Authenticate to the Prisma Cloud API as described in the alerts integration route to obtain a short-lived token.
Create a one-time or scheduled compliance report by POST-ing to /v2/report with a JSON body specifying name, type: RIS (Risk Insights) or COMPLIANCE, cloudType, complianceStandardId, and timeRange.
Note the reportId returned in the response; poll GET /v2/report/{reportId} until the status field transitions to READY.
Download the generated report file with GET /v2/report/{reportId}/download, which returns a binary PDF or CSV depending on the configuration.
For recurring reports, list all scheduled report runs with GET /v2/report/{reportId}/schedules and download the latest with the matching timestamp endpoint.
Automate delivery by combining the download step with a cloud storage upload (e.g., PUT to an S3 presigned URL) to distribute reports without sharing Prisma credentials.
Known gotchas
Report generation is asynchronous; polling too aggressively can trigger rate limits — use exponential backoff between status checks.
The complianceStandardId must be fetched from GET /compliance to obtain the correct UUID for your framework (CIS, NIST, PCI, etc.).
Downloaded report files are not paginated; very large environments may produce reports that exceed email attachment limits, so prefer storage-bucket delivery.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp