About Yifan

Greeting,   I highly recommend you review the following doc before Prisma Cloud API. 1- Access the Prisma Cloud REST API 2- Generate JWT Token in Prisma Cloud 3- Stack API based on STACKs   I have added the sample Payload for your convenience. { "alertRuleNotificationConfig": [ { "detailedReport": false, "enabled": false, "includeRemediation": false, "recipients": [ "user@email.com" ], "type": "email", "withCompression": false, "frequency": "as_it_happens" } ], "allowAutoRemediate": false, "delayNotificationMs": 0, "description": "", "enabled": true, "name": "Test12", "policies": [ "5cc78081-1006-4874-8b13-bd01583888c4" ], "policyLabels": [], "scanAll": false, "target": { "accountGroups": [ "41ec1962-2f54-49e7-b07e-d7ae1cacfd3d" ], "excludedAccounts": [], "regions": [], "targetResourceList": { "action": "AUTO_DISMISS", "additionalNotes": "", "approver": "", "enabled": false, "ids": [], "reason": "", "requestor": "" }, "tags": [] }, "notifyOnDismissed": true, "notifyOnOpen": true, "notifyOnResolved": true, "notifyOnSnoozed": true }     POST https://{{api-endpoint}}/v2/alert/rule >> 405 Can we post events on this API endpoint? No, we can't post to the above endpoint as API endpoint is missing. Prisma Cloud API call is mainly based on the STACK for instance if I am on STACK APP2 the link would be https://api2.prismacloud.io/v2/alert/rule or If I am using APP.EU the API call link would be https://api.eu.prismacloud.io/v2/alert/rule    API call retrieving alert rule by ID: GET   https:// {{api-endpoint}} /v1/alert/ {{ruleid}}  To run the following API call, firstly run the API call to get Alert ID. My tenant is on APP3 so the API call would be https://api3.prismacloud.io /v2/alert/rule Then use the following API call. https://api3.prismacloud.io/v1/alert/{{ruleid}} I hope this info will help. ... View more