Will Trusted IPs under Anomaly Trusted IP Address Settings resolve existing Prisma Cloud Open Alerts for those IPs?

Will Trusted IPs under Anomaly Trusted IP Address Settings resolve existing Prisma Cloud Open Alerts for those IPs?

8012

Created On 09/19/22 06:36 AM - Last Modified 12/21/23 19:13 PM

Alerts

Question

Will Trusted IPs under Anomaly Trusted IP Address Settings resolve existing Prisma Cloud Open Alerts for those IPs?

Environment

Prisma Cloud
Anomaly

Answer

Any upcoming Alerts for the Whitelisted IPs will be suppressed as described here : Suppress Alerts for Prisma Cloud Anomaly Policies
However, Open Alerts that were generated for the IPs before trusting them, will continue to exist.
In such scenarios, you can dismiss these Open Alerts : View and Respond to Prisma Cloud Alerts

Additional Information

Example

Consider the following example where the IP address range '192.168.1.0/24' is trusted under Anomaly Trusted List for Anomaly Policy Type 'Port Sweep Activity (Internal)'.

GUI Path: Settings > Anomaly > Anomaly trusted list > Add trusted list

In this scenario, any Port Sweep Activity (Internal) detected from the IP address range '192.168.1.0/24' will suppress upcoming Alerts while the previously generated Open Alerts will continue to exist.