Activity Release Updates
See what’s new in Activity for Prisma Access and
AIOps for NGFW
.Here’s what’s new in Activity, and what
we’re working on to make Activity even better.
What’s Supported
Activity support might vary depending on what product
you’re using, Prisma Access or
AIOps for NGFW
. ➡ Support for Activity Dashboards and ReportsWhat’s New
New Features | |
|---|---|
Log Viewer Subnet Search | In Log Viewer,
You can now use the = or != operators
to match IPv4 and IPv6 addresses and subnets that use CIDR notation.
This allows you to speed up your investigations by quickly narrowing
them down to logs from a section of your network.For
example, this search identifies all logs with the specified IPv4 address
range in the source address field: src_ip.value = "192.168.30.51/24" Similarly, this search identifies all logs that
do not have IPv4 address range in the destination address field: dst_ip.value != “172.10.10.10/24”  |
More Best Practice Checks and Updates to
the Best Practices Dashboard | There’s more best practice checks available
now as part of the Best Practices dashboard.
In addition to security checks (for rules, profiles, and rulebases),
you can now also see where devices are not aligned to best practices
for identity, network, and setup configuration. Go to see the new
checks.  |
Expanded Support for the Best Practices Dashboard
() AIOps for NGFW | If you’re using AIOps for NGFW ,
the Best Practices dashboard
is now supported across all hardware and VM-Series models. Review Support for Activity Dashboards and Reports to see the
Activity features that are available to you. If you’re
using Prisma Access: the Best Practices dashboard continues to be
fully supported for all Prisma Access deployments. |
WildFire Dashboard Beta | The new WildFire dashboard
is available to you now in beta. Preview and explore this dashboard
to see how WildFire is protecting you from net new malware that’s
concealed in files, executables, and email links.  |
DNS Security Dashboard | The new DNS Security dashboard
shows you how your DNS Security subscription is protecting you from
advanced threats and malware that use DNS. Go to to have a look.  |
Search for Network Artifacts Beta | In Activity,
you can now search for a network
artifact — an IP address (IPv4 or IPv6), a domain, a URL,
or a file hash — to interact with data just for that artifact. Search
results give you a full view of the artifact, across all the data gathered
by Palo Alto Networks and third party intelligence sources, including
passive DNS history, WildFire analysis findings, and more. To
get started, go to :  |
Jump to DLP Events | In Log Viewer, logs with DLP file submissions
now feature a link that takes you to a page with further details
about the patterns from the DLP profile that matched the submitted
file. Follow the link to get a more complete picture of your DLP
incidents and help ensure that your data remains secure.  |
Known Issues
Known Reports Issues | |
|---|---|
VRPT-4138 | The Best Practices dashboard for Prisma
Access does not display data for WildFire Setup best practice checks. This
data displays for the AIOps for NGFW Best Practices dashboard, but
is not yet available for the Best Practices dashboard in Prisma
Access. |
VRPT-3855 | The Coverage search results for a file hash
can sometimes show an error instead of displaying the threat protections
that are available for the file. |
VRPT-1830 | In Activity , the number
of users, files, and threats, for an application may not match between Dashboards
and the Log Viewer. |
VRPT-648 | Dashboards can sometimes time out if you are
using a large amount of Cortex Data Lake log storage (for example,
if you have more than 100 Cortex Data Lake licenses, you might be
using a large amount of log storage). |
Recent Fixes
Fixed Reports Issues | |
|---|---|
VRPT-362 | Sometimes, the total number of remote network
sites displayed in the Usage report is different than the total
number of remote network sites displayed on the Prisma Access Overview. |
VRPT-343 | In the PDF version of the Usage report,
the first page summary lists the number of Prisma Access locations
that you’re using; the number shown might not be accurate. |
VRPT-339 | In the Usage report, some widgets display
a trend over time, and the widget x-axis is what indicates the time
over which the data is displayed. Sometimes, the x-axis adjusts
to only show the time for which there was data, instead of the filter
you selected (24 hours, a week, or a month). |
VRPT-246 | In the User Activity Report, the doughnut
chart described as showing total data transfer and sessions across
all URL categories, is actually showing data transfer and sessions
only for the top 10 URL categories. |
VRPT-639 | The overall bandwidth consumption graph in
the Usage Report shows the ingress bandwidth trend instead of overall
bandwidth. |
PAI-457 | In the Usage reports, the widget that shows
data on the Top Prisma Access Locations for Remote Networks might
show only partial or obscured location names. |
APL-13233 | New Prisma Access Cloud Management instances
will show only the Usage report at first. It’ll take up to 8 hours
for the App report and the User Activity to populate after onboarding. |
VRPT-1095 fixed | For managed firewalls running versions earlier
than PAN-OS 10.0.7, the device details don't include the name of
the Panorama that's managing the firewall. Device details includes
this information for firewalls running PAN-OS 10.0.7 and later. |
PAI-500 | For certain widgets or values, the Usage
report does not display the data you’d expect. For example, the
allocated bandwidth for remote networks should display how much
bandwidth you've allocated across Prisma Access locations (regardless
of usage). However, it instead displays the amount of bandwidth
allocated only to Prisma Access locations with active remote network
sites. |
VRPT-90 | For now, you can add up to 14 scheduled
reports. |
