Prisma Cloud: How to delete custom policy labels which are no longer used

Prisma Cloud: How to delete custom policy labels which are no longer used

2746
Created On 08/02/22 20:25 PM - Last Modified 04/05/24 16:48 PM


Objective


  • To delete custom unused policy labels from Prisma Cloud via API. 
  • To review the label that needs to be deleted Log into Prisma Cloud Console  > Governance > Add Filter > Policy Label
Screen Shot 2022-08-02 at 1.09.32 PM.png
 
 

Environment


  • Prisma Cloud Enterprise Edition
  • Policies
  • Policy label

Procedure


Retrieve List of Labels and verify if being used:

  1. To retrieve list of labels currently present in the tenant go to Prisma Cloud > Policies
  2. Open browser's Developer tools and select Network Tab.
  3. Once the HAR is recording, go to any policy and click on Edit under Actions tab. The HAR recording should have an API named labels. The complete URL would look something like https://api.prismacloud.io/label. The endpoint api.prismacloud.io will vary depending on the stack you are using and the API will be /label.
  4. You can see the complete list of labels currently present in the tenant by going to Response tab as seen in the screenshot below: Screenshot 2023-07-20 at 8.23.17 AM.png
  5. Verify if the label that needs to be deleted is not currently applied to any policy. If a custom label is deleted that is currently associated to a policy, the policy will no longer have that label. 
  6. To verify go to Prisma Cloud > Policies page > Add Filter > Policy Label > Select the label. Remove all other filters currently applied on the Policies page such that only the filter Policy Label is applied. 
  7. Check is there are any policies listed in the page.
Delete Label using API
  1. Make sure to have the correct endpoint based on the stack and add /label/ (refer screenshot)
  2. The HTTP Request method needs to be "DELETE"
  3. The HTTP request body should include the label name that is to be deleted in JSON format. Multiple labels can be added in the request body.
  4. Refer the screenshot below or the HAR response captured earlier to see how the body syntax looks like
  5. HTTP 200 OK response will be sent back on successful queries.
  6. Clear browser cache and check the list of labels in Prisma tenant(it might take up to 10 mins to reflect depending on stack load)
Note: Prisma Cloud Default labels cannot be deleted using this method. So if the deleted label is still seen in the list of labels, it could be one of the default labels. 
Screen Shot 2022-08-02 at 1.13.51 PM.png
 
 
 

Additional Information


  • To learn more about using API refer our public documentation CSPM API and Headers  
  • How to set up your Postman Environment click here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Cr2eCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail