Prisma Cloud Alert Resolution Reasons
Review the different reasons an alert is closed on Prisma Cloud
When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on when you select an resolved alert and review the alert details for the violating resource.
Alerts
Overview
The table below lists the reasons:
Reason | Description |
RESOURCE_DELETED | Resource was deleted. |
RESOURCE_UPDATED | Resource was updated (based on the JSON metadata).This status indicates that a change was detected in one of the clauses included in a single or join policy statement within the policy RQL. With this resource update, the policy violation is no longer valid and the alert was resolved. |
POLICY_UPDATED | Policy was updated. This status indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation. |
POLICY_DISABLED | Policy was disabled. |
POLICY_DELETED | Policy was deleted. |
ALERT_RULE_DISABLED | Alert rule was disabled. |
ALERT_RULE_UPDATED | Alert rule was updated. The list of policies included in the rule, account groups being scanned, or cloud regions may have been modified. |
ALERT_RULE_DELETED | Alert rule was deleted. |
ACCOUNT_GROUP_UPDATED | Account group was updated. |
ACCOUNT_GROUP_DELETED | Account group was deleted. |
ANOMALY_CONFIG_CHANGED | Anomaly policy configuration changed. |
REMEDIATED | Alert was successfully remediated using the Cloud Service Provider’s CLI, either manually or auto-remediation. |
USER_DISMISSED | Alert was dismissed or snoozed by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin. |
USER_REOPENED | A dismissed or snoozed alert was reopened by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin. |
MDC_REOPEN_FOR_ACCIDENTAL_DELETE | Alert was reopened during ingestion as resource was rediscovered. |
NEW_ALERT | A new alert was generated. |
RESOURCE_POLICY_RESCOPED | Alert was resolved because the policy was updated and the violating resource is no longer scanned or within the scope of the modified policy. |
SNOOZED_AUTO_REOPEN | Snooze time expired for the alert, and it was automatically reopened. |
SCHEDULED
| As a result of some Prisma Cloud scanning engine optimizations, some of the Open and Resolved alerts were updated with the reason Scheduled . This was done inadvertently, is not related to a change in the cloud resource that triggered the alert, and will be addressed with a fix in an upcoming release. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.