Use Auto-Tagging to Automate Security Actions (Strata Cloud Manager)

1. Set up an auto-tag action rule.

   1. Select ConfigurationNGFW and Prisma AcccessObjectsAuto-Tag Actions.
   2. Add Rule and specify a Name, Log Type, and Filter criteria for this action.
   3. (Optional) Choose whether you want to add devices that match this rule to the quarantine list.
   4. Next, Add Tagging Rule.
   5. Give your tagging rule a Name, specify the Target, choose an Action (Add Tag or Remove Tag), and associate one of the existing Tags with your rule or create a new tag.
   6. (Optional) Configure a timeout to remove the tag from the policy object after the specified time has elapsed.

      Specify the amount of time (in minutes) that passes before the tag is removed from the policy object. The range is from 0 to 4,320. If you set the timeout to zero, the IP address-to-tag mapping does not timeout and must be removed with an explicit action. If you set the timeout to the maximum of 4,320 minutes, the tag is removed after 30 days.

      You cannot configure a Timeout with a Remove Tag action.
   7. Select Save.
2. Use your auto-tag action rule to populate a dynamic address group or a dynamic user group.

   1. Create or select one of the following policy objects:

      • Dynamic Address Group
      • Dynamic User Group
   2. Enter the tags you want to apply to the object as the Match criteria.

      Confirm that the tag is identical to the tag in Step 1.
3. Add the dynamic user group to a security rule.

   This workflow uses a Security policy as an example, but you can also use tagged policy objects in Authentication policy.

   1. Select ConfigurationNGFW and Prisma AccessSecurity ServicesSecurity Policy.
   2. Select Add Rule and enter a Name and optionally a Description for the policy.
   3. Add the Source Zone where the traffic originates.
   4. Add the Destination Zone where the traffic terminates.
   5. Select the Source object you created in Step 2.1.
   6. Select whether the rule will Allow or Deny the traffic.