The ACC includes the following predefined tabs for viewing network activity, threat activity, and blocked activity.
Displays an overview of traffic and user activity on your network including:
Top applications in use
Top users who generate traffic (with a drill down into the bytes, content, threats or URLs accessed by the user)
Most used security rules against which traffic matches occur
In addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.
Displays an overview of the threats on the network, focusing on the top threats: vulnerabilities, spyware, viruses, hosts visiting malicious domains or URLs, top WildFire submissions by file type and application, and applications that use non-standard ports. The Compromised Hosts widget in this tab (the widget is supported on some platforms only), supplements detection with better visualization techniques; it uses the information from the correlated events tab (
Automated Correlation Engine > Correlated Events) to present an aggregated view of compromised hosts on your network by source users/IP addresses and sorted by severity.
Focuses on traffic that was prevented from coming into the network. The widgets in this tab allow you to view activity denied by application name, username, threat name, blocked content—files and data that were blocked by a file blocking profile. It also lists the top security rules that were matched on to block threats, content, and URLs.
You can also
Interact with the ACC to create customized tabs with custom layout and widgets that meet your network monitoring needs.