Announcing the Unified Incident Framework (UIF) in Strata Cloud Manager

We are excited to announce the rollout of the Unified Incident Framework (UIF), a new approach to identifying, managing, and resolving issues in your Network Security deployment. The UIF provides a more consistent, actionable way to maintain the health, performance, and security posture of your network.

1. What is the UIF? Why is it needed?

The Unified Incident Framework (UIF) is a new strategy for managing events and alerts in Strata Cloud Manager. Network security administrators previously struggled with inconsistent visibility into current and emerging issues within their hybrid networks. The UIF addresses this by making incidents the central unit of work in Strata Cloud Manager.

This streamlined approach provides a more efficient way to manage your deployment. Over time, all Palo Alto Networks' Network Security products will leverage this framework within Strata Cloud Manager.

2. What is an Incident?

An incident is defined as a current or emerging degradation in the availability, security posture, and/or performance of a deployment.

Incidents are designed to be actionable and require your attention. They provide context to help you resolve the issue. Key characteristics include:

• Actionability: Incidents require user action.
• Root Cause Analysis: Incidents often have a root cause, helping you identify the underlying problem.
• Remediation: Incidents can include recommended next steps or remedial actions to assist with resolution.
• Correlation: Incidents may contain one or more correlated events, providing a more comprehensive view of the issue.

3. What additional capabilities are available with Incidents?

The new Incident Framework includes a range of capabilities, with features varying based on your license tier (Strata Cloud Manager Essentials or Strata Cloud Manager Pro).

Strata Cloud Manager Essentials

Incidents for Strata Cloud Manager Essentials users will include:

• Detection: Uses UP/DOWN events, log events, and static thresholds.
• Analysis: Includes evidence and primary impacted objects.
• Recommendations: Provides textual recommendations for resolution.
• Notifications: Sends notifications via email, webhooks, and ITSM.

Strata Cloud Manager Pro

Strata Cloud Manager Pro users get all of the above, plus:

• Advanced Detection: Includes dynamic baseline-based anomalies and ML-based forecasting.
• In-depth Analysis: Provides impact scope, correlation, and causation details.
• Advanced Resolutions: Offers automated playbooks and automatic support case creation.

4. What is the rollout plan timeline? 

The rollout of Incidents for NGFW within Strata Cloud Manager instances is scheduled to begin on September 29. This will include the first phase of Op Health Incidents and any incidents created as part of the Best Practices Assessments (BPA).

5. What is the impact on my existing alerts and notification rules?

With the new Unified Incident Framework, all external notifications will now be driven by Incidents. You will also be able to customize which issues are raised to your attention, allowing you to focus only on what is relevant to your deployment.

Here are a few Videos detailing the new UIF.

Strata Cloud Manager