1. Overview

Prisma Cloud lets you import and export rules from one Console to another. Every rule created in Prisma Cloud under the Defend section has copy and export buttons in the Actions menu. An import button is located at the bottom of every rule table.

2. Copying rules

To copy a rule:

  1. Go to Defend > Runtime > {Vulnerabilities | Compliance | Access}.

  2. Click Actions > Copy for the rule you want to copy.

    A dialog box named Edit copy of…. opens.

  3. Make any desired changes to the copied rule.

  4. Click Save.

3. Exporting rules

Click Actions > Export next to any rule to export it in json format.

Example

{
  "name": "Default - ignore Prisma Cloud components",
  "owner": "system",
  "modified": "2017-05-31T20:47:21.573Z",
  "effect": "alert",
  "resources": {
    "hosts": [
      "*"
    ],
    "images": [
      "docker.io/twistlock/private:console*"
    ],
    "labels": [
      "*"
    ],
    "containers": [
      "twistlock_console"
    ],
    "services": []
  },
  .
  .
  .
}

4. Importing rules

A rule can be imported into Console in JSON format. To capture a rule in JSON format, use the export function described above.