Configure Prisma Cloud to Automatically Remediate Alerts

To facilitate rapid incident response, configure Prisma™ Cloud to automatically remediate cloud Security policy violations in your cloud environments using multi-step CLI commands in one-click.
If you want Prisma™ Cloud to automatically resolve policy violations, such as misconfigured security groups, you can configure Prisma Cloud for automated remediation. To automatically resolve a policy violation, Prisma Cloud runs the CLI command associated with the policy in the cloud environments where it discovered the violation. On Prisma Cloud, you can enable automated remediation for default policies (Config policies only) that are designated as remediable (indicated by remediable-icon.png in the Remediable column) and for any cloned or custom policies that you add.
To enable automated remediation, identify the set of policies that you want to remediate automatically and verify that Prisma Cloud has the required permissions in the associated cloud environments. Then Create an Alert Rule that enables automated remediation for the set of policies you identified.
Use caution when you enable automated remediation because it requires Prisma Cloud to make changes in your cloud environments that can adversely affect your applications.
  1. Verify that Prisma Cloud has the required privileges to remediate the policies you plan to configure for automated remediation.
    1. To view remediable policies, select
      and set the filter to
      If the Remediable column is not displayed on the Policies page, use the
      Column Picker
      ( column-picker.png ) to display it.
    2. Select a policy you want to enable remediation and go to the Remediation page.
      Review the required privileges in the CLI Command Description to identify which permissions Prisma Cloud requires in the associated cloud environments to be able to remediate violations of the policy.
      You can define up to 5 CLI commands in a sequence for a multi-step automatic remediation workflow. Add the commands in the sequence you want them to execute and separate the commands with a semi colon. If any CLI command included in the sequence fails, the execution stops at that point.
  2. Create an Alert Rule or modify an existing alert rule.
  3. On the
    Select Policies
    page, enable
    Automated Remediation
    and then
    to acknowledge the impact of automated remediation on your application.
    The list of available policies updates to show only those policies that are remediable (as indicated by remediable-icon.png in the Remediable column).
    If you are modifying an existing alert rule that includes non-remediable policies, those policies will no longer be included in the rule. When you modify the rule, Prisma Cloud notifies all account administrators who have access to that rule.
  4. Finish configuring and
    the new alert rule or
    your changes to an existing alert rule.

Recommended For You