Copy Cortex Cloud Application Security configurations - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-04
Category
Administrator Guide
Scope

The following configurations can be automatically copied or converted from Prisma Cloud to Cortex Cloud.

Copy and apply out-of-the-box Prisma Cloud policy labels to Cortex Cloud Application Security rules

Automatically copy out-of-the-box Prisma Cloud policy labels and apply them to their corresponding Application Security rules in Cortex Cloud.

Important

If labels are imported into Cortex Cloud less than three hours after they were last added or modified in Prisma Cloud, they may not be included in the import.

IMPORTANT:

  • Scope of conversion: Only default policy labels are converted. Labels for custom policies will be converted as part of the custom policies import process

  • Naming convention: Labels will be renamed and be added with a -{prisma id}_copy suffix to ensure there is no duplication, particularly in multi-tenant environments

  • Conversion behavior:

    • Only labels that contain the -{prisma id}_copy suffix will be copied

    • If a label was manually changed after the initial conversion, a subsequent conversion will not override it

Import Prisma Cloud custom policies as custom Cortex Cloud Application Security rules

  • Policy creation: Custom Prisma Cloud policies will be created as new custom Cortex Cloud Application Security rules on Cortex Cloud

  • Naming convention: Imported policies will be renamed with the suffix -{prisma id}_copy. This ensures no duplication in multi-tenant environments

  • Scope of conversion: Build and Build & Run policy types are supported. If the policy type is Build & Run, only the Build rules component are converted

  • Excluded data: Compliance data is not copied

  • Info severity level conversion: Policies with an Info severity will be converted to Low severity

  • Conversion behavior: Re-running the import process will override the newly created rules

Convert Prisma Cloud Enforcement rules to Cortex Cloud Application Security policies

Prisma Cloud Enforcement rules will be copied and converted into Cortex Cloud Application Security policies. The following outlines the key changes and behaviors of this conversion.

Scope

  • Rule merging: Enforcement rules that share similar logic and conditions will be combined into a single Cortex Cloud Application Security policy

  • Exception rules: Only default Enforcement rules will be converted. Any custom exception rules will not be carried over and will need to be reconfigured

  • Severity conversion: Rules with an Info severity will be converted to Low

Behavior

  • Conversion behavior: Re-running the conversion process will override the newly created policies

  • Multi-tenant use case: Since a tenant can only have one set of Enforcement rules, running the process from another tenant will override the policies of the previous tenant

Copy confirmation

When Cortex Cloud Application Security policies are selected without labels, you will be prompted to confirm your choice with the following options:

  • It is recommended to copy labels together with Enforcement rules. In order to automatically convert enforcement labels you must have also selected the default rule labels option. if you did not, the Enforcement rules will be migrated without the label, and you will need to reconfigure the label if required

  • Option 1: Proceed with Copy.

  • Option 2: Go Back to Selection (to select Labels).

Convert Prisma Cloud developer suppressions as Cortex Cloud Application Security policies

When importing developer suppression settings from Prisma Cloud to Cortex Cloud, they are copied and adapted into the corresponding policy configuration, updating or modifying the policy's existing developer suppression settings as needed.

  • Global vs. per-policy configuration: While this was a global setting in Prisma Cloud, on Cortex Cloud developer suppressions are configured per policy

  • Scope: This setting only applies to custom policies created prior to the conversion. Any custom policy created after the conversion process will need to be configured manually

  • Conversion behavior: Executing the process again will override the policies' developer suppressions settings

  • Multi-tenant use case: Running the process from another tenant will override the previous tenants' settings

Copy Git History & Validate Secrets settings

Copy Prisma Cloud advanced secrets settings for Git History and Secrets Validation to Cortex Cloud.

  • Global vs. per-repository configuration: While these were global settings in Prisma Cloud, on Cortex Cloud they are configured per repository

  • Scope: These settings only apply to repositories that were onboarded prior to the migration. Any repositories onboarded after the migration will need to have these settings configured manually

  • Conversion behavior: Executing the conversion process again will override the settings on all repositories

  • Multi-tenant use case: Running this process from another tenant will override the previous tenants' settings

Copy non-default scanned branches

Copy your non-default Prisma Cloud scanned branches through the Scanned Branches setting.

  • Scope: Prisma Cloud non-default scanned branches will be copied as scanned branches to the Cortex Cloud Set Scanned Branches configuration settings. Repositories must be onboarded prior to initiating the conversion. Any repositories onboarded after the migration will only be scanned on their default branch

  • Scan behavior: If selected, the relevant repositories will be scanned only on these imported non-default branches. On Cortex Cloud you have the flexibility to scan up to ten different branches. This can be manually configured after the conversion is complete

  • Conversion behavior: Executing the conversion again will override the settings on all repositories

Convert AppDNA Discovery Criteria to Cortex Cloud Application Criteria

Convert your Prisma Cloud Application Discovery criteria into Cortex Cloud Application Criteria.

Cortex Cloud Application Criteria correlates assets across both code and cloud environments. It uses code-to-cloud graph technology to automate application discovery, as opposed to the Prima Cloud AppDNA functionality, which was limited to cloud-only discovery.

  • Tag logic: While Prisma Cloud supported matching all possible combinations of multiple tags, Cortex Cloud uses a strict AND logic. Only assets that match all selected tags will be grouped into an application

  • Excluded Criteria: Any manual applications or discovery criteria that include specific repositories will not be migrated. These will need to be recreated manually in Cortex Cloud if needed

  • Conversion behavior: Executing the conversion again will override the converted criteria settings