Content update schedule is not following best practices-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
Indeni will alert if the update schedule for Applications and Threats is not following best practices.
Remediation Steps:
Ensure Apps and Threat are rightly configured for content update. For more details, please check this link: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates.
How does this work?
This alert uses the Palo Alto Networks API interface to parse through Dynamic Update schedule and alert the admin if it is following best practices.
Why is this important?
Security first customer: Should do hourly recurrence for download and install action and set threshold to less than 6 hours. Availability first customer: Should do daily recurrence for download and install action and set threshold in the range 24-48.
Without Indeni how would you find this?
Login to the device’s web interface and click on “Device” -> “Dynamic Updates”.
panos-content-update-schedule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/panos-content-update-schedule/panos-content-update-schedule.ind.yaml
PanosContentUpdateScheduleRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanosContentUpdateScheduleRule.scala