Prisma Cloud alerts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prisma Cloud alerts

L0 Member

Hello everyone!

I connected my AWS account to Prisma Cloud service and it automatically scanned it. Now I think that I could have new vulnerabilities on my account but new s3 buckets or EC2 instances don't appers automatically on my Prisma Cloud account. How I can rescan my account and receive new alerts?

1 REPLY 1

L2 Linker

My first question is what makes you think you should have new alerts? Are you firing up new EC2 instances that you know have some vulnerability? And to verify, you do see some alerts from before, just not new ones?

 

Re-scanning happens automatically periodically (think it's somewhere around every 20 minutes or so). There is no way in the UI to force a re-scan. One way you can try however is to remove the cloud account from Prisma Cloud and onboard it again, which should initiate a scan immediately. Data will be retained for 24h, so it should not cause any existing alerts to be lost, as long as the account is onboarded again within that timeframe.

 

Other things to check is go to settings->Providers->cloud accounts (if you're already on the Darwin release) and verify that the account is still being ingested OK (green checkmark showing in the status column). If not, try to resolve that first.

 

And finally, for alerts to trigger, the cloud account you've onboarded has to be attached to a account group, and that account group has to have an alert rule attached to it. For the Darwin release, see https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/alert-notifications

 

If you have attached your cloud account to the default account group, then it should already be connected to the default alert rule. In that case I would verify that the "select all policies" toggle is active for the default alert rule.

 

 

  • 1110 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!