Prisma Cloud policies enable you to monitor
and manage potential misconfiguration or risks across your cloud
infrastructure. You can use the graphs and tables on
Policies
to
assess your policy coverage and utilization of policies.
To
help you find the relevant policies based on your role, you can
interact with graphs or add filters such as Policy Category, Class,
Type, and Subtype and use
Group By
to aggregate
policies using criteria that is important to you.
The graphs
help you visualize how many policies are enabled as a number or
as a percentage of the total, review the split across different
policy types, how many policies of different severities are identified
in your infrastructure, and gain greater context on the policy category
and Prisma Cloud versus custom policies that are generating alerts.
Policies
are in the
categories
of incidents and risks. An incident
is likely a policy that identifies a potential security issue, while
a risk is one that checks for risky configurations. The policy
type
indicates
whether the check is performed against the network logs, audit logs,
configuration logs, or user activity logs. Each policy type has
subtypes
for
more granularity, for example, Anomaly policies are split into two
subtypes—Network and UEBA.
Class
is another way to logically
group policies into buckets such as Misconfiguration or Privileged
Activity Monitoring.
Category
Class
Type
Subtype
Incident
Behavioral
Anomaly
UEBA
Behavioral
Anomaly
Network
Privileged Activity Monitoring
Audit Event
Audit
Network Protection
Network
Network Event
Risk
Misconfiguration
Config
Run
Misconfiguration
Config
Build
Misconfiguration
Data
Data Classification
Vulnerability
Data
Malware
Use the following workflows to manage your
Prisma Cloud policies. You can download policy data, clone, enable,
delete, or disable policies from the
Policies
page.
To enable global settings for Prisma
Cloud default policies click Settings
and
select
Enterprise Settings
.
While some high severity policies are enabled to provide
the best security outcomes, by default, policies of medium or low
severity are in a disabled state . To enable policies
based on severity, select
Auto enable new default policies
of the type
—High, Medium, or Low. Based on what you
enable, Prisma Cloud will scan your resources in the onboarded cloud
accounts against policies that match the severity and generate alerts.
your changes, you can choose one
of the following options:
Enable and Save
—With
Enable and Save, you are enabling all existing policies that match
your selection criteria and new Prisma Cloud default policies that
are periodically added to the service. This option allows you to
enable and scan your resources against all existing and new policies
to help you stay ahead of threats and misconfigurations.
Save
—With Save, you are saving your
selection criteria and enabling new Prisma Cloud default policies
only as they are periodically added to the service. New policies
that match your selection, are automatically enabled and your resources
are scanned against them after you made the change.
If you enable
policies of a specific severity, when you then clear the checkbox,
the policies that were enabled previously are not disabled; going
forward, policies that match the severity you cleared are no longer enabled
to scan your cloud resources and generate alerts.
If
you want to disable the policies that are currently active, you
must disable the status of each policy on the
Policies
page.
The audit logs include a record of all activities performed
or initiated on Prisma Cloud. To view the audit logs click Settings
and
select
Audit Logs
.
To view policies, select
Policies
.
Enable visualizations and change the display as a value
or percentage.
Use the ellipsis to toggle your preference.
Add Filters
and select the filtering
criteria.
The filters enable you to narrow the search results on
the page. The values you select within a filter use the AND operator
to display results. Across different filters, the selected values
work as OR operators. In the table view, you can also use the
Group
By
to aggregate policies using criteria that is important
to you.
To find all Prisma Cloud policies of a specific
Policy
Subtype
, when you select the values
Build
and
Run
,
you can view all policies that are classified as Build policies
OR Run policies. To find all policies that are classified as Build
and Run, you must select the filter value
Build, Run
.
Download
the details of your policies
(or a filtered set of policies) in CSV format so that you can have
an offline copy.
Take action on policies.
To enable or disable any policy toggle the
Status
.
To edit a custom policy, click the policy and you
can edit the details.
You cannot edit or delete a Prisma Cloud Default policy.
To clone a policy, select the policy and click
Clone
.
Cloning a policy is creating a copy of an existing policy.
Cloning serves as a quick method of creating a new policy if you
choose to change few details of the source policy.
Prisma
Cloud comes with default policies. If you want to modify any details,
you can clone a policy and then modify details.
and
select Enterprise Settings.While some high severity policies are enabled to provide the best security outcomes, by default, policies of medium or low severity are in a disabled state . To enable policies based on severity, selectAuto enable new default policies of the type—High, Medium, or Low. Based on what you enable, Prisma Cloud will scan your resources in the onboarded cloud accounts against policies that match the severity and generate alerts.For Anomaly policies, you have more customizable settings, see Set Up Anomaly Policy Thresholds.
When youSaveyour changes, you can choose one of the following options:
Policiespage.
To find all Prisma Cloud policies of a specificPolicy Subtype, when you select the valuesBuildandRun, you can view all policies that are classified as Build policies OR Run policies. To find all policies that are classified as Build and Run, you must select the filter valueBuild, Run.
