New Alert
Triggers a workflow on every new Prisma Cloud CSPM alert that is opened.
info
Automations based on this trigger will search for new events every 5 minutes.
Parameters
| Parameter | Description |
|---|---|
| Alert Rule Name | Specify this field to filter alerts only to those with a specific alert rule name. |
| Cloud Account | Specify this field to filter alerts only to those from a specific cloud account. |
| Cloud Account ID | Specify this field to filter alerts only to those with a specific cloud account ID. |
| Cloud Region | Specify this field to filter alerts only to those from a specific region. |
| Cloud Service | Specify this field to filter alerts only to those of a specific service. |
| Group | Specify this field to filter alerts only to those from a specific group. |
| Policy Compliance Requirement Name | Specify this field to filter alerts only to those with a specific policy compliance requirement name. |
| Policy Compliance Section ID | Specify this field to filter alerts only to those with a specific policy compliance section ID. |
| Policy Compliance Standard Name | Specify this field to filter alerts only to those with a specific policy compliance standard name. |
| Policy ID | Specify this field to filter alerts only to those with a specific policy ID. |
| Policy Is Remediable | Specify this field to filter alerts only to those of remediable/ non-remediable policy. |
| Policy Label | Specify this field to filter alerts only to those with a specific policy label. |
| Policy Name | Specify this field to filter alerts only to those with a specific policy name. |
| Policy Severity | Specify this field to filter alerts only to those with a specific policy severity. |
| Policy Type | Specify this field to filter alerts only to those with a specific policy type. |
| Resource ID | Specify this field to filter alerts only to those with a specific resource ID. |
| Resource Name | Specify this field to filter alerts only to those with a specific resource name. |
| Resource Type | Specify this field to filter alerts only to those with a specific resource type. |
| Type | Specify this field to filter alerts only to those of a specific type. |
Sample Event
{
"id": "P-354",
"status": "open",
"reason": "NEW_ALERT",
"firstSeen": 1667744215877,
"lastSeen": 1667744215877,
"alertTime": 1667744215877,
"lastUpdated": 1667744492557,
"policyId": "2378dbf4-b104-4bda-9b05-7417affbba3f",
"saveSearchId": "8824de78-7e99-4ef2-9c3d-8110e12c7df7",
"metadata": {
"saveSearchId": "8824de78-7e99-4ef2-9c3d-8110e12c7df7"
},
"policy": {
"policyId": "2378dbf4-b104-4bda-9b05-7417affbba3f",
"policyType": "config",
"systemDefault": true,
"remediable": false
},
"alertRules": [],
"history": [],
"resource": {
"rrn": "rrn::securityGroup:eu-west-1:714946255915:5dcff2d908a4e3172c81a4816e737799bffde199:sg-04c685117a1f1283d",
"id": "sg-04c685117a1f1283d",
"name": "default",
"account": "AWS Account",
"accountId": "714946255915",
"cloudAccountGroups": [
"Default Account Group"
],
"region": "AWS Ireland",
"regionId": "eu-west-1",
"resourceType": "SECURITY_GROUP",
"resourceApiName": "aws-ec2-describe-security-groups",
"cloudServiceName": "Amazon VPC2",
"url": "https://console.aws.amazon.com/vpc/home?region=eu-west-1#securityGroups:filter=sg-04c685117a1f1283d",
"data": {
"description": "default VPC security group",
"groupId": "sg-04c685117a1f1283d",
"groupName": "default",
"ipPermissions": [
{
"ipRanges": [],
"prefixListIds": [],
"userIdGroupPairs": [
{
"groupId": "sg-04c685117a1f1283d",
"userId": "714946255915"
}
],
"ipProtocol": "-1",
"ipv4Ranges": [],
"ipv6Ranges": []
}
],
"ipPermissionsEgress": [
{
"ipRanges": [
"0.0.0.0/0"
],
"prefixListIds": [],
"userIdGroupPairs": [],
"ipProtocol": "-1",
"ipv4Ranges": [
{
"cidrIp": "0.0.0.0/0"
}
],
"ipv6Ranges": []
}
],
"isShared": false,
"ownerId": "714946255915",
"region": "eu-west-1",
"tags": [],
"vpcId": "vpc-068f42117500e156b"
},
"additionalInfo": {},
"cloudType": "aws",
"resourceTs": 1667744215208,
"unifiedAssetId": "03b6296bb2bfa3de4d6fb18782d11807",
"resourceConfigJsonAvailable": true,
"resourceDetailsAvailable": true
},
"alertAdditionalInfo": {
"scannerVersion": "CS_2.0"
}
}