Announcing Root Certificates Expiration Alerts in AIOps Free and Strata Cloud Manager with AIOps Premium License

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Announcing Root Certificates Expiration Alerts in AIOps Free and Strata Cloud Manager with AIOps Premium License

L2 Linker

Announcing New AIOps Alerts for PAN-OS Certificates Expiration

 

In our commitment to bolstering network security, we're excited to announce a significant enhancement to our Strata Cloud Manager platform. This update, to be released later this week, specifically addresses the critical issue of PAN-OS root and default certificate expiration.

 

  1. The Problem: PAN-OS Certificate Expiration
    The upcoming December 31, 2023, expiration of key certificates in Palo Alto Networks firewalls and PAN-OS software is a pressing concern. The expiry of these certificates threatens to disrupt service and compromise security controls across a wide range of devices. This issue presents itself in two distinct scenarios:

    • Data Redistribution Certificate Expiration (Scenario 1): Involves certificates that facilitate the sharing of information (like User-ID and IP-tags) among PAN devices.

    • Content Update Certificate Expiration (Scenario 2): Concerns the certificate that validates the authenticity of content updates, crucial for detecting new threats and applications.

      For more detailed information, visit this LIVEcommunity post.
    •  
  2. The Value of AIOps: Precise Detection and Tailored Recommendations
    To address these issues, AIOps Free and Strata Cloud Manager with AIOps Premium license will deliver two specific alerts:
     
    • Alert for Data Redistribution Certificate Expiration (Scenario 1):
      • Detection: The alert targets devices using Data Redistribution services. It checks whether the device's software version matches the target upgrade versions, verifies enabled data redistribution features, and confirms that custom certificates are not being used.
      • Recommendations: The alert advises on upgrading firewalls and Panorama appliances or deploying custom certificates where necessary, providing specific steps tailored to the device's configuration.
        pasted image 0.png
    • Alert for Content Update Certificate Expiration (Scenario 2):
      • Detection: This alert is broader, focusing on devices’ ability to verify content updates. It triggers when devices are not running the target software versions, have outdated Apps and Threat content, lack a valid device certificate, or use specific security subscriptions
      • Recommendations: It recommends updating content versions, upgrading devices, or enabling device certificates. The alert provides detailed steps to ensure the device continues to receive and implement crucial content updates.
      • pasted image 0 (1).png

Both alerts utilize a comprehensive approach that includes analyzing the device's software status, security subscriptions, and overall configuration to provide the most accurate and helpful recommendations.

 

Here is a video showing both alerts in the product:

 

 

3. The Strata Cloud Manager Approach
Our Strata Cloud Manager platform employs, in its AIOps features, advanced analytics, encompassing feature extraction and sophisticated data analysis. This approach ensures that alerts are not only based on software versions but also consider a wider array of device-specific attributes and configurations. This results in more precise issue detection and more relevant recommendations for each unique scenario.

 

4. Call to Action
To benefit from these advanced features, we urge all customers to enable telemetry and activate AIOps Free or the AIOps Premium License for Strata Cloud Manager on their devices. This proactive engagement is crucial for timely and effective management of network security issues.

 

5. Additional Reading and Resources
For more in-depth information on this issue and how to address it, we recommend the following resources:

 

 

By engaging with these new AIOps alerts, you can effectively navigate these challenges and maintain a robust and secure network. Stay informed and prepared for continuous advancements in network security solutions.

0 REPLIES 0
  • 2090 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!