Domain 4 A

1. Domain 4 A

So for domain four, we need to talk about all things to do with the architecture. I'm going to look a little bit into the threat intel side of things. And distributed databases, standalone servers,that type of thing. So getting started, we can see that we've got the solution architecture here. You have the main site, which will have the main cortex application server disaster recovery. And then on the Internet, you've got platform content updates, intelligent Prismacloud, ticketing sandboxes,all the remote services there. And then for remote protected or isolated networks, you can use XOR engines, and we'll talk about them later, where you can run XORintegrations from in protected areas because there's only one connection back to the main server, and actually putting them together isn't that difficult. Okay, so the first type of deployment is a single server. Deployment is, as the name suggests, it A single server hosts a database and holds all the investigation data and artefacts The live backup server ensures resilience by storing replication of all files. You can pull a manual failover in the case of a failure and a distributed database. So, if you need to be able to hold a larger database or want a larger environment, you can go to the Juice database, the main database, which lives as the first one that's created, and anything that's created after that is called a node. So that holds the content only, the play box, automations, integrations, et cetera. All other nodes are considered secondary and hold incident data only. A couple of things to note there are that four four three and 50,001 must be open from the app server to the DB node. Four four three must be available to initially register the DB. So the installation of the distributed database, installingXOR or Demisto, is actually fairly simple. It's all one script and then, depending upon the arguments that you put into it, you then sort of either, as you can see here, installdatabase only, server only, or so on. You get the idea. Okay, so one of the things we're going to demonstrate a bit later on is installing distributed fucking speak distributed database as well asall the other XOR engines. They're another part of this. And the scripture is actually created from within XOR itself. These are the specs. So the idea being that you have a very secure environment, what you can do is you can put an engine in there. So you've only got the one connection and that's spawned from a script that's created on the XORapp itself, the application itself, and that then connects back to the application server on four four three. So there's never a call made in that environment. Everything is linked from the inside, including the engines. As you can see, you can run integrations but not scripts. And it provides encrypted outbound connectivity back to the app server. So essentially, Windows, Linux and MacOS, it allows you to run integrations in environments where you wouldn't necessarily be able to have that connectivity from your main app server. Let's talk a little bit about the specifications that are required for XOR itself. For production servers, they suggest a minimum of 16 calls, 32 gigs of RAM, and a 1 TB SSD with a minimum of 3000 I ops.For a development server, eight cores, 16 giga, and a 500 gig SSD. The SSD is the recommended storage because of the nature of the database and the quick read/write speeds. Your magnetics just struggle to keep up with your performance or software. Okay, so you can add the adev service over to the environment. So this is a development server that will be an amirror of your main server, but obviously it will host a completely dedicated repository as it's suggesting this for experimental integrations and script purposes. We'll go into that a little bit later as well. This is actually quite a long section. Okay, now dissolve the agents. There we go. managed to get the words out. So these create the war room and they're redeployed onto the end point as we step out for forensic purposes. Those agents then disappear,hence the disoluble name once they've been used. So, they leave no trace of themselves on the host that they were installed on. You have to explain the use of Docker in the Excel system. This is quite a big part of it and also plays quite a large part in the troubleshooting side because basically everything underneath runs on Docker instances and containers. So the idea behind Docker is to run script integrations in isolated environments to avoid any possible damage to the server. When creating Docker images, you can be sure that by adding library independence, integration will run in any environment. Of course, that is pretty much Docker. That's how it works. And Pal Alto Networks uses the Docker.com Domesto repo,as you can see there, and only that one. So you backup people So we're going to explain different types of backup options and the benefits of each one. So, automated backups are taken every night at a given time. By default I believe it's 3:00 a.m. However, these backups are the database integration, playbooks and scripts that aren't sufficient to restore a server should you need to. So to have a full backup that can actually restore the server, you need to manually back up the following