Palo Alto Networks releases new features for Traps Management Service (TMS), including integrated security events analysis, enhanced data collection, and Improved Grid for Actions Tracker. Got questions? Get answers on LIVEcommunity.
Traps Management Service (TMS) Features Introduced in August 2019
Integrated Security Events Analysis
When you investigate the details of a security event in Traps terminal service, you can now continue youranalysis in Cortex XDRto identify the root cause and timeline of events. To use integrated security event analysis with Cortex XDR, you must have a valid Cortex XDR license and enable the monitor and collect enhanced endpoint datacapability in anAgent Settings Profile.
Enabling Enhanced Data Collection (change to previous behavior)
The option to monitor and collect enhanced endpoint datacan now be enabled only if you have a valid Cortex XDR license and allocated log storage in your Cortex Data Lake instance. When enabled, Traps shares detailed information about all active file, process, network, and registry activity on an endpoint with other Cortex apps. This information provides Cortex apps with the endpoint context, so you can gain insight on the overall event scope when you investigate a threat. If you do not have a valid Cortex XDR license, the monitor and collect enhanced endpoint dataoption in theAgent Settings Profileis grayed out and disabled.
Improved Grid for Actions Tracker
TheActions Trackeris now enhanced to improve usability. Now, when you scroll up and down the page, the headings are docked to remain visible. Also, you can scroll faster through large amounts of records.