# Prisma Cloud Integration

[The Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) integration routes cloud security alerts – like misconfigurations, vulnerabilities, or compliance violations – to on-call engineers via ilert. This ensures alert visibility, timely escalation, and faster remediation in your cloud infrastructure.

## In ilert: Create a Prisma Cloud alert source

1. Go to **Alert sources** -> **Alert sources** and click on **Create new alert source**

   <figure><img src="/files/rmL9OoRxcWnDwcJZQm4Y" alt=""><figcaption></figcaption></figure>
2. Search for **Prisma Cloud** in the search field, click on the Prisma Cloud tile and click on **Next**.

   <figure><img src="/files/1WoRRYB5U40PbeMJ7Hit" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="/files/y4Bakf2apGhBN56U8ZPR" alt=""><figcaption></figcaption></figure>
5. Select you [Alert grouping](/alerting/configure-alerting/alert-sources.md#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

   <figure><img src="/files/nTlB0ZCIW1SP3dj6P9nO" alt=""><figcaption></figcaption></figure>
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now.
7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   <figure><img src="/files/iFF3BpyuIYMi49K1j7uk" alt=""><figcaption></figcaption></figure>

## &#x20;<a href="#create-topic" id="create-topic"></a>

## In Prisma Cloud

Open your console and navigate to Mange -> Alerts\
You may also follow the official guide ([which can be found here](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/alerts/webhook.html))

Create a **new webhook alert** and make sure to paste your alert source's url as **incoming webhook url.** We suggest the following template that should be used as **custom json** for your webhook:

```
{
    "type": #type,
    "time": #time,
    "container": #container,
    "image": #image,
    "host": #host,
    "fqdn": #fqdn,
    "function": #function,
    "region": #region,
    "runtime": #runtime,
    "appID": #appID,
    "rule": #rule,
    "message": #message,
    "forensics": #forensics,
    "accountID": #accountID,
    "cluster": #cluster,
    "labels": #labels,
    "collections": #collections
}
```

Feel free to test your configuration with **Send test alert**.

Setup the alert channels and triggers to your liking and click **Save**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ilert.com/integrations/inbound-integrations/prismacloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.