This article describes how to do the following:

• Create custom risk rules from any search in the inventory and save them.
• Edit the severity of risk rules and disable out-of-the-box (OOB) risk rules as needed.
• Manage and distinguish between custom and system-generated risk rules.

Create a custom risk rule

There are two options to create a custom risk:

Option 1:

In Prisma Cloud DSPM, click Inventory to open the Inventory window, and then proceed to step 4 below.

Option 2:

1. In Prisma Cloud DSPM, click Risks. The Risks Overview tab opens by default.
   
   
2. In the Custom Risk thumbnail click Create.
3. In the pop-up, click Go to Inventory to open the Inventory window.
4. In the custom risk rules field, specify the rules for the custom risk. For example, create a custom risk to view developer secrets that are open to the world.
   
   
5. Click Create Custom Risk.
   
   
6. In the New Custom Risk drawer, do the following:
   1. Give a meaningful name to the risk.
   2. Enter a description for the risk.
   3. Specify the severity of the risk.
   4. Specify if the risk affects security and/or compliance.
   5. Click Create to create the custom risk. Note that it takes approximately 15-minutes for Prisma Cloud DSPM to identify the risk findings associated with the new custom risk.
      
      
7. After creating a custom risk, its thumbnail appears in the Risks Overview tab.
   • A custom risk thumbnail is denoted by the word Custom to distinguish it from out-of-the-box risks.
     
   • The number on the thumbnail indicates the number of risk findings associated with the custom risk rules.

Edit a custom risk rule

1. In Prisma Cloud DSP side menu, click Risks. The Risks Overview tab opens by default.
2. Navigate to the custom risk you want to edit.
3. Click the Settings icon, located at the top right of the thumbnail, to open the custom risk’s drawer.
   
    
4. Edit the custom risk as required. For example, change the severity level, or stop creating risk findings for the custom rule.
5. Click Save.

Delete a custom risk

1. In Prisma Cloud DSPM, click Risks. The Risks Overview tab opens by default.
2. Navigate to the custom risk you want to delete.
3. Click the Settings icon, located at the top right of the thumbnail, to open the custom risk’s drawer.
4. In the custom risk drawer, click Delete this risk.
5. When prompted, click Remove. The custom risk is deleted from Prisma Cloud DSPM.