: Delete SaaS Policy Rule Recommendations
Focus
Focus

Delete SaaS Policy Rule Recommendations

Table of Contents

Delete SaaS Policy Rule Recommendations

Learn how to delete SaaS rule recommendations.
You can delete any previously enabled recommendations. In doing so, the state of the recommendation changes on the firewall or Prisma Access from active to removed. However, for auditing reasons, the inactive recommendation persists in the firewall web interface or Prisma Access web interface, even after the firewall administrator or Prisma SaaS administrator deletes the associated policy rule.
If you’re able to modify the existing recommendation to meet your needs, do so instead of deleting it because your firewall administrator or Prisma SaaS administrator must manually delete the policy rule, HIP objects, and HIP profile associated with the recommendation. The process is manual by design: for security reasons, deleting a policy rule must be intentional.
If you are deleting a tenant-level policy recommendation, there are potential side effects that you must communicate to your firewall administrator. When a tenant-level policy recommendation is imported on the firewall, an application group and one or more custom applications are also created. These application objects identify the application tenants and user activities to detect. Deleting the policy on the firewall does not automatically delete these application objects. Make sure your firewall administrator understands that these application objects must be manually deleted. If a custom application is not deleted, the custom application will match other policies on the firewall. As a result, unexpected actions might be applied to the traffic described in the custom application.
  1. Navigate to SaaS Security Inline.
  2. To navigate to the Policy Recommendations view, select Discovered AppsPolicy Recommendations.
  3. In the table, locate the rule recommendation that you want to delete.
  4. In the Actions column, select the Delete action.