>
    Activity Insights: Users
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Insights: Activity Insights
    4. Activity Insights: Users
    Download PDF
    Strata Cloud Manager

    Activity Insights: Users

    Table of Contents

    Activity Insights: Users

    Monitor user activity in your Prisma Access and NGFW environments.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • NGFW (Managed by PAN-OS or Panorama)
    • NGFW (Managed by Strata Cloud Manager)
    You must have at least one of these licenses to use the Activity Insights:
    • Prisma Access
    • AIOps for NGFW Free (use the AIOps for NGFW Free app)
       or
      AIOps for NGFW Premium license (use the Strata Cloud Manager app)
       license
    The other licenses needed to view the Activity Insights: Users tab are:
    • Strata Logging Service
    • Advanced URL Filtering
       license
    • Cloud Identity Engine
       license
    • Advanced Threat Prevention
       license
    • ADEM Observability
       will unlock additional Prisma Access features
    Monitor user activity in your Prisma Access and NGFW environments. You can view data for users who connect to Prisma Access and NGFW security services either through the GlobalProtect app on their devices or through Explicit Proxy through a web browser on their devices. Monitoring the user activity helps to detect and stop potential threats, protect misuse of sensitive information, and adjust your Security policy rule to close security gaps.
    You can filter the user data based on:
    • Deployment; Prisma Access, NGFW
    • Connection methods and versions; GlobalProtect, Explicit Proxy, Remote Browser
    • Username
    • Device name
    • Traffic originating location and Prisma Access locations
    • Applications accessed by users and user experience score filters
    View the following details here:
    • Connected Users
      - Monitor aggregated data about your currently connected GlobalProtect and Explicit Proxy Mobile Users. View the number of users connected to your network at the time the data was fetched or as indicated in the timestamp. You can
      View Trend by
      Users
       or by
      User Devices
      . Select the number to see the Connected Users | Connected User Devices table for details about all connected users and all of their devices.
    • Monitored Users
      - View the total number of users or user devices monitored by ADEM and their average user experience, which is the experience score aggregated across all users monitored on ADEM. Click the number to view the user activity details in relation to user experience.
    • Risky Users
      - View the number of users impacted by threats. The Up or Down arrow compares this time range with a previous time range to determine the difference, in percentage, of the number of connected devices. Select View More Details for GlobalProtect Versions or IP Pool Utilization to see details about risky users in your environment.
    • GlobalProtect Version Details
      - shows the GlobalProtect versions that are installed on your devices. You can see how many users are connecting with each version. Use the data to enforce compliance with the latest GlobalProtect app version. Hover over the Distribution Trend lines to see the IP addresses of users connected at that time.
    • See IP pool utilization
       by different IP pool allocation theaters based on the number of connected users at that time. The IP pool utilization percentage on the graph is the number of IP pool blocks used out of all the IP pool blocks that are available across all the subnets. You can take proactive action by adding subnets when you see an IP pool bar approaching the maximum capacity for any region.
    • Users
       table displays information about the users logged in during the Time Range Click the username to get visibility into an individual users’ browsing patterns: their most frequently visited sites, the sites with which they’re transferring data, and attempts to access high-risk sites.
      • Threats
        -
        • Browsing summary-
          See the numbers for the types of sites with which the user had the most data transfer and number of site visits by the user.
        • Top 10 Most Visited URL Categories-
          View the top URL categories for the user based on data transfer. You can also see the number of unique URLs visited that fall into each URL category.
        • URL Browsing Summary-
          Out of the unique URLs visited by the user, watch out for visits to malicious and high-risk URLs — these sites can expose your network to threats, data loss, and compliance violations. If you see more visits to these sites than you’d expect, adjust your Security policy rule to close the gaps.
        • Top 10 URLs-
          Review the risk level for the most frequently visited sites by the user. High-risk URLs need to be monitored as they are likely to expose your network to threats.
        • Blocked URLs by Risk-
          These are the blocked URLs that the user most frequently attempted to access. Review the URL filtering logs and see if you need to adjust the security policy rule to change the action.
        • Severe Threats-
          View the total threats detected for the user and the numbers based on the severity of the threats. Compare the number with other users. Adjust the security policy rule if the numbers are unusually high.
        • Top Severe Threats-
          These are the
          threats
          most frequently detected for the user.
      • Connectivity
        - shows the trend of devices that the user is logged into during a specific time period and the device connection details for every user login and logout event.
      • Experience
        - provides the user experience data for the device, the experience score and trend for each of the monitored applications, and performance metric for the monitored user and applications for individual devices.
    Reports
    - You cannot generate report that cover the data in this view. However, you can utilize the User Activity report to view activity specific to a user in your network. To schedule report, from the
    Strata Cloud Manager
    Reports
     menu, click the
    icon and select Users from the
    Type
     drop-down.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.