Monitoring the Application Command Center (ACC) and Logs
Best practices for monitoring the Application Command
Center (ACC) and monitoring logs from the Panorama™ management server.
The Application Command Center (ACC) is
an interactive visualization tool designed to help you quickly understand
events in your network. The ACC contextualizes your managed firewall
logs to enable you gain insights into traffic patterns and actionable information
on threats that you can use in your investigations.
Learn to use all the data interactions
available to you in the ACC.
Use ACC filters to drill
down for specific information such as addresses or users.
Apply global filters to
pivot the ACC display around details you care about most and exclude
If leveraging GlobalProtect, view the
widget to view the HIP reports based on HIP match logs to understand
the security status of end devices accessing your network.
After you have narrowed down the information you are interested
your ACC data in CSV format or widgets in PDF format
to share with your team interested in performing further investigation
Customize the ACC to ensure that is tailored to the specific
network activity you are interested in monitoring.
help you improve your efficiency as you investigate a particular
user or host. This enables you to have complete contextual information
without having to switch tabs or scroll too far.
create custom regions with IP address ranges to use
in your security policy rules. Using custom regions makes the correlating network
events in the ACC more relevant.
For example, you configured
custom regions for your branch offices and notice certain IP addresses
are responsible for a suspiciously large amount of traffic. By leveraging
custom regions, you can correlate this suspicious network activity with
a specific branch office and take steps to investigate and perform