Manage Prisma Cloud Policies

Learn how to select Prisma Cloud policies.
Prisma Cloud policies enable you to monitor and manage potential misconfiguration or risks across your cloud infrastructure. You can use the graphs and tables on
Policies
to assess your policy coverage and utilization of policies.
To help you find the relevant policies based on your role, you can interact with graphs or add filters such as Policy Category, Class, Type, and Subtype and use
Group By
to aggregate policies using criteria that is important to you.
The graphs help you visualize how many policies are enabled as a number or as a percentage of the total, review the split across different policy types, how many policies of different severities are identified in your infrastructure, and gain greater context on the policy category and Prisma Cloud versus custom policies that are generating alerts.
The
Attack Path
policies are OOTB policies, which identify the confluence of issues that increase the likelihood of a security breach and are based on relationships such as identities, permissions, networking, and infrastructure configuration that would enable an attacker to target an application. These are enabled by default and are also part of the default alert rule based on the prisma_cloud policy label.
Policies are in the categories of incidents and risks. An incident is likely a policy that identifies a potential security issue, while a risk is one that checks for risky configurations. The policy type indicates whether the check is performed against the network logs, audit logs, configuration logs, or user activity logs. Each policy type has subtypes for more granularity, for example, Anomaly policies are split into two subtypes—Network and UEBA. Class is another way to logically group policies into buckets such as Misconfiguration or Privileged Activity Monitoring.
Category
Class
Type
Subtype
Incident
Behavioral
Anomaly
UEBA
Behavioral
Anomaly
Network
Behavioral
Anomaly
DNS
Privileged Activity Monitoring
Audit Event
Audit
Network Protection
Network
Network Event
Runtime
Workload
Run
Risk
Misconfiguration
Config
Run
Misconfiguration
Config
Build
Misconfiguration
Data
Data Classification
Vulnerability
Data
Malware
Vulnerability
Workload
Run
Use the following workflows to manage your Prisma Cloud policies. You can download policy data, clone, enable, delete, or disable policies from the
Policies
page.
  1. To enable global settings for Prisma Cloud default policies click Settings and select
    Enterprise Settings
    .
    While some high severity policies are enabled to provide the best security outcomes, by default, policies of medium or low severity are in a disabled state
  2. To enable policies based on severity, select
    Auto enable new default policies of the type
    —Critical, High, Medium, Low or Informational. Based on what you enable, Prisma Cloud will scan your resources in the onboarded cloud accounts against policies that match the severity and generate alerts.
    For Anomaly policies, you have more customizable settings, see Define Prisma Cloud Enterprise and Anomaly Settings .
    When you
    Save
    your changes, you can choose one of the following options:
    • Enable and Save
      —With Enable and Save, you are enabling all existing policies that match your selection criteria and new Prisma Cloud default policies that are periodically added to the service. This option allows you to enable and scan your resources against all existing and new policies to help you stay ahead of threats and misconfigurations.
    • Save
      —With Save, you are saving your selection criteria and enabling new Prisma Cloud default policies only as they are periodically added to the service. New policies that match your selection, are automatically enabled and your resources are scanned against them after you made the change.
    • Note the following behavior:
      If you enable policies of a specific severity, when you then clear the checkbox, the policies that were enabled previously are not disabled; going forward, policies that match the severity you cleared are no longer enabled to scan your cloud resources and generate alerts.
    • The audit logs include a record of all activities performed or initiated on Prisma Cloud. To view the audit logs click Settings and select
      Audit Logs
      .
  3. To view policies, select
    Policies
    .
  4. Enable visualizations and change the display as a value or percentage.
    Use the ellipsis to toggle your preference.
  5. Add Filters
    and select the filtering criteria.
    The filters enable you to narrow the search results on the page. The values you select within a filter use the AND operator to display results. Across different filters, the selected values work as OR operators. In the table view, you can also use the
    Group By
    to aggregate policies using criteria that is important to you.
    To find all Prisma Cloud policies of a specific
    Policy Subtype
    , when you select the values
    Build
    and
    Run
    , you can view all policies that are classified as Build policies OR Run policies. To find all policies that are classified as Build and Run, you must select the filter value
    Build, Run
    .
  6. Download
    the details of your policies (or a filtered set of policies) in CSV format so that you can have an offline copy.
  7. Take action on policies.
    1. To enable or disable any policy toggle the
      Status
      .
    2. To edit a custom policy, click the policy and you can edit the details.
      You cannot edit or delete a Prisma Cloud Default policy.
    3. To clone a policy, select the policy and click
      Clone
      .
      Cloning a policy is creating a copy of an existing policy. Cloning serves as a quick method of creating a new policy if you choose to change few details of the source policy.
      Prisma Cloud comes with default policies. If you want to modify any details, you can clone a policy and then modify details.
  8. View
    Alerts
    associated with a policy.

Recommended For You