Issues fixed as recommended by AIOPS Premium console are still being reported negatively

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issues fixed as recommended by AIOPS Premium console are still being reported negatively

L1 Bithead

1:   I have critical alerts in AIOPS that when corrected are still being reported in the console and not configured:

Outbound High Risk IP Addresses Not Blocked:

Follow these steps to resolve the issue:
Configure and enable a deny rule with the 'Palo Alto Networks - High risk IP addresses' EDL in the destination address, Log at Session End enabled, along with a Log Forwarding Profile OR an allow rule with the same configurations along with Antivirus, Vulnerablility Protection, Anti-Spyware and URL Filtering profiles configured
I also have similar for the "Inbound".
 
2:   Undecrypted Traffic Settings Not Set To Recommended
The following options need to be enabled: block_expired_certificate, block_untrusted_issuer
If I follow the recommended steps in AIOPS the non-decrypted excluded sites are blocked.
 
3:   File Blocking Profile Not Strict
I have one user that uses the website Canva.com and if I put the Strict File Blocking profile of that specific userid Canva.com stops working because it uses Windows PE to display images in the site.
 
How can I get these sorted? I am pulling my hair our double and triple checking configs.
 
Finally, AIOPS is grading the default "READ ONLY" Objects like URL Filtering, Antispyware, Antivirus etc: and preventing the Firewall from moving from Orange(Fair) to Good(Green) in the Device Security Dashboard.
 
Can you do a forced manual AIOPS scan of the firewall instead of having to wait on the automatic scan every 24hrs?
 
 Please help
 
5 REPLIES 5

L2 Linker

Have you found an answer to this? I'm also curious

My Friend, 

 

Not a single person replied. Worse yet you are not allowed to call tech support for AIOPS issues.

You are directed bck to the Community where the support is located, but still no answers.

 

It seems as if you literally have to wait 30 days for the console to refresh so you can get answers to the changes.

 

I will upload a tech cupport file to the BPA section so see if this will trigger and update and regrading in AIOPS cloud console.

L3 Networker

Bahan, sorry for the delayed response.  Here are answers to your questions:

 

Q. Outbound High Risk IP Addresses Not Blocked

A. The likely reason is that if there are any rules with an action of "allow" above the rule in question, the check will fail.  We are doing a full review of BP checks now, and that requirement (for this check) is being removed.

 

Q. Undecrypted Traffic Settings Not Set To Recommended

A.  This is a best practice.  If you continue to have issues with this setting it is best to open a ticket with TAC to investigate why the settings are not working as the documentation describes.

 

Q. File Blocking Profile Not Strict

A. This check is being removed as part of our ongoing BP check review.

 

Q. Finally, AIOPS is grading the default "READ ONLY" Objects like URL Filtering, Antispyware, Antivirus etc: and preventing the Firewall from moving from Orange(Fair) to Good(Green) in the Device Security Dashboard.

A. As part of our ongoing BP check review we are working with the PAN-OS team to change "defaults" (where possible) to align with best practices.  We will be working to resolve this issue going forward.

 

Q. Can you do a forced manual AIOPS scan of the firewall instead of having to wait on the automatic scan every 24hrs?

A. Not currently (via telemetry).  There is an "on-demand" TSF upload feature now, which you can use to force a re-evaluation for that TSF which was uploaded.

 

There is an "on-demand" TSF upload feature now, which you can use to force a re-evaluation for that TSF which was uploaded.

 

Please sir, where exactly is this feature? Is it the upload in Posture/On-Demand BPA?  or another location?

Not sure if you still need an answer to this, but if you go to Dashboards > On Demand BPA > Generate New BPA Report - Here is where you would upload the TSF file. The On Demand BPA feature only allows usage of the Best Practices dashboard and Feature adoption dashboard. Although this would allow you to refresh the best practice assessment, it is my understanding that this would not refresh the rest of the information in AIOps that is being received through telemetry.

  • 2908 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!