Integrate an Amazon SNS Topic with Prisma Cloud DSPM

SNS (Simple Notification Service) is a commonly used AWS tool for building cloud applications and automating processes. When organizations wish to tailor notifications for their internal systems, manage the criteria for distributing notifications, or document the lifecycle of risk within their internal systems, they need the capability to generate risk and alert notifications from Prisma Cloud DSPM to SNS.
This article describes how integrating an Amazon SNS topic with Prisma Cloud DSPM empowers data security teams to leverage SNS/SQS for automating workflows within AWS based on notifications from Dig Security.
The integration workflow is a three-step process:

1. User creates an SNS Topic in AWS.
2. User configures the ARN topic in Dig Secuirty.
3. User grants access to Dig Security to publish to the topic.

Create an SNS Topic in AWS

1. Sign in to the Amazon SNS console, and create an AWS SNS topic.
2. Copy the topic ARN. The topic ARN typically looks like the example below:
   arn:aws:sns:us-east-2:123456789012:MyTopic

Configure the ARN for Your Topic in Prisma Cloud DSPM

Configure when to generate risk and alert notifications from Prisma Cloud DSPM to SNS and/or SQS.

1. In the Prisma Cloud DSPM side menu, click Settings.
2. In the Integration tab, scroll down to the Notifications area, and in the SNS thumbnail click Connect.
   
3. In the SNS window do the following:
   1. In the SNS topic ARN field, enter the SNS topic ARN.
   2. In the Notified On drop down, select All, Alerts, or Risk Findings.
   3. In the Severity Threshold drop down, select the severity threshold.
   4. Optional: To filter alerts, use the Filter by Tags dropdown menu, and select the required tags. By configuring tags, you will receive alerts only for assets that match the selected tags.
   5. Click Create. The SNS is created and appears in the SNS list.
      
   6. Grant access to Prisma Cloud DSPM to publish to the topic.
   7. Follow the instructions in this link, and use the following policy:
      
      Note: Replace <Your SNS topic ARN goes here> with the ARN of your SNS topic.
      ActionScriptActionScript

      {
        "Sid": "DigSecuritySNSPolicy",
        "Effect": "Allow",
        "Principal": {
          "AWS": [
            "092708045729"
          ]
        },
        "Action": "SNS:Publish",
        "Resource": "<Your SNS topic ARN goes here>"
      }

      
      The Amazon SNS topic is integrated into Prisma Cloud DSPM.

      If Encryption is Enabled

      If encryption is enabled for your SNS topic, add the policy below into your KMS to grant Prisma Cloud DSPM permission to publish to the topic:
      1. In aws >kms (key management service), select your kms key under key policy > edit.
      2. Add the following beneath the statement:

      {
                  "Sid": "Allow access for Key User (SNS IAM User)",
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": "arn:aws:iam::092708045729:root"
                  },
                  "Action": [
                      "kms:GenerateDataKey*",
                      "kms:Decrypt"
                  ],
                  "Resource": "<Your kms ARN goes here>"
              },
              {
                  "Sid": "Allow access for Key User (SNS Service Principal)",
                  "Effect": "Allow",
                  "Principal": {
                      "Service": "sns.amazonaws.com"
                  },
                  "Action": [
                      "kms:GenerateDataKey*",
                      "kms:Decrypt"
                  ],
                  "Resource": "<Your kms ARN goes here>"
              }

      3. Make sure to replace <Your kms ARN goes here> with your kms ARN.