The Threat Insights dashboard provides a holistic view of all threats that the Palo Alto Networks security services detected in your network.
The Threat Insights dashboard provides a holistic view of all threats that the Palo Alto Networks security services detected and blocked in your network. The dashboard shows threats across the security subscriptions you are using; DNS Security, WildFire, URL Filtering, and Threat Prevention. You can examine threat trends, filter threats by threat categories, security services that allowed or blocked threats, and actions taken on threats. You can also view the impacted applications, users, and security policy rules that are allowing or blocking threats.
You can access the Threat Insights dashboard in Prisma Access and
AIOps for NGFWPremium. Go to
to get started.
Activity > Threat Insights
Here are some examples of the data this dashboard provides.
Threat Insights - 360 View
View the threat activity and get insight across various types of threats in your network. The default view is the
360 Viewof all threats detected in your network.
Threat Insights - Protection Summary
Protection Summaryview provides a breakdown of various types of threats that these security subscriptions detected: Advanced Threat Prevention, WildFire, URL Filtering, DNS Security, and Enterprise DLP.
View Threat Trends
Examine the spikes in threat activity and the context for those spikes. Click
Go to All Threatsto view all the threats detected in your network. Narrow down threats based on the threat categories, action taken, and the time range.
The computation of total, allowed, and blocked threats are as follows:
Top 10 Threats
View the threats that are most frequently seen in your network. Click the threat name to view the allowed and blocked threat activity and the security services that enforced the action on threats. If a threat is a security artifact such as a file hash, a URL, a domain, or an IP address (IPv4 or IPv6), you can search on the threat to know the Palo Alto Networks threat intelligence analysis and the third party analysis findings.
Most Impacted Applications
View the applications that are most impacted by the threats.
Most Impacted Users
View the users most impacted by the threats. You can view the user’s network sessions in which threats were detected and further review the user activity in the User Activity dashboard.
Most Impacted Rules
Identify the security policy rules that enforced the blocked and allowed threats. Review the most matched security rules to see how you can address the security gaps.
View Protection Summary
Look into the threats that each of your Palo Alto Networks security subscriptions detected in your network. Drill down into specific subscription views in the dashboard to get more details.
Currently, you can only share, download, and schedule report for the Protection Summary data of the Threat Insights dashboard.
Recommended For You
Recommended videos not found.