Dashboard: User Activity
Focus
Focus
Strata Cloud Manager

Dashboard: User Activity

Table of Contents

Dashboard: User Activity

This dashboard gives you visibility into individual users’ browsing patterns.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • NGFW (Cloud Managed)
  • VM-Series, funded with Software NGFW Credits
  • AIOps for NGFW Free (use the AIOps for NGFW Free app)
    or
    AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    license
  • Prisma Access
    license
  • Advanced URL Filtering
    license
  • Cloud Identity Engine
    license
  • Advanced Threat Prevention
    license
  • Cortex Data Lake
    license
  • A role that has permission to view the dashboard
  • Click
    Dashboards
    More Dashboards
    User Activity
    to get started.

What does this dashboard show you?

The dashboard shows the aggregated data per Cortex Data Lake tenant.
Get visibility into an individual users’ browsing patterns: their most frequently visited sites, the sites with which they’re transferring data, and attempts to access high-risk sites.
The data here is based on what’s reported in your URL Filtering logs. This report also depends on the Cloud Identity Engine (formely Directory Sync)—the Cloud Identity Engine gives you read-only access to your Active Directory information, so you can filter this report based on user. If you haven’t yet set up the Cloud Identity Engine, here’s how. Or, if you already have it set up, here’s how to integrate the Cloud Identity Engine with your app.
This dashboard supports reports. These icons, in the top right of a dashboard indicate that reports are supported for this dashboard. You can share, download, and schedule reports that cover the data this dashboard displays.

How can you use the data from dashboard?

Monitoring the user activity helps to detect and stop potential threats, protect sensitive information being misused, and adjust your security policy rule to close security gaps.
Browsing Summary
Requires Advanced URL Filtering license.
See the numbers for the types of sites with which the user had the most data transfer and number of site visits by the user.
Top 10 Most Visited URL Categories
Requires Advanced URL Filtering license.
View the top URL categories for the user based on data transfer. You can also see the number of unique URLs visited that fall into each URL category.
Web Browsing Risk Summary
Requires Advanced URL Filtering license.
Out of the unique URLs visited by the user, watch out for visits to malicious and high-risk URLs — these sites can expose your network to threats, data loss, and compliance violations. If you see more visits to these sites than you’d expect, adjust your security policy rule to close the gaps.
Most Visited Sites
Requires Advanced URL Filtering license.
Review the risk level for the most frequently visited sites by the user. High risk URLs need to be monitored as they are likely to expose your network to threats.
Blocked URLs with the Most Attempted Visits
Requires Advanced URL Filtering license.
These are the blocked URLs that the user most frequently attempted to access. Review URL filtering logs and see if you need to adjust the security policy rule to change the action.
Severe Threats
Requires Advanced Threat Prevention license.
View the total threats detected for the user and the numbers based on the severity of the threats. Compare with the number with other users. Adjust the security policy rule if the numbers are unusually high.
Top Severe Threats
Requires Advanced Threat Prevention license
These are the threats most frequently detected for the user. Learn more.

Recommended For You