Traps Agent 6.1.2 and TMS SEPT Updates

Community Team Member

Read about the latest Traps Agent 6.1.2 and Traps Management Service updates that have been released. Traps Agent and TMS both introduce the new Broker Service, which will impact deployments, admin roles, and search capabilities. Got questions? Get answers on LIVEcommunity.

Traps  Agent 6.1.2 and TMS Sept 2019 updates agent (Broker Service)Traps Agent 6.1.2 and TMS Sept 2019 updates agent (Broker Service)

For September 2019, Both Traps Agent 6.1.2 and Traps Management Service have been updated with many new features that can help if you wanted to deploy Traps agent on a restricted network.

 

Traps Agent 6.1.2

For Traps Agent 6.1.2, there are several new features that have been released, including new agent proxy settings as well as introduction of the new Broker Service, which allows you to deploy traps in a restricted network that does not have direct internet access. 

 

Please see the following new features for Traps Agent 6.1.2 below.

 

New features introduced in Traps agent 6.1.2 release *

FEATURE

DESCRIPTION

Configurable Agent Proxy Settings

In environments where Traps agents communicate with the Traps management service through a system-wide proxy, you can now set an application specific proxy for the Traps agent without affecting the communication of other applications on the endpoint. You can set, manage and disable the Traps agent proxy configuration in the Traps management service.

  • If your agent is communicating directly with the Traps management service, you can assign it a dedicated proxy in the Endpoints window. Once you choose to disable this proxy, the agent will revert back to communicating directly with Traps management service.
  • If your agent is not connected to Traps management service yet, you must assign the proxy IP address and port number during the Traps agent installation process on the endpoint. For agent installation instructions, see the Traps Agent Administrator’s Guide.

Traps for Restricted Networks

With the Palo Alto Networks Broker Service, you can now deploy Traps in restricted networks where endpoints do not have a direct connection to the internet. The Broker Service acts as a proxy that mediates communication between the endpoints in your restricted network and Traps management service. This enables your Traps agents to receive security policy updates from, and send logs and files to Traps management service without a direct connection. To use the Broker Service, you deploy a Broker VM on your network and configure your Traps agents for communication with the Broker VM instead of the Traps management service.

* information taken from the Traps Agent Release Notes page.

 

TRAPS MANAGEMENT SERVICE (TMS)

For Traps Management Service (TMS) September ‘19 update includes some new features. 

These first 2 features ( including the new Broker service) are from the Traps Agent 6.1.2, the last 2 features are new Admin roles and Search capabilities. Please see the new features below.

TMS Features Introduced in September 2019 **

FEATURE

DESCRIPTION

Configurable Agent Proxy Settings

In environments where Traps agents communicate with the Traps management service through a system-wide proxy, you can now set an application specific proxy for the Traps agent without affecting the communication of other applications on the endpoint. You can set, manage and disable the Traps agent proxy configuration in the Traps management service.

  • If your agent is communicating directly with the Traps management service, you can assign it a dedicated proxy in the Endpoints window. Once you choose to disable this proxy, the agent will revert back to communicating directly with Traps management service.
  • If your agent is not connected to Traps management service yet, you must assign the proxy IP address and port number during the Traps agent installation process on the endpoint. For agent installation instructions, see the Traps Agent Administrator’s Guide.

Agent proxy settings require Traps agent 6.1.2 or later versions.

Traps for Restricted Networks

With the Palo Alto Networks Broker Service, you can now deploy Traps in restricted networks where endpoints do not have a direct connection to the internet. The Broker Service acts as a proxy that mediates communication between the endpoints in your restricted network and Traps management service. This enables your Traps agents to receive security policy updates from, and send logs and files to Traps management service without a direct connection. To use the Broker Service, you deploy a Broker VM on your network and configure your Traps agents for communication with the Broker VM instead of the Traps management service. The Broker Service requires Traps agent 6.1.2 or later versions.

New Privileged Administrative Roles for Sensitive Response Actions

You can now minimize sensitive access to Traps endpoints by assigning one of two new administrative roles from the hub to your Traps management service users. The new roles, Privileged Security Admin and Privileged IT Admin, restrict who can perform File Retrievaland Live Terminal response actions on Traps endpoints.>

  • Privileged Security Admin–Provides the same privileges as the Security Admin role, in addition to Live Terminal and File Retrieval. Security Admins will no longer be allowed to perform these two actions.
  • Privileged IT Admin–Provides the same privileges as IT Admin, in addition to initiating Live Terminal. IT Admins will no longer be able to perform this action.

In addition to the two new roles, users assigned a Super Admin role can also perform File Retrieval and Live Terminal actions.

New Search Capabilities for Actions Tracker

To help you quickly locate the administrative actions initiated by Traps management service users, five search filters were added to the Actions Tracker window:

  • Endpoint name
  • Endpoint ID
  • Action type
  • Created by
  • SHA256

** information taken from the Traps Management Release Notes page.



More Info

For more information on Traps 6.1 Agent, please see:

Traps Agent 6.1 Release notes

 

Traps Agent 6.1 Admin Guide

 

For more information on Traps Management Service, please see:

Traps Management Service Release notes

 

Traps™ Management Service Administrator's Guide 

 

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

1,200 Views
Ask Questions Get Answers Join the Live Community
Labels