Metrics Usage
Table of Contents
Expand all | Collapse all
-
- Chassis Inventory
- Configuration Log Contents
- Content Update Counters
- CPU Load Sampling by Firewall Function
- CPU Utilization Statistics
- Crash and Trace Files
- Current Users per GlobalProtect Gateway
- Data-Management Plane Health Heartbeat
- Dataplane Link Utilization
- Device Connection Status
- Device Logging Health
- Device Time-Series Data
- DOS Block Table
- EDL Capacities
- Fan Speed Measurements
- Forwarding Information Base (FIB) Routing Health
- Front LED State
- Global Counters
- GlobalProtect Client Versions
- GlobalProtect Failure Connections
- GlobalProtect Gateway Connection Details
- GlobalProtect Gateway Connection Performance
- GlobalProtect Gateway Connection Protocols
- GlobalProtect Gateway Failure Details
- GlobalProtect Gateway Statistics
- GlobalProtect Gateway Tunnel Rates
- GlobalProtect Operating System Types
- GlobalProtect Portal Connection Failure
- GlobalProtect Portal Connection Success
- GlobalProtect Quarantined Devices
- GlobalProtect Successful Connections
- HA Health Errors
- Hardware Alarms
- Hardware and Software Pools
- Hardware Buffer Statistics
- Hardware Ports
- Hardware System Logs
- High Availability
- High Availability Backup Interfaces
- High Availability Interface 1
- High Availability Interface 2
- Ingress Backlogs
- IP Address to User Mapping Count
- Log Forwarding Data Transfer Speed
- Log Forwarding Generation Rate
- Log Receiver Statistics
- LogDB Quotas
- Logging Rate
- Logging Statistics
- Logging Status
- Managed Devices
- Management and Data Plane Logs
- Management to Data Plane Counters
- Maximum Concurrent GlobalProtect Gateway Tunnels
- Maximum Concurrent GlobalProtect Gateway Users
- Memory Pool Utilization Count
- NAT Pool Utilization
- netstat
- NSX Update Rate
- Octeon Chip Health
- Operational Command History
- Packet Buffer Protection
- Packet Scheduling Engine Performance
- PAN-DNS Cache Usage
- PAN-DNS End-to-End Response Time
- PAN-DNS Lookup Timeout
- PAN-OS Counters
- PAN-OS REST API Error Response
- PAN-OS REST API Performance Metrics
- PAN-OS XML API Error Response
- PAN-OS XML API Performance Metrics
- Panorama HA Health
- Panorama Log Reception Rate
- Panorama Logging Infra Health
- Power Supply Measurements
- QUMRAN Chip Health
- Registered IP Addresses
- Routing Resource
- Security Policy Usage and Hit Count
- Session Distribution
- Session Information
- Session Table Usage
- SMART Disk Information
- Software Buffer Statistics
- Software Log
- Software Update History
- SSL Decyrption Memory
- System Alarm History
- System Disk Utilization
- System Jobs
- System RAID
- System Resource Usage
- System State
- Temperature Measurements
- Traffic Blocked as Command and Control
- Traffic Blocked as Malware
- Traffic Blocked as Phishing
- URL Cache Statistics
- User-ID Agent State
- WildFire Statistics and Status
-
- ACC and Monitor Query History
- Anti-Spyware in Security Policies
- Antivirus in Security Policies
- Any App in Security Policies
- App-ID Adoption in Security Policies
- Application Blacklisting
- Application Override Policies
- Asymmetric Network Traffic
- Authentication Policy Usage
- Bidrectional Forwarding Detection Configuration
- Cisco ACI Plugin Configuration
- Credential Phishing in Security Policies
- Credential Phishing Protection Configuration
- Credential Phishing Protection Detection Method
- Custom Reports using Detailed Logs Databases
- Custom Vulnerability and Spyware Signatures
- DAG Security Policies
- Data Filtering in Security Policies
- Data Filtering Profiles
- Data Filtering Profiles by Data Pattern Type
- Decryption SSH Proxy Configuration
- Destination NAT Session Policies
- Device Geographic Location
- Device Group and Template Stack Usage
- Device Model Number
- Device Power On Hours
- DNS Proxy Adoption
- DNS Sinkhole Protection in Security Policies
- DoS Protection Adoption
- DoS Protection Threshold Frequency
- DSRI Enabled Security Policies
- Dynamic DNS Adoption
- ECMP Load Balancing
- EDL Configuration and Capacity
- File Blocking in Security Policies
- Firewall Resource Protection Adoption
- GlobalProtect Adoption
- GlobalProtect Clientless VPN Adoption
- GlobalProtect IPv6 Usage
- GlobalProtect Mobil App Adoption
- GlobalProtect on Linux Endpoints
- GlobalProtect Split Tunneling Adoption
- HA Heartbeat Backup
- HA Passive Link State
- HA1 and HA2 Backups
- High Risk URL Filtering Logs
- HIP Based Features
- HIP Based Policies
- IPSec Tunnel Monitoring
- Known User Security Policy Matching
- Large Scale VPN Configuration
