Command Center: Strata Cloud Manager
Focus
Focus
Strata Cloud Manager

Command Center: Strata Cloud Manager

Table of Contents

Command Center: Strata Cloud Manager

The Strata Cloud Manager Command Center provides a top-level view of the health and security of all your users, IoT devices, hosts, and applications.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Panorama Managed)
  • NGFW (Managed by Strata Cloud Manager)
  • You must have at least one of these licenses that comes with a
    Strata Logging Service
    license to use the Command Center:
    • Prisma Access
    • AIOps for NGFW Premium
  • Or an AIOPs for NGFW Free license alongside a
    Strata Logging Service
    license
  • A role that has permission to view the dashboard
  • A specific license to view certain metrics in the Command Center that is outlined below
The Strata Cloud Manager Command Center is your new NetSec homepage; it is an interactive visual summary that will help you assess the health, security, and efficiency of your network. The command center provides a consolidated view of the NetSec platform, and gives you comprehensive visibility into your Sources, Applications, Prisma Access deployment, your NGFWs, and your security services in a single place.
The command center allows you to interact with the data and visualize the relationships between events on the network, so that you can take immediate actions to strengthen your security.
The command center is integrated with the new Activity Insights dashboards
(
Insights
Activity Insights
)
, and will highlight anomalies detected by your onboarded licenses and subscriptions through actionable insights, and provide a path to remediate those anomalies.
From the new homepage, you can see:
  • A comprehensive view of all traffic on your network flowing between sources (users, IoT, external hosts) to applications (internet, SaaS, private).
  • How assets such as users, devices, and applications are being accessed and secured.
  • Navigate to specific dashboards with context for deeper understanding of the issues impacting your network.
  • Types of threats encountered while users are working.
Launch Strata Cloud Manager and click
Command Center
(
)
to get started.

How to Interact with the Strata Cloud Manager Command Center

Each view in the command center neatly breaks down all the information you would need to assess the health and security of your network.
The data in the command center is refreshed every 5 minutes and by default shows data from the last 24 hours. You can also filter this data by the past 1 hour, 3 hours, 7 days, or 30 days.
Each command center view displays different types of visual data flowing from the sources, through Prisma Access and NGFWs or security subscriptions deployed on your network, to the various applications on your network.
The Sources bubbles (hybrid workers, office users, IoT devices, and other) are on the left and the Applications bubbles (accessed on the internet, SaaS, and hosted on-prem or in-cloud) are on the right. The application bubbles display the top three most used applications in each category.
Sources include:
  • IoT Devices
    – Devices discovered by an active IoT Security license and enabled,
  • Users
    – Remote and Branch users.
  • Other
    – Internal and external hosts accessing resources on the internet.
Applications include:
  • Internet Apps
    – Applications accessed using a web browser.
  • SaaS Apps
    – Cloud apps owned and managed by an application service provider.
  • Private Apps
    – Applications hosted in a data center.
You can filter the data in the central view by clicking on the bubbles for sources, deployments, or applications. This will give you a more detailed view of the tracked data for that view in relation to the bubble selected.
When looking at one of the views, you can mouse over the lines for more information about your network, such as the traffic or the threats blocked or allowed on your network.
Below the central visual summary are several key metrics tracked by your activated subscriptions that provide actionable insights into your network. These key metrics provide the ability to navigate to one of several detailed context pages where you can find more information about the metrics that have surfaced and drill-down into possible solutions.

Strata Cloud Manager Command Center Views

The command center provides you with four different views, each with their own tracked data and metrics to examine and interact with.

Command Center (Summary)

Review the data provided by the Summary view.
The
Summary
view shows you a high-level look at all traffic from your users, external hosts, IoT devices, and applications, as well as a preview of some of the issues and anomalies on your network that are spotlighted by the other views. You can use this view as the first-look into the health of your network each day.
Summary Licenses
  • You must have at least one of these licenses that comes with a
    Strata Logging Service
    license to use the Strata Command Center:
    • Prisma Access license
    • AIOps for NGFW Premium license
  • Or an AIOPs for NGFW Free license alongside a
    Strata Logging Service
    license
  • Licenses that are needed for additional metrics in the Summary view:
    • Cloud-Delivered Security Services (CDSS) subscriptions
    • Data Security subscriptions
    • ADEM license

Central Summary View

The central Summary view provides a look into the data being transferred between the IoT devices, users, external hosts accessing resources from the internet, internet apps, SaaS apps, and private apps on your network.
The lines in the central Summary view represent the data transfers and traffic on your network, with the thickness of the lines representing the volume of data being transferred from sources and applications.
You can see how these sources are being secured by your network infrastructure:
  • Prisma Access deployments
  • Next-Generation Firewalls from your
    Strata Logging Service
    inventory

Total Threats Count

The
Total Threats Count
widget gives you a quick view into the total number of threats detected in your network, how many threats have been blocked, how many threats have been alerted, and the change in threats from a selected time range.
Click through to the Activities Insights
(
Insights
Activity Insights
Threats
)
screen for a more detailed breakdown of threats on your network.

