In DashboardPostureCDSS Adoption, you can view the recommended Cloud-Delivered Security Services (CDSS)
subscriptions and their usage in your devices. This helps you to identify security gaps
and harden the security posture of your enterprise. After you navigate to this page, you
will see a pop-up asking you to confirm or update your zone roles in NGFWs to get
accurate security services recommendations. You can follow the link in this pop-up
window to map zones to roles.
Currently, this dashboard only supports four security subscriptions: Advanced Threat
Prevention, Advanced URL Filtering, DNS Security and Wildfire.
At the top of the CDSS Adoption page, you can view the
number of total known NGFWs and number of NGFWs sending telemetry in your
instance.
The adoption of CDSS involves progressing through activation, configuration, and
adherence to best practices. To track progress for each subscription, simply
click on the numbers in the graph to view a list of devices that require updates
along this journey. In this case, let us check the NGFWs where DNS security is
not configured.
Check NGFWs on which DNS Security configuration is recommended but not
configured. View details to check source role and
destination role.
View Policies to view the details of the rules and
corresponding source and destination zones.
Further, you can click a rule name to view its details.
Navigate back to the funnel graph. You can view the same information in the pie
chart format as well.
When you do not need a recommended security service for any reason, you can
override it. In this case, we don't need the DNS security service. Click the
cancel icon next to DNS.
Select one of the reasons for overriding the recommendation.
Click Override.
This concludes how to view the recommended CDSS subscriptions and their usage in
your devices.