Strata Cloud Manager Getting Started

docs.paloaltonetworks.com
Contact Information
Corporate Headquarters:
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
www.paloaltonetworks.com/company/contact-support

About the Documentation

• For the most recent version of this guide or for access to related documentation, visit the Technical
Documentation portal docs.paloaltonetworks.com.
• To search for a specific topic, go to our search page docs.paloaltonetworks.com/search.html.
• Have feedback or questions for us? Leave a comment on any page in the portal, or write to us at
[email protected].

Copyright
Palo Alto Networks, Inc.
www.paloaltonetworks.com

© 2023-2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo
Alto Networks. A list of our trademarks can be found at www.paloaltonetworks.com/company/
trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.

Last Revised
August 11, 2025

Strata Cloud Manager Getting Started 2 ©2025 Palo Alto Networks, Inc.
Table of Contents
Introducing Strata Cloud Manager.............................................................. 11
How Strata Cloud Manager Strengthens Security............................................................ 13
How Strata Cloud Manager Predicts and Prevents Network Disruptions...................14
How Strata Cloud Manager Works Everywhere Consistently....................................... 15
Strata Cloud Manager Support...............................................................................................16
License Support..............................................................................................................16
Language Support.......................................................................................................... 20
First Look at Strata Cloud Manager......................................................................................21
Launch Strata Cloud Manager................................................................................................ 28
Launch Strata Cloud Manager for the First Time...................................................28
Moving to Strata Cloud Manager from a Dedicated Product App.....................29
Get Started with Strata Cloud Manager.............................................................................. 31
Shared Management for Prisma Access and NGFWs...........................................34
Built-In Best Practices in Strata Cloud Manager............................................................... 37

Strata Copilot.................................................................................................... 45
Strata Copilot Availability........................................................................................................46
Regional Access..............................................................................................................46
Availability by Product................................................................................................. 47
Data and Content Sources.......................................................................................... 48
Get Started with Strata Copilot.............................................................................................50
Launch Strata Copilot................................................................................................... 50
First Look......................................................................................................................... 51
Response Types............................................................................................................. 51
Strata Copilot Prompts............................................................................................................ 62
Tips for Improving Prompts........................................................................................ 62
Prompt Examples........................................................................................................... 63
Get Help with Strata Copilot................................................................................................. 71
Share Feedback About a Response...........................................................................71
Get Remediation Guidance or Open a Support Case........................................... 71

AI Canvas........................................................................................................... 75
Core Components..................................................................................................................... 78
Data Sources.............................................................................................................................. 79
Create an AI Canvas.................................................................................................................80
Manage Widgets........................................................................................................................87
Create a Widget from a Query.................................................................................. 87
View, Edit, and Export Widgets................................................................................. 89
Delete an Unused Widget...........................................................................................96

Strata Cloud Manager Getting Started 3 ©2025 Palo Alto Networks, Inc.
Table of Contents

AI Canvas Best Practices.........................................................................................................97

Best Practices for Prompting......................................................................................97
Prompt Samples............................................................................................................. 98
Data Exploration Tasks.................................................................................................99
Manage an Existing Canvas..................................................................................................101
Export a Canvas...........................................................................................................101
Share a Canvas.............................................................................................................101
Delete a Canvas...........................................................................................................101
Get Help with AI Canvas...................................................................................................... 102
Troubleshoot AI Canvas............................................................................................ 102
Support and Feedback............................................................................................... 102

Command Center: Strata Cloud Manager............................................... 103

How to Interact with the Strata Cloud Manager Command Center...........................105
Strata Cloud Manager Command Center Views............................................................. 109
Central Summary View.............................................................................................. 110
Total Threats Count....................................................................................................111
Open Incidents and User Experience.....................................................................111
Top Data Profiles by Action..................................................................................... 111
Top GenAI Use Cases by Users and GenAI Apps............................................... 112
Central Threats View..................................................................................................113
Security Subscriptions................................................................................................ 113
Total Threats Count....................................................................................................114
Blocked and Alerted Threats....................................................................................115
Central Operational Health View............................................................................ 116
Total Open Incidents and Incidents by Severity..................................................116
Top Subcategories for Open Health Incidents.....................................................117
Monitored User Devices and User Device Experience...................................... 117
Central Data Security View...................................................................................... 119
Security Subscriptions................................................................................................ 119
Top Data Profiles........................................................................................................ 121
Data Trend.................................................................................................................... 121
Central App Security View........................................................................................122
Total Traffic Requests................................................................................................ 123
Recommended Policies and Anomalies Detected............................................... 123
Previewed Policies and Attacks Alerted................................................................123

Insights: Strata Cloud Manager..................................................................125

Insights: Activity Insights...................................................................................................... 133
Activity Insights: Overview....................................................................................... 134
Activity Insights: Applications.................................................................................. 138

Strata Cloud Manager Getting Started 4 ©2025 Palo Alto Networks, Inc.
Table of Contents

Activity Insights: SD-WAN Applications............................................................... 142

Activity Insights: Threats........................................................................................... 144
Activity Insights: Users.............................................................................................. 145
Activity Insights: Domains.........................................................................................162
Activity Insights: Rules............................................................................................... 163
Activity Insights: Regions.......................................................................................... 164
Activity Insights: Projects.......................................................................................... 165
Activity Insights: Build a Custom Dashboard....................................................... 166
Insights: Prisma AIRS............................................................................................................. 169
Insights: AI Access.................................................................................................................. 170
Insights: Executive Summary............................................................................................... 171
What does this dashboard show you?...................................................................171
How can you use the data from dashboard?....................................................... 172
Insights: WildFire.................................................................................................................... 174
What does this dashboard show you?...................................................................175
How can you use the data from the dashboard?................................................ 175
WildFire Insights: Filters............................................................................................175
WildFire Insights: Submissions and Verdicts........................................................ 176
WildFire Insights: Analysis Insights.........................................................................177
WildFire Insights: Verdict Trends............................................................................178
WildFire Insights: Verdict Distribution...................................................................179
WildFire Insights: Recent Submissions.................................................................. 180
WildFire Insights: Submissions Per Source Application..................................... 181
WildFire Insights: Submission Per Destination User.......................................... 182
WildFire Insights: Malware Regions....................................................................... 183
WildFire Insights: Firewalls....................................................................................... 184
WildFire Insights: Prevention Statistics................................................................. 185
Insights: Advanced Threat Prevention...............................................................................187
What does this dashboard show you?...................................................................189
How can you use the data from dashboard?....................................................... 189
Advanced Threat Prevention: Threat Overview..................................................189
Advanced Threat Prevention: Top Rules Allowing Threats...............................190
Advanced Threat Prevention: Hosts Generating Cloud Detected C2
Traffic............................................................................................................................. 191
Advanced Threat Prevention: Hosts Targeted by Cloud-Detected
Exploits...........................................................................................................................192
Insights: Device Security..................................................................................................... 194
What does this dashboard show you?...................................................................194
How can you use the data from this dashboard?................................................195
Insights: Threat Search.......................................................................................................... 196
IP Address..................................................................................................................... 196

Strata Cloud Manager Getting Started 5 ©2025 Palo Alto Networks, Inc.
Table of Contents

Domain........................................................................................................................... 199
URL..................................................................................................................................202
File Hash........................................................................................................................205
Insights: DNS Security........................................................................................................... 209
Insights: CDSS Adoption....................................................................................................... 210
What does this dashboard show you?...................................................................210
How can you use the data from the dashboard?................................................ 210
Override Recommended Security Service.............................................................214
Insights: Compliance Summary............................................................................................217
Insights: Security Posture Insights......................................................................................221
What does this dashboard show you?...................................................................221
How can you use the data from the dashboard?................................................ 221
Security Posture Insights: Device Security Posture............................................222
Security Posture Insights: Security Posture Statistics........................................ 222
Security Posture Insights: Score Trend..................................................................223
Insights: PAN-OS CVEs......................................................................................................... 225
What does this dashboard show you?...................................................................225
How can you use the data from the dashboard?................................................ 226
Insights: On Demand BPA....................................................................................................227
What does this dashboard show you?...................................................................227
How can you use the data from the dashboard?................................................ 227
Generate On-Demand BPA Report........................................................................ 228
Insights: Feature Adoption................................................................................................... 230
What does this dashboard show you?...................................................................230
How to use this dashboard...................................................................................... 232
Identify gaps in adoption...........................................................................................232
Insights: Best Practices..........................................................................................................235
What does this dashboard show you?...................................................................235
How can you use the data from the dashboard?................................................ 237
Insights: Application Experience......................................................................................... 238
What does this dashboard show you?...................................................................238
How can you use the data from dashboard?....................................................... 238
Application Experience Insights: Mobile User Experience Card.......................238
Application Experience Insights: Remote Site Experience Card.......................239
Application Experience Insights: Experience Score Trends...............................239
Application Experience Insights: Experience Score Across the Network.......240
Application Experience Insights: Global Distribution of Application Experience
Scores............................................................................................................................. 241
Application Experience Insights: Experience Score for Top Monitored
Sites.................................................................................................................................241

Strata Cloud Manager Getting Started 6 ©2025 Palo Alto Networks, Inc.
Table of Contents

Application Experience Insights: Experience Score for Top Monitored

Apps................................................................................................................................ 242
Application Experience Insights: Application Performance Metrics................242
Application Experience Insights: Network Performance Metrics.................... 243
Insights: App Acceleration.................................................................................................... 245
Insights: NetSec Health.........................................................................................................247
What does this dashboard show you?...................................................................247
How can you use the data from dashboard?....................................................... 248
NetSec Health Insights: User Devices................................................................... 248
NetSec Health Insights: Monitored Sites.............................................................. 249
NetSec Health: Monitored Applications................................................................250
Insights: Prisma SD-WAN Applications.............................................................................252
Insights: Prisma SD-WAN Dashboard............................................................................... 253
What does this dashboard show you?...................................................................253
Prisma SD-WAN Dashboard: Device to Controller Connectivity....................253
Insights: Prisma SD-WAN Applications................................................................. 254
Prisma SD-WAN Dashboard: Top Alerts by Priority.......................................... 255
Prisma SD-WAN Dashboard: Overall Link Quality............................................. 256
Prisma SD-WAN Dashboard: Bandwidth Utilization.......................................... 257
Prisma SD-WAN Dashboard: Transaction Stats.................................................. 258
Prisma SD-WAN Dashboard: Predictive Analytics..............................................259
Insights: Branch Sites.............................................................................................................261
Insights: Data Centers........................................................................................................... 274
Data Centers (Prisma SD-WAN)..............................................................................285
Insights: ION Devices............................................................................................................ 287
Insights: Prisma Access Locations...................................................................................... 288
Top 5 Prisma Access Locations............................................................................... 288
Prisma Access Location Status................................................................................ 289
Strata Logging Service Connectivity to PA Compute Locations...................... 289
View User IP Mappings............................................................................................. 289
Prisma Access Locations and PA Compute Location..........................................290
Insights: Network Services................................................................................................... 292
GlobalProtect Authentication...................................................................................292
DNS.................................................................................................................................294
Insights: Prisma Access Usage.............................................................................................296
What does this dashboard show you?...................................................................296
How can you use the data from dashboard?....................................................... 297
Insights: Capacity Analyzer...................................................................................................298
Insights: SD-WAN Dashboard............................................................................................. 301
What does this dashboard show you?...................................................................301
How can you use the data from the dashboard?................................................ 301

Strata Cloud Manager Getting Started 7 ©2025 Palo Alto Networks, Inc.
Table of Contents

SD-WAN Dashboard: Application Health............................................................302

SD-WAN Dashboard: Top Impacted Applications............................................. 302
SD-WAN Dashboard: Impacted Applications..................................................... 307
SD-WAN Dashboard: Link Health......................................................................... 307
SD-WAN Dashboard: Top Worst Links................................................................308
SD-WAN Dashboard: Poor Links...........................................................................310
SD-WAN Dashboard: Health By Cluster and Sites............................................311
Insights: Status and Monitoring.......................................................................................... 312
View Device Details................................................................................................... 313
Insights: SASE Health............................................................................................................ 318
What does this dashboard show you?...................................................................318
How can you use the data from dashboard?....................................................... 318
SASE Health Insights: Current Mobile Users - Map View................................. 318
SASE Health Insights: Current Sites - Map View................................................ 319
SASE Health Insights: Monitored Applications.................................................... 321
Insights: Upgrade Recommendations.................................................................................323
Insights: Access Analyzer......................................................................................................326

Report Templates: Strata Cloud Manager...............................................327

Report Templates: Activity Insights - Summary.............................................................. 330
Report Templates: Advanced Threat Prevention............................................................331
Report Templates: App Usage.............................................................................................332
Report Templates: DNS Security........................................................................................ 334
Report Templates: Executive Summary............................................................................ 335
Report Templates: Network Activity................................................................................. 338
Report Templates: User Activity.........................................................................................341
Report Templates: Wildfire.................................................................................................. 343

Incidents: Strata Cloud Manager............................................................... 345

Incidents: NGFW.....................................................................................................................347
Incidents: Prisma Access....................................................................................................... 349
Get an Overview......................................................................................................... 349
See All Incidents.......................................................................................................... 349
View Priority Alerts.................................................................................................... 350
View Informational Alerts......................................................................................... 350
Notification Profiles.................................................................................................... 350
ServiceNow Audit Log............................................................................................... 350
Incident Settings.......................................................................................................... 350
Incidents and Alerts by Code...................................................................................350
Incidents: Prisma SD-WAN.................................................................................................. 351
Incidents.................................................................................................................................... 353

Strata Cloud Manager Getting Started 8 ©2025 Palo Alto Networks, Inc.
Table of Contents

Settings...........................................................................................................................357
Notification Profiles.................................................................................................... 358
Informational Alerts.................................................................................................... 359
ServiceNow Audit Log............................................................................................... 360

Log Viewer: Strata Cloud Manager...........................................................363

Configuration: Strata Cloud Manager...................................................... 365
Configuration: NGFW and Prisma Access........................................................................368
Configuration: Overview........................................................................................... 370
Configuration: Security Services..............................................................................405
Configuration: Network Policies..............................................................................406
Configuration: Identity Services.............................................................................. 407
Configuration: Objects............................................................................................... 408
Configuration: Device Settings................................................................................ 424
Configuration: Setup...................................................................................................426
Configuration: Discovery...................................................................................................... 428
Configuration: Prisma Access Browser............................................................................. 434
Feature Highlights....................................................................................................... 436
Home.............................................................................................................................. 437
Analytics.........................................................................................................................437
Directory........................................................................................................................437
Policy.............................................................................................................................. 438
Administration.............................................................................................................. 438
Configuration: SaaS Security................................................................................................439
Get Started....................................................................................................................441
Configuration: Enterprise DLP.............................................................................................443
Feature Highlights....................................................................................................... 444
Get Started....................................................................................................................445
Configuration: App Acceleration.........................................................................................447
Configuration: ZTNA Connectors....................................................................................... 448
Total Connector Groups............................................................................................ 448
Total Wildcards............................................................................................................ 449
Target............................................................................................................................. 450
Configuration: IoT Policy Recommendation.....................................................................452
Get Started....................................................................................................................452
Configuration: Operations.................................................................................................... 456
Configuration: Push Config.......................................................................................456
Configuration: Push Status....................................................................................... 461
Configuration: Config Version Snapshots............................................................. 462
Configuration: Posture...........................................................................................................468

Strata Cloud Manager Getting Started 9 ©2025 Palo Alto Networks, Inc.
Table of Contents

Configuration: Security Posture Settings.............................................................. 468

Configuration: Config Cleanup.................................................................................476
Configuration: Policy Optimizer...............................................................................481
Configuration: Policy Analyzer.................................................................................491
Configuration: Prisma SD-WAN..........................................................................................493
Feature Highlights....................................................................................................... 493

System Settings: Strata Cloud Manager.................................................. 495

System Settings: Audit Logs.................................................................................................498
System Settings: Trusted IPs............................................................................................... 499
Add Trusted IPs........................................................................................................... 500
Delete Trusted IPs...................................................................................................... 502
Unlock Access.............................................................................................................. 503
System Settings: Device Management.............................................................................. 505
See All Cloud Managed NGFWs Details............................................................... 505
Remove an NGFW from the Cloud Managed Devices...................................... 506
Restore a Local Configuration Version Snapshot on the Firewall....................507
Replace an RMA Firewall.......................................................................................... 507
System Settings: Folder Management............................................................................... 509
System Settings: Scope Management................................................................................515
System Settings: Access Experience Management.........................................................518
Access Experience Agent Management................................................................ 518
Remote Site Experience Management...................................................................519
Health Score Profiles..................................................................................................520
Audit Logs..................................................................................................................... 521
System Settings: Strata Logging Service........................................................................... 522
System Settings: Subscription Usage.................................................................................524

Favorites: Strata Cloud Manager...............................................................529

Add Favorites...........................................................................................................................530
View Favorites......................................................................................................................... 532
Edit Favorites........................................................................................................................... 533
Delete Favorites...................................................................................................................... 534

Strata Cloud Manager Getting Started 10 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager
Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Palo Alto Networks Strata Cloud Manager empowers you with AI-powered, unified management
and operations for your entire network security deployment. With Strata Cloud Manager you can
easily manage your entire Palo Alto Networks Network Security infrastructure – your NGFWs and
SASE environment – from a single, streamlined user interface. Gain comprehensive visibility into
users, branch sites, applications, and threats across all network security enforcement points; this
gives you actionable insights, better security, and easy troubleshooting and problem resolution.
Predict and Prevent Network Disruptions
Strata Cloud Manager predicts and prevents network disruptions and quickly remediates
issues, so that you and your users can continue day-to-day business and stay productive.
Strengthen Security with Real-Time Best Practices
Strata Cloud Manager identifies vital and underused security capabilities, and guides you to
enable them based on the best practices that align with your needs. Strengthen your security
posture with built-in best practices, and inline remediation features powered by AIOps.
Simple and Consistent Network Security Management and Operations
Strata Cloud Manager consolidates your security tools for improved operation and insights, so
that you can adopt a simple and consistent management experience for your entire network
security stack.

11
Introducing Strata Cloud Manager

Strata Cloud Manager Getting Started 12 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

How Strata Cloud Manager Strengthens Security

Maximize Usage of Security Capabilities
See the security features you're using, and identify gaps in adoption of security features you
could be leveraging. → Feature Adoption
See adoption rates for your security services subscriptions. → CDSS Adoption
See how your security features adhere to best practices, or where you can make improvements
to strengthen your security posture.→ Built-In Best Practices
Strengthen and Optimize Existing Configuration
Clean up and streamline your security policy based on usage data and auto-generated
recommendations.
Clean up objects that aren't referenced in policy, and rules without any traffic hits; these
objects and rules can clog up performance and complicate policy management. → Config
Clean-Up
Rules that are too broad introduce security gaps because they allow applications that aren’t
in use in your network. Policy optimizer enables you to convert these overly permissive rules
to more specific, focused rules that only allow the applications you’re actually using. → Policy
Optimizer
Real time guidance for secure configuration
Best practice guard rails provide live validation that your security policy rules are compliant
with best practices. → Live, Inline Best Practice Configuration Checks

Strata Cloud Manager Getting Started 13 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

How Strata Cloud Manager Predicts and Prevents

Network Disruptions
Comprehensive Observability
Know how your network is being kept safe by security infrastructure. → Command Center
Know the health and performance of users, branch sites, applications, and IT infrastructure. →
SASE Health dashboard
Forecast Health and Remediate Disruptions
Automatic forecasts prevent potential disruptions; when issues are detected, actionable insights
expedite resolutions.
Review machine assisted predictions of imminent outages, with recommendations for
remediation steps. → Forecasting and Anomaly Detection
Reduce time to resolution with probable cause analysis. → View Probable Causes
Plan for Evolving Security Needs
Improve stability by proactively identifying potential capacity. → Capacity Analyzer

Strata Cloud Manager Getting Started 14 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

How Strata Cloud Manager Works Everywhere

Consistently
Consistent Configuration
Apply consistent policies across all enforcement points with streamlined processes, and eliminate
the need to make individual changes for NGFWs and SASE deployments.
Set up and onboard NGFWs and Prisma Access mobile users and remote networks, and plan
software upgrades for NGFWs. → Configuration in Strata Cloud Manager
Configure a security policy that is shared across your NGFWs and Prisma Access. → Shared
management for NGFW and Prisma Access
Flexible Configuration Organization
Simplify configuration management at scale with easy folder and device management workflows.
Apply configuration settings and enforce policy globally across your entire environment, or
target settings and policy to certain parts of your organization. → Configuration Scope
Logically group your firewalls or deployment types (Prisma Access mobile users, remote
networks, or service connections) for simplified configuration management. → Folder
Management
Group configurations that you can quickly push to your firewalls or deployments. → Snippets
You have the flexibility to accommodate unique configuration values that are device or
deployment specific. → Variables
Achieve Unified Visibility into Threats
Get insights into your network traffic, subscriptions, users, applications, networks, threats,
and more. Also get comprehensive visibility across your network traffic, subscription, users,
applications, networks, threats, and more. The various dashboards provide visibility into the
health, security posture, and activity happening in your deployment that helps you to prevent
or address performance and security gaps in your network. →Insights
Get reports on the network traffic patterns, bandwidth utilization, your security subscription
data and more. Reports provide actionable insight into your network that you can use for
planning and monitoring purposes. → Reports

Strata Cloud Manager Getting Started 15 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Support

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager provides AI-powered, unified management and operations for your NGFWs
and SASE network; the Strata Cloud Manager features available to you depend on your licenses.
Here's more on the licenses support Strata Cloud Manager, and also Strata Cloud Manager
language support.

License Support
These licenses enable Strata Cloud Manager to manage NGFWs, SASE, and security services,
and also unlock Strata Cloud Manager network security features. → Here's how to validate your
licenses

Strata Cloud Manager Strata Cloud Manager Essentials provides management and
Essentials security features, and these features are available to you free
with:
• Next-Generation Firewalls (NGFW)
• Prisma Access
Strata Logging Service is available as an optional add-on for
Strata Cloud Manager Essentials.

Strata Cloud Manager Essentials and

Strata Cloud Manager Pro are available to activate
in customer support portal (CSP) accounts that don't
have: Strata Logging Service with sized storage,
AIOps for NGFW Free or Premium, or Prisma
Access.

Strata Cloud Manager Getting Started 16 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Pro Strata Cloud Manager Pro is the paid tier that includes
all the features of Strata Cloud Manager Essentials, plus
advanced features to enhance operational health, prevent
network disruptions, strengthen real-time security posture,
and Autonomous Digital Experience Management (ADEM)
for monitoring user experience performance. Strata Cloud
Manager Pro includes Strata Logging Service with one year
of log retention and unlimited storage, enabling centralized
logging and seamless data retrieval across your deployment.
You can purchase Strata Cloud Manager Pro for the following
products:
• Next-Generation Firewalls (NGFW)
• VM Series funded by Software NGFW Credits
• Prisma Access
• Cloud NGFW for AWS and Azure (funded by PAYG or the
credit pricing model)

You can register your Cloud NGFW resources

with an existing Strata Cloud Manager, which
you had previously activated based on your
Prisma Access, NGFW, or Software NGFW
credits and licenses. If you don't have a Strata
Cloud Manager, you can activate a new Strata
Cloud Manager (steps 1-8) to use with Cloud
NGFW for Azure. In either case, the integration
automatically enables Strata Cloud Manager Pro
features for Cloud NGFW. When using Strata
Cloud Manager, the centralized management
add-on consumption is metered on each
Cloud NGFW resource for each hour you have
registered with a Strata Cloud Manager and for
the amount of traffic processed by that resource.

AIOps for NGFW Premium For NGFWs with an AIOps for NGFW Premium license,
Strata Cloud Manager gives you an overall view of the health
and security of your NGFWs, and can enforce proactive checks
to close security gaps.
• NGFW (Managed by PAN-OS or Panorama) → For PAN-OS
and Panorama Managed NGFWs with an AIOps for NGFW
Premium license, use Strata Cloud Manager to oversee your
deployment health and security posture.
• NGFW (Managed by Strata Cloud Manager) →
With an AIOps for NGFW license, you can also use
Strata Cloud Manager for cloud management for NGFWs.

Strata Cloud Manager Getting Started 17 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Contact your account team to enable Cloud

Management for NGFWs using Strata Cloud
Manager.
• Strata Cloud Manager provides unified
management and operations only for NGFWs
using the AIOps for NGFW Premium license.
Continue to use the AIOps for NGFW Free app
for NGFWs onboarded to AIOps for NGFW Free.

Software NGFW Credits For VM-Series funded with Software NGFW Credits, Strata
Cloud Manager supports AIOps for NGFW Premium features,
including cloud management for NGFWs.

Prisma Access There's two ways you can manage Prisma Access: you can use
Strata Cloud Manager or Panorama. Strata Cloud Manager
provides Prisma Access visibility features, and these are
supported regardless of the management interface you're
using. This means that if you're using Panorama to manage
Prisma Access, you can still use Strata Cloud Manager for
comprehensive monitoring of Prisma Access environment.
Prisma Access (Managed by Strata Cloud Manager)

Use Strata Cloud Manager for complete onboarding,

management, and monitoring of your Prisma Access
environment.
This includes using Strata Cloud Manager to manage and
monitor the cloud-delivered security services that are included
with Prisma Access.
Strata Cloud Manager gives you comprehensive monitoring,
alerting, and visibility into your Prisma Access environment:
• AI-Powered Autonomous DEM
• Monitor Prisma Access in Strata Cloud Manager
• Strata Cloud Manager Dashboards
• Monitor: Strata Cloud Manager
• Strata Cloud Manager Reports
Prisma Access (Managed by Panorama)
If you're using Panorama to manage Prisma Access,
you must continue to use Panorama to manage your
environment. However, you can use Strata Cloud Manager
for comprehensive monitoring, alerting, and visibility into your
Prisma Access environment:
• AI-Powered Autonomous DEM
• Monitor Prisma Access in Strata Cloud Manager

Strata Cloud Manager Getting Started 18 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Strata Cloud Manager Dashboards

• Monitor: Strata Cloud Manager
• Strata Cloud Manager Reports

AI-Powered ADEM AI-Powered ADEM is a Prisma Access add-on license that

automates complex IT operations, to increase productivity and
reduce time to resolution for issues. Strata Cloud Manager
supports AI-Powered ADEM for all Prisma Access users (both
Panorama - Managed Prisma Access and Prisma Access Cloud
Management).

If you're using Panorama to manage Prisma Access,

you must continue to use Panorama to manage your
environment, and can use Strata Cloud Manager for
ADEM monitoring.