Open Incidents and User Experience

The
Open Incidents and User Experience
widget gives you a view into the total count of open incidents, the breakdown of good and potentially degraded user experience from individual segments in the service delivery chain from a user device to an application, and the change in open incidents from a selected time range.
Click through to the Application Experience dashboard
(
Dashboards
Application Experience
)
for a more detailed breakdown of the health and user experience across your network and performance metrics.

Top Data Profiles by Action

The
Top Data Profiles
widgets gives you a view into the top predefined data filtering profiles, the number of matches found in network traffic, and the action taken for sensitive data based on those data profiles.
Click through to the Data Security view
(
Command Center
Data Security
)
for a more detailed breakdown of sensitive data on your network.

Threats

Review the data provided by the Threats view.
The
Threats
view shows the traffic inspected on your network and threats detected by your CDSS subscriptions. You can use this view to monitor the blocked and alerted threats on your network or investigate areas of your network that need updated policies to better block any alerted threats.
Threats Licenses
  • Threats licenses, including:
    • Threat Prevention license
    • URL Filtering license
    • WildFire license
    • DNS Security license

Central Threats View

The central Threats view provides a look into all the threats on your network that have been identified by your active Cloud-Delivered Security Services subscriptions.
The Threats view will show how your Palo Alto Networks CDSS subscriptions are protecting your traffic by monitoring potential threats on your network. The Command Center gives you insight into the percentage of traffic inspected for your IoT devices, users, and applications, and the total number of threats allowed or alerted.
The lines in the central Threats view represent the traffic being monitored by your security subscriptions, with the thickness representing the volume of threats detected and the color representing if the threats are of critical, high, medium, or low severity.

Security Subscriptions

The
Security Subscriptions
widget gives you a view into your Cloud-Delivered Security Subscriptions, which ones are active, and a snapshot of how they are securing your network.
Subscription
Description
Threat Prevention defends your network against both commodity threats—which are pervasive but not sophisticated—and targeted, advanced threats perpetuated by organized cyber adversaries.
Advanced URL Filtering is our comprehensive URL filtering solution that protects your network and users from web-based threats.
The cloud-delivered WildFire malware analysis service uses data and threat intelligence from the industry’s largest global community, and applies advanced analysis to automatically identify unknown threats and stop attackers in their tracks.
Automatically secure your DNS traffic by using Palo Alto Networks DNS Security service.
Clicking on the
Security Subscriptions
widget
(
Command Center
View Security Subscriptions
)
gives you a detailed report of the status of your subscriptions in relation to your NGFWs and Prisma Access deployments. Click
Back to the Dashboard
to return to the
Threats
view.

Total Threats Count

The
Total Threats Count
widget gives you a quick view into the total number of threats detected in your network, how many threats have been blocked, how many threats have been alerted, and the change in threats from a selected time range.
Click through to the Activities Insights
(
Insights
Activity Insights
Threats
)
for a more detailed breakdown of threats on your network.

Blocked and Alerted Threats

The
Blocked and Alerted Threats
widget gives you a top-down-view of the threats being detected in your network, organizing them by category, threat level (critical, high, medium, and low), and if the threats have been blocked or alerted.
Click through for a more detailed table of all the threats impacting your network
(
Insights
Activity Insights
Threats
)
.

Operational Health

Review the data provided by the Operational Health view.
The
Operational Health
view shows the health of infrastructure and user experience on your network. You can use this view to monitor the health of your NGFWs and Prisma Access deployments as well as the user experience on your network and review the severity of open incidents in each area.
Operational Health Licenses
  • Monitoring subscriptions, including:
    • ADEM Observability
    • AI-Powered ADEM
    • AIOps for NGFW premium

Central Operational Health View

The central Operational Health view provides a look into the health of infrastructure and of the user experience on your network. If users have an Autonomous Digital Experience Management (ADEM) license, they will receive enhanced data in this view.
The Operational Health view will show how your Palo Alto Networks ADEM subscription monitors the digital experience across all users, and applications in your SASE environment.
The lines in the central Operational Health view represent all the users on your network. The users are organized by user experience score, with the colors of the lines representing a rating of good, poor, or unmonitored.

