05-26-2023 08:08 AM - edited 05-26-2023 08:12 AM
1: I have critical alerts in AIOPS that when corrected are still being reported in the console and not configured:
Outbound High Risk IP Addresses Not Blocked:
06-06-2023 11:44 AM
Have you found an answer to this? I'm also curious
06-06-2023 12:21 PM
My Friend,
Not a single person replied. Worse yet you are not allowed to call tech support for AIOPS issues.
You are directed bck to the Community where the support is located, but still no answers.
It seems as if you literally have to wait 30 days for the console to refresh so you can get answers to the changes.
I will upload a tech cupport file to the BPA section so see if this will trigger and update and regrading in AIOPS cloud console.
06-06-2023 01:45 PM
Bahan, sorry for the delayed response. Here are answers to your questions:
Q. Outbound High Risk IP Addresses Not Blocked
A. The likely reason is that if there are any rules with an action of "allow" above the rule in question, the check will fail. We are doing a full review of BP checks now, and that requirement (for this check) is being removed.
Q. Undecrypted Traffic Settings Not Set To Recommended
A. This is a best practice. If you continue to have issues with this setting it is best to open a ticket with TAC to investigate why the settings are not working as the documentation describes.
Q. File Blocking Profile Not Strict
A. This check is being removed as part of our ongoing BP check review.
Q. Finally, AIOPS is grading the default "READ ONLY" Objects like URL Filtering, Antispyware, Antivirus etc: and preventing the Firewall from moving from Orange(Fair) to Good(Green) in the Device Security Dashboard.
A. As part of our ongoing BP check review we are working with the PAN-OS team to change "defaults" (where possible) to align with best practices. We will be working to resolve this issue going forward.
Q. Can you do a forced manual AIOPS scan of the firewall instead of having to wait on the automatic scan every 24hrs?
A. Not currently (via telemetry). There is an "on-demand" TSF upload feature now, which you can use to force a re-evaluation for that TSF which was uploaded.
06-06-2023 05:18 PM
There is an "on-demand" TSF upload feature now, which you can use to force a re-evaluation for that TSF which was uploaded.
Please sir, where exactly is this feature? Is it the upload in Posture/On-Demand BPA? or another location?
10-11-2023 09:34 AM
Not sure if you still need an answer to this, but if you go to Dashboards > On Demand BPA > Generate New BPA Report - Here is where you would upload the TSF file. The On Demand BPA feature only allows usage of the Best Practices dashboard and Feature adoption dashboard. Although this would allow you to refresh the best practice assessment, it is my understanding that this would not refresh the rest of the information in AIOps that is being received through telemetry.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
