Copy CSPM configurations - Administrator Guide

Copy CSPM configurations - Administrator Guide - Cortex CLOUD

Cortex Cloud Posture Management Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Posture Management

Creation date

2025-01-22

Last date published

2026-06-10

Rules

When you copy Rules in the Upgrade Helper, the following actions occur:

Prisma Cloud Custom Policies (Config, Attack Path, and Data) are copied as Detection Rules in Cortex Cloud.
The enabled/disabled state of the default policies is also applied to the corresponding Detection Rules in Cortex Cloud.

Verify copied rules

After you follow the steps listed in Copy configurations, navigate to Posture Management → Rules & Policies → Rules → Cloud Security to view the list of rules that were copied.

Custom policies

When you copy Custom Policies in the Upgrade Helper, the Prisma Cloud Custom Alert Rules are copied as Policies in Cortex Cloud.

Verify copied policies

After you follow the steps listed in Copy configurations, navigate to Posture Management → Rules & Policies → Policies → Cloud Security to view the list of policies that were copied.

When verifying the list of policies, note the following details:

The policy name will have a prisma_cloud_copy suffix.
To verify that the prisma_cloud_alert_rule label was added to your policies, click the three dots next to Create Policy and select Labels from under Add Columns.
Click on a policy to view its details and review the issues that were generated.

Alert Rule name in Prisma Cloud	Result after copying to Cortex Cloud
Alert rule default config or attack	Policies are created
Alert rule custom config or attack path
Alert rule with custom compliance standard filter
Alert rule with Email and Slack notification setup
Alert rule without Email notification setup
Alert rule with CIEM policies	Policies are not created: IAM policy Attack path with CIEM finding
Alert rule with network or audit event policies	Policies are not created: Network Audit event Anomaly

Automation rules

When you copy Automation Rules in the Upgrade Helper, the Prisma Cloud Notifications are copied as Automation Rules in Cortex Cloud.

You can copy Prisma Cloud notifications that were configured for:

Alert rules with default Config or Attack Path policies
Alert rules with Slack and Email notification setup

Verify copied notifications

After you follow the steps listed in Copy configurations, navigate to Investigation & Response → Automation → Automation Rules to view the list of notifications that were copied.

The notification type is Email and has a prisma_cloud_copy suffix. You can view the corresponding Policy ID and the email recipient.

Alert rule in Prisma Cloud	Notification channels configured for alert rule in Prisma Cloud	Result after copying to Cortex Cloud
Alert rule with default Config or Attack Path policies	Email	Automation rule is created with Email
Alert rule with Slack and Email	Slack and Email	Automation rule is created with Email
Alert rule with no Email	Slack	Automation rule is not created
Alert rule with custom Config or Attack Path policies	Not applicable	Automation rule is not created

Custom compliance standards

When you copy Custom Compliance Standards in the Upgrade Helper, the Prisma Cloud Custom Compliance Standards are copied to Cortex Cloud.

Verify copied compliance standards

After you follow the steps listed in Copy configurations, navigate to Posture Management → Compliance → Standards to view the list of custom compliance standards that were copied.