Redigera

Dela via

TufinMate

  • Artikel

Important

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Tufin Orchestration Suite is a centralized firewall management platform that allows you to define, implement, and enforce comprehensive security policies across complex hybrid networks. Tufin makes it easier to identify and modify risky firewall configurations, optimize firewall usage, evaluate the impact of vulnerabilities on the network, and achieve continuous compliance with industry regulations.

TufinMate for Security Operation Centers is an extension of the Tufin Orchestration Suite platform, accessed from Security Copilot. It empowers security analysts to reduce incident response times by providing them with context on permitted network access paths, firewall rule compliance, permissiveness, and last hit information.

Use the TufinMate plugin with Microsoft Security Copilot to answer questions about how traffic is permitted to traverse your network. See where access is permitted, identify permissive or unused rules, verify the compliance of an access flow, and receive instructions on how to initiate a change request.

The TufinMate plugin helps your team:

  • Assess the priority of a vulnerability based on access flows to or from the relevant asset.
  • Better understand the network impact radius of a security incident by verifying whether access to sensitive assets is permitted or blocked by firewalls.
  • Identify overly permissive or unused firewall rules that may be relevant to a security incident.
  • Verify the compliance of a firewall device or access path.
  • Gather the information needed to submit a network change request.

Prerequisites

The TufinMate Management App must be installed on your Tufin Orchestration Suite cluster. Currently, the TufinMate Management App is still in a Beta limited availability release. You must contact your Tufin account team to request the installer file.

After receiving the installation file, see the TufinMate User Guide for further instructions.

Know before you begin

Integration with Security Copilot requires an API Key. Follow these instructions generate a key during setup.

  1. Sign in to Microsoft Security Copilot.

  2. On the prompt bar, select the Plugin button to access Manage Plugins.

  3. Next to TufinMate, select the toggle to enable it.

  4. The plugin asks you for a value (an access identifier for API authentication). You need to add a unique API Key generated by the TufinMate Management App. To retrieve it:

    1. Sign into Tufin Orchestration Suite and open the TufinMate Management Application.

    2. From the Available Integrations screen, within the card for Security Copilot, select Manage Integration.

    3. Under Integrate with Security Copilot, select Generate API Key.

      Image of setting up new integration with copilot

  5. Copy the API Key that was generated. Note, you can't generate the same API key twice.

  6. Navigate back to Security Copilot and add the API key.

    Image of Tufin Firewall Management settings

  7. Select Save.

  8. Use the sample prompts listed in the following section to get started using the TufinMate plugin.

Sample TufinMate prompts

After the TufinMate plugin is configured, you can use it by typing TufinMate in your Security Copilot prompt bar, followed by an action. The following table lists example prompts to try.

Capability Example prompts
Network Access Status Can {{source}} access {{destination}} using any service?

Tell me if traffic is permitted between {{source}} and {{destination}} using {{service}}.
Device Details Can you provide some details about device id {{device ID}} using the Tufin Firewall Management plugin?
Last Hit Information Does the device {{insert device ID or device name or device IP}} have any rules with no hits in the past 90 days?

Are there any rules on the path between <<source>> and {{destination}} with no hits in the past 30 days?
Firewall Rule Permissiveness Does the device {{insert device ID or device name or device IP}} have any highly permissive rules?

Are there any rules on the path between <<source>> and {{destination}} that are highly permissive?
Compliance Violations Does the device {{insert device ID or device name or device IP}} have any rules with unified security policy violations?

Are there any rules on the path between <<source>> and {{destination}} with compliance violations?
Change Request Guidance How could I use Tufin to request traffic be permitted?
Ticket Type Question Which ticket type should I use to request {{Insert one of the following: Access, Rule Decommission, Block Access, Recertification, Rule Modification}}?

Troubleshoot the TufinMate plugin

How to Contact Tufin Support

To submit a support request or manage your support ticket, visit the Tufin User Portal.

How to generate logs

From the TufinMate Management App, click on the Global Settings icon on the left sidebar menu. Use the log information setting to modify the level of logs generated. Use the provided prompt to retrieve the logs.

See also

Non-Microsoft plugins for Microsoft Security Copilot

Manage plugins in Microsoft Security Copilot