Strata Cloud Manager
Command Center: Strata Cloud Manager
Table of Contents
Command Center: Strata Cloud Manager
The Strata Cloud Manager Command Center provides a top-level view of the health and
security of all your users, IoT devices, hosts, and applications.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The Strata Cloud Manager Command Center is your new NetSec homepage; it is an interactive
visual summary that will help you assess the health, security, and efficiency of your
network. The command center provides a consolidated view of the NetSec platform, and
gives you comprehensive visibility into your Sources, Applications, Prisma Access
deployment, your NGFWs, and your security services in a single place.
The command center allows you to interact with the data and visualize the relationships
between events on the network, so that you can take immediate actions to strengthen your
security.
The command center is integrated with the new Activity Insights dashboards
()
, and will highlight anomalies detected by your onboarded
licenses and subscriptions through actionable insights, and provide a path to remediate
those anomalies. From the new homepage, you can see:
- A comprehensive view of all traffic on your network flowing between sources (users, IoT, external hosts) to applications (internet, SaaS, private).
- How assets such as users, devices, and applications are being accessed and secured.
- Navigate to specific dashboards with context for deeper understanding of the issues impacting your network.
- Types of threats encountered while users are working.
Launch Strata Cloud Manager and click 
Command Center
(
)
to get started.How to Interact with the Strata Cloud Manager Command Center
Each view in the command center neatly breaks down all the information you would need
to assess the health and security of your network.
The data in the command center is refreshed every 5 minutes and by default shows data
from the last 24 hours. You can also filter this data by the past 1 hour, 3 hours, 7
days, or 30 days.
Each command center view displays different types of visual data flowing from the
sources, through Prisma Access and NGFWs or security subscriptions deployed on your
network, to the various applications on your network.
The Sources bubbles (hybrid workers, office users, IoT devices, and other) are on the
left and the Applications bubbles (accessed on the internet, SaaS, and hosted
on-prem or in-cloud) are on the right. The application bubbles display the top three
most used applications in each category.
Sources include:
- IoT Devices– Devices discovered by an active IoT Security license and enabled,
- Users– Remote and Branch users.
- Other– Internal and external hosts accessing resources on the internet.
Applications include:
- Internet Apps– Applications accessed using a web browser.
- SaaS Apps– Cloud apps owned and managed by an application service provider.
- Private Apps– Applications hosted in a data center.
You can filter the data in the central view by clicking on the bubbles for sources,
deployments, or applications. This will give you a more detailed view of the tracked
data for that view in relation to the bubble selected.
 |  |
When looking at one of the views, you can mouse over the lines for more information
about your network, such as the traffic or the threats blocked or allowed on your
network.
 |  |
Below the central visual summary are several key metrics tracked by your activated
subscriptions that provide actionable insights into your network. These key metrics
provide the ability to navigate to one of several detailed context pages where you
can find more information about the metrics that have surfaced and drill-down into
possible solutions.
 |  |
Strata Cloud Manager Command Center Views
The command center provides you with four different views, each with their own
tracked data and metrics to examine and interact with.
Summary
Review the data provided by the Summary view.
The
Summary
view shows you a high-level look at all traffic
from your users, external hosts, IoT devices, and applications, as well as a preview
of some of the issues and anomalies on your network that are spotlighted by the
other views. You can use this view as the first-look into the health of your network
each day. Summary Licenses |
|
Central Summary View
The central Summary view provides a look into the data being transferred between
the IoT devices, users, external hosts accessing resources from the internet,
internet apps, SaaS apps, and private apps on your network.
The lines in the central Summary view represent the data transfers and traffic on
your network, with the thickness of the lines representing the volume of data
being transferred from sources and applications.
