Prisma Cloud Alert Resolution Reasons

Review the different reasons an alert is closed on Prisma Cloud
When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on
Alerts
Overview
when you select an resolved alert and review the alert details for the violating resource.
The table below lists the reasons:
Reason
Description
RESOURCE_DELETED
Resource was deleted.
RESOURCE_UPDATED
Resource was updated (based on the JSON metadata).This status indicates that a change was detected in one of the clauses included in a single or join policy statement within the policy RQL. With this resource update, the policy violation is no longer valid and the alert was resolved.
POLICY_UPDATED
Policy was updated. This status indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation.
POLICY_DISABLED
Policy was disabled.
POLICY_DELETED
Policy was deleted.
ALERT_RULE_DISABLED
Alert rule was disabled.
ALERT_RULE_UPDATED
Alert rule was updated. The list of policies included in the rule, account groups being scanned, or cloud regions may have been modified.
ALERT_RULE_DELETED
Alert rule was deleted.
ACCOUNT_GROUP_UPDATED
Account group was updated.
ACCOUNT_GROUP_DELETED
Account group was deleted.
ANOMALY_CONFIG_CHANGED
Anomaly policy configuration changed.
REMEDIATED
Alert was successfully remediated using the Cloud Service Provider’s CLI, either manually or auto-remediation.
USER_DISMISSED
Alert was dismissed or snoozed by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin.
USER_REOPENED
A dismissed or snoozed alert was reopened by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin.
MDC_REOPEN_FOR_ACCIDENTAL_DELETE
Alert was reopened during ingestion as resource was rediscovered.
NEW_ALERT
A new alert was generated.
RESOURCE_POLICY_RESCOPED
Alert was resolved because the policy was updated and the violating resource is no longer scanned or within the scope of the modified policy.
SNOOZED_AUTO_REOPEN
Snooze time expired for the alert, and it was automatically reopened.
SCHEDULED
As a result of some Prisma Cloud scanning engine optimizations, some of the
Open
and
Resolved
alerts were updated with the reason
Scheduled
. This was done inadvertently, is not related to a change in the cloud resource that triggered the alert, and will be addressed with a fix in an upcoming release.

Recommended For You