files as well. And there's a list of the files that need to be done,and we'll go into a bit more detail about that later on. I suppose if you just got alone, that's fine. I mean, you could quite easily write a script that just backs up those. However, when you come to upgrade it, it gives you the opportunity to back them up anyway. A live backup server provides a mirror of the production server. It's a mirror, but you can't see it as an Active, Active, or even Active Passivefailover because it's not currently supported. As I suggest, A colleague is not dynamic. It has to be manually initiated and it supports active standby only. However, as I said before, that's only with a manual failover and only two servers. Extra servers are not supported at this time. As a result, planning for failover should include how your analysts and users will access it. So if they get to it through DNS, which is, of course, the way most people will, then you'd have to go for like a low TTL. So basically, if anything fails and you have to switch over to the next one, you can change the IP that the DNS points to. But if you've got a really low TTL, then obviously you're going to be stuck with the amount of time it takes for the browser cache to time out. So that then goes back and gets a new one. I believe on most systems that DNS is 1 hour by default. So, as each server has its own IP and host, the failover must be manually initiated by changing the IP that the DNS points to. This could potentially just manually browse the backup service to the primary fail. So you could just go to that if the analyst has both IPS of both host names, although not really massively covered, and unfortunately due to licence restrictions,I can't do any demonstrations of it for MSSPs, many security service providers and so on. There is a multi-tenancy version of XOR, which is, as it states it's multitenancy.So you'd have to differentiate between that and the multitenancy one, and it's going to want you to know that basically, this requires extensive It isolates resource data between customers. It can be shared between customers, but it is very difficult. Then, basically, from then on, it's all a nightmare. So, Dr backup and all the tasks are expensive and more complicated, but the system can scale to over 100 tenants. You can have shared objects, as they say. So all your tenants can then benefit from one person's misfortune, I suppose, but you can all benefit from the data that comes in. Although, as I say, it is a lot cooler to put together at this moment. Now, as of recording, you need a special partnership status with Palo to have the MSSP. You're also going to have to look at the threat intelligence side of things, of course, which is a massive part of Excel as you describe threatintelligence capabilities and management threat data. And this is pretty much standard threat data and threat management. So you've got your threat intelligence feed, such as Alien Vault and IP information. If you ever worked with My Meld, then you'll notice some similarities between this and My Meldexxtview arelogs and alerts that can be fed straight intoXOR autofocused enriched data and unstructured intel feed. So in the same way that the power behindMeld was to take in varying different formats and then aggregate and put them together into a single consumable output, it's exactly the same here. So you can run many, many intelligence feeds into it. And then as we go further into it, you'll see how you can then merge duplicates so you don't get lots and lots of repeated indicators and so on. and then running the jobs at night to expire the indicators at the appropriate time. And then again, obviously, you can use this because it isn't vendor locked to Palo Alto. It's not just specifically for next generation firewalls. You can provide the data to SIM platforms. Obviously, next generation firewalls, intel sharing, taxiand stick feeds, third party integration, dynamiclists, and basically any platform that can benefit from the data. So now what we're going to do is jump into an installation demonstration. So we're going to start first with a standalone and then we'll show how easy the upgrade is to a live backup server and then go to a live backup server and show you how that then looks different than a distributed database and finally add a note to that database. And then after that, we will go through threat intelligence, so buckle yourself in because it's a bit of a long one on this one. Okay, so let's crack on. So here we are now on the production server. It's always going to be the production server. Whenever doing anything like this, it's better to be in route. In fact, you have to be on route. OK? And we're going to change to a temp directory and then we're just going to get the file, and I've got a small HTTP server, so that's all good. So I'm going to get that. And is that going to run really, really slowly? Yeah, it's going to run exceptionally slowly. So I'm just going to pause that for a minute and then we'll come back to it. Okay, so we've come back to it now and it seems to be running a bit quicker than it was before. So once this is downloaded, then what we can do is change the missions on the file so it's executable and then we're going to execute it and you'll