Focus
Strata Cloud Manager

Activity Insights: Domains

Table of Contents

Activity Insights: Domains

View the Domain and URL activity in your network.
Where Can I Use This?What Do I Need?
  • Prisma Access
    (with Strata Cloud Manager or Panorama configuration management)
  • NGFWs
    (with Strata Cloud Manager or Panorama configuration management)
You must have at least one of these licenses to use the Activity Insights:The other licenses needed to view the Activity Insights: Domains tab are:
  • Strata Logging Service
  • Advanced URL Filtering license
  • Advanced DNS Security or Advanced DNS Resolver license
The Domains page consolidates information to provide a unified view of domain activity. This view summarizes the domain and URL activity in your Prisma Access, NGFW, and standalone resolver deployments that the Advanced URL Filtering, Advanced DNS Security, and Advanced DNS Security Resolver services have detected. You can get visibility into the total number of domains detected in your network during the specified time period, the breakdown of these domains by category and risk level, and use the filtering options to filter the view in the dashboard.
Domain activity presented in Activity Insights can take up to 30 minutes to populate after logs are forwarded to the Strata Logging service.
Use the data to:
  • Identify the most accessed domain categories, unique domains within each category, and domain history in your network along with global analysis findings. Based on the malicious domains filtered by the URL Filtering and DNS Security services, these domain categories are likely to expose your network to malicious and exploitative content. It's a best practice to block these domains and URL categories.
  • Review the high-risk domains, their impact on users, applications, and rules. High-risk domains are not always malicious; however, they might still expose your network to threats. Consider targeting these sites with strict decryption and Security policy rules.
  • Analyze domain information from both URL Filtering and DNS Security, providing a comprehensive view of domain activity across your network.
  • Examine malicious domains detected by both services to enhance your threat prevention strategies.
  • (Advanced DNS Security Resolver) You can constrain the scope of the search to display domains that have been processed by the Advanced DNS Security Resolver.
Reports—You cannot generate reports that cover the data in this view.