Prisma Cloud: Attack path policy alert for "Privilege escalation and lateral movement risk due to a publicly exposed Azure Function with administrative permissions"

• The user had an alert for 'attack path' policy "Privilege escalation and lateral movement risk due to a publicly exposed Azure Function with administrative permissions"
• Upon investigation, none of the Function Apps in Azure were recently made public, or recently assigned admin permissions 

• Prisma Cloud

• Generating alerts for the policy "Privilege escalation and lateral movement risk due to a publicly exposed Azure Function with administrative permissions" 
• Why and how it's affected

• The current attack path policy triggers alerts when the findings listed below are detected.

• If we address/remediate these findings, the attack path alert will be resolved. 

1. Azure Function app configured with public network access:
   This finding pertains to public network access, and you are required to address this alert to resolve the attack path alert. 

2. Azure Function App with administrative permissions:
   This finding pertains to administrative permissions, and you are required to address this alert to resolve the attack path alert.

• Attack path Policy will be triggered if both the child policies have open alerts for the resource. That's how attack path policies behave.

In case, you don't want any attack path policy alerts, you can change the settings as per your requirements on the Prisma console by following the steps below:

1. Login to Prisma Console -->
2. Select Settings -->
3. Enterprise Settings -->
4. Auto-Enable All Attack Path Default