Configure Prisma Access Agent to Collect Endpoint Insights

Table of Contents

Endpoint Insights for Prisma Access Agent

Endpoint Insights Collected by Prisma Access Agent

Configure Prisma Access Agent to Collect Endpoint Insights

Configure Prisma Access Agent to collect endpoint insights data, including periodic, event-triggered, and on-demand diagnostics, for enhanced troubleshooting.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Panorama)	Check the prerequisites for the deployment you're using Minimum required Prisma Access Agent version: 25.4 macOS 14 and later or Windows 10 version 2024 and later desktop devices Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature

To provide visibility into your Prisma Access Agent deployments by collecting comprehensive troubleshooting data on endpoints, you configure the agent to collect endpoint insights. This configuration enables event-triggered, periodic, and on-demand diagnostic data collection.

Navigate to the Prisma Access Agent setup page.
- For Strata Cloud Manager Managed Prisma Access deployments:
  1. Log in to Strata Cloud Manager as the administrator.
  2. Select ConfigurationNGFW and Prisma AccessConfiguration ScopeAccess AgentSetupPrisma Access Agent.
- For Panorama Managed Prisma Access deployments:
  1. From the Cloud Services plugin in Panorama, select PanoramaCloud ServicesPrisma Access Agent.
  2. Click Launch Prisma Access Agent.
  3. Select ConfigurationPrisma Access AgentSettingsPrisma Access Agent.
- For NGFW (Managed by Panorama) deployments:
  1. Log in to Strata Cloud Manager as the administrator.
  2. Select ConfigurationPrisma Access AgentSettingsPrisma Access Agent.
Enable Prisma Access Agent to collect endpoint diagnostics by adding or editing an agent setting.
1. Select the match criteria for the user or user group that will receive this configuration.
2. In the Endpoint Insights section, enable Endpoint Insights. (Default: Disabled)
  
  When you enable this setting, Prisma Access Agent automatically captures diagnostic snapshots when predefined system events occur. It also collects diagnostics periodically and on-demand (through administrator-triggered diagnostic collection or user issue reporting). (Default: Disabled)
3. (Prisma Access Agent 25.7) For administrator-triggered diagnostic collection, enable User Consent Required to display a consent dialog to the end user requesting permission to collect diagnostic data. (Default: Disabled)
  
  When enabled, the user will see the following dialog on an endpoint. For example, on Windows:
  
  If the user approves the request, the diagnostic collection proceeds. If the user denies the consent, the diagnostic collection fails.
  
  If you don't enable User Consent Required, the consent dialog will not appear on the endpoint for administrator-triggered diagnostics. Diagnostic data collection will occur without asking the user for consent.
4. Configure other agent settings if needed and Save the settings.
Configure the diagnostic data retention period in the Global Agent Settings page.
Prisma Access Agent collects the diagnostic data, stores it securely on the endpoint, and retains it for the number of days specified by the data retention period. Prisma Access Agent automatically purges any diagnostic data that exceeds the data retention period.
1. Select the Prisma Access Agent tab in the Prisma Access Agent Setup page.
2. Edit the Global Agent Settings.
3. Enter the number of days for the Data Retention (days) period. The default is 45 days. The range is 7 to 730 days (2 years).
4. Save the global agent settings.
Push the Prisma Access Agent Configuration.