Activity Release Updates

See what’s new in Activity for Prisma Access and
AIOps for NGFW
.
Here’s what’s new in Activity, and what we’re working on to make Activity even better.

What’s Supported

Activity support might vary depending on what product you’re using, Prisma Access or
AIOps for NGFW
. ➡ Support for Activity Dashboards and Reports

What’s New

New Features
Dashboard and Log Viewer Support for Cortex Data Lake Tenants in non-Americas
For Panorama Managed Prisma Access users with Cortex Data Lake hosted in the non-Americas region, you need to provide consent to allow Prisma Access to read and process data from the Cortex Data Lake in the non-Americas region. Review and accept the privacy info on the Dashboard home page to provide your consent and view more dashboards and logs. Only app, instance, and account administrators can see and accept the privacy notice.
Highlights for Policy Action and Severity in Log Viewer
Log Viewer highlights the action taken on the traffic associated with a log record and the threat severity levels of the logs. The highlights help you to easily identify how different sessions are enforced. The actions are highlighted in the following colors:
  • Blue—allow
  • Yellow—continue, override
  • Orange—deny, drop, drop-icmp, reset-client, reset-server, reset-both, block-continue, block-override, block-URL, drop-all, sinkhole
More Best Practice Checks and Updates to Network and Service Setup
AIOps for NGFW
If you’re using
AIOps for NGFW
, there are additional Best Practices checks available for Network and Service Setup configurations.
For Network configuration, you can review the failed checks for policy-based forwarding rules, network profiles, zones, and tunnels.
For Service Setup, in addition to the checks for WildFire and GlobalProtect configurations, you can review the best practice checks for device and deployment settings such as Logging, Log Forwarding, User ID, High Availability, Tags, Dynamic Updates, and General Settings.
Additional Data on Search for File Artifacts
Activity now shows additional contexts including a causality chain visualization, behaviors in specific environments, screenshots from WildFire sample analysis, and sample processes on the search results page for file artifacts.Learn more.
View Network Artifacts Details from Log Viewer
In Log Viewer, logs with network artifacts such as URL, filehash, domain, and IP address have links to the Search results page. Use the link to view more details about the artifact’s history and activity in your network, and know the analysis findings for the artifacts.
Support for DNS Security Log Type in Log Viewer
In Log Viewer, you can explore the logs recorded during the traffic inspection by the DNS Security service.
Request Verdict Change
You can request a change of verdict for a particular file sample submitted to Wildfire from the File Hash search results page in
Activity
.

Known Issues

Known Reports Issues
VRPT-4411
The security administrators cannot view dashboard and Log Viewer in Panorama Managed Prisma Access with Cortex Data Lake hosted in the non-Americas region.
VRPT-4445
The file hash search shows screenshots from WildFire analysis only for samples analyzed from July 2020 and after.
VRPT-4476
The search results for a file hash and URL can sometimes timeout to display the results.
VRPT-4557
The search results for URLs with grayware may sometimes throw an error.
VRPT-3855
The Coverage search results for a file hash can sometimes show an error instead of displaying the threat protections that are available for the file.
VRPT-1830
In
Activity
, the number of users, files, and threats, for an application may not match between Dashboards and the Log Viewer.
VRPT-648
Dashboards can sometimes time out if you are using a large amount of Cortex Data Lake log storage (for example, if you have more than 100 Cortex Data Lake licenses, you might be using a large amount of log storage).
VRPT-4138
The Best Practices dashboard for Prisma Access does not display data for WildFire Setup best practice checks.
This data displays for the AIOps for NGFW Best Practices dashboard, but is not yet available for the Best Practices dashboard in Prisma Access.

Recent Fixes

Fixed Reports Issues
VRPT-362
Sometimes, the total number of remote network sites displayed in the Usage report is different than the total number of remote network sites displayed on the Prisma Access Overview.
VRPT-343
In the PDF version of the Usage report, the first page summary lists the number of Prisma Access locations that you’re using; the number shown might not be accurate.
VRPT-339
In the Usage report, some widgets display a trend over time, and the widget x-axis is what indicates the time over which the data is displayed. Sometimes, the x-axis adjusts to only show the time for which there was data, instead of the filter you selected (24 hours, a week, or a month).
VRPT-246
In the User Activity Report, the doughnut chart described as showing total data transfer and sessions across all URL categories, is actually showing data transfer and sessions only for the top 10 URL categories.
VRPT-639
The overall bandwidth consumption graph in the Usage Report shows the ingress bandwidth trend instead of overall bandwidth.
PAI-457
In the Usage reports, the widget that shows data on the Top Prisma Access Locations for Remote Networks might show only partial or obscured location names.
APL-13233
New Prisma Access Cloud Management instances will show only the Usage report at first. It’ll take up to 8 hours for the App report and the User Activity to populate after onboarding.
VRPT-1095
fixed
For managed firewalls running versions earlier than PAN-OS 10.0.7, the device details don't include the name of the Panorama that's managing the firewall. Device details includes this information for firewalls running PAN-OS 10.0.7 and later.
PAI-500
For certain widgets or values, the Usage report does not display the data you’d expect. For example, the allocated bandwidth for remote networks should display how much bandwidth you've allocated across Prisma Access locations (regardless of usage). However, it instead displays the amount of bandwidth allocated only to Prisma Access locations with active remote network sites.
VRPT-90
For now, you can add up to 14 scheduled reports.

Recommended For You