Configure Inline Cloud Analysis (Strata Cloud Manager)
Focus
Focus
Advanced Threat Prevention

Prisma Access

Table of Contents


Configure Inline Cloud Analysis (
Strata Cloud Manager
)

  1. To take advantage of inline cloud analysis, you must have an active
    Prisma Access
    subscription, which provides access to Advanced Threat Prevention features. For information about the applications and services offered with
    Prisma Access
    , refer to All Available Apps and Services.
    To verify subscriptions for which you have currently-active licenses, Check What’s Supported With Your License.
  2. Use the credentials associated with your Palo Alto Networks support account and log in to the
    Strata Cloud Manager
    on the hub.
  3. Update or create a new Anti-Spyware Security profile to enable inline cloud analysis (to analyze traffic for advanced C2 (command-and-control) and spyware threats in real-time).
    1. Select
      Manage
      Configuration
      NGFW and
      Prisma Access
      Security Services
      Anti-Spyware
      .
    2. Select your Anti-Spyware security profile and then go to
      Inline Cloud Analysis
      panel and
      Enable Inline Cloud Analysis
      .
    3. Specify an
      Action
      to take when a threat is detected using a corresponding analysis engine.
      The default action for each analysis engine is
      alert
      , however, Palo Alto Networks recommends setting all actions to
      Reset-Both
      for the best security posture.
      • Allow
        —The request is allowed and no log entry is generated.
      • Alert
        —The request is allowed and a Threat log entry is generated.
      • Drop
        —Drops the request; a reset action is not sent to the host/application.
      • Reset-Client
        —Resets the client-side connection.
      • Reset-Server
        —Resets the server-side connection.
      • Reset-Both
        —Resets the connection on both the client and server ends.
    4. Click
      OK
      to exit the Anti-Spyware Profile configuration dialog and
      Commit
      your changes.
  4. (Optional)
    Add URL and/or IP address exceptions to your Anti-Spyware profile if Inline Cloud Analysis produces false-positives. You can add exceptions by specifying an external dynamic list (URL or IP address list types) or an
    Addresses
    policy object.
    1. Add an
      External Dynamic Lists
      or [IP]
      Addresses
      object exception.
    2. Select
      Manage
      Configuration
      Anti-Spyware
      .
    3. Select an Anti-Spyware profile for which you want to exclude specific URLs and/or IP addresses and then go to the
      Inline Cloud Analysis
      pane.
    4. Add EDL/URL
      or
      Add IP Address
      , depending on the type of exception you want to add, and then select a pre-existing URL or IP address external dynamic list. If none are available, create a new external dynamic list policy object. For IP address exceptions, you can, optionally, select an
      Addresses
      object list.
    5. Click
      OK
      to save the Anti-Spyware profile and
      Commit
      your changes.


Recommended For You