Prisma SD-WAN Use Strata Cloud Manager for Prisma SD-WAN. Prisma SD-
WAN is a cloud-delivered service that implements app-defined,
autonomous SD-WAN to help you secure and connect your
branch offices, data centers and large campus sites without
increasing cost and complexity. The AppFabric connects your
sites securely with application awareness and gives you the
freedom to use any WAN, any cloud for a thin branch (security
from the cloud) solution.

Cloud NGFW for Azure and Cloud NGFW for AWS is Palo Alto Networks machine learning
AWS (ML)-powered NGFW capabilities delivered as a fully managed
cloud-native service by Palo Alto Networks on the Amazon
Web Services (AWS) platform.
Cloud NGFW for Azure is Palo Alto Networks ML-powered
NGFW delivered as a cloud-native service within the Azure
platform.

Cloud-Delivered Security If you have either a Prisma Access or AIOps for NGFW
Services (CDSS): Premium license, you can use Strata Cloud Manager to manage
and monitor your security subscriptions. Strata Cloud Manager
• Advanced Threat
delivers the protections your security subscriptions provide
Prevention
consistently across your enterprise traffic.
• Advanced URL Filtering
The Strata Cloud Manager features available to you for security
• Advanced WildFire subscriptions do depend on your license, and can include:
• DNS Security • Strata Cloud Manager dashboards and reports for security
• Enterprise DLP subscriptions
• IoT Security • Strata Cloud Manager unified management for security
• SaaS Security subscriptions. If you're using Strata Cloud Manager to
enforce a shared security policy across NGFWs and/

Strata Cloud Manager Getting Started 19 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

or Prisma Access, you can use a single, centralized

configuration for your security subscriptions.

Language Support
The Strata Cloud Manager web interface supports localization. In addition to English, these are
the languages that Strata Cloud Manager supports:
• Chinese Simplified (zh-cn)
• Chinese Traditional (zh-tw)
• Spanish (es-es)
• Japanese (ja-jp)
• French (fr-fr)
• German (de-de)

Strata Cloud Manager Getting Started 20 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

First Look at Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Here's a first look at Strata Cloud Manager. The Strata Cloud Manager user interface provides a
comprehensive view of your network, and gives you with a unified workflow to manage NGFWs
and SASE. Move through the new simplified and consistent navigation to interact with all your
network data, get actionable insights that are surfaced for you automatically, and collectively
manage and monitor Prisma Access, your NGFWs, and your cloud-delivered security services.
Explore each menu on the left navigation bar – these paths are standard across any Palo Alto
Networks products or subscriptions you're using with Strata Cloud Manager. This makes it easy
to:
• adopt new features and subscriptions
• onboard new users, devices, sites, or locations
as they will slot right into your existing management setup.

Important
The features available to you in Strata Cloud Manager depend on your subscriptions.
You can review the Strata Cloud Manager docs to see any license requirements for
Strata Cloud Manager features.

Strata Cloud Manager Getting Started 21 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Search Bar Enhanced Navigation Search

The search bar allows you to quickly
find specific features within Insights,
Configuration, and System Settings
without having to browse through
multiple menus.

Command Your First Stop to Assess the Health,

Center Security, and Efficiency of Your
Network
The Command Center is a visualized
overview of your network and security
infrastructure. It provides you with
four different views, each with its own
tracked data, metrics, and actionable
insights to examine and interact with.

Strata Cloud Manager Getting Started 22 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Insights Visibility via Insights

You can access monitoring capabilities
through the consolidated Insights
section, which brings together security
and operational dashboards in one
location.
Insights gives a comprehensive view of
your network traffic, subscriptions, users,
applications, networks, threats, and
more across Prisma Access and NGFW
deployment. Also get an interactive
view of the applications, ION devices,
threats, users, and security subscriptions
at work in your network. The dashboards
provide visibility into the health, security
posture, and activity happening in your
deployment that helps you to prevent
or address performance and security
gaps in your network. Depending on the
subscriptions and products you're using,
you can monitor:
• NGFW Devices
• Prisma Access
• Applications
• Users
• Branch Sites
• Data Centers
• Network Services (like GlobalProtect
and DNS)
• Your Palo Alto Networks
subscriptions
• Your Prisma Access locations
• Prisma SD-WAN
• Assets

Strata Cloud Manager Getting Started 23 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Reports Gain comprehensive Visibility with

Interactive Reports
Generate, share, and schedule data-
driven insights shared through reports
with visual charting, interactive query,
and recommendations to eliminate risk.

Incidents Common Framework for Investigating

Incidents and Alerts
Strata Cloud Manager provides a unified
incidents and alerts framework. In one
place, view, investigate, and address the
alerts and incidents on your network,
and jump to your logs to examine the
associated activity.

Strata Cloud Manager Getting Started 24 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Log Viewer Centralized Log Management

View and interact with your logs stored
in Strata Logging Service. Logs are
automatically-generated, time-stamped
that provides an audit trail for the
system, configuration, and network
traffic events.

Strata Cloud Manager Getting Started 25 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Configuration Centralized Configuration

Manage a shared policy across your
network security products and
subscriptions; on day one, you can start
off with a secure configuration based
on predefined best practice policies and
settings, and inline best practice checks.
The Discovery dashboard then surfaces
critical and recommended actions
to further strengthen your security
posture and optimize configuration
management. From this centralized view,
you can set up and onboard NGFWs and
Prisma Access mobile users and remote
networks, and plan NGFW software
upgrades, all in one place.

Strata Cloud Manager Getting Started 26 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

System Onboarding and Activation Settings

Settings
These are the settings you'll find yourself
coming back to when you are adding
new users, licenses, or admins, or even
as you yourself are getting started with
Strata Cloud Manager:
• Identity & Access Management
• Audit Logs
• Tenants
• Trusted IPs
• Device Associations
• Device Management
• Folder Management
• Strata Logging Service
• Subscriptions

Strata Cloud Manager Getting Started 27 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Launch Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

The Strata Cloud Manager app is available on the Palo Alto Networks hub, and you can access it
directly at stratacloudmanager.paloaltonetworks.com.
A Prisma Access license, AIOps for NGFW Premium license, or a Prisma SD-WAN license is a
basic requirement for Strata Cloud Manager unified management and operations. If you have at
least one of these licenses, you can access Strata Cloud Manager to gain visibility into or manage
your products.
If you have more than one of these licenses, Strata Cloud Manager gives you a single interface
to interact with these products, along with additional licenses or add-on subscriptions (like your
Palo Alto Networks security subscriptions). → See the products and licenses that are supported
for Strata Cloud Manager unified management and operations
To launch or access Strata Cloud Manager:
• If you are new to Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN in October
2023 or later, here's how to Launch Strata Cloud Manager for the First Time
• If you were previously using separate, standalone apps on the hub to manage your products,
here's more on Moving to Strata Cloud Manager from a Dedicated Product App

Launch Strata Cloud Manager for the First Time

After you activate a Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN license, the
Strata Cloud Manager app will be available to you on the Palo Alto Networks hub or you can
access it directly at stratacloudmanager.paloaltonetworks.com.

Strata Cloud Manager Getting Started 28 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Launch the app and take a First Look at Strata Cloud Manager. Continue to onboard your product:
• Get started with AIOps for NGFW Premium, including Cloud Management for NGFWs
• Get started with Prisma Access
• Get started with Prisma SD-WAN

Moving to Strata Cloud Manager from a Dedicated Product App

Important
This only applies if you were previously using a standalone app to manage or interact with
your product: the Prisma Access app, the AIOps for NGFW Premium app, or the Prisma
SD-WAN app. These apps have been updated – or will be updated soon – to give you
Strata Cloud Manager unified management and operations.

What to expect when moving to Strata Cloud Manager from a dedicated product app:
Strata Cloud Manager provides unified management and operations based on license support –
here are the products that you can monitor or manage with Strata Cloud Manager.
In-product notifications will let you know in advance that an update is coming soon to give you
Strata Cloud Manager.
The update is seamless and does not impact your data, alerts, or assets.

Strata Cloud Manager Getting Started 29 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

After the update takes place, you will log into the Strata Cloud Manager app on the hub; you
will no longer use separate apps on the hub for Prisma Access, AIOps for NGFW Premium, or
Prisma SD-WAN.

Your product app automatically redirects you to stratacloudmanager.paloaltonetworks.com.

This is the Strata Cloud Manager URL.

If you were previously using more than one product app that is updating for Strata
Cloud Manager, the updated product apps will all redirect to the same Strata Cloud
Manager instance.
Strata Cloud Manager provides a navigation that's common across your Network Security
products. Take a first look at Strata Cloud Manager and explore the new navigation experience
and features.
Find your product features in the new, unified management interface:
• AIOps for NGFW: Where are my features in Strata Cloud Manager?
• Prisma SD-WAN: Where are my features in Strata Cloud Manager?
• Prisma Access Insights: Where are my features in Strata Cloud Manager?
• Prisma Access: Where are my features in Strata Cloud manager?

Strata Cloud Manager Getting Started 30 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Get Started with Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager gives you AI-powered, unified management and operations for your
NGFWs and SASE network. Here's a cheatsheet on getting started with Strata Cloud Manager for
the first time.
If you're planning to use Strata Cloud Manager to onboard and manage Prisma Access, NGFWs
(requires AIOps for NGFW Premium), or both together, this includes what you need to know to
get started with Shared Management for Prisma Access and NGFWs
(In the hub) Activate Your Licenses
After purchasing a license, you'll receive an email with an activation link. The link launches
a guided workflow in the hub; follow the activation workflow for each license you'd like to
activate:
• AIOps for NGFW Premium license
• Activate a Prisma Access license
• Prisma SD-WAN
Activating any one of these licenses enables Strata Cloud Manager. After you have activated at
least one of these licenses, continue to activate any additional licenses or add-on subscriptions.
Launch Strata Cloud Manager
After you activate a Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN license, the
Strata Cloud Manager app will be available to you on the Palo Alto Networks hub, or you can
access it directly at stratacloudmanager.paloaltonetworks.com.

Strata Cloud Manager Getting Started 31 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Validate Your Licenses

• At the bottom of the navigation menu, select your tenant details and verify the name of the
tenant you're using, and your licensed products. Here's more on tenant and subscription
management.

• Go to Configuration > NGFW and Prisma Access to check your Prisma Access license status
and details, and see what other details might be available.

It might be that you do not see much data here just yet if you've not yet onboarded
NGFWs or if your Prisma Access environment is still provisioning. If that's the case,
check back after you've completed the rest of the steps here.

Strata Cloud Manager Getting Started 32 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Monitoring and Visibility with Strata Cloud Manager

• Explore a visualized representation of your network and security infrastructure with the
Command Center.
• Monitor your Prisma Access environment, Prisma SD-WAN, and your NGFWs. Also explore
the dashboards available to you in Insights. Many dashboards also support reports that you
can schedule or share with stakeholders.
• Identify and respond to security events quickly using incidents across Prisma Access,
NGFWs, and Prisma SD-WAN.
Inline Best Practice Recommendations and Workflows
Learn more about the best practice guidance and automation that's built directly into
Strata Cloud Manager.

Strata Cloud Manager Getting Started 33 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Onboarding Settings

Strata Cloud Manager brings together common services in the System Settings menu. Go to
System Settings to manage:
• Roles and permissions – Learn more about the roles available on Strata Cloud Manager and
associated permissions.
• Device associations – Associate supported cloud applications with your devices.
• Tenant management – Create and manage your hierarchy of business organizations and
units, represented by tenants.

Shared Management for Prisma Access and NGFWs

Strata Cloud Manager provides shared config management for Prisma Access and NGFWs. You
can onboard NGFWs and Prisma Access users, remote networks, and service connections to
Strata Cloud Manager and enforce a common security policy.
Onboarding NGFWs and Prisma Access to Strata Cloud Manager
• Set up Prisma Access and onboard mobile users, remote networks, and service connections:
• Set up the Prisma Access service infrastructure
• Set up Prisma Access mobile users, including GlobalProtect and Explicit Proxy
connections
• Set up Prisma Access remote networks
• Set up Prisma Access service connections
• Onboard and set up NGFWs:
• Onboarding and Setup for NGFW Cloud Management
Organizing Your Configuration
When working in Strata Cloud Manager configuration settings, the current Manage:
Configuration Scope is always visible to you, and you can toggle your view to manage a

Strata Cloud Manager Getting Started 34 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

broader or more granular configuration. The configuration scope enables you to apply policy
globally, or provide targeted enforcement to certain NGFWs or Prisma Access deployments.

Here's more on how to get started with organizing your Strata Cloud Manager configuration:
• System Settings: Folder Management
Use folders to logically group NGFWs for simplified configuration management. The Prisma
Access folders are predefined based on deployment type.
• Configuration: Snippets
Use snippets to group configurations that you can quickly push to your NGFWs or Prisma
Access deployments.
• Configuration: Variables
Use variables your configurations to accommodate device or deployment-specific
configuration objects.
Shared Security Policy for NGFWs and Prisma Access
Strata Cloud Manager gives you unified management for Prisma Access and your NGFWs.
Your Strata Cloud Manager security policy is shared, and you can apply it globally across
Prisma Access and NGFWs, or target specific settings to Prisma Access deployments or
specific groups of firewalls.
Go to Configuration > NGFW and Prisma Access to get started.

Strata Cloud Manager Getting Started 35 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Pushing Configuration Changes to NGFWs and Prisma Access

When managing your Strata Cloud Manager configuration, select Push Config to push
configuration changes to your NGFWs and Prisma Access:

You'll be prompted to set the scope of the configuration push, based on your folders. Here's
more on how to:
• Push your configuration changes
• Review the status of a configuration push
• See how you can clean up your configuration

Strata Cloud Manager Getting Started 36 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Built-In Best Practices in Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Palo Alto Networks best practices are designed to help you get the most secure network possible
by streamlining the process of checking compliance on your network infrastructure. We’ve built
best practice checks directly in to Strata Cloud Manager, so that you can get a live evaluation of
your configuration. Tighten your security posture by aligning with best practices. You can leverage
Strata Cloud Manager to assess your Panorama, NGFW, and Panorama Managed Prisma Access
security configurations against best practices and remediate failed best practice checks.
Best practice guidance aims to help you bolster your security posture, but also to help you
manage your environment efficiently and to best enable user productivity. Continually assess
your configuration against these inline checks—and when you see an opportunity to improve your
security, take action then and there.

Visibility into Best Practice Adoption and Compliance

To get started, you can quickly assess your overall security posture by checking the following
Posture Dashboards.
See how you’re doing at a high-level and pinpoint areas where you might want to start taking
action.
• Check the Insights: Best Practices dashboard for daily best practices reports, and their mapping
to the Center for Internet Security’s Critical Security Controls (CSC) checks, to help you

Strata Cloud Manager Getting Started 37 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

identify areas where you can make changes to improve your best practices compliance. Share
the best practice report as a PDF and schedule it to be regularly delivered to your inbox.

Strata Cloud Manager Getting Started 38 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Check the Compliance Summary dashboard to view a history of changes to the security checks
made up to 12 months in the past, grouped together by the Center for Internet Security (CIS)
and National Institute of Standards and Technology (NIST) frameworks.

Strata Cloud Manager Getting Started 39 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Monitor Insights: Feature Adoption and stay abreast of which security features you’re using in
your deployment and potential gaps in coverage.

Strata Cloud Manager Getting Started 40 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Monitor Insights: CDSS Adoption - View security services or feature subscriptions and their
license usage in your devices to identify security gaps and harden the security posture of your
enterprise.

• Get visibility into the security status and trend of your deployment based on the security
postures of the onboarded NGFW devices with Insights: Security Posture Insights and be
alerted when incidents occur or your security settings may need a closer look.

Strata Cloud Manager Getting Started 41 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Generate BPA reports for (non-telemetry) PAN-OS devices running versions 9.1 and above,
now including feature adoption metrics.

Best Practice Tools to Strengthen Security Posture

Find a collection of tools to help you improve your security posture.
• Customize security posture checks for your deployment to maximize relevant
recommendations in Configuration: Security Posture Settings
• Use Config Cleanup to identify and remove unused configuration objects and policy rules.
• Configure Policy Optimizer Settings to hone and optimize overly permissive security rules so
that they only allow applications that are actually in use in your network.
• Create your own Compliance Checks – Customize existing best practice checks and create and
manage special exemptions to better align to your organization’s business requirements.
• Use Policy Analyzer to quickly ensure that updates you make to your Security policy rules meet
your requirements and don't introduce errors or misconfigurations (such as changes that result
in duplicate or conflicting rules).

Live, Inline Best Practice Configuration Checks

Best practice guidance aims to help you bolster your security posture, but also to help you
manage your environment efficiently and to best enable user productivity. Continually assess
your configuration against these inline checks—and when you see an opportunity to improve your
security, take action then and there.
• Best Practice Scores
Best practice scores are displayed on a feature dashboard (Security policy, decryption, or
URL Access Control, for example). These scores give you a quick view into your best practice
progress. At a glance, you can identify areas for further investigation or where you want to
take action to improve your security posture.
• Best Practice Field Checks
Field-level checks show you exactly where your configuration does not align with a best
practice. Best practice guidance is provided inline, so you can immediately take action.
• Best Practice Assessment
Here, you can get a comprehensive view into how your implementation of a feature aligns with
best practices. Examine failed checks to see where you can make improvements (you can also

Strata Cloud Manager Getting Started 42 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

review passed checks). Rulebase checks highlight configuration changes you can make outside
of individual rules, for example to a policy object that is used across several rules.
Best practice checks are available for the following objects:
• Your security policy rulebase
Rulebase checks look at how security policy is organized and managed, including configuration
settings that apply across many rules.
• Security rules
• Security profiles
• Anti-Spyware
• Vulnerability Protection
• WildFire and Antivirus
• URL Access Management
• DNS Security
• Authentication
• Application Tag
• Antivirus Profile
• Antivirus Wildfire Analysis Profile
• Anti Spyware Profile
• AI Access Security
• Application Override
• Decryption
• Decryption Profile
• DNS Security Profile
• DoS Protection Rule
• DoS Protection Profile
• Device Setup
• Device Setup General
• Device Setup Authentication
• Device Setup Logging Reporting
• Device Setup Management Interface
• Device Setup Minimum Password Complexity
• Authentication Profile
• File Blocking Profile
• GlobalProtect
• Global Protect Portal
• Global Protect Gateway

Strata Cloud Manager Getting Started 43 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Log Forwarding Profile

• Policy Based Forwarding Rule
• SSL/TLS Service Profile
• URL Filtering Profile
• Vulnerability Protection Profile
• Zone
• Zone Protection Profile

Looking for more on Palo Alto Networks best practices?

Here’s the best practices homepage, where you can find resources to help you transition
to and implement best practices.

Strata Cloud Manager Getting Started 44 ©2025 Palo Alto Networks, Inc.
Strata Copilot
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

December 2024
Strata Copilot is now available for you to try in Strata Cloud Manager. Keep in mind
that Strata Copilot is learning and might sometimes make mistakes. Please share your
feedback with us as you go; we’ll use it to make copilot better. You’ll also notice that we
regularly release new features and updates to improve your copilot experience.

Chat with Strata Copilot—the ultimate AI-powered assistant—to get real-time, actionable insights
on the health and security of your network:
Find, understand, and resolve threats before they turn into problems
Identify the cause of degraded network and app experience
Open support cases when you want help to fix an issue quickly
Strata Copilot harnesses your network data and activity (from across NGFWs, Prisma Access,
and cloud security services) and combines this with Palo Alto Networks best practice guidance,
to give you clear, actionable answers. Strata Copilot is built inline to Strata Cloud Manager, and
its AI-driven, natural language interface simplifies how you interact with your network. With
increasing usage, Strata Copilot learns from your interactions and preferences to improve and
refine it’s responses to you. The data and insights that Strata Copilot shares with you depends on
the products you’re using with Strata Cloud Manager, your licenses, and your role permissions. If
you aren’t able to view certain data, Strata Copilot will notify you about any required licenses or
access permissions.

45
Strata Copilot

Strata Copilot Availability

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

Strata Copilot serves as your intelligent companion for security management tasks across the Palo
Alto Networks ecosystem. Available in multiple global regions and supporting various products,
it enhances your ability to monitor, analyze, and secure your network infrastructure. This topic
outlines where Strata Copilot is available geographically, which product features it supports, and
the data sources it leverages to provide valuable insights.

Regional Access
Strata Copilot is available with Strata Cloud Manager in the following regions:

Region Countries

North America • United States

• Canada

Europe • United Kingdom

• France
• Germany
• Netherlands

Africa • South Africa

Middle East • Israel

• Qatar
• Saudi Arabia

Asia • India
• Singapore

Strata Cloud Manager Getting Started 46 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Region Countries
• Japan
• China
• Taiwan
• Indonesia

Oceania • Australia

While Strata Copilot is generally available in these regions, regional restrictions may apply
on a per-feature basis.

Availability by Product
Strata Copilot support covers the following product and feature areas in Strata Cloud Manager.
Expansion of Strata Copilot support into additional product and feature areas is ongoing.

Feature Description

Strata Cloud Strata Copilot is supported with these license types and for the
Manager Essentials following features.
and Pro

Prisma Access Monitor global network performance, analyze user connectivity

patterns, view insights on cloud and data center application usage
as well as recommendations for scaling security measures across
distributed networks.

Prisma Access Query and analyze Prisma Access Browser (PAB) event data to
Browser monitor user activity, bandwidth usage, and security risks. Gain
insights into website interactions, device distribution, peak usage
times, active users, and unauthorized data movements. Copilot
supports customizable time ranges for both current and historical data
analysis and includes predefined queries to streamline common PAB
data analysis tasks.
Additional data sets continuing to be added.

Strata Logging Expedite investigations and analysis using AI-assisted search and
Service workflows in Log Viewer. The workflows enable you to quickly explore
logs stored in the Strata Logging Service to help you investigate traffic
encryption, overall network traffic patterns, user behavior and access
control, and connectivity issues.

Autonomous DEM, View comprehensive insights across various connection types in your
including Access SASE environment and troubleshoot access issues to identify and
Analyzer resolve authentication, network, and security-related problems.

Strata Cloud Manager Getting Started 47 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Feature Description

Data Security Analyze sanctioned SaaS applications, detect potential data

compromises, identify malware risks, provide visibility into data
classification and sharing permissions, monitor user and file activities,
and offer proactive remediation suggestions for policy violations and
compliance issues in cloud environments.
Additional data sets continuing to be added.

AI-Powered ADEM View end-to-end insights for all Prisma Access mobile user traffic.
ADEM is an add-on service that you can purchase for Prisma Access.
Additional data sets continuing to be added.

AIOps for NGFW Obtain real-time insights, analyze security gaps, optimize performance,
ensure compliance, predict issues, recommend configurations, guide
incident response, and identify trends, all based on device telemetry
and best practices analysis for next-generation firewall deployments.
Additional data sets continuing to be added.

IoT Security Manage your IoT devices, monitor their security alerts, assess device
vulnerabilities, and gain insights into your IoT network's overall health
and risk posture.

Prisma SD-WAN Efficiently monitor application performance, troubleshoot incidents,

analyze carrier health, track user behaviors, and assess branch site
status to streamline SD-WAN management and optimization tasks.
Additional data sets continuing to be added.

Data and Content Sources

Strata Copilot references these data and content sources, so that its responses to you are both
authoritative and specific to your deployment:
• Your specific network data and activity, across all the products you’re using with
Strata Cloud Manager (your NGFWs, Prisma Access deployment, and cloud security services).
Strata Copilot uses this data to accelerate insights into your own network health and security.
• Palo Alto Networks threat intelligence and CVE protection data, including comprehensive
vulnerability coverage information with threat IDs, descriptions, categories, compatible PAN-
OS versions, release dates, and current status. This enables quick verification of protection
against specific vulnerabilities.
• Palo Alto Networks authoritative technical resources: topics from across the knowledge
base, live community, and public technical documentation, including Palo Alto Networks best
practice guidance. Strata Copilot uses this data to provide quick and summarized answers from
across all Palo Alto Networks knowledge resources.

Strata Cloud Manager Getting Started 48 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Where Strata Copilot Processes Data:

The ephemeral data processing functionality of Strata Copilot is provided by a large
language model in the United States. Data is processed in memory by the large language
model vendor for no longer than necessary, in order to service the specific request in real-
time, and the data is not retained.
Please review the Strata Copilot Supplemental End User License Agreement.

Strata Cloud Manager Getting Started 49 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Get Started with Strata Copilot

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

Strata Copilot is an innovative AI-powered assistant that revolutionizes your experience with
Strata Cloud Manager. This powerful tool offers intuitive interactions, real-time data analysis,
and intelligent responses to help you navigate and optimize your cloud environment with
unprecedented efficiency.
Getting started with Strata Copilot is simple and intuitive. Access the assistant directly from the
Strata Cloud Manager interface and start querying your infrastructure using natural language.
Strata Copilot also supports a comprehensive prompt library with proven query patterns for
various scenarios, including resource utilization analysis and compliance verification.
Strata Copilot responds with various output formats including detailed text explanations, visual
representations of resource relationships, performance dashboards, and executable automation
scripts. From generating summary articles and visualizations to offering AI-assisted workflows,
Strata Copilot adapts to your needs, making cloud infrastructure management more accessible
and effective.
As you interact with Strata Copilot, the underlying machine learning models continuously refine
response accuracy based on your specific environment and usage patterns, making the assistant
increasingly valuable for both routine operations and complex infrastructure management tasks.

Launch Strata Copilot

Log in to Strata Cloud Manager and locate the Strata Copilot icon ( ) on any page.
The first time you launch Strata Copilot, you will be prompted to review and agree to the
Supplemental End User License Agreement.

Strata Cloud Manager Getting Started 50 ©2025 Palo Alto Networks, Inc.
Strata Copilot

To accept the Supplemental End User License Agreement, you must be assigned one of the
following roles:
• Superuser
• Network Administrator
• Security Administrator
• Multitenant Superuser

First Look
To interact with Strata Copilot, you can Search keywords or start a query. Learn how to best
prompt Strata Copilot to quickly get to the information you need.
You can also:
• Start a Conversation by choosing a suggested prompt. These prompts highlight commonly-
asked questions or topics based on your context and location in Strata Cloud Manager. Over
time, these curated prompts are responsive to your viewing history and preferences, too.
• Engage in a dialogue with Strata Copilot, allowing for multi-turn conversations where you can
iterate or ask follow-up questions to refine your results.
• Open a Technical Reference; these references are context-sensitive; Strata Copilot
surfaces the most relevant technical documentation topics based on where you're in
Strata Cloud Manager.

