1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Manage Prisma Cloud Alerts
    6. Alert Notifications on State Change

    Alert Notifications on State Change

    Learn whether you can enable alert notifications to an external integration when an alert status is updated.
    On Prisma Cloud, you can configure external notifications when the status of an alert changes. For example, if an alert status transitions from one state to another, such as from
    Open
     to
    Dismissed
     or
    Resolved
    , you can enable alert notifications when
    Alert notifications for all states is enabled
    .
    Alert notifications for all states is enabled
     is in
    Limited GA
    . If you do not see the option to enable notifications for the different states when you Create an Alert Rule for Run-Time Checks, contact Prisma Cloud Customer Support to enable it on your Prisma Cloud tenant.
    The following table provides an overview of how Prisma Cloud sends alerts for all states. By default, alert notifications are sent for the
    Open
     state only.
    Integrations
    Alert Status
    Open
    Dismissed
    Snoozed
    Resolved
    Amazon SQS
    Yes
    Yes
    Yes
    Yes
    Amazon S3
    Yes
    Yes
    Yes
    Yes
    Email
    Yes
    Yes
    Yes
    Yes
    ServiceNow
    Yes
    Yes
    Yes
    Yes
    Slack
    Yes
    Yes
    Yes
    Yes
    Splunk
    Yes
    Yes
    Yes
    Yes
    Cortex XSOAR
    Yes
    No
    No
    No
    Jira
    Yes
    No
    No
    No
    Microsoft Teams
    Yes
    Yes
    Yes
    Yes
    AWS Security Hub
    Yes
    Yes
    Yes
    Yes
    Google Cloud SCC
    Yes
    Yes
    Yes
    Yes
    PagerDuty
    Yes
    Yes
    Yes
    Yes
    Azure Service Bus Queue
    Yes
    Yes
    Yes
    Yes
    Webhooks
    Yes
    Yes
    Yes
    Yes
    The Cortex XSOAR and Jira integrations generate alerts for the
    Open
     alert state only, and do not support alert state change notifications.
    Alert notifications are sent for
    Resolved
     issues when you perform the following actions:
    • Policy is disabled—Yes
    • Policy is deleted—Yes
    • Alert rule is disabled—Yes
    • Alert rule is updated and the policy that triggered the alert is removed—Yes
    • Alert rule is deleted—No
    • Resource is updated and the policy violation is addressed when the next scan occurs—Yes
    • Resource is deleted and the next scan discovers that this is no longer an issue—Yes
    In some cases, when you perform two actions in quick succession and a race condition occurs you may not receive notifications for the state change. For example:
    • When an alert is associated with multiple alert rules, and the alert rules are disabled sequentially, you may not receive resolve notification on all the alert rules. It will be sent out to the last alert rule against which the alert was resolved.
    • When you update an alert rule to remove a policy and also disable or delete the policy, you may not receive the resolve notification.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo