Obsolete or outdated firewall rules introduce unnecessary security risks that can be exploited by an attacker to execute a successful cyber attack. With rule usage tracking, you can readily identify unused rules, validate additions to the rulebase, and evaluate whether the policy implementation matches your enforcements needs. This capability gives you a way to identify obsolete rules to aid in the transition from port-based rules to App-ID based rules. The statistics for monitoring rule use include a timestamp for the most recent rule match, a timestamp for the first rule match, and a rule hit counter.

Auditors often require snapshots of Panorama and firewall configuration in order to track and validate changes over time or to demonstrate compliance with industry standards. You can now export the configuration table of your rulebases and objects into a PDF or CSV format directly from the web interface, and provide the auditor an easy way to read and manipulate the data for analysis.

Correlate system events with user activity to investigate network and platform behavior and use these correlations to create policies that guard against security risks and patterns you observe on your network. When a network event occurs, you can now overlay system logs on top of available activity logs in the ACC and use the newly added User Activity Report filters to include or exclude specific users, applications, IP addresses, or URL categories. Then, use the results of this reporting engine enhancements to reduce or prevent future risky behavior in your network.

Enable the firewall to collect data that increases network visibility for Palo Alto Networks applications. For example, this increased network visibility enables Palo Alto Networks Magnifier to better categorize and establish a baseline for normal network activity, in order to detect unusual behavior that might indicate an attack. Enhanced Application Logging requires a Logging Service license, and you cannot view enhanced application logs; they are designed to be consumed only by Palo Alto Networks applications and services.