Manage Prisma Cloud Policies
Learn how to select Prisma Cloud policies.
Prisma Cloud policies enable you to monitor and manage potential misconfiguration or risks across your cloud infrastructure. You can use the graphs and tables on
Policiesto assess your policy coverage and utilization of policies.
To help you find the relevant policies based on your role, you can interact with graphs or add filters such as Policy Category, Class, Type, and Subtype and use
Group Byto aggregate policies using criteria that is important to you.
The graphs help you visualize how many policies are enabled as a number or as a percentage of the total, review the split across different policy types, how many policies of different severities are identified in your infrastructure, and gain greater context on the policy category and Prisma Cloud versus custom policies that are generating alerts.
Policies are in the
categoriesof incidents and risks. An incident is likely a policy that identifies a potential security issue, while a risk is one that checks for risky configurations. The policy
typeindicates whether the check is performed against the network logs, audit logs, configuration logs, or user activity logs. Each policy type has
subtypesfor more granularity, for example, Anomaly policies are split into two subtypes—Network and UEBA.
Classis another way to logically group policies into buckets such as Misconfiguration or Privileged Activity Monitoring.
Privileged Activity Monitoring
Use the following workflows to manage your Prisma Cloud policies. You can download policy data, clone, enable, delete, or disable policies from the
- To enable global settings for Prisma Cloud default policies click Settings and selectEnterprise Settings.While some high severity policies are enabled to provide the best security outcomes, by default, policies of medium or low severity are in a disabled state . To enable policies based on severity, selectAuto enable new default policies of the type—High, Medium, or Low. Based on what you enable, Prisma Cloud will scan your resources in the onboarded cloud accounts against policies that match the severity and generate alerts.When youSaveyour changes, you can choose one of the following options:
- Enable and Save—With Enable and Save, you are enabling all existing policies that match your selection criteria and new Prisma Cloud default policies that are periodically added to the service. This option allows you to enable and scan your resources against all existing and new policies to help you stay ahead of threats and misconfigurations.
- Save—With Save, you are saving your selection criteria and enabling new Prisma Cloud default policies only as they are periodically added to the service. New policies that match your selection, are automatically enabled and your resources are scanned against them after you made the change.
- If you enable policies of a specific severity, when you then clear the checkbox, the policies that were enabled previously are not disabled; going forward, policies that match the severity you cleared are no longer enabled to scan your cloud resources and generate alerts. If you want to disable the policies that are currently active, you must disable the status of each policy on thePoliciespage.
- The audit logs include a record of all activities performed or initiated on Prisma Cloud. To view the audit logs click Settings and selectAudit Logs.
- To view policies, selectPolicies.
- Enable visualizations and change the display as a value or percentage.Use the ellipsis to toggle your preference.
- Add Filtersand select the filtering criteria.The filters enable you to narrow the search results on the page. The values you select within a filter use the AND operator to display results. Across different filters, the selected values work as OR operators. In the table view, you can also use theGroup Byto aggregate policies using criteria that is important to you.To find all Prisma Cloud policies of a specificPolicy Subtype, when you select the valuesBuildandRun, you can view all policies that are classified as Build policies OR Run policies. To find all policies that are classified as Build and Run, you must select the filter valueBuild, Run.
- Downloadthe details of your policies (or a filtered set of policies) in CSV format so that you can have an offline copy.
- Take action on policies.
- To enable or disable any policy toggle theStatus.
- To edit a custom policy, click the policy and you can edit the details.You cannot edit or delete a Prisma Cloud Default policy.
- To clone a policy, select the policy and clickClone.Cloning a policy is creating a copy of an existing policy. Cloning serves as a quick method of creating a new policy if you choose to change few details of the source policy.Prisma Cloud comes with default policies. If you want to modify any details, you can clone a policy and then modify details.
- ViewAlertsassociated with a policy.
Recommended For You
Recommended videos not found.