Insights: Activity Insights
Activity Insights gives you an in-depth view of your network activities across Prisma Access and NGFW deployments.
Where Can I Use This? | What Do I Need? |
- Prisma Access (Managed by Panorama or Strata Cloud Manager)
- NGFW, including Cloud NGFWs and those funded
by Software NGFW
Credits
Prisma SD-WAN
|
Each of these licenses include access to Strata Cloud Manager:
The other licenses and prerequisites needed to access certain
Activity Insights views are: - Strata Logging Service
- Cloud-Delivered Security Services (CDSS)
- ADEM Observability
- WAN Clarity Reporting
- A role that has
permission to view the dashboard
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
Activity Insights gives you an in-depth view of your network activities across
Prisma Access and NGFW deployments. This view unifies your network data such as
network traffic, application usage, threats, and user activities in one place. Activity
Insights provides visualization, monitoring, and reporting capabilities to you carry out
your tasks easily. Once you have
identified the areas that need your focus with the
Strata Cloud Manager Command
Center, use the context links to navigate to Activity Insights or
other
dashboards for further analysis.
Activity Insights has advanced filters to help you focus on the security aspects that
matter to your deployment. The
advanced reporting functionality in Activity Insights enables
you to download, share, and schedule reports from the data in the Overview tab. The
report presents data separately for each filter applied in the dashboard. Alternatively,
you can schedule reports for Activity Insights and dashboards from the menu.
What does Activity Insights show you?
Activity Insights shows aggregated data per Strata Logging Service
tenant deployed in Prisma Access and NGFW environments. You can filter the data
for a specific deployment. Activity Insights has different tabs. Each of these tabs
provides an unified view of network data in relation to applications, users,
threats, URLs, and network usage.
Overview -
shows the data for applications, threats, users, URLs, and sessions with the
maximum number of activities involved within the selected time range. Glance
through this view to quickly identify any irregularities within your network
and then delve deeper to examine the activities that require investigation.
Applications-
overview of all the application usage in the network, including data
transfer, application risks and ADEM capabilities to monitor application
experience.
SD-WAN Applications- view
the performance of Prisma SD-WAN applications with details on health score
over a time range, transaction statistics, and bandwidth utilization
metrics.
Threats-
provides a holistic view of all threats that the Palo Alto Networks security
services detected and blocked in your network.
Users- provides deeper
insights into a user’s traffic and activities, including ADEM’s capabilities
to monitor user experience.
URLs- shows the URLs
accessed in your network, how many of them are malicious, users and
applications accessing the URLs, rules allowing the URLs in your network,
and enforcement by your security services.
Rules- gives insights on the
security policy rules permitting the traffic generated by users and
applications, threats detected in the traffic sessions, and URLs impacting
the rule.
Regions- shows
the network traffic details in relation to applications, users, threats, and
URLs.
How can you use the data from the dashboard?
Finding here can help you-
Identify the applications you want to monitor, improve the user
experience of the applications with low scores, and control unsanctioned and
risky applications.
View the most relevant threats to your deployment and get context
on the threats for investigation.
Monitor the user activity to detect and stop potential threats and
protect misuse of sensitive information.