Merge pull request #1000 from hlxsites/action-plans

action-plans

docs/en/enterprise-edition/content-collections/administration/action-plans.adoc

@@ -0,0 +1,77 @@
+== Prisma Cloud Action Plans 
+
+Action Plans programmatically deliver effective remediation steps tailored to maximize risk reduction while requiring you to take minimal actions, thereby enhancing efficiency and efficacy in securing assets.
+
+* *Prioritization*: Action Plans group together alerts and assets that can be secured through a single fix, ensuring your security team spends time on the most effective outcomes. Actions are prioritized based on security context and Prisma Cloud alerts. 
+
+* *Execution and Delegation*: Leverage your integrations on Prisma Cloud to help delegate security fixes to your team through Jira tickets and/or Slack messages with a single click.
+
+* *Detailed Visibility*: Ensure that every alert resolved or asset impacted is visible in one location, and provide detailed context to your security teams.
+
+* *Security Fix Efficiency*: Using machine learning and generative models, Action Plans help summarize tasks across the various alerts that impact the same asset, ensuring a comprehensive plan to reduce alerts with the least number of required steps.
+
+Action Plans offer seamless integration with existing cloud security tools such as:
+
+* Cloud Infrastructure Entitlement Management: Identities of instances and users are stored in this module if enabled. Analysts can access this information when reviewing an Action Plan.
+* Attack Paths: Explore the attack paths to any asset in an Action Plan to learn more about potential threats.
+* Alerts: Use the Alerts tab in the Action Plans to easily view the possible alerts mitigated by proposed resolution, and effeciently obatin complete security context.
+* Integration: Data ingestion across all Prisma Cloud platform tools to gather and group together findings giving you more time to focus on faster resolution.
+
+[NOTE]
+====
+Action Plans do not ingest any additional data context and keep your security processes and names completely local to your setup. 
+*How to fix* functionality does not send any additional context to any generative AI models. The platform is built around full visibility and no actions are taken without your explicit permission.
+====
+
+
+=== Action Plan Menu
+
+Action Plans seamlessly integrate into existing workflows in Prisma Cloud and do not impact any existing experiences on the platform as shown below. 
+
+image::administration/action-plans-1.gif[]
+
+Follow the steps below to access and explore the Action Plans menu:
+
+. Navigate to *Home > Cloud Security > Action Plans* to access the menu.
+
+. The *Action Plans* navigation menu includes the following three out-of-the-box views:
+
+.. *Overview*— Provides a high-level view of all available *Action Plans*. 
+
+... Select *Add Filter* to filter plans by— Status, Finding Type, and Assignee.
+... Click on the *Sort* tab to sort plans by— Criticality, Alert Count, and Asset Count. Criticality is selected by default. It takes into account not only the number of affected parts of your system, but also security data in the context of your business. 
+Action plans are generated based on the severity of your alerts, and are only available if high/critical alerts are available.
+
+.. *Assigned to Me*— Lists all the *Action Plans* assigned to you for resolution. Click on the *Assignee* filter to reassign any selected Action Plan.
+
+.. *Unassigned Action Plans*— Lists *Action Plans* that do not currently have an owner. Click on the *Assignee* filter to select an owner.
+
+You can also use the feedback button to share your experience with Action Plans with the Prisma Cloud team.
+
+=== Action Plan Workflows 
+
+From the Action Plan dashboard select any *Action Plan* to get a closer look at the alerts addressed by the plan, as well as the number of impacted assets.
+Each action plan helps group alerts to help burn them down more efficiently. Alerts are logically grouped together so that a single action on one asset can remove the corresponding alerts. 
+
+image::administration/action-plans-2.gif[]
+
+The tags, as indicated in the image above, consolidate the different finding types grouped by the alerts. You can also select any Alert to further investigate the root cause. Using the Alerts module, specific Alerts can be either stopped individually or with an Alerts rule based on your specific needs. Learn more about remediating xref:../alerts/view-respond-to-prisma-cloud-alerts.adoc[Alerts].  
+
+Action Plans comprise of asset specific details to help security teams rapidly remediate the risk. Sections include:
+
+* *Overview*— Provides a summary of the action plan finding, the primary asset affected, as well as the ability to trace through the impact of the grouped issues by viewing attack paths, alerts, vulnerabilities, and findings. 
+
+* *How to Fix*— Leverages machine learning and large language models to combine issues across several alerts that affect an asset to provides step by step recommendations to remediate the risk.
+For example, an Action Plan can include specific steps to address an issue with an identity role that needs to be updated to resolve several alerts. You can also forward the issue to internal security teams for further resolution using one of the options below:
+
+** Select the *Create a JIRA* ticket button to automatically create a Jira ticket using a standard template. If the correct template is not visible, you can create one by clicking on the highlighted link.
+This template can then be accessed internally in Prisma Cloud. 
+
+** Select *Send a Slack message* to reach out to issue owners via Slack to ensure proper visibility to the relevant group or individuals as needed. 
+You can select a Slack group as well as enter an optional message to be sent alongside the action plan.
+
+* *Related Alerts*— Lists all the alerts associated with the action plan. Click on any alert to view Attack Paths, Vulnerabilities and other details related to the alert. This view is highly customizable and alerts can be individually addressed or snoozed from the action plan. 
+
+* *Impacted Assets*— The impacted assets tab shows the list of all potential assets that the action plan secures. 
+
+

docs/en/enterprise-edition/content-collections/administration/collection-administration.yml

@@ -48,6 +48,8 @@ topics:
     file: add-service-account-prisma-cloud.adoc
   - name: Create and Manage Access Keys
     file: create-access-keys.adoc
+  - name: Action Plans
+    file: action-plans.adoc
   - name: Collections
     file: collections.adoc
   - name: Set up SSO Integration on Prisma Cloud

docs/en/enterprise-edition/content-collections/book.yml

@@ -356,6 +356,8 @@ topics:
     file: add-service-account-prisma-cloud.adoc
   - name: Create and Manage Access Keys
     file: create-access-keys.adoc
+  - name: Action Plans
+    file: action-plans.adoc
   - name: Collections
     file: collections.adoc
   - name: Set up SSO Integration on Prisma Cloud