Focus
Strata Cloud Manager

AI Canvas Best Practices

Table of Contents

AI Canvas Best Practices

Learn effective prompting techniques and explore data exploration strategies to maximize your AI Canvas experience.
To get the most out of AI Canvas, follow these best practices for creating effective natural language queries and exploring your security data.

Best Practices for Prompting

Effective prompting is key to getting accurate and useful results from AI Canvas. Follow these guidelines to craft better queries:
  • Begin with broad metrics.
    Start your analysis with high-level overviews to understand the scope:
    • "Show me the total number of threats in the last 24 hours."
    • "Summarize our overall security posture this week."
  • Segment by categories.
    Break down information into logical segments:
    • "Break down threats by category and severity."
    • "Show distribution of traffic by application type."
  • Identify key contributors.
    Find the most significant entities:
    • "Who are the top 10 affected users this week?"
    • "Which apps generated the most incidents?"
  • Analyze trends over time.
    Look for patterns across different time periods:
    • "Compare incident volume this week vs. last week."
    • "Trend of traffic volume by application over the past 30 days."
  • Explore correlations.
    Investigate relationships between different factors:
    • "Show top users by threat category and source IP."
    • "What are the most used high-risk applications by location?"
  • Apply targeted filters.
    Narrow focus to specific areas of interest:
    • "Show me threats from San Jose with severity high."
    • "Display only critical alerts affecting production servers."
  • Detect anomalies.
    Look for unusual patterns or outliers:
    • "What unusual traffic patterns were observed today?"
    • "Identify any spike in failed login attempts this week."

Prompt Samples

Use these sample prompts as starting points for your own queries:

Threat Analysis

  • Show me the top 5 threat categories, subcategories, and severities in the last 24 hours
  • Show me top affected users by those top 5 threats
  • Show me the top affected users and threat count in the last 24 hours
  • Show me the top 5 users along with their threat ID, source IP, and destination IP for threat category C2
  • Show me the top threats by session
  • Show me the top threat subcategories by session
  • Show me the number of threats per PA location

Application Analysis

  • Can you show me the top 10 risky applications that are accessed by top affected users
  • Top 10 applications with highest impacted users in the past 3 hours
  • Show me top applications in the last 30 days
  • Which users are using the highest-risk applications
  • What are the most used applications
  • Which users were denied application access in the last 7 days

User Analysis

  • How many users are using GlobalProtect version 6.3.3 and what are their names?
  • How many users have been seen in the last week running GlobalProtect version 6.3.3?
  • How many Prisma Access users in the last 30 days
  • Show me top 10 users with high bandwidth

Location and Infrastructure

  • Show me top 10 incidents in PA locations
  • Show me top users impacted by top incidents
  • What are the top 10 Prisma Access locations seeing high traffic volume?
  • What is the current status of each PA location
  • Provide a list of all Prisma Access locations with the respective number of egress IPs for MU, EP, and RNs
  • Give me the list of all migrated Remote Networks
  • Provide me the count of Remote Networks which are down
  • Show me the tunnels which are in UP status
For additional Strata Copilot prompt examples across, see Strata Copilot Prompts.

Data Exploration Tasks

Follow these systematic approaches to explore your security data effectively:
  • Identify Key Metrics
    Start by asking for high-level summaries to understand the overall state of your environment.
    Example: "Show me the total number of threats in the last 24 hours."
  • Drill Down Into Categories
    Narrow the focus by exploring subcategories or specific types of data.
    Example: "Break down threats by category and severity."
  • Spot Top Entities
    Identify the most significant users, applications, locations, or assets in your environment.
    Examples:
    • "Who are the top 10 affected users this week?"
    • "Which apps generated the most incidents?"
  • Compare Over Time
    Use time-based comparisons to identify trends and changes in your security posture.
    Examples:
    • "Compare incident volume this week vs. last week."
    • "Trend of traffic volume by application over the past 30 days."
  • Correlate Data Across Dimensions
    Explore relationships between different entities to uncover hidden patterns.
    Examples:
    • "Show top users by threat category and source IP."
    • "What are the most used high-risk applications by location?"
  • Filter by Attributes
    Add specific filters to focus on the most relevant data for your investigation.
    Example: "Show me threats from San Jose with severity high."
  • Look for Anomalies or Spikes
    Ask for outliers or unusual changes that might indicate security issues.
    Example: "What unusual traffic patterns were observed today?"