Strata Cloud Manager
Default Settings
Table of Contents
Default Settings
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Default Settings are preconfigured settings for all tenants per incident code.
Default Incident Settings serve as a baseline configuration that ensures every raised
incident is handled properly, even if no custom settings are defined. For example, if a
VPN tunnel goes down and an incident is raised immediately based on the default setting.
If no custom setting exists, this default setting ensures that the tenant receives a
Critical alert. Notification is sent out to a default notification profile which could
be configured to be an email for all NGFW users.
You can modify the following fields as needed:
- Description: Add or edit the description of the default setting.
- Action: Choose to either Raise or Suppress incidents based on this setting.
- Incident Priority: Set the priority level for incidents triggered by this setting.
- Notification Profile: Assign one or more notification profiles to this setting. Note: Default profiles can’t be removed from a default setting, but additional profiles can be added.
- Check Rules or Thresholds: Define or adjust the conditions that trigger an incident.
Default settings can be leveraged to create indefinite suppressions. Bulk
modifications are supported at the Product, Category, or Sub-Category level.
Default settings are grouped by Product by default. You can toggle the
view to group by Category. Similar to custom settings, each row displays the
lifetime total, raised, and suppressed incident counts.
- Product View: Settings are organized by product. Clicking a product name expands to display the categories within that product. Clicking a category further expands to show the sub-categories. Finally, clicking a sub-category displays the associated incident settings. Tables in this view are sorted alphabetically by incident code by default, and column sorting is not available.
- Category View: Settings are grouped by category. Clicking a category displays the sub-categories, and expanding a sub-category shows the incident settings. The user experience mirrors the Product view.
Each row also indicates the number of associated custom settings for that
incident code. Clicking this number updates the table to display the default incident
and any associated customized incidents sharing the same code.
Clicking a setting name opens a sidecar panel displaying all parameters for
that setting.
Each default setting has two actions available:
- Edit: Opens a sidecar panel to modify the setting's parameters.
- Clone: Opens a sidecar panel to create a copy of the setting. The title will be pre-filled with "<setting name> copy", and all other fields will retain the same values as the original.
You can Expand All to view all default settings. When at least one
setting is expanded, the button label changes to Collapse All, enabling users to
collapse all expanded default settings in either the Product or Category view.
Create an Exception for a Default Setting
In the past, you had the option to create security check exceptions or
choose a check to exclude by selecting it under the Exceptions column. Now,
with Incident Settings, you can change a default setting to suppress it, thereby
controlling where checks are applied in your deployment.
- To create an exception for a setting, navigate to Default Settings and select Edit Setting.
- Under Actions, select Suppress and then Save Setting.
![]()
Disable Checks in a Setting
You can disable individual checks in any setting (default or custom) using
the toggle switch next to the check.
- Select Edit Setting for a default or custom setting.
- Under CHECKS, disable the check that is not required.For example, in this case, the administrator does not want the Administrator Not Using Password Profile check to be enabled. Therefore, the administrator has disabled it.
![]()
- Save Setting.
