Remediation Activity Log Fields

The descriptions and names of available log fields in a Prisma SaaS remediation log.
A remediation log is generated when an incident is manually remediated or if automatic remediation has been applied.
Field Name
Description
remediated_timestamp
Time the remediation action occurred. Values are in
YYYY-MM-DD HH:MM:SS
format.
serial
Serial number of the organization using the service (tenant).
cloud_app_instance
The instance name of the cloud application (not the type of cloud application) associated with the remediation of the incident.
severity
The policy violation or incident severity valued between 0 and 5.
incident_id
The unique ID number for the incident. Can be null (no value).
asset_id
The unique ID number for the asset associated with the remediation of the incident.
item_name
The name of the file, folder, or user associated with the remediation of the incident.
item_type
File
,
Folder
, or
User
item_owner
The user who owns the asset associated with the remediation.
container_name
The value is the
bucketname
for AWS S3, Google Cloud Platform, and Microsoft Azure assets. The value is
null
for the remaining applications.
item_creator
The user who created the asset associated with the remediation.
policy_rule_name
The names of one or more policy rules (not policy type) that were matched.
FUTURE_USE
Not currently implemented
action_taken
The remediation action taken on Prisma SaaS. (
AdminQuarantine
,
User Quarantine
, or
Remove Public Links
)
action_taken_by
The user who performed the remediation. For automated remediation, the value is
Aperture
.
item_owner_email
Email address of the item owner.
item_creator_email
Email address of the item creator.

Related Documentation