Full Tier Metrics
Table of Contents
Expand all | Collapse all
-
- Chassis Inventory
- Configuration Log Contents
- Content Update Counters
- CPU Load Sampling by Firewall Function
- CPU Utilization Statistics
- Crash and Trace Files
- Current Users per GlobalProtect Gateway
- Data-Management Plane Health Heartbeat
- Dataplane Link Utilization
- Device Connection Status
- Device Logging Health
- Device Time-Series Data
- DOS Block Table
- EDL Capacities
- Fan Speed Measurements
- Forwarding Information Base (FIB) Routing Health
- Front LED State
- Global Counters
- GlobalProtect Client Versions
- GlobalProtect Failure Connections
- GlobalProtect Gateway Connection Details
- GlobalProtect Gateway Connection Performance
- GlobalProtect Gateway Connection Protocols
- GlobalProtect Gateway Failure Details
- GlobalProtect Gateway Statistics
- GlobalProtect Gateway Tunnel Rates
- GlobalProtect Operating System Types
- GlobalProtect Portal Connection Failure
- GlobalProtect Portal Connection Success
- GlobalProtect Quarantined Devices
- GlobalProtect Successful Connections
- HA Health Errors
- Hardware Alarms
- Hardware and Software Pools
- Hardware Buffer Statistics
- Hardware Ports
- Hardware System Logs
- High Availability
- High Availability Backup Interfaces
- High Availability Interface 1
- High Availability Interface 2
- Ingress Backlogs
- IP Address to User Mapping Count
- Log Forwarding Data Transfer Speed
- Log Forwarding Generation Rate
- Log Receiver Statistics
- LogDB Quotas
- Logging Rate
- Logging Statistics
- Logging Status
- Managed Devices
- Management and Data Plane Logs
- Management to Data Plane Counters
- Maximum Concurrent GlobalProtect Gateway Tunnels
- Maximum Concurrent GlobalProtect Gateway Users
- Memory Pool Utilization Count
- NAT Pool Utilization
- netstat
- NSX Update Rate
- Octeon Chip Health
- Operational Command History
- Packet Buffer Protection
- Packet Scheduling Engine Performance
- PAN-DNS Cache Usage
- PAN-DNS End-to-End Response Time
- PAN-DNS Lookup Timeout
- PAN-OS Counters
- PAN-OS REST API Error Response
- PAN-OS REST API Performance Metrics
- PAN-OS XML API Error Response
- PAN-OS XML API Performance Metrics
- Panorama HA Health
- Panorama Log Reception Rate
- Panorama Logging Infra Health
- Power Supply Measurements
- QUMRAN Chip Health
- Registered IP Addresses
- Routing Resource
- Security Policy Usage and Hit Count
- Session Distribution
- Session Information
- Session Table Usage
- SMART Disk Information
- Software Buffer Statistics
- Software Log
- Software Update History
- SSL Decyrption Memory
- System Alarm History
- System Disk Utilization
- System Jobs
- System RAID
- System Resource Usage
- System State
- Temperature Measurements
- Traffic Blocked as Command and Control
- Traffic Blocked as Malware
- Traffic Blocked as Phishing
- URL Cache Statistics
- User-ID Agent State
- WildFire Statistics and Status
-
- ACC and Monitor Query History
- Anti-Spyware in Security Policies
- Antivirus in Security Policies
- Any App in Security Policies
- App-ID Adoption in Security Policies
- Application Blacklisting
- Application Override Policies
- Asymmetric Network Traffic
- Authentication Policy Usage
- Bidrectional Forwarding Detection Configuration
- Cisco ACI Plugin Configuration
- Credential Phishing in Security Policies
- Credential Phishing Protection Configuration
- Credential Phishing Protection Detection Method
- Custom Reports using Detailed Logs Databases
- Custom Vulnerability and Spyware Signatures
- DAG Security Policies
- Data Filtering in Security Policies
- Data Filtering Profiles
- Data Filtering Profiles by Data Pattern Type
- Decryption SSH Proxy Configuration
- Destination NAT Session Policies
- Device Geographic Location
- Device Group and Template Stack Usage
- Device Model Number
- Device Power On Hours
- DNS Proxy Adoption
- DNS Sinkhole Protection in Security Policies
- DoS Protection Adoption
- DoS Protection Threshold Frequency
- DSRI Enabled Security Policies
- Dynamic DNS Adoption
- ECMP Load Balancing
- EDL Configuration and Capacity
- File Blocking in Security Policies
- Firewall Resource Protection Adoption
- GlobalProtect Adoption
- GlobalProtect Clientless VPN Adoption
- GlobalProtect IPv6 Usage
- GlobalProtect Mobil App Adoption
- GlobalProtect on Linux Endpoints
