Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update the doc for alert status reason info and rename file to say Status Reason instead of Resolution Reason... #812

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update the doc for alert status reason info and rename file to say Status Reason instead of Resolution Reason... #812

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions ...risma-cloud-alert-resolution-reasons.adoc → ...ts/prisma-cloud-alert-status-reasons.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
[#id97d61277-e387-43b1-8a54-ec644bc02fdc]
== Prisma Cloud Alert Resolution Reasons
Review the different reasons an alert is closed on Prisma Cloud
== Prisma Cloud Alert Status Reasons
Review the different reasons for why an alert is in open or resolved status on Prisma Cloud.

When an open alert is resolved, the reason that was alert was closed is included to help with audits. The reason is displayed in the response object in the API, and on the Prisma Cloud administrative console on *Alerts > Overview* when you select an resolved alert and review the alert details for the violating resource.

Some common reasons in the below list are also applicable for when an alert is newly opened or re-opened from resolved status.

The table below lists the reasons:

[cols="26%a,74%a"]
Expand All @@ -17,11 +19,11 @@ The table below lists the reasons:


|RESOURCE_UPDATED
|Resource was updated (based on the JSON metadata).This status indicates that a change was detected in one of the clauses included in a single or join policy statement within the policy RQL. With this resource update, the policy violation is no longer valid and the alert was resolved.
|Resource was updated (based on the JSON metadata). This status indicates that a change was detected in one of the clauses included in a single or join policy statement within the policy RQL. If the alert is now in resolved status, then this reason denotes that the policy violation is no longer valid due to an update to the underlying resource. If the alert is in open status, then this reason denotes that the policy violation is now valid due to an update to the underlying resource.


|POLICY_UPDATED
|Policy was updated. This status indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation.
|Policy was updated. If alert is resolved, this reason indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation. If the alert is in open status, this reason indicates that a policy update resulted in resource being in the scope of the policy evaluation and failed the evaluation.


|POLICY_DISABLED
Expand Down