Alerts
Prisma Cloud generates an alert when it detects a violation in a policy that is included in an active alert rule. You can use the API requests to manage alerts, including listing or viewing, snoozing or dismissing, reopening, or remediating alerts.
When retrieving a list of alerts through an API request, you can set filters, time range parameters, or pagination parameters.
Pagination
You can limit the number of items in a response list from API resources that support pagination. Version 2 (V2) of the API requests to list alerts supports pagination and will accept the following request parameters.
| Request Parameter | Description |
|---|---|
| limit | Maximum number of items to return per page. Without pagination, maximum number of items to return in a response. |
| offset | Number of items to skip before selecting items to return. Default is zero. |
| pageToken | Set to the nextPageToken value from the previous response object to return the next page of data. |
Filters
API requests that use POST methods to request a list of alerts have filter parameters that enable you to narrow your request to alerts that meet a certain criteria.The List Alert Filters requests return the available filters.
📄️ List Alert Filters
Returns an object whose keys are the available policy filters. The corresponding values are default or recently set filter options
📄️ List Alert Filter Autocomplete Suggestions
Returns available options for an alert filter key. Supports fuzzy autocomplete search. If you specify a **query** value in the request body parameters, the response includes only items that contain the **query** string.
📄️ List Alerts - GET
Returns a list of alerts that match the constraints specified in the query parameters. Max 10k results. To get more, use **List Alerts V2 - GET**.
📄️ List Alerts - POST
Returns a list of alerts that matches the constraints specified in the body parameters. Max 10k results. To get more, use **List Alerts V2 - POST**.
📄️ List Alerts V2 - GET
Returns a paginated list of alerts from the Prisma Cloud platform.
📄️ List Alerts V2 - POST
Returns a paginated list of alerts that matches the constraints specified in the body parameters.
📄️ List Alert Counts By Policy - GET
Returns alert counts grouped by policy. You can use query parameters to narrow the response.
📄️ List Alert Counts By Policy - POST
Returns alert counts grouped by policy. You can use body parameters to narrow the response.
📄️ Alert Info
Returns information about an alert for the specified ID.
📄️ Dismiss Alerts
Dismisses one or more alerts on the Prisma Cloud platform. If the caller specifies a dismissal time range, then alerts will snooze for that time period rather than be dismissed.
📄️ Is Dismissal Note Required
Indicates whether or not the user is required to specify a reason (dismissal note) when dismissing an alert.
📄️ Update Dismissal Note Requirement
Manages whether or not a user must provide a reason (dismissal note) when dismissing an alert on the Prisma Cloud platform.
📄️ Reopen Alerts
Sets the status of one or more dismissed or snoozed alerts on the Prisma Cloud platform to **open**.
📄️ Get Alerts Count By Status
Returns an alert count for the specified status.
📄️ Submit Job to List Alerts
Submits a job to generate an alerts list that matches the constraints in the body parameters and is downloadable in JSON format. Returns the job ID and job submission status.
📄️ Get Alerts List Job Status
Get the status of the alerts list job with the specified job ID
📄️ Download Alerts List JSON
Downloads the generated alerts list in JSON format for the specified job ID.
📄️ Submit Alert CSV Generation Job
Submits a job to generate an alerts list that matches the constraints in the body parameters and is downloadable as a CSV file. Returns the job ID and job submission status.
📄️ Get Alert CSV Job Status
Returns the status of an alert CSV generation job with the specified job ID.
📄️ Download Alert CSV
Downloads the alert list that Prisma Cloud generated for the specified job ID, in CSV format.
📄️ Submit Job to List Alerts By Policy
Submits a job to generate a list of alerts grouped by the policy they violated. Returns the job ID and job submission status.
📄️ Get Policy Alert Job Status
Returns the status of a job submitted to list alerts by policy. Uses the specified job ID to identify the job.
📄️ Download Policy Alerts JSON
Downloads the policy alerts results in JSON format for the specified job ID.
📄️ List Alert Remediation Commands
Generates and returns a list of remediation commands for the specified alerts and policies. Data returned for a successful call include fully constructed commands for remediation.
📄️ Remediate Alert
Remediates the alert with the specified ID if that alert is associated with a remediable policy.
📄️ Return policy with alert count
Return paginated policy with alert count based on the input filter along with next pagination token
📄️ Group by Policy field
Return paginated groups with alert count based on the group by policy field, input filter along with next pagination token
📄️ Alert Evidence Graph
Given an alert-id in the query the API returns the data that can be presented in a graphical format. The returned response matches the JSON Graph Format standard
📄️ Create On Demand Notification
Create on demand notification for an alert. Supported channels are: