Prisma Access
Configure HIP Data Collection Settings for Dynamic Privilege Access
Table of Contents
Configure HIP Data Collection Settings for Dynamic Privilege Access
Define any custom host information profile data that you want the to collect or
exclude from collection on the endpoints that logged in using a project.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The Prisma Access Agent collects information about the host it's
running on and submits this host information to the Prisma Access location
(gateway) upon successful connection. The gateway matches this raw host information
submitted by the Prisma Access Agent against any host information profile
(HIP) objects and HIP Profiles that you have defined. If it finds a match, it
generates an entry in the HIP Match log. Additionally, if it finds a HIP Profile
match in a policy rule, it enforces the corresponding security policy.
In the
HIP Notifications
tab of the Edit Global
Agent Settings page, you can create HIP notifications, create and manage HIP
objects, and create and manage HIP Profiles that apply to the Prisma Access Agent across all endpoints.Here, you can define custom HIP data that you want the Prisma Access Agent to collect or exclude. When this option is enabled, the
Prisma Access Agent collects data from devices running macOS or Windows
operating systems.
For example, a custom check could enable you to know whether a certain
application is installed or running on an endpoint. The data that you define to be
collected in a custom check is included in the raw host information data that the
Prisma Access Agent collects and then submits to Prisma Access when
the Prisma Access Agent connects.
- FromStrata Cloud Manager, select and expand the Configuration Scope to view theSnippets.
- Select the snippet that the Superuser admin assigned to you.
- Select to open the Dynamic Privilege Access settings.
- Select theAgent Settingstab.
- Add Agent Settingsor select an existing configuration from the Agent Setting table.
- In the Host Information Profile (HIP) section, selectCollect HIP Datato enable HIP data collection on the endpoints that logged in using a project.
- SelectShow Advanced Options.
![]()
- Specify theMax Wait Time(in seconds) that the Prisma Access Agent should search for HIP data before submitting the available data. The range is 10-60 seconds; the default is 20 seconds.
- EditExclude Categories to exclude specific categories, or vendors, applications, or versions within a category from HIP data collection.Select aCategory(such as data loss prevention) to exclude from HIP collection. After selecting a category, you canAdda particularVendor, and thenAdda specificProductfrom the vendor to further refine the exclusion as needed. You can add multiple vendors and products to the exclude list.Saveyour settings in each dialog.
![]()
If you don't want to exclude an entire vendor, you can exclude specific patches from a vendor. After adding the vendor, you can specify the patch name or number and optionally a date until which you want to exclude the patch updates from the HIP report using the following format:Exclude: [kb-article-id1: MM/DD/YYYY], [kb-article-id2: MM/ DD/YYYY]Where<kb-article-id>is the name or number in the attribute (for example<kb-article-id>2267602</kb-article-id>) and theMM/DD/YYYYspecifies the date up to which the patch is excluded from the HIP report. If you do not set a date, the patch will be excluded from the HIP report indefinitely. If you choose to set a date, the patch will be excluded until the specified date. - EditCustom Checks to define any custom data you want to collect from the hosts running this configuration.
![]()
For example, if you have any required applications that are not included in the Vendor or Product lists for creating HIP objects, you can create a custom check to determine whether that application is installed (it has a corresponding Windows registry or Mac plist key) or is currently running (has a corresponding running process):- Windows—Adda check for a particular Registry Key or Registry Value. To restrict data collection to a specific Registry Value,Addand then define the specific registry values.
- Mac—Adda check for a particularPlistkey orKeyvalue. To restrict the data collection to specific key values,Addthe Key values. Click OK to save the settings.
- Process List—Addthe processes you want to check for on user endpoints to see if they are running. For example, to determine whether a software application is running, add the name of the executable file to the process list. You can add a process to theWindowstab, theMactab, or both.
Savethe custom check settings when you are done. - When you have finished configuring the project-specificPrisma Access Agentsettings,Savethe configuration.
