The Log Viewer in Strata Logging Service is now enhanced to improve both query performance and user experience by limiting predefined and custom time ranges to a maximum of 30 consecutive days. While you can still access logs going back up to a year in history, your selected range must not exceed this 30-day limit.

This change streamlines the log viewer for immediate troubleshooting, as our data shows that the 60- and 90-day options are accessed far less frequently. If you previously had one of the longer ranges selected, the system will automatically default to Past 60 minutes on your next visit. For getting logs out of the system for long-term log analysis and compliance purposes, we recommend using the log forwarding feature, which handles large datasets more efficiently.

If you currently use Strata Logging Service licenses with predefined, sized storage, you can now gain greater flexibility in managing long-term data retention and storage limits. Starting from March 2025, Palo Alto Networks is simplifying this process by automatically migrating all existing Strata Logging Service licenses to a new model.

This new license model provides unlimited storage and a guaranteed one year log retention period. The migration preserves your existing entitlements while enabling you to take advantage of these updated capabilities like expanded log retention.

The automatic migration occurs at the Customer Support Portal account level, with different paths based on your current End-Of-Sale (EoS) licensed products. You will receive a notification before and after the migration is complete for your tenants. If you are already using our new Strata Logging Service licensing model, there is no change for you.

Organizations operating in China face strict data residency and compliance requirements for security logs. To support your legal compliance needs and streamline log management, Strata Logging Service hosted in China now enables forwarding firewall logs stored locally to external destinations for long-term storage, monitoring, and analysis. Log forwarding allows you to export logs to an external destination to support your organization’s legal compliance requirements. Configure Strata Logging Service to forward logs to a syslog server, HTTPS server, email server, or a third-party SIEM in multiple formats. You can also set the type of logs you want to forward and apply filters to specify precisely which logs are forwarded to the destination server. During configuration, be aware that sending logs to servers outside China requires acknowledging that personally identifiable information may leave the country.

Strata Logging Service now supports a new license tier that comes with one year of log retention and unlimited storage space for logs. The new license tier simplifies the complexities involved in estimating the sizing requirement for your deployment. The new license tier is applicable only to first time users of Strata Logging Service. The existing users of Strata Logging Service license with sized storage can retain their current license without any impact and can continue to amend, extend, or renew. You can purchase the new license separately as a standalone Strata Logging Service license. If you are managing your Palo Alto Networks products using Strata Cloud Manager, you can opt for the new license tier of Strata Cloud Manager that includes the new Strata Logging Service license.

Previously, managing devices across different management interfaces introduced inconsistency during device onboarding. Now, you can use centralized Device Associations management to streamline this workflow and gain a unified view of all onboarded devices. This feature allows you to quickly add firewall and Panorama® devices to a tenant service group (TSGs) and automatically associate them with Strata Logging Service. The centralized Device Associations management view ensures a more efficient and consistent onboarding experience, regardless of whether you onboard a device from the Strata Logging Service standalone app or from Strata Cloud Manager. This approach provides a consistent experience of onboarding devices across various Palo Alto Networks products.

The Prisma Access Secure Enterprise Browser (Prisma Access Browser) is a browser designed specifically for enterprise use and is fortified with security features to protect users and organizations against cyberthreats like phishing, malware, eavesdropping, and data exfiltration.

The initial release of Prisma Access Browser includes the following:

Prisma AIRS helps you to discover, protect, and defend your enterprise traffic flows against all potential threats by including a focus on addressing AI-specific vulnerabilities such as prompt injection, and denial-of-service (DoS) attacks on AI models. Prisma AIRS combines continuous runtime threat analysis of your AI applications, models, and data sets with AI powered security to stop attackers in their tracks. Prisma AIRS leverages real-time AI-powered security to protect your AI application ecosystem from both AI-specific and conventional network attacks.

Prisma AIRS leverages critical anomaly detection capabilities to protect AI models from manipulation and to ensure the reliability and integrity of AI output data. It rejects prompt injections, malicious responses, training data poisoning, malicious URLs, command and control traffic, embedded unsafe URLs, and lateral threat movement.

Prisma AIRS uses Palo Alto Networks Strata Cloud Manager (SCM) as the primary configuration and management service. To begin with, activate and onboard your cloud service provider account on SCM. The AI Security Profile imports security capabilities from Enterprise DLP and URL Filtering for inline detection of threats in AI application traffic.

Prisma AIRS is powered by four key components:

When handling high volumes of evasive threats or operating under challenging network conditions, relying solely on cloud-based threat analysis can introduce unwanted latency. Local Deep Learning for Advanced Threat Prevention solves this challenge by providing fast, local deep learning-based analysis for zero-day threats, complementing the cloud-based Inline Cloud Analysis component of Advanced Threat Prevention.

With an active Advanced Threat Prevention license, the system quickly analyzes known malicious traffic matching published signatures and applies the configured action, such as dropping the session. For suspicious content, the Deep Learning Analysis detection module reroutes the traffic locally for immediate analysis. Because this module is based on the proven detection engines operating in the Advanced Threat Prevention cloud, you gain the same zero-day and advanced threat detection capabilities, but with the added benefit of processing a much higher traffic volume locally. This allows you to inspect more traffic and receive rapid verdicts without the lag associated with cloud queries. Content updates deliver the latest Local Deep Learning models, ensuring your detection remains current.

