Enable Prisma Cloud Alerts
Enable Prisma™ Cloud alerts so that you can see all policy violations across all of your cloud environments from a central location.
Although Prisma™ Cloud begins monitoring your cloud environments as soon as you onboard a cloud account, you must first enable alerting for each cloud account you onboard before you can receive alerts. Prisma Cloud gives you the flexibility to group your cloud accounts into account groups so that you can restrict access to information about specific cloud accounts to only those administrators who need it. Then you must assign each account group to an alert rule that allows you to select a group of policies and designate where you want to display the Prisma Cloud Alerts and Notifications associated with those policies. This enables you to define different alert rules and notification flows for different cloud environments, such as for both a production and a development cloud environment. In addition, you can set up different alert rules for sending specific alerts to your existing SOC visibility tools. For example, you could send one set of alerts to your security information and event management (SIEM) system and another set to Jira for automated ticketing.
- Make sure you have associated all onboarded cloud accounts to an account group.If you did not associate a cloud account with an account group during the onboarding process, do it now so that you can see alerts associated with the account.
- Click Settings (
) and then select Cloud Accounts. - For each cloud account, verify that there is a value in the Account Groups column.
- For any cloud account that isn’t yet assigned to an account group, select the cloud account to edit it and select an Account Group to which to add it
- Alert rules define what policy violations trigger alerts for cloud accounts within the selected account group and where to send the alert notifications.
- Verify that the alert rule you created is triggering alert notifications.As soon as you save your alert rule, any violation of a policy for which you enabled alerts results in an alert notification on theAlertspage, as well as in any third-party integrations you designated in the alert rule. Make sure you see the alerts you are expecting on theAlertspage as well as in your third-party tools.
