Policy Optimizer - Manage Rules with Unused Applications
This playbook helps identify and remove unused applications from security policy rules. If you have application-based security policy rules that allow a large number of applications, you can remove unused applications (applications never seen on the rules) from those rules to allow only applications actually seen in the rule’s traffic. This strengthens your security posture by reducing the attack surface.
PAN-OS Policy Optimizer (beta) · 24 tasks · 3 inputs · 0 outputs
Inputs
slack_user— Slack user to notify about port based rules.email_address— User email address to notify about port based rules.auto_commit— Specifies whether you want to auto-commit the configuration for the PAN-OS policy changes automatically (Yes/No).
Commands used
pan-os-delete-rule
pan-os-po-unused-apps