Strata Cloud Manager
Assess Vulnerabilities
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
Assess Vulnerabilities
View the vulnerabilities on a firewall according to PAN-OS
version and enabled features.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of these:
|
Strata Cloud Manager shows you which vulnerabilities affect a given firewall and PAN-OS
version to help you decide whether you should upgrade. Navigate to
Incidents & Alerts > NGFW >
All Alerts and select the PAN-OS Known
Vulnerability alert to see the latest security advisories impacting the firewall that raised the alert.
Select Vulnerabilities in this
PAN-OS version to view the affected feature for a vulnerability
in the Feature Affected column. This helps
you to decide whether to upgrade a firewall based on the vulnerability and
its impact on your enabled feature. If a CVE is not associated with
a feature, then the value under Feature Affected is
blank. This type of CVE affects the firewall with the specified
model or version.
By default, the PAN-OS Known Vulnerability alert shows all of the
vulnerabilities in the PAN-OS version on the device. However, if you enabled Product Usage telemetry on the
firewall, you can choose to view only the vulnerabilities that affect the particular
firewall based on its enabled features. That way, you can better understand which
vulnerabilities are a concern for the firewall and make a more informed decision
about whether to upgrade.
You can also use the PAN-OS CVEs dashboard that shows you the
number of devices impacted by a specific vulnerability based on the features that
have been enabled on devices. Strata Cloud Manager analyzes the features that have
been enabled to determine the devices impacted by the CVE. The following task shows
how to assess vulnerabilities that impact devices and generate upgrade
recommendation to fix the vulnerabilities.
This task shows how to assess vulnerabilities that impact devices and generate
upgrade recommendation to fix the vulnerabilities.
- From Strata Cloud Manager, navigate to Dashboards > PAN-OS CVEs.Expand a CVE to view the devices impacted by it.Select devices that you want to upgrade to fix the vulnerabilities.Generate Upgrade Recommendations.Click the newly generated report for the devices.Select one of the upgrade options to view details about New Features, PAN-OS Known Vulnerabilities, Changes of Behavior, and PAN-OS Known IssuesYou can Export the details in a CSV file and download it.