ADEM Data Collection and Agent Processes
Table of Contents
Expand all | Collapse all
- Autonomous DEM
- Products That Use Autonomous DEM
- Set up an Autonomous DEM Application Test
- ADEM Data Collection and Agent Processes
ADEM Data Collection and Agent Processes
If you are using the Strata Cloud Manager user interface, see
the AI-Powered ADEM Administrator's Guide.
The Autonomous Digital Experience Management
capability is built into the GlobalProtect Client. It is enabled/disabled
by the policy in the Prisma Access administration portal (Both Panorama
and Cloud Managed).
Data Collection
The ADEM Agent collections metrics from
the User workstation in order to provide actionable insights into
workstation, network, path and application performance. The metrics
collected are:
User sessions
- GlobalProtect username
- GlobalProtect Login / Logout time
- GlobalProtect status
- Prisma Access location
- User geographical local
- Service provider name
BIOS
- Serial number
Computer
- Hostname
- Model
- Manufacturer
- Battery
Network
- Hostname
- Network interfaces
- IPv4 and IPv6 address
- Public IP Address
- MAC address
- Default gateway
- WiFi Signal Quality
- WiFi Tx Speed
- WiFi Rx Speed
- WiFi Channel
- WiFi Network SSID
- WiFi Network BSSID
VPN Network
- VPN Interface
- VPN Gateway ID/Hostname
- Network interfaces
Operating System
- OS type
- Version
- OS architecture
Logical Devices
- Device ID
- Device type
- Media type
- Size
- Name
- Volume name
- Volume serial number
- Filesystem count
- Filesystem storage size
- Filesystem usage
CPU
- Architecture
- Core count
- Logical processor count
- Manufacturer
- Max clock speed (Except on Apple Silicon)
- Name
RAM
- Memory module capacity (Windows only)
- Total Capacity
Synthetic Test Results
- Network Latency
- Network Jitter
- Network Loss
- DNS resolution times
- TCP Latency
- SSL Latency
- HTTP Latency
FQDNs Used by ADEM
The ADEM Client sends the data collected
to the ADEM Portal. As such the following FQDN’s may need to be
whitelisted and/or excluded from SSL decryption:
- agents.dem.prismaaccess.com
- agents.jp1.ap-northeast-1.dem.prismaaccess.com
- agents.sg1.ap-southeast-1.dem.prismaaccess.com
- agents.au1.ap-southeast-2.dem.prismaaccess.com
- agents.ca1.ca-central-1.dem.prismaaccess.com
- agents.eu1.eu-central-1.dem.prismaaccess.com
- agents.uk1.eu-west-2.dem.prismaaccess.com
- agents.us1.us-east-2.dem.prismaaccess.com
- agents.dem.prismasasegov.com
- agents-il4-prod-us-central1.dem.prismasasegov.com
Processes to be Whitelisted on EDR Deployments
Here are the ADEM processes that you
must whitelist on your EDR deployments in order for Autonomous DEM
to run.
MacOS Process | ||
---|---|---|
Process | Process Description | User/Permission level |
/Applications/GlobalProtect Autonomous DEM.app/Contents/MacOS/crypter | (This is a debugging tool as of 3.0.0) In previous versions
it was used to read encrypted data from GlobalProtect: username, subtenant_id,certificate password. | _panwdem (sudo) |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr | Path Trace test for showing path visualization
data on ADEM portal | _panwdem (sudo) |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService | Invokes the mtr process for path traces. | _panwdem |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/DemWebTestService | Runs the curl process. | _panwdem |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/curl | Application Performance test using Curl | _panwdem |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemUpdateService.xpc/Contents/MacOS/DemUpdateService | Endpoint DEM service software update manager | root |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemNetworkTestService.xpc/Contents/MacOS/DemNetworkTestService | Runs ICMP/TCP ping tests. | _panwdem |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemCollectionService.xpc/Contents/MacOS/DemCollectionService | Collects local system metrics such as cpu, memory,
and wifi statistics. | _panwdem |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService | Provides connectivity to the ADEM portal for incoming
configuration and transmission of test results. | _panwdem |
/Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemTransmissionService.xpc/Contents/MacOS/DemTransmissionService | Runs periodically to collect test results from the
other services and transmits them to the portal via the portal service. | _panwdem |
/etc/sudoers.d/‘palo_alto_networks_dem.tmp’ | File lists processes that requires sudo access | _panwdem (sudo) |
Windows Process | ||
---|---|---|
Process | Process Description | User/Permission level |
C:\Program Files\Palo Alto Networks\DEM\bin\curl | Application Performance test using Curl | Network Service |
C:\Program Files\Palo Alto Networks\DEM\bin\mtr-packet | Path Trace test for showing path visualization
data on ADEM portal | Network Service |
C:\Program Files\Palo Alto Networks\DEM\bin\mtr | Invokes the mtr process for path traces. | Network Service |
C:\Program Files\Palo Alto Networks\DEM\bin\tcping | Network Performance test for Applications using
TCP Ping | Network Service |
C:\Program Files\Palo Alto Networks\DEM\AgentProcess | This is the main agent process that provides portal
connectivity and test coordination. | Local System |
C:\Program Files\Palo Alto Networks\DEM\GlobalProtectAutonomousDEM | The main service that launches the AgentProcess. | Local System |
C:\Program Files\Palo Alto Networks\DEM\GlobalProtectAutonomousDEMUpdater | Endpoint DEM service software update manager | Local System |