Alert Payload

Learn about the detailed information contained in the Prisma™ Cloud alert payload.
A Prisma™ Cloud alert payload is a JSON data object that contains detailed information about an alert, such as the cloud account, resource, compliance standard, and policy.
Alert Payload Field
Description
Account ID
The ID of the cloud account where the violation that triggered the alert occurred.
Account Name
Name of the cloud account where Prisma Cloud detected the policy violation.
Alert ID
Identification number of the alert.
Alert Rule Name
Name of the alert rule that triggered this alert.
Callback URL
The URL for the alert in Prisma Cloud.
Cloud Type
Type of cloud account: AWS, Azure, or GCP.
Policy Description
Description of the policy as shown within Prisma Cloud.
Policy ID
Universally unique identification (UUID) number of the policy.
Policy Labels
Labels associated with the policy.
Policy Name
Name of the policy.
Policy Recommendation
Remediation recommendations for the policy.
Saved Search UUID
Universally unique identification (UUID) number of the saved search.
Remediation CLI
The CLI commands that you can use to resolve the policy violation.
Compliance Standard name
Name of the compliance standard.
Compliance Standard description
Description of the compliance standard.
Requirement ID
Identification number of the requirement in the compliance standard.
Requirement Name
Name of the requirement in the compliance standard.
Section ID
Identification number of the section in the compliance standard.
Section Description
Description of the section in the compliance standard.
Compliance ID
ID number of the compliance standard.
System Default
Indicates whether the compliance standard is Prisma Cloud System Default.
Custom assigned
Indicates if the compliance standard is assigned to a policy.
Resource Cloud Service
Cloud service provider of the resource that triggered the alert.
Resource Data
The JSON data of the resource.
Resource ID
ID of the resource that triggered the alert.
Resource Name
Name of the resource that triggered the alert.
Resource Region
Name of the cloud region to which the resource belongs.
Resource Region ID
ID of the region to which the cloud resource belongs.
Resource Type
Type of resource that triggered the alert (for example, EC2 instance or S3 bucket).
Severity
Severity of the alert: High, Medium, or Low.
User Attribution data
Data about the user who created or modified the resource and caused the alert.
For alert notifications to include user attribution data, you must
Populate User Attribution In Alerts Notifications
(
Settings
Enterprise Settings
). Including user attribution data may delay alert notifications because the information may not be available from the cloud provider when Prisma Cloud is ready to generate the alert.

Recommended For You