Create an Alert Rule for Run-Time Checks
Use alert rules to define the policy rule violations
within specific cloud accounts that trigger alert notifications
to a particular destination.
After you have deployed your resources on
the cloud platform of your choice, alert rules (for run-time checks)
enable you to define the policy violations in a selected set of
cloud accounts for which you want to trigger alerts. If you want
to organically embed security and integrate these checks earlier
in the process, see Create an Alert Rule for Build-Time Checks, and Prisma Cloud DevOps Security.
When
you create an alert rule for run-time checks, you select the account
groups to which the rule applies and the corresponding set of policies
for which you want to trigger alerts. You can add more granularity
to the rule by excluding some cloud accounts from the selected account
groups, by specifying specific regions for which to send alerts,
and even by narrowing down the rule to specific cloud resources
identified by resource tags. This provides you with flexibility
in how you manage alerts and ensures that you can adhere to the administrative
boundaries you defined. You can create a single alert rule that
alerts on all policy rules or you can define granular alert rules
that send very specific sets of alerts for specific cloud accounts,
regions, and even resources to specific destinations.
When
you create an alert rule, you can Configure Prisma Cloud to Automatically Remediate Alerts, which enables
Prisma Cloud to automatically run the CLI command required to remediate
the policy violation directly in your cloud environments. Automated
remediation is only available for default policies (Config policies
only) that are designated as Remediable (
) on the

Policies
page.In
addition, if you Configure External Integrations on Prisma Cloud with third-party
tools, defining granular alert rules enables you to send only the
alerts you need to enhance your existing operational, ticketing,
notification, and escalation workflows with the addition of Prisma
Cloud alerts on policy violations in all your cloud environments.
To see any existing integrations, click
) and
then select
Settings
(

Integrations
.- SelectandAlertsAlert Rules+Add NewRunalert.
- Enter anAlert Rule Nameand, optionally, aDescriptionto communicate the purpose of the rule and then clickNext.
- Select theAccount Groupsto which you want this alert rule to apply and then clickNext.
- ToggleView Advanced Settingsto see advanced settings for setting a target.
- Exclude Cloud Accountsfrom your selected Account Group.
- Choose yourRegion.
- AddTagsto easily manage or identify the type of your resources.Tags apply only toConfigandNetworkpolicies.
- ClickNext.
- (Optional) If you want to add more granularity for which cloud resources trigger alerts for this alert rule,View Advanced Settingsand then provide more criteria as needed:
- Exclude Cloud Accounts—If there are some cloud accounts in the selected account groups for which you do not want to trigger alerts, select the accounts from the list.
- Regions—To trigger alerts only for specific regions for the cloud accounts in the selected account group, select one or more regions from the list.
- Resource Tags—To trigger alerts only for specific resources in the selected cloud accounts, enter theKeyandValueof the resource tag you created for the resource in your cloud environment.Tags apply only toConfigandNetworkpolicies. When you add multiple resource tags, it uses the boolean logical OR operator.
When you finish defining the target cloud resources, clickNext. - Select the policies for which you want this alert rule to trigger alerts and, optionally, Configure Prisma Cloud to Automatically Remediate Alerts.
- EitherSelect All Policiesor select the specific policies for which you want to trigger alerts on this alert rule..If you enableAutomated Remediation, the list of policies shows only Remediable (
) policies
To help you find the specific group of policies for which you want this rule to alert- Filter Results—Enter a search term to filter the list of policies to those with specific keywords.
- Column Picker—ClickEdit(
) to modify which columns to display.
- Sort—Click the correspondingSorticon (
) to sort on a specific column.
- Column Filter—Click the corresponding columnFiltericon (
) to filter on a specific value in a column. For example, to filter on compliance standards related to NIST, click the filter for the Compliance Standard column, select NIST standards, and then
Setthat filter.
- ClickNext.
- By default, all alerts triggered by the alert rule display on theAlertspage. If you Configure External Integrations on Prisma Cloud, you can also send Prisma Cloud alerts triggered by this alert rule to third-party tools. For example, you can Send Alert Notifications to Amazon SQS or Send Alert Notifications to Jira.In addition, you can configure the alert rule to Send Alert Notifications Through Email.
- (Optional) If you want to delay the alert notifications for Config alerts, you can configure the Prisma Cloud toTrigger notification for Config Alert only after the Alert is Open fora specific number of minutes.
- Savethe alert rule.
- To verify that the alert rule triggers the expected alerts, selectand ensure that you see the alerts that you expect to see there.AlertsOverviewIf you configured the rule to Send Prisma Cloud Alert Notifications to Third-Party Tools, make sure you also see the alert notifications in those tools.
Recommended For You
Recommended Videos
Recommended videos not found.