Anomalies

Set the enterprise level settings to build standard training models for anomaly detection, alert disposition, and some other global settings such as the timeout before the user is locked out for inactivity and user attribution for alerts. Also, exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default.

📄️ Get Anomaly Trusted List

Returns all entries in the Anomaly Trusted List.

📄️ Add Entries to Anomaly Trusted List

Adds one or more entries to the Anomaly Trusted List.

📄️ Get Anomaly Trusted List Entry

Returns the entry with the specified ID from the Anomaly Trusted List.

📄️ Update Anomaly Trusted List Entry

Modifies an existing entry in the Anomaly Trusted List.

📄️ Delete Anomaly Trusted List Entry

Deletes the entry with the given ID from the Anomaly Trusted List.

📄️ Get Anomaly Settings

Returns anomaly settings for the specified policy ID.

📄️ Update Anomaly Settings

Updates anomaly settings for the policy with the specified ID.

📄️ List Allowed Trusted List Types

Returns the available trusted list types.

📄️ Get All Anomaly Settings

Returns all anomaly settings. The response object is a list of policy IDs, and anomaly settings are returned with each policy ID.

📄️ List Policies for Trusted List Type

Returns a list of available policies for a specific trusted list type.