To see your Prisma Access logs, log in to
Prisma Access Cloud Management and select on the left side navigation
Regardless of the management interface you’re using for Prisma Access—Panorama
or cloud management—you can view your logs in Prisma Access Cloud
A log is an automatically generated, time-stamped
file that provides an audit trail for system events or network traffic
events that Prisma Access monitors. Log entries contain artifacts,
which are properties, activities, or behaviors associated with the
logged event, such as the application type or the IP address of
an attacker. Each log type records information for a separate event
type. For example, Prisma Access may generate a Threat log to record
traffic that matches a spyware, vulnerability, or virus signature.
Access Cloud Management provides Network logs (Traffic, Threat,
URL, File, HIP Match) and Common logs (System and Configuration).
can view details for each log entry, and for threat logs, you can
review threat details and see if there are any threat overrides
Select the type of log you want to view.
Prisma Access supports Network logs (Traffic, Threat, URL,
File, HIP Match) and Common logs (System and Configuration).
Filter for logs.
Start by selecting a time range for which you want
to view logs. This starts off your log query.
Provide a query string to narrow down the list of logs.
you do not provide a query string, Explore will retrieve every log
record of the type you specify that was created during the time
range that you provide — up to 65,536 records.
Click into an individual cell to add the field and value
to the query.
View log entry details.
Click the details
to learn more about a log entry.
Review threat details and overrides.
See threat details and also check if there are any overrides
configured for a threat. A threat override is where you’re using
a different action to enforce a threat than the default action.