License to view data from supported product in the
Strata Cloud Manager
to get started.
What does this dashboard show you?
The dashboard shows aggregated data per Prisma Access and NGFW/Panorama
associated with your tenant.
The best practices dashboard measures your security posture against Palo Alto
Networks’ best practice guidance. Importantly, the best practices assessment
includes checks for the Center for Internet Security’s Critical Security
Controls (CSC). CSC checks are called out separately from other best practice
checks, so you can easily pick out and prioritize updates that will bring you up
to CSC compliance.
The best practice dashboard is divided into five sections:
Gives you a comprehensive view of all the failed checks for a device
across the configuration types (Security, Network, Identity, and Service
Setup), View historical trend charts for BPA checks and assess your best
practice adoption rate for key feature areas.
Shows the rules, rulebases, or profiles that are failing best practice
and CSC checks for the selected device and location. When available, CLI
remediations allow you to resolve issue with your policy rules. CLI
remediations are generated using TSF data you upload when generating an
On-Demand BPA report.
Looks at how your policy is organized, and whether configuration
settings that apply across many rules align with best practices
(including CSC checks).
Shows you the rules failing best practice and CSC checks. See
where you can take quick action to fix failed checks. Rules are
sorted based on session count, so you can start by reviewing and
updating the rules that are impacting the most traffic.
Shows you how your profiles stack up against best practices,
including CSC checks. Profiles perform advanced inspection for
traffic matched to a security or decryption rule.
Shows whether the authentication enforcement settings (authentication
rule, authentication profile, and authentication portal) for a device
meet the best practices and comply with CSC checks.
Checks whether the application override rules and network settings align
with best practice and CSC checks.
See how the subscriptions you have enabled on your devices are aligning
with the best practice and CSC checks. You can review the WildFire
setup, GlobalProtect portal and GlobalProtect gateway configurations
here and fix the failed checks.
This dashboard supports reports. These icons,
in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule
reports that cover the data this dashboard displays.
How can you use the data from the dashboard?
While best practice guidance aims to help you bolster your security posture,
findings in this report can also help you to identify areas where you can make
changes to more effectively manage your environment.