see what it does to install a standalone server. Now look at the server, have a quick look around,see what the differences are between that and distributed and so on later on, and then we'll upgrade it. Okay, so we're nearly there. Okay, that's now completed. So if we do, we can see it's there and we can see that it is owned by Ribbon. It's not executable at the moment. So we're going to change that. Okay? And that's pretty much it. So now what we need to do is just run that and that will install it for us. It will verify.You can go and read the licence agreement if you want to. But I would suggest that at this point, we are probably okay with that. I have to accept it though. The installation will then begin. You can see the script. So once the script has gone through, it will ask us to add the default admin username, which is just admin, and have a password for it. And then once you've accepted options like that for the password, And then when it's going to run, is it going to run on four, four, three? Then it will go through and pull all the Docker files. So we'll just pause it until it gets to that part. Okay, Because, as we can see now, it's built that. Prepare to unpack it. And now we get to give you our options. Do we want it to run on four, four, three? Yes. Admin. Yeah, why not add the password admin? And if you try and put in a simple password, toys appear at the top. Yes. And now it will go off and start pulling Docker images, which does take some time. So I'll pause it again there and then we'll come back to it once it's installed. Okay, so now it's completely installed. We just want to start the server. So yes, and now we know that we can go to this address and get on to it. So that's what we can do now. I'm just going to reload it because when I've done it before, I've gone back to this point. And you want to set the password because it's still cached the old password. Okay, And you can see, we're in. So now we're going to have a look at the version. Don't be concerned about licensing; that will come later. The version is 602, so that's all good. That's installed, that's running properly. There are 18 things to update in the marketplace. So now we'll go and we'll upgrade it. So to upgrade it, we're just going to pull the theupgrade script, which is just basically the next script that you would get, so if you're going to get this version 6.1, this is the script you get. Okay, now that's coming down. So what we're going to do is run this on the server. It will detect that it's already got a version onit and then it will ask if you want to backup the files that I showed you before and then it will go on and upgrade the server. I wish I could say more about it. That's it. I've done this several times now, many times in fact. And he's never had a problem. So once he's come down, that's what we'll do. Okay, that took a lot longer than it should have done, but now that it's down,we'll do the same again with this one. We'll make this one executable and then we'll run it. And once it's uncompressed, it finds that we've already got an existing version of Domisto on it. So I'm going to say yes to the upgrade. This is where do you want to backup your data before the upgrade starts? Yes, and it will add those files to that file location file that lived in Misstow Data, then it will unpack and update it. So I'll pause again because this will take some time. Okay, so now that it's finished, it took a little bit less time than I thought it was going to do. But as you can see now, we have got an updated version of Git installed. So, do you want to start a server? Yes, we do. and then just gave us a minute. We'll go back to our browser. It's a little bit quick there. So here is the service starting up. It gives you that message. I'm just going to redo it again. If you have a stale session, And then we can immediately see a difference there. Now we're in and we can see this version 6.1. A couple of things to look at here before we go any further. So in the advanced tab, just take note of these backups there. It says the artefacts and attachments are not backed up. The backups directory is missing a backup,which is what we talked about before. And then you've got the backup time there, which you can then select automated backups on and off. We'll go further into the backups afterwards. Okay, so that's a standalone server. So the next one will be a distributed database. And then we'll do the live backup. Okay, So on the left we have the primary and on the right we have the backup. I'm going to be doing the live backup setup at the minute. So as I said before, you've got the option of the manual backup or the live backup when it comes to anything outside of just the main database or artifacts, anything like this. This does provide some resilience to that. So you can still manually back it up. But to be fair, this is almost like an active passive. Although it doesn't automatically failover should anything fail, it's a manual failover, as we discussed previously. So I'm going to pull the file down for both of them. Okay, so now they're both down, so we're going to install them as the first one. The primary is obviously just going to get installed the way it normally does. But the backup DR, live backup, whichever way you want to refer to it, has some flags when you're installing it that have to be added. So for the first one again, we just changed the ownership and moving forward, what I might now is actually already have it installed, but I guess it helps as well, just in case. Hello, Okay, so we'll just accept the agreement on this one and send it on its way. Now there is a difference between installing 6.1 and six. Six goes through the whole, you know, Hollywood hacker lines going through the screen, pulling all the docker images. 6.1 doesn't do that. So it looks like it's not doing anything,but it actually is, so don't panic. Okay, so now we need to look at the flags. And what we're going to do with this one is going to tell it to install it asap, but not to start the server. Because when we come to it, we need to configure the primary to see it. Then we're going to stop the primary, we're going to start the backup, and then we're going to start the primary backup. That way, when it comes back up, it will connect and all will be right with the world. Unless I screw up, of course,in which case, no, it won't. Okay, so when you're adding flags to the script, you've just got to put the two dashes in there. That's wrong. That simply tells it that we're making a doctor, and then we do the put the flags in for not starting the server when it's configured, and away it will go. And this is one of the things that I actually really like about this, although the whole thing, the whole environment is massively complicated and massively complex, which is why it's so good at what it does. Nobody's really tried to be overly clever or obfuscate their way through it. It's all actually fairly intuitive. I mean, if you take that command there, I want to install the Mysto server, I want to install it as a Dr, and I don't want to start it when it's already installed. I mean, it literally doesn't get any more intuitive than that. Okay, so once again, I'm going to pause this because there's nothing really special to look at that they didn't see in the last one. And well, frankly, my retention figures are bloody terrible for videos. So if I pause it, hopefully you won't get bored and you'll watch the next part. I just wanted to draw your attention when we're configuring the Dr server. The options that you get on installation are actually slightly different. So we just do the same again for the HTTPS port. It's not connecting to an elasticsearch database, so that's obviously no. The default is no. Are these configurations correct? Yes. And in a way, it will go, and you'll notice there's no option there for username and password because you don't need them because we're going to copy those across from the primary. Okay, so that's now done. So we'll just let it start the server and we'll go and have a look. So now it's started, we can see that we have the primary address there and that's the docker address inside. So we're going to go to ten 616 and just put the configurations in there that we're going to need for the live backup, including we have to put a new key pair in for the UI so that we actually see the options for the live backup, and then we'll just shut the server down because there's just no point leaving it up at that point. Okay, so we'll go and do that now. Okay, so here we are on the new server and she can log in with her username and not worry about the licence later. Okay, so if we go to settings advanced and then backups, we don't see the option for live backup at first. This is because we need to change a key pair in the server configuration, which is done in troubleshooting add server configuration and the configuration we need to let me just save that. And now you can see you've got the live backup down here. So we switch it on. It changes the pending. Now I'm going to put in the DNS name because it can resolve the DNS. I'm hoping I've got my fingers crossed and that DNSname will let me check and make sure it is XOR backup. I can't tell you how many times I've been called out for thinking it's one thing and it's not, it's another. The rest of it is actually fairly intuitive, but I'll go through it anyway, so there are no pending actions. If there are any pending actions once it's completed, you can either do them yourself or let it do it for you. The port that it's going to be connecting to is four four three trust server certificate unsecured. When it's on, it lets you set the self-signed service certificate when it's off. It won't, it will need a trusted certificate by default, it's on and then use proxy if you change that to use proxy, then you're going to need to use proxy settings further along. Those settings are done again in the troubleshooting section where you add a server configuration. Okay, so now we're just going to save that, right? So now that that's done, as you can see, the live backup will start to mirror actions after you configure the Dr server and restart the production service. So we're going to go now. I'm going to shut down the XOR instance we've got here and they simply say okay, so that's now shut down and, as we can see on the right hand side, we've now got the Dr server up and we have to start the Dr server. Once we've started a Dr server, we're going to start giving it a minute just to sort its head