Manage: Objects
Focus
Focus
Strata Cloud Manager

Manage: Objects

Table of Contents

Manage: Objects

Use objects in Strata Cloud Manager to build shared policy for your NGFWs and Prisma Access.
Where Can I Use This?What Do I Need?
  • Prisma Access
    (with Strata Cloud Manager or Panorama configuration management)
  • NGFWs
    (with Strata Cloud Manager or Panorama configuration management)
  • AI Runtime Security
  • At least one of these licenses is needed to manage your configuration with Strata Cloud Manager; for unified management of NGFWs and Prisma Access, you'll need both:
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
  • AI Runtime Security Licenses (BYOL)
  • AI Runtime Security Deployment Profile
Objects are policy building blocks that group discrete identities such as IP addresses, URLs, applications, or users. Use them to define and group entities, settings, or preferences. You can then easily reference and reuse the objects in your policies. When you update an object definition (or if it can be updated dynamically), the policy rules referencing that object automatically enforce your latest changes. By grouping objects, you can significantly reduce the administrative overhead in creating policies.
When used together, some objects can help you to automate policy action: auto-tags, dynamic user groups, and dynamic address groups.
Go to ManageConfigurationNGFW and Prisma AccessObjects to get started with policy objects.
ObjectDescription
AddressesReuse and reference an address or group of addresses across policy rules, filters, or other functions without having to manually add the address or addresses each time. You can define regions to apply policy to specified countries or locations. Applying policy based on region is a great way to control traffic between branch offices.
ApplicationsYour network traffic is automatically classified into applications that you can use to build a versatile security policy based on your business needs. To simplify the creation of security policies, applications requiring the same security settings can be combined into an application group. Application groups can include applications, application groups, and application filters.
Traffic ObjectCreate Traffic objects to specify cloud entities within specific clusters or VPC endpoints to enforce customized security policy rules.
ServicesWhile the HTTP and HTTPS services are already defined for you and ready to use, you can add service definitions to control the port numbers that applications can use. You can combine services that are often assigned together into service groups to simplify the creation of security policies.
SaaS App ManagementCentrally manage your SaaS applications for each of your SaaS apps. SaaS App Management lets you find features you can use to safely enable apps for your enterprise.
HIPDecide what GlobalProtect app data (the host information profile, or HIP, data the app collects from endpoints) that you want to use to enforce security policy. Combine HIP objects to build a HIP profile. Think of HIP profiles as security posture checklists again which your hosts are evaluated, and each HIP object is one item on the list. You can grant hosts access to your network or to sensitive resources based on their security posture compliance.
Dynamic User GroupsDynamic user groups give you a way to auto-remediate anomalous user behavior and malicious activity. Membership in a dynamic user group is tag-based – users are included in the group only so long as they match your defined criteria.
TagsUse tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase.
Auto-Tag ActionsAuto-tags give you a way to automate security actions based on activity. You can specify the log criteria that triggers security policy enforcement.
Log ForwardingConfigure a log forwarding profile to specify which logs to forward to your Logging Service.
External Dynamic ListsAn External Dynamic List (EDL) is an internally or externally hosted text file used for policy enforcement. The firewall check your EDLs at your configured intervals to enable dynamic policy enforcement.
Certificate ManagementCentrally manage the certificates that secure communication across your network.
SchedulesCreate a schedule to limit enforcement of a security policy rule to specific times that you define.
Quarantined Device ListsIdentify and quarantine compromised devices. You can either manually or automatically (based on auto-tags) add devices to a quarantine list. You can block quarantined devices from accessing the network or restrict the device traffic based on a security rule.