You can now manage your Strata Logging Service instance with Strata Cloud Manager. The Strata Logging Service integration in Strata Cloud Manager provides a single, unified interface to manage your log data, enhances operational efficiency and compliance across your entire environment. This centralized management capability allows you to:

This integration ensures that you can efficiently monitor your log status and manage data forwarding without switching between applications.

Organizations operating in China face strict data residency and compliance requirements for security logs. To support your legal compliance needs and streamline log management, Strata Logging Service hosted in China now enables forwarding firewall logs stored locally to external destinations for long-term storage, monitoring, and analysis. Log forwarding allows you to export logs to an external destination to support your organization’s legal compliance requirements. Configure Strata Logging Service to forward logs to a syslog server, HTTPS server, email server, or a third-party SIEM in multiple formats. You can also set the type of logs you want to forward and apply filters to specify precisely which logs are forwarded to the destination server. During configuration, be aware that sending logs to servers outside China requires acknowledging that personally identifiable information may leave the country.

You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service. If you integrate a third-party application to ingest your log data, ensure the third-party application supports the same geographical region as your Strata Logging Service instance. This regional alignment is crucial to prevent interruption of service and guarantee successful access to your data. Here is the list of new regions supported for Strata Logging Service and their corresponding release dates:

• Saudi Arabia (March 2024)
• Korea (November 2023)
• Israel (November 2023)
• Indonesia (November 2023)
• United States Government (High) (November 2023)
• Poland (July 2023)

To simplify your logging experience, some log field names have changed. These changes will affect how field names appear and how they are forwarded. To ensure a smooth transition for your log forwarding profiles, support for the old names will continue for the near future. Fields will be forwarded with both the new names and old names, so you can choose whether to leverage the new names or continue with your current configurations. Therefore, no action is required to maintain log forwarding functionality.

To maximize the efficiency of your log analysis and ensure comprehensive visibility across all regions, Explore/ Log Viewer now provide advanced query management and performance capabilities. Slow or complex queries no longer consume unnecessary time or system resources. You can now abort long-running queries, giving you direct control over execution time and minimizing resource consumption. Furthermore, the query response time is improved, enabling rapid exploration of vast log data sets. This feature also provides critical access to view logs from Strata Logging Service hosted in the China region, ensuring full regulatory and operational coverage for your global deployments. These capabilities together accelerate your ability to analyze data and respond to threats efficiently.

Log replay profiles allow you to forward past-dated logs (up to the past 3 days) from Strata Logging Service to syslog, HTTPS, or email servers. This option is used to retrieve old logs in case of connection failures or outages at the destination server.

To create the log replay profile:

Once created, the log replay profile can't be modified. Also, any changes made to the existing log forwarding profile used to create the replay profile don't impact the replay profile. The devices generating logs, such as NGFWs and Prisma Access, must be forwarding logs to Strata Logging Service.

You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service. If you integrate a third-party application to ingest your log data, ensure the third-party application supports the same geographical region as your Strata Logging Service instance. This regional alignment is crucial to prevent interruption of service and guarantee successful access to your data. Here is the list of new regions supported for Strata Logging Service and their corresponding release dates:

• Saudi Arabia (March 2024)
• Korea (November 2023)
• Israel (November 2023)
• Indonesia (November 2023)
• United States Government (High) (November 2023)
• Poland (July 2023)

Browser and web-based attacks are continuously evolving, resulting in security challenges for many enterprises. Web browsers, being a major entry point for malware to penetrate networks, pose a significant security risk to enterprises, prompting the increasing need to protect networks and devices from zero day attacks. Highly regulated industries, such as government and financial institutions, also require browser traffic isolation as a mandatory compliance requirement.

While most enterprises want to block 100% of attacks by using network security and endpoint security methods, such a goal might not be realistic. Most attacks start with the compromise of an endpoint that connects to malicious or compromised sites or by opening malicious content from those sites. An attacker only needs one miss to take over an endpoint and compromise the network. When this happens, the consequences of that compromise and the impact to your organization can be damaging.

Remote Browser Isolation (RBI) creates a safe isolation environment for your users' local browsers, preventing website code and files from executing on their local browser. Unlike other isolation solutions, RBI uses next-generation isolation technologies to deliver near-native experiences for users accessing websites without compromising on security.

RBI is a service that transfers all browsing activity away from your users' managed devices and corporate networks to an outside entity, such as Prisma® Access, which securely isolates potentially malicious code and content within its platform. Natively integrated with Prisma Access, RBI allows you to apply isolation profiles easily to existing security policies. Isolation profiles can restrict many user controls such as copy and paste actions, keyboard inputs, and sharing options like file uploading, downloading, and printing files to keep sensitive data and information secure. All traffic in isolation undergoes analysis and threat prevention provided by Cloud-Delivered Security Services (CDSS), ensuring robust security before content reaches the user.

Searching and analyzing large volumes of relevant logs can be time-consuming. To help you quickly investigate security events and streamline log analysis, 's Log Viewer now includes advanced filtering and viewing capabilities.

These enhancements simplify query construction and ensure you can search and view relevant logs easily. The query builder provides autosuggestions most relevant to your search string and suggests all supported values for fields to refine your query precisely. You can search field names using substrings (for example, search with the string ‘user’ returns suggestions such as source_user and destination_user). Additionally, you can create a query using both the display name shown in the log table and the actual field name in the log record.