Strata Cloud Manager
Manage: IoT Policy Recommendation
Table of Contents
Manage: IoT Policy Recommendation
Create Security policy rules from automatically generated rule recommendations for next-generation firewalls or Prisma Access to enforce.
Where Can I Use This?
What Do I Need?
IoT Security provides
with automatically generated Security policy rule recommendations organized by device profile. There is one recommendation per application per profile. Choose a profile, select the rule recommendations you want to use, and then the next-generation firewalls or
Strata Cloud Manager
deployment types where you want to enforce them.
Select Security policy rule recommendations and apply them to next-generation firewalls or Prisma Access.
- Create folders or snippets for next-generation firewalls.Skip this step if you want to use predefined folders or previously created folders or snippets.folders are predefined.Prisma AccessFolders are essentially containers that hold various kinds of rules, security configurations, and objects. For importing the policy rule recommendations thatIoT Security generated, the folders would hold next-generation firewalls orIoT Securitydeployments.Prisma AccessSnippets are also a type of container that can be associated with multiple folders. With folders and snippets, you can import policy rules into whichever groups of firewalls or deployments you want.For example, you might create a folder named California and put 60 firewalls in it and then create another folder named Hawaii and put 15 firewalls in that. You then create a snippet called CA-HI and apply it to the California and Hawaii folders. When you want to import rule recommendations only to firewalls in California, you set the scope asFolderand select the California folder. If you want to import the rule recommendations to both California and Hawaii, set the scope asSnippetand select the CA-HI snippet.Depending on the hierarchy of the folder structure, we might have a parent folder like US-West above California and Hawaii. Then if you import rule recommendations while the scope is set asFolderwithUS-Westselected, then both of the children folders California and Hawaii would inherit the imported rules. However, this wouldn't work if you only wanted to import rules to California and Hawaii if they had sibling folders like Oregon, Alaska, Washington, and Arizona under the US-West folder. Then you'd have to use the CA-HI snippet.
- Create Security policy rules.
- Select.ManageConfigurationIoT Policy Recommendation
- Select a profile name.uses machine learning to automatically generate Security policy rule recommendations based on the normal, acceptable network behaviors of IoT devices in the same device profile.IoT Securitydisplays a list of these recommendations organized by application. For each behavior, you can see the following:Strata Cloud ManagerBehavior ComponentExplanationApp RiskSecurity Policy CreatedWhen one or more names of folders or snippets appear here, it indicates a Security policy rule was previously created for this behavior. Clicking one of them opens a side panel with the names of the profile, application, and folder or snippet, and the policy rule action. WhenNoappears here, it indicates a rule has not yet been created.Discovered LocationInternalindicates that the destination is on the local network.Externalindicates that the destination is outside the local network.Locally ObservedYesindicates the behavior was observed in your IoT Security tenant environment.Noindicates it was observed in multiple IoT Security tenant environments but not in yours.App UsageCommonindicates that an application has been detected in multiple IoT Security tenant environments.Uniqueindicates that it has been observed in your environment but not in those of other tenants that also have devices in the same profile.Destination Address & FQDNThis is the destination for a recommended policy rule. It can be Any, an IP address, or an FQDN.Destination ProfileA profile is shown when the destination is internal and the device profile of the destination is identified.Last SeenFor locally observed behaviors, this is the timestamp when it was last observed. For common behaviors not observed locally, a dash is shown.
- Select one or more behaviors and thenCreate Security Policy.
- Review the Security policy rules that will be created and then select the config scope for wherewill apply them.Strata Cloud ManagerTo apply the rules to one or more next-generation firewalls ordeployments in a folder, selectPrisma AccessFoldersand then choose the folder from Scope Selection.To apply the rules to one or more next-generation firewalls ordeployments in a snippet, selectPrisma AccessSnippetsand then choose the snippet from Scope Selection.
- Create Security Policy.
- Push the configuration to next-generation firewalls and Prisma Access deployments.
- Select.ManageOperationsPush Config
- Select the folders with the configuration changes,Push Config,Push, and thenPushagain.displays an ID number in the Job ID column for the selected folders and the status of the configuration push in the Push Status column.Strata Cloud ManagerWhen the Push Status changes fromPendingtoSuccess, you know the pushed configuration has started running.
- To see the status of a push job, select. There you can see the status of the parent job and also the status of the children jobs, one for each firewall or deployment.ManageOperationsPush Status