Skip to main content

New Alert

Triggers a workflow on every new Prisma Cloud CSPM alert that is opened.

info

Automations based on this trigger will search for new events every 5 minutes.

Parameters

ParameterDescription
Alert Rule NameSpecify this field to filter alerts only to those with a specific alert rule name.
Cloud AccountSpecify this field to filter alerts only to those from a specific cloud account.
Cloud Account IDSpecify this field to filter alerts only to those with a specific cloud account ID.
Cloud RegionSpecify this field to filter alerts only to those from a specific region.
Cloud ServiceSpecify this field to filter alerts only to those of a specific service.
GroupSpecify this field to filter alerts only to those from a specific group.
Policy Compliance Requirement NameSpecify this field to filter alerts only to those with a specific policy compliance requirement name.
Policy Compliance Section IDSpecify this field to filter alerts only to those with a specific policy compliance section ID.
Policy Compliance Standard NameSpecify this field to filter alerts only to those with a specific policy compliance standard name.
Policy IDSpecify this field to filter alerts only to those with a specific policy ID.
Policy Is RemediableSpecify this field to filter alerts only to those of remediable/ non-remediable policy.
Policy LabelSpecify this field to filter alerts only to those with a specific policy label.
Policy NameSpecify this field to filter alerts only to those with a specific policy name.
Policy SeveritySpecify this field to filter alerts only to those with a specific policy severity.
Policy TypeSpecify this field to filter alerts only to those with a specific policy type.
Resource IDSpecify this field to filter alerts only to those with a specific resource ID.
Resource NameSpecify this field to filter alerts only to those with a specific resource name.
Resource TypeSpecify this field to filter alerts only to those with a specific resource type.
TypeSpecify this field to filter alerts only to those of a specific type.

Sample Event

{
"id": "P-354",
"status": "open",
"reason": "NEW_ALERT",
"firstSeen": 1667744215877,
"lastSeen": 1667744215877,
"alertTime": 1667744215877,
"lastUpdated": 1667744492557,
"policyId": "2378dbf4-b104-4bda-9b05-7417affbba3f",
"saveSearchId": "8824de78-7e99-4ef2-9c3d-8110e12c7df7",
"metadata": {
"saveSearchId": "8824de78-7e99-4ef2-9c3d-8110e12c7df7"
},
"policy": {
"policyId": "2378dbf4-b104-4bda-9b05-7417affbba3f",
"policyType": "config",
"systemDefault": true,
"remediable": false
},
"alertRules": [],
"history": [],
"resource": {
"rrn": "rrn::securityGroup:eu-west-1:714946255915:5dcff2d908a4e3172c81a4816e737799bffde199:sg-04c685117a1f1283d",
"id": "sg-04c685117a1f1283d",
"name": "default",
"account": "AWS Account",
"accountId": "714946255915",
"cloudAccountGroups": [
"Default Account Group"
],
"region": "AWS Ireland",
"regionId": "eu-west-1",
"resourceType": "SECURITY_GROUP",
"resourceApiName": "aws-ec2-describe-security-groups",
"cloudServiceName": "Amazon VPC2",
"url": "https://console.aws.amazon.com/vpc/home?region=eu-west-1#securityGroups:filter=sg-04c685117a1f1283d",
"data": {
"description": "default VPC security group",
"groupId": "sg-04c685117a1f1283d",
"groupName": "default",
"ipPermissions": [
{
"ipRanges": [],
"prefixListIds": [],
"userIdGroupPairs": [
{
"groupId": "sg-04c685117a1f1283d",
"userId": "714946255915"
}
],
"ipProtocol": "-1",
"ipv4Ranges": [],
"ipv6Ranges": []
}
],
"ipPermissionsEgress": [
{
"ipRanges": [
"0.0.0.0/0"
],
"prefixListIds": [],
"userIdGroupPairs": [],
"ipProtocol": "-1",
"ipv4Ranges": [
{
"cidrIp": "0.0.0.0/0"
}
],
"ipv6Ranges": []
}
],
"isShared": false,
"ownerId": "714946255915",
"region": "eu-west-1",
"tags": [],
"vpcId": "vpc-068f42117500e156b"
},
"additionalInfo": {},
"cloudType": "aws",
"resourceTs": 1667744215208,
"unifiedAssetId": "03b6296bb2bfa3de4d6fb18782d11807",
"resourceConfigJsonAvailable": true,
"resourceDetailsAvailable": true
},
"alertAdditionalInfo": {
"scannerVersion": "CS_2.0"
}
}