Advanced Threat Prevention
Prisma Access
Table of Contents
Cloud Management
Cloud Management
- To take advantage of inline cloud analysis, you must have an activePrisma Accesssubscription, which provides access to Advanced Threat Prevention features. For information about the applications and services offered withPrisma Access, refer to All Available Apps and Services.To verify subscriptions for which you have currently-active licenses, Check What’s Supported With Your License.
- Use the credentials associated with your Palo Alto Networks support account and log in to theStrata Cloud Manageron the hub.
- Update or create a new Anti-Spyware Security profile to enable inline cloud analysis (to analyze traffic for advanced C2 (command-and-control) and spyware threats in real-time).
- Select.ManageConfigurationNGFW andPrisma AccessSecurity ServicesAnti-Spyware
- Select your Anti-Spyware security profile and then go toInline Cloud Analysispanel andEnable Inline Cloud Analysis.
- Specify anActionto take when a threat is detected using a corresponding analysis engine.The default action for each analysis engine isalert, however, Palo Alto Networks recommends setting all actions toReset-Bothfor the best security posture.
- Allow—The request is allowed and no log entry is generated.
- Alert—The request is allowed and a Threat log entry is generated.
- Drop—Drops the request; a reset action is not sent to the host/application.
- Reset-Client—Resets the client-side connection.
- Reset-Server—Resets the server-side connection.
- Reset-Both—Resets the connection on both the client and server ends.
- ClickOKto exit the Anti-Spyware Profile configuration dialog andCommityour changes.
- (Optional)Add URL and/or IP address exceptions to your Anti-Spyware profile if Inline Cloud Analysis produces false-positives. You can add exceptions by specifying an external dynamic list (URL or IP address list types) or anAddressespolicy object.
- Add anExternal Dynamic Listsor [IP]Addressesobject exception.
- Select.ManageConfigurationAnti-Spyware
- Select an Anti-Spyware profile for which you want to exclude specific URLs and/or IP addresses and then go to theInline Cloud Analysispane.
- Add EDL/URLorAdd IP Address, depending on the type of exception you want to add, and then select a pre-existing URL or IP address external dynamic list. If none are available, create a new external dynamic list policy object. For IP address exceptions, you can, optionally, select anAddressesobject list.
- ClickOKto save the Anti-Spyware profile andCommityour changes.
- Update or create a new Vulnerability Protection Security profile to enable inline cloud analysis (to analyze traffic for command injection and SQL injection vulnerabilities in real-time).
- Select an existing Vulnerability Protection security profile orAdd Profile().ManageConfigurationVulnerability Protection
- Select your Vulnerability Protection profile and then go toInline Cloud AnalysisandEnable inline cloud analysis.
- Specify anActionto take when a vulnerability exploit is detected using a corresponding analysis engine. There are currently two analysis engines available:SQL InjectionandCommand Injection.
- Allow—The request is allowed and no log entry is generated.
- Alert—The request is allowed and a Threat log entry is generated.
- Reset-Client—Resets the client-side connection.
- Reset-Server—Resets the server-side connection.
- Reset-Both—Resets the connection on both the client and server ends.
- ClickOKto exit the Vulnerability Protection Profile configuration dialog andCommityour changes.
- (Optional)Add URL and/or IP address exceptions to your Vulnerability Protection profile if Inline Cloud Analysis produces false-positives. You can add exceptions by specifying an external dynamic list (URL or IP address list types) or anAddressesobject.
- Add anExternal Dynamic Listsor [IP]Addressesobject exception.
- SelectObjects > Security Profiles > Vulnerabilityto return to your Vulnerability Protection profile.
- Select a Vulnerability profile for which you want to exclude specific URLs and/or IP addresses and then selectInline Cloud Analysis.
- AddanEDL URLorIP Address, depending on the type of exception you want to add, and then select a pre-existing URL or IP address external dynamic list. If none are available, create a new external dynamic list. For IP address exceptions, you can, optionally, select anAddressesobject list.
- ClickOKto save the Vulnerability Protection profile and commit your changes.
- (Optional)Monitor Advanced Threat Prevention