Auto-Tagging to Automate Security Actions (Episode 32) Learning Happy Hour

  Рет қаралды 11,860

Palo Alto Networks LIVEcommunity

Palo Alto Networks LIVEcommunity

Күн бұрын

Пікірлер: 12
@bizbouk
@bizbouk 4 жыл бұрын
Great work gents, another 'unknown feature' on the PANOS, have already applied the Cert Error Auto Tag
@PaloAltoNetworksLiveCommunity
@PaloAltoNetworksLiveCommunity 4 жыл бұрын
Thanks! There are a lot of options with this feature and I'm glad to hear it helped!
@vainilk78
@vainilk78 4 жыл бұрын
Best Happy Hour ever! Thanks Palo Alto.
@PaloAltoNetworksLiveCommunity
@PaloAltoNetworksLiveCommunity 4 жыл бұрын
Glad you enjoy it, Ivo! We encourage you to visit the LIVEcommunity where you can find more great information: live.paloaltonetworks.com/
@SeeingGreenDevils
@SeeingGreenDevils 4 жыл бұрын
I'm not sure I understand why we need to add the sec and log forwarding profiles to "egress-outside". we already have a policy blocking offending hosts at the top so why apply those profiles in the second rule?
@PaloAltoNetworksLiveCommunity
@PaloAltoNetworksLiveCommunity 4 жыл бұрын
Deny rules don't use Security Profiles. The traffic is blocked based on policy rule parameters and that action happens before using any profiles. The Anti-Spyware profile is set to sinkhole traffic and the auto-tagging places the offending device in the dynamic access group to be blocked by the "block-infected-devices" rule. Without the "egress-outside" rule and its attached Anti-Spyware profile, the "block-infected-devices" rule would be using an address group with no addresses.
@muralinadella6503
@muralinadella6503 3 жыл бұрын
Thank you its a neat feature. One question can we use auto tagging to tag external public IPs say source IP address of port scanners from the internet or is auto tagging only for inside address with a user-id agent?
@ryankelly9585
@ryankelly9585 2 жыл бұрын
Murali, did you ever figure this out?
@Alex-un5tl
@Alex-un5tl Жыл бұрын
great video
@Aachille5
@Aachille5 3 жыл бұрын
Awesome!
@wannabegt4
@wannabegt4 4 жыл бұрын
If your hosts query your local DNS servers directly, without going through the firewall, your DNS servers would be added to the DAG and blocked instead of your hosts since the firewall only sees the query from your DNS server. It only worked in this lab scenario because your host was using google DNS and not local DNS as depicted in the slide. The correct way to do this is to tag hosts based on their traffic destined to the sinkhole address NOT the sinkhole action in threat logs. Ignore the "UPDATE" reply; my comment is still correct. This is the original response from them before they deleted their comment: You are correct, although in a GlobalProtect or branch office scenario it is a likely possibility that there wouldn't be an internal DNS server as is shown in the diagram, so this configuration would work. But yes, your solution would be necessary if there is an internal DNS server. Ironically, there is an internal DNS server in the lab I used, but it runs on the client so it did in fact block the DNS server, it's just the IP address of client and DNS server is the same. It was an oversight on my part and I'm glad you pointed it out. My second mistake was there is a video I was unaware of from Jan. 2018 that shows the same example and addresses the same issues! The link is in the notes above. Thanks for keeping me on my toes!
@PaloAltoNetworksLiveCommunity
@PaloAltoNetworksLiveCommunity 3 жыл бұрын
UPDATE: This is actually not correct. The sinkhole action is not because of the query, but when the host actually tries to connect to the domain address.
Safely Enabling Remote Access Using GlobalProtect (Episode 31) Learning Happy Hour
36:56
Palo Alto Networks LIVEcommunity
Рет қаралды 3,7 М.
Device-ID (Episode 33) Learning Happy Hour
22:13
Palo Alto Networks LIVEcommunity
Рет қаралды 4,6 М.
Каха и дочка
00:28
К-Media
Рет қаралды 3,4 МЛН
Мен атып көрмегенмін ! | Qalam | 5 серия
25:41
Quando A Diferença De Altura É Muito Grande 😲😂
00:12
Mari Maria
Рет қаралды 45 МЛН
Tutorial: Auto-tagging & DNS Sinkhole
19:56
Palo Alto Networks LIVEcommunity
Рет қаралды 16 М.
Troubleshooting Packet Flows (Episode 26) Learning Happy Hour
40:00
Palo Alto Networks LIVEcommunity
Рет қаралды 45 М.
DNS Sinkhole and DNS Security in PAN OS 9.0 (Learning Happy Hour Episode 13)
26:17
Palo Alto Networks LIVEcommunity
Рет қаралды 14 М.
GlobalProtect Best Practices, Tuning and Resources
29:22
Palo Alto Networks LIVEcommunity
Рет қаралды 32 М.
Tutorial: Searching Through Logs: Where Do I Start?
15:00
Palo Alto Networks LIVEcommunity
Рет қаралды 25 М.
How to Automatically Blacklist an attacker's IP on palo alto
11:07
Smart Cloud Computing: Network & Cloud Security
Рет қаралды 8 М.
PCNSE Prep - Authentication Policy with Multi-Factor Authentication
19:20
Palo Alto Networks LIVEcommunity
Рет қаралды 17 М.
Decrypting Decryption (Episode 24) Learning Happy Hour
34:34
Palo Alto Networks LIVEcommunity
Рет қаралды 20 М.
Throttle Bandwidth Hogs using QoS (Episode 3) Learning Happy Hour
48:12
Palo Alto Networks LIVEcommunity
Рет қаралды 14 М.
PCNSE Prep - Functions and Concepts of WildFire
11:45
Palo Alto Networks LIVEcommunity
Рет қаралды 27 М.
Каха и дочка
00:28
К-Media
Рет қаралды 3,4 МЛН