>
    Strata Copilot
    Endpoint Insights for Prisma Access Agent
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent Administration
    4. Manage Prisma Access Agents
    5. Endpoint Insights for Prisma Access Agent
    Download PDF
    Prisma Access Agent

    Endpoint Insights for Prisma Access Agent

    Table of Contents

    Endpoint Insights for Prisma Access Agent

    Prisma Access Agent collects endpoint insights data, enabling you to proactively detect, investigate, and resolve Prisma Access Agent issues more efficiently.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • NGFW (Managed by Panorama)
    • Check the prerequisites for the deployment you're using
    • Minimum required Prisma Access Agent version: 25.4
    • macOS 14 and later or Windows 10 version 2024 and later desktop devices
    • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
    The endpoint insights feature for Prisma Access Agent enables you to collect and analyze comprehensive troubleshooting data for the endpoint, including endpoint state, troubleshooting logs, and agent performance metrics. Using Prisma Access Agent endpoint insights, you can proactively detect potential issues before they impact end users and efficiently investigate and resolve problems when they occur. By analyzing the repository of periodic and event-driven diagnostics, you can gain deep insights into endpoint behavior to help you quickly identify the root causes of connectivity or application access issues.

    Diagnostic Triggers

    The core functionality operates through multiple trigger mechanisms that capture endpoint state information at critical moments. Prisma Access Agent collects endpoint diagnostics periodically or on-demand:
    • Periodic Diagnostics
      Prisma Access Agent collects diagnostics once every 24 hours by default. Periodic diagnostics provide a regular overview of endpoint health and performance.
    • On-Demand Administrator-Triggered Diagnostics
      You can capture diagnostic information from the Endpoint Management page in Strata Cloud Manager. On-demand triggers enable you to manually initiate comprehensive diagnostic collection from any managed endpoint, providing immediate access to troubleshooting information.
      User Consent Requirements (Prisma Access Agent 25.7) (Panorama-only)
      You can configure user consent requirements for the administrator-triggered diagnostic collection to address privacy concerns while maintaining administrative oversight. When you initiate diagnostics from Strata Cloud Manager, the system can optionally display a dialog on the endpoint requesting consent to collect diagnostic information.
      If you do not configure user consent requirements, Prisma Access Agent proceeds with the diagnostic data collection without requesting user consent.
    • On-Demand User-Triggered Diagnostics Through User Issue Reporting (Prisma Access Agent 25.7)
      End users can report connectivity problems directly from the Prisma Access Agent interface or command line, eliminating the need to wait for administrators to detect issues. When users experience connectivity problems, they can:
      • Report issues through the Prisma Access Agent app with a description of the problem they are experiencing (limited to 1000 characters) and provide consent for diagnostic data collection before the process begins
      • Use the Prisma Access Agent command-line interface (PACli) with the pacli eie trigger -d "<description>" command to report an issue and begin diagnostic data collection
      This user-initiated approach enables immediate response to connectivity problems and reduces support case resolution time.

    Data Collection Process

    When diagnostic collection occurs, the system captures a complete snapshot of the endpoint environment including agent status information, tunnel connectivity details, gateway selection data, and network configuration parameters. It also collects system-level information such as operating system details and hardware specifications. Delta log collection retrieves the most recent 10 minutes of agent activity logs, preserving the exact conditions present when issues occur and providing the temporal context necessary for effective root cause analysis.
    Prisma Access Agent collects a wide range of data points for endpoint insights, including:
    • Endpoint data (OS version)
    • Agent deployment and performance details
    • Troubleshooting logs

    Data Storage and Retention

    Diagnostic data storage and retention policies are fully configurable, enabling you to balance troubleshooting needs with compliance requirements and storage costs. Prisma Access Agent collects the diagnostic data, stores it securely, and retains it for 45 days by default. You can set the retention period between 7-730 days (2 years), depending on your organizational policies
    You can access the data through the Endpoint Management page, enabling you to view and download the diagnostics for analysis.

    © 2025 Palo Alto Networks, Inc. All rights reserved.