Focus

Prisma Access Insights

Manage Notification Profiles

Table of Contents

Manage Notification Profiles

Notification Profiles

enable you to subscribe to alerts you want to receive. The

Notification Profiles

menu item is located at the same level as the

Insights

menu item.

The

Notification Profiles

page shows all notification profiles available for a specific tenant in the

Notification Subscriptions

table and all profile subscription logs for the tenants in the View Your Notification Subscription Log.

When you create or modify a notification profile, you can enable Prisma Access to send email or webhook alerts when it initially detects an issue and when the issue is resolved. These alert notifications describe the issue and impact, and include a link to Prisma Access where you can investigate further.

The Palo Alto Networks email address from which you receive alert notifications is noreply@paloaltonetworks.com.

For more information about the alert codes shown in the notification, see Alert Codes.

Manage Notification Subscriptions

Notifications Subscriptions

offers a view of all available profiles, enables you to create new profiles and modify existing ones, and enables Prisma Access to send alerts.

Enable or disable a profile from the

State

column.

Select a

Profile Name

to modify that profile.

Sub-Tenant ID(s)

shows one subtenant ID and indicates with the + sign whether there are more.

The

Email Address(es)

Webhooks

, and

Alert Subscription

columns show information that was added when the profile was created or modified.

You can create an unlimited number of notification profiles, with selections for subtenants, notification methods, and alert subscriptions. One of these profiles is designated as the

Default Profile

for the tenant.

Existing Prisma Access tenants with email subscriptions for alerts in Prisma Access Insights prior to the introduction of Notification Profiles have the

Default Profile

populated with all email addresses and all alert subscriptions.

Informational Alerts

are added to the

Default Profile

's alert subscriptions. You can edit this

Default Profile

From the

Actions

column, select the checkmark to make the specified profile the default profile for the tenant.

Add a Notification Profile

Create a new notification profile by clicking the

Add Notification Profile

button to the right. The

New Profile

window appears.

Under

General

Name

—Enter a profile name.

Sub-Tenant ID

—Select one or more subtenants.

Description (optional)

: Enter an optional description of up to 72 characters.

Under

Notification Method

Select

Under

Email Contacts

, click the

Add Contacts

button.

Enter a valid

and an optional

Name

, and press

Enter

You can add multiple email contacts using the

Add Contacts

button.

Select

WEBHOOKS

Enter a webhook name and a valid URL.

Use only standard web ports. Custom web ports are not allowed.

Under

Auth Type

, select

None

Basic

, or

Token

None

—You don’t need to add any more information.

Basic

—Enter the username and password of the webhook.

Token

—Enter the token of the webhook.

You can create one webhook notification per profile.

Under

Alerts

, you can select all alerts present under an alert category, or you can click

to the left of the alert category name to expand the category and specify which alerts you want to be notified about. To receive alert notifications through email or notifications streamed through webhooks, based on alert severity for an alert category of interest, click the checkboxes for

Low

Medium

, or

High

severity.

Informational

alerts are sent to the default profile for the tenant. Other notification profiles can elect to receive informational alerts or not.

Click the

Save

button.

Webhook Data Schema

The data model for Prisma Access Alerts is described in the following table. You can use the description of these alert fields to configure the webhook endpoint ingesting these alerts in order to interpret the event in your network deployment correctly, and/or automate workflows in response to the network event that is observed. Not all fields listed are applicable to all alert types.

Rule	Description
#kind	Alert type. For example, ‘Priority.’
#alert_id	Unique alert ID.
#message	Alert description; used only for display purposes.
#severity	Alert severity; for example, ‘High,’ ‘Medium,’ ‘Low,’ and ‘Informational.’
#state	Alert state. Valid values are ‘Raised’ and ‘Cleared.’
#clear_reason	Reason for the alert. Valid values are ‘Auto,’ ‘Manual,’ and ‘No Data Timeout.’
#code	Unique alert code. It is in a flat namespace (for example, AL_SC_PRIMARY_TUNNEL_DOWN).
#alert_code_message	Specifics about the alert code.
#category	Alert category, such as RN (remote networks) or SC (service connections).
#sub_category	Alert subcategory.
#tenant_id	Tenant ID.
#sub_tenant_id	Subtenant ID.
#sub_tenant_name	Subtenant name.
#resource_keys	These keys identify an unique resource. These fields vary depending on the alert code "tenant_id": "", "sub_tenant_id": "", "tunnel_name": "SanJoseTunnel", "node_type": "51", "site_name": "SanJose"
#resource_context	Resource context detailed in the following several fields.
#resource_data	Resource data fields vary depending on the alert code state, ‘Up’ or ‘Down.’
#version	#Alert model version, which is 1.0.
#raised_time	Time the alert was raised.
#updated_time	Time the alert was updated.
#cleared_time	Time the alert was cleared.

{
  "kind": "alert",
  "data": {
    "tenant_id": "1234567890",
    "sub_tenant_id": "1234567890",
    "sub_tenant_name": "",
    "alert_id": "f0e30344-62ac-4a5c-bd11-b45ffb09ac8a",
    "severity": "High",
    "state": "Raised",
    "message": "PRIMARY WAN tunnel Test1 for the Remote Network is down",
    "alert_code_message": "PRIMARY WAN tunnel Test1 for the Remote Network is down",
    "code": "AL_RN_PRIMARY_WAN_TUNNEL_DOWN",
    "category": "RN",
    "sub_category": null,
    "clear_reason": "",
    "raised_time": "2022-08-18 05:36:02 UTC",
    "cleared_time": null,
    "updated_time": "2022-08-18 05:36:02 UTC",
    "resource_data": {},
    "resource_context": {
      "instance_name": "FW_12345_us-east-1_store1-1234567890",
      "instance_id": 12345,
      "instance_type": 48,
      "cluster_id": 12345,
      "location": "US East",
      "zone": "us-east4-a",
      "region": "us-east4",
      "cloud_provider": "gcp",
      "tunnel_name": "Test1",
      "source_ip_address": "1.2.3.4",
      "destination_instance_type": 0,
      "destination_ip_address": "4.3.2.1",
      "site_id": 10,
      "site_name": "10",
      "destination_zone": "N/A",
      "destination_region": "N/A",
      "sub_node_type": 0
    },
    "resource_keys": {
      "tenant_id": "1234567890",
      "sub_tenant_id": "1234567890",
      "site_id": 10,
      "tunnel_name": "Test1"
    },
    "version": "1.0"
  }
}

Edit an Existing Profile

To edit an existing profile, click either the

Profile Name

or the pencil in the

Actions

column. The

Update Profile

page appears. Make your changes, and click

Save

to update the profile.

View Your Notification Subscription Log

The

Notification Subscription Log

table shows changes to all profiles, such as when profiles are added, modified, and deleted.

Alert Codes

Prisma Access Insights APIs

Prisma Access Insights

Manage Notification Profiles

Manage Notification Profiles

Manage Notification Subscriptions

Add a Notification Profile

Webhook Data Schema

Edit an Existing Profile

View Your Notification Subscription Log

Recommended For You