Focus

Prisma Access

Create and Manage HIP Profiles for the Dynamic Privilege Access Prisma Access Agent

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Create and Manage HIP Objects for the Dynamic Privilege Access Prisma Access Agent

Push the Prisma Access Agent Configuration

Create and Manage HIP Profiles for the Dynamic Privilege Access
Prisma Access Agent

Learn how to create a collection of HIP objects that are evaluated together, either for monitoring or for security policy enforcement.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)	Prisma Access 5.1 Innovation Prisma Access license with the Mobile User subscription macOS 12 or later desktop devices or Windows 10 version 2024 or later or Windows 11 desktop devices Role: Superuser

A HIP Profile is a collection of host information profile objects that are evaluated together, either for monitoring or for security policy enforcement. When you create your HIP Profiles, you can combine the HIP objects and HIP Profiles you previously created by using Boolean logic, such that when a traffic flow is evaluated against the resulting HIP Profile, it either matches or does not match. If there is a match, the corresponding policy rule is enforced. If there is no match, the flow is evaluated against the next rule, as with any other policy matching criteria.

From Strata Cloud Manager, select

Workflows

Prisma Access Setup

Access Agent

Prisma Access Agent

Edit

the

Global Agent Settings

Select

HIP Notifications

and click

Add

Click

Create HIP Profile

Enter a

Name

and

Description

to identify the profile.

Click within the

Match

field to open the HIP Profile builder.

Select the HIP object or profile that you want to use as match criteria from the list.

Select a Boolean operator (

And

). If you want the HIP Profile to evaluate the object as a match only when the criteria in the object are not true for a flow, select the

Not

check box before adding the object.

Select another HIP object or profile to evaluate against the first HIP object.

Continue adding match criteria for the profile that you're building, making sure to select the appropriate Boolean operator radio button (

And

) between each addition, and using the

Not

check box when appropriate. The HIP Profile can contain up to 2,048 characters in length.

When creating a complex Boolean expression, you must manually add the parenthesis in the proper places in the

Match

text box to ensure that the HIP Profile is evaluated using the logic you intend.

Save

and

Add

your HIP Profile.

To manage your HIP Profiles, you can select an existing profile from the HIP Notifications table or click

Add

in the Edit Global Agent Settings page to open the HIP Notifications window.

From there, click

Manage HIP Profile

to view the list of HIP Profiles that you have configured. You can select a HIP Profile and

Delete

Clone

, or

Move

it. You can also

Add

a HIP Profile from here.

Create and Manage HIP Objects for the Dynamic Privilege Access Prisma Access Agent

Push the Prisma Access Agent Configuration

Prisma Access Docs

Create and Manage HIP Profiles for the Dynamic Privilege Access Prisma Access Agent

Prisma Access Docs

Create and Manage HIP Profiles for the Dynamic Privilege Access
Prisma Access Agent

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner