Endpoint Insights for Prisma Access Agent
Prisma Access Agent collects endpoint insights data, enabling you to
proactively detect, investigate, and resolve Prisma Access Agent issues more
efficiently.
Where Can I Use This? | What Do I Need? |
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
- NGFW (Managed by Panorama)
|
- Check the prerequisites for the deployment you're using
- Minimum
required Prisma Access Agent version: 25.4
- macOS 14 and later or Windows 10 version 2024 and later desktop
devices
- Contact your Palo Alto Networks account representative to
activate the Prisma Access Agent feature
|
The endpoint insights feature for Prisma Access Agent enables you to collect and analyze
comprehensive troubleshooting data for the endpoint, including endpoint state,
troubleshooting logs, and agent performance metrics. Using Prisma Access Agent endpoint
insights, you can proactively detect potential issues before they impact end users and
efficiently investigate and resolve problems when they occur. By analyzing the
repository of periodic and event-driven diagnostics, you can gain deep insights into
endpoint behavior to help you quickly identify the root causes of connectivity or
application access issues.
Diagnostic Triggers
The core functionality operates through
multiple trigger mechanisms that capture endpoint state information at critical moments.
Prisma Access Agent collects endpoint diagnostics periodically or on-demand:
Periodic diagnostics—Collected once every 24 hours by default. Periodic
diagnostics provide a regular overview of endpoint health and performance.
On-demand diagnostics—Captured using the menu in the Inventory
page. On-demand triggers enable you to manually initiate comprehensive diagnostic
collection from any managed endpoint through the Inventory
page, providing immediate access to troubleshooting information without requiring
end-user involvement.
Data Collection Process
When diagnostic collection occurs, the
system captures a complete snapshot of the endpoint environment including agent status
information, tunnel connectivity details, gateway selection data, and network
configuration parameters. It also collects system-level information such as operating
system details and hardware specifications. Delta log collection retrieves the most
recent 10 minutes of agent activity logs, preserving the exact conditions present when
issues occur and providing the temporal context necessary for effective root cause
analysis.
Prisma Access Agent collects a wide range of data points for endpoint insights,
including:
Endpoint data (OS version, applications, drivers)
Agent deployment and performance details
Troubleshooting logs
Data Storage and Retention
Diagnostic data storage and retention policies
are fully configurable, enabling you to balance troubleshooting needs with compliance
requirements and storage costs. Prisma Access Agent collects the diagnostic data, stores
it securely, and retains it for 45 days by default. You can set the retention period
between 7-730 days (2 years), depending on your organizational
policies
You can access the data through the Inventory
page, enabling you to view and download the diagnostics for analysis.