- GlobalProtect Split Tunneling Adoption
- HA Heartbeat Backup
- HA Passive Link State
- HA1 and HA2 Backups
- High Risk URL Filtering Logs
- HIP Based Features
- HIP Based Policies
- IPSec Tunnel Monitoring
- Known User Security Policy Matching
- Large Scale VPN Configuration
- License Entitlements
- Link and Path Monitoring
- Log Collector Group Architecture
- Log Collector Redundancy Adoption
- Log Creation Policies
- Log Forwarding Adoption in Security Policies
- Log Forwarding Auto Tag
- Log Forwarding Profiles in Security Rules
- Log Forwarding Settings
- Log Quotas
- Log Retention Policy
- Logging Enablement in Security Policies
- Managed Devices Licenses
- Miscellaneous Object Usage Statistics
- Most Recent Threat Exceptions for all Threat Signatures
- NAT Configuration
- NetFlow Adoption
- NSX Automated Security Actions
- NSX Multi-Tenancy Configuration
- Number of Custom Reports
- PAN-OS REST API Usage
- PAN-OS XML API Usage
- Panorama Mode
- Panorama Plugins
- QoS Configuration
- Region Based Security Policies
- Route Table Size
- Routing Peers
- Rule Tagging
- Security Policies with File Blocking
- Service Ports and App IDs in Security Policies
- Severity Based Log Forwarding
- SNMP Version
- SSL Decrypt Configuration
- Support Licenses Installed
- Threat Exceptions by Threat ID
- Threat Prevention Policy
- Threatening SaaS Traffic
- Timezone and Timestamp
- Unused Predefined Reports
- URL Category Settings
- URL Filtering in Security Policies
- User Activity Report
- User-ID Adoption in Security Policies
- User-ID Mapping Sources
- User-ID to Include or Exclude User Mappings
- VM Monitoring
- VM Plugin Usage Statistics
- VMware NSX Plugin Configuration
- Vulnerability Protection in Security Policies
- WildFire Global Cloud Configuration
- WildFire in Security Policies
- WildFire Virus Threat Logs
- XML Configuration Size
- Zone Protection Adoption
-
- Attackers
- Attacking Countries
- Content and Threat Detection State
- Correlated Events
- Correlated Events Details
- Credential Theft
- Current Application ID Version
- Data Plane Statistics
- Decryption Usage
- DNS-Related Threat Logs
- Dynamic DNS
- File Identification
- Malware Sites
- Management Plane Statistics
- Non-Standard Port Usage
- PAN-DNS Threat Logs
- Parked Domains
- Phishing Sites
- Previous Application ID Version
- Proxy Avoidance and Anonymizers
- Questionable Sites
- Sanctioned Tag SaaS Usage
- System Information
- System Log
- Threat Inspection of Mobile Devices
- Threats Permitted
- Top Application Usage
- Top Threat IDs
- Uninspected Network Traffic
- Unknown Applications by Destination Address
- Unknown Applications by Destination Ports
- Unknown Sites
- Unknown TCP or UDP Traffic
Full Tier Metrics
Metrics in the full telemetry tier
The full telemetry tier encompasses all telemetry metrics, including diagnostic metrics.
This tier expands upon the diagnostic tier by providing specialized, granular, and
feature-rich capabilities. Here are the relevant full tier metrics.
- Application Blacklist
- SaaS Usage Report-Sanctioned
- percentage of all policies that are used with its hit count
- HIP Based Policies
- HIP based feature
- User ID-Known User
- Region based policy
- Rule Tagging
- App Override
- Data Filtering Usage
- Data Filtering-Type
- Authentication policy
- Decryption SSH Proxy
- Object Usage-Various
- Device Group/ Template Stack-Usage
- XML Configuration Size
- Severity based Log forwarding
- User Activity Report
- Custom Reports with Detail log DB
- User-ID Include/Exclude
- Credential Phishing protection(CPP)
- Credential Phishing protection(CPP)-Type
- Mobile devices-Threat inspection
- Crash and Traces
- Logging Rate
- Global Counters
- Service Port Adoption on APP ID based rules
- DSRI enabled rules percentage
- Wildfire Adoption percentage
- Anti-Spyware Adoption percentage
- Antivirus Adoption percentage
- Vulnerability Protection percentage
- File Blocking Adoption percentage
- Data Filtering Adoption percentage
- URL filtering Adoption percentage
- Credential Theft Adoption percentage
- DNS Sinkhole Adoption percentage
- User ID Adoption percentage
- App ID Adoption percentage
- Logging Adoption percentage
- Log Forwarding Adoption percentage
- percentage of traffic that is one way or asymmetric
- Non-standard ports.
