>
    Dashboard: Best Practices
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Dashboards: Strata Cloud Manager
    4. Dashboard: Best Practices
    Download PDF
    Strata Cloud Manager

    Dashboard: Best Practices

    Table of Contents

    Dashboard: Best Practices

    The best practices dashboard and reports measure your security posture against Palo Alto Networks’ best practice guidance.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • NGFW, including those funded by Software NGFW Credits
    Each of these licenses include access to Strata Cloud Manager:
    → The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.
    • Click Strata Cloud ManagerDashboardsMore DashboardsBest Practices to get started.

    What does this dashboard show you?

    The dashboard shows aggregated data per Prisma Access and NGFW/Panorama associated with your tenant.
    The best practices dashboard measures your security posture against Palo Alto Networks’ best practice guidance. Importantly, the best practices assessment includes checks for the Center for Internet Security’s Critical Security Controls (CSC). CSC checks are called out separately from other best practice checks, so you can easily pick out and prioritize updates that will bring you up to CSC compliance.
    The best practice dashboard is divided into five sections:
    • Summary
      Gives you a comprehensive view of all the failed checks for a device across the configuration types (Security, Network, Identity, and Service Setup), View historical trend charts for BPA checks and assess your best practice adoption rate for key feature areas.
    • Security
      Shows the rules, rulebases, or profiles that are failing best practice and CSC checks for the selected device and location. When available, CLI remediations allow you to resolve issue with your policy rules. CLI remediations are generated using TSF data you upload when generating an On-Demand BPA report.
      • Rulebases
        Looks at how your policy is organized, and whether configuration settings that apply across many rules align with best practices (including CSC checks).
      • Rules
        Shows you the rules failing best practice and CSC checks. See where you can take quick action to fix failed checks. Rules are sorted based on session count, so you can start by reviewing and updating the rules that are impacting the most traffic.
      • Profiles
        Shows you how your profiles stack up against best practices, including CSC checks. Profiles perform advanced inspection for traffic matched to a security or decryption rule.
    • Identity
      Shows whether the authentication enforcement settings (authentication rule, authentication profile, and authentication portal) for a device meet the best practices and comply with CSC checks.
    • Network
      Checks whether the application override rules and network settings align with best practice and CSC checks.
    • Service Setup
      See how the subscriptions you have enabled on your devices are aligning with the best practice and CSC checks. You can review the WildFire setup, GlobalProtect portal and GlobalProtect gateway configurations here and fix the failed checks.
    This dashboard supports reports. These icons,
    in the top right of a dashboard indicate that reports are supported for this dashboard. You can share, download, and schedule reports that cover the data this dashboard displays.

    How can you use the data from the dashboard?

    While best practice guidance aims to help you bolster your security posture, findings in this report can also help you to identify areas where you can make changes to more effectively manage your environment.

    © 2024 Palo Alto Networks, Inc. All rights reserved.