Activity Release Updates
See what’s new in Activity for Prisma Access and
AIOps for NGFW
.Here’s what’s new in Activity, and what
we’re working on to make Activity even better.
What’s Supported
Activity support might vary depending on what product
you’re using, Prisma Access or
AIOps for NGFW
. ➡ Support for Activity Dashboards and ReportsWhat’s New
New Features | |
|---|---|
Dashboard and Log Viewer Support for Cortex Data
Lake Tenants in non-Americas | For Panorama Managed Prisma
Access users with Cortex Data Lake hosted in the non-Americas region,
you need to provide consent to allow Prisma Access to read and process
data from the Cortex Data Lake in the non-Americas region. Review
and accept the privacy info on the Dashboard home page to provide
your consent and view more dashboards and logs. Only app, instance,
and account administrators can see and accept the privacy notice.  |
Highlights for Policy Action and Severity
in Log Viewer | Log Viewer highlights the
action taken on the traffic associated with a log record and the
threat severity levels of the logs. The highlights help you to easily
identify how different sessions are enforced. The actions are highlighted
in the following colors:
 |
More Best Practice
Checks and Updates to Network and Service Setup AIOps for NGFW | If you’re using AIOps for NGFW , there are additional Best Practices checks available
for Network and Service Setup configurations. For Network configuration, you can review
the failed checks for policy-based forwarding rules, network profiles,
zones, and tunnels.  For Service Setup, in addition to the
checks for WildFire and GlobalProtect configurations, you can review
the best practice checks for device and deployment settings such
as Logging, Log Forwarding, User ID, High Availability, Tags, Dynamic
Updates, and General Settings.  |
Additional Data on Search for File Artifacts | Activity now shows additional contexts including
a causality chain visualization, behaviors in specific environments,
screenshots from WildFire sample analysis, and sample processes
on the search results page for file artifacts.Learn more. |
View Network Artifacts Details from Log Viewer | In Log Viewer, logs with
network artifacts such as URL, filehash, domain, and IP address
have links to the Search results page. Use the link to view more details about
the artifact’s history and activity in your network, and know the
analysis findings for the artifacts.  |
Support for DNS Security Log Type in Log Viewer | In Log
Viewer, you can explore the logs recorded during the
traffic inspection by the DNS Security service.  |
Request Verdict Change | You can request a change of verdict for a particular
file sample submitted to Wildfire from the File Hash search results page in Activity . |
Known Issues
Known Reports Issues | |
|---|---|
VRPT-4411 | The security administrators cannot view dashboard
and Log Viewer in Panorama Managed Prisma Access with Cortex Data Lake
hosted in the non-Americas region. |
VRPT-4445 | The file hash search shows screenshots from
WildFire analysis only for samples analyzed from July 2020 and after. |
VRPT-4476 | The search results for a file hash and URL
can sometimes timeout to display the results. |
VRPT-4557 | The search results for URLs with grayware may
sometimes throw an error. |
VRPT-3855 | The Coverage search results for a file hash
can sometimes show an error instead of displaying the threat protections
that are available for the file. |
VRPT-1830 | In Activity , the number
of users, files, and threats, for an application may not match between Dashboards
and the Log Viewer. |
VRPT-648 | Dashboards can sometimes time out if you are
using a large amount of Cortex Data Lake log storage (for example,
if you have more than 100 Cortex Data Lake licenses, you might be
using a large amount of log storage). |
VRPT-4138 | The Best Practices dashboard for Prisma
Access does not display data for WildFire Setup best practice checks. This
data displays for the AIOps for NGFW Best Practices dashboard, but
is not yet available for the Best Practices dashboard in Prisma
Access. |
Recent Fixes
Fixed Reports Issues | |
|---|---|
VRPT-362 | Sometimes, the total number of remote network
sites displayed in the Usage report is different than the total
number of remote network sites displayed on the Prisma Access Overview. |
VRPT-343 | In the PDF version of the Usage report,
the first page summary lists the number of Prisma Access locations
that you’re using; the number shown might not be accurate. |
VRPT-339 | In the Usage report, some widgets display
a trend over time, and the widget x-axis is what indicates the time
over which the data is displayed. Sometimes, the x-axis adjusts
to only show the time for which there was data, instead of the filter
you selected (24 hours, a week, or a month). |
VRPT-246 | In the User Activity Report, the doughnut
chart described as showing total data transfer and sessions across
all URL categories, is actually showing data transfer and sessions
only for the top 10 URL categories. |
VRPT-639 | The overall bandwidth consumption graph in
the Usage Report shows the ingress bandwidth trend instead of overall
bandwidth. |
PAI-457 | In the Usage reports, the widget that shows
data on the Top Prisma Access Locations for Remote Networks might
show only partial or obscured location names. |
APL-13233 | New Prisma Access Cloud Management instances
will show only the Usage report at first. It’ll take up to 8 hours
for the App report and the User Activity to populate after onboarding. |
VRPT-1095 fixed | For managed firewalls running versions earlier
than PAN-OS 10.0.7, the device details don't include the name of
the Panorama that's managing the firewall. Device details includes
this information for firewalls running PAN-OS 10.0.7 and later. |
PAI-500 | For certain widgets or values, the Usage
report does not display the data you’d expect. For example, the
allocated bandwidth for remote networks should display how much
bandwidth you've allocated across Prisma Access locations (regardless
of usage). However, it instead displays the amount of bandwidth
allocated only to Prisma Access locations with active remote network
sites. |
VRPT-90 | For now, you can add up to 14 scheduled
reports. |
