Activity Insights: Overview
Focus
Focus
Strata Cloud Manager

Activity Insights: Overview

Table of Contents

Activity Insights: Overview

Activity Insights gives you an in-depth view of your network activities across
Prisma Access
and NGFW deployments.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by PAN-OS or Panorama)
  • NGFW (Managed by Strata Cloud Manager)
You must have at least one of these licenses to view the Activity Insights:
  • Prisma Access
  • AIOps for NGFW Free (use the AIOps for NGFW Free app)
    or
    AIOps for NGFW Premium license (use the Strata Cloud Manager app)
The other licenses needed to view the Activity Insights: Overview tab are:
  • Strata Logging Service
  • Cloud-Delivered Security Services (CDSS) subscriptions
  • ADEM Observability
    to unlock additional Prisma Access features
View the summary of most seen applications, threats, users, URLs, and rules in your network for the selected time period. Glance through this view to quickly identify any irregularities within your network and then delve deeper to examine the activity that requires investigation. The Overview view includes:
  • Top 5 applications and application categories in your network that have the maximum activity in terms of number of sessions, data transfer, threats detected, URLs accessed, and users who accessed the applications. Click
    View all Applications
    to refer to the application details.
  • Top 5 threats and threat categories that are most affecting the sessions, users, and applications. View the details of sessions, users, and applications in the Log Viewer, Users, and Applications tabs respectively.
  • Network traffic trend of blocked, allowed, and alerted sessions, the amount of data transferred, and users generating the most traffic.
  • Top 5 users with most traffic sessions, data transferred, threats found in traffic, URLs accessed, and the user experience scores for monitored applications.
  • Most accessed URLs along with details on session, users, and applications accessing the URLs.
  • Top 5 most impacted Security policy rules configured in your deployment with filters to know the sessions, users, URLs, threats, data transferred, applications involved in the traffic matching the rules.
You can use the filters to view the data points you want to focus on and relevant to your deployment. These filters are available in all the tabs of the dashboard.

Filters

Activity Insights has advanced filters to help you focus on the security aspects that matter to your deployment. The available filters are:
  • Time Range
    - view data for a specified time period
  • Scope Selection
    - data specific to a deployment: Prisma Access, NGFW
  • Subtenant
    - the Prisma Access instance for which the data is displayed
  • User Name
    - view activities involving an individual user
  • Application
    - network events concerning a specific application
  • Application Type
    - type of application; SaaS, internet, private
  • Threat Category
    - data for a particular category of threat
  • Threat Action
    - view specific to allowed or blocked threats
  • URL Risk Level
    - data concerning the URLs with specific risk level; high, medium, or low
  • URL Category
    - filter the data based on the URL categories
  • Source Location
    - view activity that originated from a specific location
  • Destination Location
    - view activity targeted to a specific region
  • URL
    - activity related to a specific URL accessed.
  • SaaS Application
    - data concerning a specific SaaS application
  • Sanctioned Application
    - view data for sanctioned or unsanctioned applications only
  • Port Type
    - sort traffic from applications traversing through standard or nonstandard ports.
  • Protocol
    - see traffic that uses a specific TCP, UDP, or HTTP ports
  • Source Type
    - view activity generated from a particular device, users, or others.

Reports

Click one of the icons,
in the
Overview
tab to download, share, and schedule reports from the data in the
Overview
tab. You can also schedule reports from the
Strata Cloud Manager
Reports
menu; click the
icon and select Activity Insights- Summary from the
Type
drop-down.

Recommended For You