Incorrect Prisma compliance stats
paskal opened this issue · 0 comments
paskal commented
As discovered by @kostty, current compliance stats don't look right compared to dashboard you can see in Prisma. This is the output of /compliance/dashboard API endpoint we are parsing:
{
"default": true,
"description": "Center for Internet Security Benchmark for Google Cloud Platform Foundation v1.0.0",
"id": "id",
"name": "CIS v1.0.0 (GCP)",
"policiesAssignedCount": 42,
"resourcesFailed": 1,
"resourcesPassed": 10
}As he discovered, /compliance/posture have the data we had in mind for collection when writing this collector:
{
"assignedPolicies": 42,
"description": "Center for Internet Security Benchmark for Google Cloud Platform Foundation v1.0.0",
"failedResources": 3,
"highSeverityFailedResources": 1,
"id": "id",
"lowSeverityFailedResources": 0,
"mediumSeverityFailedResources": 2,
"name": "CIS v1.0.0 (GCP)",
"passedResources": 12,
"totalResources": 15
}The code should be changed to look at /compliance/posture endpoint.