Table: prismacloud_alert_rule - Query Prisma Cloud alert rules using SQL
The Prisma Cloud alert rule table in Steampipe provides you with information about alert rules within Prisma Cloud. This table allows you, as a security engineer or cloud administrator, to query alert rule-specific details, including rule name, status, notification settings, and more. You can utilize this table to gather insights on alert rules, such as their configurations, status, and more. The schema outlines the various attributes of the Prisma Cloud alert rule for you, including the rule ID, name, notification settings, and associated policies.
Table Usage Guide
The prismacloud_alert_rule table in Steampipe provides information about alert rules within Prisma Cloud. This table allows you to query details such as the alert rule's name, status, notification settings, and more, enabling you to manage and monitor your alert rules effectively.
Examples
Basic Info
Retrieve basic information about Prisma Cloud alert rules, such as rule name, description, status, and whether auto-remediation is allowed. This query helps you to understand the overall configuration and status of your alert rules.
select name, description, enabled, allow_auto_remediatefrom prismacloud_alert_rule;select name, description, enabled, allow_auto_remediatefrom prismacloud_alert_rule;List of enabled alert rules
Get a list of all enabled Prisma Cloud alert rules. This is useful for identifying which alert rules are currently active and enabled.
select name, description, enabledfrom prismacloud_alert_rulewhere enabled = true;select name, description, enabledfrom prismacloud_alert_rulewhere enabled = 1;Alert rules with specific notification settings
Identify alert rules that notify on dismissal. This helps in understanding the notification settings configured for your alert rules.
select name, description, notify_on_dismissedfrom prismacloud_alert_rulewhere notify_on_dismissed = true;select name, description, notify_on_dismissedfrom prismacloud_alert_rulewhere notify_on_dismissed = 1;Alert rules by owner
Retrieve alert rules managed by a specific owner. This helps in tracking which alert rules are managed by which users or teams.
select name, description, ownerfrom prismacloud_alert_rulewhere owner = 'admin_user';select name, description, ownerfrom prismacloud_alert_rulewhere owner = 'admin_user';Alert rules with open alerts
Get a list of alert rules with open alerts. This helps in identifying which alert rules have ongoing issues that need attention.
select name, description, open_alerts_countfrom prismacloud_alert_rulewhere open_alerts_count > 0;select name, description, open_alerts_countfrom prismacloud_alert_rulewhere open_alerts_count > 0;Schema for prismacloud_alert_rule
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| allow_auto_remediate | boolean | Whether auto-remediation is allowed. | |
| delay_notification_ms | bigint | Delay for notifications in milliseconds. | |
| deleted | boolean | Whether the rule is deleted. | |
| description | text | Description of the rule. | |
| text | =, !=, ~~, ~~*, !~~, !~~* | Email address of the current session user. | |
| enabled | boolean | Whether the rule is enabled. | |
| excluded_policies | jsonb | Policies that are excluded. | |
| last_modified_by | text | User who last modified the rule. | |
| last_modified_on | timestamp with time zone | Timestamp of the last modification. | |
| name | text | Name of the rule. | |
| notification_channels | jsonb | Channels for notifications. | |
| notification_config | jsonb | Notification configuration for the alert rule. | |
| notify_on_dismissed | boolean | Whether to notify when alert is dismissed. | |
| notify_on_open | boolean | Whether to notify when alert is open. | |
| notify_on_resolved | boolean | Whether to notify when alert is resolved. | |
| notify_on_snoozed | boolean | Whether to notify when alert is snoozed. | |
| open_alerts_count | bigint | Count of open alerts. | |
| owner | text | Owner of the rule. | |
| policies | jsonb | List of policies. | |
| policy_labels | jsonb | Labels associated with the policies. | |
| policy_scan_config_id | text | ID of the policy scan configuration. | |
| read_only | boolean | Whether the rule is read-only. | |
| scan_all | boolean | Whether to scan all policies. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| target | jsonb | Target configuration. | |
| title | text | Title of the rule. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- prismacloudYou can pass the configuration to the command with the --config argument:
steampipe_export_prismacloud --config '<your_config>' prismacloud_alert_rule