Review the different reasons an alert is closed on Prisma
When an open alert is resolved, the reason
that was alert was closed is included to help with audits. The reason
is displayed in the response object in the API, and on the Prisma
Cloud administrative console on
when you select an
resolved alert and review the alert details for the violating resource.
The table below lists the reasons:
Resource was deleted.
Resource was updated (based on the JSON metadata).
Policy was updated. This status indicates a
change in the policy RQL that results in a resource not being in
scope for the policy evaluation.
Policy was disabled.
Policy was deleted.
Alert rule was disabled.
Alert rule was updated. The list of policies
included in the rule, account groups being scanned, or cloud regions
may have been modified.
Alert rule was deleted.
Account group was updated.
Account group was deleted.
Anomaly policy configuration changed.
Alert was successfully remediated using the
Cloud Service Provider’s CLI, either manually or auto-remediation.
Alert was dismissed or snoozed by the Prisma
Cloud administrator with role of System admin, Account Group Admin,
or Account and Cloud Provisioning Admin.
A dismissed or snoozed alert was reopened by
the Prisma Cloud administrator with role of System admin, Account
Group Admin, or Account and Cloud Provisioning Admin.
Alert was reopened during ingestion as resource
A new alert was generated.
Alert was resolved because the policy was updated
and the violating resource is no longer scanned or within the scope
of the modified policy.
Snooze time expired for the alert, and it was
As a result of some Prisma Cloud scanning engine
optimizations, some of the
were updated with the reason
was done inadvertently, is not related to a change in the cloud
resource that triggered the alert, and will be addressed with a
fix in an upcoming release.