Prisma™ Cloud Administrator's Guide
    : Command Center Dashboard
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Prisma Cloud Dashboards
    6. Command Center Dashboard
    Download PDF

    Prisma™ Cloud Administrator's Guide

    Command Center Dashboard

    Table of Contents

    Command Center Dashboard

    Learn more about quickly assessing the most urgent activity taking place across your cloud environments.
    The Command Center dashboard provides you with a unified view of the top cloud security incidents and risks uncovered across the assets monitored by Prisma™ Cloud. It provides security teams with an at a glance picture of the highest priority incidents and risks that require attention across the following attack vectors:
    • Incidents
    • Attack Paths
    • Misconfigurations
    • Vulnerabilities
    • Exposures
    • Identity Risks
    • Data Risks
    The Command Center dashboard is only available to users with a System Admin role.

    Total Urgent Alerts

    The
    Total Urgent Alerts
     bar provides a tally of alerts grouped by Incidents, Misconfigurations, Exposures, Identity, and Data Risks. The
    Filter
     controls above the Alerts bar allow you to narrow your investigation to a specific
    Time Range
     or
    Account Group
    . You can select multiple account groups at once to view data from multiple account sources. Filter data retrieved is updated across all the alert visualizations on the dashboard. The revert icon on the right above the Total Urgent Alerts bar allows you to revert back to default filter settings.

    Alerts Visualization

    Actionable alert data is further grouped into the following areas by risk type:
    • Incidents
      : Retrieves data for critical and high severity alerts, generated by policies that detect potential security issues from misconfiguration or exposure, across your cloud infrastructure.
    • Attack Paths
      : Provides the total number of critical and high severity alerts, triggered by policies covering issues that when taken together indicate a heightened risk of attack.
    • Misconfigurations
      : Captures data for alerts generated by policies with configuration errors.
    • Vulnerabilities
      : Provides insight into potentially compromised assets in your cloud environment, capturing the top five assets with vulnerabilities that triggered the most number of Critical and High alerts. Click on any listed image or asset to access the Assets Explorer to investigate further and take remedial action if necessary.
    • Exposures
      : Retrieves data for alerts generated by violations in network policies in addition to the policy subtype config.
    • Identity Risks
      : Lists alerts generated by violations in Identity and Access Management policies. This view is only available by subscription.
    • Data Risks
      : Retrieves data for alerts generated by exceptions in the policy type Data. This view is only enabled by subscription.

    Alerts Actions

    Each alerts visualization allows you to further drill down and view the source of the alert by the policy name or the asset it originated from:
    The Incidents widget above for instance, provides three visualizations of urgent alert activity:
    • Urgent Incidents
      : Provides a donut chart visualization of Critical and High severity Incidents. Select any alert for an in depth look at alerts generated by policies that detect potential security issues from misconfiguration or exposure.
    • Top Incidents by Policy
      : Lists the top five policies that triggered an alert. Select a policy or an alert total for a detailed view of policy coverage incidents. You can also investigate alerts within individual policies.
    • Top Attack Path by Policy
      : Lists top five attack paths by policy, type, severity, and number of alerts. Learn more about responding to alerts generated for a specific attack path.
    • Top Incidents by Asset
      : Lists top five incidents by asset name, number of alerts, service, and account name. Learn more about responding to alerts generated in a specific asset.

    Generate Reports

    You can also share Command Center reports with stakeholders to keep them abreast of the security and compliance status of your cloud assets. Select the
    Generate Report
     button to create and download a report. This generates the
    Top Cloud Risks and Incidents Report
     for that specific time range and selected account group(s).
    The generated report captures the top alerts listed under each widget and also includes an
    Executive Summary
     as shown above, capturing the top urgent incidents across your organizations’ cloud assets.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.