisma Cloud and generates a detailed report of associated CVEs.
- Python 3.x
requestspackage installed- Prisma Cloud access (API key and secret)
- Clone the repository:
git clone https://github.com/abuslang/AttackPathCVEList.git
cd AttackPathCVEList- Update the
config.pyfile with your credentials:
url = "api2.prismacloud.io" # Your Prisma Cloud API URL
api_key = "your_access_key_here"
api_secret = "your_secret_key_here"- Make the script executable and run:
chmod +x AttackPathCVE.py
./AttackPathCVE.py # Default 12 months of data
./AttackPathCVE.py 6 # Or specify number of months (e.g., 6)The script generates:
-
CSV File (
prisma_attack_paths_TIMESTAMP.csv) containing:- Resource details (Name, ID, Type, Region)
- Attack Path ID
- CVE information (ID, Severity, CVSS Score)
-
Console Summary showing:
- Resources with CVEs and their details
- List of resources without CVEs
- Total count statistics
Fetches attack path alerts using initial parameters
-
For each alert:
-
Gets detailed alert information
-
Extracts CVE data from alert metadata
-
Collects resource information if CVEs are present
-
Maintains lists of resources with/without CVEs
- Authentication Errors: Verify your API credentials in
config.py - Permission Issues: Ensure your API key has necessary permissions
- No Data: Check the time range and policy filters
- this is an unofficial prisma cloud script. we are only reading info from the console, nothing will be updated
- contact: aquadri@paloaltonetworks.com