Response Types
Strata Copilot responses can take different forms depending on your prompt and the information
you seek.
Remember to double-check that all Strata Copilot responses are complete and accurate; Strata
Copilot is learning, and can sometimes make mistakes. If the first response Strata Copilot gives
you isn't right, consider if you can provide more context or detail in your prompt. See if this helps
Strata Copilot to refine it's response.
• Summary articles—Strata Copilot aggregates and summarizes knowledge from all Palo
Alto Networks resources, including technical documentation, knowledge base articles, and
community content, to provide concise, comprehensive answers. Each response includes

Strata Cloud Manager Getting Started 51 ©2025 Palo Alto Networks, Inc.
Strata Copilot

numbered citations to the primary sources used, allowing you to access the original content for
further review.

Strata Cloud Manager Getting Started 52 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• Real-time data—Strata Copilot provides answers to questions on your deployment and

network activity.

Strata Cloud Manager Getting Started 53 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 54 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• Visualizations—Strata Copilot presents some answers as dynamic and intuitive visualizations.

You can interact with Strata Copilot’s visualizations: toggle between different chart types,

Strata Cloud Manager Getting Started 55 ©2025 Palo Alto Networks, Inc.
Strata Copilot

narrow or expand the data that the charts display, and download chart images. You can specify
preferred visualization types directly in your prompts and follow-up questions.

Strata Cloud Manager Getting Started 56 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 57 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 58 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• AI-assisted workflows—Strata Copilot provides the ability to act on information that you
supply in Log Viewer search queries, enhancing its functionality beyond information retrieval.
You can prompt Strata Copilot to perform specific actions based on the context. Examples

Strata Cloud Manager Getting Started 59 ©2025 Palo Alto Networks, Inc.
Strata Copilot

of actions include searching for IOCs, searching the configuration, navigating to an area in
Strata Cloud Manager, marking apps as sanctioned, and quarantining devices.

Device quarantine is accessible across key areas of the platform, including from the Strata
Cloud Manager Summary, Prisma Access Configuration Overview, and Devices management

Strata Cloud Manager Getting Started 60 ©2025 Palo Alto Networks, Inc.
Strata Copilot

pages. You can initiate device quarantine by providing either the host ID alone or both the host
ID and device serial number.

Strata Cloud Manager Getting Started 61 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Copilot Prompts

Refer to the tips and examples below to get the most from Strata Copilot.

Tips for Improving Prompts

To maximize your experience with Strata Copilot and get the most accurate and helpful
responses, consider the following tips:
• Start with a clear and descriptive prompt.
When initiating a conversation with Strata Copilot, ensure your prompts are descriptive and
provide sufficient context. This helps the system to understand your query better and respond
more accurately.
• Use natural language phrasing. Phrase your questions as you would when speaking to a human
analyst. This conversational approach often yields better results than overly technical or
abbreviated queries.
• Use action words to structure your prompts. Begin your queries with clear action verbs like
"Show me," "Compare," "List," "Highlight," or "Analyze" to clearly communicate what you want
Strata Copilot to do.
• Use precise product terms.
Refer to features by their exact names (for example "Prisma Access", "Log Viewer," "Prisma SD-
WAN") rather than generic words like "logs", "dashboard", "branch", or "events".
• Include context and scope.
Add time frames or filters in your prompt (for example "Display a table of top 10 denied
applications in the last 24 hours, sorted by deny count," not just "Show denies.").
• Specify the output format.
Ask for tables, charts, or summaries (for example "List top 5 sources as a bar chart," or "Give
me a bullet-point summary of high-risk alerts.").
• Start broad, then refine with follow-ups. Begin with general insights before diving into
specifics. For example, first ask "Show me security alerts from the past week" before asking
"Which devices had the most critical alerts yesterday?"
• Chain your questions.
Break complex requests into steps (for example "First, find all devices with failed logins. Then,
summarize by location.").
• Use "versus" or "and" for comparisons.
Compare two entities clearly (for example "VPN usage vs. firewall usage last week," or "Admins
and standard users by number of sessions.").
• Add "exclude" or "filter" clauses.
Tell Strata Copilot what to leave out (for example "Show me all high-severity alerts excluding
scheduled maintenance windows.").

Strata Cloud Manager Getting Started 62 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• Check for query explanations.

If you get a result, make sure to read the "How is this response generated" section below the
response to ensure that Strata Copilot has interpreted your query accurately.
• Rephrase ambiguous prompts.
If Strata Copilot seems confused, try swapping synonyms (for example "failed connections" vs.
"connection errors").
• Refine your questions for better answers.
If Strata Copilot's response does not meet your expectations, refine your prompts by
rephrasing your questions. Strata Copilot adapts and learns from each interaction, improving its
ability to deliver precisely what you need over time.
• Engage regularly for better performance.
The more you interact with Strata Copilot, the more proficient it becomes in understanding and
meeting your specific needs. Regular use is crucial for optimizing its capabilities.
Most importantly, try rephrasing the question when we don't get it right the first time. We are still
learning and your feedback helps us go a long way!
For prompt inspiration, explore our example prompt library. This curated collection offers
effective query patterns tailored to each functional area in Strata Copilot, helping you unlock its
full potential.

Prompt Examples
Looking for inspiration to get the most out of your Strata Copilot experience? Browse through
these example prompts organized by feature area. While not exhaustive, these examples
represent commonly useful queries to help you quickly leverage Strata Copilot's capabilities.
Activity Insights | NGFW Alerts | Prisma Access Browser | Prisma Access SD-WAN | Data Security
| IoT Security | Visualization & Reporting

Activity Insights

Category Prompt

Performance • What are the top applications with poor TLS versions affecting
Monitoring performance?
• How does application performance vary during peak hours?
• What is the impact of TLS 1.3 on our network latency and
throughput?
• Are there recurring performance issues with specific applications?
• Can we identify any correlation between device types and
application performance issues?

User Experience • What are the average user experience scores across different
Assessment network conditions?
• How does device type affect user experience scores?

Strata Cloud Manager Getting Started 63 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Prompt
• What network conditions lead to the worst user experiences?
• Are there specific locations facing frequent user experience issues?
• How do changes in bandwidth allocation affect user experience?

Network Integrity • What is the current uptime for all our Prisma Access locations?
and Status
• Are there any locations experiencing higher than usual incident
rates?
• How does bandwidth usage correlate with incident occurrences?
• What are the common categories of incidents across our network?
• Which locations have the most stable network conditions?

Network • What are the current IP pool allocations and usage rates?
Configuration and
• How are public IPs being utilized across different locations?
Resource Allocation
• Are there any over-allocated or under-utilized resources?
• How frequently are access permissions reviewed for compliance?
• What changes in network configuration have occurred in the last
quarter?

Trend Analysis • What are the recent trends in mobile user network activity?
• How has application traffic changed over the past year?
• Are there emerging security threats based on recent incident
trends?
• What applications are most used during different times of the day?
• Which network segments are experiencing growth in data usage?

Service Stability and • How stable are the connections for our branch sites over the last
Performance month?
• What are the average downtime instances per branch site?
• Which service areas have shown improvement in performance after
upgrades?
• Are there specific times when service stability issues peak?
• What measures have effectively improved service performance?

Threat Response • Tag {application_name} as {tag_type}

• Quarantine a NGFW device with {fw_device_id}, {host_id} and
{device_serial}
• Quarantine a NGFW device with {fw_device_id} and {host_id}
• Quarantine a Prisma Access device with {host_id} and
{device_serial}

Strata Cloud Manager Getting Started 64 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Prompt
• Quarantine a Prisma Access device with {host_id}

NGFW Alerts

Category Questions

Policy Modification • Modify policy in location {location} to {action} access under

conditions: source zone {source_zone}, source address
{source_address}, source user {user}, source device {source_device},
destination zone {destination_zone}, destination address
{destination_address}, destination device {destination_device},
application {application_name}, service {service}, and URL category
{url_category}.
• Modify policy in location {location} to {action} user {user} access to
app {application_name}.

Alert Management • What is the average time it takes to resolve NGFW alerts of priority
and Analysis {alert_priority} in past {duration_value} days?
• What are the top {num_count} oldest NGFW alerts?
• What are the top {num_count} frequently seen NGFW alerts of
category {alert_category} in my deployment?
• What {alert_state} NGFW alerts in past {duration_value} days have
generated PANW support case?
• How many times in past {duration_value} days did NGFW alerts
with priority of {alert_priority} occur in my deployment?

Operational • Show me the output of metric {metric_value} for serial

Commands and {device_serial} for last {duration_value} days.
Monitoring
• Show me the output of command {command_value} for serial
{device_serial} for last {duration_value} days.

Prisma Access Browser

Category Questions

User Activity and • Which users have been most active in the last {duration_value}
Behavior {duration_unit}
• Display the distribution of active devices in last {duration_value}
days
• Display the peak usage hours of Prisma Access Browser across all
users in the last {duration_value} {duration_unit}

Strata Cloud Manager Getting Started 65 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• How many Prisma Access Browser users have there been in the last
{duration_value} days?

File Management and • List all activities involving compressed file extensions in the last
Interactions {duration_value} {duration_unit}
• What are the most common file types uploaded across the
organization, in the last {duration_value} {duration_unit}?
• What are the most common file types downloaded across the
organization, in the last {duration_value} {duration_unit}?
• List all activities involving file uploads to cloud storage services in
the last {duration_value} {duration_unit}
• List all file downloads heavier than {num_count} MB by user and
timestamp, in the last {duration_value} {duration_unit}

Web Interaction • List top {num_count} non-app URLs that are visited the most in the
Analytics last {duration_value} {duration_unit}
• What are the top {num_count} most interacted websites across all
users in the {duration_value} {duration_unit}
• What are the top {num_count} most interacted websites at non-
business hours in the last {duration_value} {duration_unit}

Prisma Access SD-WAN

Category Questions

Application Usage • What are new applications on the network seen in the past
and Performance {duration_value} {duration_unit} that were not seen in the prior?
• What are the top {num_count} collaboration apps in the past
{duration_value} {duration_unit}?
• What top {num_count} apps have the lowest health score in the
past {duration_value} {duration_unit}?
• Which applications have had the most failed connection attempts in
the past {duration_value} {duration_unit}?
• What are the top applications with packet loss in the past
{duration_value} {duration_unit}?
• Which applications have the highest data transfer rates?

Network Incidents • Show me incident with state as {incident_state}, priority as

and Security {incident_priority} and severity as {incident_severity} in the past
{duration_value} {duration_unit} at {branch_site_name}.
• Summarize the incidents that were reported in the past
{duration_value} {duration_unit} at {branch_site_name}.

Strata Cloud Manager Getting Started 66 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• How many HA failover events have occurred in the past
{duration_value} {duration_unit}?
• Show me critical process restarts in the past {duration_value}
{duration_unit}.
• List the top sites with incidents of category {incident_category}.

Site and Network • Which sites have been down repeatedly in the last {duration_value}
Management {duration_unit}?
• Analyze the trend of sites that have been down in the last
{duration_value} {duration_unit}.
• Which site is consuming the most bandwidth over the past
{duration_value} {duration_unit}?
• Show me the list of sites with {carrier} network down in the past
{duration_value} {duration_unit}.
• List the sites that have went down in the last {duration_value}
{duration_unit}.

User Behavior and • Which users have shown the most traffic volume growth in the past
Traffic Analysis {duration_value} {duration_unit}?
• How many unique users are using my network over the past
{duration_value} {duration_unit}?
• Show me a breakdown of users per site, sorted by most users to
least user count over the past {duration_value} {duration_unit}.
• For username {user} what are the top {num_count} applications in
the past {duration_value} {duration_unit}.

Network Carriers and • What is the traffic distribution per carrier across my network in the
IP Management past {duration_value} {duration_unit}?
• How many unique Source IPs are in my network over the past
{duration_value} {duration_unit}?
• Who are the top {num_count} source IPs by traffic volume in my
network over the past {duration_value} {duration_unit}?
• What Source IP addresses have shown the most traffic volume
growth in the past {duration_value} {duration_unit}?

Data Security

Category Questions

Incident Detection • How many new saas incidents have been detected in the last
and Analysis {duration_value} {duration_unit}?

Strata Cloud Manager Getting Started 67 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• What are the top applications we detected saas incidents on in the
last {duration_value} {duration_unit}?
• How many new inline incidents have been detected in the last
{duration_value} {duration_unit}?
• What are the top applications we detected inline incidents on in the
last {duration_value} {duration_unit}?

Incident • Who are the top assignees for all open saas incidents?
Management
• Who are the top assignees for all open inline incidents?

Application and Asset • What are the top high risk applications used in my organization?
Risk Assessment
• What are the top unsanctioned applications used in my
organization?
• What are the top tolerated applications used in my organization?
• What is the data risk for {application_name}?
• What are the top applications with highest impacted users in the
past {duration} hours?

Asset Exposure and • What are the top sensitive assets with {exposure} exposure?
Ownership
• Who are the top users who own assets with {exposure} exposure?
• Who are the users who own assets which have {data_profile} data?
• Who are the high data risk users owning sensitive assets in my
organization?
• What are the high risk sensitive assets owned by {user}?

IoT Security

Category Questions

Device and Network • What are the top category of devices in my network by number of
Inventory devices?
• What are the most common vendors of type {device_type} devices
in my network?
• Where are my category {device_category} devices?
• Where are my type {device_type} devices?
• What are my top device vendors by number of devices?

Security Posture and • Are there devices with weak security posture in my network?
Risk Analysis
• What device categories have a higher number of risky devices?
• Which devices are affected by vulnerabilities exploited in the wild?

Strata Cloud Manager Getting Started 68 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• What are the riskiest vulnerabilities that can be exploited remotely?
• Where are my riskiest devices?

Network • Which subnets have mixed business critical IoT devices with IT
Segmentation and devices?
Critical Assets
• Which subnets have a higher number of risky devices?
• Which subnets have devices of type {device_type}?
• Which subnets have devices of category {device_category}?
• What are my risky subnets?

Vulnerability and • Show me top risky devices affected by {vulnerability_priority}

Attack Vector priority vulnerabilities.
Analysis
• Show me top risky devices affected by {vulnerability_severity}
severity vulnerabilities.
• Show me risky and confirmed vulnerabilities affecting devices of
type {device_type}.
• Show me devices that are affected by {CVE}.
• Show me risky and confirmed vulnerabilities affecting devices of
vendor {device_vendor}.

Connectivity and • Show me devices connected to {destination_country}.

External Exposure
• Show me devices connected to malicious destinations.
• Which profiles have business critical IoT devices connected to the
internet?
• Which profiles have business critical IoT devices connected to
malicious destinations?
• Are there Windows devices running end of support OS?

Device Utilization • How many category {device_category} devices have been offline for
and Downtime more than {duration_value} {duration_unit}?
• How many type {device_type} devices have been offline for more
than {duration_value} {duration_unit}?

Specific Device • Tell me about device with IP {device_ip}.

Queries
• Which devices have used {application_name} application in the last
{duration_value} {duration_unit}?

Alert Management • What are the new security alerts I should pay attention to?

Strata Cloud Manager Getting Started 69 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Visualization & Reporting

Category Questions

Threat Identification • What are the top critical threats in my network?

and Analysis
• Show me the critical severity {threat_category} found on my
network in the last {duration_value} {duration_unit}?
• How many times was the {threat_name} threat seen in the past
{duration_value} {duration_unit}?
• Show me the frequency of the {threat_name} threat seen in the past
{duration_value} {duration_unit}?
• Show me the top threats by session.
• Show me the top threat subcategories by session.
• Show me the top 5 users along with their threat ID, source IP, and
destination IP for threat category C2.

Threat Trends and • Show the trend of detected threats in the last {duration_value}
Distribution {duration_unit}?
• What is the threat category distribution in the past {duration_value}
{duration_unit}?
• Show me the breakdown of threat activity by allowed vs blocked
actions

URL Monitoring and • What is the risk level breakdown of URL activity?
Security
• What are the top risky URLs in my network?
• Show me the most common blocked URLs by risk category.
• Show me the total URLs accessed between {start_time} and
{end_time}?

Policy and Guidelines • List the policies for the URL {uri}
for URLs
• Outline the rules pertaining to the website {uri}

Strata Cloud Manager Getting Started 70 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Get Help with Strata Copilot

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

Strata Copilot is your versatile AI assistant designed to enhance your experience with Strata
Cloud Manager. To ensure the best product experience possible, we continuously improve Strata
Copilot's functionality and responses based on your valuable feedback. You can leverage Strata
Copilot to troubleshoot Strata Cloud Manager issues, open support cases, and gain insights. By
mastering Strata Copilot's capabilities, you'll optimize your workflow, quickly address challenges,
and maximize the potential of your Strata Cloud Manager environment.

Share Feedback About a Response

For any Strata Copilot response, you can give a thumbs up to indicate that the response was
helpful, or give a thumbs down to let us know that the response wasn't what you were expecting.
Leaving detailed feedback on Strata Copilot responses, including what worked well and what
didn’t, helps us to make Strata Copilot better.

Get Remediation Guidance or Open a Support Case

When facing a technical issue, you can use Strata Copilot to efficiently open a support case or get
remediation guidance. There are two ways to initiate this process:

Strata Cloud Manager Getting Started 71 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• In a Strata Copilot chat, type Open a Case.

• Click the Create a support ticket button at the bottom of the Copilot interface.

After you begin the process of opening a support ticket, Strata Copilot guides you through an
intelligent case creation process. It begins by collecting all necessary information upfront, ensuring
that no crucial details are missed. Strata Copilot ensures comprehensive information gathering
through mandatory data fields for each case type, while still maintaining flexibility for critical
severity cases. As you provide information, the system conducts an automated analysis using
category-specific playbooks, including a dedicated playbook for commit issues.

Strata Cloud Manager Getting Started 72 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Throughout this process, you'll receive real-time updates, keeping you informed of the playbook's
progress. If you need to step away, Strata Copilot preserves your case creation state for one hour,
allowing you to resume if interrupted.
As Strata Copilot processes your input, it also leverages your case details to provide relevant
technical content resources. These resources are designed to help you quickly address issues on
your own, potentially resolving your problem without the need to wait for a case agent. If you find
that you still need support after reviewing the provided resources, you can easily proceed with
submitting the case, now enriched with all the necessary information for swift resolution.
This workflow provides you with a streamlined and effective support experience.

Strata Cloud Manager Getting Started 73 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 74 ©2025 Palo Alto Networks, Inc.
AI Canvas
Where Can I Use This? What Do I Need?

• Strata Cloud Manager Strata Cloud Manager Pro license

Prisma Access license
Acceptance of the Strata Copilot SEULA
for the tenant

AI Canvas is a no-code data exploration tool that revolutionizes how you interact with your
security data. Through its flexible, intuitive interface, you can seamlessly explore and visualize
your data without the constraints of traditional dashboards.

75
AI Canvas

Strata Cloud Manager Getting Started 76 ©2025 Palo Alto Networks, Inc.
AI Canvas

While conventional approaches require navigating multiple screens and applying complex
filters, AI Canvas empowers you to ask questions in natural language and receive immediate
insights. This transformative approach delivers four key advantages: speed—obtaining instant
insights without waiting for new reports; simplicity—using plain English instead of complex query
languages; flexibility—creating and arranging widgets to suit your specific needs; and collaboration
—saving and sharing canvases with colleagues.
Security remains paramount with AI Canvas, as it fully honors role-based access control (RBAC).
This ensures users can only access, create, view, and share data they're authorized to see. While
widgets and canvases are personal by default, they can be easily shared with other Strata Cloud
Manager users when needed.
When troubleshooting, AI Canvas eliminates the fragmented experience of gathering information
from multiple sources. You can build focused canvases that consolidate all relevant data into a
single view. AI Canvas further enhances user confidence through transparent error messages and
clear explanations of generated queries, making complex data exploration accessible to everyone.

Strata Cloud Manager Getting Started 77 ©2025 Palo Alto Networks, Inc.
AI Canvas

Core Components
At its core, AI Canvas consists of widgets and canvases:
• Widgets—Individual data visualizations created through natural language queries or Strata
Copilot. These widgets can display various types of charts, tables, and other visualizations
based on your security data. The widget library serves as a repository for all created widgets,
allowing for easy reuse and management.
• Canvases—Customizable workspaces where administrators can assemble multiple widgets
using drag-and-drop functionality. A canvas provides a comprehensive view of related security
data, eliminating the need to switch between different dashboards.

Strata Cloud Manager Getting Started 78 ©2025 Palo Alto Networks, Inc.
AI Canvas

Data Sources
AI Canvas supports the following data sources:
• Autonomous DEM
• Cloud-Delivered Security Services (CDSS) for Advanced Threat Prevention, Advanced WildFire,
and Advanced URL Filtering
• Prisma Access logs and metrics
• Prisma Access Browser
• Log Viewer data

Strata Cloud Manager Getting Started 79 ©2025 Palo Alto Networks, Inc.
AI Canvas

Create an AI Canvas
Where Can I Use This? What Do I Need?

• Strata Cloud Manager Strata Cloud Manager Pro license

Prisma Access license
Acceptance of the Strata Copilot SEULA
for the tenant

You can create an AI Canvas using one of two approaches:

• Create from scratch—Start with a blank canvas and manually add individual widgets from the
Widget Library.
• Generate from a query—Use Strata Copilot to automatically build a canvas by describing what
you want to see in natural language.
Both methods allow you to customize your canvas after creation by adding, removing, or
rearranging widgets.

Strata Cloud Manager Getting Started 80 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 1 | Select Strata Canvas > AI Canvas from Strata Cloud Manager menu.

Strata Cloud Manager Getting Started 81 ©2025 Palo Alto Networks, Inc.
AI Canvas

Strata Cloud Manager Getting Started 82 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 2 | Choose how you want to create your canvas:

• Generate a canvas from a query: Enter a descriptive query in the text field and click the
arrow or press Enter key.
Example queries:
• Show me threats in my network that have occurred in the last 6
hours.
• Show me user activity in my network.
• Create from scratch: Select Create Canvas.

STEP 3 | Enter a descriptive name for your canvas.

Strata Cloud Manager Getting Started 83 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 4 | Customize your canvas by adding or modifying widgets:

• If you created from scratch: Find widgets in the Widget Library and drag and drop them
onto your canvas.
• If you generated from a query: Review the automatically generated widgets and make
changes as needed.
For all canvases, you can:
• Rearrange widgets

• Resize widgets

• Expand widgets to view the chart in more detail

• Remove widgets from the canvas

Strata Cloud Manager Getting Started 84 ©2025 Palo Alto Networks, Inc.
AI Canvas

Strata Cloud Manager Getting Started 85 ©2025 Palo Alto Networks, Inc.
AI Canvas

For more information, see Manage Widgets.

STEP 5 | Click the palette icon at the top right to adjust the color story for your AI Canvas.
Four seasonal color palettes are available.

STEP 6 | Save your canvas when finished.

Strata Cloud Manager Getting Started 86 ©2025 Palo Alto Networks, Inc.
AI Canvas

Manage Widgets
Where Can I Use This? What Do I Need?

• Strata Cloud Manager Strata Cloud Manager Pro license

Prisma Access license
Acceptance of the Strata Copilot SEULA
for the tenant

AI Canvas allows you to create and manage widgets that visualize your data. From AI Canvas, you
can create new widgets and access your widget library for customization and organization.

Create a Widget from a Query

Create widgets quickly by using natural language queries to specify the data you want to visualize.

Strata Cloud Manager Getting Started 87 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 1 | Enter a query in natural language for the data you want to visualize, choose the data source,
and then click the arrow to run the query.

For tips on crafting effective natural language queries, see AI Canvas Best Practices.

Strata Cloud Manager Getting Started 88 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 2 | Use the chart icons at the top left of the chart to switch between your preferred visualization
chart type.

The options that are available vary by the type of data. Examples include bar chart (stacked
and grouped), table, multi-line graph, map, donut and more.

STEP 3 | If you are satisfied with the visualization, Add to Widget Library.

STEP 4 | Proceed to add the widget to a canvas.

View, Edit, and Export Widgets

Strata Cloud Manager Getting Started 89 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 1 | From AI Canvas, select the Widget Library.

Strata Cloud Manager Getting Started 90 ©2025 Palo Alto Networks, Inc.
AI Canvas

Strata Cloud Manager Getting Started 91 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 2 | To view a widget in more detail and refresh the display, select the widget.

Strata Cloud Manager Getting Started 92 ©2025 Palo Alto Networks, Inc.
AI Canvas

Strata Cloud Manager Getting Started 93 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 3 | Use additional controls on the top right of the chart to zoom in or out on specific data.

Strata Cloud Manager Getting Started 94 ©2025 Palo Alto Networks, Inc.
AI Canvas

Strata Cloud Manager Getting Started 95 ©2025 Palo Alto Networks, Inc.
AI Canvas

The chart will refresh to show data in your narrower or expanded view.

STEP 4 | If you suspect the data may have changed recently, you can also Regenerate the widget.

STEP 5 | Export the chart, if desired.

You can either export the raw data to table form, or you can export the current visualization as
a PNG file.

STEP 6 | When you are satisfied, Close the widget view.

STEP 7 | If you haven't already, proceed to create an AI Canvas and add the new widget.

Delete an Unused Widget

You can delete a widget that isn't currently in use on an AI Canvas.
STEP 1 | From AI Canvas, select the Widget Library.

STEP 2 | From the more actions menu ( ) for a widget select Delete.

If the Delete option is grayed out, it means the widget is currently in use. You must
first remove the widget from all canvases before you can delete it.

Strata Cloud Manager Getting Started 96 ©2025 Palo Alto Networks, Inc.
AI Canvas

AI Canvas Best Practices

To get the most out of AI Canvas, follow these best practices for creating effective natural
language queries and exploring your security data.

Best Practices for Prompting

Effective prompting is key to getting accurate and useful results from AI Canvas. Follow these
guidelines to craft better queries:
• Begin with broad metrics.
Start your analysis with high-level overviews to understand the scope:
• Show me the total number of threats in the last 24 hours.
• Summarize our overall security posture this week.
• Segment by categories.
Break down information into logical segments:
• Break down threats by category and severity.
• Show distribution of traffic by application type.
• Identify key contributors.
Find the most significant entities:
• Who are the top 10 affected users this week?
• Which apps generated the most incidents?
• Analyze trends over time.
Look for patterns across different time periods:
• Compare incident volume this week vs. last week.
• Trend of traffic volume by application over the past 30 days.
• Explore correlations.
Investigate relationships between different factors:
• Show top users by threat category and source IP.
• What are the most used high-risk applications by location?
• Apply targeted filters.
Narrow focus to specific areas of interest:
• Show me threats from San Jose with severity high.
• Display only critical alerts affecting production servers.

