08-08-2024 10:45 PM
Hi team,
The team is given a high privilege set of permissions only when a change request is filed or if the team will have to implement such activities and once the activity is done the set of permission is removed in their access. In line with this the permission related policies triggers in the prisma cloud console and resolves on its own with a resolution status of scheduled since no significant changes is made on the cloud account.
We would like to know if there is a way in the prisma cloud console to whitelist specific assets to limit the number of alerts that triggers the policy and at the same time we still be able to monitor such broad permissions.
Thanks,
Alera
08-11-2024 02:15 PM
Hi @arbantayan
May I suggest to identify the assets and the type of activities involved during these changes so the scope is fully identified; then you can explore playing with Prisma Cloud Alert rules that allow you to have control over specific account groups, even have some cloud accounts excluded, but most importantly assign only the policies in your use-case scope.
Be aware that leaving an asset out of any alert rule will cause to stop triggering alerts about such asset , and even when the asset is visible and you can see its findings at any time it is recommended to focus on the policies triggering the alerts that matter
Please take a look to the following documentation for reference:
https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-source/risk-prevention
08-11-2024 02:15 PM
Hi @arbantayan
May I suggest to identify the assets and the type of activities involved during these changes so the scope is fully identified; then you can explore playing with Prisma Cloud Alert rules that allow you to have control over specific account groups, even have some cloud accounts excluded, but most importantly assign only the policies in your use-case scope.
Be aware that leaving an asset out of any alert rule will cause to stop triggering alerts about such asset , and even when the asset is visible and you can see its findings at any time it is recommended to focus on the policies triggering the alerts that matter
Please take a look to the following documentation for reference:
https://docs.prismacloud.io/en/enterprise-edition/use-cases/secure-the-source/risk-prevention
08-16-2024 10:40 AM
Please help out other users and click “Accept as Solution” if a post helps solve your problem! Here’s how and why to accept solutions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
