Prisma Cloud includes system default policies for protecting hosts and containers from runtime incidents and for detecting vulnerabilities on these workloads.
By default, the workload protection policies are disabled. You can enable these policies and use them in an alert rule for viewing alerts on runtime incidents and vulnerabilities.
-
Select Governance and filter on the Policy Type Workload Incident and Workload Vulnerability.
These policies are assigned as Cloud Type Any, and cannot be cloned.
-
Toggle the Status to enable the policies.
Click a policy to view the details. Each policy provides a read only view of the vulnerability management rules that power the protections.
Edit a policy and select Manage Rules to view the details on each rule in Runtime Security. You can use the system default rules or custom vulnerability rules.
For example, the Hosts detected with known Vulnerabilities policy has the corresponding rules on Runtime Security > Defend > Vulnerabilities > Hosts.
-
Use the workload policy in an alert rule.
