Incidents Log Fields
The descriptions and names of available log fields in a Prisma SaaS incident log.
The incident log is generated when an incident is detected.
The time the incident was discovered in
YYYY-MM-DD HH:MM:SSformat with Augmented Backus-Naur Form (ABNF) to indicate the timezone.
Serial number of the organization using the service (tenant).
The instance name of the cloud application (not the type of cloud application).
The severity of the incident valued between 0 and 5.
Unique ID number for the incident.
Unique ID number for the asset associated with the incident.
Name of the file, folder, email Subject, or user associated with the incident
The user who owns the asset identified in the incident.
The value is the
bucketnamefor AWS S3, Google Cloud Platform, and Microsoft Azure assets. The value is
nullfor the remaining apps.
The user who created the asset identified in the incident.
The names of one or more policy rules (not policy type) that were matched.
The type of exposure associated with the incident. Values are
Where applicable, the number of occurrences matched for the corresponding rule.
One of the following states:
Any external or internal collaborators with access to view, edit, or download an asset.
Last time the asset was updated.
The category of the incident. For example,
The administrator assigned to the incident.
Any notes added by the administrator (first 20 bytes).
Email address of the item owner or sender of email.
Email address of the item creator.
What is an Incident?
Prisma SaaS identifies and sets the state and category for each incident discovered during the scanning of your assets. ...
Assess New Incidents
Prisma SaaS compiles a summary of incidents for you to view, assess and address by further investigation or closure. ...
Log Events API
Learn about each example response and available response fields for log events retrieved by an API client for Prisma SaaS. ...
Close one incident at a time or use Bulk Incident to close multiple incidents at once on Prisma SaaS. ...
Remediation Activity Log Fields
The descriptions and names of available log fields in a Prisma SaaS remediation log. ...
Use Advanced Search
Use Advanced Search To perform an advanced search: Show the assets. Select Explore Assets . Select Advanced to start an advanced search. Create your Use ...
Cortex XDR – Investigation and Response Incidents
Incidents are aggregates of alerts relating to a single event. ...
You can track incidents, assign analysts to investigate, and document the resolution. ...