Configure Prisma Cloud to Automatically Remediate Alerts
To facilitate rapid incident response, configure Prisma™
Cloud to automatically remediate cloud Security policy violations
in your cloud environments using multi-step CLI commands in one-click.
If you want Prisma™ Cloud to automatically
resolve policy violations, such as misconfigured security groups,
you can configure Prisma Cloud for automated remediation. To automatically
resolve a policy violation, Prisma Cloud runs the CLI command associated
with the policy in the cloud environments where it discovered the
violation. On Prisma Cloud, you can enable automated remediation
for default policies (Config policies only) that are designated
as remediable (indicated by
in the Remediable
column) and for any cloned or custom policies that
you add.

To enable automated remediation, identify the set
of policies that you want to remediate automatically and verify
that Prisma Cloud has the required permissions in the associated
cloud environments. Then Create an Alert Rule for Run-Time Checks that enables
automated remediation for the set of policies you identified.
When you enable automated remediation, Prisma
Cloud can make changes in your cloud environments that can adversely
affect your applications.
If you want to use automated
remediation using serverless functions for your cloud resources
on AWS, use the runbooks on GitHub. The Prisma Cloud
platform sends alert messages to an AWS SQS Queue, which in turn
invokes a lambda function
index_prisma.py
. The function then
calls the appropriate runbook script to remediate the alert(s).To use AWS Lambda for automatic remediation, you do
not need to give Prisma Cloud read-write access to your AWS accounts,
and is an alternative way for you to try remediation for violating resources.- Verify that Prisma Cloud has the required privileges to remediate the policies you plan to configure for automated remediation.
- To view remediable policies, selectPoliciesand set the filter to.RemediableTrueIf the Remediable column is not displayed on the Policies page, use theColumn Picker(
) to display it.
- Select a policy for which you want to enable remediation and go to the Remediation page.Review the required privileges in the CLI Command Description to identify which permissions Prisma Cloud requires in the associated cloud environments to be able to remediate violations of the policy.You can define up to 5 CLI commands in a sequence for a multi-step automatic remediation workflow. Add the commands in the sequence you want them to execute and separate the commands with a semi colon. If any CLI command included in the sequence fails, the execution stops at that point. See list of supported CLI variables.
- Create an Alert Rule for Run-Time Checks or modify an existing alert rule.
- On theSelect Policiespage, enableAutomated Remediationand thenContinueto acknowledge the impact of automated remediation on your application.The list of available policies updates to show only those policies that are remediable (as indicated by
in the Remediable column).
If you are modifying an existing alert rule that includes non-remediable policies, those policies will no longer be included in the rule. When you modify the rule, Prisma Cloud notifies all account administrators who have access to that rule.
Recommended For You
Recommended Videos
Recommended videos not found.