AI-ops BPA is not giving correct results after techsupport file analysis

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AI-ops BPA is not giving correct results after techsupport file analysis

L2 Linker

Hi,

After my Palo account manager encouraged me to use the AI-Ops page, I uploaded the most recent techsupport file and carried out an on-demand BPA. 

Some of the findings / recommendations are already done within our box. For eg: it says to ensure the Palo Malicious address list (EDL) should be included in outgoing and incoming rules as Deny. this is already done and yet it's being reported. 

All of the profiles that appear on the report, as ones where machine learning ML categorisation should be implemented have that already implemented. There are more like this but these two glaring examples.

So on the one hand I am disappointed but more importantly confused as to a way forward to get our box up to a decent level of configuration. 

Please help. Thanks

2 REPLIES 2

Cyber Elite
Cyber Elite

@uduwawalan,

I'll preface this by saying it's been a bit since I ran a BPA, but I would take the results with a grain of salt. There were quite a few things that it detected previously that were just informational alerts more than anything regardless of what you had in your configuration. While it absolutely will detect configuration issues that you can address, there was also plenty of detections that weren't actually actionable or were already configured like what you're currently encountering.

L6 Presenter

I'm not saying it's the correct approach, but now even in the free version of AIOps you can set permanent exemptions from this menu:

Brandon_Wertz_0-1730294382736.png

 

  • 420 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!