Strata Cloud Manager Getting Started 97 ©2025 Palo Alto Networks, Inc.
AI Canvas

• Detect anomalies.
Look for unusual patterns or outliers:
• What unusual traffic patterns were observed today?
• Identify any spike in failed login attempts this week.

Prompt Samples
Use these sample prompts as starting points for your own queries:

Threat Analysis
• Show me the top 5 threat categories, subcategories, and severities in
the last 24 hours
• Show me top affected users by those top 5 threats
• Show me the top affected users and threat count in the last 24 hours
• Show me the top 5 users along with their threat ID, source IP, and
destination IP for threat category C2
• Show me the top threats by session
• Show me the top threat subcategories by session
• Show me the number of threats per PA location

Application Analysis
• Show me the top 10 risky applications that are accessed by top
affected users
• Top 10 applications with highest impacted users in the past 3 hours
• Show me top applications in the last 30 days
• Which users are using the highest-risk applications
• What are the most used applications
• Which users were denied application access in the last 7 days

User Analysis
• How many users are using GlobalProtect version 6.3.3 and what are
their names?
• How many users have been seen in the last week running GlobalProtect
version 6.3.3?
• How many Prisma Access users in the last 30 days
• Show me top 10 users with high bandwidth

Location and Infrastructure

• Show me top 10 incidents in PA locations
• Show me top users impacted by top incidents

Strata Cloud Manager Getting Started 98 ©2025 Palo Alto Networks, Inc.
AI Canvas

• What are the top 10 Prisma Access locations seeing high traffic
volume?
• What is the current status of each PA location
• Provide a list of all Prisma Access locations with the respective
number of egress IPs for MU, EP, and RNs
• Give me the list of all migrated Remote Networks
• Provide me the count of Remote Networks which are down
• Show me the tunnels which are in UP status
For additional Strata Copilot prompt examples across, see Strata Copilot Prompts.

Data Exploration Tasks

Follow these systematic approaches to explore your security data effectively:
• Identify Key Metrics
Start by asking for high-level summaries to understand the overall state of your environment.
Example: Show me the total number of threats in the last 24 hours.
• Drill Down Into Categories
Narrow the focus by exploring subcategories or specific types of data.
Example: Break down threats by category and severity.
• Spot Top Entities
Identify the most significant users, applications, locations, or assets in your environment.
Examples:
• Who are the top 10 affected users this week?
• Which apps generated the most incidents?
• Compare Over Time
Use time-based comparisons to identify trends and changes in your security posture.
Examples:
• Compare incident volume this week vs. last week.
• Trend of traffic volume by application over the past 30 days.
• Correlate Data Across Dimensions
Explore relationships between different entities to uncover hidden patterns.
Examples:
• Show top users by threat category and source IP.
• What are the most used high-risk applications by location?

Strata Cloud Manager Getting Started 99 ©2025 Palo Alto Networks, Inc.
AI Canvas

• Filter by Attributes
Add specific filters to focus on the most relevant data for your investigation.
Example: Show me threats from San Jose with severity high.
• Look for Anomalies or Spikes
Ask for outliers or unusual changes that might indicate security issues.
Example: What unusual traffic patterns were observed today?

Strata Cloud Manager Getting Started 100 ©2025 Palo Alto Networks, Inc.
AI Canvas

Manage an Existing Canvas

Where Can I Use This? What Do I Need?

• Strata Cloud Manager Strata Cloud Manager Pro license

Prisma Access license
Acceptance of the Strata Copilot SEULA
for the tenant

Export a Canvas
If you want to export a canvas, you can save it as a professionally formatted PDF.
STEP 1 | From AI Canvas, open the canvas you want to export.

STEP 2 | Click Generate Report and then Download.

STEP 3 | Save as PDF or print the canvas as desired.

Share a Canvas
You can generate a shareable link that other administrators can use to quickly view a snapshot of
a canvas. AI Canvas preserves the view of the data in the canvas at the time it was shared.
STEP 1 | From AI Canvas, open the canvas you want to export.

STEP 2 | Click Generate Report and then Share.

STEP 3 | Copy link to save it to your clipboard and then Close the dialog.

STEP 4 | Paste the link in your preferred communication tool of choice to send to the administrator.
The administrator must log in to the Strata Cloud Manager with their credentials to view the
canvas snapshot.

Delete a Canvas
There are two ways to delete a canvas:
•
From the Canvas List: Use the Delete option in the more actions ( ) menu
• Within an open canvas: Click the delete icon located at the top of the canvas

Strata Cloud Manager Getting Started 101 ©2025 Palo Alto Networks, Inc.
AI Canvas

Get Help with AI Canvas

Where Can I Use This? What Do I Need?

• Strata Cloud Manager Strata Cloud Manager Pro license

Prisma Access license
Acceptance of the Strata Copilot SEULA
for the tenant

Troubleshoot AI Canvas
When working with AI Canvas, you might encounter situations where your queries return no
results. To resolve this issue:
• Verify that your time range settings are appropriate for the data you're seeking
• Try refining or broadening your natural language query to better match available data
• Review the prompting best practices and sample queries for guidance on effective query
phrasing
• Use the Help icon located on the widget to find recommendations for effective query phrasing

Support and Feedback

If you need assistance with AI Canvas or have suggestions for improvement, please reach out to
[email protected]. You can also start a discussion on Live Community
to connect with other users and share your experiences.

Strata Cloud Manager Getting Started 102 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud
Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including Cloud NGFWs and those funded
by Software NGFW Credits
•

The other licenses and prerequisites needed

to access the Command Center:

A specific license to view certain metrics

in the Command Center that is outlined
below
A role that has permission to view the
Command Center
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Strata Cloud Manager Command Center is your new NetSec homepage; it is an interactive
visual summary that will help you assess the health, security, and efficiency of your network.
The command center provides a consolidated view of the NetSec platform, and gives you
comprehensive visibility into your Sources, Applications, Prisma Access deployment, your
NGFWs, and your security services in a single place.

103
Command Center: Strata Cloud Manager

The command center enables you to interact with the data and visualize the relationships
between events on the network, so that you can take immediate actions to strengthen your
security.
The command center is integrated with the new Activity Insights dashboards (Insights > Activity
Insights), and will highlight anomalies detected by your onboarded licenses and subscriptions
through actionable insights, and provide a path to remediate those anomalies.
From the new homepage, you can see:
• A comprehensive view of all traffic on your network flowing between sources (users, IoT
devices, external hosts) to applications (internet, SaaS, private).
• How assets such as users, devices, and applications are being accessed and secured.
• Navigate to specific dashboards with context for deeper understanding of the issues impacting
your network.
• Types of threats encountered while users are working.
Launch Strata Cloud Manager and click Command Center ( ) to get started.

Strata Cloud Manager Getting Started 104 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

How to Interact with the Strata Cloud Manager

Command Center
Each view in the command center neatly breaks down all the information you would need to
assess the health and security of your network.

The command center automatically refreshes data every 5 minutes and displays the last 24 hours
of data by default. You have the option to filter this data for different time periods: the past 1
hour, 3 hours, 7 days, or 30 days.
Each command center view displays different types of visual data flowing from the sources,
through Prisma Access and NGFWs or security subscriptions deployed on your network, to the
various applications on your network.

The Sources bubbles (hybrid workers, office users, IoT devices, Prisma Access Browser-Enabled
users, and others) are on the left and the Applications bubbles (accessed on the internet, SaaS,
and hosted on-prem or in-cloud) are on the right. The application bubbles display the top three
most used applications in each category.

Strata Cloud Manager Getting Started 105 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Sources include:
• IoT Devices – Devices discovered by an active IoT Security license and enabled.
• Users – Remote and Branch users.
• Other – Internal and external hosts accessing resources on the internet.
Applications include:
• Internet Apps – Applications accessed using a web browser.
• SaaS Apps – Cloud apps owned and managed by an application service provider.
• Private Apps – Applications hosted in a data center.
You can filter the data in the central view by clicking on the bubbles for sources, deployments,
or applications. This will provide you a more detailed view of the tracked data for that view in
relation to the bubble selected.
By selecting filters ( ), you can filter the data in the command center views by Tenant orNGFW
or Prisma Access specific data.
Hovering over the sources allows you to see the Agent-Enabled User Devices and PA Browser-
Enabled User Devices.
With an AI Access license, you can filter the traffic in all command center views by GenAI Apps
only to better evaluate how GenAI apps in use by users on your network might be affecting your
data security.

For more information on AI Access Security and AI Access Security licenses, see AI Access
Security.

With an Strata Cloud Manager Pro license, you can enable the Quantum Readiness View to start
evaluating your post-quantum cryptography (PQC) posture.

For more information about PQC, Quantum Security, and Quantum Readiness, click here.

Strata Cloud Manager Getting Started 106 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

When looking at one of the views, you can mouse over the lines for more information about your
network, such as the traffic or the threats blocked or allowed on your network.

Strata Cloud Manager Getting Started 107 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Below the central visual summary are several key metrics tracked by your activated subscriptions
that provide actionable insights into your network. These key metrics provide the ability to
navigate to one of several detailed context pages where you can find more information about the
metrics that have surfaced and drill-down into possible solutions.

Strata Cloud Manager Getting Started 108 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Strata Cloud Manager Command Center Views

The command center provides you with four different views, each with their own tracked data
and metrics to examine and interact with.
• Summary
• Threats
• Operational Health
• Data Security
• Application Security

Strata Cloud Manager Getting Started 109 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Command Center (Summary)

The Summary view displays a high-level look at all traffic from your users, external hosts, IoT
devices, and applications, as well as a preview of some of the issues and anomalies on your
network that are spotlighted by the other views. You can use this view as the first-look into the
health of your network each day.

Summary Licenses • You must have at least one of these

licenses that comes with a Strata Logging
Service license to use the Strata Command
Center:
Prisma Access license
AIOps for NGFW Premium license
• Or an AIOPs for NGFW Free license
alongside a Strata Logging Service license
• Licenses that are needed for additional
metrics in the Summary view:
Cloud-Delivered Security Services
(CDSS) subscriptions
Data Security subscriptions
ADEM license
AI Access license
Prisma Access Browser license

Central Summary View

The central Summary view provides a look into the data being transferred between the IoT
devices, users, external hosts accessing resources from the internet, internet apps, SaaS apps, and
private apps on your network.

The lines in the central Summary view represent the data transfers and traffic on your network,
with the thickness of the lines representing the volume of data being transferred from sources
and applications.
You can see how these sources are being secured by your network infrastructure:

Strata Cloud Manager Getting Started 110 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

• Prisma Access deployments

• Next-Generation Firewalls from your Strata Logging Service inventory

Total Threats Count

The Total Threats Count widget gives you a quick view into the total number of threats detected
in your network, how many threats have been blocked, how many threats have been alerted, and
the change in threats from a selected time range.

Click through to the Activities Insights (Insights > Activity Insights > Threats) screen for a more
detailed breakdown of threats on your network.

Open Incidents and User Experience

The Open Incidents and User Experience widget gives you a view into the total count of open
incidents, the breakdown of good and potentially degraded user experience from individual
segments in the service delivery chain from a user device to an application, and the change in
open incidents from a selected time range.

Click through to the Application Experience dashboard () for a more detailed breakdown of the
health and user experience across your network and performance metrics.

Top Data Profiles by Action

The Top Data Profiles widgets gives you a view into the top predefined data filtering profiles,
the number of matches found in network traffic, and the action taken for sensitive data based on
those data profiles.

Strata Cloud Manager Getting Started 111 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Click through to the Data Security view (Command Center > Data Security) for a more detailed
breakdown of sensitive data on your network.

Top GenAI Use Cases by Users and GenAI Apps

The Top GenAI Use Cases by User widget gives you a view into the top use cases for GenAI apps
being utilized by users on your networks, the amount of users for each use case, and the amount
of GenAI apps that fall under each use case.
You can also see the total number of GenAI apps on your networks, as well as the percentage
shift in apps based off of the time filter.

Click through to the AI Access Security (Insights > AI Access) dashboard in Activity Insights for
a more detailed breakdown into GenAI app adoption on your network and recommendations for
how to better secure your data.

For more information about how your organization can safely adopt GenAI applications
while mitigating risks to your data security, see AI Access Security.

Strata Cloud Manager Getting Started 112 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Threats
The Threats view shows the traffic inspected on your network and threats detected by your
CDSS subscriptions. You can use this view to monitor the blocked and alerted threats on your
network or investigate areas of your network that need updated policies to better block any
alerted threats.

Threats Licenses • Threats licenses, including:

Threat Prevention license
URL Filtering license
WildFire license
DNS Security license

Central Threats View

The central Threats view provides a look into all the threats on your network that have been
identified by your active Cloud-Delivered Security Services subscriptions.
The Threats view will show how your Palo Alto Networks CDSS subscriptions are protecting your
traffic by monitoring potential threats on your network. The Command Center gives you insight
into the percentage of traffic inspected for your IoT devices, users, and applications, and the total
number of threats allowed or alerted.

The lines in the central Threats view represent the traffic being monitored by your security
subscriptions, with the thickness representing the volume of threats detected and the color
representing if the threats are of critical, high, medium, or low severity.

Security Subscriptions
The Security Subscriptions widget gives you a view into your Cloud-Delivered Security
Subscriptions, which ones are active, and a snapshot of how they are securing your network.

Subscription Description

Threat Prevention Threat Prevention defends your network against

both commodity threats—which are pervasive but not

Strata Cloud Manager Getting Started 113 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Subscription Description
sophisticated—and targeted, advanced threats perpetuated
by organized cyber adversaries.

URL Filtering Advanced URL Filtering is our comprehensive URL filtering

solution that protects your network and users from web-
based threats.

WildFire The cloud-delivered WildFire malware analysis service

uses data and threat intelligence from the industry’s
largest global community, and applies advanced analysis to
automatically identify unknown threats and stop attackers
in their tracks.

DNS Security Automatically secure your DNS traffic by using Palo Alto
Networks DNS Security service.

Clicking on the Security Subscriptions widget (Command Center > View Security Subscriptions)
gives you a detailed report of the status of your subscriptions in relation to your NGFWs and
Prisma Access deployments. Click Back to the Dashboard to return to the Threats view.

Total Threats Count

The Total Threats Count widget gives you a quick view into the total number of threats detected
in your network, how many threats have been blocked, how many threats have been alerted, and
the change in threats from a selected time range.

Strata Cloud Manager Getting Started 114 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Click through to the Activities Insights (Insights > Activity Insights > Threats) for a more detailed
breakdown of threats on your network.

Blocked and Alerted Threats

The Blocked and Alerted Threats widget gives you a top-down-view of the threats being
detected in your network, organizing them by category, threat level (critical, high, medium, and
low), and if the threats have been blocked or alerted.

Click through for a more detailed table of all the threats impacting your network (Insights >
Activity Insights > Threats).

Strata Cloud Manager Getting Started 115 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Operational Health
The Operational Health view shows the health of infrastructure and user experience on your
network. You can use this view to monitor the health of your NGFWs and Prisma Access
deployments as well as the user experience on your network and review the severity of open
incidents in each area.

Operational Health Licenses • Monitoring subscriptions, including:

ADEM Observability
AI-Powered ADEM
AIOps for NGFW premium

Central Operational Health View

The central Operational Health view provides a look into the health of infrastructure and of the
user experience on your network. If users have an Autonomous Digital Experience Management
(ADEM) license, they will receive enhanced data in this view.
The Operational Health view will show how your Palo Alto Networks ADEM subscription
monitors the digital experience across all users, and applications in your SASE environment.

The lines in the central Operational Health view represent all the users on your network. The
users are organized by user experience score, with the colors of the lines representing a rating of
good, poor, or unmonitored.

Total Open Incidents and Incidents by Severity

The Open Health Incidents by Severity widget gives you a view into the all open incidents on
your network, broken down by scope (NGFW, Prisma Access, and Prisma SD-WAN), severity, and
quantity of incidents.

Strata Cloud Manager Getting Started 116 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

The widget tracks the percent change in open incidents based on the time period selected.
Click through to the Incidents dashboard for each available scope (Incidents > Prisma Access /
NGFW > All Incidents).

Top Subcategories for Open Health Incidents

The Top Subcategories for Open Health Incidents widget gives you a view into the top
subcategories of the open health incidents on your network, organized by scope, subcategory,
quantity of incidents, and what is impacted (data centers, sites, devices, etc.).
The widget will display the top five subcategories for a single scope, or the top two subcategories
for multiple scopes when available.

Click through to the Incidents dashboard for each available scope (Incidents > Prisma Access /
NGFW/Prisma SD-WAN).

Monitored User Devices and User Device Experience

The Monitored User Devices and User Device Experience widget gives you a view into the total
count of open incidents, the breakdown of good and potentially degraded user experience from
individual segments in the service delivery chain from a user device to an application, and the
change in open incidents from a selected time range.

Click through to the Application Experience dashboard (Insights > Operational > Application
Experience) for a more detailed breakdown of experience across your network and performance
metrics.

Strata Cloud Manager Getting Started 117 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Best Practices

Strata Cloud Manager Getting Started 118 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Data Security
The Data Security view shows all the sensitive data detected across your network and various
connected SaaS applications. You can use this to monitor and identify high risk sensitive data
flows in your organization.

Data Security Licenses • Data Security licenses, including:

SaaS Security license
Data Security license
Enterprise DLP license

Central Data Security View

The central Data Security view provides the sensitive and high risk data map across your network
and connected SaaS applications. The command center gives you insight into sensitive data users
in the organization, the specific sanctioned, unsanctioned, tolerated, or untagged applications
where there is sensitive data activity detected (asset upload, download, or assets exposed) as well
as number of assets allowed, blocked, quarantined, revoked sharing, or exposed.

The lines in the central Data Security view represent sensitive data being detected through data
at rest and data in motion security solutions, with the thickness of the lines representing the
quantity of data and the color representing whether that data has been flagged or classified as
critical, high, medium, or low risk.

Security Subscriptions
The Security Subscriptions widget gives you a view into your Data Security Subscriptions, which
ones are active, and a snapshot of how they are securing your network.

Subscription Descrition

DLP Inline Enterprise DLP is a cloud-based service that uses supervised

machine learning algorithms to sort sensitive documents into
categories to guard against exposures, data loss, and data
exfiltration.

Strata Cloud Manager Getting Started 119 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Subscription Descrition

SaaS Inline The SaaS Inline solution works withStrata Logging Service to
discover all the SaaS applications that are being used on your
network.

SaaS API SaaS API is a cloud-based service you can connect directly
to your sanctioned SaaS applications using the cloud app’s
API and provide data classification, sharing or permission
visibility, and threat detection within the application.

Posture Security SaaS Security Posture Management (SSPM) helps detect

and remediate misconfigured settings in sanctioned SaaS
applications through continuous monitoring.

Email DLP Email DLP is an add-on to Enterprise DLP that prevents

exfiltration of emails containing sensitive information with
AI/ML powered data detections.

Clicking on the Security Subscriptions widget (Command Center > View Security Subscriptions)
gives you a detailed report of the status of your subscriptions in relation to your NGFW and
Prisma Access deployments. Click Back to the Dashboard to return to the Data Security view.

Strata Cloud Manager Getting Started 120 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Top Data Profiles

The Top Data Profiles widget shows the top data profiles detected across all the sensitive data
inspected, the severity of the data profile as well as the number of asset matches detected inline
with data in motion versus data at rest.

Click through to the Data Loss Prevention dashboard (Configuration > Data Loss Prevention) to
review all predefined data profiles and add custom data profiles.

Data Trend
The Data Trend widget shows trend in sensitive data monitored by your data security
subscriptions, organized by the percent change in total assets, data risks, and posture violations.

Click through to the Data Risk dashboard (Configuration > Data Loss Prevention > Data Risk) to
understand your overall data risk score and review actionable recommendations to improve the
data security posture of your organization.

Strata Cloud Manager Getting Started 121 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Command Center (App Security)

The App Security view displays a high-level look at the security of your web applications and
APIs. Review protected applications, anomalies protected by your policies, alerted and blocked
attacks, and discovered applications not currently protected by any security policy.
To learn more about how App Security keeps your network safe, click here.

App Security Licenses and Requirements • License:

Prisma Access license
Private App Security add-on license
• Other prerequisites
Minimum dataplane PAN-OS 11.2.7 or
later

Central App Security View

The central App Security view provides a look into the data being transferred between sources
and private and discovered apps.

The lines in the central App Security view represent the total requests made on your network,
with the thickness of the lines representing the volume of data being transferred from sources
and applications.
You can see how these sources are being secured by your Prisma Access deployments with the
requests organized into attacks (alerted and blocked), anomlaies, and clean.

Strata Cloud Manager Getting Started 122 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

The breakdown of applications also provides insight into the number of attacks to your most used
apps.

Total Traffic Requests

The Total Traffic Requests widget gives you a quick view into the total number of traffic requests
made, including Total Attacks, Attacks Blocked, and how those are trending on your network.

Filtering the Command Center by time period shows you the percent increase or decrease in each
count over that selected period.

Recommended Policies and Anomalies Detected

The Recommended Policy and Anomalies Detected widget gives you a view into the total number
of Anomalies detected on your network as well as the recommended policy actions you could
complete to help lower that number.

Filtering the Command Center by time period shows you the percent increase or decrease of
Anomalies and Recommendation over that selected period.
Clicking through the widget brings you to the Recommended tab of the Application Security
dashboard, allowing you to start enabling policies to secure your network.

Previewed Policies and Attacks Alerted

The Previewed Policies and Attacks Alerted widget gives you a view into the previewed policies
from App Security and the number and trend of attacks alerted on your network.

Filtering the Command Center by time period shows you the percent increase or decrease in
requests and attacks over that time period.

Strata Cloud Manager Getting Started 123 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Strata Cloud Manager Getting Started 124 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

to access certain Dashboards are:
Cloud-Delivered Security Services (CDSS)
ADEM Observability
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager provides insights into your network activity, offering granular and
actionable security and operational information through dashboards. This information helps you
protect against vulnerabilities and unauthorized access, while providing management insights on
network health, performance, and administrative tasks.

Insights: Dashboards and Reports

Strata Cloud Manager supports some of these insights with a set of interactive dashboards that
give you a comprehensive view of the applications, ION devices, threats, users, and security
subscriptions at work in your network. The dashboards provide visibility into the health, security
posture, and activity happening in your deployment that helps you to prevent or address
performance and security gaps in your network. Dashboard support extends across the Palo Alto
Networks products and subscriptions that are supported for cloud management, and from other
sources as well, including Traps, Cortex XDR, Prisma SaaS, and Proofpoint. The data you see
often depends on your subscription. You can review each dashboard topic to see what the license
requirements are for that dashboard, if role permissions might impact what data is visible, and to
learn about the different types of data that each subscription unlocks.
You can access dashboards from the Insights menu on the left navigation pane. You can also build
your own dashboard using the Build My Dashboard option. Some of the dashboards also have the
option to download and share reports that you can share offline and schedule for regular updates.
To see if reports are supported for a dashboard, check for these icons:

125
Insights: Strata Cloud Manager

Additionally, you can use the report templates in the Reports menu to download, share, and
schedule reports on specific activity such as User Activity, Network Usage, and so on.

Integrate with Cloud Identity Engine

We recommend setting up Cloud Identity Engine (Directory Sync) to get the most out of
dashboards. Cloud Identity Engine is a free Palo Alto Networks app that gives other apps read-
only access to your Active Directory information, and enables you to:
• Get User Activity data—Cloud Identity Engine enables you to specify the user for whom you
want to run a report.
• Easily and securely share reports with other members of your organization—After Cloud
Identity Engine is set up, you can easily add recipients to a scheduled report. Your report
recipients are checked against Cloud Identity Engine, and if no match is found, it performs an
additional validation by checking the email address domain against those associated with your
support account. This process ensures that reports are only sent to individuals within your
organization.
Integrated apps must be deployed in the same region. At any time, you can go to the hub to
integrate Cloud Identity Engine with Prisma Access or Directory Sync. ➡ Integrate Palo Alto
Networks apps

Support for Insights Dashboards and Reports

The table below shows the list of Insights dashboards and report templates, the platforms they
are supported on, license requirements, and so on.

Some of the dashboard supports in the product are pending migration to

Strata Cloud Manager.

