>
    Strata Copilot
    Custom Settings
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Optimize Security Posture
    4. Incident Settings Framework
    5. Custom Settings
    Download PDF
    Strata Cloud Manager

    Custom Settings

    Table of Contents

    Custom Settings

    Where Can I Use This?What Do I Need?
    • One of the following licenses:
    You can create custom settings per tenant with flexible modifications based on your specific operational needs. Using custom settings, you can override the default settings for granular control over incident management.
    Here are the key features of custom settings:
    • Override Defaults: Customize incident handling beyond baseline configurations.
    • Scheduled Suppression: Define maintenance windows to mute noncritical alerts.
    • Smart Suppression: Prevents conflicting suppression schedules and optimizes rules to avoid alert flooding.
    • Object-Specific Handling: Define entities relevant to specific incident settings.
    • Troubleshooting Toggle: Enable or disable custom settings to diagnose issues.
    Here are examples of using custom settings:
    • Create a custom setting for a specific VPN tunnel-down event, routing notifications to designated personnel.
    • Implement a custom security setting for a specific security rule, such as blocking malware traffic within a virtual system (vsys) on a device, triggering notifications, and actions upon detection.
    Here are the benefits of using custom settings:
    • Prioritization: Elevate the priority of incidents critical to your services.
    • Scheduled Maintenance: Define windows for suppressing alerts during maintenance activities.
    • Off-Hour Management: Suppress noncritical alerts outside business hours while prioritizing critical incidents.
    • Device-Specific Rules: Network administrators can apply settings to individual devices instead of all devices.
    • Targeted Notifications: Direct notifications to the relevant engineers via specific notification profiles.
    • Troubleshooting Alert Issues: Temporarily disable suppression rules to verify if a custom rule is incorrectly muting alerts.
    A list of all custom settings (both raise and suppress) is displayed, collapsed by default. Each entry shows lifetime total, raised, and suppressed incident counts. Clicking All expands the list.
    You can filter custom settings using the following criteria:
    • Detection Action (defaulted to "All")
    • Incident Code
    • Object Type
    • Object Name
    • Notification Profile
    • Setting Status
    You can use additional filters via Add Filter:
    • Product
    • Category
    • Sub-category
    • Incident Title

    Manage Your Custom Settings

    • Toggle On or Off: Enables or disables the setting.
    • Edit: Opens a sidecar panel for modifying the setting parameters.
    • Clone: Creates a copy of the setting, prefilling the title with "<setting name> (clone)" and retaining all other parameters.
    • Delete: Removes the setting.

    © 2025 Palo Alto Networks, Inc. All rights reserved.