- percentage of inspection bypass traffic
- percentage of SaaS applications that has malware
- Monitor Logs
- Check for Security Policies where ANY is used
- URL Malware blocks
- URL C2 blocks
- URL Phishing Blocks
- URL Category Setting
- TP: All Threat Prevention Exceptions by Threat ID
- TP: Newly Added exceptions for Threat Prevention
- TP: Threat Prevention Policy
- Raven, and DNS Signature threat logs
- TP: Custom Vulnerability and Spyware
- File Blocking: File Blocking in Policy
- EDL: List Configurations and capacity
- PAN-DNS Cache Utilization
- PAN-DNS Cloud DNS Lookup Timeout
- PAN-DNS related logs
- PAN-DNS Device response time when querying cloud
- NetFlow adoption
- SNMP version
- REST API usage metrics
- XML API usage metrics
- REST API error metrics
- XML API error metrics
- REST API performance metrics
- XML API performance metrics
- Log Fowarding attachment to rules and which server profiles are used
- Log Settings-forwarding and which server profiles are used
- Log Forwarding/Settings-Auto-Tag adoption
- Log Forwarding to Panorama/Logging Service
- Log ingestion rates for Panoramas
- Log creating metrics
- Log Retention metrics
- Log Quota metric
- Redundancy settings-Collector
- Collector group architecture
- Pre-defined reports
- Custom Reports
- Query history in ACC and Monitor
- URL Filtering Additions
- Wildfire Detections
- WildFire enabled
- Zone Protection Adoption
- Firewall Resource Protection Adoption
- DoS Protection Activated Limits
- DoS Protection Adoption
- HA passive link state
- Link and Path Monitoring
- HA Heartbeat backup
- HA1, HA2 backup
- IPSec Tunnel Monitoring
- LSVPN
- BFD usage and timers
- Routing Peers
- Route Table
- ECMP Session Distribution
- QoS
- NAT
- Dynamic DNAT
- DNS Proxy Adoption
- DDNS Adoption
- VM monitoring/information sources
- DAG usage/security policy usage and rate of change
- Panorama Plugins and Usage
- NSX Plugin Feature Configuration and Usage
- ACI Plugin Feature Configuration and Usage (When available after Jan'19)
- NSX Multi-Tenancy
- NSX Automated Security Actions
- XAUI (or platform DP link) link utilization
- QUMRAN chip (debug dataplane internal pdt bcm counters ship)
- Octeon chip (debug dataplane internal pdt bcm counters ship)
- SMART stats
- URL cache stats
- MP to DP counters
- FIB DP and MP
- Global Counters
- Packet buffer protection
- DOS block
- Registered IP Objects
- Routing resource
- NSX Dynamic Address Update
- Chassis inventory
- Content update counters
- Panorama Logging Status
- Op Command history
- Running logging
- High Availability
- GP gateway statistics
- Logdb quota
- SW log
- show rule-hit-count vsys vsys-name <name> security rules all
- Ssl-decrypt memory
- GlobalProtect Adoption percentage
- Clientless VPN Adoption percentage
- GlobalProtect Mobile App Adoption percentage
- IPv6 for External Gateways Adoption percentage
- GlobalProtect App for Linux Adoption percentage
- Split-tunneling (Network, Domain, App, Video) Adoption percentage
- GlobalProtect connection success percentage
- GlobalProtect Connection failure percentage-categorized by failure reason
- GlobalProtect peak tunnel setup rate percentage
- GlobalProtect total number current users per gateway
- GlobalProtect endpoint OS aggregates
- GlobalProtect maximum concurrent users on a gateway
- GlobalProtect maximum concurrent tunnels on a gateway
- GlobalProtect Portal Connection success percentage
- GlobalProtect Portal Connection failure percentage-categorized by failure reason
- GlobalProtect connection protocol aggregate / per Gateway
- GlobalProtect client version aggregates
- GlobalProtect total number of quarantine devices
- GlobalProtect gateway connection details
- GlobalProtect connection failure details
- GlobalProtect connection performance details
- Location of devices
- Software Update History
- System Alarm history
- System Health-heartbeat to DP-MP
- HA interface-1 stats
- HA interface-2 stats
- License Entitlements
- top-application-usage
- unknown-applications-by-destination-ports
- unknown-applications-by-destination-addresses
- content_telemetry
- file_identification
- attackers
- attacking-countries
- top-threatid
- parked_domains-categories-by-url
- dynamic_dns-categories-by-url
- proxy_avoidance-categories-by-url
- unknown-categories-by-url
- questionable-categories-by-url
- phishing-categories-by-url
- malware-categories-by-url
- urlstat
- old_pan_appversion
- system.log
- cur_pan_appversion
- mp-telemetry.log
- dp-telemetry.log
- Credential theft
- Threats Permitted
- corr-object-events
- corr-detailed-telemetry
- MP and DP Logs
- Log Receiver Stats
- Managed devices licenses
- Log DB quota
- SSL Decrypt setting
- Wildfire Statistics and Status
- System Jobs
- Hardware system logs
- Config Log
- EDL max limits
- Timestamp and Timezone
- VM Plugin usage in Panorama
- HA Health Errors
- Support Licenses Installed