Palo Alto Prisma Cloud Connector: Policy Data Restored with Missing "detailed" API Flag

What Changed

Single-line addition of “detailed”: true flag to Palo Alto Prisma Cloud CCF connector API query parameters. This flag was present in the legacy Function App connector but omitted during CCF migration.

Security Impact (Visibility & Fidelity)

Deployments using the CCF connector experienced significant data loss — critical policy-related fields were excluded from Prisma Cloud alert ingestion due to the missing “detailed” API flag:

Missing policy data impacts:

Policy violation details and compliance context
Risk assessment and severity scoring information
Resource configuration drift detection
Compliance framework mapping (GDPR, SOX, HIPAA, etc.)

Per PR discussion: Customer confirmed missing policy fields before fix, which are now visible post-deployment. The legacy Function App connector correctly included this flag — this was a migration oversight that created a data blind spot for CCF users.

API Impact

The Prisma Cloud API /alerts/v2 endpoint requires the “detailed” flag to include comprehensive policy metadata. Without it, the API returns basic alert information but excludes policy violation context essential for security analysis and compliance reporting.

Affected Files

Solutions/PaloAltoPrismaCloud/Data Connectors/PrismaCloudCSPMLog_CCF/PaloAltoPrismaCloudCSPMLog_PollingConfig.json
(packaging artefacts: mainTemplate.json, 3.0.4.zip)

What Changed#

Security Impact (Visibility & Fidelity)#

API Impact#

Affected Files#

What Changed

Security Impact (Visibility & Fidelity)

API Impact

Affected Files