Default Policies Marked As "deleted by template@redlock.io" in Prisma Cloud
4433
Created On 02/22/22 11:34 AM - Last Modified 05/30/22 09:11 AM
Symptom
- Prisma Cloud Default Policies are displayed as "deleted on <Date> by template@redlock.io" after platform upgrade.
Environment
- Prisma Cloud Enterprise Edition (SaaS version)
Cause
- During platform upgrade, few Prisma Cloud Default policies may be deleted as part of investigation to reduce the number of alerts received.
- The changes in the policies (New and Deleted) are published here: Prisma Cloud Release Notes.
Resolution
- Custom policies can be created for the deleted policies by following the steps below:
Step 2: Provide the Policy Name, Policy Subtype and Severity. Click Next
Step 3: Select "Saved Search". From the dropdown, search for the deleted default policy and select it. It will be suffixed with "_RL" at the end. Click Next
Step 4: Add Compliance Standards and Remediation. Click Save
Step 5: Navigate back to Policies and confirm the created custom policy is listed
Step 6: Wait for the next scan to generate the Alerts.
For more information:
- Github - All the Default policies with the Prisma Cloud Version.
- Note: Please choose the Prisma Cloud Version to list the respective policies.
Additional Information
- All the existing Alerts for these deleted policies get AUTO-RESOLVED after the upgrade.
- If the Alerts are still Open, wait for the upgrade to complete on all the stacks (Example: app2, app.sg, etc.).
- Once the upgrade is completed, the Open Alerts for the deleted policies will be auto-resolved.
- PaloAlto Status page - Scheduled upgrade status.
- Look Ahead—Planned Updates on Prisma Cloud - Learn about what is planned in the next release. Note that the details and functionality listed are a preview and the actual release date is subject to change.