Prisma Cloud Alerts and Notifications
Learn how to use Prisma™ Cloud alerts and notifications to efficiently analyze security risks and findings across all of your cloud environments.
Prisma™ Cloud continually monitors all of your cloud environments to detect misconfigurations (such as exposed cloud storage instances), advanced network threats (such as cryptojacking and data exfiltration), potentially compromised accounts (such as stolen access keys), and vulnerable hosts. Prisma Cloud then correlates configuration data with user behavior and network traffic to provide context around misconfigurations and threats in the form of actionable alerts.
Although Prisma Cloud begins monitoring and correlating data as soon as you onboard the cloud account, there are tasks you need to perform before you see alerts generated by policy violations in your cloud environments. The first task to Enable Prisma Cloud Alerts is to add the cloud account to an account group during onboarding. Next, create an alert rule that associates all of the cloud accounts in an account group with the set of policies for which you want Prisma Cloud to generate alerts. You can view the alerts for all of your cloud environments directly from Prisma Cloud and drill down in to each to view specific policy violations. If you have internal networks that you want to exclude from being flagged in an alert, you can add Trusted IP Addresses on Prisma Cloud.
From the Alerts Overview page, you can see the alert coverage, based on percentage as well as severity and also drill down based on policies. You can easily access the policy that triggered the alert, view the details on the resources and the policy recommendations in separate tabs.
To help you prioritize alerts, Prisma Cloud provides default
Views
for Incidents, Exposure, Vulnerabilities, Misconfiguration, and Risky Attack Paths and a global Overview of all alerts for your monitored cloud accounts. You can filter based on the most important alert criteria to create your own Saved Views.
In addition, Prisma Cloud provides out-of-box ability to Configure External Integrations on Prisma Cloud with third-party technologies, such as SIEM platforms, ticketing systems, messaging systems, and automation frameworks so that you can continue using your existing operational, escalation, and notification tools. To monitor your cloud infrastructures more efficiently and provide visibility in to actionable events across all your cloud workloads, you can also:
- Generate Reports on Prisma Cloud Alerts on-demand or scheduled reports on open alerts and email them to your stakeholders.
- Send the Alert Payload to a third-party tool.