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)

• Docs for Prisma • Docs • Docs

Access (Managed for for
by Strata Cloud AIOps Prisma
Manager) and Prisma SASE

Strata Cloud Manager Getting Started 126 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)
Access (Managed by for Multitenant
Panorama) NGFW Platform

Dashboard: Yes Yes Yes • ADEM

SASE Observability
Health
• AI-
Powered
ADEM

Dashboard: Yes No PAN-OS Yes [Only for • Prisma Access (Manage

Best versions: AIOps for NGFW] per
Practices 10.0 or Enable tenant
later telemetry
• AIOps for NGFW:
sharing in
per
devices
NGFW/
Panorama
associated
with
AIOps for NGFWinstan

Dashboard: No No Yes No [Only for AIOps for

Compliance AIOps for NGFW: per
Summary NGFW] NGFW/
Enable Panorama
telemetry associated
sharing in with AIOps
devices for NGFW
instance

Dashboard: No No Yes No Tech AIOps for

On Support File NGFW: per
Demand (TSF) NGFW/
BPA Panorama
associated
with AIOps
for NGFW
instance

Dashboard Yes Yes Yes Yes • Strata Per Strata

and Logging Logging
Report:

Strata Cloud Manager Getting Started 127 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)
Executive Service Service
Summary license tenant
• Threat
Prevention
license
• URL
Filtering
license
• WildFire
license
• Enterprise
DLP
license

Dashboard Yes No Yes Yes** WildFire Per tenant

and license service
Report: group (TSG)
WildFire

Dashboard The DNS Security dashboard and its associated reports have been deprecated.
and You can access the related use cases on the Insights > Activity Insights >
Report: Domains page. To view the DNS Security and Advanced DNS Security insights,
DNS generate a Security Lifecycle Review (SLR) report.
Security

Log Yes Yes Yes Yes Strata Per Strata

Viewer Logging Logging
Service Service
license tenant

Threat Yes No Yes Yes** Requirements

Search to view
trend graph
in search:
• DNS
license
• WildFire
license

Strata Cloud Manager Getting Started 128 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)
• Strata
Logging
Service
license
• URL
Filtering

Report: Yes Yes Yes Yes Refer to

Download/ respective
Share/ feature
Schedule column in
this table

Saas Yes No No No • Saas Per

Security Security Prisma Access
license tenant
• Strata
Logging
Service

Dashboard: No No Yes No AIOps for NGFW:

Security per NGFW/
Posture Panorama
Insights associated
with
AIOps for NGFW
instance

Report: Yes Yes No No • Threat Per Strata

Advanced Prevention Logging
Threat or Service
Prevention Advanced tenant
Threat
Prevention
license
• Strata
Logging
Service

Strata Cloud Manager Getting Started 129 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)

Dashboard: Yes Yes Yes No Device SecurityPer

IoT license Device Security
Security tenant

Dashboard No No No Yes Prisma SD-WAN

Per
and license Prisma SD-WAN
Report: tenant
Prisma SD-WAN

Dashboard: No Yes Yes [Only for • AIOps for

PAN-OS AIOps for NGFW:
CVEs NGFW] per
Enable NGFW/
telemetry Panorama
sharing in associated
devices with
AIOps for
NGFW
instance
• PSIRT
Database
of CVEs
using API
access

Dashboard: Yes Yes Yes [Only for AIOps for

CDSS AIOps for NGFW: per
Adoption NGFW] NGFW/
Enable Panorama
telemetry associated
sharing in with AIOps
devices for NGFW
instance

Dashboard: No Yes Yes [Only for AIOps for

Feature AIOps for NGFW: per
Adoption NGFW] NGFW/
Enable Panorama
telemetry associated
sharing in with AIOps
devices

Strata Cloud Manager Getting Started 130 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)
for NGFW
instance

Dashboard: No No Yes No [Only for per NGFW/

NGFW AIOps for Panorama
SD-WAN NGFW] associated
Enable with AIOps
telemetry for NGFW
sharing in instance
devices

Dashboard Yes Yes No Per Prisma

and Access
Report: tenant
Prisma
Access
Usage

Report: Yes Yes Yes No Per user

User
Activity

Report: Yes Yes Yes No • Strata Per Strata

Network Logging Logging
Activity Service Service
tenant

Dashboard Yes Yes No No • Strata Per Strata

and Logging Logging
Report: Service Service
Activity tenant
Insights-
Overview

Report: Yes Yes No No • Strata Per Strata

App Logging Logging
Usage Service Service
tenant

Report:
GDPR

Strata Cloud Manager Getting Started 131 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)

Report:
SaaS Risk
Assessment

Prisma Access (Panorama Managed)* -

• For Prisma Access (Panorama managed) users with Strata Logging Service hosted in the non-
Americas region, you need to provide consent to allow Prisma Access to read and process data
from the Strata Logging Service in the non-Americas region. Review and accept the privacy
notice on the Dashboard home page to provide your consent and view more dashboards and
logs. Only app, instance, and account administrators can see and accept the privacy notice.
• Dashboards are not supported in Prisma Access (Panorama managed) multi-tenant
environment.
Yes*—Yes means all versions of Prisma Access and PAN-OS are supported.
Yes**—In the multitenant platform, tenants are identified as tenant service groups (TSGs) and
assigned with TSG ID. A single or multiple tenants can be associated per Customer Support Portal
(CSP). The data shown in the dashboard depends on the following scenarios:
• Your app from which you access the dashboard needs to be TSG supported and accessed
through the SASE platform or the tenant view on the hub.
• You have associated devices with your tenant using Common Services in the hub.
• Verify if your tenants have one-to-one or many-to-one mapping with CSP.
• If your tenants have one-to-one mapping with CSP, you can view dashboard data across all
sources (for example, in WildFire dashboard, data across samples from Palo Alto Networks
firewalls, Prisma Access, Cortex XDR, Prisma SaaS, Proofpoint and manual uploads are
shown).
• If multiple tenants are associated per CSP, the dashboard shows data from only Prisma
Access, Palo Alto Networks firewalls, and Panorama appliances associated with specific
tenants and not from other sources.
AIOps for NGFW*—The dashboards available in AIOps for NGFW depend on whether you have a
Free or Premium license tier.

Strata Cloud Manager Getting Started 132 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Activity Insights

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including Cloud NGFWs and those funded
by Software NGFW Credits
•

The other licenses and prerequisites needed

to access certain Activity Insights views are:

Cloud-Delivered Security Services (CDSS)

ADEM Observability
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Activity Insights gives you an in-depth view of your network activities across Prisma Access and
NGFW deployments. This view unifies your network data such as network traffic, application
usage, threats, and user activities in one place. Activity Insights provides visualization, monitoring,
and reporting capabilities to you carry out your tasks easily. Once you have identified the areas
that need your focus with the Strata Cloud Manager Command Center, use the context links to
navigate to Activity Insights or other dashboards for further analysis.
Activity Insights has advanced filters to help you focus on the security aspects that matter
to your deployment. The advanced reporting functionality in Activity Insights enables you to
download, share, and schedule reports from the data in the Overview tab. The report presents
data separately for each filter applied in the dashboard. Alternatively, you can schedule reports for
Activity Insights and dashboards from the Strata Cloud Manager > Reports menu.
Launch Strata Cloud Manager and click InsightsActivity Insights ( ) to get started.

What does Activity Insights show you?

Activity Insights shows aggregated data per Strata Logging Service tenant deployed in Prisma
Access and NGFW environments. You can filter the data for a specific deployment. Activity
Insights has different tabs. Each of these tabs provides an unified view of network data in relation
to applications, users, threats, URLs, and network usage.

Strata Cloud Manager Getting Started 133 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Overview—Displays the data for applications, threats, users, URLs, and sessions with the
maximum number of activities involved within the selected time range. Glance through this
view to quickly identify any irregularities within your network and then delve deeper to
examine the activities that require investigation.
• Applications—Provides an overview of all the application usage in the network, including data
transfer, application risks and ADEM capabilities to monitor application experience.
• SD-WAN Applications—Displays the performance of Prisma SD-WAN applications with details
on health score over a time range, transaction statistics, and bandwidth utilization metrics.
• Threats—Provides a holistic view of all threats that the Palo Alto Networks security services
detected and blocked in your network.
• Users—Provides deeper insights into a user’s traffic and activities, including ADEM’s
capabilities to monitor user experience.
• URLs—Displays the URLs accessed in your network, how many of them are malicious, users
and applications accessing the URLs, rules allowing the URLs in your network, and enforcement
by your security services.
• Rules—Provides insights on the security policy rules permitting the traffic generated by users
and applications, threats detected in the traffic sessions, and URLs impacting the rule.
• Regions—Displays the network traffic details in relation to applications, users, threats, and
URLs.
• Projects—Gain visibility into your Prisma Access Agent deployment by using Strata Cloud
Manager to monitor your Dynamic Privilege Access project activity.

How can you use the data from the dashboard?

Here are some ways the findings can be beneficial:
• Identify the applications you want to monitor, improve the user experience of the applications
with low scores, and control unsanctioned and risky applications.
• View the most relevant threats to your deployment and get context on the threats for
investigation.
• Refine your Security policy rules and traffic rules based on your findings from the logs to close
the security gaps.
• Monitor the user activity to detect and stop potential threats and protect misuse of sensitive
information.

Activity Insights: Overview

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including Cloud NGFWs and those funded
by Software NGFW Credits
•

Strata Cloud Manager Getting Started 134 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

The other licenses and prerequisites needed

to access certain Activity Insights views are:

Cloud-Delivered Security Services (CDSS)

ADEM Observability
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

View the summary of most seen applications, threats, users, URLs, and rules in your network for
the selected time period. Glance through this view to quickly identify any irregularities within your
network and then delve deeper to examine the activity that requires investigation. The Overview
view includes:
• Top 5 applications and application categories in your network that have the maximum activity
in terms of number of sessions, data transfer, threats detected, URLs accessed, and users who
accessed the applications. Click View all Applications to refer to the application details.

• Top 5 threats and threat categories that are most affecting the sessions, users, and
applications. View the details of sessions, users, and applications in the Log Viewer, Users, and
Applications tabs, respectively.

• Network traffic trend of blocked, allowed, and alerted sessions, the amount of data transferred,
and users generating the most traffic.

• Top 5 users with most traffic sessions, data transferred, threats found in traffic, URLs accessed,
and the user experience scores for monitored applications.
• Most accessed URLs along with details on session, users, and applications accessing the URLs.

• Top 5 most impacted Security policy rules configured in your deployment with filters to know
the sessions, users, URLs, threats, data transferred, applications involved in the traffic matching
the rules.

You can use the filters to view the data points you want to focus on and relevant to your
deployment. These filters are available in all the tabs of the dashboard.

Strata Cloud Manager Getting Started 135 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Filters
Activity Insights has advanced filters to help you focus on the security aspects that matter to your
deployment. The available filters are:
• Time Range—View data for a specified time period
• Scope Selection—Data specific to a deployment: Prisma Access, NGFW
• Subtenant—The Prisma Access instance for which the data is displayed
• User Name—View activities involving an individual user
• Application—Network events concerning a specific application
• Application Type—Type of application; SaaS, internet, private
• Threat Category—Data for a particular category of threat
• Threat Action—View specific to allowed or blocked threats
• URL Risk Level—Data concerning the URLs with specific risk level; high, medium, or low
• URL Category—Filter the data based on the URL categories
• Source Location—View activity that originated from a specific location
• Destination Location—View activity targeted to a specific region
• URL—Activity related to a specific URL accessed.
• SaaS Application—Data concerning a specific SaaS application
• Sanctioned Application—View data for sanctioned or unsanctioned applications only
• Port Type—Sort traffic from applications traversing through standard or nonstandard ports
• Protocol—See traffic that uses a specific TCP, UDP, or HTTP ports
• Source Type—View activity generated from a particular device, users, or others
Time Range Selection Filter
The Time Range selection filter appears at the top of the dashboards where you want to filter
information by time range.
The time is localized, so you can filter based on the local time for your region. Data is fetched
every minute, but datapoints shown in most histograms vary according to the Time Range
selected.
For your convenience, Prisma Access lets you pick the Time Range from a few predefined ranges
or configure your own date and time range:
• Last 15 min
1 datapoint for every 3 minutes for a total of 5 datapoints.
• Last 1 Hour
1 datapoint for every 3 minutes for a total of 20 datapoints.
• Last 3 Hours
1 datapoint for every 3 minutes for a total of 60 datapoints.

Strata Cloud Manager Getting Started 136 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Last 24 Hours
1 datapoint for every 5 minutes for a total of 288 datapoints.
• Last 7 Days
1 datapoint for every 30 minutes for a total of 336 datapoints.
• Last 30 Days
1 datapoint for every 3 hours for a total of 180 datapoints.
• Custom
You can set a custom time interval (for example, date and the time example start at 5:00 pm on
June 1 and end at 4:00 pm on June 2) in addition to the prepopulated Time Range selections
available in the filter.
To set a start time, first select the date in the calendar, then select the time under Start. Apply
the start time, then set the end time by selecting an end date in the calendar and a time under
End.
Once you set a custom time range, it gets saved and applied across all widgets within Insights
that use the time range filter to display data instead of real-time data.
You can pick from prepopulated Time Range selections for custom time intervals:
• Last 15 min
1 datapoint every 3 minutes for a total of 5 datapoints.
• Last 1 Hour
1 datapoint every 3 minutes for a total of 20 datapoints.
• Last 3 Hours
1 datapoint every 3 minutes for a total of 60 datapoints.
• Last 24 Hours
1 datapoint every 5 minutes for a total of 288 datapoints.
• Last 48 Hours
1 datapoint every 30 minutes for a total of 96 datapoints.
• Last 7 Days
1 datapoint every 30 minutes for a total of 336 datapoints.
• Last 30 Days
1 datapoint every 3 hours for a total of 240 datapoints.

Reports
Click one of the icons in the Overview tab to download, share, and schedule reports from
the data in the Overview tab or use Strata Cloud Manager > Reports > Report Templates and
click one of the icons against Activity Insights - Summary report template.

Strata Cloud Manager Getting Started 137 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Activity Insights: Applications

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or
The other licenses needed to view the Activity
Insights:Applications tab are:

will unlock additional Prisma Access

features

Monitor the applications in your Prisma Access and NGFW setups, users using the application,
risk scores, user experience for each application, and understand the security impact posed by the
risky applications. Application Usage findings can help you to refine your security policy to control
unsanctioned and risky applications. Click Insights > Activity Insights > Applications to view the
following information:

• Applications by Risk Score—The total number of applications running in your organization

and the number of applications that are doing Good, Fair, and Poor. The applications are
categorized as Good, Fair, and Poor based on their application experience scores.
• Applications by Tag—View whether applications are approved within your organization.
From the Applications by drop-down, select Tag to see apps by Sanctioned, Tolerated, or
Unsanctioned.
• Application Data Transfer by—Total data download and uploaded across NGFW and Prisma
Access firewalls during the time range selected. You can filter to view data transfer originating

Strata Cloud Manager Getting Started 138 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

from the application category and flowing through the destination from the device (data center
or firewall).
• All Applications—Use this widget to see which Prisma Access applications are monitored with
synthetic tests running on them and applications running on your NGFW environments. The
table also displays their experience scores, which give you the health of each application.
• If you have a Prisma Access Browser subscription, you'll see a column for PA Browser
Events. Select the number of events, and it will redirect you to the Prisma Access Browser
management pages.
• You can also change the tag applied to Gen AI apps based on the application risk score to
reflect whether the application is approved within your organization. In the Actions column,
select the tag icon and choose the Sanctioned, Tolerated, or Unsanctioned tag and click
Apply.
•Column Description

Application Name The name of the application being monitored.

Category Application type.

App Risk Score The app risk score, with 1 being the lowest
risk and 5 being the highest risk.

Data Usage Total traffic in the infrastructure detected to

the specific application.

Avg. (Average) Throughput (App Acceleration) View average throughput

your traffic has been accelerated.

Accelerated (App Acceleration) Some or all of your

application traffic has been accelerated.

Port Port used by the application.

Tag Sanctioned, Tolerated, or Unsanctioned.

Threats Total number of threats experienced by the

application.

Users Total number of users accessing this

application during the time range specified.

URLs Total number of URLs accessing this

application during the time range specified.

Subcategory Application subcategory.

Rule Name The security policy rule name.

Strata Cloud Manager Getting Started 139 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Column Description

PA Browser Events Number of Prisma Access Browser events

accessing this application.

User Experience Application experience scores collected by

Autonomous DEM. It's aggregated across all
users monitored for this application.

Site Experience Score (ADEM) Application experience score for this

specific branch site.

Application Test Name (ADEM) The name of the test set up by the
user for this application.

Application Test Target Name (ADEM) IP address of the FQDN to which

the synthetic tests are targeted from various
endpoints.

• (Prisma Access applications only) You can download the data in the table in csv format. Click
the Manage Tests button to view all the synthetic tests that are set up for all your Prisma
Access applications in the Application Tests table. If you want to create a test to monitor an
application, click Monitor App to view Health under the User Experience column.

Strata Cloud Manager Getting Started 140 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Application Details—Select any application in the All Applications table to view general details
of the application along with details concerning application activity and application experience.

• About the app—View whether the application you selected is tagged as Sanctioned,
Tolerated, or Unsanctioned.
• App Risk—See information about this App Risk, including its risk score, ports used, and any
plugins used. Select View All Attributes for further information.
• Rules—The number of security policy rules matched against this application's traffic.
• Application ID—The application type and subcategory.
• Total Threats by Threat Type—View a graph of the number of threats by threat type that
this application faces.
• Total Users—View how many users have accessed this application during the time range
selected.
• Data Transfer—See how many times this application has been uploaded and downloaded
during the time range selected.
• Sensitive Data—Sensitive data detected by this application.
• The Activity tab shows the total number of threats seen in the application, total users
accessing the application, data transferred through the application, PA Browser Data Events,
and PA Browser Access Events.
• The following image shows Application Details about PA Browser Data Events and PA
Browser Access Events. The default view shows an Aggregate of all events and blocked
events, or you can choose to view a Breakdown by Event Type and Count.

Strata Cloud Manager Getting Started 141 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• The Experience tab shows the application experience score, score trend during the selected
time range, and network performance metrics.

If an app is a container app, then the displayed statistics are a roll-up of all the
applications in the container. For example, gmail is a container app (there is no App-ID for
gmail). It groups applications such as gmail-posting, gmail-downloading, gmail-uploading,
and so forth. The risk score set for this container app is the highest risk score found for the
contained applications. All other metrics are calculated by summing the values found for
the contained applications.

Reports—You cannot generate a report that covers the data in this view. However, you can use
the Application Usage report to view application usage data in your network. To schedule a
report, from the Strata Cloud Manager > Reports menu, click the icon against the App Usage
Report template.

Activity Insights: SD-WAN Applications

Where Can I Use This? What Do I Need?

• license
license to view certain widgets

View the top applications which are not performing well in Prisma SD-WAN. See the determined
health score of all poor applications, list of poor applications for a tenant based on health score,
and the average health score of poor applications for the last 3 hours in 5 minutes intervals.

Strata Cloud Manager Getting Started 142 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Application Health Distribution—(requires WAN Clarity license) The distribution of Good, Fair,
and Poor applications for a given tenant.
• TCP Application Health Distribution Over Time—(requires WAN Clarity license) The
distribution of Good, Fair, and Poor TCP applications health distribution over a period of time.
The time-series graph should be computed and refreshed based on the selected duration. For
example, supported durations are 1 hour, 3 hours, one day, seven days, 30 days, and 90 days
and the interval is 1 minute, 5 minutes, 1 hour, and one day, respectively.
• New Flows—Displays the new TCP and UDP flows for an application, a specific set of
applications, or all applications for a given period. A TCP flow is considered a new flow when
it sees the first SYN packet. A UDP flow is considered a new flow when it sees the first UDP
packet in either direction. A flow is a sequence of packets in both directions identified by the
source and destination IP, source and destination port, and the protocol.
• Bandwidth Utilization—Displays the amount of bandwidth utilized on a trail in a network. Use
the chart to identify WAN congestion in a network that may hinder application performance.

Strata Cloud Manager Getting Started 143 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

It is a visual representation of bandwidth spike, total bandwidth consumed by a particular site,

and the application; if the upload is in ingress or egress direction. Move your cursor in the
Bandwidth Utilization chart to get a more granular view of the bandwidth utilization with an
application or time-stamp. Typically, the apps are listed in order of their bandwidth utilization.
• Transaction Stats—Provides transaction statistics on TCP flows, including initiation/transaction
successes and failures for a specific application or all applications, a particular path or all paths,
and all health events.
• Applications—Lists all the applications details such as Name, Application Profile, Health Score,
Impacted Sites, Traffic Volume, Init/Failure, and Transaction/ Failure. When you click the
application name, you can see the individual App Details on a new page.

Activity Insights: Threats

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

The other licenses needed to view the Activity

Insights:Threats tab are:

CDSS licenses
will unlock additional Prisma Access
features

Get a holistic view of threat activity and various types of threats seen in your network. The tab
shows the total number of threat sessions seen in your Prisma Access, NGFW, and standalone
resolver (Advanced DNS Security Resolver) deployments, breakdown of the numbers based on
threat category and threat severity for the selected time period. You can search on a security
artifact (file hash, a URL, a domain, or an IP address (IPv4 or IPv6) associated with a threat to view
the Palo Alto Networks threat intelligence analysis and the third-party analysis findings.

Threat activity presented in Activity Insights can take up to 30 minutes to populate after
logs are forwarded to the Strata Logging service.

Review the following details of unique threats in your network:

• Threat Name—Threat signature name. Use this to find the latest Threat Vault information
about the threat including all the threat sessions during a time range.

Strata Cloud Manager Getting Started 144 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Threat ID—Unique threat signature ID. Use the threat ID to look up the latest information that
the Palo Alto Networks threat database has for this signature.
• Threat Category and Subcategory—The type of threats based on threat signatures (Antivirus,
Spyware (C2), and Vulnerability).
• Licenses—The Palo Alto Networks security services that detected the threat.
• Severity—The threat severity is determined based on how easy it is to exploit the vulnerability,
the impact on vulnerability, the pervasiveness of the vulnerable product, the impact of the
vulnerability, and more. The severity is categorized as:
• Critical—When vulnerability affects default installations of very widely deployed software
and the exploits can result in root compromised. The exploit code (information about how
to exploit the system code, methods, proof of concept (POC)) is widely available and easy
to exploit. The attacker doesn't need any special authentication credentials, or knowledge
about individual victims.
• High—Threats that have the ability to become critical but have mitigating factors; for
example, they may be difficult to exploit, do not result in elevated privileges, or do not have
a large victim pool.
• Medium—Minor threats in which impact is minimized, such as DoS attacks that do not
compromise the target or exploits that require an attacker to reside on the same LAN as
the victim, affect only non-standard configurations or obscure applications, or provide very
limited access.
• Low—Warning-level threats that have very little impact on an organization's infrastructure.
They usually require local or physical system access and may often result in victim privacy or
DoS issues and information leakage.
• Informational—Suspicious events that do not pose an immediate threat, but that are
reported to call attention to deeper problems that could possibly exist.
• Total Sessions—The number of sessions where the threat was detected. Click the threat name
to view all related threat sessions in the specified time range. The threat session table provides
context on the threat such as time when the Palo Alto Network security services detected the
threats, users, rules, applications, devices impacted by the threat, and action taken (allowed or
blocked) on the threat.
• Total Users—The number of users exposed to the threat.
• Allowed Threats and Blocked Threats—Action enforced on the threat. Review the action to
ensure the actions are not triggering false positives on your network.
• Actions—Log history of the threat in the Log Viewer to aid in threat investigations.
Reports—You cannot generate a report that covers the data in this view.

Activity Insights: Users

Where Can I Use This? What Do I Need?

• Prisma Access(with Strata Cloud Manager or You must have at least one of these licenses
Panorama configuration management) to use the Activity Insights:
• Prisma Access

Strata Cloud Manager Getting Started 145 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• NGFWs(with Strata Cloud Manager or • Prisma Access Mobile User license
Panorama configuration management) • AIOps for NGFW Free (use the AIOps
for NGFW Free app) or AIOps for NGFW
Premium license (use the Strata Cloud
Manager app)
• Strata Cloud Manager Essentials
• Strata Cloud Manager Pro
The other licenses needed to view the Activity
Insights: Users tab are:
• Strata Logging Service
• Advanced URL Filtering license
• Cloud Identity Engine license
• Advanced Threat Prevention license
• ADEM Observability will unlock additional
Prisma Access features

Monitor user activity in your Prisma Access and NGFW environment. Monitoring the user activity
helps to detect and stop potential threats, protect misuse of sensitive information, and adjust your
Security policy rule to close security gaps.
Users provides an overview of all users and hosts connected to Palo Alto Networks' security
solutions, which include Next-Generation Firewall (NGFW) and Prisma® Access. You can easily
determine a user's or host's connection status to NGFW or Prisma Access, whether at a branch
site, service connection, or remote location. You can view information about:
• The total number of unique users currently connected to Palo Alto Networks security solutions
and users connected to NGFW and Prisma Access.
• The number of users who are connected during a certain time range, broken down by users
connected through NGFW and Prisma Access.
• Agent-based users connected through NGFW and Prisma Access.
• Agent-based or browser-based Explicit Proxy users connected to NGFW and Prisma Access.
• Users connected through Enterprise Browsers.
• A list of unmanaged device users accessing Prisma Access.
• A list of users connecting from branch locations to Prisma Access.
• A list of users connecting their data centers using specific service connections.

Users
In Strata Cloud Manager, go to Insights > Activity Insights > Users to view information about your
Prisma Access Agent Users, Agentless Proxy Users, Enterprise Browsers, Office Users, and Other
Hosts.

Strata Cloud Manager Getting Started 146 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

All Users/Hosts Table

The All Users/Hosts table shows all the mobile users in your environment. In the Scope Selection
drop-down, remove NGFW to view ADEM-related data. Select a User Name to go to the user's
details page, and click on the number of Threats to see threat details.
• View Hosts—Select All to view list of users connected by any of the connection method or
select Exclude Other Hosts to hide hosts that are not associated with known User-IDs or IoT
devices.
• User Name—Unique username or IP address.
• Connection Method—Access Agent, Agentless Proxy, Enterprise Browser, Office, or Other
Hosts.
• Last Device Location—Device's location by city, country.
• Threats—Number of threats the user faces. Click on the number to see threat details.
• Applications—Number of applications connected to the user.
• Data Usage—Total data usage in bytes.
• User Experience Score—ADEM user experience score.
• Endpoint Experience Score—ADEM endpoint experience score.
• Wi-Fi Experience Score—ADEM Wi-Fi experience score.
• Local Network Experience—ADEM local network experience.
• PA Experience Score—ADEM Prisma Access experience score.
• Internet Experience Score—ADEM internet experience score.
• Self Serve—ADEM Self-Serve information.
• Last Firewall/PA Location—Last connected NGFW name or Prisma Access location.
• Last Activity Time—Most recent date and time the user was active.

Strata Cloud Manager Getting Started 147 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Agent Users
Agent users connect through GlobalProtect or Prisma Access Agent. Select the number under
Agent Users to view details about your agent users.

View details about your Users, User Devices, and the number of currently connected users. You
can View Trend by Users or User Devices connected to Prisma Access at the time indicated in the
timestamp. From the Scope Selection drop-down, select All, Prisma Access, or NGFW users to
refine the data that appears. If you have an Autonomous DEM (ADEM) license, you can remove
NGFW from the drop-down to view ADEM-related data.
Baselines in Widgets
If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly
onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.

Strata Cloud Manager Getting Started 148 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Access Agent Users Graph

Hover over the trend line in the Access Agent Users chart to observe the number of Connected
Users or Connected User Devices and the corresponding connection time.
Monitored Users
If you have an AI-Powered ADEM license, you can view the number of users monitored by
Autonomous DEM (ADEM) and the number of monitored user devices. This widget appears only
when you have disabled NGFW from the Scope Selection drop-down.
• Monitored Users—Total number of users monitored by ADEM.
• Average User Experience Score—Experience score aggregated across all users monitored on
ADEM. See how many users have a Good (green), Fair (orange), or Poor (red) experience score.
• Monitored User Devices—Total number of user devices monitored by ADEM.

Agent Risky Users

View the number of agent users affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.
View More Details for Access Agent Versions
Select View More Details for: Access Agent Versions shows the access agent versions that your
users’ devices are using to connect to Prisma Access. Select GlobalProtect or Prisma Access
Agent to see the total Number of Connected Devices based on the agent versions during the

Strata Cloud Manager Getting Started 149 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

last 30 days. Use the data displayed to enforce compliance with the latest GlobalProtect or
Prisma Access Agent versions. Expand the arrow to see the count of connected devices per agent
subversions.

