Prisma Cloud alert is showing incorrect status as “open” even after updating cloud configuration
6478
Created On 10/08/21 17:51 PM - Last Modified 08/31/23 20:13 PM
Symptom
The alert status is showing 'open', incorrect status, or stale alert even though the resource was updated/deleted based on the policy.
Environment
- Prisma Cloud
- Alerts
Cause
This is an internal issue where the alert engine doesn't update properly and timely from the backend database.
Resolution
The full scan can be initiated only by an internal team member and it can be requested by opening a support ticket.
When you open case with our support team you need the following information:
- Alert ID
- Resource detail/Metadata in Json format from the alert detail page
- Go to Alert > Overview and then click the number under 'Alerts' tab
- Click '>' next to alert ID to expand the tab.
- Click 'View Details' next to 'Resource Configuration'
- Copy and paste resource configuration
- Screenshot of RQL query result showing the resource in the alert is not present from Investigate page