Add an Alert Rule

POST /alert/rule

Adds a new alert rule.

By default, all alerts that this alert rule triggers will display on the Alerts page. You can also send Prisma Cloud alerts that this alert rule triggers to one or more third-party tools that you have integrated with the Prisma Cloud service. You can also configure the alert rule to send email notifications.

To send a Prisma Cloud alert to a third-party tool, you must configure an AlertRuleNotificationConfig object as part of your request body parameters. The content of the AlertRuleNotificationConfig object depends on the third-party tool. If the tools require AlertRuleNotificationConfig.id or AlertRuleNotificationConfig.templateId, you can use Get Integrations to get such information.

To add an Alert Rule, the required request body parameters are:

name
description
allowAutoRemediate
enabled
target
target.accountGroups
scanAll

The default values for the optional boolean parameters are in the table below:

Optional Request Body Parameter	Default
allowAutoRemediate	false
notifyOnDismissed	false
notifyOnOpen	true
notifyOnResolved	false
notifyOnSnoozed	false
deleted	false

You can also specify addition target parameters to narrow the conditions that trigger alerts for this alert rule.

If policies is empty, then Prisma Cloud will scan all policies for violations to trigger alerts.

Under certain circumstances, you can also specify an array of policyLabels to identify policies. The following conditions must be met for you to use the policyLabels parameter:

The request body parameter scanAll must be false.
The policy associated with the policy label cannot be included in the request body parameter policies.

Request

Responses

successful operation

Add an Alert Rule

/alert/rule

Request​

Responses​

Request

Responses