Starting from March 2025, all the existing Strata Logging Service licenses with sized storage will migrate to the new license model that includes unlimited storage and one year log retention period. The migration preserves your existing entitlements while enabling you to take advantage of updated capabilities like expanded log retention.

Strata Logging Service supports log forwarding from your Strata Logging Service instances in China to external AWS S3 storage. In addition, you can forward logs from the Strata Logging Service instance in China to AWS S3 hosted in Singapore.

For China deployments, Strata Logging Service offers a tailored solution to address the unique requirements of operating within the country. To enable log forwarding from Strata Logging Service China deployments, you must contact Palo Alto Networks. They will actively assist you in enabling this feature for your specific deployment. When configuring log forwarding for China deployments, you have the choice of using either IAM Role or Access Key authentication mechanisms for S3 buckets within the China region. However, for forwarding logs to S3 buckets in Singapore, Strata Logging Service supports only Access Key authentication. When setting up log forwarding profiles, you should acknowledge the notice that sending logs to servers outside China may result in personally identifiable information leaving the country. This step ensures compliance with relevant data privacy regulations and helps you make informed decisions about your log management strategy.

Strata Logging Service now supports a new license tier that comes with one year of log retention and unlimited storage space for logs. The new license tier simplifies the complexities involved in estimating the sizing requirement for your deployment. The new license tier is applicable only to first time users of Strata Logging Service. The existing users of Strata Logging Service license with sized storage can retain their current license without any impact and can continue to amend, extend, or renew. You can purchase the new license separately as a standalone Strata Logging Service license. If you are managing your Palo Alto Networks products using Strata Cloud Manager, you can opt for the new license tier of Strata Cloud Manager that includes the new Strata Logging Service license.

You can now use centralized Device Associations management to add firewall and Panorama devices to a tenant service group (TSGs) and associate them with Strata Logging Service. The Device Associations provides a centralized management view of devices associated with your application. This centralized approach ensures a more efficient and consistent onboarding experience regardless of the whether you onboard device from Strata Logging Service standalone app or from Strata Cloud Manager.

The Prisma Access Secure Enterprise Browser (Prisma Access Browser) is a browser designed specifically for enterprise use and is fortified with security features to protect users and organizations against cyberthreats like phishing, malware, eavesdropping, and data exfiltration.

The initial release of Prisma Access Browser includes the following:

Prisma AIRS helps you to discover, protect, and defend your enterprise traffic flows against all potential threats by including a focus on addressing AI-specific vulnerabilities such as prompt injection, and denial-of-service (DoS) attacks on AI models. Prisma AIRS combines continuous runtime threat analysis of your AI applications, models, and data sets with AI powered security to stop attackers in their tracks. Prisma AIRS leverages real-time AI-powered security to protect your AI application ecosystem from both AI-specific and conventional network attacks.

Prisma AIRS leverages critical anomaly detection capabilities to protect AI models from manipulation and to ensure the reliability and integrity of AI output data. It rejects prompt injections, malicious responses, training data poisoning, malicious URLs, command and control traffic, embedded unsafe URLs, and lateral threat movement.

Prisma AIRS uses Palo Alto Networks Strata Cloud Manager (SCM) as the primary configuration and management service. To begin with, activate and onboard your cloud service provider account on SCM. The AI Security Profile imports security capabilities from Enterprise DLP and URL Filtering for inline detection of threats in AI application traffic.

Prisma AIRS is powered by four key components:

Advanced Threat Prevention now supports Local Deep Learning, which provides a mechanism to perform fast, local deep learning-based analysis of zero-day and other evasive threats, as a complementary feature to the cloud-based Inline Cloud Analysis component of Advanced Threat Prevention. With an Advanced Threat Prevention license, known malicious traffic that matches against Palo Alto Networks published signature set are dropped (or have another user-defined action applied to them); however, certain traffic that matches the criteria for suspicious content are rerouted for analysis using the Deep Leaning Analysis detection module. If further analysis is necessary, the traffic is sent to the Advanced Threat Prevention cloud for additional analysis, as well as the requisite false-positive and false-negative checks. The Deep Learning detection module is based on the proven detection modules operating in the Advanced Threat Prevention cloud, and as such, have the same zero-day and advanced threat detection capabilities. However, they also have the added advantage of processing a much higher volume of traffic, without the lag associated with cloud queries. This enables you to inspect more traffic and receive verdicts in a shorter span of time. This is especially beneficial when faced with challenging network conditions.