You can see how these sources are being secured by your network infrastructure:
- Prisma Access deployments
- Next-Generation Firewalls from yourStrata Logging Serviceinventory
Total Threats Count
The
Total Threats Count
widget gives you a quick view into
the total number of threats detected in your network, how many threats have been
blocked, how many threats have been alerted, and the change in threats from a
selected time range. Click through to the Activities Insights
()
screen for a more detailed breakdown of threats on your
network.Open Incidents and User Experience
The
Open Incidents and User Experience
widget
gives you a view into the total count of open incidents, the breakdown of good
and potentially degraded user experience from individual segments in the service
delivery chain from a user device to an application, and the change in open
incidents from a selected time range. 
Click through to the Application Experience dashboard
()
for a more detailed breakdown of the health and user
experience across your network and performance metrics.Top Data Profiles by Action
The
Top Data Profiles
widgets gives you a view into the
top predefined data filtering profiles, the number of matches found in network
traffic, and the action taken for sensitive data based on those data profiles. 
Click through to the Data Security view
()
for a more detailed breakdown of sensitive data on your
network.Threats
Review the data provided by the Threats view.
The
Threats
view shows the traffic inspected on your network
and threats detected by your CDSS subscriptions. You can use this view to monitor
the blocked and alerted threats on your network or investigate areas of your network
that need updated policies to better block any alerted threats.Threats Licenses |
|
Central Threats View
The central Threats view provides a look into all the threats on your
network that have been identified by your active Cloud-Delivered Security
Services subscriptions.
The Threats view will show how your Palo Alto Networks CDSS
subscriptions are protecting your traffic by monitoring potential threats on
your network. The Command Center gives you insight into the percentage of
traffic inspected for your IoT devices, users, and applications, and the total
number of threats allowed or alerted.
The lines in the central Threats view represent the traffic being
monitored by your security subscriptions, with the thickness representing the
volume of threats detected and the color representing if the threats are of
critical, high, medium, or low severity.
Security Subscriptions
The
Security
Subscriptions
widget gives you a view into your Cloud-Delivered
Security Subscriptions, which ones are active, and a snapshot of how they are
securing your network. Subscription | Description |
|---|---|
Threat Prevention defends your network against both commodity
threats—which are pervasive but not sophisticated—and targeted,
advanced threats perpetuated by organized cyber
adversaries. | |
Advanced URL Filtering is our comprehensive URL filtering
solution that protects your network and users from web-based
threats. | |
The cloud-delivered WildFire malware analysis service uses
data and threat intelligence from the industry’s largest global
community, and applies advanced analysis to automatically
identify unknown threats and stop attackers in their
tracks. | |
Automatically secure your DNS traffic by using Palo Alto
Networks DNS Security service. |
Security Subscriptions
widget()
gives you a detailed report of the status of your
subscriptions in relation to your NGFWs and Prisma Access deployments. Click
Back to the Dashboard
to return to the
Threats
view.
Total Threats Count
The
Total Threats Count
widget gives you a quick
view into the total number of threats detected in your network, how many threats
have been blocked, how many threats have been alerted, and the change in threats
from a selected time range.Click through to the Activities Insights
()
for a more detailed breakdown of threats on your
network.Blocked and Alerted Threats
The
Blocked and Alerted Threats
widget gives you
a top-down-view of the threats being detected in your network, organizing them
by category, threat level (critical, high, medium, and low), and if the threats
have been blocked or alerted. Click through for a more detailed table of all the threats impacting your network
()
.Operational Health
Review the data provided by the Operational Health view.
The
Operational Health
view shows the health of
infrastructure and user experience on your network. You can use this view to monitor
the health of your NGFWs and Prisma Access deployments as well as the user
experience on your network and review the severity of open incidents in each area. Operational Health Licenses |
|
Central Operational Health View
The central Operational Health view provides a look into the health of
infrastructure and of the user experience on your network. If users have an
Autonomous Digital Experience Management (ADEM) license, they will receive
enhanced data in this view.
The Operational Health view will show how your Palo Alto Networks ADEM
subscription monitors the digital experience across all users, and applications
in your SASE environment.
