Activity Insights: Overview
Focus
Focus
Strata Cloud Manager

Activity Insights: Overview

Table of Contents

Activity Insights: Overview

Activity Insights gives you an in-depth view of your network activities across Prisma Access and NGFW deployments.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • NGFW, including Cloud NGFWs and those funded by Software NGFW Credits
  • Prisma SD-WAN
Each of these licenses include access to Strata Cloud Manager:
The other licenses and prerequisites needed to access certain Activity Insights views are:
  • Strata Logging Service
  • Cloud-Delivered Security Services (CDSS)
  • ADEM Observability
  • WAN Clarity Reporting
  • A role that has permission to view the dashboard
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.
View the summary of most seen applications, threats, users, URLs, and rules in your network for the selected time period. Glance through this view to quickly identify any irregularities within your network and then delve deeper to examine the activity that requires investigation. The Overview view includes:
  • Top 5 applications and application categories in your network that have the maximum activity in terms of number of sessions, data transfer, threats detected, URLs accessed, and users who accessed the applications. Click View all Applications to refer to the application details.
  • Top 5 threats and threat categories that are most affecting the sessions, users, and applications. View the details of sessions, users, and applications in the Log Viewer, Users, and Applications tabs respectively.
  • Network traffic trend of blocked, allowed, and alerted sessions, the amount of data transferred, and users generating the most traffic.
  • Top 5 users with most traffic sessions, data transferred, threats found in traffic, URLs accessed, and the user experience scores for monitored applications.
  • Most accessed URLs along with details on session, users, and applications accessing the URLs.
  • Top 5 most impacted Security policy rules configured in your deployment with filters to know the sessions, users, URLs, threats, data transferred, applications involved in the traffic matching the rules.
You can use the filters to view the data points you want to focus on and relevant to your deployment. These filters are available in all the tabs of the dashboard.

Filters

Activity Insights has advanced filters to help you focus on the security aspects that matter to your deployment. The available filters are:
  • Time Range- view data for a specified time period
  • Scope Selection- data specific to a deployment: Prisma Access, NGFW
  • Subtenant- the Prisma Access instance for which the data is displayed
  • User Name- view activities involving an individual user
  • Application- network events concerning a specific application
  • Application Type- type of application; SaaS, internet, private
  • Threat Category- data for a particular category of threat
  • Threat Action- view specific to allowed or blocked threats
  • URL Risk Level- data concerning the URLs with specific risk level; high, medium, or low
  • URL Category- filter the data based on the URL categories
  • Source Location- view activity that originated from a specific location
  • Destination Location- view activity targeted to a specific region
  • URL- activity related to a specific URL accessed.
  • SaaS Application- data concerning a specific SaaS application
  • Sanctioned Application- view data for sanctioned or unsanctioned applications only
  • Port Type- sort traffic from applications traversing through standard or nonstandard ports.
  • Protocol- see traffic that uses a specific TCP, UDP, or HTTP ports
  • Source Type- view activity generated from a particular device, users, or others.

Reports

Click one of the icons,
in the Overview tab to download, share, and schedule reports from the data in the Overview tab. You can also schedule reports from theStrata Cloud ManagerReports menu; click the
icon and select Activity Insights- Summary from the Type drop-down.