Focus

Autonomous DEM

ADEM Data Collection and Agent Processes

Table of Contents

Filter

Expand All | Collapse All

Autonomous DEM Docs

Administration
Version
- AI-Powered ADEM
- Autonomous DEM for China
User Guide
Release Notes
Version
- AI-Powered ADEM
- Access Experience Agent 5.1
- Access Experience Agent 5.3

Manage Queries from the Query Results Page

Manage Autonomous DEM Agent Upgrades

ADEM Data Collection and Agent Processes

Learn about the metrics that the ADEM agent collects from the user's workstation in order to provide actionable insights into the workstation, network, path and application performance

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) Strata Cloud Manager	Prisma Access license Autonomous DEM license

The Autonomous Digital Experience Management capability is built into the GlobalProtect Client. It is enabled/disabled by the policy in the

Prisma Access

administration portal (Both Panorama and Cloud Managed).

Data Collection

The ADEM agent collects metrics from the user's workstation in order to provide actionable insights into the workstation, network, path and application performance. The metrics collected are:

User sessions

GlobalProtect username

GlobalProtect Login / Logout time

GlobalProtect status

Prisma Access

location

User geographical local

Service provider name

BIOS

Serial number

Computer

Hostname

Model

Manufacturer

Battery

Network

Hostname

Network interfaces

IPv4 and IPv6 address

Public IP Address

MAC address

Default gateway

WiFi Signal Quality

WiFi Tx Speed

WiFi Rx Speed

WiFi Channel

WiFi Network SSID

WiFi Network BSSID

VPN Network

VPN Interface

VPN Gateway ID/Hostname

Network interfaces

Operating System

OS type

Version

OS architecture

Logical Devices

Device ID

Device type

Media type

Size

Name

Volume name

Volume serial number

Filesystem count

Filesystem storage size

Filesystem usage

CPU

Architecture

Core count

Logical processor count

Manufacturer

Max clock speed (Except on Apple Silicon)

Name

RAM

Memory module capacity (Windows only)

Total Capacity

Synthetic Test Results

Network Latency

Network Jitter

Network Loss

DNS resolution times

TCP Latency

SSL Latency

HTTP Latency

FQDNs Used by ADEM

The ADEM Client sends the data collected to the ADEM Portal. As such the following FQDN’s may need to be whitelisted and/or excluded from SSL decryption:

agents.dem.prismaaccess.com

updates.dem.prismaaccess.com

features.dem.prismaaccess.com

agents-prod1-us-west2.dem.prismaaccess.com

agents-sg1-asia-southeast1.dem.prismaaccess.com

agents-au1-australia-southeast1.dem.prismaaccess.com

agents-jp1-asia-northeast1.dem.prismaaccess.com

agents-ca1-northamerica-northeast1.dem.prismaaccess.com

agents-eu1-europe-west4.dem.prismaaccess.com

agents-uk1-europe-west2.dem.prismaaccess.com

agents-in1-asia-south1.dem.prismaaccess.com

agents-de1-europe-west3.dem.prismaaccess.com

agents-ch1-europe-west6.dem.prismaaccess.com

agents-fr1-europe-west9.dem.prismaaccess.com

Processes to be Whitelisted on EDR Deployments

Here are the ADEM processes that you must whitelist on your EDR deployments in order for

Autonomous DEM

to run.

MacOS Process
Process	Process Description	User/Permission level
/Applications/Access Experience.app/Contents/MacOS/crypter	(This is a debugging tool as of 3.0.0) In previous versions it was used to read encrypted data from GlobalProtect: username, subtenant_id,certificate password.	_panwdem (sudo)
/Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr	Path Trace test for showing path visualization data on ADEM portal	_panwdem (sudo)
/Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService	Invokes the mtr process for path traces.	_panwdem
/Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/DemWebTestService	Runs the curl process.	_panwdem
/Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/curl	Application Performance test using Curl	_panwdem
/Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/MacOS/DemUpdateService	Endpoint DEM service software update manager	root
/Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/MacOS/DemNetworkTestService	Runs ICMP/TCP ping tests.	_panwdem
/Applications/Access Experience.app/Contents/Services/DemCollectionService.xpc/Contents/MacOS/DemCollectionService	Collects local system metrics such as cpu, memory, and wifi statistics.	_panwdem
/Applications/Access Experience.app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService	Provides connectivity to the ADEM portal for incoming configuration and transmission of test results.	_panwdem
/Applications/Access Experience.app/Contents/Services/DemTransmissionService.xpc/Contents/MacOS/DemTransmissionService	Runs periodically to collect test results from the other services and transmits them to the portal via the portal service.	_panwdem
/Applications/Access Experience.app/Contents/MacOS/Access Experience
/Applications/Access Experience.app/Contents/Library/Access Experience Menu.app/Contents/MacOS/Access Experience Menu
/Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr-packet
/Applications/Access Experience.app/Contents/Services/DemUserProxyService.xpc/Contents/MacOS/DemUserProxyService
/Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/Frameworks/SPLPing.framework/Versions/A/SPLPing
/Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop
/Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate
/Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle
/etc/sudoers.d/‘palo_alto_networks_dem.tmp’	File lists processes that requires sudo access	_panwdem (sudo)
/Applications/Access Experience.app/Contents/Services/DemAnalyticsService.xpc/Contents/MacOS/DemAnalyticsService

Windows Process
Process	Process Description	User/Permission level
C:\Program Files\Palo Alto Networks\DEM\bin\curl	Application Performance test using Curl	Network Service
C:\Program Files\Palo Alto Networks\DEM\bin\mtr-packet	Path Trace test for showing path visualization data on ADEM portal	Network Service
C:\Program Files\Palo Alto Networks\DEM\bin\mtr	Invokes the mtr process for path traces.	Network Service
C:\Program Files\Palo Alto Networks\DEM\bin\tcping	Network Performance test for Applications using TCP Ping	Network Service
C:\Program Files\Palo Alto Networks\DEM\AgentProcess	This is the main agent process that provides portal connectivity and test coordination.	Local System
C:\Program Files\Palo Alto Networks\DEM\DEMAgentService
C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess
C:\Program Files\Palo Alto Networks\DEM\bin\BMTR
C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService
C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\createdump
C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess
C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience
C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\AccessExperienceUI

Manage Queries from the Query Results Page

Manage Autonomous DEM Agent Upgrades

Autonomous DEM Docs

ADEM Data Collection and Agent Processes

Autonomous DEM Docs

ADEM Data Collection and Agent Processes

Data Collection

FQDNs Used by ADEM

Processes to be Whitelisted on EDR Deployments

Recommended For You

Activation & Onboarding

SASE

Visibility & Monitoring