Strata Cloud Manager
Activity Insights: Overview
Table of Contents
Activity Insights: Overview
Activity Insights gives you an in-depth view of your network activities across
Prisma Access
and NGFW deployments.Where Can I Use This? | What Do I Need? |
|---|---|
| You must have at least one of these licenses to view the Activity
Insights:
|
View the summary of most seen applications, threats, users, URLs,
and rules in your network for the selected time period. Glance through this view to
quickly identify any irregularities within your network and then delve deeper to
examine the activity that requires investigation. The Overview view includes:
- Top 5 applications and application categories in your network that have the maximum activity in terms of number of sessions, data transfer, threats detected, URLs accessed, and users who accessed the applications. ClickView all Applicationsto refer to the application details.
![]()
- Top 5 threats and threat categories that are most affecting the sessions, users, and applications. View the details of sessions, users, and applications in the Log Viewer, Users, and Applications tabs respectively.
![]()
- Network traffic trend of blocked, allowed, and alerted sessions, the amount of data transferred, and users generating the most traffic.
![]()
- Top 5 users with most traffic sessions, data transferred, threats found in traffic, URLs accessed, and the user experience scores for monitored applications.
- Most accessed URLs along with details on session, users, and applications accessing the URLs.
![]()
- Top 5 most impacted Security policy rules configured in your deployment with filters to know the sessions, users, URLs, threats, data transferred, applications involved in the traffic matching the rules.
![]()
You can use the filters to view the data points you want to focus on
and relevant to your deployment. These filters are available in all the tabs of the
dashboard.
Filters
Activity Insights has advanced filters to help you focus on the
security aspects that matter to your deployment. The available filters are:
- Time Range- view data for a specified time period
- Scope Selection- data specific to a deployment: Prisma Access, NGFW
- Subtenant- the Prisma Access instance for which the data is displayed
- User Name- view activities involving an individual user
- Application- network events concerning a specific application
- Application Type- type of application; SaaS, internet, private
- Threat Category- data for a particular category of threat
- Threat Action- view specific to allowed or blocked threats
- URL Risk Level- data concerning the URLs with specific risk level; high, medium, or low
- URL Category- filter the data based on the URL categories
- Source Location- view activity that originated from a specific location
- Destination Location- view activity targeted to a specific region
- URL- activity related to a specific URL accessed.
- SaaS Application- data concerning a specific SaaS application
- Sanctioned Application- view data for sanctioned or unsanctioned applications only
- Port Type- sort traffic from applications traversing through standard or nonstandard ports.
- Protocol- see traffic that uses a specific TCP, UDP, or HTTP ports
- Source Type- view activity generated from a particular device, users, or others.
Reports
Click one of the icons,
![]()
in the
![]()
icon and select Activity Insights- Summary from the
Overview
tab to download, share, and
schedule reports from the data in the Overview
tab. You can also schedule
reports from the menu; click the 
Type
drop-down.