Policies at risk - how to accept these?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Policies at risk - how to accept these?

L4 Transporter

Hello dear all!

 

How can I accept the risk of policies, which would be needed somewhere in the future?

 

RFeyertag_0-1702841036322.png

 

I do not want to delete them. Just accept the risk. 

 

BR

 

Rob

1 accepted solution

Accepted Solutions

L4 Transporter

Hi @RFeyertag 

I would like to inform you that since the October 2023 XDR release, Palo Alto have introduced a new feature that identifies those profiles which has the modules to be either in "Report" or "Disabled" mode. It is kind of a warning or a notification stating that the endpoints which are reporting to these profiles might be at risk as their modules are in report or disabled mode.

Reference: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Release-Notes/October-2023

Ignore this notification if the mode of action of the listed policies is set as you intend.
At present, there is no method to eliminate the notification.

 

Please mark the response as "Accept as Solution" if it answers/help your question.

 

 

Best regards
Tiago Marques

View solution in original post

2 REPLIES 2

L4 Transporter

Hello @RFeyertag 

 

Thanks for reaching out on Live Community!

Risky prevention policy notifications are in the form of warning badges and labels. XDR identifies risky prevention policies based on Palo Alto Networks best-practice policy settings.

Currently these are mere notifications and cannot be used for risk acceptance. You can use them in order to fine tune your prevention policies.

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

L4 Transporter

Hi @RFeyertag 

I would like to inform you that since the October 2023 XDR release, Palo Alto have introduced a new feature that identifies those profiles which has the modules to be either in "Report" or "Disabled" mode. It is kind of a warning or a notification stating that the endpoints which are reporting to these profiles might be at risk as their modules are in report or disabled mode.

Reference: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Release-Notes/October-2023

Ignore this notification if the mode of action of the listed policies is set as you intend.
At present, there is no method to eliminate the notification.

 

Please mark the response as "Accept as Solution" if it answers/help your question.

 

 

Best regards
Tiago Marques
  • 1 accepted solution
  • 1041 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!