New Traps Management Service Updates for November and December 2018

L3 Networker

New Traps management service updates for November and December 2018. Read about Mimikatz prevention, Cloud services App switching, and many more enhancements. Palo Alto Networks Live Community is committed to providing the answers to your questions. Join the discussion today! Join Live! Community today!

 

 

 

 

 

November Enhancements

 

Mimikatz Prevention 

To prevent attackers from leveraging the Mimikatz tool to extract passwords from memory, you can now enable Password Theft Protection. When enabled, Traps silently prevents attempts to steal credentials.

 

Cloud Services App Switching

This enhancement allows you to easily switch between other Palo Alto Networks Cloud Service apps and app instances from the Traps management service console. If your user account belongs to multiple accounts, you can also easily switch between accounts.

 

Cloud Account Image

 

Detailed Memory Analysis of Security Events 

To verify the accuracy of a verdict, you can now upload the memory state collected by Traps when an exploit security event occurs to the Traps management service for an additional layer of analysis for verdict accuracy.

 

Memory Analysis Image

 

Temporary Session Management and Visibility

To help you easily manage Traps on endpoints that run as temporary sessions, the Traps management service now distinguishes temporary sessions from other non-persistent VDI (virtual desktop infrastructure). You can also create a dynamic Endpoint group for temporary sessions to use in policy and Endpoint management.

 

December Enhancements

 

Dynamic Endpoint Group Support for Agent Version 

You can now define membership for a dynamic Endpoint group based on a specific Traps agent version. This enables you to manage endpoints, exceptions, and apply policy to endpoints running specific Traps agent versions.

 

Dynamic Group Image

 

Centralized File Management

For enhanced visibility and ease of management, the Traps management service now consolidates the File Analytics and Restore Candidates pages into the new Files dashboard.

 

  • Files Analytics — Displays all files that run on your Windows endpoints. As with the previous File Analytics page, you can pivot to view additional details about the file, including when and on which endpoints it last ran, verdicts from local and WildFire verdict sources, and more.
  • Files Quarantine — Displays all files that were quarantined (either manually or automatically). From this view, you can also easily open the details view for any file to create an exception to restore it on the endpoint.

 

 Central File Management Image

 

 

 

 Before Filing a Case, check out these helpful links:

 

Got a Question? Joint an Endpoint (Traps) Discussion
https://live.paloaltonetworks.com/t5/Endpoint-Traps-Discussions/bd-p/Endpoint_Discussions

 

Enable or Disable Traps File Protection Settings on the Endpoint
https://www.paloaltonetworks.com/documentation/41/endpoint/endpoint-admin-guide/troubleshooting/cyto...

 

Install Traps on Windows Endpoints

https://www.paloaltonetworks.com/documentation/traps/4-2/traps-endpoint-security-manager-admin/set-u...

 

Install Traps on Mac Endpoints
https://www.paloaltonetworks.com/documentation/traps/4-2/traps-endpoint-security-manager-admin/set-u...

1,514 Views
Ask Questions Get Answers Join the Live Community
Labels