Skip to main content
Triggers a workflow on every new Prisma Cloud CSPM alert that is opened.
Workflows based on this trigger will search for new events every 5 minutes.

Parameters

ParameterDescription
Alert Rule NameSpecify this field to filter alerts only to those with a specific alert rule name.
Cloud AccountSpecify this field to filter alerts only to those from a specific cloud account.
Cloud Account IDSpecify this field to filter alerts only to those with a specific cloud account ID.
Cloud RegionSpecify this field to filter alerts only to those from a specific region.
Cloud ServiceSpecify this field to filter alerts only to those of a specific service.
GroupSpecify this field to filter alerts only to those from a specific group.
Policy Compliance Requirement NameSpecify this field to filter alerts only to those with a specific policy compliance requirement name.
Policy Compliance Section IDSpecify this field to filter alerts only to those with a specific policy compliance section ID.
Policy Compliance Standard NameSpecify this field to filter alerts only to those with a specific policy compliance standard name.
Policy IDSpecify this field to filter alerts only to those with a specific policy ID.
Policy Is RemediableSpecify this field to filter alerts only to those of remediable/ non-remediable policy.
Policy LabelSpecify this field to filter alerts only to those with a specific policy label.
Policy NameSpecify this field to filter alerts only to those with a specific policy name.
Policy SeveritySpecify this field to filter alerts only to those with a specific policy severity.
Policy TypeSpecify this field to filter alerts only to those with a specific policy type.
Resource IDSpecify this field to filter alerts only to those with a specific resource ID.
Resource NameSpecify this field to filter alerts only to those with a specific resource name.
Resource TypeSpecify this field to filter alerts only to those with a specific resource type.
TypeSpecify this field to filter alerts only to those of a specific type.

Sample Event

{
	"id": "P-354",
	"status": "open",
	"reason": "NEW_ALERT",
	"firstSeen": 1667744215877,
	"lastSeen": 1667744215877,
	"alertTime": 1667744215877,
	"lastUpdated": 1667744492557,
	"policyId": "2378dbf4-b104-4bda-9b05-7417affbba3f",
	"saveSearchId": "8824de78-7e99-4ef2-9c3d-8110e12c7df7",
	"metadata": {
		"saveSearchId": "8824de78-7e99-4ef2-9c3d-8110e12c7df7"
	},
	"policy": {
		"policyId": "2378dbf4-b104-4bda-9b05-7417affbba3f",
		"policyType": "config",
		"systemDefault": true,
		"remediable": false
	},
	"alertRules": [],
	"history": [],
	"resource": {
		"rrn": "rrn::securityGroup:eu-west-1:714946255915:5dcff2d908a4e3172c81a4816e737799bffde199:sg-04c685117a1f1283d",
		"id": "sg-04c685117a1f1283d",
		"name": "default",
		"account": "AWS Account",
		"accountId": "714946255915",
		"cloudAccountGroups": [
			"Default Account Group"
		],
		"region": "AWS Ireland",
		"regionId": "eu-west-1",
		"resourceType": "SECURITY_GROUP",
		"resourceApiName": "aws-ec2-describe-security-groups",
		"cloudServiceName": "Amazon VPC2",
		"url": "https://console.aws.amazon.com/vpc/home?region=eu-west-1#securityGroups:filter=sg-04c685117a1f1283d",
		"data": {
			"description": "default VPC security group",
			"groupId": "sg-04c685117a1f1283d",
			"groupName": "default",
			"ipPermissions": [
				{
					"ipRanges": [],
					"prefixListIds": [],
					"userIdGroupPairs": [
						{
							"groupId": "sg-04c685117a1f1283d",
							"userId": "714946255915"
						}
					],
					"ipProtocol": "-1",
					"ipv4Ranges": [],
					"ipv6Ranges": []
				}
			],
			"ipPermissionsEgress": [
				{
					"ipRanges": [
						"0.0.0.0/0"
					],
					"prefixListIds": [],
					"userIdGroupPairs": [],
					"ipProtocol": "-1",
					"ipv4Ranges": [
						{
							"cidrIp": "0.0.0.0/0"
						}
					],
					"ipv6Ranges": []
				}
			],
			"isShared": false,
			"ownerId": "714946255915",
			"region": "eu-west-1",
			"tags": [],
			"vpcId": "vpc-068f42117500e156b"
		},
		"additionalInfo": {},
		"cloudType": "aws",
		"resourceTs": 1667744215208,
		"unifiedAssetId": "03b6296bb2bfa3de4d6fb18782d11807",
		"resourceConfigJsonAvailable": true,
		"resourceDetailsAvailable": true
	},
	"alertAdditionalInfo": {
		"scannerVersion": "CS_2.0"
	}
}