The lines in the central Operational Health view represent all the
users on your network. The users are organized by user experience score, with
the colors of the lines representing a rating of good, poor, or unmonitored.
Total Open Incidents and Incidents by Severity
The
Open Health Incidents by Severity
widget
gives you a view into the all open incidents on your network, broken down by
scope (NGFW, Prisma Access, and Prisma SD-WAN), severity, and quantity of
incidents. 
The widget tracks the percent change in open incidents based on the time period
selected.
Click through to the
Incidents and Alerts
dashboard for each available scope ()
.Top Subcategories for Open Health Incidents
The
Top Subcategories for Open Health Incidents
widget gives you a view into the top subcategories of the open health incidents
on your network, organized by scope, subcategory, quantity of incidents, and
what is impacted (data centers, sites, devices, etc.). The widget will display the top five subcategories for a single scope, or the top
two subcategories for multiple scopes when available.
Click through to the
Incidents and Alerts
dashboard ()
for more details on the incidents.Monitored Users and User Experience
The
Open Incidents and User Experience
widget
gives you a view into the total count of open incidents, the breakdown of good
and potentially degraded user experience from individual segments in the service
delivery chain from a user device to an application, and the change in open
incidents from a selected time range.
Click through to the
Application Experience
dashboard ()
for a more detailed breakdown of experience across your
network and performance metrics.Data Security
Review the data provided by the Data Security view.
The
Data Security
view shows all the sensitive data
detected across your network and various connected SaaS applications. You can use
this to monitor and identify high risk sensitive data flows in your organization. Data Security Licenses |
|
Central Data Security View
The central Data Security view provides the sensitive and high risk
data map across your network and connected SaaS applications. The command center
gives you insight into sensitive data users in the organization, the specific
sanctioned, unsanctioned, tolerated, or untagged applications where there is
sensitive data activity detected (asset upload, download, or assets exposed) as
well as number of assets allowed, blocked, quarantined, revoked sharing or
exposed.
The lines in the central Data Security view represent sensitive data
being detected through data at rest and data in motion security solutions, with
the thickness of the lines representing the quantity of data and the color
representing whether that data has been flagged or classified as critical, high,
medium, or low risk.
Security Subscriptions
The
Security Subscriptions
widget gives you a
view into your Data Security Subscriptions, which ones are active, and a
snapshot of how they are securing your network. Subscription | Descrition |
|---|---|
Enterprise DLP is a cloud-based service that uses supervised
machine learning algorithms to sort sensitive documents into
categories to guard against exposures, data loss, and data
exfiltration. | |
The SaaS Inline solution works with Cortex Data Lake to
discover all the SaaS applications that are being used on your
network. | |
SaaS API is a cloud-based service you can connect directly to
your sanctioned SaaS applications using the cloud app’s API and
provide data classification, sharing or permission visibility,
and threat detection within the application. | |
SaaS Security Posture Management (SSPM) helps detect and
remediate misconfigured settings in sanctioned SaaS applications
through continuous monitoring. | |
Email DLP is an add-on to Enterprise DLP that prevents
exfiltration of emails containing sensitive information with
AI/ML powered data detections. |
Clicking on the
Security Subscriptions
widget ()
gives you a detailed report of the status of your
subscriptions in relation to your NGFW and Prisma Access deployments. Click
Back to the Dashboard
to return to the
Data Security
view.
Top Data Profiles
The
Top Data Profiles
widget shows the top data
profiles detected across all the sensitive data inspected, the severity of the
data profile as well as the number of asset matches detected inline with data in
motion versus data at rest.
Click through to the
Data Loss Prevention
dashboard ()
to review all predefined data profiles and add custom
data profiles.Data Trend
The
Data Trend
widget shows trend in sensitive
data monitored by your data security subscriptions, organized by the percent
change in total assets, data risks, and posture violations.
Click through to the
Data Risk
dashboard ()
to understand your overall data risk score and review
actionable recommendations to improve the data security posture of your
organization.