Insights Configuration

Overview

The Insights configuration section provides access to the Prisma Access Insights API, which offers comprehensive visibility into your network's security posture, performance metrics, and operational health. The Insights API enables you to programmatically retrieve and analyze alerts, metrics, and other telemetry data from your Prisma Access deployment.

Available Resources

Alerts

Access and manage security and operational alerts generated by Prisma Access. The Alerts resource provides methods to:

• List alerts with flexible filtering options
• Retrieve detailed alert information
• Get alert statistics and trends
• Generate alert timelines for analysis

Key Features

• Real-time Visibility: Access up-to-date security and operational alerts
• Flexible Filtering: Filter alerts by severity, status, category, and time range
• Statistical Analysis: Generate statistics and trends from alert data
• Timeline Views: Visualize alert patterns over time
• Unified Query Interface: Consistent query API across all Insights resources

Common Patterns

Authentication

All Insights API calls require proper authentication through the SCM client:

from scm.client import ScmClient

client = ScmClient(
    client_id="your_client_id",
    client_secret="your_client_secret",
    tsg_id="your_tsg_id"
)

# Access Insights Alerts service
alerts = client.insights.alerts

Query Structure

The Insights API uses a consistent query structure across resources:

# Basic query with filters
response = alerts.query(
    filter={
        "rules": [
            {"property": "severity", "operator": "in", "values": ["High", "Critical"]},
            {"property": "state", "operator": "equals", "values": ["Raised"]}
        ]
    },
    properties=[
        {"property": "alert_id"},
        {"property": "message"},
        {"property": "severity"}
    ]
)

Response Format

All Insights API responses follow a consistent structure:

{
    "header": {
        "createdAt": "2024-01-20T12:00:00Z",
        "dataCount": 100,
        "requestId": "unique-request-id",
        "status": {"success": True}
    },
    "data": [
        # Resource-specific data objects
    ]
}

Best Practices

1. Use Appropriate Time Ranges: When querying historical data, use reasonable time ranges to avoid overwhelming the API
2. Leverage Filters: Use filters to reduce response size and improve query performance
3. Handle Pagination: For large datasets, implement proper pagination handling
4. Cache Results: Consider caching frequently accessed data to reduce API calls
5. Error Handling: Implement robust error handling for API failures and rate limits

Next Steps

• Explore the Alerts documentation for detailed usage examples
• Review the Alerts Models for data structure details
• Check the main SDK documentation for general SDK patterns