Skip to main content

List Policies



Returns all available policies, both system default and custom. You can apply filters to narrow the returned policy list to a subset of policies or potentially to a specific policy. Response includes open alert counts, which can affect performance.


Query Parameters string

    Policy name

    policy.severity string

    Possible values: [critical, high, medium, low, informational]

    Policy severity

    policy.label string

    Policy label

    policy.type string

    Possible values: [config, network, audit_event]

    Policy type

    policy.complianceStandard string

    Policy compliance standard name

    policy.complianceRequirement string

    Policy compliance requirement name

    policy.complianceSection string

    Policy compliance section ID

    policy.enabled string

    Possible values: [true, false]

    Policy enabled

    policy.policyMode string

    Possible values: [custom, redlock_default]

    Policy mode

    policy.remediable string

    Possible values: [true, false]

    Policy is remediable

    cloud.type string

    Cloud type


successful operation

  • Array [
  • cloudType string

    Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, IBM]

    Cloud type (Required for config policies). Not case-sensitive. Default is ALL.

    complianceMetadata object[]

    List of compliance data. Each item has compliance standard, requirement, and/or section information.

  • Array [
  • complianceId string

    Compliance Section UUID

    customAssigned boolean
    policyId string

    Policy ID

    requirementDescription string

    Requirement description

    requirementId string

    Requirement ID

    requirementName string

    Requirement name

    sectionDescription string

    Section name

    sectionId string

    Section Id

    sectionLabel string

    Section Label

    standardDescription string

    Compliance standard description

    standardId string
    standardName string

    Compliance standard name

  • ]
  • createdBy string

    Created by

    createdOn int64

    Created on this timestamp

    deleted boolean


    description string

    Policy description

    enabled boolean

    true=enabled. false=disabled.

    findingTypes string[]

    Finding Type

    labels string[]


    lastModifiedBy string

    Last modified by

    lastModifiedOn int64

    Last modified on this timestamp

    name stringrequired

    Policy name

    openAlertsCount int32

    Open Alerts Count (Deprecated)

    overridden boolean


    owner string


    policyCategory string

    Possible values: [risk, incident]


    policyClass string

    Possible values: [behavioral, privileged_activity_monitoring, network_protection, exposure, vulnerabilities, runtime_incident]


    policyId string

    Policy ID

    policyMode string

    Possible values: [custom/redlock_default]


    policySubTypes string[]

    Possible values: [run, build, run_and_build, audit, data_classification, dns, malware, network_event, network, ueba, permissions, network_config, identity, sensitive_data_exposure, internet_exposure, injections, vulnerability_scanning, shellshock, known_bots, unknown_bots, virtual_patches, event, misconfig_and_event, misconfig, host, container_image]

    Policy subtype

    policyType stringrequired

    Possible values: [config, network, audit_event, anomaly, data, iam, workload_vulnerability, workload_incident, api, attack_path, malware, grayware]

    Policy type. Policy type anomaly is read-only.

    policyUpi string

    Policy UPI

    recommendation string

    Remediation recommendation

    remediable boolean


    remediation object

    Model for Remediation

    actions object[]

    Policy Action

  • Array [
  • operation string
    payload string
  • ]
  • cliScriptTemplate string

    CLI Script Template

    description string


    restrictAlertDismissal boolean

    Restrict alert dismissal

    rule objectrequired

    Model for Rule

    apiName string

    API name

    cloudAccount string

    Cloud account

    cloudType string

    Cloud type

    criteria stringrequired

    Saved search ID that defines the rule criteria.

    dataCriteria object

    Criteria for Rule

    classificationResult string

    Data policy. Required for DLP rule criteria.

    exposure string

    Possible values: [private, public, conditional]

    File exposure

    extension string[]

    File extensions

    name stringrequired


    parameters objectrequired

    Parameters (e.g. {"savedSearch": "true"})

    property name* string
    resourceIdPath string

    Resource ID path

    resourceType string

    Resource type

    type stringrequired

    Possible values: [Config, Network, AuditEvent, DLP, IAM, NetworkConfig]

    Type of rule or RQL query

    ruleLastModifiedOn int64

    Rule last modified on

    severity stringrequired

    Possible values: [high, medium, low]


    systemDefault boolean

    true = Policy is a Prisma Cloud system default policy

  • ]