: Monitoring the Application Command Center (ACC) and Logs on Panorama
Focus
Focus

Monitoring the Application Command Center (ACC) and Logs on Panorama

Table of Contents

Monitoring the Application Command Center (ACC) and Logs on Panorama

Best practices for monitoring the Application Command Center (ACC) and monitoring logs from the Panorama™ management server.
The Application Command Center (ACC) is an interactive visualization tool designed to help you quickly understand events in your network. The ACC contextualizes your managed firewall logs to enable you gain insights into traffic patterns and actionable information on threats that you can use in your investigations.
  • Learn to use all the data interactions available to you in the ACC.
    • Use ACC filters to drill down for specific information such as addresses or users.
    • Apply global filters to pivot the ACC display around details you care about most and exclude unrelated information.
    • If leveraging GlobalProtect, view the GlobalProtect Activity widget to view the HIP reports based on HIP match logs to understand the security status of end devices accessing your network.
    • After you have narrowed down the information you are interested in, Export your ACC data in CSV format or widgets in PDF format to share with your team interested in performing further investigation or remediation.
  • Customize the ACC to ensure that is tailored to the specific network activity you are interested in monitoring.
    This will help you improve your efficiency as you investigate a particular user or host. This enables you to have complete contextual information without having to switch tabs or scroll too far.
  • Select ObjectsRegions and create custom regions with IP address ranges to use in your security policy rules. Using custom regions makes the correlating network events in the ACC more relevant.
    For example, you configured custom regions for your branch offices and notice certain IP addresses are responsible for a suspiciously large amount of traffic. By leveraging custom regions, you can correlate this suspicious network activity with a specific branch office and take steps to investigate and perform remediation measures.