New Traps management service updates for November and December 2018. Read about Mimikatz prevention, Cloud services App switching, and many more enhancements. Palo Alto Networks Live Community is committed to providing the answers to your questions. Join the discussion today! Join Live! Community today!
To prevent attackers from leveraging the Mimikatz tool to extract passwords from memory, you can now enable Password Theft Protection. When enabled, Traps silently prevents attempts to steal credentials.
Cloud Services App Switching
This enhancement allows you to easily switch between other Palo Alto Networks Cloud Service apps and app instances from the Traps management service console. If your user account belongs to multiple accounts, you can also easily switch between accounts.
Detailed Memory Analysis of Security Events
To verify the accuracy of a verdict, you can now upload the memory state collected by Traps when an exploit security event occurs to the Traps management service for an additional layer of analysis for verdict accuracy.
Temporary Session Management and Visibility
To help you easily manage Traps on endpoints that run as temporary sessions, the Traps management service now distinguishes temporary sessions from other non-persistent VDI (virtual desktop infrastructure). You can also create a dynamic Endpoint group for temporary sessions to use in policy and Endpoint management.
Dynamic Endpoint Group Support for Agent Version
You can now define membership for a dynamic Endpoint group based on a specific Traps agent version. This enables you to manage endpoints, exceptions, and apply policy to endpoints running specific Traps agent versions.
Centralized File Management
For enhanced visibility and ease of management, the Traps management service now consolidates the File Analytics and Restore Candidates pages into the new Files dashboard.
Files Analytics — Displays all files that run on your Windows endpoints. As with the previous File Analytics page, you can pivot to view additional details about the file, including when and on which endpoints it last ran, verdicts from local and WildFire verdict sources, and more.
Files Quarantine — Displays all files that were quarantined (either manually or automatically). From this view, you can also easily open the details view for any file to create an exception to restore it on the endpoint.
Before Filing a Case, check out these helpful links: