Retrieving and Creating Alert rules via API

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Retrieving and Creating Alert rules via API

L0 Member


- Api call add alert rule: 

I want to create alert rules via API for the CSPM. Are there any examples for this? It's not clear to me how to populate: 



POST https://{{api-endpoint}}/v2/alert/rule >> 405 

Can we post events on this API endpoint?


- API call retrieving alert rule by ID:

GET https://{{api-endpoint}}/v1/alert/{{ruleid}} >> 404


The {id} which I retrieve with this API call:



Can any one verify that their api call are valid? 







L1 Bithead

Please follow Instructions on how to setup the Postman Collections and Environments relating to Prisma Cloud (including Compute Console) API requests. 


This is an easy way to use create alert rules via API for the CSPM. 

Emmanuel Nwankwo

L1 Bithead



I highly recommend you review the following doc before Prisma Cloud API.
1- Access the Prisma Cloud REST API
Generate JWT Token in Prisma Cloud
Stack API based on STACKs


I have added the sample Payload for your convenience.

"alertRuleNotificationConfig": [
"detailedReport": false,
"enabled": false,
"includeRemediation": false,
"recipients": [
"type": "email",
"withCompression": false,
"frequency": "as_it_happens"
"allowAutoRemediate": false,
"delayNotificationMs": 0,
"description": "",
"enabled": true,
"name": "Test12",
"policies": [
"policyLabels": [],
"scanAll": false,
"target": {
"accountGroups": [
"excludedAccounts": [],
"regions": [],
"targetResourceList": {
"action": "AUTO_DISMISS",
"additionalNotes": "",
"approver": "",
"enabled": false,
"ids": [],
"reason": "",
"requestor": ""
"tags": []
"notifyOnDismissed": true,
"notifyOnOpen": true,
"notifyOnResolved": true,
"notifyOnSnoozed": true



POST https://{{api-endpoint}}/v2/alert/rule >> 405
Can we post events on this API endpoint?

No, we can't post to the above endpoint as API endpoint is missing.

Prisma Cloud API call is mainly based on the STACK for instance if I am on STACK APP2 the link would be
or If I am using APP.EU the API call link would be


 API call retrieving alert rule by ID:

GET https://{{api-endpoint}}/v1/alert/{{ruleid}} 

To run the following API call, firstly run the API call to get Alert ID.

My tenant is on APP3 so the API call would be

Then use the following API call.{{ruleid}}

I hope this info will help.

Sr. Technical Support Engineer - Prisma Cloud | PCCSE
  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!