Best Practices

The best practices dashboard and reports measure your security posture against Palo Alto Networks’ best practice guidance.
The best practices dashboard measures your security posture against Palo Alto Networks’ best practice guidance. Importantly, the best practices assessment includes checks for the Center for Internet Security’s Critical Security Controls (CSC). CSC checks are called out separately from other best practice checks, so you can easily pick out and prioritize updates that will bring you up to CSC compliance.
You can view the best practices reports in Prisma Access and AIOps. Learn more about best practices reports in Prisma Access and AIOps here.
While best practice guidance aims to help you bolster your security posture, findings in this report can also help you to identify areas where you can make changes to more effectively manage your environment.

Best Practices Dashboard in Prisma Access

While best practice guidance aims to help you bolster your security posture, findings in this report can also help you to identify areas where you can make changes to more effectively manage your environment.
The best practice dashboard in Prisma Access is divided into five sections:
  • Summary
    Gives you a comprehensive view of all the failed checks for a device across the configuration types (Security, Network, Identity, and Service Setup), and you can also assess your best practice adoption rate for key feature areas.
  • Security
    Shows the rules, rulebases, or profiles that are failing best practice and CSC checks for the selected device and location.
    • Rulebases
      Looks at how your policy is organized, and whether configuration settings that apply across many rules align with best practices (including CSC checks).
    • Rules
      Shows you the rules failing best practice and CSC checks. See where you can take quick action to fix failed checks.Rules are sorted based on session count, so you can start by reviewing and updating the rules that are impacting the most traffic.
    • Profiles
      Shows you how your profiles stack up against best practices, including CSC checks. Profiles perform advanced inspection for traffic matched to a security or decryption rule.
  • Network
    Checks whether the application override rules and network settings align with best practice and CSC checks.
  • Identity
    Shows whether the authentication enforcement settings (authentication rule, authentication profile, and authentication portal) for a device meet the best practices and comply with CSC checks.
  • Service Setup
    See how the subscriptions you have enabled on your devices are aligning with the best practice and CSC checks. You can review the WildFire setup, GlobalProtect portal and GlobalProtect gateway configurations here and fix the failed checks.
If you are using the best practices dashboard in Prisma Access, you can filter the report based on configuration location (mobile users, remote networks, or configuration that’s shared across Prisma Access).

Best Practices Dashboard in AIOps for NGFW

The Best Practices dashboard helps to identify areas where you can strengthen the security posture for specific devices. You can view the dashboards only for devices that are enabled to send the telemetry data to AIOps for NGFW.
The best practice dashboard is divided into five sections:
  • Summary
    Gives you a comprehensive view of all the failed checks for a device across the configuration types (Security, Network, Identity, and Service Setup), and you can also assess your best practice adoption rate for key feature areas.
  • Security
    Shows the rules, rulebases, or profiles that are failing best practice and CSC checks for the selected device and location.
    • Rulebases
      Looks at how your policy is organized, and whether configuration settings that apply across many rules align with best practices (including CSC checks).
    • Rules
      Shows you the rules failing best practice and CSC checks. See where you can take quick action to fix failed checks.Rules are sorted based on session count, so you can start by reviewing and updating the rules that are impacting the most traffic.
    • Profiles
      Shows you how your profiles stack up against best practices, including CSC checks. Profiles perform advanced inspection for traffic matched to a security or decryption rule.
  • Network
    Checks the configurations in application override rules,
    policy-based forwarding rules, network profiles, zones, and tunnels
    that failed the best practice and CSC checks.
  • Identity
    Shows whether the authentication enforcement settings (authentication rule, authentication profile, and authentication portal) for a device meet the best practices and comply with CSC checks.
  • Service Setup
    See how the subscriptions you have enabled on your devices are aligning with the best practice and CSC checks. You can review the WildFire setup, GlobalProtect portal, GlobalProtect gateway
    , deployment, and device settings such as Logging, Log Forwarding, User ID, High Availability, Tags, Dynamic Updates, and General Settings
    here and fix the failed checks.
Share, Download, and Schedule Reports for a Dashboard
For all dashboards, you can download, share, and schedule reports covering the data a dashboard displays. Find these icons in the top right of the dashboard:
When you download or share the best practices report, the PDF version of the report includes only the top 20 failed rules.

Recommended For You