Prisma Cloud: Why is the error message "Unsupported Parameters For Custom Policy Remediation" being displayed when cloning a custom policy?
2168
Created On 06/12/22 20:58 PM - Last Modified 02/07/25 20:53 PM
Question
Why is the error message "Unsupported Parameters For Custom Policy Remediation" being displayed when cloning a custom policy?
In the below screenshot you can see a cloned default Prisma Cloud policy, for example: "Azure Network Security Group allows all traffic on RDP Port 3389"
GUI Path: Policies > Search Policy > Edit Policy > 4. Remediation
Environment
- Prisma Cloud Enterprise Edition (SaaS Version)
- Policies (Build + Runtime)
Answer
This is expected behaviour. The CLI remediation for some default policies contains parameters that are not supported in custom policies. In order to clone those policies, the CLI remediation has to be removed or updated to exclude the unsupported parameters.
The right panel shows a list of all supported parameters. Refer to the screenshot below where variable ${ruleName} should be removed as it is not part of the "Available CLI Variables".
The correct syntax would look like this:
az network nsg rule update --resource-group ${resourceGroup} --nsg-name ${resourceName} --access Deny
GUI Path: Policies > Search Policy > Edit Policy > 4. Remediation Additional Information
View our documentation here for runtime policy. View our documentation for build policies here.