Read about new Traps management service updates introduced in September and October 2018. Palo Alto Networks Live Community presents new that updates include: role-based access controls, administrative action tracking, DLL blacklist for Exploit Protection, and much more. Read more about Traps management service.
1. Role-Based Access Controls: The following predefined roles provide access to the Traps management service for users based on their roles and responsibilities.
Super Admin – Full access with the ability to perform any action in the system such as create policies and assign subordinate roles.
Security Admin – Create and modify security policies and review security events.
IT Admin – Create and modify endpoint groups and prepare agents to be deployed.
Read Only – Can view information in the Traps console. User cannot make any changes to the policies or settings.
No Access – This setting is used if you have multiple Traps management service tenants with different administrators for each tenant and want to restrict cross tenant access.
2. On-Screen “What’s New” Notification: On-screen display appears when new features are available with links for more details.
Traps Management New Release Notification
3. Administrative Action Tracking:Allows admins to monitor the status of agent actions (upgrades, scans, and other activity) across multiple endpoints.
Example of TRAPS Administrative Action Tracking
4. DLL Blacklist for Exploit Protection:A blacklist can now be created as part of an Exploit Security Profile to prevent DLLs from running when launched by protected processes.
5. Examination of Office Files on Network Drives:Allows Traps to scan Microsoft Office files for malicious macros when the file is run from a network drive.
Examine Office Files from Network Drives
6. Enhanced Management for Resolved Events:Allows you to close out one or more events without deleting them from the Traps management service.
7. Bulk Security Event Status Management:Simplifies management of multiple security events in bulk. For example, following an investigation on multiple endpoints, you can change the status in one action.
For more details on the new features, please refer to the following resources: