This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Issues fixed as recommended by AIOPS Premium console are still being reported negatively

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issues fixed as recommended by AIOPS Premium console are still being reported negatively

bahan
L1 Bithead

‎05-26-2023 08:08 AM - edited ‎05-26-2023 08:12 AM

1:   I have critical alerts in AIOPS that when corrected are still being reported in the console and not configured:

Outbound High Risk IP Addresses Not Blocked:

Follow these steps to resolve the issue:
Configure and enable a deny rule with the 'Palo Alto Networks - High risk IP addresses' EDL in the destination address, Log at Session End enabled, along with a Log Forwarding Profile OR an allow rule with the same configurations along with Antivirus, Vulnerablility Protection, Anti-Spyware and URL Filtering profiles configured
I also have similar for the "Inbound".
 
2:   Undecrypted Traffic Settings Not Set To Recommended
Follow these steps to resolve the issue: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/decryption-concepts/no-decrypti...
The following options need to be enabled: block_expired_certificate, block_untrusted_issuer
If I follow the recommended steps in AIOPS the non-decrypted excluded sites are blocked.
 
3:   File Blocking Profile Not Strict
I have one user that uses the website Canva.com and if I put the Strict File Blocking profile of that specific userid Canva.com stops working because it uses Windows PE to display images in the site.
 
How can I get these sorted? I am pulling my hair our double and triple checking configs.
 
Finally, AIOPS is grading the default "READ ONLY" Objects like URL Filtering, Antispyware, Antivirus etc: and preventing the Firewall from moving from Orange(Fair) to Good(Green) in the Device Security Dashboard.
 
Can you do a forced manual AIOPS scan of the firewall instead of having to wait on the automatic scan every 24hrs?
 
 Please help
 
0 Likes Likes
0 REPLIES 0
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks