Strata Cloud Manager
Manage: Objects
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Manage: Objects
Use objects in Strata Cloud Manager to build shared policy for your NGFWs and Prisma
Access.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Objects are policy building blocks that group discrete identities such as
IP addresses, URLs, applications, or users. Use them to define and group entities,
settings, or preferences. You can then easily reference and reuse the objects in
your policies. When you update an object definition (or if it can be updated
dynamically), the policy rules referencing that object automatically enforce your
latest changes. By grouping objects, you can significantly reduce the administrative
overhead in creating policies.
When used together, some objects can help you to
automate policy action: auto-tags, dynamic user groups, and dynamic address groups.
Go to ManageConfigurationNGFW and Prisma AccessObjects to get started with policy objects.
Object | Description |
---|---|
Addresses | Reuse and reference an address or group of addresses across policy rules, filters, or other functions without having to manually add the address or addresses each time. You can define regions to apply policy to specified countries or locations. Applying policy based on region is a great way to control traffic between branch offices. |
Applications | Your network traffic is automatically classified into applications that you can use to build a versatile security policy based on your business needs. To simplify the creation of security policies, applications requiring the same security settings can be combined into an application group. Application groups can include applications, application groups, and application filters. |
Traffic Object | Create Traffic objects to specify cloud entities within specific clusters or VPC endpoints to enforce customized security policy rules. |
Services | While the HTTP and HTTPS services are already defined for you and ready to use, you can add service definitions to control the port numbers that applications can use. You can combine services that are often assigned together into service groups to simplify the creation of security policies. |
SaaS App Management | Centrally manage your SaaS applications for each of your SaaS apps. SaaS App Management lets you find features you can use to safely enable apps for your enterprise. |
HIP | Decide what GlobalProtect app data (the host information profile, or HIP, data the app collects from endpoints) that you want to use to enforce security policy. Combine HIP objects to build a HIP profile. Think of HIP profiles as security posture checklists again which your hosts are evaluated, and each HIP object is one item on the list. You can grant hosts access to your network or to sensitive resources based on their security posture compliance. |
Dynamic User Groups | Dynamic user groups give you a way to auto-remediate anomalous user behavior and malicious activity. Membership in a dynamic user group is tag-based – users are included in the group only so long as they match your defined criteria. |
Tags | Use tags to identify the purpose of a rule or configuration object and to help you better organize your rulebase. |
Auto-Tag Actions | Auto-tags give you a way to automate security actions based on activity. You can specify the log criteria that triggers security policy enforcement. |
Log Forwarding | Configure a log forwarding profile to specify which logs to forward to your Logging Service. |
External Dynamic Lists | An External Dynamic List (EDL) is an internally or externally hosted text file used for policy enforcement. The firewall check your EDLs at your configured intervals to enable dynamic policy enforcement. |
Certificate Management | Centrally manage the certificates that secure communication across your network. |
Schedules | Create a schedule to limit enforcement of a security policy rule to specific times that you define. |
Quarantined Device Lists | Identify and quarantine compromised devices. You can either manually or automatically (based on auto-tags) add devices to a quarantine list. You can block quarantined devices from accessing the network or restrict the device traffic based on a security rule. |