SaaS Security
Manage Enforcement of Rule Recommendations on Strata Cloud Manager
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Manage Enforcement of Rule Recommendations on Strata Cloud Manager
Learn how to import, update, and remove policy rule recommendations on NGFW and Prisma Access (Managed by Strata Cloud Manager).
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the SaaS Security Inline license:
|
When a SaaS Security administrator authors and submits SaaS policy
rule recommendations, the Web Security or Data Security administrator imports those
new rule recommendations and updates or removes those same rule recommendations as
the SaaS Security administrator makes changes to them. Before you begin,
review the SaaS Security
access privileges for your Web Security or
Data Security administrator to ensure they can successfully manage enforcement of
rule recommendations. You can also troubleshoot issues after implementing new policy rules or
modifying existing ones.
SaaS policy rule recommendations are based on a combination of
apps, users and groups, categories, activities, device posture, and data profiles.
The import process automatically creates the necessary objects, including an Application Group
for the apps in the SaaS policy rule recommendation. The name of the Application
Group is derived from the Rule Name that the SaaS Security administrator assigned to the SaaS policy rule recommendation.
As guidelines outline, if the SaaS Security administrator updates a rule recommendation, for example by
adding or removing apps, you also need to update the rule recommendation. If the SaaS Security administrator submits new or updated Application Groups, HIP
Profiles, or tags, Prisma Access (Managed by Strata Cloud Manager) automatically creates or updates those
objects. You can manually apply the updates as outlined below or bypass such updates
by enabling automatic updates.
For audit purposes, all imports and updates and deletions of existing SaaS policy
rules recommendations are logged along with the administrator who took the action.
When an import fails, the log indicates the reason for the failure. Web Security
Administrators and Security Administrators can view such logs.
Alternatively, SaaS Security administrators can create
Internet Access rules instead of policy
rule recommendations to simplify policy rule creation for SaaS app security using
snippets and folder configurations. This allows you to
enforce consistent SaaS app security regardless of the enforcement point, eliminate
policy implementation delay, and reduce the risk of misconfigurations. This
streamlined workflow enables you to fully utilize the SaaS Security Inline
capabilities, achieve a stronger security posture for your SaaS environment all
while reducing the managerial overhead of implementing new Security policy rules for
your SaaS apps.
- Enable Automatic Updates for Policy Rule Recommendations
- Update Imported Policy Rule Recommendations
- Remove Deleted Policy Rule Recommendations
Import New SaaS Policy Rule Recommendations on Strata Cloud Manager
Learn how to import new SaaS policy rule recommendations on Strata Cloud Manager to gain
visibility into and control of the apps in the rule.
- Log in to Strata Cloud Manager.If you have not already, associate the predefined SAAS-Inline-Pol-Recommendations snippet with one or more folders, NGFW, and Prisma Access tenants.Use snippets to standardize a common base configuration for a set of NGFW, and Prisma Access tenants. This allows you to quickly onboard new devices with a known good configuration and reduces the time required to onboard a new device. Additionally, this also allows you to quickly apply the same SaaS app security enforcement to multiple NGFW, and Prisma Access tenants.Use the predefined SAAS-Inline-Pol-Recommendations snippet to simplify management of your SaaS Security Inline Policy Recommendations.Create a new SaaS policy rule recommendation or enable a predefined SaaS policy rule recommendation.Click the Configuration Scope and select SnippetsSAAS-Inline-Pol-Recommendations.Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesInternet SecurityPolicy Recommendations.In New SaaS Rule Recommendations, locate the policy recommendation that you want to import, then select ActionsImport.In the Import dialog and select the Rule Order to indicate where to position the new policy in the rulebase, then Import.If you specify a policy rule name that already exists in the rulebase, the imported rule overwrites the existing rule.The policy recommendation that you imported displays as an Imported policy in Imported SaaS Rule Recommendations. If your import fails, click the Last import failed link to understand why the import failed, then resolve the failure.Click Push Config.(Optional) Enable automatic updates.
Enable Automatic Updates for SaaS Policy Rule Recommendations on Strata Cloud Manager
Learn how to enable automatic updates to rule recommendations on Strata Cloud Manager.Enable automatic updates to automatically apply rule recommendation changes that the SaaS Security administrator requests to the rulebase. Doing so ensures that you don’t need to continuously monitor changes to existing rule recommendations. If you don’t enable automatic updates, Prisma Access (Managed by Strata Cloud Manager) continues to automatically pull the updates for you to review and manually import.When you have automatic updates enabled, updates to existing rule recommendations display as Updates imported in Imported SaaS Rule Recommendations. Use the Last update failed link to help you resolve any failures.- Log in to Strata Cloud Manager.If you have not already, associate the predefined SAAS-Inline-Pol-Recommendations snippet with one or more folders, NGFW, and Prisma Access tenants.Use snippets to standardize a common base configuration for a set of NGFW, and Prisma Access tenants. This allows you to quickly onboard new devices with a known good configuration and reduces the time required to onboard a new device. Additionally, this also allows you to quickly apply the same SaaS app security enforcement to multiple NGFW, and Prisma Access tenants.Use the predefined SAAS-Inline-Pol-Recommendations snippet to simplify management of your SaaS Security Inline Policy Recommendations.Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesInternet SecurityPolicy Recommendations.Click the Configuration Scope and select SnippetsSAAS-Inline-Pol-Recommendations.In Imported SaaS Rule Recommendations, toggle Enable Automatic Updates to the on position.If you’ve already imported the rule recommendation, the SaaS admin’s update to the policy rule recommendation is automatically loaded into Imported SaaS Rule Recommendations and is pending approval.
Update Imported SaaS Policy Rule Recommendations on Strata Cloud Manager
Learn how to update imported SaaS policy rule recommendations on Strata Cloud Manager.You can monitor the availability of updates to rule recommendations from OverviewPolicy Recommendations.- Log in to Strata Cloud Manager.If you have not already, associate the predefined SAAS-Inline-Pol-Recommendations snippet with one or more folders, NGFW, and Prisma Access tenants.Use snippets to standardize a common base configuration for a set of NGFW, and Prisma Access tenants. This allows you to quickly onboard new devices with a known good configuration and reduces the time required to onboard a new device. Additionally, this also allows you to quickly apply the same SaaS app security enforcement to multiple NGFW, and Prisma Access tenants.Use the predefined SAAS-Inline-Pol-Recommendations snippet to simplify management of your SaaS Security Inline Policy Recommendations.Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesInternet SecurityPolicy Recommendations.Click the Configuration Scope and select SnippetsSAAS-Inline-Pol-Recommendations.In Imported SaaS Rule Recommendations, locate the rule recommendations that have updates as indicated by the Status, then click ActionsUpdate icon.
- Update available—SaaS administrator updated the rule recommendation and is pending your approval.
- Update available (This rule will be removed)—SaaS administrator deleted the rule recommendation and is pending your approval.
The policy recommendation that you updated displays as an Imported policy in Imported SaaS Rule Recommendations. Use the Last update failed link to help you resolve any failures.If you want to import all updates for all existing rule recommendations, click Sync instead.Click Push Config.Remove Deleted SaaS Policy Rule Recommendations on Strata Cloud Manager
Manage your rulebase on Strata Cloud Manager by removing deleted SaaS policy rule recommendations.When a SaaS Security administrator authors and submits SaaS policy rule recommendations, the Web Security or Data Security administrator imports those rule recommendations and the Security administrator pushes those rule recommendations to gain visibility into and control of the applications in the SaaS policy recommendation. Before you begin, learn about the Hub roles that enable administrators to collaborate on SaaS Security.As the guidelines outline, if the SaaS Security administrator deletes the rule recommendation, you also need to delete that rule recommendation. When you delete an imported rule recommendation:- The policy is deleted from the rulebase.
- The HIP Profile and all associated objects are deleted from the configuration if you'ren’t using them in other policy rules.
- Application Group is deleted from the configuration.
- Log in to Strata Cloud Manager.If you have not already, associate the predefined SAAS-Inline-Pol-Recommendations snippet with one or more folders, NGFW, and Prisma Access tenants.Use snippets to standardize a common base configuration for a set of NGFW, and Prisma Access tenants. This allows you to quickly onboard new devices with a known good configuration and reduces the time required to onboard a new device. Additionally, this also allows you to quickly apply the same SaaS app security enforcement to multiple NGFW, and Prisma Access tenants.Use the predefined SAAS-Inline-Pol-Recommendations snippet to simplify management of your SaaS Security Inline Policy Recommendations.Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesInternet SecurityPolicy Recommendations.Click the Configuration Scope and select SnippetsSAAS-Inline-Pol-Recommendations.In Imported SaaS Rule Recommendations, locate the rule recommendations that the SaaS administrator deleted as indicated by the Removed Status, then click ActionsDelete icon.
- Update available—SaaS administrator updated the rule recommendation and is pending your approval.
- Update available (This rule will be removed)—SaaS administrator deleted the rule recommendation and is pending your approval.
The policy recommendation that you deleted no longer displays in Imported SaaS Rule Recommendations. If your deletion fails, click the Last import failed link to understand why the import failed, then resolve the failure.Click Push Config.