Insights: Activity Insights
Strata Cloud Manager

Insights: Activity Insights

Table of Contents

Insights: Activity Insights

Activity Insights gives you an in-depth view of your network activities across
Prisma Access
and NGFW deployments.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by PAN-OS or Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • Prisma SD-WAN
You must have at least one of these licenses to view the Activity Insights:
  • Prisma Access
  • AIOps for NGFW Free (use the AIOps for NGFW Free app)
    AIOps for NGFW Premium license (use the Strata Cloud Manager app)
  • Prisma SD-WAN
The other licenses needed to access certain Activity Insights views are:
  • Strata Logging Service
  • Cloud-Delivered Security Services (CDSS) subscriptions
  • A role that has permission to view the dashboard
  • ADEM Observability
  • WAN Clarity Reporting
Activity Insights gives you an in-depth view of your network activities across
Prisma Access
and NGFW deployments. This view unifies your network data such as network traffic, application usage, threats, and user activities in one place. Activity Insights provides visualization, monitoring, and reporting capabilities to you carry out your tasks easily. Once you have identified the areas that need your focus with the Strata Cloud Manager Command Center, use the context links to navigate to Activity Insights or other dashboards for further analysis.
Activity Insights has advanced filters to help you focus on the security aspects that matter to your deployment. The advanced reporting functionality in Activity Insights enables you to download, share, and schedule reports from the data in the Overview tab. The report presents data separately for each filter applied in the dashboard. Alternatively, you can schedule reports for Activity Insights and dashboards from the
Strata Cloud Manager
Launch Strata Cloud Manager and click
) to get started.

What does Activity Insights show you?

Activity Insights shows aggregated data per
Strata Logging Service
tenant deployed in
Prisma Access
and NGFW environments. You can filter the data for a specific deployment. Activity Insights has different tabs. Each of these tabs provides an unified view of network data in relation to applications, users, threats, URLs, and network usage.
  • Overview
    - shows the data for applications, threats, users, URLs, and sessions with the maximum number of activities involved within the selected time range. Glance through this view to quickly identify any irregularities within your network and then delve deeper to examine the activities that require investigation.
  • Applications
    - overview of all the application usage in the network, including data transfer, application risks and ADEM capabilities to monitor application experience.
  • SD-WAN Applications
    - view the performance of Prisma SD-WAN applications with details on health score over a time range, transaction statistics, and bandwidth utilization metrics.
  • Threats
    - provides a holistic view of all threats that the Palo Alto Networks security services detected and blocked in your network.
  • Users
    - provides deeper insights into a user’s traffic and activities, including ADEM’s capabilities to monitor user experience.
  • URLs
    - shows the URLs accessed in your network, how many of them are malicious, users and applications accessing the URLs, rules allowing the URLs in your network, and enforcement by your security services.
  • Rules
    - gives insights on the security policy rules permitting the traffic generated by users and applications, threats detected in the traffic sessions, and URLs impacting the rule.
  • Regions
    - shows the network traffic details in relation to applications, users, threats, and URLs.

How can you use the data from the dashboard?

Finding here can help you-
  • Identify the applications you want to monitor, improve the user experience of the applications with low scores, and control unsanctioned and risky applications.
  • View the most relevant threats to your deployment and get context on the threats for investigation.
  • Refine your Security policy rules and traffic rules based on your findings from the logs to close the security gaps.
  • Monitor the user activity to detect and stop potential threats and protect misuse of sensitive information.

Recommended For You