Autonomous DEM
ADEM Data Collection and Agent Processes
Table of Contents
Expand All
|
Collapse All
Autonomous DEM Docs
-
- AI-Powered ADEM
- Autonomous DEM for China
-
-
- AI-Powered ADEM
- Access Experience Agent 5.1
- Access Experience Agent 5.3
- Access Experience Agent 5.4
ADEM Data Collection and Agent Processes
Learn about the metrics that the ADEM agent collects from the user's workstation in order
to provide actionable insights into the workstation, network, path and application
performance
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The Autonomous Digital Experience Management capability is built into the
GlobalProtect Client. It is enabled/disabled by the policy in the Prisma Access
administration portal (Both Panorama and Cloud Managed).
Data Collection
The ADEM agent collects metrics from the user's workstation in order to provide
actionable insights into the workstation, network, path and application performance.
The metrics collected are:
User sessions
- GlobalProtect username
- GlobalProtect Login / Logout time
- GlobalProtect status
- Prisma Access location
- User geographical local
- Service provider name
BIOS
- Serial number
Computer
- Hostname
- Model
- Manufacturer
- Battery
Network
- Hostname
- Network interfaces
- IPv4 and IPv6 address
- Public IP Address
- MAC address
- Default gateway
- WiFi Signal Quality
- WiFi Tx Speed
- WiFi Rx Speed
- WiFi Channel
- WiFi Network SSID
- WiFi Network BSSID
VPN Network
- VPN Interface
- VPN Gateway ID/Hostname
- Network interfaces
Operating System
- OS type
- Version
- OS architecture
Logical Devices
- Device ID
- Device type
- Media type
- Size
- Name
- Volume name
- Volume serial number
- Filesystem count
- Filesystem storage size
- Filesystem usage
CPU
- Architecture
- Core count
- Logical processor count
- Manufacturer
- Max clock speed (Except on Apple Silicon)
- Name
RAM
- Memory module capacity (Windows only)
- Total Capacity
Synthetic Test Results
- Network Latency
- Network Jitter
- Network Loss
- DNS resolution times
- TCP Latency
- SSL Latency
- HTTP Latency
Browser-Based Real User Monitoring (RUM) Metrics
- Page Load Time
- Time To First Byte (TTTB)
- Largest Contentful Paint (LCP)
- Cumulative Layout Shift (CLS)
- First Input Delay (FID)
- Interaction to Next Paint (INP)
FQDNs Used by ADEM
The ADEM Client sends the data collected
to the ADEM Portal. As such the following FQDN’s may need to be
whitelisted and/or excluded from SSL decryption:
- agents.dem.prismaaccess.com
- updates.dem.prismaaccess.com
- features.dem.prismaaccess.com
- agents-prod1-us-west2.dem.prismaaccess.com
- agents-sg1-asia-southeast1.dem.prismaaccess.com
- agents-au1-australia-southeast1.dem.prismaaccess.com
- agents-jp1-asia-northeast1.dem.prismaaccess.com
- agents-ca1-northamerica-northeast1.dem.prismaaccess.com
- agents-eu1-europe-west4.dem.prismaaccess.com
- agents-uk1-europe-west2.dem.prismaaccess.com
- agents-in1-asia-south1.dem.prismaaccess.com
- agents-de1-europe-west3.dem.prismaaccess.com
- agents-ch1-europe-west6.dem.prismaaccess.com
- agents-fr1-europe-west9.dem.prismaaccess.com
Processes to be Whitelisted on EDR Deployments
Here are the ADEM processes that you must whitelist on your EDR
deployments in order for Autonomous DEM to run.
