Learn how to use Prisma™ Cloud alerts and notifications
to efficiently analyze security risks and findings across all of
your cloud environments.
Prisma™ Cloud continually monitors all of your cloud
environments to detect misconfigurations (such as exposed cloud
storage instances), advanced network threats (such as cryptojacking and
data exfiltration), potentially compromised accounts (such as stolen
access keys), and vulnerable hosts. Prisma Cloud then correlates
configuration data with user behavior and network traffic to provide context
around misconfigurations and threats in the form of actionable alerts.
Although Prisma Cloud begins monitoring and correlating data
as soon as you onboard the cloud account, there are tasks you need
to perform before you see alerts generated by policy violations
in your cloud environments. The first task to Enable Prisma Cloud Alerts is to add
the cloud account to an account group during onboarding.
Next, create an alert rule that associates all of the
cloud accounts in an account group with the set of policies for
which you want Prisma Cloud to generate alerts. You can view the
alerts for all of your cloud environments directly from Prisma Cloud
and drill down in to each to view specific policy violations. If
you have internal networks that you want to exclude from being flagged
in an alert, you can add Trusted IP Addresses on Prisma Cloud.
From the Alerts Overview page, you can see the alert coverage,
based on percentage as well as severity and also drill down based
on policies. You can easily access the policy that triggered the
alert, view the details on the resources and the policy recommendations
in separate tabs.
Alerts associated with active cloud accounts are kept for
the duration of the service. On deletion of a cloud account from
Prisma Cloud, the associated alerts are saved for an additional 24
hours in case the cloud account was accidentally deleted. After
24 hours, they are permanently deleted.
In addition, Prisma Cloud provides out-of-box ability to Configure External Integrations on Prisma Cloud with third-party
technologies, such as SIEM platforms, ticketing systems, messaging systems,
and automation frameworks so that you can continue using your existing
operational, escalation, and notification tools. To monitor your
cloud infrastructures more efficiently and provide visibility in
to actionable events across all your cloud workloads, you can also: