Posture Control (ZPC)

About Alerts

Zscaler Posture Control (ZPC) continuously scans your cloud resources and triggers alerts when it detects any security policy violations and sends alert notifications to recipients or to third-party systems for investigation.

ZPC provides security policies for both runtime and build-time environments. These policies describe the scenarios for which alerts must be triggered. ZPC triages the alerts by severity (Critical, High, Low, or Medium) to help you prioritize the alerts and take action in a timely manner. You can configure custom alert rules to trigger alerts for specific policy violations on your cloud resources.

The alert details are displayed on the Alerts page. You can also get an overview of the alert lifecycle and trends on the ZPC dashboard.

Alerts provide the following benefits and enable you to:

View and manage alert notifications for any security policy violations detected in the cloud resources.
Create and manage custom alert rules for specific policy violations based on your organization's requirements.
Stay informed about critical security events.
Send alert data to third-party tools for further evaluation.

Alert Types

The alerts are classified as:

Cloud Alerts: Alerts triggered for security policy violations that occur within your cloud resources during runtime.
IaC Alerts: Alerts triggered for misconfigurations detected in your IaC infrastructure during build time.

About the Alerts Page

On the Alerts page (select Alerts in the left-side navigation), you can see the following tabs:

Cloud Alerts
On the Cloud Alerts tab, you can do the following:
1. View the list of cloud alerts generated for various cloud accounts. Click the Alert ID to view additional details. For a detailed description of each alert attribute, see Alert Attributes.
2. View alerts grouped by policy.
3. Apply filters to view specific data in the table.
4. Resolve or ignore a single alert or multiple alerts.
5. Search for specific data in the searchable columns.
6. Sort the column data.
7. Modify the table and its columns.
8. Ignore or resolve the open alerts.
9. Select a saved filter.
10. Hide the filters.
11. Export the alert data along with the following attributes per your requirements to an Excel file and download the report:
- Audit Procedure: Steps to audit the policy violation.
- Remediation: Steps to remediate the policy violation.
- Resource Metadata: The metadata of the asset or identity.
- All Contributing Factors: The aggregated findings of an alert that describes the security violation in the policy.
  When this option is not selected, only the first 15 aggregated findings are included in the Export report.
See image.

Close

Close
IaC Alerts
On the IaC Alerts tab, you can do the following:
1. View the list of alerts triggered for misconfigurations detected in the IaC resources. Click the Alert ID to view additional details. For a detailed description of each alert attribute, see Alert Attributes.
2. View alerts by scan ID.
3. View alerts grouped by policy.
4. Apply filters to view specific data in the table.
5. Resolve or ignore an alert or multiple alerts.
6. Search for specific data in the searchable columns.
7. Sort the column data.
8. Resolve or ignore the alert.
9. Modify the table and its columns.
10. Select a saved filter.
11. Hide the filters.
12. Export the alert data as a report. To learn more, see Downloading Reports.
Close
Ignore Filters
The Ignore Filters tab shows the list of filters you've added to ignore alerts for some security policies based on specific criteria for a set time period.

On the Ignore Filters tab, you can do the following:
1. View the list of alert filters. For each filter, you can see:
  - Filter Name: The name of the ignore filter. Click to view additional details of the filter, and edit, delete, or disable the filter. See image.
    
    Close
  - Alert Type: The type of alert (cloud alert or IaC alert) that must be ignored.
  - Filter Scope: The list of entities on which the filter is applied.
  - Created By: The admin who created the filter.
  - Created: The date and time when the filter was created.
  - Updated By: The admin who updated the filter.
  - Updated Date: The date and time when the filter was updated.
  - End Date: The date when the filter is going to be disabled.
2. Add an alert ignore filter.
3. Search for a specific filter.
4. Sort the column data.
5. Enable or disable the alert ignore filter.
6. Edit or delete the alert ignore filter.
7. Modify the table and its columns.
Close
Notifications
The Notifications tab displays a list of alert rules you've configured for specific policy violations. Depending on your organization's subscriptions, you can configure cloud alert rules or IaC alert rules.
On the Notifications tab, you can do the following:
1. View the alert rule details. For each alert, you can see:
  - Alert Rule Name: The name of the alert rule.
  - Alert Type: The type of alert (Cloud or IaC).
  - Integration Type: The third-party tool (ServiceNow, Jira, Amazon Security Lake, AWS S3, Azure Blob, or Slack) to which the alert notifications are sent.
  - State: The enabled or disabled state of the alert rule.
When you initially add an alert rule but don't configure the notifications, the State is displayed as Saved.
1. Add an alert rule.
2. Sort the column data.
3. Enable or disable the alert rule.
4. Edit an alert rule.
5. Delete an alert rule.
6. Modify the table and its columns.
7. Search for an alert rule.
Close

View the Alerts page

Posture Control (ZPC)

About Alerts

Alert Types

About the Alerts Page

Was this article helpful? Click an icon below to submit feedback.

Related Article