| MacOS Process | ||
|---|---|---|
| Process | Process Description | User/Permission Level |
| /Applications/Access Experience.app/Contents/MacOS/crypter | A support tool | _panwdem (sudo) |
| /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr | Path trace test for showing path visualization data on ADEM portal | _panwdem (sudo) |
| /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService | Invokes the mtr process for path traces. | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/DemWebTestService | Runs the curl process. | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/curl | Application performance test using Curl | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/MacOS/DemUpdateService | Endpoint DEM service software update manager | root |
| /Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/MacOS/DemNetworkTestService | Runs ICMP/TCP ping tests. | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemCollectionService.xpc/Contents/MacOS/DemCollectionService | Collects local system metrics such as cpu, memory, and wifi statistics. | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService | Provides connectivity to the ADEM portal for incoming configuration and transmission of test results. | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemTransmissionService.xpc/Contents/MacOS/DemTransmissionService | Runs periodically to collect test results from the other services and transmits them to the portal via the portal service. | _panwdem |
| /Applications/Access Experience.app/Contents/MacOS/Access Experience | The main Access Experience UI that houses the End User Coaching and Self Service functionality. This is what runs when you click on a notification or launch from the MenuBar or /Applications folder | Logged-in User |
| /Applications/Access Experience.app/Contents/Library/Access Experience Menu.app/Contents/MacOS/Access Experience Menu | The macOS MenuBar application that provides the launcher for the Access Experience UI and provides Location Services integration for WiFi data collection when integrated with GlobalProtect | Logged-in User |
| /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr-packet | Works with the mtr process to provide path trace functionality to the agent. | _panwdem (sudo) |
| /Applications/Access Experience.app/Contents/Services/DemUserProxyService.xpc/Contents/MacOS/DemUserProxyService | Provides a bridge between the ADEM services that run persistently with the _panwdem credentials to the logged-in users processes. This is required to deliver notifications to the user and real-time updates to the Access Experience UI for End User Coaching and Self Service. | _panwdem |
| /Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/Frameworks/SPLPing.framework/Versions/A/SPLPing | A library used by the agent to perform network ping tests | N/A: This is a library used by DemNetworkTestService and does not execute independently. |
| /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop | Part of the agent updater mechanism | root |
| /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate | Part of the agent updater mechanism | root |
| /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle | Part of the agent updater mechanism | root |
| /etc/ sudoers.d/palo_alto_networks_dem | A file listing processes that require sudo access | N/A: This is a configuration file and not an executable, so permission levels do not apply. |
| /Applications/Access Experience.app/Contents/Services/DemAnalyticsService.xpc/Contents/MacOS/DemAnalyticsService | Performs data collection and processing for the End User Coaching and Self Service features. | _panwdem |
| Windows Process | ||
|---|---|---|
| Process | Process Description | User/Permission Level |
| C:\Program Files\Palo Alto Networks\DEM\AgentProcess | The main agent process that provides portal connectivity and test coordination | Local System |
| C:\Program Files\Palo Alto Networks\DEM\DEMBios.exe | A utility that extracts the BIOS serial number for use by the update service | Local System |
| C:\Program Files\Palo Alto Networks\DEM\bin\BMTR | Performs TCP path traces. | Local System |
| C:\Program Files\Palo Alto Networks\DEM\bin\curl | Application Performance test using Curl | Network Service |
| C:\Program Files\Palo Alto Networks\DEM\bin\mtr | Invokes the mtr process for path traces. | Network Service |
| C:\Program Files\Palo Alto Networks\DEM\bin\mtr-packet | Path trace test for showing path visualization data on ADEM portal | Network Service |
| C:\Program Files\Palo Alto Networks\DEM\bin\tcping | Network performance test for applications using TCP ping | Network Service |
| C:\Program Files\Palo Alto Networks\DEM\DEMAgentService | Launcher for the main agent process. It isolates the integration with the Windows Service subsystem. | Local System |
| C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess | Communicates with the portal on behalf of the agent. It is isolated in a separate process so it can run with suitable permissions. | Network Service |
| C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService | Provides upgrade functionality. | Local System |
| C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience | The Windows Status Tray application that provides the launcher for the Access Experience UI and raises desktop notifications for the user | Logged-in User |
| C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\AccessExperienceUI | The main Access Experience UI that houses the End User Coaching and Self Service functionality. This is what runs when you click on a notification or launch from the Status Tray icon or the Program Files folder. | Logged-in User |
| C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\createdump | Part of the application runtime required by Windows | N/A: This is a code-level dependency that does not get executed. |
| C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess | Performs data collection and processing for the End User Coaching and Self Service features. | Local Service |