Prisma Access Insights
    : Manage Notification Profiles
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Insights
    5. Insights in Prisma Access
    6. Manage Notification Profiles
    Download PDF

    Prisma Access Insights

    Manage Notification Profiles

    Table of Contents

    Manage Notification Profiles

    Learn how to configure and manage Notification Profiles to subscribe to alerts you want to receive.
    Notification Profiles enable you to subscribe to alerts you want to receive. The Notification Profiles menu item is located at the same level as the Insights menu item.
    The Notification Profiles page shows all notification profiles available for a specific tenant in the Notification Subscriptions table and all profile subscription logs for the tenants in the View Your Notification Subscription Log.
    When you create or modify a notification profile, you can enable Prisma Access to send email or webhook alerts when it initially detects an issue and when the issue is resolved. These alert notifications describe the issue and impact, and include a link to Prisma Access where you can investigate further.
    The Palo Alto Networks email address from which you receive alert notifications is noreply@paloaltonetworks.com.
    For more information about the alert codes shown in the notification, see Alert Codes.

    Manage Notification Subscriptions

    Notifications Subscriptions offers a view of all available profiles, enables you to create new profiles and modify existing ones, and enables Prisma Access to send alerts.
    • Enable or disable a profile from the State column.
    • Select a Profile Name to modify that profile.
    • Sub-Tenant ID(s) shows one subtenant ID and indicates with the + sign whether there are more.
    • The Email Address(es), Webhooks, and Alert Subscription columns show information that was added when the profile was created or modified.
    • You can create an unlimited number of notification profiles, with selections for subtenants, notification methods, and alert subscriptions. One of these profiles is designated as the Default Profile for the tenant.
      Existing Prisma Access tenants with email subscriptions for alerts in Prisma Access Insights prior to the introduction of Notification Profiles have the Default Profile populated with all email addresses and all alert subscriptions. Informational Alerts are added to the Default Profile's alert subscriptions. You can edit this Default Profile.
    • From the Actions column, select the checkmark to make the specified profile the default profile for the tenant.

    Add a Notification Profile

    Create a new notification profile by clicking the Add Notification Profile button to the right. The New Profile window appears.
    Under General:
    1. Name—Enter a profile name.
    2. Sub-Tenant ID—Select one or more subtenants.
    3. Description (optional): Enter an optional description of up to 72 characters.
    Under Notification Method:
    1. Select EMAIL.
      1. Under Email Contacts, click the Add Contacts button.
      2. Enter a valid Email and an optional Name, and press Enter.
        You can add multiple email contacts using the Add Contacts button.
    2. Select WEBHOOKS.
      1. Enter a webhook name and a valid URL.
        Use only standard web ports. Custom web ports are not allowed.
      2. Under Auth Type, select None, Basic, or Token.
        None—You don’t need to add any more information.
        Basic—Enter the username and password of the webhook.
        Token—Enter the token of the webhook.
        You can create one webhook notification per profile.
    3. Under Alerts, you can select all alerts present under an alert category, or you can click > to the left of the alert category name to expand the category and specify which alerts you want to be notified about. To receive alert notifications through email or notifications streamed through webhooks, based on alert severity for an alert category of interest, click the checkboxes for Low, Medium, or High severity.
      Informational alerts are sent to the default profile for the tenant. Other notification profiles can elect to receive informational alerts or not.
    4. Click the Save button.

    Webhook Data Schema

    The data model for Prisma Access Alerts is described in the following table. You can use the description of these alert fields to configure the webhook endpoint ingesting these alerts in order to interpret the event in your network deployment correctly, and/or automate workflows in response to the network event that is observed. Not all fields listed are applicable to all alert types.
    RuleDescription
    #kind
    Alert type. For example, ‘Priority.’
    #alert_id
    Unique alert ID.
    #message
    Alert description; used only for display purposes.
    #severity
    Alert severity; for example, ‘High,’ ‘Medium,’ ‘Low,’ and ‘Informational.’
    #state
    Alert state. Valid values are ‘Raised’ and ‘Cleared.’
    #clear_reason
    Reason for the alert. Valid values are ‘Auto,’ ‘Manual,’ and ‘No Data Timeout.’
    #code
    Unique alert code. It is in a flat namespace (for example, AL_SC_PRIMARY_TUNNEL_DOWN).
    #alert_code_message
    Specifics about the alert code.
    #category
    Alert category, such as RN (remote networks) or SC (service connections).
    #sub_category
    Alert subcategory.
    #tenant_id
    Tenant ID.
    #sub_tenant_id
    Subtenant ID.
    #sub_tenant_name
    Subtenant name.
    #resource_keys
    These keys identify an unique resource. These fields vary depending on the alert code "tenant_id": "", "sub_tenant_id": "", "tunnel_name": "SanJoseTunnel", "node_type": "51", "site_name": "SanJose"
    #resource_context
    Resource context detailed in the following several fields.
    #resource_data
    Resource data fields vary depending on the alert code state, ‘Up’ or ‘Down.’
    #version
    #Alert model version, which is 1.0.
    #raised_time
    Time the alert was raised.
    #updated_time
    Time the alert was updated.
    #cleared_time
    Time the alert was cleared.
     
    {
  "kind": "alert",
  "data": {
    "tenant_id": "1234567890",
    "sub_tenant_id": "1234567890",
    "sub_tenant_name": "",
    "alert_id": "f0e30344-62ac-4a5c-bd11-b45ffb09ac8a",
    "severity": "High",
    "state": "Raised",
    "message": "PRIMARY WAN tunnel Test1 for the Remote Network is down",
    "alert_code_message": "PRIMARY WAN tunnel Test1 for the Remote Network is down",
    "code": "AL_RN_PRIMARY_WAN_TUNNEL_DOWN",
    "category": "RN",
    "sub_category": null,
    "clear_reason": "",
    "raised_time": "2022-08-18 05:36:02 UTC",
    "cleared_time": null,
    "updated_time": "2022-08-18 05:36:02 UTC",
    "resource_data": {},
    "resource_context": {
      "instance_name": "FW_12345_us-east-1_store1-1234567890",
      "instance_id": 12345,
      "instance_type": 48,
      "cluster_id": 12345,
      "location": "US East",
      "zone": "us-east4-a",
      "region": "us-east4",
      "cloud_provider": "gcp",
      "tunnel_name": "Test1",
      "source_ip_address": "1.2.3.4",
      "destination_instance_type": 0,
      "destination_ip_address": "4.3.2.1",
      "site_id": 10,
      "site_name": "10",
      "destination_zone": "N/A",
      "destination_region": "N/A",
      "sub_node_type": 0
    },
    "resource_keys": {
      "tenant_id": "1234567890",
      "sub_tenant_id": "1234567890",
      "site_id": 10,
      "tunnel_name": "Test1"
    },
    "version": "1.0"
  }
}

    Edit an Existing Profile

    To edit an existing profile, click either the Profile Name or the pencil in the Actions column. The Update Profile page appears. Make your changes, and click Save to update the profile.

    View Your Notification Subscription Log

    The Notification Subscription Log table shows changes to all profiles, such as when profiles are added, modified, and deleted.

    © 2024 Palo Alto Networks, Inc. All rights reserved.