You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/tutorial-palo-alto.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,6 +20,7 @@ The following integration types are available:
20
20
In this tutorial, you learn how to:
21
21
22
22
> [!div class="checklist"]
23
+
>
23
24
> - Configure immediate blocking by a specified Palo Alto firewall
24
25
> - Create Panorama blocking policies in Defender for IoT
25
26
@@ -33,7 +34,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
33
34
34
35
## Configure immediate blocking by a specified Palo Alto firewall
35
36
36
-
In cases, such as malware-related alerts, you can enable automatic blocking. Defender for IoT forwarding rules is utilized to send a blocking command directly to a specific Palo Alto firewall.
37
+
In cases, such as malware-related alerts, you can enable automatic blocking. If the alert in question hasn't been raised prior to the integration, Defender for IoT forwarding rules is utilized to send a blocking command directly to a specific Palo Alto firewall.
37
38
38
39
When Defender for IoT identifies a critical threat, it sends an alert that includes an option of blocking the infected source. Selecting **Block Source** in the alert’s details activates the forwarding rule, which sends the blocking command to the specified Palo Alto firewall.
39
40
@@ -106,15 +107,15 @@ The first step in creating Panorama blocking policies in Defender for IoT is to
106
107
107
108
1. In the console left pane, select **System settings** > **Network monitoring** > **DNS Reverse Lookup**.
108
109
1. Select **Add DNS server**.
109
-
1. In the **Schedule Reverse Lookup** field define the scheduling options:
110
+
1. In the **Schedule Reverse Lookup** field, define the scheduling options:
110
111
- By specific times: Specify when to perform the reverse lookup daily.
111
-
- By fixed intervals (in hours): Set the frequency for performing the reverse lookup.
112
-
1. In the **Number of Labels** field instruct Defender for IoT to automatically resolve network IP addresses to device FQDNs. <br />To configure DNS FQDN resolution, add the number of domain labels to display. Up to 30 characters are displayed from left to right.
112
+
- By fixed intervals (in hours): Set the frequency for performing the reverse lookup.
113
+
1. In the **Number of Labels** field instruct Defender for IoT to automatically resolve network IP addresses to device FQDNs. <br />To configure DNS FQDN resolution, add the number of domain labels to display. Up to 30 characters are displayed from left to right.
113
114
1. Add the following server details:
114
115
115
-
-**DNS Server Address**: Enter the IP address, or the FQDN of the network DNS Server.
116
-
-**DNS Server Port**: Enter the port used to query the DNS server.
117
-
-**Subnets**: Set the Dynamic IP address subnet range. The range that Defender for IoT reverses lookup their IP address in the DNS server to match their current FQDN name.
116
+
-**DNS Server Address**: Enter the IP address, or the FQDN of the network DNS Server.
117
+
-**DNS Server Port**: Enter the port used to query the DNS server.
118
+
-**Subnets**: Set the Dynamic IP address subnet range. The range that Defender for IoT reverses lookup their IP address in the DNS server to match their current FQDN name.
118
119
119
120
1. Select **Save**.
120
121
1. Turn on the **Enabled** toggle to activate the lookup.
@@ -123,7 +124,7 @@ The first step in creating Panorama blocking policies in Defender for IoT is to
123
124
124
125
## Block suspicious traffic with the Palo Alto firewall
125
126
126
-
Suspicious traffic will need to be blocked with the Palo Alto firewall. You can block suspicious traffic through the use forwarding rules in Defender for IoT.
127
+
Suspicious traffic will need to be blocked with the Palo Alto firewall. You can block suspicious traffic through the use forwarding rules in Defender for IoT. However, this use of forwarding rules is only valid for alerts that haven't been raised prior to the integration.
127
128
128
129
**To block suspicious traffic with the Palo Alto firewall using a Defender for IoT forwarding rule**:
129
130
@@ -191,4 +192,3 @@ There are no resources to clean up.
191
192
## Next step
192
193
193
194
In this article, you learned how to get started with the [Palo Alto integration](./tutorial-splunk.md).
0 commit comments