Prisma Cloud: Auto-Remediation not working for IAM Policies

Prisma Cloud: Auto-Remediation not working for IAM Policies

509
Created On 08/08/23 08:17 AM - Last Modified 07/07/25 19:54 PM


Symptom


Prisma Cloud: Auto-Remediation is not working for IAM Policies.

Environment


  • Prisma Cloud
  • IAM Policies in all Cloud Accounts (eg. Azure, GCP etc.)

Cause


  • IAM Policies do not support Auto-Remediation or Manual Remediation at this time
  • They just support viewing CLI instructions when clicking on the Remediation Options

Resolution


  • This is expected behaviour as per product design

Additional Information


Note : Since Alert Rules don't identify IAM policies as 'Auto Remediable Policies', you will not see any IAM policies populate in the Alert Rules once 'Auto-Remediation' is enabled
  • You may ask why IAM Policies are shown as “Remediable” in the UI
Screenshot 2023-08-09 at 3.16.55 PM.png
  • This is because, while the Policies themselves are remediable, that doesn’t imply all the Resources in them are Remediable as it depends on the following Criteria:
  1. Policy must be OOB and marked as Remediable (All OOB should be marked as remediable)
  2. The Alert itself must also match our remediable criteria as we do not support remediation for all Alerts. For an Alert to be considered Remediable it must confirm the following conditions:
  • Permission is granted by one of the following entities: User or System Assigned
  • Permission is granted on one of the following levels: Cloud Account Resource or Subscription
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Xg0bCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail