# Prisma Cloud Integration

[The Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) integration routes cloud security alerts – like misconfigurations, vulnerabilities, or compliance violations – to on-call engineers via ilert. This ensures alert visibility, timely escalation, and faster remediation in your cloud infrastructure.

## In ilert: Create a Prisma Cloud alert source

1. Go to **Alert sources** -> **Alert sources** and click on **Create new alert source**

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FjX0cS4q7woTXKajZmc1W%2FScreenshot%202023-08-28%20at%2010.21.10.png?alt=media&#x26;token=8ef3666b-84eb-4b51-abee-f07303313941" alt=""><figcaption></figcaption></figure>
2. Search for **Prisma Cloud** in the search field, click on the Prisma Cloud tile and click on **Next**.&#x20;

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FlXzQlJpaTFSR49AZk0xA%2FScreenshot%202023-08-28%20at%2010.24.23.png?alt=media&#x26;token=cffeacb4-57b9-47d4-827d-b0f6b1afd914" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNnuZqONaIhbOf6fn4OkZ%2FScreenshot%202023-08-28%20at%2011.37.47.png?alt=media&#x26;token=8a74f7b5-5bd2-4eea-97fa-1c1dbb041333" alt=""><figcaption></figcaption></figure>
5. Select you [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.&#x20;

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FueugN4JgHn1c90ggFA6u%2FScreenshot%202023-08-28%20at%2011.38.24.png?alt=media&#x26;token=b8009daf-3ca8-4264-a6fa-e42ef7333205" alt=""><figcaption></figcaption></figure>
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now.
7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2Fi3TIOBvNYBQfDtNpmm0A%2FScreenshot%202023-08-28%20at%2011.47.34.png?alt=media&#x26;token=6cae965a-e448-4443-8c20-37cf501c43b2" alt=""><figcaption></figcaption></figure>

## &#x20;<a href="#create-topic" id="create-topic"></a>

## In Prisma Cloud

Open your console and navigate to Mange -> Alerts\
You may also follow the official guide ([which can be found here](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/alerts/webhook.html))

Create a **new webhook alert** and make sure to paste your alert source's url as **incoming webhook url.** We suggest the following template that should be used as **custom json** for your webhook:

```
{
    "type": #type,
    "time": #time,
    "container": #container,
    "image": #image,
    "host": #host,
    "fqdn": #fqdn,
    "function": #function,
    "region": #region,
    "runtime": #runtime,
    "appID": #appID,
    "rule": #rule,
    "message": #message,
    "forensics": #forensics,
    "accountID": #accountID,
    "cluster": #cluster,
    "labels": #labels,
    "collections": #collections
}
```

Feel free to test your configuration with **Send test alert**.

Setup the alert channels and triggers to your liking and click **Save**.