The GlobalProtect agent subversions are displayed for devices connected to Prisma Access
only.

View More Details for IP Pool Utilization

Static IP pools provide an alternate means of allocating IP addresses to the agent users. To view
IP pool utilization by different IP pool allocation theaters based on the number of connected users
at that time, select View More Details for: IP Pool Utilization. The IP pool utilization percentage
on the graph is the number of IP pool blocks used out of all the IP pool blocks that are available
across all the subnets. You can proactively add subnets when you see an IP pool bar approaching
the maximum capacity for any region.
IP Pool Utilization Details
Current IP Pool Utilization—One IP pool address block is a /24 subnet and has 254 IP addresses.
Allocation of a pool block counts toward utilization; however, allocating a pool block does not
mean that all IP addresses are in use. There are still available pool blocks that can be allocated
to new or existing mobile user gateways as needed. You can view IP pool utilization per pool
locations and subpool regions.

Strata Cloud Manager Getting Started 150 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• IP Pool Allocation—The IP pool utilization percentage on the graph is the number of IP pool
blocks used out of all the IP pool blocks that are available across all subnets. You can add
subnets when you see an IP pool bar approaching the maximum capacity for any region.
• Static IP Address Allocation provides an alternate means of allocating IPs to the agent users.
IP Pool Details shows IP pool utilization displayed under the IP Pool Name that comes from
the static IP pool configuration. Total IP Pool Profiles shows the number of utilized profiles in
the IP pool, and Total Unused IP Addresses shows the number of unused IP addresses in the IP
pool.
The IP Pool Details table shows:
• IP Pool Name—Unique IP pool name.
• Total IP Addresses—Total number of users in the IP pool.
• Active IP Addresses—Total number of active users in the IP pool.
• Peak Utilization Status—Highest percentage of use for the IP pool during the selected Time
Range.
• Last IP Assignment Timestamp—Most recent time the IP pool was active.

Strata Cloud Manager Getting Started 151 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Access Agent Users Table

The Access Agent Users table shows Users or User Devices.
Users
• Current Connected—Turn Current Connected ON to view connected users only. Turn it OFF
to see all of your users.
• User Name—Unique username.
• User Devices—Number of devices associated with the user.
• Applications—Number of applications connected to the user.
• Threats—Threats information for the user.
• Data Usage—User's data usage.
• Last Login Time—Last date and time the user logged in.
User Devices
• Current Connected—Turn Current Connected ON to view connected users only. Turn it OFF
to see all of your users.
• Agent Type—Filter information by GlobalProtect or Prisma Access Agent.
• Source IP Address—Unique IP address.
• OS Family/Version—OS family and version to which the device belongs.
• User Experience Score—Overall application experience score of your users.
• Last Device Location—Device's location by city, country.
• Last Firewall/PA Location—Last connected NGFW name or Prisma Access location.
• ISP Name—Unique ISP name.
• Last Activity Time—Most recent date and time the user was active.
• Connectivity Mode—Tunnel, Proxy, or Tunnel and Proxy.
• Self Serve Notifications—(ADEM only) Number of Self-Serve notifications sent to the user's
device.

Strata Cloud Manager Getting Started 152 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Self Serve Status—(ADEM only) Enabled or disabled on the device.

Click on any username to view information about the user's Activity, Connectivity, and
Experience.
Agent User Activity
See the user's Total Threats, Threats by Risk Level, Unique Threats, Web Browsing Summary,
and Application Summary during the selected time range.
Unique Threats provides details about the threats this user faced during the time range selected.

The Web Browsing Summary shows details about the URLs the user has visited.

Strata Cloud Manager Getting Started 153 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Overview shows the number of unique URLs that the user has visited, Severity of URLs (High,
Medium, or Low), and the number of Malicious URLs the user has visited.
Most Visited Sites shows the most visited sites in order of number of times visited, Site
Category, Risk Level, and number of Sessions, or visits the user made to this site.

• Blocked shows the number of Blocked URLs the user tried to access, the Severity of Blocked
URLs (High, Medium, or Low), Malicious Blocked URLs, and Blocked URLS with Most Visited
Sites.
• Sessions shows:
• Total Hits—The number of times the user has accessed websites.
• Category Session Breakdown—Breaks down the types of sites the user visited.
• Top URL Categories for Sessions—The top categories, in order, that the user visited.
• Data Transfer shows the Total Data Transferred, Category Data Transfer Breakdown, and Top
URL Categories for Data Transfer table that shows Category, Unique URLs for each category,
and Data Transferred, in MB, for each category.
Application Summary shows information about the user's applications during the selected time
range.

Strata Cloud Manager Getting Started 154 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Activity—The user's number of Total Apps, Applications by Risk Score, Top App Categories,
and a list of All Applications that shows each one's App Risk score. App risk scores are ranked
in numerical order from high (5) to low (0).

• Blocked—The user's Total Blocked Applications, Total Allowed Applications, and the Total
Blocked Applications table that shows a list of blocked applications by Application Name and
Rule.
• Sessions—Details about each time the user accessed each application. You can view the user's
number of Total Sessions, Category Sessions Breakdown, and the Top Used Applications,
which shows the number of user sessions for each application during the selected time range.
• Data Transfer—The Total Data Transferred, Category Data Transfer Breakdown, and Top
Applications with Data Transferred by Application Name and Data Transferred in MB.
Agent User Connectivity
Understand your user's device connectivity by reviewing the Connected User's Device Trend
chart, Connected User's Devices, and User Login & Logout Events on all devices.

Strata Cloud Manager Getting Started 155 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• The Connected Devices User Trend chart illustrates the number of devices that connect at
specific times during the selected time range. Hover over a point in the chart to view the
number of devices connected at that date and time.
• The Connected User's Devices table shows details about each of the user's connected devices,
by device name:
• Last User Source IP Address—Most recent user source IP address.
• Last Private IP—Most recent private IP address.
• Last User Location—User's most recent location.
• Last Login Time—Date and time the device last logged in.
• Last Logout Time—Date and time the device last logged out.
• Last Session Duration—How long the most recent session lasted.
• Auth Type—Auth type used.
• OS Family/Version—OS family and version used by the device.
• Agent Version—Agent version used by the device.
• Firewall/Location—Firewall or location used by the device.

Strata Cloud Manager Getting Started 156 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• The User Login & Logout Events table gives details about the device's login and logout events:
• User Source IP Address—Device's user source IP address.
• Private IP—Device's private IP address.
• User Location—Device user's location.
• Login Time—Date and time the device is logged in.
• Logout Time—Date and time the device is logged out.
• Session Duration—How long the session lasted.
• Auth Type—Auth type used.
• OS Family/Version—OS family and version used by the device.
• Agent Version—Agent version used by the device.
• Firewall/Location—Firewall or location used by the device.
• Agent Type—Agent type used.

Agentless Proxy Users

Select the number under Agentless Proxy Users to view details about your agentless proxy
(formerly Explicit Proxy) users.

Active Agentless Proxy Users Graph

Hover over the trend line in the Active Agentless Proxy Users chart to observe the number of
Active Users and the corresponding connection time. View the total number of Active Users
connected through agentless proxy.
Agentless Proxy Risky Users
View the number of users affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.

Strata Cloud Manager Getting Started 157 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Agentless Proxy Users Table

The Agentless Proxy Users table lists your agentless proxy users by User Name.
• Last Source Location—The source's last city and country.
• Last Used PA Location—The last used Prisma Access location.
• Source IP—The source IP address.
• Last Login Time—The most recent time the agentless proxy user logged in.
• OS Family/Version—OS family and version.
• Browser Name—Name of the browser used.
Click on any username to view information about the agentless proxy user's Activity and
Connectivity.
Agentless Proxy User Activity
Hover over the trend line in the Active User Session Trend chart to observe the number of
connected users and the corresponding connection time.
View all User Login & Logout Events details:
• User Source IP Address—Device's user source IP address.
• User Location—Device user's city and country.
• Login Time—Date and time the device last logged in.
• PA Location Used—Prisma Access location.
• Bytes Sent—Number of bytes sent.
• Bytes Received—Number of bytes received.

Enterprise Browser Users

Prisma Access enables secure communication between third-party enterprise browsers and
Prisma Access for accessing SaaS and private web applications, with network admins needing
visibility and necessary connectivity information for troubleshooting. Select the number under
Enterprise Browser Users to view details about your users connected through Enterprise
Browser. If you have multiple enterprise browsers, Enterprise Browser Users shows the
cumulative user count connected to multiple enterprise browsers within the environment.

Enterprise Browser Users

View the number of Enterprise Browser users. Hover over the trend line in the Enterprise
Browser Users chart to observe the number of Active Users and the corresponding connection
time.
Enterprise Browser Risky Users
View the number of Enterprise Browser users affected by threats. The Up or Down arrow
compares this time range with a previous time range to determine the difference, in percentage,
of the number of connected devices.

Strata Cloud Manager Getting Started 158 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Enterprise Browser Users Table

The Enterprise Browser Users table shows the following Users details.

• User Name—Unique username.

• Browser Type—The type of browser user is accessing. It can be Enterprise Browser or any
supported third-party browser.
• Browser Version—The version of the browser being used by the user.
• Last Source IP—Most recent user source IP address.
• Last Source Location—The source's last city and country.
• Last Used PA Location—The last used Prisma Access location.
• Last Activity Time—Most recent date and time the user was active.
Select any username to view information about the user's Activity and Experience.

To view the specific information related to your enterprise browser, use Connection
Method. You can select Enterprise Browser or any other supported third-party enterprise
browser.

Office Users
Office users physically occupy the office and connect internally. Even if they are not using
GlobalProtect or Enterprise Browser, they can still connect to internal applications such as
Confluence or Jira. Branch users are included in the Office Users category. Select the number
under Office Users to view details about your users connected through Enterprise Browser. You
can further add filters to refine your search for a particular user and application.

Strata Cloud Manager Getting Started 159 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Office Users Graph

Hover over the trend line in the Office Users chart to see connected Office Users and when they
were connected. View the total number of active office users.
Office Users Risky Users
View the number of office users affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.
Office Users Table
The Office Users table shows office users by User Name.
• Connection Method—Method through which the user connects.
• Last Device Location—Device's location by city, country.
• Threats—Number of threats the user faces.
• Applications—Number of applications connected to the user.
• Data Usage—Total data usage in bytes.
• Last Firewall/PA Location—Last connected NGFW name or Prisma Access location.
• Last Activity Time—Most recent date and time the user was active.

Other Hosts
The Other Hosts category shows IP addresses with traffic on the network, such as users' private
mobile phones that are not connected through GlobalProtect or internally as an office user.
Information for other hosts falls into two categories: internal and external hosts accessing
resources on the internet. Internal hosts serve on-site users, such as guests or employees using
their mobile phones in the office, and external hosts serve users, such as people visiting your
enterprise website.
Select the number under Other Hosts to view details about your other hosts.

Strata Cloud Manager Getting Started 160 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Other Hosts Graph

Hover over the trend line in the Other Hosts chart to see the number of connected IP addresses,
or other hosts and the date and time they were connected. View the total number of active other
hosts.
Other Hosts Risky Users
View how many other hosts are affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.
Other Hosts Table
The Other Hosts table shows other hosts by IP address.
• User Devices—Number of devices associated with the user.
• Applications—Number of applications connected to the user.
• Threats—Threats information for the user.
• Data Usage—User's data usage.
• Last Activity Time—Date and time of the user's most recent activity.

IPv6 for Mobile Users

If you use IPv6 networking in your Mobile Users - GlobalProtect deployment, you can configure
Prisma Access to use IPv6 addresses in your mobile user networking. You also need to enable
IPv6 networking globally in your Prisma Access infrastructure before you can use IPv6 addressing.
With IPv6 in your GlobalProtect deployment, the Users | Devices table shows either an IPv4 or
IPv6 address in the Source IP Address column.

Strata Cloud Manager Getting Started 161 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Select any connected user to see information about their devices' trend. The Connected User's
Devices table shows data about a user's devices, including the Last User Source IP Address and
Last Private IP, both of which can include IPv4 and IPv6 addresses for a single device entry.

You can view IPv6 address information in the User Login & Logout Events table. The User Source
IP Address and Private IP Address columns show either an IPv4 or IPv6 address.

Activity Insights: Domains

Where Can I Use This? What Do I Need?

• Prisma Access You must have at least one of these licenses

to use the Activity Insights:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Free (use the AIOps
for NGFW Free app) or AIOps for NGFW
(with Strata Cloud Manager or Panorama
Premium license (use the Strata Cloud
configuration management)
Manager app)

Strata Cloud Manager Getting Started 162 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

Strata Cloud Manager Essentials
Strata Cloud Manager Pro
The other licenses needed to view the Activity
Insights: Domains tab are:
Strata Logging Service
Advanced URL Filtering license
Advanced DNS Security license

The Domains page consolidates information to provide a unified view of domain activity. This
view summarizes the domain and URL activity in your Prisma Access and NGFW deployments
that the Advanced URL Filtering and Advanced DNS Security services have detected. You can
get visibility into the total number of domains detected in your network during the specified time
period, the breakdown of these domains by category and risk level, and use the filtering options to
filter the view in the dashboard.

Use the data to:

• Identify the most accessed domain categories, unique domains within each category, and
domain history in your network along with global analysis findings. Based on the malicious
domains filtered by the URL Filtering and DNS Security services, these domain categories are
likely to expose your network to malicious and exploitative content. It's a best practice to block
these domains and URL categories.
• Review the high-risk domains, their impact on users, applications, and rules. High-risk domains
are not always malicious; however, they might still expose your network to threats. Consider
targeting these sites with strict decryption and Security policy rules.
• Analyze domain information from both URL Filtering and DNS Security, providing a
comprehensive view of domain activity across your network.
• Examine malicious domains detected by both services to enhance your threat prevention
strategies.
Reports—You cannot generate reports that cover the data in this view.

Activity Insights: Rules

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:

Strata Cloud Manager Getting Started 163 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• NGFWs
(with or configuration management) or

The other licenses needed are:

View the Security policy rules that are matched against all the traffic in your network. Security
policy rules determine whether to block or allow a session based on traffic attributes, such as the
source and destination IP address, the application, the user, and the service. All traffic passing
through your network is matched against a session and each session is matched against a Security
policy rule. When a session match occurs, the Security policy rule is applied.

The dashboard shows the following details of the network event matching the Security Policy
rule:
Traffic sessions, data transferred, threats detected in the sessions, users impacted, URLs browsed,
and applications accessed. Review the most matched rules to the traffic sessions, analyze those
sessions to understand if the rule is overly permissive and optimize the rule if required.
Reports—You cannot generate reports that cover the data in this view.

Activity Insights: Regions

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

The other licenses needed are:

Strata Cloud Manager Getting Started 164 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

These are the regions from which the traffic originated in your network. The view provides
information on threats, users, URLs, network sessions, and data transfer originating from these
locations. You can also drill down to know the targeted location of the traffic. Click Actions to
view the traffic logs for the session. You can use the data to identify and narrow down regions
that are targets for threats attempting to infiltrate your network. Optimize the rule that applies to
the targeted regions.

There are filtering options to narrow down the traffic to and from a specific source and
destination regions. The other filtering options include:
• Traffic observed in a specific deployment; Prisma Access, NGFW
• Traffic to and from sanctioned or unsanctioned applications
• Traffic using specific port and protocols
• Traffic involving specific threat types, threat category, URL, and URL category
Reports—You cannot generate reports that cover the data in this view. However, you can utilize
the Network Usage report to view details about your network traffic. To schedule report, from
the Strata Cloud Manager > Reports menu, click the icon and select Network Usage from the
Type drop-down.

Activity Insights: Projects

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

Gain visibility into your Prisma Access Agent deployment by using Strata Cloud Manager to
monitor your Dynamic Privilege Access project activity.

Strata Cloud Manager Getting Started 165 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• The Projects table provides an overview of the projects your Dynamic Privilege Access users
access using Prisma Access. Select any project's name to view its details page.
• The project's details page shows:
• Overview—See the maximum allowed users and the peak number of users during the
selected time range for this project.
• IP Pools Utilization—View the number of IP addresses in use and the number of IP
addresses that are still available for the pools in this project.
• Connected Users—View a graph of the users connected during the selected time range.
• Connected Users by Location Group—See the number of users by the Prisma Access
location group they're in.

Activity Insights: Build a Custom Dashboard

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
Licenses to unlock certain widgets in the
dashboard
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Apart from the default dashboards, you can create custom dashboards to get visibility into
areas of your interest in your network using widgets. Widgets are components used to

Strata Cloud Manager Getting Started 166 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

create a dashboard. Widgets are categorized and stored in the widget library..Click Insights
> Activity Insights and click + on the top right side of the page. The widgets available in
the widget library depend on your security services subscriptions. For example, if you have
AIOps for NGFW Premium and Advanced WildFire licenses, you can view and use all the widgets
under WildFire category to create dashboard.
These are the widget categories available to create a dashboard. Refer to the links below to know
the license requirements to access widgets under these categories and learn about them.

Create a Dashboard
You can add up to 10 widgets in a custom dashboard and create 10 custom dashboards per
user. The dashboard and widgets can be customized at any time. You can customize the widget
tile, description, show or hide filters, dashboard settings such as layout, dashboard name, and
descriptions, and also include filters in the dashboard.
STEP 1 | Click Insights > Activity Insights > +.

STEP 2 | Enter a name for the dashboard.

STEP 3 | Select a widget category from the Widget Library drop-down.

STEP 4 | Add the widget to the dashboard: Hover over the widget to learn about the widget. Drag and
drop the widget to the dashboard canvas.
You can add more widgets of the same or different types from another widget category to the
dashboard canvas.

STEP 5 | Switch between the Sample Data and Real Data view to know how your dashboard
widget looks. Sample data helps you visualize how your dashboard will look and what type
of information you can see. Use the Real Data option to view the actual data for your
deployment.

STEP 6 | (Optional) You can customize the dashboard in the editor view:
• Rearrange the widgets in the dashboard - select the widget and drag and drop where
required in the canvas.
• Edit a widget using the edit icon at the top-right corner of each widget. Editable settings
vary by widget type — for example, name, description, and data filtering options like verdict
and action.

You can edit the widget settings in the editor view or after you save the dashboard.

STEP 7 | Save the dashboard and click Go to see dashboard at the top of the page to open the
dashboard.

Strata Cloud Manager Getting Started 167 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

STEP 8 | (Optional) After you save the dashboard, you can:

• change the time range for which you want to view the dashboard data.

You can change the time only after you save the dashboard. In the editor view, the
time range defaults to 24 hours.
• use the edit or delete icon to modify or delete the custom dashboard.

Strata Cloud Manager Getting Started 168 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Prisma AIRS

Where Can I Use This? What Do I Need?

• Activate Your AI Runtime Security License

(with or configuration management)
AI Runtime Security Setup Prerequisites
• NGFWs
Onboard and Activate a Cloud Account in
(with or configuration management) SCM

Palo Alto Networks Prisma AIRS is a purpose-built centralized security solution to protect your
organization’s cloud network architecture from AI-specific and conventional network attacks
by leveraging real-time, AI-powered security. It secures your next-generation AI models, AI
applications, and AI datasets from network threats such as prompt injections, sensitive data
leakage, insecure output (for example, malware and URLs), and model DoS attacks.
Use the AI Runtime Security Insights dashboard to understand your cloud network attack surface
and defend your cloud assets against malicious threats.

To learn more about how to secure your AI and non-AI network traffic flow from potential
attacks, see Prisma AIRS documentation.

Strata Cloud Manager Getting Started 169 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: AI Access
Where Can I Use This? What Do I Need?

• One of the following licenses:

(with or configuration management)
license
• NGFWs
CASB-PA license
(with or configuration management)
CASB-X license
For more information on licenses that support
AI Access Security, click here.

Generative artificial intelligence (GenAI) applications are AI applications capable of generating

text, images, videos, and other forms of data in response to user prompts and continuously learn
based on user data inputs. Their usage is proliferating at an astonishing rate and offer limitless
opportunities for businesses. However, the nature by which GenAI applications contentiously
improve presents a new danger to businesses and security administrators—how can you ensure
your employees are not exposing sensitive or proprietary data to GenAI apps?
Palo Alto Networks introduces AI Access Security to enable safe adoption of GenAI applications
across your organization.
Use the AI Access Security Insights dashboard to filter the GenAI application usage on your
network. The AI Access Security Insights dashboard provides in-depth details to help you
understand which GenAI apps are being used and by who.

To learn more about how to secure your sensitive data from GenAI applications, click
here.

Strata Cloud Manager Getting Started 170 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Executive Summary

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
Licenses to unlock certain widgets in the
dashboard
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Strata Cloud Manager > Insights > Advanced Threat Prevention

What does this dashboard show you?

The dashboard shows aggregated data per Strata Logging Service tenant.

The Executive Summary dashboard shows you how your Palo Alto Networks security
subscriptions are protecting you. This report breaks down malicious activity in your network
that these subscriptions are detecting: WildFire, Advanced Threat Prevention, Advanced URL
Filtering, and Enterprise DLP. The dashboard shows data for each of these service with links to
security services dashboards to dive deeper for further investigation.
This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.
The dashboard provides the following data.

Strata Cloud Manager Getting Started 171 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Security Subscriptions Overview: This report gives you the numbers on the malicious activity
your subscriptions are detecting and preventing:
• high-risk applications
• severe threats (exploits, malware, and C2)
• malicious web activity
• file-based threats (including never-before-seen threats)
• data loss
• Application Usage: Review the traffic logs for high-risk applications and see how you can
strengthen the security posture.
• Advanced Threat Prevention: Examine the security policy rules that allow most threats.
Review these rules to see where you can enable stricter threat enforcement. Learn more.

Requires Advanced Threat Prevention license.

• URL Filtering: Review the malicious web activity in your network, particularly the number of
malicious web sites that your users are attempting to access.

Requires Advanced URL Filtering license.

• WildFire: Learn more. ➡

Requires Advanced WildFire license.

• Enterprise DLP: See how your Palo Alto Networks Enterprise DLP service is protecting your
data by enforcing data security standards. The dashboard gives insights into the applications
to which most uploads are prevented by DLP and the total number of files that are blocked
by DLP in your network. You can also use this data to compare with your industry peers and
benchmark your security posture standards.
Review the applications and source usernames to better understand where the DLP incidents
originated and manage them.

Requires Enterprise DLP license.

How can you use the data from dashboard?

• Review all the malicious activity that the active Palo Alto Networks subscriptions are detecting.
See if you need to refine the subscription settings or security rule settings to close any security
gaps.

Strata Cloud Manager Getting Started 172 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Shows you industry data to gives you perspective on the threat landscape you’re facing and
how you stack up against your peers.

Strata Cloud Manager Getting Started 173 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: WildFire
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > WildFire to get started.

Strata Cloud Manager Getting Started 174 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

What does this dashboard show you?

The dashboard shows aggregated data per tenant service group (TSG). The dashboard
shows data across Prisma Access, Palo Alto Networks firewalls, and Panorama appliances
associated with your tenant, provided your tenants have a one-to-one mapping with
your Customer Support Portal account. The dashboard does not show data from other
sources if multiple tenants are associated per Customer Support Portal.

The WildFire dashboard shows you how WildFire is protecting you from net new malware that’s
concealed in files, and executables. This dashboard supports reports. These icons, in the
top right of a dashboard indicate that reports are supported for this dashboard. You can share,
download, and schedule reports that cover the data this dashboard displays. Before you can
access the Strata Cloud Managerdashboards, you must first activate and onboard as well as
configure your NGFW and/or Prisma Access to forward submission logs to Palo Alto Networks.

How can you use the data from the dashboard?

Use this dashboard to:
• monitor WildFire submissions and get details of WildFire samples submitted to WildFire cloud
for analysis.
• view details of targeted users, the applications that delivered the files, the firewalls that
submitted the samples for analysis, and all URLs involved in the command-and-control activity
of the files.
• view the trends for all the samples submitted from your network (either NGFW or Prisma
Access) based on the total number of threats identified and prevented (or allowed, based on
policy), broken down by various WildFire prevention methods.

WildFire Insights: Filters

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager Getting Started 175 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The WildFire dashboard provides a variety of filter options to narrow down on specific data from
the dashboard.
• Time range—Set the time-frame for which you want to display data. Select from the Last 24
hours, Past 7 days, Past 30 days, or custom time range.
• Tenant Name—View the tenant for which the dashboard data is displayed.
• Cloud—Filter data based on the available Advanced WildFire cloud regions.
• Sample Source—Filter data based on the devices that are submitting samples to the Advanced
WildFire cloud for analysis. The options include NGFW-All, Prisma Access-All, and Prisma
Access-Mobile.

The quantity of WildFire samples submitted from Prisma Access-All that are visible in
the dashboard is dependent on the version of Prisma Access.
• Sample Type—Filter data based on a specific sample type, either File or Link.
• Total/Unknown—Filter data based on the unknown sample status when initially submitted to
the Advanced WildFire cloud for analysis (previously unknown samples). These also include the
total number of samples that were submitted or queried through the Advanced WildFire cloud.
• File Hash (SHA256)—View the data for samples with SHA-256 values for files analyzed by
Advanced WildFire.
• File Name—Filter data based on the File Name with a user-designated search string.
• Verdict—View samples identified as Benign, Malware, Grayware, C2, Phishing, or Pending as a
result of Advanced WildFire analysis.
• File Type—View data based on the file type of the sample analyzed by WildFire. Learn about
the supported file types for WildFire analysis.
• URL—Filter data based on the URL with a user-designated search string.
• App Name—Filter data based on the samples that are delivered by an application.
• Attack Origin Region—Filter to view the samples that are sent from a specific location.
• Attack Target Region—Filter to view the samples that are received in a specific location.
• User Name—Enter the username to filter data for the user that is targeted to deliver the
sample in your network.
• Prisma Access Location/Branch—Filter samples based on the Prisma Access branch location.
• FW Device Serial Number—Filter the data for the device that submitted the sample for
WildFire analysis.
• Analysis Type—Filter based on the type of Advanced WildFire Analysis that the sample has
undergone.

WildFire Insights: Submissions and Verdicts

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

Strata Cloud Manager Getting Started 176 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software
NGFW Credits
The other licenses and prerequisites needed
for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

The total number of samples submitted for Advanced WildFire analysis during the selected time
period. The widget shows the number of samples submitted from each source and the verdict
generated for the samples. The widget also shows the spike in the samples submitted for WildFire
analysis. Investigate the spikes in malware samples and take action to mitigate threat impacts on
your network.

