Q: What is AIOps for NGFW?
A: AIOps for NGFW is the industry's first domain-centric AIOps solution that redefines the firewall operational experience by interpreting, predicting, and resolving problems before they become business impacting.
Q: What problem is AIOps for NGFW solving?
A: Customers are unaware of their security posture and don’t have the product expertise to maximize utilization of security functionality or insights into misconfigurations. This leads to gaps in their security posture and puts them at a greater risk of a breach.
In addition, security teams are tasked with maintaining firewall deployments with limited resources and tools to prevent business disruptions caused by firewalls. In addition, they lack visibility into their entire deployment’s health, performance, and security posture to prevent business-disrupting incidents due to firewall-related errors. Once impacted, they spend immense time and resources reacting to the situation - trying to determine the root cause - while under tremendous pressure to bring the business back online.
Q: What are the key benefits of using AIOps for NGFW?
A:
Q: How can I consume AIOps for NGFW?
A: AIOps for NGFW is available in Free and Premium (Paid) versions and can be used on NGFW and Panorama devices that run on PAN‑OS 10.0 and above.
Q: What are the prerequisites to consume AIOps?
A: AIOps can be consumed on NGFW and Panorama devices with:
Q: What's the "AI" in AIOps for NGFW?
A: The AI features in AIOps today are mostly in the Operational Health problem scenarios in the form of techniques in ‘Anomaly detection’, ‘Forecasting’, ‘Threshold’ and ‘State-change’ based alerts.
Q: Where is AIOps cloud-hosted? Do we have different instances across the globe?
A: We are presently hosted in US-Central and our deployment is accessible globally.
The AIOps app is hosted in the NAM region, and the analysis/compute of the data happens in NAM and the data itself can reside in the customer's local region where their CDL is hosted.
Q: How can I get started with AIOps for NGFW?
A: See our Getting Started Guide to get started with your own instance of AIOps for NGFW.
Q: How can I consume AIOps for NGFW?
A: AIOps for NGFW is available in Free and Premium (Paid) versions and can be used on NGFW and Panorama devicesthat run on PAN‑OS 10.0 and above.
Q: What is the difference between the Free and Premium tiers of AIOps for NGFW?
A: The free tier is a fully functional product that aims to enrich the operators’ understanding of the firewall deployment. This tier is forever free to use for all the Palo Alto Networks firewalls registered in the Customer Support Portal. The Premium tier (Paid) contains Premium functionality of the AIOps product, in addition to the functionality provided in the Free tier.
Q: What licenses are needed for the Free/Premium tiers?
A: The Free tier does not require any license to be installed. The Premium tier requires the customer to purchase Premium AIOps for NGFW licenses.
Q: Can I instantiate both a Free and a Premium instance of AIOps?
A: Yes, you could have the Premium license for just a subset of the firewalls that are registered with the CSP (in a separate instance from firewalls without a Premium license). All firewalls without a Premium license will be maintained in a separate, Free instance of AIOps.
Q: What is Telemetry?
A: Telemetry is the collection of measurements and data from one location and transmitting to a remote location for processing. The PAN-OS device telemetry feature for versions 10.0 and above include information in three categories—device health and performance, product usage, and threat prevention. While the user can choose to decide to turn off telemetry for any of these categories independently, the lack of data will affect the functionality or the quality of insights and recommendations that these telemetry-powered applications can provide.
Q: What does the customer need to do with telemetry for AIOps for NGFW to work?
A: Customers need to enable telemetry collection on their firewalls. PAN-OS 10.0+ supports the collection of telemetry data natively.
Q: Can we monitor telemetry data in real-time or is this historical?
A: The data is processed in batches, and is not real-time. This is not a replacement for a near real-time monitoring solution. However, by analyzing the data and proactively calling out potential issues, we aim to help the user avoid business-disrupting incidents.
Q: Where can I find the privacy datasheet?
A: You can read the Telemetry privacy datasheet here.
Q: How are you collecting data?
Note: Before we are able to collect data the device administrator has to confirm and agree for us to do so.
A: Panorama and NGFWs will collect and share data about the runtime and configuration aspects of the product with Palo Alto Networks. This data is collected by running command-line interface (CLI) commands and by accessing internal data sources (such as internal log files, configuration files, metric counters, etc.) that are sometimes, but not always, viewable by device administrators. This information is sent to Palo Alto Networks cloud as an unstructured blob of data at specific time intervals. Once this data is received, it is parsed and converted into tables of information that are needed by telemetry powered applications (TPAs) to perform their function(s).
Q: Can I see what data you are collecting?
A: The Panorama and NGFW have a UI setting where you can get more information on what is being collected. Additionally, you can also see what data would be sent if it were collected at that instant by clicking the Generate Telemetry File button and downloading the generated file to your desktop.
Q: Where is the data stored?
A: The telemetry data is stored in a customer-specific silo on the Cortex Data Lake, referenced by a “tenant ID”. The telemetry powered apps (TPAs) use this data to deliver insights and recommendations to the customers.
Q: Does AIOps for NGFW support regionalization? How does it safeguard the data?
A: AIOps for NGFW is available globally. Customers can point to their in-region CDL for all permanent storage of AIOps for NGFW data. The AIOps for NGFW app itself will serve the UI from a US or EU (Frankfurt) based data center, but it will not store any customer-related PII information in these data centers if the CDL location is not the same.
Q: I do not want to participate. How do I opt-out?
A: The Panorama and Firewall have a setting in the UI (Device/Panorama > Setup > Telemetry) where you can choose to opt-out of sending telemetry data.
Q: I have changed my mind. I originally had opted in, and have not opted out. I also do not want you to have any of my previously collected data. How do I trigger that?
A: The first step is to stop the PAN-OS devices from sending any new telemetry data. Panorama and the Firewalls have a UI setting from where you can choose to opt-out of sending telemetry data. This will stop the Palo Alto devices from sending on any new telemetry data to Palo Alto Networks.
To remove any data that might have previously been collected, please create a support ticket with our Support organization.
Note: Data that was previously collected will be aged out after our retention period.
Q: How are you securing data?
A: We take this aspect very seriously. All communications related to handling telemetry data is via secure channels. The data is encrypted at rest. The data centers are SOC2 Type 2 certified, and there are strict controls and audit measures put in place as to who accesses the data. Please see our privacy datasheet for more information.
Q: How long is the data stored?
A: All customer-specific data that is collected is aged out. Currently, this is set to 1-year retention before it is aged out.
