Manage Notification Profiles

Notification Profiles
enable you to subscribe to alerts you want to receive. The
Notification Profiles
menu item is located at the same level as the
Insights
menu item.
The
Notification Profiles
page shows all notification profiles available for a specific tenant in the
Notification Subscriptions
table and all profile subscription logs for the tenants in the View Your Notification Subscription Log.
When you create or modify a notification profile, you can enable Prisma Access to send email or webhook alerts when it initially detects an issue and when the issue is resolved. These alert notifications describe the issue and impact, and include a link to Prisma Access where you can investigate further.
The Palo Alto Networks email address from which you receive alert notifications is noreply@paloaltonetworks.com.
For more information about the alert codes shown in the notification, see Alert Codes.

Manage Notification Subscriptions

Notifications Subscriptions
offers a view of all available profiles, enables you to create new profiles and modify existing ones, and enables Prisma Access to send alerts.
  • Enable or disable a profile from the
    State
    column.
  • Select a
    Profile Name
    to modify that profile.
  • Sub-Tenant ID(s)
    shows one subtenant ID and indicates with the + sign whether there are more.
  • The
    Email Address(es)
    ,
    Webhooks
    , and
    Alert Subscription
    columns show information that was added when the profile was created or modified.
  • You can create an unlimited number of notification profiles, with selections for subtenants, notification methods, and alert subscriptions. One of these profiles is designated as the
    Default Profile
    for the tenant.
    Existing Prisma Access tenants with email subscriptions for alerts in Prisma Access Insights prior to the introduction of Notification Profiles have the
    Default Profile
    populated with all email addresses and all alert subscriptions.
    Informational Alerts
    are added to the
    Default Profile
    's alert subscriptions. You can edit this
    Default Profile
    .
  • From the
    Actions
    column, select the checkmark to make the specified profile the default profile for the tenant.

Add a Notification Profile

Create a new notification profile by clicking the
Add Notification Profile
button to the right. The
New Profile
window appears.
Under
General
:
  1. Name
    —Enter a profile name.
  2. Sub-Tenant ID
    —Select one or more subtenants.
  3. Description (optional)
    : Enter an optional description of up to 72 characters.
Under
Notification Method
:
  1. Select
    EMAIL
    .
    1. Under
      Email Contacts
      , click the
      Add Contacts
      button.
    2. Enter a valid
      Email
      and an optional
      Name
      , and press
      Enter
      .
      You can add multiple email contacts using the
      Add Contacts
      button.
  2. Select
    WEBHOOKS
    .
    1. Enter a webhook name and a valid URL.
      Use only standard web ports. Custom web ports are not allowed.
    2. Under
      Auth Type
      , select
      None
      ,
      Basic
      , or
      Token
      .
      None
      —You don’t need to add any more information.
      Basic
      —Enter the username and password of the webhook.
      Token
      —Enter the token of the webhook.
      You can create one webhook notification per profile.
  3. Under
    Alerts
    , you can select all alerts present under an alert category, or you can click
    >
    to the left of the alert category name to expand the category and specify which alerts you want to be notified about. To receive alert notifications through email or notifications streamed through webhooks, based on alert severity for an alert category of interest, click the checkboxes for
    Low
    ,
    Medium
    , or
    High
    severity.
    Informational
    alerts are sent to the default profile for the tenant. Other notification profiles can elect to receive informational alerts or not.
  4. Click the
    Save
    button.

Webhook Data Schema

The data model for Prisma Access Alerts is described in the following table. You can use the description of these alert fields to configure the webhook endpoint ingesting these alerts in order to interpret the event in your network deployment correctly, and/or automate workflows in response to the network event that is observed. Not all fields listed are applicable to all alert types.
Rule
Description
Alert type. For example, ‘Priority.’
Unique alert ID.
Alert description; used only for display purposes.
Alert severity; for example, ‘High,’ ‘Medium,’ ‘Low,’ and ‘Informational.’
Alert state. Valid values are ‘Raised’ and ‘Cleared.’
Reason for the alert. Valid values are ‘Auto,’ ‘Manual,’ and ‘No Data Timeout.’
Unique alert code. It is in a flat namespace (for example, AL_SC_PRIMARY_TUNNEL_DOWN).
Specifics about the alert code.
Alert category, such as RN (remote networks) or SC (service connections).
Alert subcategory.
Tenant ID.
Subtenant ID.
Subtenant name.
These keys identify an unique resource. These fields vary depending on the alert code "tenant_id": "", "sub_tenant_id": "", "tunnel_name": "SanJoseTunnel", "node_type": "51", "site_name": "SanJose"
Resource context detailed in the following several fields.
Resource data fields vary depending on the alert code state, ‘Up’ or ‘Down.’
#Alert model version, which is 1.0.
Time the alert was raised.
Time the alert was updated.
Time the alert was cleared.
{ "kind": "alert", "data": { "tenant_id": "1234567890", "sub_tenant_id": "1234567890", "sub_tenant_name": "", "alert_id": "f0e30344-62ac-4a5c-bd11-b45ffb09ac8a", "severity": "High", "state": "Raised", "message": "PRIMARY WAN tunnel Test1 for the Remote Network is down", "alert_code_message": "PRIMARY WAN tunnel Test1 for the Remote Network is down", "code": "AL_RN_PRIMARY_WAN_TUNNEL_DOWN", "category": "RN", "sub_category": null, "clear_reason": "", "raised_time": "2022-08-18 05:36:02 UTC", "cleared_time": null, "updated_time": "2022-08-18 05:36:02 UTC", "resource_data": {}, "resource_context": { "instance_name": "FW_12345_us-east-1_store1-1234567890", "instance_id": 12345, "instance_type": 48, "cluster_id": 12345, "location": "US East", "zone": "us-east4-a", "region": "us-east4", "cloud_provider": "gcp", "tunnel_name": "Test1", "source_ip_address": "1.2.3.4", "destination_instance_type": 0, "destination_ip_address": "4.3.2.1", "site_id": 10, "site_name": "10", "destination_zone": "N/A", "destination_region": "N/A", "sub_node_type": 0 }, "resource_keys": { "tenant_id": "1234567890", "sub_tenant_id": "1234567890", "site_id": 10, "tunnel_name": "Test1" }, "version": "1.0" } }

Edit an Existing Profile

To edit an existing profile, click either the
Profile Name
or the pencil in the
Actions
column. The
Update Profile
page appears. Make your changes, and click
Save
to update the profile.

View Your Notification Subscription Log

The
Notification Subscription Log
table shows changes to all profiles, such as when profiles are added, modified, and deleted.

Recommended For You