Threat Insights

The Threat Insights dashboard provides a holistic view of all threats that the Palo Alto Networks security services detected in your network.

Check to see what Activity dashboards and reports are supported for your product.

The Threat Insights dashboard provides a holistic view of all threats that the Palo Alto Networks security services detected and blocked in your network. The dashboard shows threats across the security subscriptions you are using; DNS Security, WildFire, URL Filtering, and Threat Prevention. You can examine threat trends, filter threats by threat categories, security services that allowed or blocked threats, and actions taken on threats. You can also view the impacted applications, users, and security policy rules that are allowing or blocking threats.

You can access the Threat Insights dashboard in Prisma Access and AIOps for NGFW Premium. Go to

Activity > Threat Insights

to get started.

Here are some examples of the data this dashboard provides.

Threat Insights - 360 View Go to Activity > Threat Insights	View the threat activity and get insight across various types of threats in your network. The default view is the 360 View of all threats detected in your network.
Threat Insights - Protection Summary Go to Activity > Threat Insights	The Protection Summary view provides a breakdown of various types of threats that these security subscriptions detected: Advanced Threat Prevention, WildFire, URL Filtering, DNS Security, and Enterprise DLP.
View Threat Trends Go to Threat Insights > View Threat Trends	Examine the spikes in threat activity and the context for those spikes. Click Go to All Threats to view all the threats detected in your network. Narrow down threats based on the threat categories, action taken, and the time range. The computation of total, allowed, and blocked threats are as follows: Total Threats count is the total number of threat sessions seen in your deployment for a given period. Allowed Threats count is the total number of threat sessions that were allowed based on your security policy configuration for a given period. Blocked Threats count is the total number of threat sessions that were blocked based on your security policy configuration for a given period.
Top 10 Threats Go to Threat Insights > View Threat Trends	View the threats that are most frequently seen in your network. Click the threat name to view the allowed and blocked threat activity and the security services that enforced the action on threats. If a threat is a security artifact such as a file hash, a URL, a domain, or an IP address (IPv4 or IPv6), you can search on the threat to know the Palo Alto Networks threat intelligence analysis and the third party analysis findings.
Most Impacted Applications Go to Threat Insights > View Threat Trends	View the applications that are most impacted by the threats.
Most Impacted Users Go to Threat Insights > View Threat Trends	View the users most impacted by the threats. You can view the user’s network sessions in which threats were detected and further review the user activity in the User Activity dashboard.
Most Impacted Rules Go to Threat Insights > View Threat Trends	Identify the security policy rules that enforced the blocked and allowed threats. Review the most matched security rules to see how you can address the security gaps.
View Protection Summary Go to Threat Insights > View Protection Summary [last 90 days]	Look into the threats that each of your Palo Alto Networks security subscriptions detected in your network. Drill down into specific subscription views in the dashboard to get more details.