View and Analyze Endpoint Insights

Table of Contents

PACli Commands for Collecting Endpoint Insights

View and Analyze Endpoint Insights

Learn how to access, view, and analyze endpoint insights collected by Prisma Access Agent.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Panorama)	Check the prerequisites for the deployment you're using Minimum required Prisma Access Agent version: 25.4 macOS 14 and later or Windows 10 version 2024 and later desktop devices Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature

Prisma Access Agent provides valuable endpoint insights to help you troubleshoot and optimize your Prisma Access Agent deployment. By regularly reviewing and analyzing the endpoint data, you can proactively identify potential issues, streamline troubleshooting processes, and maintain optimal performance of your Prisma Access Agent deployment.

Here's how you can access and analyze the diagnostic information:

Access diagnostic data.
1. In Strata Cloud Manager, select ConfigurationEndpoint Management.
2. In the Devices table, navigate to the device for which you want to view the diagnostics, and select View Details in the Insights column.
View the details of a specific diagnostic.
1. Select a diagnostic from the list of available diagnostics for the device. Each diagnostic contains a unique ID, an indicator of what triggered the diagnostic, and the timestamp when the diagnostic was captured.
  The following are examples of some possible triggers:
  
  paa_on_demand_by_admin—On-demand diagnostics initiated by the admin
  paa_peridoic—Periodic diagnostics collected once every 24 hours
  
  You can also download the diagnostics bundle (in JSON format) by selecting the check box next to an entry in the table and clicking Download.
2. View the diagnostic information for the device, including Device Details and Agent Details.
3. Scroll to the Additional Troubleshooting Information section to access the device's Forwarding Profile Config.
4. To download the troubleshooting logs to your computer, select Click here to download troubleshooting logs.
  
  The troubleshooting log bundle includes all logs for the device, including the agent logs, OS logs, the routing table, DNS resolver, and the endpoint insights logs.
Analyze the diagnostic information. When analyzing the diagnostic data, focus on the key areas, such as:
- Device Details: For example, check the Prisma Access Agent version installed on the endpoint.
- Agent Details: For example, check if the user is connected to the closest gateway.
- Additional Troubleshooting Information: For example, view the forwarding profile configuration to see how traffic is directed by the forwarding profile rules. Review the troubleshooting logs for more details. Identify any recent changes or updates that might impact performance.
Compare diagnostics to identify trends. Select multiple diagnostics from different time periods and compare the data points across these diagnostics to identify any significant changes.
Download diagnostics for further analysis.
1. Select the diagnostic you want to download.
2. Click Download to save the diagnostic data to your computer.
  
  When you click Download, all the diagnostic data (except the logs) appear in JSON format in a new tab in the web browser. From there you can download the JSON format data to your device by selecting FileSave in the browser.
3. Download the troubleshooting logs separately from the Troubleshooting Logs section (by selecting Click here to download troubleshooting logs).