Updates to Local Deep Learning models are delivered through content updates. Local Deep Learning is enabled and configured using the Anti-Spyware profile and requires an active Advanced Threat Prevention license.

You can now manage your Strata Logging Service instance with Strata Cloud Manager. After you have activated and deployed Strata Logging Service, log in to Strata Cloud Manager on hub and select SettingsStrata Logging Service to manage your Strata Logging Service instance. Additionally, you can also continue to use the Strata Logging Service standalone app available on the hub to manage your instances. The logging data is the same in both Strata Logging Service app and Strata Cloud Manager, except for their web interface differences.

Use Strata Logging Service to:

• Check the status of a Strata Logging Service instance
• View and onboard firewalls, Cloud NGFW, Prisma Access, or Panorama appliances
• View the allocated log storage quota, the available storage space, and the number of days the logs are retained based on your incoming log rate
• Configure log storage quota
• Search, filter, and export log data
• Forward log data to external servers for long-term storage, SOC, or internal audit

You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. You must also allow specific FQDNs or IP address range and TCP ports for each region to send logs to and forward logs from Strata Logging Service. In addition, depending on the platform you are using, you must allow traffic from different sources to connect to Strata Logging Service successfully. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service.

If you want to use a third-party app to ingest your Strata Logging Service log data, ensure that the third-party app is supported in the same region as your Strata Logging Service instance. Otherwise, the third-party app will be unable to access your data. Third-party apps are currently supported in only the following regions:

To simplify your logging experience, some log field names have changed. These changes will affect how field names appear and how they are forwarded. To ensure a smooth transition for your log forwarding profiles, we will continue to support the old names for the near future. Fields will be forwarded with both the new names and old names, so you can choose whether to leverage the new names or continue with your current configurations. Therefore, no action is required to maintain log forwarding functionality.

You can now forward past-dated logs (up to the past 3 days from the current date) from Strata Logging Service to your preferred syslog, HTTPS, or email servers with log replay profiles. You can use this option to retrieve old logs in case of connection failures or outages at the destination server. To create the log replay profile, you clone the parameters from your preferred existing log forwarding profile and provide the date range for which you want to forward the logs.

You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. You must also allow specific FQDNs or IP address range and TCP ports for each region to send logs to and forward logs from Strata Logging Service. In addition, depending on the platform you are using, you must allow traffic from different sources to connect to Strata Logging Service successfully. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service.

If you want to use a third-party app to ingest your Strata Logging Service log data, ensure that the third-party app is supported in the same region as your Strata Logging Service instance. Otherwise, the third-party app will be unable to access your data. Third-party apps are currently supported in only the following regions:

Browser and web-based attacks are continuously evolving, resulting in security challenges for many enterprises. Web browsers, being a major entry point for malware to penetrate networks, pose a significant security risk to enterprises, prompting the increasing need to protect networks and devices from zero day attacks. Highly regulated industries, such as government and financial institutions, also require browser traffic isolation as a mandatory compliance requirement.

While most enterprises want to block 100% of attacks by using network security and endpoint security methods, such a goal might not be realistic. Most attacks start with the compromise of an endpoint that connects to malicious or compromised sites or by opening malicious content from those sites. An attacker only needs one miss to take over an endpoint and compromise the network. When this happens, the consequences of that compromise and the impact to your organization can be damaging.

Remote Browser Isolation (RBI) creates a no-code execution isolation environment for a user's local browser, so that no website code and files are executed on their local browser. Unlike other isolation solutions, RBI uses next-generation isolation technologies to deliver near-native experiences for users accessing websites without compromising on security.

RBI is a service that isolates and transfers all browsing activity away from the user's managed devices and corporate networks to an outside entity such as Prisma Access, which secures and isolates potentially malicious code and content within their platform. Natively integrated with Prisma Access, RBI allows you to apply isolation profiles easily to existing security policies. Isolation profiles can restrict many user controls such as copy and paste actions, keyboard inputs, and sharing options like file uploading, downloading, and printing files to keep sensitive data and information secure. All traffic in isolation undergoes analysis and threat prevention provided by Cloud-Delivered Security Services (CDSS) such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, and SaaS Security.

You can now use enhanced filtering and viewing capabilities to search and view relevant logs easily. The enhancements include: