topic Interpretation of BPA Reports in General Topics https://live.paloaltonetworks.com/t5/general-topics/interpretation-of-bpa-reports/m-p/579895#M116189 <P>I generated a BPA report on the AIOPS website using the tsf file from Strata, but I am a bit confused about the terms referenced in the report's interpretation.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_3-1710145673343.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58188i1694BF178AC05006/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Felixcao_3-1710145673343.png" alt="Felixcao_3-1710145673343.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_0-1710145051453.png" style="width: 548px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58185iABAB1EEBE1A617DD/image-dimensions/548x62/is-moderation-mode/true?v=v2" width="548" height="62" role="button" title="Felixcao_0-1710145051453.png" alt="Felixcao_0-1710145051453.png" /></span></P> <P>Among them, CSC controls 9.2, 12, etc., specifically refer to? Can anyone explain it.</P> <P>I went to download the file: CIS.Controls_v8_Critical_Security.Controls_2023:08.pdf</P> <P>The description in section 9.2 is:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_1-1710145293214.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58186iCD493CC231F4D733/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Felixcao_1-1710145293214.png" alt="Felixcao_1-1710145293214.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_2-1710145309189.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58187iF66F32EA911B5B66/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Felixcao_2-1710145309189.png" alt="Felixcao_2-1710145309189.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 11 Mar 2024 08:27:47 GMT Felixcao 2024-03-11T08:27:47Z Interpretation of BPA Reports https://live.paloaltonetworks.com/t5/general-topics/interpretation-of-bpa-reports/m-p/579895#M116189 <P>I generated a BPA report on the AIOPS website using the tsf file from Strata, but I am a bit confused about the terms referenced in the report's interpretation.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_3-1710145673343.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58188i1694BF178AC05006/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Felixcao_3-1710145673343.png" alt="Felixcao_3-1710145673343.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_0-1710145051453.png" style="width: 548px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58185iABAB1EEBE1A617DD/image-dimensions/548x62/is-moderation-mode/true?v=v2" width="548" height="62" role="button" title="Felixcao_0-1710145051453.png" alt="Felixcao_0-1710145051453.png" /></span></P> <P>Among them, CSC controls 9.2, 12, etc., specifically refer to? Can anyone explain it.</P> <P>I went to download the file: CIS.Controls_v8_Critical_Security.Controls_2023:08.pdf</P> <P>The description in section 9.2 is:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_1-1710145293214.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58186iCD493CC231F4D733/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Felixcao_1-1710145293214.png" alt="Felixcao_1-1710145293214.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Felixcao_2-1710145309189.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58187iF66F32EA911B5B66/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Felixcao_2-1710145309189.png" alt="Felixcao_2-1710145309189.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 11 Mar 2024 08:27:47 GMT https://live.paloaltonetworks.com/t5/general-topics/interpretation-of-bpa-reports/m-p/579895#M116189 Felixcao 2024-03-11T08:27:47Z Re: Interpretation of BPA Reports https://live.paloaltonetworks.com/t5/general-topics/interpretation-of-bpa-reports/m-p/579959#M116201 <P>I can't speak to the "CSC" part of your question, but I can tell you the call out is specifically because your rule allows ANY application over ANY port.<BR /><BR />I'm not suggesting this rule as deployed in your organization is wrong for any particular reason.&nbsp; This alert in the BPA report is suggesting that in a lot of use cases such a rule (any -- any) isn't suggested and should be restricted to defined applications over specific ports (Either app-default, or some other defined application.)</P> Mon, 11 Mar 2024 18:51:39 GMT https://live.paloaltonetworks.com/t5/general-topics/interpretation-of-bpa-reports/m-p/579959#M116201 Brandon_Wertz 2024-03-11T18:51:39Z