WildFire Insights: Analysis Insights

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard

Strata Cloud Manager Getting Started 177 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

Get insights into the unique Advanced WildFire samples submitted from your network and
subsequent signatures generated from the analysis. Use the data to understand the new threats
that were observed only in your network in the selected time frame and the number of times your
network has been protected by the signatures generated. Due to the nature of this widget, only
the Time range filter is applicable when adjusting the scope of the presented data.
• Signatures Created by My Org - Percentage of signatures generated from samples unique/first
seen in your environment.
• Signatures Created by Others - Percentage of new signatures created by Advanced WildFire
from all uploaded samples, across the entire spectrum of Palo Alto Networks customers and
other sample sources.

The signature generation data shown in the widget is refreshed every 24 hours by Palo
Alto Networks.

WildFire Insights: Verdict Trends

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Cloud Manager Getting Started 178 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

The other licenses and prerequisites needed
for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

Examine the trends for all the samples submitted to Advanced WildFire from your sources and
the verdicts for those samples. Select a verdict count to open all submissions included in the
dashboard settings. You can perform an IOC search on these samples to know the history of the
sample in your network and the global analysis findings of the sample.

WildFire Insights: Verdict Distribution

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Cloud Manager Getting Started 179 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

The other licenses and prerequisites needed
for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

Learn more about the verdicts for net new samples that Advanced WildFire detected for the first
time in your network. Focus in on the sample types that are most frequently concealing malware.
You can open a list of analyzed samples based the verdict or the WildFire file forwarding category
by clicking on the sample count on the X or Y axis.

Alternatively, you can also view the data in table format:

WildFire Insights: Recent Submissions

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

Strata Cloud Manager Getting Started 180 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software
NGFW Credits
The other licenses and prerequisites needed
for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

View recently submitted samples to Advanced WildFire from your sources and the details for
those samples, including the source and destination IP addresses, the file type, and the verdict.
For a more comprehensive backlog of sample submissions, select All Samples. You can perform an
IOC search on any of these samples to access the history of the sample in your network and the
global analysis findings of the sample. Additionally, from the resulting IOC search result, you can
also Download and view the complete WildFire report for the sample.
For a complete listing of available WildFire sample submissions, you can select All Samples
from the Recent Submissions widget.

WildFire Insights: Submissions Per Source Application

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:

Strata Cloud Manager Getting Started 181 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

Review the details of the applications that facilitated the delivery of samples into your network
based on the globally selected verdict category.

WildFire Insights: Submission Per Destination User

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service

Strata Cloud Manager Getting Started 182 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

This shows the users who received the most samples in your network based on the globally
selected verdict category.

WildFire Insights: Malware Regions

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

Strata Cloud Manager Getting Started 183 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Review the locations from where the malicious samples originated or that were delivered to in
your network. You can view the sample count for attack origin and target on a map or organized
into a table format. Use this to narrow down regions targeted by malware and type of malware
attack. Due to the nature of this widget, the Verdict filter is not applicable when adjusting the
scope of the presented data.

WildFire Insights: Firewalls

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

View the Palo Alto Networks NGFWs and Prisma Access tenants that are submitting malicious
samples for Advanced WildFire analysis in order of prevalence. Review the statistics to track

Strata Cloud Manager Getting Started 184 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

down the impacted endpoints and reconfigure the policy rules to mitigate the threats and contain
the malicious files at the source.

WildFire Insights: Prevention Statistics

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > WildFire to view the dashboard.

Examine the trends for all the samples submitted to Advanced WildFire from your network (either
NGFW or Prisma Access) based on the total number of threats identified and prevented (or
allowed, based on policy), broken down by three prevention methods. The prevention methods
correspond to the primary detection categories of Advanced WildFire, and includes: signature-
based prevention, inline machine learning models, and inline cloud analysis for zero-day malware.
This detailed view helps you understand not only the volume of threats being prevented but also
the specific technologies providing that protection. You can dynamically adjust the time range at
the top of the dashboard to analyze security trends over different intervals, giving you greater
insight into your threat landscape and the effectiveness of your prevention capabilities.
• Hover over the data graphs to display statistics for the specified period.
• You can filter the Blocked And Allowed Malware widget based on a policy action of Blocked
or Allowed.

Strata Cloud Manager Getting Started 185 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Only the Time Range global dashboard filter has an effect on the Prevention Statistics.
• Based on the selected Time Range, you will also see a data field indicating an increase or
decrease of detected malware.
Prevention Statistics

Strata Cloud Manager Getting Started 186 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Advanced Threat Prevention

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Advanced Threat Prevention to get started.

Strata Cloud Manager Getting Started 187 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 188 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

What does this dashboard show you?

The dashboard shows aggregated data per Strata Logging Service tenant.

The Advanced Threat Prevention dashboard gives insight into threats detected in your network
and identifies opportunities to strengthen your security posture. Threats are detected using inline
cloud analysis models and threat signatures generated from malicious traffic data collected from
various Palo Alto Networks services. This dashboard provides a timeline view of threats allowed
and blocked and a list of hosts generating cloud-detected C2 traffic and hosts targeted by cloud-
detected exploits.
This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.

How can you use the data from dashboard?

Use this dashboard to:
• get threat visibility in your network traffic
• analyze threat sessions to improve the accuracy of your policy rules
• gain insight into the real-time threat detected by inline cloud analysis
• get context around the threat from logs and cloud reports and use this data to improve your
incident response process.

Advanced Threat Prevention: Threat Overview

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service

Strata Cloud Manager Getting Started 189 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Advanced Threat Prevention to get started.
Compare the delta between the threats that are allowed and blocked by your security rules.

Advanced Threat Prevention: Top Rules Allowing Threats

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Advanced Threat Prevention to get started.
Examine the threat sessions that matched the security policy rule and see if you need to modify
the policy rule to strengthen your security posture. You can further analyze the threats and
matching rules in Activity Insights.

Strata Cloud Manager Getting Started 190 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Column Description

Policy Name The security policy rule that is allowing the

corresponding threats.

Sessions The number of threat sessions that matched

the security policy rule.

Data Transfer (Bytes) The amount of data flowed through the

sessions that matched the security policy rule.

Unique Threat Count The number of threats that matched the

security policy rule.

Advanced Threat Prevention: Hosts Generating Cloud Detected

C2 Traffic
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service

Strata Cloud Manager Getting Started 191 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Advanced Threat Prevention to get started.
Examine the source IPs and users responsible for generating command and control (C2) traffic.
Advanced Threat Prevention uses cloud-based engines and inline cloud analysis to detect and
analyze traffic for unknown C2 and vulnerabilities. Click the search icon next to the source IP
to review the usage patterns related to the source IP. A contextual link to Log Viewer helps to
analyze the threat sessions, download the packet capture and cloud report to get additional
context and leverage Palo Alto Networks threat analytics data and improve your incident
response processes.

Advanced Threat Prevention: Hosts Targeted by Cloud-Detected

Exploits
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Advanced Threat Prevention to get started.
These are the IPs targeted by vulnerability exploits. Advanced Threat Prevention uses cloud-
based engines and inline cloud analysis to detect and analyze this traffic. Hover over the
destination IP address and click the search icon to review the usage patterns related to the
destination IP. View logs to get context around the threat. Download cloud report and packet
capture from the logs to get additional context and use Palo Alto Networks threat analytics data
and threat intelligence to improve your incident response processes.

Strata Cloud Manager Getting Started 192 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 193 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Device Security

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard

→ The features and capabilities available to

you in depend on which license(s) you are
using.

To get started, select Insights > Security > Device Security. To learn more about Device Security
and find the Administration Guide for Device Security, see the Device Security Docs.

What does this dashboard show you?

The Device Security dashboard serves as the gateway to Device Security, the unified assets
discovery, monitoring, and protection platform for all devices in your network. Device Security
delivers unified, AI-powered protection across all connected devices, including unmanaged and
managed IT, IoT, OT, and BYOD devices. With Device Security, you get aggregated visibility, risk
assessment & prioritization, and proactive risk mitigation in one solution.
• Aggregated Visibility – The Assets Inventory presents a unified way to see all of your network
devices learned through traffic monitoring and third-party integrations. With over 2,000
identity and posture attributes, the Assets Inventory provides comprehensive visibility and
context into your network.
• Risk Assessment & Prioritization – Device Security combines knowledge of threats and
vulnerabilities with your security posture to assess your network and reduce noise by
prioritizing risks. With knowledge of known threats, active exploits, documented vulnerabilities
(CVSS & EPSS), and security hygiene best practices, Device Security monitors your network for
high severity risks and active vulnerabilities. It then compares these risks against your defined
asset criticality, known patches, and applied compensating controls to provide a prioritization
of risks and mitigating actions that you can take.
• Proactive Risk Mitigation – By analyzing network traffic behaviors and high-priority risks,
Device Security proactively recommends Security Policy Rules. You can review and add policy
rule recommendations to your firewall to ensure only allowed traffic passes through your

Strata Cloud Manager Getting Started 194 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

network. You can also define Device-ID objects using multiple device attributes to specify
what matching criteria to use for different Security Policy Rules.

How can you use the data from this dashboard?

To use Device Security in Strata Cloud Manager, you need a Device Security license. Work with
your Palo Alto Networks contact to acquire a license, and then follow the steps to activate your
license and onboard Device Security.
Because Device Security relies on next-generation firewalls for passive traffic monitoring and
policy enforcement, you need to prepare your firewall and deploy your firewall for device
visibility.
Once you've finished setting up your firewalls for Device Security, return to Strata Cloud Manager
and navigate to Insights > Security > Device Security to configure your networks, integrate with
third-party products, discover devices, review vulnerabilities, and monitor all devices in your
network. To learn more about the full capabilities of Device Security, and how to configure and
manage Device Security, visit the Device Security Docs.

Strata Cloud Manager Getting Started 195 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Threat Search

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
ADEM Observability
Autonomous DEM for Remote Networks
AI-Powered ADEM
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

You can search on a security artifact to interact with data just for that artifact. Search results
include:
• The artifact’s history and activity in your network. Using this data, you can assess how
prevalent the artifact is in your network and compare to Palo Alto Networks global data.
• Palo Alto Networks threat intelligence on the artifact, based on analysis data of all traffic
processed by Palo Alto Networks.
• Passive DNS data that is used to populate the Passive DNS History widget (for URL and
domain searches) is generated based on user data from telemetry collected by the firewall.
Click Insights > Threat Search to get started.

To get started, search for one of these types of artifacts: a file hash (SHA-256), a URL, a domain,
or an IP address (IPv4 or IPv6).

IP Address
You can search for an IP address (IPv4 and IPv6) to analyze the threat information related to IP
address activities in your network. The following data is displayed in the search result:

Strata Cloud Manager Getting Started 196 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Total number of times an IP address was detected and allowed into in your network over the
past 30 days.
• Graphical representation of global telemetry counts.
• Associated threat actors, malware Campaigns, vulnerabilities, techniques, in the form of tags
associated with the IOC.

IP Address Overview—View general information about the IP address, including the verdict,
associated tags, and, if the IP address has been analyzed previously, the timestamp when it was
initially and last observed, globally.

Evidence in Your Network—Learn about detection reasons with timestamps when it was
initially and last observed in your network, unique allowed users, and total hits data for the web
request.

IP Address History {in Your Network | Globally}—Shows the number of times the IP address
was accessed by various endpoints in your network (or globally, depending on the widget
setting) during the past 30 days.
Globally:

Strata Cloud Manager Getting Started 197 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

In Your Network:

Passive DNS History —Review the passive DNS history of DNS traffic records associated with
the IP address. That can allow you to examine how domains have been resolved in the past,
track changes in DNS configurations, and identify potentially malicious activities.
You can configure the fields displayed in the passive DNS history table based on the following
fields:
• ➡—Indicates the number of the passive DNS entry.
• Request—The domain name that was queried.
• Response—The domain response type.
• Count—Number of times the domain was accessed from your network.
• Type—The DNS query record type. For example, "A" (for IPv4), "AAAA" (for IPv6), "MX" (for
mail servers), "NS" (for name servers), "TXT" (for text records), and "CNAME" (for DNS
records that store information about the domain's CNAME alias history).
• First Seen—Indicates when the DNS records were first observed.
• Last Seen—Indicates when the DNS records were last observed.

Strata Cloud Manager Getting Started 198 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Whois Information —Displays general domain information based on the resource's publicly
available registration details.

Domain
View a summary of the activities associated with the domain in your network. The search results
include:
• Classification of the domain in your network based on analysis data from URL Filtering and
DNS Security.
• Total number of activities associated with the domain over a specified duration, both in your
network and globally.
• Enforcement applied to each activity in a graphical format.
• DNS activity collected from across all WildFire submissions that contain instances of this
domain.

The IOC Search does not currently support visualization of local network activity seen by
the Advanced DNS Security Resolver.

Domain Overview—View general information about the domain, including the domain and
URL categories as determined by the Advanced DNS Security and Advanced URL Filtering
services, respectively, the category tags, and, if the IP address has been analyzed previously,
the timestamp when it was initially and last observed, globally.

Strata Cloud Manager Getting Started 199 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Evidence in Your Network—Learn about detection reasons with timestamps when it was
initially and last observed in your network, unique allowed users, and total hits data for the web
request.

Domain History {in Your Network | Globally}—Shows the number of times the domain was
accessed by endpoints in your network (or globally, depending on the widget setting) during
the past 30 days.
Globally:

In Your Network:

Strata Cloud Manager Getting Started 200 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Passive DNS History —Review the passive DNS history of DNS traffic records associated with
the domain. That can allow you to examine how domains have been resolved in the past, track
changes in DNS configurations, and identify potentially malicious activities.
You can configure the fields displayed in the passive DNS history table based on the following
fields:
• ➡—Indicates the number of the passive DNS entry.
• Request—The domain name that was queried.
• Response—The domain response type.
• Count—Number of times the domain was accessed from your network.
• Type—The DNS query record type. For example, "A" (for IPv4), "AAAA" (for IPv6), "MX" (for
mail servers), "NS" (for name servers), "TXT" (for text records), and "CNAME" (for DNS
records that store information about the domain's CNAME alias history).
• First Seen—Indicates when the DNS records were first observed.
• Last Seen—Indicates when the DNS records were last observed.

Whois Information —Displays general domain information based on the resource's publicly
available registration details.

Strata Cloud Manager Getting Started 201 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

URL
Learn about the URL’s activity across all traffic Palo Alto Networks analyzes. The search results
include:

URL Overview—View general information about the URL, including the domain and URL
categories as determined by the Advanced DNS Security and Advanced URL Filtering services,
respectively, the category tags, and, if the IP address has been analyzed previously, the
timestamp when it was initially and last observed, globally.

Evidence in Your Network—Learn about detection reasons with timestamps when it was
initially and last observed in your network, unique allowed users, and total hits data for the web
request.

Strata Cloud Manager Getting Started 202 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

URL History {in Your Network | Globally}—Shows the number of times the URL was accessed
by endpoints in your network (or globally, depending on the widget setting) during the past 30
days.
Globally:

In Your Network:

Strata Cloud Manager Getting Started 203 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Passive DNS History —Review the passive DNS history of DNS traffic records associated with
the URL. That can allow you to examine how domains have been resolved in the past, track
changes in DNS configurations, and identify potentially malicious activities.
You can configure the fields displayed in the passive DNS history table based on the following
fields:
• ➡—Indicates the number of the passive DNS entry.
• Request—The domain name that was queried.
• Response—The domain response type.
• Count—Number of times the domain was accessed from your network.
• Type—The DNS query record type. For example, "A" (for IPv4), "AAAA" (for IPv6), "MX" (for
mail servers), "NS" (for name servers), "TXT" (for text records), and "CNAME" (for DNS
records that store information about the domain's CNAME alias history).
• First Seen—Indicates when the DNS records were first observed.
• Last Seen—Indicates when the DNS records were last observed.

Whois Information —Displays general URL information based on the resource's publicly
available registration details.

Strata Cloud Manager Getting Started 204 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

File Hash
File hash search summarizes the file details in a report based on data generated during WildFire
analysis. You can download the report as a PDF or MAEC file in cases where the sample is
determined to be malicious, phishing, grayware, or benign. Unknown samples do not generate a
report.
WildFire samples that generate a verdict provide file information and session information at a
minimum; while samples that have undergone additional analysis produce specific analysis data
that is relevant to actions taken by the sample. You can drill down on the search results to review
the following information categories:

File Information—View general file information, including the file hash, size, and type, as
categorized by WildFire. You can also the see the verdict of the sample here. Alternatively, you
can search directly on VirusTotal for additional information about suspicious files, domains,
URLs, IP addresses using the supplied hash value. If the verdict is classified incorrectly, request
for a verdict change. The Palo Alto Networks threat team investigates further on the sample
and updates the verdict if found incorrect.
You can also download the WildFire report of the selected sample hash as a PDF or MAEC file.

Evidence in Your Network—Learn about detection reasons, as provided by WildFire, for the
given file hash with timestamps when it was initially and last observed in your network, unique
allowed users, and total hits data for the web request.

Strata Cloud Manager Getting Started 205 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

SHA-256 History in Your Network—View the historical prevalence of the specified file hash in
your network, and globally, based on the allow and block actions taken by the NGFW.

Session Information—Learn about the network session for a sample. Use this data to learn
more about the context of the threat, know the affected hosts and clients, and the applications
used to deliver the malware.

Static Analysis—Static analysis looks at the contents of a specific file before the file is executed
in the WildFire analysis environment. This also shows the suspicious file properties, processes,
and behaviors detected during static analysis. The search result varies depending on the file
type.

Strata Cloud Manager Getting Started 206 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Dynamic Analysis—When WildFire encounters a sample that requires additional analysis,

such as an unknown sample, the file is forwarded to the Advanced WildFire cloud an is
inspected in detail using WildFire dynamic analysis. You can pivot between the various analysis
environments used to view the specific analysis results generated by each. This can include
samples analyzed by Advanced WildFire techniques (Intelligent Run-time Memory Analysis
analysis, hypervisor Dynamic Analysis, Dependency Emulation, etc.), a cloud-based engine that
detects and prevents highly evasive malware threats. You can view the observed behaviors and
use this information for post execution analysis. You can check the process activities involved,
and the sequence of events that took place in your system while executing the file.

Actions Monitored —Review various sample process activity details that WildFire recorded
during sample analysis.

Strata Cloud Manager Getting Started 207 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 208 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: DNS Security

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
DNS Security or Advanced DNS Security
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The DNS Security dashboard and its associated reports have been deprecated. You can access the
related use cases on the Insights > Activity Insights > Domains page.
To view the DNS Security and Advanced DNS Security insights, generate a Security Lifecycle
Review (SLR) report. The DNS Security Analysis section of the SLR report provides detailed
insights into various aspects of DNS activity and threats including DNS Security Analysis
(Summary), Traffic Distribution, DNS Traffic Insight, Malicious Traffic Insights, Known Malware
and Families, Advanced DNS Security Resolver, and DNS Zone Misconfiguration.

Strata Cloud Manager Getting Started 209 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: CDSS Adoption

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > CDSS Adoption to get started.

What does this dashboard show you?

• The dashboard shows the aggregated data for all firewalls onboarded to your tenant
and are also sending telemetry data.
• Currently, this dashboard only supports four security subscriptions: Advanced Threat
Prevention, Advanced URL Filtering, DNS Security, and Wildfire.

The CDSS Adoption dashboard shows the recommended Cloud-Delivered Security Services
(CDSS) subscriptions and their usage in your devices. This helps you to identify security gaps and
harden the security posture of your enterprise. After you navigate to this page, you will see a pop-
up asking you to confirm or update your zone roles in NGFWs to get accurate security services
recommendations. You can follow the link in this pop-up window to map zones to roles.

How can you use the data from the dashboard?

This dashboard helps you with the following:

Strata Cloud Manager Getting Started 210 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• At the top of the Overview page, you can view the number of total known NGFWs and
number of NGFWs sending telemetry in your AIOps for NGFW instance. The adoption of
CDSS involves progressing through activation, configuration, and adherence to best practices.
To track progress for each subscription, simply click on the numbers in the chart to view a list
of devices that require updates along this journey. To use a security subscription license in a
device, you need to activate it and then set up the service or feature accordingly.
To focus on the security services data for a specific NGFW, filter the chart based on it. You can
also view the best practice violations for a device in this drop-down list.

Strata Cloud Manager Getting Started 211 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• You can click one of the values under ACTIVATE, CONFIGURE, or BEST PRACTICES to view
details in a tabular format.

In this example, AIOps for NGFW recommends the activation of Advanced URL Filtering
(ADV-URL) along with Advanced Threat Protection (ATP), Domain Name System (DNS), and
WildFire (WF) security services for NGFWs. You can click Back to Graph View to navigate to
the Overview page.

Strata Cloud Manager Getting Started 212 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• You can also view the same security posture data in a pie chart format. Click the pie-chart icon
to view the information about recommended security services in a pie-chart format.

Strata Cloud Manager Getting Started 213 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• You can click the sections of the pie-chart to view the information about the individual security
service.

In this example, to view the NGFW where DNS Security is not configured, you can either click
the value above the DNS Security section of a pie chart or click the DNS Security section of a
pie chart.

Override Recommended Security Service

When you do not need a recommended security service for any reason, you can override it. Click
a value under CONFIGURE to view details in a tabular format, you can override the recommended
security service.

Strata Cloud Manager Getting Started 214 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

In this example, AIOps for NGFW recommends the configuration of Advanced URL Filtering
(ADV-URL) along with other security services for a device. You can cancel the ADV-URL security
service for the NGFW device and all the zones under it.

Strata Cloud Manager Getting Started 215 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

You can also override the recommended security service at a zone level. View Details for an
NGFW to view the source and destination roles, policies, and their recommended security
services.

In this example, you can override the ADV-URL security service for the source role as Third
Party Vendor and the destination role as Unknown. You can also restore the overridden
recommendation by clicking on the security service under the Overrides column.
You can View Policies associated with roles. Select a rule to view its details without needing to
leave the app.
Click Back to Table View to view the security services in a tabular format.

Strata Cloud Manager Getting Started 216 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Compliance Summary

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

You can view a history of changes to the security checks made up to 12 months in the past,
grouped together by the Center for Internet Security (CIS) and the National Institute of Standards
and Technology (NIST) frameworks. For each framework, you’ll see a list of controls as well as the
percentage of current and average compliance rate, total number of best practice checks, and the
number of failed checks for each control.

The dashboard shows the aggregated data for all firewalls onboarded to your tenant and
are also sending telemetry data.

Interact with the chart and the list to see the relationship between controls and their historical
statistics. View details of individual controls and their associated checks, and select a best practice
check to view the firewall configuration that is failing the check.
The CIS Critical Security Controls framework is a prioritized set of recommended actions and best
practices that help protect organizations and their data from known cyberattack vectors. You can
view check summaries for 11 of the 16 basic and foundational CIS controls:
• CSC 3: Continuous Vulnerability Management
• CSC 4: Controlled Use of Administrative Privileges
• CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
• CSC 7: Email and Web Browser Protections
• CSC 8: Malware Defenses
• CSC 9: Limitation and Control of Network Ports, Protocols, and Services
• CSC 11: Secure configuration for Network Devices, such as Firewalls, Routers, and Switches
• CSC 12: Boundary Defense
• CSC 13: Data Protection
• CSC 14: Controlled Access Based on the Need to Know
• CSC 16: Account Monitoring and Control
The NIST Cybersecurity Framework SP 800-53 Controls framework provides guidance for federal
agencies and other organizations to implement and maintain security and privacy controls for
their information systems. You can view check summaries for eight families of NIST controls:
• SC: Access Control
• AU: Audit and Accountability

Strata Cloud Manager Getting Started 217 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• CM: Configuration Management

• CP: Contingency Planning
• IA: Identification and Authentication
• RA: Risk Assessment
• SC: System and Communications Protection
• SI: System and Information Integrity
Go to Insights, and then select the Compliance Summary .

A) Security Controls selector Select CIS or NIST controls

B) Filter by • Device
• Time-frame
• Past 7 Days
• Past 30 Days
• Past 90 Days
• Past 6 Months
• Past 12 Months

C) Sort by • Control CSC Number

• Current Passing %
• % Change
• Number of Failed Checks

D) Line Chart • Passing % - Shows passing percentage for a

given check type.
• Timeline - Shows when the percentage was
measured for a given check type.

E) Check List • Stats

• Average Passing % - Shows the average
percentage of passing checks.
• 12-Month Change - Shows change over
a 12-month period.
• Checks Failed - Shows the number of
failed checks.
• Selected Controls - A checkmark brings a
control into view on the line chart.
• Reset - Removes all locks.
• Collapse All/Expand All - Shows/Hides
stats in the list.

Strata Cloud Manager Getting Started 218 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Lock Line Chart - Keeps locked checks in

view on the line chart.

Strata Cloud Manager Getting Started 219 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Select a control on the list to see the best practice checks it includes.

• Select a best practice check to view the firewall configuration that is failing the check.

Strata Cloud Manager Getting Started 220 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Security Posture Insights

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Security Posture Insights to get started.

What does this dashboard show you?

The dashboard shows aggregated data for all firewalls associated with your tenant and
are also sending telemetry data.

Get visibility into the security status and trend of your deployment based on the security postures
of the onboarded NGFW devices. The severity of the security score (0-100) and its corresponding
security grade (good, fair, poor, critical) determine the security posture of a device. The security
score is calculated based on the priority, quantity, type, and status of the open alerts.

How can you use the data from the dashboard?

Use this dashboard to:
• Know the trend of issues that impact the security posture of your deployment.

Strata Cloud Manager Getting Started 221 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Understand the security improvements that you have made in your deployment by looking at
the historical security score data.
• Narrow down devices where there is an opportunity to improve the security posture and
prioritize the issues to resolve them.

The report functionality (download, share, and schedule report) is not supported for this
dashboard.

Security Posture Insights: Device Security Posture

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Security Posture Insights to view the dashboard.

The dashboard widget shows:

• The total number of onboarded NGFWs.
• The number of devices that have not sent telemetry data for over 12 hours.
• The priority of security score for the onboard devices in your deployment. Click the number
link to know the device details and security statistics.

Security Posture Insights: Security Posture Statistics

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or

Strata Cloud Manager Getting Started 222 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Security Posture Insights to view the dashboard.

