- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-26-2023 10:08 AM - last edited on 06-27-2023 10:53 AM by jennaqualls
Hello everyone!
We are delighted to introduce AIOps for NGFW 3.0, which empowers our customers to further enhance the effectiveness of firewall management. This update enables them to optimize their security measures, gain insights into the dynamic relationship between users, applications, and threats across their entire network, and efficiently visualize and report these interactions. Here are some notable features included in this release:
1. New Incident and Alert Experience – We have created a more intuitive and more visually appealing visualization of incidents / alerts. Furthermore, we have achieved a common Alerting framework across AIOPs for NGFW, ADEM and AIOps for SDWAN in terms of terminology, menu structure and workflows AIOps for NGFW has gained a few additional features in this consolidation. It has the ability to create Incidents, which sit one level above Alerts in terms of describing a critical issue that needs operator attention for remediation. The Alert workflow now also supports the new field of priority (has a factory default value) which can be set by the end customer.
2. The new NGFW SD-WAN Dashboard shows Impacted Applications and Poor Links trend to give a view of the overall SD-WAN health and performance:
The new SD-WAN Dashboard and related pages provide an aggregated view of Link and Application performance metrics and provide drill down capabilities to understand the details of the poor links and applications. This type of view provides insights about specific clusters and sites that require attention and the links that need remediation action for better performance.
When link performance metrics show anomalous patterns in the data such as Tunnel status, Latency, Packet Loss and Jitter alerts are raised for action on poor links. Similarly when the applications are impacted alerts are raised to fix links that are contributing to the impacted application traffic.
iii. Ranking Algorithm for Impacted Applications
iv. Forecast Model for Events and Alerts
3. CDSS Adoption Improvements – Purchase of security subscriptions is only the first step toward protecting an organization. On analyzing the activation of the services and configuring them, we notice the numbers should be much better. With the new improvements, AIOps now provides the user with recommendations on services they should be activating on a firewall, the rules on which they should be configuring services and a view into whether or not they are following best practices in their configuration. The recommendations are based on intelligence we generate regarding the role of the zones from the config but the customer knows best so we provide them with knobs to turn to fine tune the recommendations.
4. AIOps for NGFW 3.0 has the new Device and Posture Score which is calculated for a device based on the best practice checks the device has failed and the criticality of the check. This dashboard provides a quick view into the score for all devices, and devices that have seen the largest change in score over the past month so the admin can pinpoint to the devices for which to scan for config changes that led to a decrease in the score. It further provides the trending of the overall score over the same time period.
There are also charts with the evolution of the score over the last month:
5. TSF Upload for Software Upgrade Recommendation Engine – The Software Upgrade Recommendation Engine (SURE) in AIOps Premium provides our customers recommendations on the software version upgrades that are best suited for their firewalls. Customers with pre-PAN-OS 10.0 and devices unable to send telemetry are requesting this capability for upgrade recommendations. TSF Upload for SURE enables users to upload TSF files to the SURE engine for processing and generating upgrade recommendations.
6. New Compliance Summary in AIOps Premium – Best practice checks can be classified into more than one category per standard security frameworks like CSC and NIST. Our customers need an effective way to perform audits of their deployment against these compliance standards. With Compliance Summary, users can view their compliance trends over time against the framework’s categories, such as Inventory and Control of Hardware Assets for CSC1 and Configuration Management for NIST. From the historical chart, users can drill-down and understand the best practice checks belonging to the category and what checks are non-compliant. Users can further click into each check to learn about the rationale of the check and examine the rules and configurations corresponding to the check. Equipped with the information our customers can quickly perform their security and compliance audits against the standards and identify the gaps.
We also provide details on each recommendation:
7. A new Consolidated BPA Dashboard provides a single Dashboard view for Best Practice assessments for Panorama and Cloud Managed NGFW and/or Prisma Access. Best practices will run on cloud manager’s config (NGFW and/or Prisma Access) every few minutes and the results will be available in the dashboard. A new item – “Cloud Manager” – will be available in the “Device/Manager” dropdown.
8. New ATP Dashboard examines threats detected on your network and identifies opportunities to strengthen your security posture. This dashboard provides a timeline view of Threats Allowed and Blocked and list of Hosts generating cloud detected C2 traffic and Hosts targeted by cloud detected exploits. ATP widgets are available in the Widget Library for custom dashboard creation. Dashboard supports PDF download, share and schedule.
9. New PCAP support with ATP – Support for viewing and downloading ATP-based PCAPs in Log Viewer that enables deeper analysis of detected threats, in AIOps Premium.
10. New Custom dashboards (“Build My Dashboard”) – with this new feature, available in AIOps Premium, you can:
This feature has an extensive Widget Library, with the widgets grouped by category, and the ability to preview with real data.
11. Unified Policy for Prisma Access and NGFW in AIOps Premium – A cloud native, SaaS-based, unified management console for NGFWs and Prisma Access, through a New "Manage" section in the UI that allows users to manage the NGFW and SD-WAN Policies. Cloud Managed policies can be run through the BPA process and generate alerts.
A 15-minute demo of the new AIOps for NGFW 3.0 is here:
AIOps for NGFW 3.0 will be released in phases for new and existing AIOps customers.
Check out what else is new and other enhancements by requesting a 90-day trial of AIOps for NGFW Premium.
Have you not activated your free instance of AIOps for NGFW yet? Here’s how.
06-28-2023 08:18 PM
All of this sounds great, but since the new UI dropped, I can't seem to use this tool effectively:
06-28-2023 08:25 PM
Please open a Support Case via CSP as soon as possible if you have not done so already.
06-30-2023 05:52 AM
Looks like the issue is resolved now, thank you team.
For anyone who has an issue with AIOps, please follow these guidelines when opening up a case:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!