AiOPS Alert Management - disable alerts for specific profiles/configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AiOPS Alert Management - disable alerts for specific profiles/configuration

L3 Networker

We've enabled AiOPS and while it does do a great job in putting together a lot of data and also BPA recommendations.

We do have some questions in regards to alerts.


We have specific Vulnerability, Spyware and so on profiles.
Some are explicitly as ALERT-ONLY, or for E-Mail SPAM-GATEWAYS where we only want ALERT for SMTP decoder since our MTA is the security device and not the Palo Alto Firewall.
These profiles and other settings trigger a critical or high alert warning in AiOPS

We want to except these specific profiles from the process of triggering BPA config alerts but besides snooze and action taken there are no other options.
Also it does not specify exactly to which profile we are setting the action. Since is the Alert "URL Profile not configured correctly" and it shows 3 URL Profiles, of which we want to disable the alert for 1 but not the other too.

 

Am I missing something?
What is the approach on such things. I don't want to disable the alert for all 3 Profiles that it detected it, just the once that are by design like this.

 

Best regards

Alex

There's no home like 127.0.0.1
1 accepted solution

Accepted Solutions

L3 Networker

Hello @AlexNC

 

Hope you are doing well,

 

The snooze capability currently only works with the BP check and is applicable to all profiles. The capability to make this available for particular device groups and firewalls is on the roadmap.

The operator can decide not to issue an alert when certain firewalls are present when this feature is available.

 

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks

View solution in original post

4 REPLIES 4

L3 Networker

Hello @AlexNC

 

Hope you are doing well,

 

The snooze capability currently only works with the BP check and is applicable to all profiles. The capability to make this available for particular device groups and firewalls is on the roadmap.

The operator can decide not to issue an alert when certain firewalls are present when this feature is available.

 

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks

Hello @AlexNC

 

Hope you are doing well,

 

This only serves as a follow-up to the query.
Do you still need help, or can we just close the query now?

 

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks

L3 Networker

Dear Sharan

 

Right now the snooze is not usefull the way it is implemented, but I am looking forward to the roadmap and the change you mentioned.

Being able to permanently disable/snooze an alert for a specific profile will be very welcome.

 

Thank you and best regards

Alex

There's no home like 127.0.0.1

Dear @AlexNC

 

 

Numerous sections have been changed and new implementations have been made in accordance with the update.
The update will likely come sooner.

 

Here are few of the links of newly updated

 

New Security Posture Overview Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317858357112

 

 

CDL Infrastructure Health Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317857868112

 

 

SURE (Software Upgrade Recommendation Engine) Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317856182112

 

 

Policy Analyzer Demo:
https://live.paloaltonetworks.com/t5/video/gallerypage/video-id/6317858471112

 

 

Thank you so much for your response. I'm going to end this post now, but if you ever feel like you need assistance, make a post similar to this one.

 

Thank you

regards

Sharan Selva

Thanks and Regards,
Sharan Selva
Product Specialist
Palo Alto Networks
  • 1 accepted solution
  • 2175 Views
  • 4 replies
  • 0 Likes
  • 40 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!