out. Then we'll start the primary again, and then they should all hook up, be happy with each other, and my job is done. Do you know what that would have been like if I had not been talking rubbish? So of course, what we have to do as well is copy the configurations across, and I can't believe I forgot that step. I may or may not edit that out. Okay, so what we have to do is we have to pull everything from here, which is in a single command, which actually I'll leave the link to the document from Palo in the settings below in the comments below. Sorry. And then we SCP it across to the root folder of the backup. Okay, so we'll do that now. Okay, we're back on. So the link for the documentation is here. The documentation is brilliant at this part. There are some parts of documentation, like with anyvendor, where occasionally it's missing a little bit. But there is a vendor out there whose main colours are pink and black. And I mean, their documentation really should start with this. So it's good. It's good documentation. Okay, So we're going to. I'm not going to lie. I'm literally going to copy from the documentation. copy into notepad first, because then that gets rid of the formatting from the web page. Okay, And then it will crack down on it. Now there are a couple of files that it's going to say I'm missing because this isn't a production server. It's not been in production. It is a production server. But you know what I mean? It's not a production server. It's not in production. And then you can see we've got a tar file there. Then we need to copy the tar file to the backup, so we can do that through SCP. The reason I'm copying it to the temp file is because you are supposed to copy root. Bear in mind that these, well, specifically minor anyway, you can install on others, but minor is built into Ubuntu. Ubuntu by default, in case you didn't know, which I didn't when I first tried to do it, doesn't allow root to log in. So the documentation actually says, SCP the Domistofile to root on your backup server. I people, but you can't. Therefore, I can't copy as my user, my oldcoin user, I can't copy that now into the root folder because I haven't got permission. whereas, as everybody knows, you've got globalrewrite permissions on the temp file. Of course, Just bear in mind that anything you copy across the temp file is gone if you have to reboot the server, because the temp file doesn't retain its contents after a reboot. Okay, so now we can see it's there. So we're just going to decompress that to the root drive now as root. An alphabet contains more letters. I'm not quite sure why my fingers aren't working today. Right, so that's now all done. So now I can go back to the point I was going to make before and just get it all massively wrong. So we're going to start the backup server first. Not without command. Keep getting confused. Okay, so now started and just to prove why I got that wrong and just to prove that I'm not a complete donut, we'll just give it a minute, actually,just to let that come up fully. Okay, I think that's probably enough time. Wow. Okay, So now that I finally managed to type correctly, we can see that we started the backup and we started the primary. So we're just going to reload this page. Okay, so now we've reloaded the page in its own time because I think it's actually still starting in the background anyway. So there you go. So that's it. So the live backup now is fine. I told you when it was last mirrored. So that was the last time it did any kind of writing to the backup. And we're all good now to switch hosts. If this fails to switch hosts, I'll just show you whilst I'm here. Okay, So if we go to the backup server now, please don't let me down at this point, but we can't get to it because it's Dr, which I believe. So this is the Dr. page for it. Now what we need to do to switch between the two is we need to switch hosts. Okay, Now start to switch hosts at this point if we reload this. Okay, so now we've logged into it,we've logged into the backup server. What we have to do now is to make this production server and that will begin the switching process. Yes. And all is well. So it's picked up the XOR prior to It knows that and it can resolve it. So it's happy and we will see. We've got all the same configurations here. So that's it really. That's live backup. Anything now that you put on the primary is going to be on the doctor. It is a mirror. It will immediately mirror it if I hang on. So let's say I go to available, update them all, and then when we come back, what we should see then is that the last mirror in action was in fact, we'll try. Now we've got some pending actions there because we're upgrading all the integrations on this one. Now we've got pending actions to mirror across to the other one. And that will take some time because he's also a bit of a slow bandwidth as well. It should be fine. Everything seems to take an extra few seconds. But then that said, as we went over the minimum specifications, it should be noted at this point,these are not running with the correct specifications. So any kind of performance lag or anything like that that you see in these environments will not be seen in a production environment if it is properly built. It's just that, basically, I'm a