Prisma Cloud Integration
Send Prisma Cloud security alerts into ilert to notify on‑call teams of cloud misconfigurations or vulnerabilities in real time.
The Prisma Cloud integration routes cloud security alerts – like misconfigurations, vulnerabilities, or compliance violations – to on-call engineers via ilert. This ensures alert visibility, timely escalation, and faster remediation in your cloud infrastructure.
In ilert: Create a Prisma Cloud alert source
Go to Alert sources -> Alert sources and click on Create new alert source
Search for Prisma Cloud in the search field, click on the Prisma Cloud tile and click on Next.
Give your alert source a name, optionally assign teams and click Next.
Select an escalation policy by creating a new one or assigning an existing one.
Select you Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
The next page show additional settings such as customer alert templates or notification prioritiy. Click on Finish setup for now.
On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.
In Prisma Cloud
Open your console and navigate to Mange -> Alerts You may also follow the official guide (which can be found here)
Create a new webhook alert and make sure to paste your alert source's url as incoming webhook url. We suggest the following template that should be used as custom json for your webhook:
{
"type": #type,
"time": #time,
"container": #container,
"image": #image,
"host": #host,
"fqdn": #fqdn,
"function": #function,
"region": #region,
"runtime": #runtime,
"appID": #appID,
"rule": #rule,
"message": #message,
"forensics": #forensics,
"accountID": #accountID,
"cluster": #cluster,
"labels": #labels,
"collections": #collections
}
Feel free to test your configuration with Send test alert.
Setup the alert channels and triggers to your liking and click Save.
Last updated
Was this helpful?