Endpoint Insights for Prisma Access Agent
Focus
Focus
Prisma Access Agent

Endpoint Insights for Prisma Access Agent

Table of Contents

Endpoint Insights for Prisma Access Agent

Prisma Access Agent collects endpoint insights data, enabling you to proactively detect, investigate, and resolve Prisma Access Agent issues more efficiently.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Panorama)
  • Check the prerequisites for the deployment you're using
  • Minimum required Prisma Access Agent version: 25.4
  • macOS 14 and later or Windows 10 version 2024 and later desktop devices
  • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
The endpoint insights feature for Prisma Access Agent enables you to collect and analyze comprehensive troubleshooting data for the endpoint, including endpoint state, troubleshooting logs, and agent performance metrics. Using Prisma Access Agent endpoint insights, you can proactively detect potential issues before they impact end users and efficiently investigate and resolve problems when they occur. By analyzing the repository of periodic and event-driven diagnostics, you can gain deep insights into endpoint behavior to help you quickly identify the root causes of connectivity or application access issues.
Diagnostic Triggers
The core functionality operates through multiple trigger mechanisms that capture endpoint state information at critical moments. Prisma Access Agent collects endpoint diagnostics periodically or on-demand:
  • Periodic diagnostics—Collected once every 24 hours by default. Periodic diagnostics provide a regular overview of endpoint health and performance.
  • On-demand diagnostics—Captured using the ActionsCollect Diagnostics menu in the Inventory page. On-demand triggers enable you to manually initiate comprehensive diagnostic collection from any managed endpoint through the Inventory page, providing immediate access to troubleshooting information without requiring end-user involvement.
Data Collection Process
When diagnostic collection occurs, the system captures a complete snapshot of the endpoint environment including agent status information, tunnel connectivity details, gateway selection data, and network configuration parameters. It also collects system-level information such as operating system details and hardware specifications. Delta log collection retrieves the most recent 10 minutes of agent activity logs, preserving the exact conditions present when issues occur and providing the temporal context necessary for effective root cause analysis.
Prisma Access Agent collects a wide range of data points for endpoint insights, including:
  • Endpoint data (OS version, applications, drivers)
  • Agent deployment and performance details
  • Troubleshooting logs
Data Storage and Retention
Diagnostic data storage and retention policies are fully configurable, enabling you to balance troubleshooting needs with compliance requirements and storage costs. Prisma Access Agent collects the diagnostic data, stores it securely, and retains it for 45 days by default. You can set the retention period between 7-730 days (2 years), depending on your organizational policies
You can access the data through the Inventory page, enabling you to view and download the diagnostics for analysis.