cheap ass and Ijoke to think of the oversubscription rate for my memory and I opt and compute on my VM server, which is sitting downstairs somewhere in a minute, smoking struggles. But that said, I personally feel the whole thing is quite a lightweight program. It runs very, very quickly when it's got the correct specifications, and that's it. So for that part now, that's it. That's how you build a live backup. Switching back is exactly the same process. So we go back to There. Switch hosts. Let me switch hosts going back. It is what it is. That's done. And then we'll move on now to the hang on. We've done the distributed database. So now we need to add nodes to a distributed database. So I'll see you in that video. Okay, so now we're going to do the distributed database, which is fairly easy. We just got the same script that we had before. You can see it there. I've done the chmod to make it executable. And again, like before, it's just the standard way of installing it and running the script, but with the flags to tell it what we're going to do. So the first one we're going to install is the DB node, as you can see. And that is simply telling it that we want some options. DB only sort of speaks for itself. It doesn't want to be DB's only secret that we're going to have. So the secret has to be a ten-character password. So for ease and so on, I'm just going to do it really simply, okay. So I don't forget, later on, I look like a complete tool. And then finally, why do we accept all the defaults as we go through? Okay, so now that will install the database. And on the other hand, we just need to install the app server using theflags just to install an app server. The Mysto server Use flags. And then we're going to this one because this one is the server only. That's literally the flag going to be server only. And then we're going to tell it where its database is, what the secret is, so that it knows to connect to it. And the address of that one is I think I should really have thought that through. And then we're going to give the external address of this host. So the address of this server is that it's connected to that. So that's going to be the ten 616. so accustomed to pressing space 16 And then we're going to put the Y against that, so that we've got to accept all defaults. Now what I'm going to do is I'm just going to pause here whilst this does it, because you want to install the database, make sure that's installed and running and then install the app server unless it's finished now, which it could be, or it's still got a bit to go. I think it may still have a bit to go. So I'm going to pause it now and then we'll come back to it when we're ready to install the app server. All right, so now, as we can see, that's done. So that's installed. So we'll just run the script on the app server now. And then once that's done, we'll go to the app server and we'll be able to see that we've now got a remote database. And then we will add a database node to that. I suppose you could call it a database then. Yeah, we'll go through, delete it, and then that's it. That's it for this video. The domain is actually in two parts. I'm going to do it in two parts because, well,A, nobody really watches my videos beyond four and a half minutes anyway, which is slightly stressful, so it gives me a chance to get in the video watched, but B, because it is actually quite a large domain. So part of it is the architecture, which includes things like distributed databases, sizing requirements, and so on. And the other part of it is the threat management capability of XOR, which does become quite intense and quite a large subject. So I'm going to do that in a separate video which will be really manageably titled Pcsae Domain Four part two.So you can watch out for that wonderful piece of cinematic history. So I'll just pause this whilst it does whatit does and then we'll come back to it and we'll have a look at the remote database. Okay, so now that's finished, with some luck,you should be able to log into it. Okay, so I changed the password, which I forgot. Hang on, I remember what I'm typing. Now you change the password because, when you install the app serveron me, the password is admin, admin. And then it gets to the part where you have to change the password for it. Okay, so now we're on the app server and we're going to go, and hopefully, all things being equal, we should see a connected remote database. And that's really it really.So you can download the log from that database. You can see what it's using. 