Alert Notifications on State Change

Learn whether you can enable alert notifications to an external integration when an alert status is updated.
On Prisma Cloud, you can configure external notifications when the status of an alert changes. For example, if an alert status transitions from one state to another, such as from
Open
to
Dismissed
or
Resolved
, you can enable alert notifications under the following conditions:
  • Your Prisma Cloud instance is on the Alerts 2.0 subsystem.
    To verify whether your instance is on version 2.0, select
    Alerts
    Overview
    ,
    Version: 2
    displays on the top right above the Search.
  • Alert notifications for all states is enabled.
    The feature is in
    Limited GA
    . If you do not see the option to enable notifications for the different states when you Create an Alert Rule for Run-Time Checks, please contact Prisma Cloud Customer Success to enable it on your Prisma Cloud instance.
The following table provides an overview of how Prisma Cloud sends alerts for all states in alerts version 2.0. By default, alert notifications are sent for the
Open
state only.
Integrations
Alert Status
Open
Dismissed
Snoozed
Resolved
Amazon SQS
Yes
Yes *
Yes *
Yes *
Email
Yes
Yes
Yes
Yes
ServiceNow
Yes
Yes *
Yes *
Yes *
Slack
Yes
Yes *
Yes *
Yes *
Splunk
Yes
Yes *
Yes *
Yes *
Cortex XSOAR
Yes
No
No
No
Jira
Yes
No
No
No
Microsoft Teams
Yes
Yes *
Yes *
Yes *
AWS Security Hub
Yes
Yes *
Yes *
Yes *
Google Cloud SCC
Yes
Yes *
Yes *
Yes *
PagerDuty
Yes
Yes *
Yes *
Yes *
Azure Service Bus Queue
Yes
Yes *
Yes *
Yes *
Webhooks
Yes
Yes *
Yes *
Yes *
  • The asterisk(*) denotes that the alert state has enhanced coverage in version 2.0 as compared to the previous version.
  • The Cortex XSOAR and Jira integrations generate alerts for the
    Open
    alert state only, and do not support alert state change notifications.

Recommended For You