Filter Incidents

Learn how to use filter options on Prisma SaaS to investigate incidents identified based on your policy rules.
The Prisma SaaS web interface provides filters to help you assess incidents identified based on your policy rules. Use the filters provided to view the information from different vantage points; for example, you can search by
Owner
to see all the incidents for a particular asset owner.
  1. Select
    Incidents
    Assets
    to view incidents.
  2. Select your desired filter options.
    Filter
    Description
    Date Found
    Time frame or specific date on which the incident was discovered.
    Cloud App
    Cloud application on which the incidents were discovered.
    Owner
    User that owns the asset associated with the incident. String matches on
    Name
    ,
    Email
    , and
    Email Domain
    for People. Displays results only if the user has
    Owned Items
    .
    Prisma SaaS does not limit the number of owners you can select, but your browser cannot load pages (URLs) that exceed 2,047-2,083 characters, depending on your browser.
    Rule
    Policy rules that underly the violations.
    AD Group
    Activity Directory groups, if you enabled selective scanning.
    Assigned To
    Administrator to which incidents are assigned.
    Status
    Status, which includes both open and closed states.
    Last Activity
    Time frame or specific date of last change to the asset.

Recommended For You