Assess Vulnerabilities

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits	One of these: AIOps for NGFW Free or Strata Cloud Manager Essentials AIOps for NGFW Premium or Strata Cloud Manager Pro

Strata Cloud Manager shows you which vulnerabilities affect a given firewall and PAN-OS version to help you decide whether you should upgrade. Navigate to Incidents & Alerts > NGFW > All Alerts and select the PAN-OS Known Vulnerability alert to see the latest security advisories impacting the firewall that raised the alert.

Select Vulnerabilities in this PAN-OS version to view the affected feature for a vulnerability in the Feature Affected column. This helps you to decide whether to upgrade a firewall based on the vulnerability and its impact on your enabled feature. If a CVE is not associated with a feature, then the value under Feature Affected is blank. This type of CVE affects the firewall with the specified model or version.

By default, the PAN-OS Known Vulnerability alert shows all of the vulnerabilities in the PAN-OS version on the device. However, if you enabled Product Usage telemetry on the firewall, you can choose to view only the vulnerabilities that affect the particular firewall based on its enabled features. That way, you can better understand which vulnerabilities are a concern for the firewall and make a more informed decision about whether to upgrade.

You can also use the PAN-OS CVEs dashboard that shows you the number of devices impacted by a specific vulnerability based on the features that have been enabled on devices. Strata Cloud Manager analyzes the features that have been enabled to determine the devices impacted by the CVE. The following task shows how to assess vulnerabilities that impact devices and generate upgrade recommendation to fix the vulnerabilities.

This task shows how to assess vulnerabilities that impact devices and generate upgrade recommendation to fix the vulnerabilities.

1. From Strata Cloud Manager, navigate to Dashboards > PAN-OS CVEs.
2. Expand a CVE to view the devices impacted by it.
3. Select devices that you want to upgrade to fix the vulnerabilities.
4. Generate Upgrade Recommendations.
5. Click the newly generated report for the devices.
6. Select one of the upgrade options to view details about New Features, PAN-OS Known Vulnerabilities, Changes of Behavior, and PAN-OS Known Issues

   You can Export the details in a CSV file and download it.