How To Export All Alerts Associated To A Policy in Prisma Cloud

How To Export All Alerts Associated To A Policy in Prisma Cloud

644
Created On 03/10/22 02:30 AM - Last Modified 02/27/24 18:32 PM


Objective


How to successfully download all alerts (100+) pertaining to a certain policy.

Environment


  • Prisma Cloud
  • Alerts

Procedure


There are two approaches for this:

Approach 1
  1.  GUI: Log into Prisma Cloud > Alerts > Overview
Screen Shot 2022-03-09 at 6.17.33 PM copy.jpg
  1. Click on the hyperlink with the number of alerts
Screen Shot 2022-03-09 at 6.17.33 PM.png
  1. Click on the "load more" button until it matches the total number of alerts
Screen Shot 2022-03-09 at 6.20.57 PM.png
  1. Click on the download button
Screen Shot 2022-03-09 at 6.21.51 PM.png

Approach 2
  1. GUI: Log into Prisma Cloud > Policies 
Screen Shot 2022-03-09 at 6.23.40 PM.png
  1. Search for the desired policy
Screen Shot 2022-03-09 at 6.26.10 PM.png
  1. Click on the download button
Screen Shot 2022-03-10 at 9.47.03 AM.png

Note: Either of these approaches should yield all the alerts associated to a certain policy.

Additional Information


  • Running the RQL query associated to a certain policy in the Investigate tab and downloading the results yields all the alerts too.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NY0CAM&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail