Best Practices

The best practices dashboard and reports measure your security posture against Palo Alto Networks’ best practice guidance.
The best practices dashboard and reports measure your security posture against Palo Alto Networks’ best practice guidance. Importantly, the best practices assessment includes checks for the Center for Internet Security’s Critical Security Controls (CSC). CSC checks are called out separately from other best practice checks, so you can easily pick out and prioritize updates that will bring you up to CSC compliance.
While best practice guidance aims to help you bolster your security posture, findings in this report can also help you to identify areas where you can make changes to more effectively manage your environment.
In Device Insights, the best practices report identifies areas of improvement in specific devices rather than across your whole deployment.
The best practice dashboard is divided into four sections:
  • Summary
    Gives you a comprehensive view of all your failed (and passed) checks, and assess your best practice adoption rate for key feature areas.
  • Rulebases
    Looks at how your policy is organized, and whether configuration settings that apply across many rules align with best practices (including CSC checks).
  • Rules
    Shows you the rules failing best practice and CSC checks. See where you can take quick action to fix failed checks.
    Rules are sorted based on session count, so you can start by reviewing and updating the rules that are impacting the most traffic.
  • Profiles
    Shows you how your profiles stack up against best practices, including CSC checks. Profiles perform advanced inspection for traffic matched to a security or decryption rule.
If you are using the best practices dashboard in Prisma Access, you can filter the report based on configuration location (mobile users, remote networks, or configuration that’s shared across Prisma Access). When you download or share the best practices report, the PDF version of the report includes only the top 20 failed rules.

Recommended For You