AI-Powered ADEM Administrator’s Guide
    : ADEM Data Collection and Agent Processes
    Focus
    Download PDF
    Focus
    1. Home
    2. Autonomous DEM
    3. AI-Powered ADEM Administrator’s Guide
    4. ADEM Data Collection and Agent Processes
    Download PDF

    AI-Powered ADEM Administrator’s Guide

    ADEM Data Collection and Agent Processes

    Table of Contents

    ADEM Data Collection and Agent Processes

    Learn about the metrics that the ADEM agent collects from the user's workstation in order to provide actionable insights into the workstation, network, path and application performance
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Strata Cloud Manager
    • Prisma Access
       license
    • ADEM Observability
    • Mobile Users license
    • Remote Networks license
    The Autonomous Digital Experience Management capability is built into the GlobalProtect Client. It is enabled/disabled by the policy in the
    Prisma Access
     administration portal (Both Panorama and Cloud Managed).

    Data Collection

    The ADEM agent collects metrics from the user's workstation in order to provide actionable insights into the workstation, network, path and application performance. The metrics collected are:
    User sessions
    • GlobalProtect username
    • GlobalProtect Login / Logout time
    • GlobalProtect status
    • Prisma Access
       location
    • User geographical local
    • Service provider name
    BIOS
    • Serial number
    Computer
    • Hostname
    • Model
    • Manufacturer
    • Battery
    Network
    • Hostname
    • Network interfaces
    • IPv4 and IPv6 address
    • Public IP Address
    • MAC address
    • Default gateway
    • WiFi Signal Quality
    • WiFi Tx Speed
    • WiFi Rx Speed
    • WiFi Channel
    • WiFi Network SSID
    • WiFi Network BSSID
    VPN Network
    • VPN Interface
    • VPN Gateway ID/Hostname
    • Network interfaces
    Operating System
    • OS type
    • Version
    • OS architecture
    Logical Devices
    • Device ID
    • Device type
    • Media type
    • Size
    • Name
    • Volume name
    • Volume serial number
    • Filesystem count
    • Filesystem storage size
    • Filesystem usage
    CPU
    • Architecture
    • Core count
    • Logical processor count
    • Manufacturer
    • Max clock speed (Except on Apple Silicon)
    • Name
    RAM
    • Memory module capacity (Windows only)
    • Total Capacity
    Synthetic Test Results
    • Network Latency
    • Network Jitter
    • Network Loss
    • DNS resolution times
    • TCP Latency
    • SSL Latency
    • HTTP Latency

    FQDNs Used by ADEM

    The ADEM Client sends the data collected to the ADEM Portal. As such the following FQDN’s may need to be whitelisted and/or excluded from SSL decryption:
    • agents.dem.prismaaccess.com
    • updates.dem.prismaaccess.com
    • agents-prod1-us-west2.dem.prismaaccess.com
    • agents-sg1-asia-southeast1.dem.prismaaccess.com
    • agents-au1-australia-southeast1.dem.prismaaccess.com
    • agents-jp1-asia-northeast1.dem.prismaaccess.com
    • agents-ca1-northamerica-northeast1.dem.prismaaccess.com
    • agents-eu1-europe-west4.dem.prismaaccess.com
    • agents-uk1-europe-west2.dem.prismaaccess.com
    • agents-in1-asia-south1.dem.prismaaccess.com
    • agents-de1-europe-west3.dem.prismaaccess.com
    • agents-ch1-europe-west6.dem.prismaaccess.com
    • agents-fr1-europe-west9.dem.prismaaccess.com
    • agents-stg1-us-west2.dem.prismaaccess.com
    • agents-stg2-us-west2.dem.prismaaccess.com

    Processes to be Whitelisted on EDR Deployments

    Here are the ADEM processes that you must whitelist on your EDR deployments in order for
    Autonomous DEM
     to run.
    MacOS Process
    Process
    Process Description
    User/Permission level
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/MacOS/crypter
    (This is a debugging tool as of 3.0.0) In previous versions it was used to read encrypted data from GlobalProtect: username, subtenant_id,certificate password.
    _panwdem (sudo)
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr
    Path Trace test for showing path visualization data on ADEM portal
    _panwdem (sudo)
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService
    Invokes the mtr process for path traces.
    _panwdem
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/DemWebTestService
    Runs the curl process.
    _panwdem
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/curl
    Application Performance test using Curl
    _panwdem
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemUpdateService.xpc/Contents/MacOS/DemUpdateService
    Endpoint DEM service software update manager
    root
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemNetworkTestService.xpc/Contents/MacOS/DemNetworkTestService
    Runs ICMP/TCP ping tests.
    _panwdem
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemCollectionService.xpc/Contents/MacOS/DemCollectionService
    Collects local system metrics such as cpu, memory, and wifi statistics.
    _panwdem
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService
    Provides connectivity to the ADEM portal for incoming configuration and transmission of test results.
    _panwdem
    /Applications/GlobalProtect
    Autonomous DEM
    .app/Contents/Services/DemTransmissionService.xpc/Contents/MacOS/DemTransmissionService
    Runs periodically to collect test results from the other services and transmits them to the portal via the portal service.
    _panwdem
    /Applications/GlobalProtect Autonomous DEM.app/Contents/MacOS/GlobalProtect Autonomous DEM
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Library/GlobalProtect Autonomous DEM Menu.app/Contents/MacOS/GlobalProtect Autonomous DEM Menu
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr-packet
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemUserProxyService.xpc/Contents/MacOS/DemUserProxyService
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemLocalNetworkTestService.xpc/Contents/Frameworks/SPLPing.framework/Versions/A/SPLPing
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate
    /Applications/GlobalProtect Autonomous DEM.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle
    /etc/sudoers.d/‘palo_alto_networks_dem.tmp’
    File lists processes that requires sudo access
    _panwdem (sudo)
    Windows Process
    Process
    Process Description
    User/Permission level
    C:\Program Files\Palo Alto Networks\DEM\bin\curl
    Application Performance test using Curl
    Network Service
    C:\Program Files\Palo Alto Networks\DEM\bin\mtr-packet
    Path Trace test for showing path visualization data on ADEM portal
    Network Service
    C:\Program Files\Palo Alto Networks\DEM\bin\mtr
    Invokes the mtr process for path traces.
    Network Service
    C:\Program Files\Palo Alto Networks\DEM\bin\tcping
    Network Performance test for Applications using TCP Ping
    Network Service
    C:\Program Files\Palo Alto Networks\DEM\AgentProcess
    This is the main agent process that provides portal connectivity and test coordination.
    Local System
    C:\Program Files\Palo Alto Networks\DEM\DEMAgentService
    C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess
    C:\Program Files\Palo Alto Networks\DEM\bin\BMTR
    C:\Program Files\Palo Alto Networks\DEM\bin\DEMLocalNetworkTestProcess
    C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService
    C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService
    C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\createdump
    C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess
    C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\GlobalProtectAutonomousDEMSelfServe
    C:\Program Files\Palo Alto Networks\DEM\GlobalProtectAutonomousDEM
    The main service that launches the AgentProcess.
    Local System
    C:\Program Files\Palo Alto Networks\DEM\GlobalProtectAutonomousDEM\Updater
    Endpoint DEM service software update manager
    Local System

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.