Total Open Incidents and Incidents by Severity

The
Open Health Incidents by Severity
widget gives you a view into the all open incidents on your network, broken down by scope (NGFW, Prisma Access, and Prisma SD-WAN), severity, and quantity of incidents.
The widget tracks the percent change in open incidents based on the time period selected.
Click through to the
Incidents and Alerts
dashboard for each available scope
(
Incidents and Alerts
Prisma Access / NGFW
All Incidents
)
.

Top Subcategories for Open Health Incidents

The
Top Subcategories for Open Health Incidents
widget gives you a view into the top subcategories of the open health incidents on your network, organized by scope, subcategory, quantity of incidents, and what is impacted (data centers, sites, devices, etc.).
The widget will display the top five subcategories for a single scope, or the top two subcategories for multiple scopes when available.
Click through to the
Incidents and Alerts
dashboard
(
Incidents and Alerts
Prisma Access / NGFW / Prisma SD-WAN
)
for more details on the incidents.

Monitored Users and User Experience

The
Open Incidents and User Experience
widget gives you a view into the total count of open incidents, the breakdown of good and potentially degraded user experience from individual segments in the service delivery chain from a user device to an application, and the change in open incidents from a selected time range.
Click through to the
Application Experience
dashboard
(
Dashboards
Application Experience
)
for a more detailed breakdown of experience across your network and performance metrics.

Data Security

Review the data provided by the Data Security view.
The
Data Security
view shows all the sensitive data detected across your network and various connected SaaS applications. You can use this to monitor and identify high risk sensitive data flows in your organization.
Data Security Licenses
  • Data Security licenses, including:
    • SaaS Security license
    • Data Security license
    • Enterprise DLP license

Central Data Security View

The central Data Security view provides the sensitive and high risk data map across your network and connected SaaS applications. The command center gives you insight into sensitive data users in the organization, the specific sanctioned, unsanctioned, tolerated, or untagged applications where there is sensitive data activity detected (asset upload, download, or assets exposed) as well as number of assets allowed, blocked, quarantined, revoked sharing or exposed.
The lines in the central Data Security view represent sensitive data being detected through data at rest and data in motion security solutions, with the thickness of the lines representing the quantity of data and the color representing whether that data has been flagged or classified as critical, high, medium, or low risk.

Security Subscriptions

The
Security Subscriptions
widget gives you a view into your Data Security Subscriptions, which ones are active, and a snapshot of how they are securing your network.
Subscription
Descrition
Enterprise DLP is a cloud-based service that uses supervised machine learning algorithms to sort sensitive documents into categories to guard against exposures, data loss, and data exfiltration.
The SaaS Inline solution works with
Strata Logging Service
to discover all the SaaS applications that are being used on your network.
SaaS API is a cloud-based service you can connect directly to your sanctioned SaaS applications using the cloud app’s API and provide data classification, sharing or permission visibility, and threat detection within the application.
SaaS Security Posture Management (SSPM) helps detect and remediate misconfigured settings in sanctioned SaaS applications through continuous monitoring.
Email DLP is an add-on to Enterprise DLP that prevents exfiltration of emails containing sensitive information with AI/ML powered data detections.
Clicking on the
Security Subscriptions
widget
(
Command Center
View Security Subscriptions
)
gives you a detailed report of the status of your subscriptions in relation to your NGFW and Prisma Access deployments. Click
Back to the Dashboard
to return to the
Data Security
view.

Top Data Profiles

The
Top Data Profiles
widget shows the top data profiles detected across all the sensitive data inspected, the severity of the data profile as well as the number of asset matches detected inline with data in motion versus data at rest.
Click through to the
Data Loss Prevention
dashboard
(
Manage
Configuration
Data Loss Prevention
)
to review all predefined data profiles and add custom data profiles.

Data Trend

The
Data Trend
widget shows trend in sensitive data monitored by your data security subscriptions, organized by the percent change in total assets, data risks, and posture violations.
Click through to the
Data Risk
dashboard
(
Manage
Configuration
Data Loss Prevention
Data Risk
)
to understand your overall data risk score and review actionable recommendations to improve the data security posture of your organization.

Recommended For You