10-29-2024 11:29 AM - edited 10-29-2024 11:32 AM
Hi,
After my Palo account manager encouraged me to use the AI-Ops page, I uploaded the most recent techsupport file and carried out an on-demand BPA.
Some of the findings / recommendations are already done within our box. For eg: it says to ensure the Palo Malicious address list (EDL) should be included in outgoing and incoming rules as Deny. this is already done and yet it's being reported.
All of the profiles that appear on the report, as ones where machine learning ML categorisation should be implemented have that already implemented. There are more like this but these two glaring examples.
So on the one hand I am disappointed but more importantly confused as to a way forward to get our box up to a decent level of configuration.
Please help. Thanks
10-29-2024 06:06 PM
I'll preface this by saying it's been a bit since I ran a BPA, but I would take the results with a grain of salt. There were quite a few things that it detected previously that were just informational alerts more than anything regardless of what you had in your configuration. While it absolutely will detect configuration issues that you can address, there was also plenty of detections that weren't actually actionable or were already configured like what you're currently encountering.
10-30-2024 06:19 AM
I'm not saying it's the correct approach, but now even in the free version of AIOps you can set permanent exemptions from this menu:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