- License Entitlements
- Link and Path Monitoring
- Log Collector Group Architecture
- Log Collector Redundancy Adoption
- Log Creation Policies
- Log Forwarding Adoption in Security Policies
- Log Forwarding Auto Tag
- Log Forwarding Profiles in Security Rules
- Log Forwarding Settings
- Log Quotas
- Log Retention Policy
- Logging Enablement in Security Policies
- Managed Devices Licenses
- Miscellaneous Object Usage Statistics
- Most Recent Threat Exceptions for all Threat Signatures
- NAT Configuration
- NetFlow Adoption
- NSX Automated Security Actions
- NSX Multi-Tenancy Configuration
- Number of Custom Reports
- PAN-OS REST API Usage
- PAN-OS XML API Usage
- Panorama Mode
- Panorama Plugins
- QoS Configuration
- Region Based Security Policies
- Route Table Size
- Routing Peers
- Rule Tagging
- Security Policies with File Blocking
- Service Ports and App IDs in Security Policies
- Severity Based Log Forwarding
- SNMP Version
- SSL Decrypt Configuration
- Support Licenses Installed
- Threat Exceptions by Threat ID
- Threat Prevention Policy
- Threatening SaaS Traffic
- Timezone and Timestamp
- Unused Predefined Reports
- URL Category Settings
- URL Filtering in Security Policies
- User Activity Report
- User-ID Adoption in Security Policies
- User-ID Mapping Sources
- User-ID to Include or Exclude User Mappings
- User Interface Interaction
- VM Monitoring
- VM Plugin Usage Statistics
- VMware NSX Plugin Configuration
- Vulnerability Protection in Security Policies
- WildFire Global Cloud Configuration
- WildFire in Security Policies
- WildFire Virus Threat Logs
- XML Configuration Size
- Zone Protection Adoption
-
- Attackers
- Attacking Countries
- Content and Threat Detection State
- Correlated Events
- Correlated Events Details
- Credential Theft
- Current Application ID Version
- Data Plane Statistics
- Decryption Usage
- DNS-Related Threat Logs
- Dynamic DNS
- File Identification
- Malware Sites
- Management Plane Statistics
- Non-Standard Port Usage
- PAN-DNS Threat Logs
- Parked Domains
- Phishing Sites
- Previous Application ID Version
- Proxy Avoidance and Anonymizers
- Questionable Sites
- Sanctioned Tag SaaS Usage
- System Information
- System Log
- Threat Inspection of Mobile Devices
- Threats Permitted
- Top Application Usage
- Top Threat IDs
- Uninspected Network Traffic
- Unknown Applications by Destination Address
- Unknown Applications by Destination Ports
- Unknown Sites
- Unknown TCP or UDP Traffic
Metrics Usage
Palo Alto Networks next-generation firewalls collect
telemetry data that is put to different uses.
It is impossible to predict all the different ways a
given metric will be used to solve future problems, but every metric
that device telemetrics collects was selected for use in one or
two specific use cases. In the interest of transparency, each reference
page identifies the main reason or reasons why Palo Alto Networks decided
to collect a given metric.
The primary reasons why Palo Alto Networks initially decided
to collect a metric are:
Use Case | Description |
|---|---|
Application logic | The metric is useful from the perspective
of applications that are helping users manage their devices. Many
of these metrics were identified by evaluating what the Best Practice
Assessment (BPA) tool needs in order to offer its advice. Other
metrics were selected because Palo Alto Networks expects them to
be useful for future apps that have not yet made it to market. |
Product enhancements | The metric contains information that helps
Palo Alto Networks understand how customers are using the device.
This usage information helps the company understand where it might
need to focus product development. It might also help to identify
where customer outreach and education needs reinforcement. |
Support | The metric contains information that is
useful to Palo Alto Networks Technical Support when they are troubleshooting
customer issues. By having access to historical data on the hardware's
and software's behavior, they can more easily spot the source of
issues. This translates into faster response times for customer
support tickets. |
Threat research | Many of the metrics that device telemetrics
collects are legacy metrics. That is, the telemetry feature that
existed prior to PAN-OS 10.0 was already collecting this information.
The primary usage for this information was and is to help Palo Alto
Networks threat researchers identify new network threats so that
production firewalls can be rapidly configured (using content updates
and other dynamic information changes) to respond to new threats. |