Activity Release Updates

See what’s new in Activity for Prisma Access and
AIOps for NGFW
Here’s what’s new in Activity, and what we’re working on to make Activity even better.

What’s Supported

Activity support might vary depending on what product you’re using, Prisma Access or
AIOps for NGFW
. ➡ Support for Activity Dashboards and Reports

What’s New

New Features
Log Viewer Subnet Search
In Log Viewer, You can now use the
operators to match IPv4 and IPv6 addresses and subnets that use CIDR notation. This allows you to speed up your investigations by quickly narrowing them down to logs from a section of your network.
For example, this search identifies all logs with the specified IPv4 address range in the source address field:
src_ip.value = ""
Similarly, this search identifies all logs that do not have IPv4 address range in the destination address field:
dst_ip.value != “”
More Best Practice Checks and Updates to the Best Practices Dashboard
There’s more best practice checks available now as part of the Best Practices dashboard. In addition to security checks (for rules, profiles, and rulebases), you can now also see where devices are not aligned to best practices for identity, network, and setup configuration. Go to
Best Practices
see the new checks.
Expanded Support for the Best Practices Dashboard ()
AIOps for NGFW
If you’re using
AIOps for NGFW
, the Best Practices dashboard is now supported across all hardware and VM-Series models. Review Support for Activity Dashboards and Reports to see the Activity features that are available to you.
If you’re using Prisma Access: the Best Practices dashboard continues to be fully supported for all Prisma Access deployments.
WildFire Dashboard
The new WildFire dashboard is available to you now in beta. Preview and explore this dashboard to see how WildFire is protecting you from net new malware that’s concealed in files, executables, and email links.
Go to
to get started.
DNS Security Dashboard
The new DNS Security dashboard shows you how your DNS Security subscription is protecting you from advanced threats and malware that use DNS. Go to
DNS Security
to have a look.
Search for Network Artifacts
In Activity, you can now search for a network artifact — an IP address (IPv4 or IPv6), a domain, a URL, or a file hash — to interact with data just for that artifact.
Search results give you a full view of the artifact, across all the data gathered by Palo Alto Networks and third party intelligence sources, including passive DNS history, WildFire analysis findings, and more.
To get started, go to
Jump to DLP Events
In Log Viewer, logs with DLP file submissions now feature a link that takes you to a page with further details about the patterns from the DLP profile that matched the submitted file. Follow the link to get a more complete picture of your DLP incidents and help ensure that your data remains secure.

Known Issues

Known Reports Issues
The Best Practices dashboard for Prisma Access does not display data for WildFire Setup best practice checks.
This data displays for the AIOps for NGFW Best Practices dashboard, but is not yet available for the Best Practices dashboard in Prisma Access.
The Coverage search results for a file hash can sometimes show an error instead of displaying the threat protections that are available for the file.
, the number of users, files, and threats, for an application may not match between Dashboards and the Log Viewer.
Dashboards can sometimes time out if you are using a large amount of Cortex Data Lake log storage (for example, if you have more than 100 Cortex Data Lake licenses, you might be using a large amount of log storage).

Recent Fixes

Fixed Reports Issues
Sometimes, the total number of remote network sites displayed in the Usage report is different than the total number of remote network sites displayed on the Prisma Access Overview.
In the PDF version of the Usage report, the first page summary lists the number of Prisma Access locations that you’re using; the number shown might not be accurate.
In the Usage report, some widgets display a trend over time, and the widget x-axis is what indicates the time over which the data is displayed. Sometimes, the x-axis adjusts to only show the time for which there was data, instead of the filter you selected (24 hours, a week, or a month).
In the User Activity Report, the doughnut chart described as showing total data transfer and sessions across all URL categories, is actually showing data transfer and sessions only for the top 10 URL categories.
The overall bandwidth consumption graph in the Usage Report shows the ingress bandwidth trend instead of overall bandwidth.
In the Usage reports, the widget that shows data on the Top Prisma Access Locations for Remote Networks might show only partial or obscured location names.
New Prisma Access Cloud Management instances will show only the Usage report at first. It’ll take up to 8 hours for the App report and the User Activity to populate after onboarding.
For managed firewalls running versions earlier than PAN-OS 10.0.7, the device details don't include the name of the Panorama that's managing the firewall. Device details includes this information for firewalls running PAN-OS 10.0.7 and later.
For certain widgets or values, the Usage report does not display the data you’d expect. For example, the allocated bandwidth for remote networks should display how much bandwidth you've allocated across Prisma Access locations (regardless of usage). However, it instead displays the amount of bandwidth allocated only to Prisma Access locations with active remote network sites.
For now, you can add up to 14 scheduled reports.

Recommended For You