Skip to main content

Prisma Access

This Integration is part of the Palo Alto Networks - Strata Cloud Manager Pack.#

Prisma Access Integration#

Integrate with Prisma Access to monitor the status of the Service, alert and take actions. The integration uses both the Panorama XML API and SSH into the PAN-OS CLI.

Common parameters#

The Server Host or IP parameter is required by both.

SSH connection#

The following commands require the SSH access to be configured:

  • prisma-access-active-users
  • prisma-access-cli-command
  • prisma-access-query

The SSH connection requires the SSH Credentials for CLI, Password and SSH Port are provided.

SSH credentials should be your username and password for the PAN-OS CLI - they can be tested using a standalone SSH client to verify that you are able to connect to the CLI on the SSH port.

API connection#

The following commands require the API access to be configured:

  • prisma-access-logout-user

The API connection requires the API Port and API Key parameters as well as a Device Group or Vsys.

This integration was integrated and tested with version 9.0.7 of Prisma Access

Configure Prisma Access on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Prisma Access.
  3. Click Add instance to create and configure a new integration instance.
serverServer Host or IP (e.g., or
portAPI Port (e.g 443)False
keyAPI KeyFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
device_groupDevice group - Panorama instances only (write shared for Shared location)False
vsysVsys - Firewall instances onlyFalse
sshportSSH PortFalse
UsernameSSH Credentials for CLIFalse
  1. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Force logout a specific user from Prisma Access

Base Command#


Argument NameDescriptionRequired
userUsername to logout. (Without domain name - e.g. jsmith)Required
domainDomain name of the user to logout.Required
computerComputer name to logout.Required
tenant_nameThe tenant name.Optional
Context Output#
PrismaAccess.LogoutUserunknownLogoutUser command results
Command Example#

!prisma-access-logout-user user="jsmith" domain="acme" computer="jsmithPC"


Run a query via the Prisma Access CLI

Base Command#


Argument NameDescriptionRequired
queryQuery to run. Example input: querystring limit=2000 action getGPaaSLast90DaysUniqueUsersRequired
Context Output#
PrismaAccess.QueryResultsunknownQuery results
Command Example#

!prisma-access-query query="querystring limit=2 action getGPaaSActiveUsers"

prisma-access-cli-command (deprecated)#

Run a custom CLI command on Prisma Access

Base Command#


Argument NameDescriptionRequired
cmdCLI command to run (e.g. debug plugins cloud_services gpcs query querystring limit=9000 action getGPaaSLast90DaysUniqueUsers)Required
Context Output#

There is no context output for this command.

Command Example#

!prisma-access-cli-command cmd="show system info | match hostname"

prisma-access-active-users (deprecated)#

Query currently active users.

Base Command#


Argument NameDescriptionRequired
limitMaximum number of entries to return. Default is 20.Optional
Context Output#
PrismaAccess.ActiveUsersunknownActive Users on Prisma Access
Command Example#

!prisma-access-active-users limit=10