>
    Strata Copilot
    Endpoint Insights for Prisma Access Agent
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Agent
    3. Prisma Access Agent Administration
    4. Manage Prisma Access Agents
    5. Endpoint Insights for Prisma Access Agent
    Download PDF
    Prisma Access Agent

    Endpoint Insights for Prisma Access Agent

    Table of Contents

    Endpoint Insights for Prisma Access Agent

    Collect and analyze comprehensive troubleshooting data, including periodic, event-triggered, and on-demand diagnostics, to proactively resolve endpoint and agent issues.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • NGFW (Managed by Panorama)
    • Check the prerequisites for the deployment you're using
    • Minimum required Prisma Access Agent version: 25.4
    • macOS 14 and later or Windows 10 version 2024 and later desktop devices
    • Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature
    The endpoint insights feature for Prisma Access Agent enables you to collect and analyze comprehensive troubleshooting data for the endpoint, including endpoint state, troubleshooting logs, and agent performance metrics. Using Prisma Access Agent endpoint insights, you can proactively detect potential issues before they impact end users and efficiently investigate and resolve problems when they occur. By analyzing the repository of periodic, on-demand, and event-driven diagnostics, you gain deep insights into endpoint behavior to help you quickly identify the root causes of connectivity or application access issues.

    Diagnostic Triggers

    The core functionality captures endpoint state information through multiple trigger mechanisms:
    • Event-Triggered Diagnostics (Prisma Access Agent 26.2)
      A watchdog service automatically monitors system events and instantly captures a diagnostic snapshot when predefined triggers occur, such as agent disablement, slow tunnel connections, or tunnel fallbacks from IPsec to SSL.
      Rate-Limiting
      To prevent excessive log collection, Prisma Access Agent restricts event-triggered diagnostics to occur once every three hours by default. For example, if the user disables the agent at 2:00 PM, the agent triggers diagnostics at that time. However, if the user disables the agent again at 3:00 PM, the agent does not initiate another diagnostic collection because the agent triggers diagnostic collection only once every three hours. If the agent service restarts within the rate-limit period, the agent immediately clears the rate-limit timer.
    • Periodic Diagnostics
      Prisma Access Agent collects diagnostic data once every 24 hours by default to provide a regular overview of endpoint health and performance.
    • On-Demand Administrator-Triggered Diagnostics
      You can capture diagnostic information from the Endpoint Management page in Strata Cloud Manager. On-demand triggers enable you to manually initiate comprehensive diagnostic collection from any managed endpoint, providing immediate access to troubleshooting information.
      User Consent Requirements (Prisma Access Agent 25.7)
      You can configure user consent requirements for the administrator-triggered diagnostic collection to address privacy concerns while maintaining administrative oversight. When you initiate diagnostics from Strata Cloud Manager, the system can optionally display a dialog on the endpoint requesting consent to collect diagnostic information.
      If you do not configure user consent requirements, Prisma Access Agent proceeds with the diagnostic data collection without requesting user consent.
    • On-Demand User-Triggered Diagnostics Through User Issue Reporting (Prisma Access Agent 25.7)
      End users can report connectivity problems directly from the Prisma Access Agent interface or command line, eliminating the need to wait for administrators to detect issues. When users experience connectivity problems, they can:
      • Report issues through the Prisma Access Agent app with a description of the problem they are experiencing (limited to 1000 characters) and provide consent for diagnostic data collection before the process begins
      • Use the Prisma Access Agent command-line interface (PACli) with the pacli eie trigger -d "<description>" command to report an issue and begin diagnostic data collection
      This user-initiated approach enables immediate response to connectivity problems and reduces support case resolution time.

    Data Collection Process

    When a diagnostic event triggers, Prisma Access Agent captures a complete snapshot of the endpoint environment including agent status information, tunnel connectivity details, gateway selection data, and network configuration parameters. It also collects system-level information such as operating system details and hardware specifications. For event-triggered and on-demand diagnostics, the system also collects the preceding ten minutes of agent activity logs, preserving the exact conditions present when issues occur and providing the temporal context necessary for effective root cause analysis.
    Prisma Access Agent collects a wide range of data points for endpoint insights, including:
    • Endpoint data (OS version)
    • Agent deployment and performance details
    • Troubleshooting logs

    Data Storage and Retention

    Diagnostic data storage and retention policies are fully configurable, enabling you to balance troubleshooting needs with compliance requirements and storage costs. Prisma Access Agent collects the diagnostic data, stores it securely, and retains it for 45 days by default. You can set the retention period between 7-730 days (2 years), depending on your organizational policies
    You can access the data through the Endpoint Management page, enabling you to view and download the diagnostics for analysis.

    © 2026 Palo Alto Networks, Inc. All rights reserved.