Strata Cloud Manager
Dashboard: CDSS Adoption
Table of Contents
Dashboard: CDSS Adoption
Learn how to view the recommended CDSS subscriptions and their usage in your
devices.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
- Click to get started.
What does this dashboard show you?
- The dashboard shows the aggregated data for all firewalls onboarded to your tenant and are also sending telemetry data.
- Currently, this dashboard only supports four security subscriptions: Advanced Threat Prevention, Advanced URL Filtering, DNS Security and Wildfire.
The CDSS Adoption dashboard shows the recommended
Cloud-Delivered Security Services (CDSS) subscriptions and their usage in your
devices. This helps you to identify security gaps and harden the security
posture of your enterprise. After you navigate to this page, you will see a
pop-up asking you to confirm or update your zone roles in NGFWs to get accurate
security services recommendations. You can follow the link in this pop-up window
to map zones to roles.
Here’s a video that shows how to monitor security subscriptions using the
CDSS Adoption dashboard:
How can you use the data from the dashboard?
This dashboard helps you with the following:
- At the top of the Overview page, you can view the number of total known NGFWs and number of NGFWs sending telemetry in your AIOps for NGFW instance. The adoption of CDSS involves progressing through activation, configuration, and adherence to best practices. To track progress for each subscription, simply click on the numbers in the chart to view a list of devices that require updates along this journey. To use a security subscription license in a device, you need to activate it and then set up the service or feature accordingly.To focus on the security services data for a specific NGFW, filter the chart based on it. You can also view the best practice violations for a device in this drop-down list.
![]()
- You can click one of the values under ACTIVATE, CONFIGURE, or BEST PRACTICES to view details in a tabular format.
![]()
In this example, AIOps for NGFW recommends the activation of Advanced URL Filtering (ADV-URL) along with Advanced Threat Protection (ATP), Domain Name System (DNS), and WildFire (WF) security services for NGFWs. You can click Back to Graph View to navigate to the Overview page. - You can also view the same security posture data in a pie chart format. Click the pie-chart icon to view the information about recommended security services in a pie-chart format.
![]()
- You can click the sections of the pie-chart to view the information about the individual security service.
![]()
In this example, to view the NGFW where DNS Security is not configured, you can either click the value above the DNS Security section of a pie chart or click the DNS Security section of a pie chart.
Override Recommended Security Service
When you do not need a recommended security service for any reason, you can
override it. Click a value under CONFIGURE to view
details in a tabular format, you can override the recommended security
service.
In this example, AIOps for NGFW recommends the configuration of Advanced URL
Filtering (ADV-URL) along with other security services for a device. You can
cancel the ADV-URL security service for the NGFW device and all the zones under
it.
You can also override the recommended security service at a zone level.
View Details for an NGFW to view the source and
destination roles, policies, and their recommended security services.
In this example, you can override the ADV-URL security
service for the source role as Third Party Vendor and the
destination role as Unknown. You can also restore the
overridden recommendation by clicking on the security service under the
Overrides column.
You can View Policies associated with roles. Select a rule
to view its details without needing to leave the app.
Click Back to Table View to view the security services in
a tabular format.