Configure HIP Data Collection Settings for Dynamic Privilege Access

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Activation & Onboarding
Administration
Version
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
- Prisma Access China
Integrations
Incidents & Alerts

Configure DNS Settings for Dynamic Privilege Access

Create a Project

Configure HIP Data Collection Settings for Dynamic Privilege Access

Define any custom host information profile data that you want the to collect or exclude from collection on the endpoints that logged in using a project.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)	Prisma Access 5.1 Innovation macOS 12 or later desktop devices or Windows 10 version 2024 or later or Windows 11 desktop devices Prisma Access license with the Mobile User subscription Role: Project Admin

The Prisma Access Agent collects information about the host it's running on and submits this host information to the Prisma Access location (gateway) upon successful connection. The gateway matches this raw host information submitted by the Prisma Access Agent against any host information profile (HIP) objects and HIP Profiles that you have defined. If it finds a match, it generates an entry in the HIP Match log. Additionally, if it finds a HIP Profile match in a policy rule, it enforces the corresponding security policy.

In the HIP Notifications tab of the Edit Global Agent Settings page, you can create HIP notifications, create and manage HIP objects, and create and manage HIP Profiles that apply to the Prisma Access Agent across all endpoints.

Here, you can define custom HIP data that you want the Prisma Access Agent to collect or exclude. When this option is enabled, the Prisma Access Agent collects data from devices running macOS or Windows operating systems.

For example, a custom check could enable you to know whether a certain application is installed or running on an endpoint. The data that you define to be collected in a custom check is included in the raw host information data that the Prisma Access Agent collects and then submits to Prisma Access when the Prisma Access Agent connects.

From Strata Cloud Manager, select ManageConfigurationNGFW and Prisma AccessOverview and expand the Configuration Scope to view the Snippets.
Select the snippet that the Superuser admin assigned to you.
Select ObjectsDynamic Privilege Access to open the Dynamic Privilege Access settings.
Select the Agent Settings tab.
Add Agent Settings or select an existing configuration from the Agent Setting table.
In the Host Information Profile (HIP) section, select Collect HIP Data to enable HIP data collection on the endpoints that logged in using a project.
Select Show Advanced Options.
Specify the Max Wait Time (in seconds) that the Prisma Access Agent should search for HIP data before submitting the available data. The range is 10-60 seconds; the default is 20 seconds.
Edit Exclude Categories to exclude specific categories, or vendors, applications, or versions within a category from HIP data collection.
Select a Category (such as data loss prevention) to exclude from HIP collection. After selecting a category, you can Add a particular Vendor, and then Add a specific Product from the vendor to further refine the exclusion as needed. You can add multiple vendors and products to the exclude list. Save your settings in each dialog.
If you don't want to exclude an entire vendor, you can exclude specific patches from a vendor. After adding the vendor, you can specify the patch name or number and optionally a date until which you want to exclude the patch updates from the HIP report using the following format:
```
Exclude: [kb-article-id1: MM/DD/YYYY], [kb-article-id2: MM/ DD/YYYY]
```
Where <kb-article-id> is the name or number in the attribute (for example <kb-article-id>2267602</kb-article-id>) and the MM/DD/YYYY specifies the date up to which the patch is excluded from the HIP report. If you do not set a date, the patch will be excluded from the HIP report indefinitely. If you choose to set a date, the patch will be excluded until the specified date.
Edit Custom Checks to define any custom data you want to collect from the hosts running this configuration.
For example, if you have any required applications that are not included in the Vendor or Product lists for creating HIP objects, you can create a custom check to determine whether that application is installed (it has a corresponding Windows registry or Mac plist key) or is currently running (has a corresponding running process):
- Windows—Add a check for a particular Registry Key or Registry Value. To restrict data collection to a specific Registry Value, Add and then define the specific registry values.
- Mac—Add a check for a particular Plist key or Key value. To restrict the data collection to specific key values, Add the Key values. Click OK to save the settings.
- Process List—Add the processes you want to check for on user endpoints to see if they are running. For example, to determine whether a software application is running, add the name of the executable file to the process list. You can add a process to the Windows tab, the Mac tab, or both.
Save the custom check settings when you are done.
When you have finished configuring the project-specific Prisma Access Agent settings, Save the configuration.