Annotate audit event records
Table of Contents
Annotate audit event records
Prisma Cloud lets you surface and display designated labels in events and reports.
For example, you might already use labels to classify resources according to team name or cost center.
With alert labels, you can specify which of these key-value pairs are appended to events (audits, incidents, syslog, alerts) and reports.
Labels are key-value string pairs that can be attached to objects such as images, containers, or pods.
In Console, specify a list of Docker and Kubernetes labels that contain the metadata you want to append to Prisma Cloud events.
When an event fires, if the associated object has any of the specified labels, they are appended to the event.
Specifying labels to append to Prisma Cloud events
Specify which labels to append to Prisma Cloud events.
- Open Console.
- Go toManage > Alerts > Alert Labels.
- ClickAdd Label.
- Enter the name of the label to be appended to Prisma Cloud events.
- ClickCreate.
Email alerts
The contents of a label can be used as a dynamic target for email alerts.
Specify the labels that contain a comma delimited list of email addresses, and when an event fires, the recipients will be notified.
Before setting up your email alerts, be sure you’ve specified a list of labels to be appended to Prisma Cloud events, where at least one label contains a comma-delimited list of email addresses.
Kubernetes labels don’t support special characters, such as @, which are required to specify email addresses.
Therefore, only Docker labels can be used as a dynamic address list for email alerts.
JIRA alerts
The contents of a label can be used to dynamically specify project keys, JIRA labels, and assignees for new JIRA issues.
Before setting up your JIRA alerts, be sure you’ve specified a list of labels to be appended to Prisma Cloud events, where the labels contain the type of information you need to dynamically route JIRA issues to the right team.