3% CPU memory and disc utilisation And also here on this page, this is where we create a node. So before we do that, we just need to check and make sure that the hostname is populated in the troubleshooting section. External host name: 100 616. So that should be all good. That's what it should be built as. So we'll go back to mode databases and then we'll create a node, and that will just take a minute before it starts to download the script. So I'll just pause it there. So I've got a little bit called out there by the old popup blocker. So once that's done, you then get the option to download the script. The script is then what we're going to put onto the server that's going to become the node. And then we run the script from the node. So I'll save that and then use Win SCP to put it on what was originally used as a backup node and we'll run it from there. So once it's done, I'll show you that.Okay, so once again I've gone into the temp directory because of the two permissions. And as you can see, we now have the file in there, the Domisto node file that was created from the cortex instance. So now what we need to do is we need to run that script with the flags that I'm going to show you now. And that's literally what it's connected back to. And this is where we need port four hundred and three open because this will connect back to the app server on four hundred and three. So for registering the database, And then, at which point, you need your 50,001 for the replication, the database activity between the two. so right. And then again, we're going to add some flags and then the external address of the app server and accept defaults. And that will now go through and build our node. And then that should join the appserver without any having to restart.So you can see just how versatile it actually is. You would do this in a massive environment. A massive environment If you've got lots and lots of instances where you've got lots and lots of threat feeds, got lots and lots of things coming in, you are going to need to be able to expand your database at will, basically. And you can do it without any interruption to production traffic or any interruption to service. You can increase your database capacity and bandwidth as much as you see fit. So I'm going to pause again there to let that do that. And then we'll come back to it and hopefully it will be registered and I'll look like I'm doing it. Okay, so that's now finished now.It's a little bit of an open thing now. So when I said previously, I got it wrong previously. So the address that needs to go in is the address of the node that you're creating, the external address of the node that you're creating, because within the script it's already got the address of the app server. So this has been created, it's now running and we can see the results. Okay, so this is the original one that registered, didn't register itself because it couldn't, because I'd put the wrong address on. And then this is the one now that's come through. So this is actually run from the same script. So you're going to need to run the script again. It gives you a different ID each time. And then we can go to the database server if we want to. And that's how you create a node. That's the node that's been created. We can download the logs from it, so we can see what it's doing. You can monitor it. You can see the CPU, the memory, and the disc usage as it goes through. Yeah So that's it. That's how you create a node. And that's also rather alarming—you also don't create a node. So there you go.

2. Solution Architecture Update 1

So I hope you're enjoying the course so far. Obviously, since this course was done, there have been upgrades and updates to Excel. The exam hasn't changed as yet, but there's a few things you should be aware of with thissolution architecture that I really wanted to just go through and just add this video in here whilst I'm updating the course material. So one of the things to be aware of is that some of the settings have changed and some of the places where things are have changed. So for instance, if we go to Settings, we now have an integration object set up. That's a new one. Users and roles are the same as before. Advanced is the same as Exclusion Lists backups, but it's this one specifically. So where this was under a different heading previously, it's now under Object setup. In there you can create your indicators. The instance indicators threaten to report types, so it works the same. You can create report types. The threat intelligence side of things is a 6.5 addition, and it works in the same way that Indicators do. It's just that you can create your own customised versions of it. One of the other things to be aware of is that there is a Padman as opposed to a Docker. This is because Podman is a daemonless container environment. So whereas Docker requires a demon to run,which needs root privileges, which is why attackers love them so much to be able to compromise a container that container's root privileges, Podman doesn't do the same. So I'll add a link just after this. If you look in the resources, there'll be a link there for the new admin guide for 6.5. If you go and have a look at Podman, you'll be able to see the advantages of it. I also found a link to a good blog post that I found that really does go into the advantages of Podman over Docker, as you can see if you want to migrate from Docker to Podman within your current deployment, it's there in the admin guide. Although going forward, new servers and new engines are deployed with Podman as opposed to Docker. So I will be updating more stuff as I go and obviously get everybody up to date. I hope you enjoy the course. I hope you get something from it. Good luck with your PCSAE. Any questions, any queries, just pop them in and I'll get back to you as soon as possible.

ExamSnap's Palo Alto Networks PCSAE Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Palo Alto Networks PCSAE Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.