on 11-09-201806:18 AM - last edited on 12-13-201811:03 AM by ploera
Take a look at some of the new enhancements for Aperture, new features for Evident, and updates to Traps TMS. You can also review some helpful tips from Palo Alto Networks Live Community about QUIC Protocol, templates and resources, even setting up SSH on a non-standard port using certificate authentication.
New Aperture Enhancements
Enhanced Administrator Roles (RBAC). You may now customize admin roles vs. the built-in four previous admin roles. Aperture admins with a Super-Admin role may customize a role in a similar way as in PAN-OS. Each area of the UI may be regulated and assigned to specific roles. Each role can be granted various levels of applicable permissions (no access, view only, view+download, etc).
Also new is an application health status for Box and Google Drive. Sometimes, there are issues that can prevent Aperture from accessing an app or scanning data in that app. When this happens, Aperture can now display a warning to administrators in the UI that provides details. This can be seen in the “Settings” tab under “Cloud Apps & Scan Settings."
New Evident Features
Here is a snapshot of recent new features introduced in Evident.
Like all of Palo Alto Networks SaaS applications, Traps TMS receives new features on a monthly basis. Here are the latest enhancements:
Automatic dump analysis on demand for exploit events
Lowering severity of hash override security events from “High” to “Low”
Examination of Office files on Network drives
Enhanced management for resolved events
Bulk security event status management
See the details for the October release here. November will be posted soon.
TIP: Best Practices for QUIC Protocol
QUIC (Quick UDP Internet Connections) is a protocol developed by Google. Many applications like Google, Gmail, and YouTube utilize QUIC and may cause disruption in your SSL Decryption implementation. The two best practices for dealing with QUIC are as follows:
Block QUIC by using the “quic” App-ID
Block service udp/443
Also, make sure you are at least upgraded on your content signatures to version 8080 or higher. For more information, see this article. See this knowledge base article for an example of proper blocking.
TIP: Setting up SSH on a Non-Standard Port Using Certificate Authentication
Check out this FUEL article to set up SSH on a non-standard port using certificate authentication and then permitting access through a Palo Alto Networks Next Generation Firewall (PA-220) to the destination server. The article covers the following items:
Setting up a second instance of SSH on a non-standard port number
Configuring SSH to require a certificate for authentication instead of a username and password
Configuring the firewall to allow the connection through that port