Monitoring the Application Command Center (ACC) and Logs
on Panorama
Expand all | Collapse all
Monitoring the Application Command Center (ACC) and Logs
on Panorama
Best practices for monitoring the Application Command
Center (ACC) and monitoring logs from the Panorama™ management server.
The
Application Command Center (ACC) is
an interactive visualization tool designed to help you quickly understand
events in your network. The ACC contextualizes your managed firewall
logs to enable you gain insights into traffic patterns and actionable information
on threats that you can use in your investigations.
Learn to use all the data interactions
available to you in the ACC.
Use ACC filters to drill
down for specific information such as addresses or users.
Apply global filters to
pivot the ACC display around details you care about most and exclude
unrelated information.
If leveraging GlobalProtect, view the
GlobalProtect
Activity
widget to view the HIP reports based on
HIP match logs to understand
the security status of end devices accessing your network.
After you have narrowed down the information you are interested
in,
Export
your ACC data in CSV format or
widgets in PDF format
to share with your team interested in performing further investigation
or remediation.
Customize the ACC to ensure that is tailored to the specific
network activity you are interested in monitoring.
This will
help you improve your efficiency as you investigate a particular
user or host. This enables you to have complete contextual information
without having to switch tabs or scroll too far.
By default, the
Threat Activity
widget
is displayed. If it is not displayed,
add a new widget and select
Threat
Activity
.
Select and
create custom regions with
IP address ranges to use
in your security policy rules. Using custom regions makes the correlating network
events in the ACC more relevant.
For example, you configured
custom regions for your branch offices and notice certain IP addresses
are responsible for a suspiciously large amount of traffic. By leveraging
custom regions, you can correlate this suspicious network activity with
a specific branch office and take steps to investigate and perform
remediation measures.
