About Prisma SASE Incidents and Alerts
Focus
Focus
Prisma Access

About Prisma SASE Incidents and Alerts

Table of Contents

About Prisma SASE Incidents and Alerts

The Prisma Access Incidents and Alerts Reference provides a description of every Prisma Access incident and alert and what to do when you receive them.
Where can I use this?What do I need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • AI-Powered ADEM license
  • Autonomous DEM license
  • Prisma Access license

About This Guide

This reference guide provides information about the incidents and alerts raised in your environment, based on your AI-Powered ADEM, ADEM Observability, or Prisma Access license. You'll also find remediation steps for incidents, alerts correlated with each incident, and information about incidents and alerts in the Strata Cloud Manager platform.
In Strata Cloud Manager, select Incidents & AlertsPrisma Access Incidents & Alerts.
Overview is the Prisma Access Incidents and Alerts landing page, and it provides a bird's-eye view of incidents and alerts in your environment.
Select Incident List to view the incidents in your environment. Choose any incident and drill down to investigate. You can find remediation steps for incidents in your environment in the AI-Powered ADEM Incidents, ADEM Incidents, and Strata Access Incidents sections of this reference.
Priority Alerts describe the status of your Prisma Access environment, especially if something isn't working as expected.
Informational Alerts notify you about upcoming software upgrades and status for upgrades that are in progress or completed.
Select Notification Profiles to create and review rules that trigger incident and alert notifications.
Users with ServiceNow enabled in their environment can view the ServiceNow Audit Log. This log shows each incident ID and the ServiceNow operations performed on each incident, such as create, update, and delete.
Select Incident Settings to customize the incidents you receive by incident category and incident code.

About Incidents and Alerts

AI-Powered ADEM, ADEM Observability, and Prisma Access raise incidents, which indicate a problem, unplanned interruption, or reduction in quality of service in your environment. An incident is a correlation of alerts across metrics that provides contextual troubleshooting information along with a live scope of impact. When the underlying issue to an incident is fixed, Prisma Access automatically validates the cause, resolves the symptoms, and clears the incident. Your customers can subscribe to incident notifications or to the underlying alerts through different notification methods, such as ServiceNow, email, or webhooks.
The product creates an incident when the product can:
  • Detect and qualify business impact.
  • Detect the issue to a higher precision, such as with correlations, aggregations, and anomaly detection.
Select the Incident List tab to open and view any incident and see all alerts that are correlated with an incident.
Prisma Access alerts you when something isn't right in your environment. When an issue occurs in the network (for example, 15 minutes of continuous application degradation), Prisma Access has a raise condition in place that triggers an alert. Then, 10 to 15 minutes after Prisma Access raises the alert, the alert in turn generates an incident.
More than one alert can generate one incident.
Alerts let you know if there is an issue or problem affecting the Prisma Access cloud infrastructure, so that you’re aware as the Prisma Access team works on a fix. Alerts are resolved only when the issue that triggered the alert is fixed; you can't manually resolve alerts. Users subscribed to alert notifications receive a notification when an update is issued, when the alert severity increases, and when it is resolved.

Incidents and Alerts in Strata Cloud Manager

Palo Alto Networks Strata Cloud Manager is the AI-powered Network Security platform. You view information about incidents and alerts information related to your Prisma Access environment, create and update notification profiles, and customize the incidents you received by incident category and incident code.
From the Strata Cloud Manager UI, select Incidents & AlertsPrisma Access Incidents & Alerts to get started. The incidents and alerts available in your environment depend on whether you have an AI-Powered ADEM, ADEM Observability, or Prisma Access license.
Incidents by Operational Status, Incidents by Assignee, and Incidents by Priority appear only for users who have ServiceNow enabled.