1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Manage Prisma Cloud Alerts
    6. Prisma Cloud Alert Resolution Reasons

    Prisma Cloud Alert Resolution Reasons

    Review the different reasons an alert is closed on Prisma Cloud
    When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on
    Alerts
    Overview
     when you select an resolved alert and review the alert details for the violating resource.
    The table below lists the reasons:
    Reason
    Description
    RESOURCE_DELETED
    Resource was deleted.
    RESOURCE_UPDATED
    Resource was updated (based on the JSON metadata).This status indicates that a change was detected in one of the clauses included in a single or join policy statement within the policy RQL. With this resource update, the policy violation is no longer valid and the alert was resolved.
    POLICY_UPDATED
    Policy was updated. This status indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation.
    POLICY_DISABLED
    Policy was disabled.
    POLICY_DELETED
    Policy was deleted.
    ALERT_RULE_DISABLED
    Alert rule was disabled.
    ALERT_RULE_UPDATED
    Alert rule was updated. The list of policies included in the rule, account groups being scanned, or cloud regions may have been modified.
    ALERT_RULE_DELETED
    Alert rule was deleted.
    ACCOUNT_GROUP_UPDATED
    Account group was updated.
    ACCOUNT_GROUP_DELETED
    Account group was deleted.
    ANOMALY_CONFIG_CHANGED
    Anomaly policy configuration changed.
    REMEDIATED
    Alert was successfully remediated using the Cloud Service Provider’s CLI, either manually or auto-remediation.
    USER_DISMISSED
    Alert was dismissed or snoozed by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin.
    USER_REOPENED
    A dismissed or snoozed alert was reopened by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin.
    MDC_REOPEN_FOR_ACCIDENTAL_DELETE
    Alert was reopened during ingestion as resource was rediscovered.
    NEW_ALERT
    A new alert was generated.
    RESOURCE_POLICY_RESCOPED
    Alert was resolved because the policy was updated and the violating resource is no longer scanned or within the scope of the modified policy.
    SNOOZED_AUTO_REOPEN
    Snooze time expired for the alert, and it was automatically reopened.
    SCHEDULED
    As a result of some Prisma Cloud scanning engine optimizations, some of the
    Open
     and
    Resolved
     alerts were updated with the reason
    Scheduled
    . This was done inadvertently, is not related to a change in the cloud resource that triggered the alert, and will be addressed with a fix in an upcoming release.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo