Endpoint Insights for Prisma Access Agent
Prisma Access Agent collects endpoint insights data, enabling you to
proactively detect, investigate, and resolve Prisma Access Agent issues more
efficiently.
| Where Can I Use This? | What Do I Need? |
|---|
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
- NGFW (Managed by Panorama)
|
- Check the prerequisites for the deployment you're using
- Minimum
required Prisma Access Agent version: 25.4
- macOS 14 and later or Windows 10 version 2024 and later desktop
devices
- Contact your Palo Alto Networks account representative to
activate the Prisma Access Agent feature
|
The endpoint insights feature for Prisma Access Agent enables you to collect and analyze
comprehensive troubleshooting data for the endpoint, including endpoint state,
troubleshooting logs, and agent performance metrics. Using Prisma Access Agent endpoint
insights, you can proactively detect potential issues before they impact end users and
efficiently investigate and resolve problems when they occur. By analyzing the
repository of periodic and event-driven diagnostics, you can gain deep insights into
endpoint behavior to help you quickly identify the root causes of connectivity or
application access issues.
Diagnostic Triggers
The core functionality operates
through multiple trigger mechanisms that capture endpoint state information at
critical moments. Prisma Access Agent collects endpoint diagnostics periodically or
on-demand:
Data Collection Process
When diagnostic collection occurs,
the system captures a complete snapshot of the endpoint environment including agent
status information, tunnel connectivity details, gateway selection data, and network
configuration parameters. It also collects system-level information such as
operating system details and hardware specifications. Delta log collection retrieves
the most recent 10 minutes of agent activity logs, preserving the exact conditions
present when issues occur and providing the temporal context necessary for effective
root cause analysis.
Prisma Access Agent collects a wide range of data points for endpoint insights,
including:
Endpoint data (OS version, applications, drivers)
Agent deployment and performance details
Troubleshooting logs
Data Storage and Retention
Diagnostic data storage and
retention policies are fully configurable, enabling you to balance troubleshooting
needs with compliance requirements and storage costs. Prisma Access Agent collects
the diagnostic data, stores it securely, and retains it for 45 days by default. You
can set the retention period between 7-730 days (2 years), depending on your
organizational
policies
You can access the data through the
Endpoint Management
page, enabling you to view and download the diagnostics for analysis.
