The dashboard shows aggregated data per Prisma Access and NGFW/Panorama
associated with your tenant.
Navigate to Strata Cloud ManagerDashboardsMore DashboardsBest Practices dashboard to measure your security posture against Palo Alto
Networks’ best practice guidance. Importantly, the best practices assessment
includes checks for the Center for Internet Security’s Critical Security Controls
(CSC). CSC checks are called out separately from other best practice checks, so you
can easily pick out and prioritize updates that will bring you up to CSC
compliance.
How can you use the data from the dashboard?
While best practice guidance aims to help you bolster your security posture, findings
in this report can also help you to identify areas where you can make changes to
more effectively manage your environment.
The best practice dashboard is divided into five sections:
Summary
Gives you a comprehensive view of all the failed checks for a device across
the configuration types (Security, Network, Identity, and Service Setup),
View historical trend charts for BPA checks and assess your best practice
adoption rate for key feature areas.
Security
Shows the rules, rulebases, or profiles that are failing best practice and
CSC checks for the selected device and location. When available, CLI
remediations allow you to resolve issue with your policy rules. CLI
remediations are generated using TSF data you upload when generating an
On-Demand BPA Report.
Rulebases
Looks at how your policy is organized, and whether configuration
settings that apply across many rules align with best practices
(including CSC checks).
Rules
Shows you the rules failing best practice and CSC checks. See where
you can take quick action to fix failed checks. Rules are sorted
based on session count, so you can start by reviewing and updating
the rules that are impacting the most traffic.
Profiles
Shows you how your profiles stack up against best practices,
including CSC checks. Profiles perform advanced inspection for
traffic matched to a security or decryption rule.
Identity
Shows whether the authentication enforcement settings (authentication rule,
authentication profile, and authentication portal) for a device meet the
best practices and comply with CSC checks.
Network
Checks whether the application override rules and network settings align with
best practice and CSC checks.
Service Setup
See how the subscriptions you have enabled on your devices are aligning with
the best practice and CSC checks. You can review the WildFire setup,
GlobalProtect portal and GlobalProtect gateway configurations here and fix
the failed checks.
Share, Download, and Schedule Reports for a Dashboard
You can download, share, and schedule reports covering the data the dashboard
displays in PDF and .csv formats displays, and CLI remediations in .txt format.
Find these icons in the top right of the dashboard: