12-27-2022 01:20 AM
We've enabled AiOPS and while it does do a great job in putting together a lot of data and also BPA recommendations.
We do have some questions in regards to alerts.
We have specific Vulnerability, Spyware and so on profiles.
Some are explicitly as ALERT-ONLY, or for E-Mail SPAM-GATEWAYS where we only want ALERT for SMTP decoder since our MTA is the security device and not the Palo Alto Firewall.
These profiles and other settings trigger a critical or high alert warning in AiOPS
We want to except these specific profiles from the process of triggering BPA config alerts but besides snooze and action taken there are no other options.
Also it does not specify exactly to which profile we are setting the action. Since is the Alert "URL Profile not configured correctly" and it shows 3 URL Profiles, of which we want to disable the alert for 1 but not the other too.
Am I missing something?
What is the approach on such things. I don't want to disable the alert for all 3 Profiles that it detected it, just the once that are by design like this.
Best regards
Alex
12-28-2022 09:52 AM
Hello @AlexNC
Hope you are doing well,
The snooze capability currently only works with the BP check and is applicable to all profiles. The capability to make this available for particular device groups and firewalls is on the roadmap.
The operator can decide not to issue an alert when certain firewalls are present when this feature is available.
Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks
12-28-2022 09:52 AM
Hello @AlexNC
Hope you are doing well,
The snooze capability currently only works with the BP check and is applicable to all profiles. The capability to make this available for particular device groups and firewalls is on the roadmap.
The operator can decide not to issue an alert when certain firewalls are present when this feature is available.
Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks
12-28-2022 04:25 PM
Hello @AlexNC
Hope you are doing well,
This only serves as a follow-up to the query.
Do you still need help, or can we just close the query now?
Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks
12-30-2022 02:12 AM
Dear Sharan
Right now the snooze is not usefull the way it is implemented, but I am looking forward to the roadmap and the change you mentioned.
Being able to permanently disable/snooze an alert for a specific profile will be very welcome.
Thank you and best regards
Alex
12-30-2022 03:09 PM
Dear @AlexNC
Numerous sections have been changed and new implementations have been made in accordance with the update.
The update will likely come sooner.
Here are few of the links of newly updated
New Security Posture Overview Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317858357112
CDL Infrastructure Health Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317857868112
SURE (Software Upgrade Recommendation Engine) Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317856182112
Policy Analyzer Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317858471112
Thank you so much for your response. I'm going to end this post now, but if you ever feel like you need assistance, make a post similar to this one.
Thank you
regards
Sharan Selva
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