Top Unhealthy
These are the top 10 devices most impacting the security posture of your deployment. Drill down
to view the device details and the alerts on the device. Perform the remediation steps for the
critical alerts on the devices to improve the security posture.
Top Improving
View the top 10 devices with improved security posture scores over a 30 days time period,
compared to the current security scores of the devices.
Top Worsening
These are the devices with the declined security posture scores compared to the current security
scores of the devices. Review the alerts on these devices and prioritize to fix them.

Security Posture Insights: Score Trend

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Security Posture Insights to view the dashboard.

Strata Cloud Manager Getting Started 223 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The chart shows the security posture trend of your deployment for the selected time period.
Hover over the trigger point to know the devices and active alerts that are contributing to the
security posture trend. You can view trends for one or more devices filtered by the hostname,
model, or software version.

Strata Cloud Manager Getting Started 224 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: PAN-OS CVEs

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > PAN-OS CVEs to get started.

What does this dashboard show you?

The dashboard shows the aggregated data for all firewalls and Panorama onboarded to
your tenant and are also sending telemetry data. Additionally, it shows the telemetry data
from NGFW PSIRT Database of CVEs.

The PAN-OS CVEs dashboard shows you the number of devices impacted by a specific
vulnerability based on the features that have been enabled on devices. Strata Cloud Manager
analyzes the features that have been enabled to determine the devices impacted by the CVE.

Strata Cloud Manager Getting Started 225 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

After you understand the vulnerabilities for impacted devices, you can plan your patching using
the Upgrade Recommendations feature. Expand the CVEs and select firewalls that you want
to upgrade to fix the vulnerabilities, and click Generate Upgrade Recommendations. You are
redirected to NGFW - Upgrade Recommendations to view the generated report.

How can you use the data from the dashboard?

This dashboard helps you:
• Decide which devices to upgrade to mitigate a vulnerability.
• View details about an impacted device such as Host Name, Model, Serial Number, SW Version,
and Last Telemetry Update by expanding a CVE.
• Filter CVEs and sort them further by Severity or Devices Impacted.
• View the advisory associated with a CVE by clicking it.

Strata Cloud Manager Getting Started 226 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: On Demand BPA

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
Tech Support File (TSF)
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Go to Strata Cloud Manager > Insights > On Demand BPA to get started.

What does this dashboard show you?

The dashboard shows the Best Practice Assessment (BPA) report based on the uploaded
TSF files of devices.

You can now run the Best Practice Assessment (BPA) and Feature Adoption summary directly
from Strata Cloud Manager. Just upload a TSF file. You can generate the on-demand BPA report
for devices that are not sending telemetry data or onboarded to AIOps for NGFW.

How can you use the data from the dashboard?

The BPA evaluates your security posture against Palo Alto Networks best practices and prioritizes
improvements for devices. Security best practices prevent known and unknown threats,
reduce the attack surface, and provide visibility into traffic, so you can know and control which
applications, users, and content are on your network. Additionally, best practices include checks
for the Center for Internet Security’s Critical Security Controls (CSC). See the best practices
guidance to bolster security posture and implement improvements.

Strata Cloud Manager Getting Started 227 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Generate On-Demand BPA Report

Follow these steps to generate the BPA Report on demand.
STEP 1 | Strata Cloud Manager > Insights > On Demand BPA.

STEP 2 | Generate New BPA Report.

Strata Cloud Manager Getting Started 228 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

STEP 3 | Select TSF and Upload TSF file.

The upload time is dependent on the size of your .tgz file and your Internet speed. Uploading
the file could take a few minutes for larger files. Expand In-Progress to view the status of the
TSF files.

• On-demand BPA supports only the TSF files in the .tgz file format.
• On-demand BPA supports TSFs from devices with the PAN-OS version 9.1 or above
for report generation.
• For information about Palo Alto Networks' data capturing, processing, and
telemetry storage, see AIOps for NGFW Privacy in the Trust Center.

STEP 4 | View Report below Completed to view the results.

Strata Cloud Manager Getting Started 229 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Feature Adoption

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > Feature Adoption to get started.

What does this dashboard show you?

The dashboard shows the aggregated data for all firewalls onboarded to your tenant and
are also sending telemetry data.

The Feature Adoption dashboard shows you the security features that you are using in your
deployment, and you can use it to identify gaps in adoption. This helps you make sure that you are
getting the most out of your Palo Alto Networks security subscriptions and firewall features.

Strata Cloud Manager Getting Started 230 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 231 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

How to use this dashboard

To focus on the feature adoption for a specific set of firewalls, you can filter the chart based on
device group, including Panorama-managed devices. You can also see historical adoption trend
charts.

• When you generate an On-Demand BPA report using a TSF, adoption information
from your TSF is reflected on the Feature Adoption dashboard. (PAN-OS 9.1 and
above TSFs)
• You can export adoption data in .csv format for use in third-party applications such
as Microsoft Excel

Select the section for a feature on the chart to view which policy rules lack that feature.

Select a rule to view its details without needing to leave the app.

Identify gaps in adoption

This dashboard shows where your security policy is strong and where there are gaps in capability
adoption that you can focus on improving. To gain maximum visibility into traffic and maximum
protection against attacks, set goals for security capability adoption and use the following
recommendations as a best practice baseline. Assess your current posture against the baseline to
identify gaps in security policy capability adoption.
Adoption Summary helps identify devices, zones, and areas where you can improve security policy
capability adoption. You can review adoption information by Device Group, Serial Number & Vsys,
Zones, Areas of Architecture, Tags, Rule Details, and Zone Mappings. Filter on Device Group to
narrow the scope and identify gaps.
In Dashboard > Feature Adoption, select Overall Adoption to check the adoption rates of the
following capabilities. Select Best Practices to see the adoption rates of these capabilities that

Strata Cloud Manager Getting Started 232 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

adhere to Palo Alto Networks best practices. Use this information as gap identification criteria—if
the actual adoption rate doesn’t match the recommendations, plan to close the gap:
Apply WildFire Analysis, Antivirus, Anti-Spyware, Vulnerability, and File Blocking profiles to
all rules that allow traffic, with a target of 100% or almost 100% adoption. If you don’t apply a
profile to an allow rule, ensure that there is a good business reason not to apply the profile.
Configuring security profiles on all allow rules enables the firewall to inspect decrypted traffic
for threats, regardless of application or service/port. After updating the configuration, you can
run the BPA for non-telemetry devices to measure progress and to catch new rules that don’t
have security profiles attached.

You can apply WildFire profiles to rules without a WildFire license. Coverage is limited
to PE files, but this still provides useful visibility into unknown malicious files.
In the Anti-Spyware profile, apply DNS Sinkhole to all rules to prevent compromised internal
hosts from sending DNS queries for malicious and custom domains, to identify and track the
potentially compromised hosts, and to avoid gaps in DNS inspection. Enabling DNS Sinkhole
protects your network without affecting availability, so you can and should enable it right
away.
Apply URL Filtering and Credential Theft (phishing) Protection to all outbound internet traffic.
In the Adoption Summary’s Apps, Users, Ports summary, check the adoption rates of the following
capabilities. Use the recommendations as gap identification criteria—if the actual adoption rate
doesn’t match the recommendations, plan to close the gap:
Apply App-ID to as close to 100% of the rules as possible. Apply User-ID to all rules with
source zones or address ranges that have a user presence (some zones may not have user
sources; for example, sources in data center zones should be servers and not users). Leverage
App-ID and User-ID to create policies that allow appropriate users to sanctioned (and
tolerated) applications. Explicitly block malicious and unwanted applications.
Target 100% or close to 100% service/port adoption—don’t allow applications on non-standard
ports unless there’s a good business reason for it.
In the Adoption Summary’s Logging summary, check the adoption rates of the following
capabilities. Use the recommendations as gap identification criteria—if the actual adoption rate
doesn’t match the recommendations, plan to close the gap:
Target at or close to 100% adoption for Logging and Log Forwarding.
Configure Zone protection profiles on all zones.
In summary:

Feature Adoption Goal

WildFire As close to 100% of Security policy rules as possible

Antivirus As close to 100% of Security policy rules as possible

Anti-Spyware As close to 100% of Security policy rules as possible

Vulnerability As close to 100% of Security policy rules as possible

Strata Cloud Manager Getting Started 233 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Feature Adoption Goal

File Blocking As close to 100% of Security policy rules as possible

URL Filtering and Credential All outbound internet traffic

Theft

App-ID As close to 100% of Security policy rules as possible

User-ID All rules with source zones or address ranges that have a
user presence

Service/port As close to 100% of Security policy rules as possible

Logging As close to 100% of Security policy rules as possible

Log Forwarding As close to 100% of Security policy rules as possible

Zone protection All zones

Strata Cloud Manager Getting Started 234 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Best Practices

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Best Practices to get started.

What does this dashboard show you?

The dashboard shows aggregated data per Prisma Access and NGFW/Panorama
associated with your tenant.

Strata Cloud Manager Getting Started 235 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The best practices dashboard measures your security posture against Palo Alto Networks’ best
practice guidance. Importantly, the best practices assessment includes checks for the Center for
Internet Security’s Critical Security Controls (CSC). CSC checks are called out separately from
other best practice checks, so you can easily pick out and prioritize updates that will bring you up
to CSC compliance.
The best practice dashboard is divided into five sections:
• Summary
Gives you a comprehensive view of all the failed checks for a device across the configuration
types (Security, Network, Identity, and Service Setup), View historical trend charts for BPA
checks and assess your best practice adoption rate for key feature areas.
• Security
Shows the rules, rulebases, or profiles that are failing best practice and CSC checks for the
selected device and location. When available, CLI remediations allow you to resolve issue with
your policy rules. CLI remediations are generated using TSF data you upload when generating
an On-Demand BPA report.
• Rulebases
Looks at how your policy is organized, and whether configuration settings that apply across
many rules align with best practices (including CSC checks).
• Rules
Shows you the rules failing best practice and CSC checks. See where you can take quick
action to fix failed checks. Rules are sorted based on session count, so you can start by
reviewing and updating the rules that are impacting the most traffic.
• Profiles
Shows you how your profiles stack up against best practices, including CSC checks. Profiles
perform advanced inspection for traffic matched to a security or decryption rule.
• Identity
Shows whether the authentication enforcement settings (authentication rule, authentication
profile, and authentication portal) for a device meet the best practices and comply with CSC
checks.
• Network
Checks whether the application override rules and network settings align with best practice
and CSC checks.
• Service Setup
See how the subscriptions you have enabled on your devices are aligning with the best practice
and CSC checks. You can review the WildFire setup, GlobalProtect portal and GlobalProtect
gateway configurations here and fix the failed checks.
This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.

You can download the BPA report for NGFW in either CSV or PDF format. All other BPA
reports are available for download in the PDF format only.

Strata Cloud Manager Getting Started 236 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

How can you use the data from the dashboard?

While best practice guidance aims to help you bolster your security posture, findings in this report
can also help you to identify areas where you can make changes to more effectively manage your
environment.

Strata Cloud Manager Getting Started 237 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Application Experience

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

• Click Strata Cloud Manager > Insights > Application Experience to get started.

What does this dashboard show you?

The data displayed in this dashboard will change and correspond to the card that you select -
Mobile User Experience or Remote Site Experience. If you are new to AI-Powered ADEM, you
may want to begin by surveying the applications that are in use across your organization and
use this information to identify which applications you want to create app tests for. In addition,
if you have users or remote sites reporting application issues, this dashboard is a good place to
start isolating the issue. The application usage data is pulled from the real user traffic traversing
through Prisma Access. It includes traffic from Mobile Users and Remote Sites.
You can add a filter to narrow down the results to show data for only specific applications,
deployment type, experience score, mobile users, groups, or Prisma Access locations. View the
individual experience score for the application and the number of users and remote sites that are
being impacted by any existing performance issues.

How can you use the data from dashboard?

After you’ve surveyed the applications running on your network and determined which
applications you want to monitor, you can create an app test. As you create app tests, keep in
mind that although you can create app tests targeted to multiple users or sites, the number of
tests is based on the number of app tests each individual user or ION device runs (for example, if
you have an app test for Slack and target it to 1000 users, this would count against your license as
1000 tests).

Application Experience Insights: Mobile User Experience Card

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

This widget shows you the average of the application segment score for all Mobile Users for all
monitored applications. It also shows you a breakdown of Good, Fair, and Poor experiences by
number of user devices. You can drill down into users experiencing fair or poor performance to
begin investigating. The experience score in this card will give you an indication of the overall
digital experience for the user. For each application that is monitored per mobile user, ADEM
calculates a score based on the 5 critical metrics - application availability, DNS resolution time,

Strata Cloud Manager Getting Started 238 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

TCP connect time, SSL connect time, and the HTTP latency. If the application fails the availability
test (application is unavailable), then the experience score is 0. If the application is reachable,
only then the remaining four metrics will be calculated. Each of the above metrics (other than
application reachability) have a different weightage and baselined lower and upper thresholds,
and their combined weightage equals 100. The sum of these individual metric scores determines
the application experience score for a user. An average of all the test sample results for each
application determines the experience score of a user.

Application Experience Insights: Remote Site Experience Card

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

The remote site experience score is an average score of all monitored applications on all
active WAN paths. It is an average of all test sample results that are collected from individual
applications monitored for that remote site. It is the overall experience score (enclosed in a color
coded square) of the remote site or branch, which is an average of experience scores from all the
test samples collected on active paths of all the applications monitored for that site. Although the
experience score of each backup path will be individually calculated and available for each remote
site and application, the experience score for backup paths are not taken into consideration when
calculating the Experience Score of a remote site. You can drill down into sites experiencing fair or
poor performance by clicking on the number next to Fair or Poor.

Application Experience Insights: Experience Score Trends

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Strata Cloud Manager Getting Started 239 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

This widget displays a time series graph of average Mobile Users experience of all Mobile Users.
The experience score is calculated and displayed at set intervals during the selected time range.
The y-axis is color coded based on score range to show you the quality of your experience score
(Red = Poor, Yellow = Fair, and Green = Good). Hover your mouse cursor over the trend line to
see the experience score at the time where your cursor is placed.

Application Experience Insights: Experience Score Across the

Network
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Identify the segment of the network that might be causing issues within your organization from
the endpoints (for Mobile Users) or branch (Remote Sites) all the way to the applications. You
can see what segment of the network might be causing issues within your organization from the
endpoints and Prisma SD-WAN remote sites all the way to the application. You can see which
segment—such as an ISP or compute location outage or a SaaS app outage—is impacting digital
experience within your organization and also the precise number of users or sites which are
impacted by it. The icons are color coded and based on the average of segment health score for all
Mobile Users. A green icon stands for Good (score is >=70), yellow stands for Fair (score is 30-70),
red stands for Poor (Score<30).

Devices - Device Health Metrics (CPU/Memory/Disk Space/Disk Queue/Battery)

Wi-Fi - WIFI Metrics (Signal Quality,Tx,Rx,SSID,BSSID,Channel)
Local Networks - Network Performance Metrics (Latency/Loss/Jitter)

Strata Cloud Manager Getting Started 240 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Internet - Network Performance Metrics (Latency/Loss/Jitter) If a device is not connected to

GlobalProtect,the Internet segment, the Network Performance Metrics will be the same as the
TCP PING test executed for application segment.
Prisma Access Locations - Network Performance Metrics (Latency/Loss/Jitter) The test for this
segment is not executed if device is not connected to GlobalProtect.
Monitored Apps - Network Performance Metrics (Latency/Loss/Jitter) Application Performance
Metrics (Availability,DNS Lookup,TCP Connect,SSL Connect,HTTP Latency,Time to First
Byte,Time to Last Byte,Data Transfer)

Application Experience Insights: Global Distribution of Application

Experience Scores
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Depending on the card you select, the map view in this widget shows you the experience of
Prisma Access Locations based on the total number of Mobile Users and applications monitored
or the total number of Remote Sites and applications monitored on specific Prisma Access
Location. The Prisma Access locations are marked with circles that are color coded to represent
the status of application segment scores of all monitored mobile users and remote sites connected
to that specific Prisma Access Location where the circle appears. Hover your mouse cursor over
a circle to see the experience scores for the location, as well as the total number of Mobile User
Devices or Remote Sites monitored and the total number of apps that are monitored for that
location. Multiple locations that are geographically very close to each other are represented by
one circle with a number in it. The number denotes how many locations were grouped in that
area. To see exactly which locations were grouped together, zoom in on the map.

Application Experience Insights: Experience Score for Top

Monitored Sites
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

This widget displays one card per application and displays the sites with the highest scores. This
widget shows the remote sites experience score trend during the selected time range. Hover your
mouse cursor over the trend line to see the experience score for that specific point in time.

Strata Cloud Manager Getting Started 241 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Application Experience Insights: Experience Score for Top

Monitored Apps
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Each application card shows you the average application segment score (the number enclosed
in the square) for all monitored Mobile Users for that particular application on the remote site.
The experience score is calculated as an average of App experience scores of all monitored
applications. The experience score depicts the end-to-end experience for the active paths of
the application. It is the average of all test samples collected on the active paths for that specific
application only. The trend line shows you the average of all 5 minute APM data samples for the
selected time frame.
You can see how many applications you are monitoring and also how many active and backup
paths are monitored. Each application card shows the number of paths that are impacted. Click an
application card to see the metrics for that specific app.

Application Experience Insights: Application Performance Metrics

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Strata Cloud Manager Getting Started 242 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Autonomous DEM uses TCP ping and Curl to determine the end to end Application Performance.

Metric Description

Availability Application availability (in percentage) during the Time

Range.

DNS Lookup DNS resolution time.

TCP Connect Time taken to establish a TCP connection.

SSL Connect Time taken to establish an SSL connection.

HTTP Latency Time taken to establish an HTTP connection.

Time to First Byte The total of DNS Lookup, TCP Connect, SSL Connect
and HTTP Latency time results in the Time to First Byte.

Data Transfer Total time taken for the entire data to be transferred.

Time to Last Byte Time to First Byte + Data Transfer time.

Application Experience Insights: Network Performance Metrics

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

ADEM uses ICMP pings to determine Network Performance on each segment.

Strata Cloud Manager Getting Started 243 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Metric Description

Availability Network availability metrics during the Time Range.

Network Latency Time taken to transfer the data over the network.

Packet Loss Loss of packets during data transmission.

Jitter Change in latency during the Time Range.

Strata Cloud Manager Getting Started 244 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: App Acceleration

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or
The other licenses needed to view the Activity
Insights:Applications tab are:

will unlock additional Prisma Access

features

App Acceleration directly addresses the causes of poor app performance and acts in real-time to
mitigate them, dramatically improving the user experience for Prisma Access GlobalProtect and
Remote Network users.
When your users access applications, they might experience poor application performance caused
by decreased throughput, which could be caused by degraded wireless connectivity, network
congestion, and other factors. These networking issues can adversely affect the employee
experience and reduce their productivity. App Acceleration securely builds an understanding of
the device capability, network capability, and application context to maximize throughput and
adjusts in real-time to account for changing network conditions.
In Strata Cloud Manager, go to Insights > Operational > App Acceleration to view details about
the applications that have been accelerated in your environment.

Strata Cloud Manager Getting Started 245 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Field Description

Performance Boost The overall aggregate of acceleration computed by

dividing acceleration speed up by pre-acceleration
throughput. This metric is derived from synthetic test
data comparing the throughput before acceleration
with the throughput after acceleration.

Applications Accelerated The total number of unique applications that were

accelerated.

Users Accelerated The total number of GlobalProtect and Remote

Network mobile users that benefited from App
Acceleration.

Total Accelerated Data The total data transfer across all of the apps that were
accelerated. The displayed number includes the total
number of bytes in and bytes out.

AI-powered Autonomous DEM (ADEM) integrates with App Acceleration and provides you with
metrics such as the number of applications that were accelerated and the performance boost
gained overall. Go to Insights > Operational > App Acceleration to view ADEM performance
metrics in the Accelerated Applications and Monitored Applications tabs.

Strata Cloud Manager Getting Started 246 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: NetSec Health

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

TheNetSec Health Dashboard provides a comprehensive view of your organization's network

security health across all user devices, branch sites and [ai-adem] monitored applications. This
dashboard integrates the health and experience scores from both your Next-Generation Firewall
(NGFW) deployments and your Prisma Access (PA) environment into a single pane of glass.

What does this dashboard show you?

The dashboard has three sections: User Devices, Sites, and Monitored Apps. The interactive view
in the dashboard shows the experience scores to highlight the status of user devices, sites, and
applications in your organization as Good, Fair, and Poor. You can further drill down to analyze
user-specific details, users’ browsing experience, network segments causing degradation, and
open incidents. For sites, you can review Prisma SD-WAN and third-party connectivity data and
any related open incidents. It also displays flight paths on the map that shows the connections
from that site to other locations like a PA gateway or another data center. For monitored
applications, the dashboard shows application availability and critical end-to-end performance
metrics. The Map view in monitored apps shows all Prisma Access locations, color-coded by their
experience with that app. Click the Prisma Access location to view the flight path from the Prisma
Access location to the application servers.

Strata Cloud Manager Getting Started 247 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The dashboard shows data based on the following filters:

• Time range- view data for a selected time range.
• Scope Selection- provides visibility into data from Prisma Access and NGFW deployments.
The data for devices that are connected directly to applications through the internet are
automatically included in every deployment scope.
• Connection Method- supports data for users connected using Prisma Access Agent,
GlobalProtect, Prisma Access Browser, and Explicit Proxy gateway.
• Prisma Access Location- filter data for a configured Prisma Access location.
• Source Location- view data that originated from a specific location.
• User Name- view user specific data for associated devices and applications.

How can you use the data from dashboard?

You can use this dashboard to:
• Monitor user device experiences across the organization such as status of the user devices,
determine the devices that are not monitored by ADEM.
• Get visibility into the network path and identify impacted areas to troubleshoot performance
issues of the impacted user devices.
• View and manage incidents that are relevant to each network segment.
• Monitor Prisma SD-WAN, third-party sites, and health of branch sites.
• Monitor availability and performance of all applications monitored by ADEM in every Prisma
Access location.
• View detailed connectivity from users to PA locations and PA locations to data centers and app
servers

NetSec Health Insights: User Devices

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The User Devices tab within the NetSec Health dashboard provides a breakdown of experience
scores for all monitored user devices in the organization, classifying them as Good, Fair, or Poor.
The dashboard offers a multi-layered view of user device health, from a high-level summary down
to the specific details of a single user's connection.

Strata Cloud Manager Getting Started 248 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• A top-level summary shows the breakdown of experience scores (Good, Fair, Poor) for all
monitored devices, along with the total number of users, non-monitored devices, and open
incidents.
• In the map view where clusters of devices are shown as circles and individual devices as dots.
The status of devices is color-coded on the map: green indicates a Good experience, orange
and red signifies a Fair and Poor experiences, and gray represents non-monitored devices.
Use the color-coded map to visually spot locations or individual user devices with a degraded
experience and begin an investigation.
• Click on a specific device to view the end-to-end experience, browsing history, open
incidents, and the specific network segments causing any degradation. Analyze which network
segment (like WiFi or LAN) is causing the poor performance and review any open incidents to
understand the root cause.
• If you click a location with multiple users (a circle on the map), you can view the list of all
connected users and their status. This helps you determine if an issue is widespread or just
specific to a user.
• Use the Degraded User Experience tab to see which network segments are causing the most
issues across the organization. Click a segment (e.g., "WiFi") to view all users affected by the
segment.
• Use the Experience Trends tab to view experience scores over time and across different
network segments.

NetSec Health Insights: Monitored Sites

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard

Strata Cloud Manager Getting Started 249 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

You can use the NetSec Health Dashboard: Sites tab to monitor the health and performance of all
remote sites. The dashboard gives users a high-level overview of their entire site landscape. You
can:
• View all site types including Prisma SD-WAN, and third-party sites on an unified map.
• See the total number of sites that are connected out of the total configured.
• Quickly assess overall health with a breakdown of sites experiencing Good, Fair, or Poor
performance, along with a count of open incidents.
• Identify sites with issues via a color-coded health score. The color is determined by the most
critical ongoing issue, whether it's related to performance, device health, or open incidents.
• Analyze the average experience score for all sites over a selected period using a trend chart.
• View flight paths on the map that visualize a site's connections, with the path's color indicating
the health of the destination.
• Use the Degraded Site Experience panel to analyze issues by category, such as network
segments or specific incidents, and select an incident to investigate further.

NetSec Health: Monitored Applications

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager Getting Started 250 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The Monitored Applications tab on the NetSec Health Dashboard provides an overview of the
performance for all ADEM monitored applications. The main page provides a summary of key
performance indicators for all applications. You can see more granular details when you drill down
into a specific application.
• The main screen displays the total number of monitored applications, the number of active
users, and the count of open incidents. It also shows a breakdown of how many applications
are experiencing Good, Fair, or Poor performance.
• The Degraded Application Experience tab provides a focused list of impacted segments and
related incidents, giving a clear starting point for remediation.
• A trend chart shows the average experience score for all applications over the selected time
range, helping to visualize performance over time.
• When a specific application is selected, you can see its end-to-end experience score. This
map shows the path from the user to the application server across various network segments.
This helps to identify which network segment such as WiFi, LAN, or ISP is the source of the
degradation.

Strata Cloud Manager Getting Started 251 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Prisma SD-WAN Applications

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Applications widget displays information about the application utilization at the site during
the selected time range. The total application ingress and egress traffic for the time range is
displayed. The top 10 applications by traffic volume are displayed along with the other traffic.
Click View All to see the application health distribution, TCP application health distribution over
time, new flows, bandwidth utilization, transaction stats for the selected time range along with the
top applications. You can drill down to view an application's performance and metrics per site for
the selected time range in the dashboard.

The metrics for all TCP applications are initially displayed but, any one of the top 10 TCP
applications can be selected to more narrowly focus on a specific top application.

Strata Cloud Manager Getting Started 252 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Prisma SD-WAN Dashboard

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

What does this dashboard show you?

The Dashboard shows you a high-level and graphical view of the network, device, and application
metrics of Prisma SD-WAN. In addition, it shows you:
• The connectivity status of your branch and data center devices to the controller.
• The application utilization data for your ingress and egress traffic.
• Basic network insights and reports for all branch sites across a tenant from the past week.
• Information about the top branch and data center sites by the number of incidents generated.
• The link quality metrics across your sites like MOS score, packet loss, jitter, and latency.
• The predictive capacity utilization at a site level based on the previous three to six months of
information.

Prisma SD-WAN Dashboard: Device to Controller Connectivity

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis

Strata Cloud Manager Getting Started 253 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Device to Controller Connectivity widget depicts the number of Online and Offline ION
devices connected to the Prisma SD-WAN controller for a Branch and Data Center. Using
this interactive graph, you can view the online or offline status for a claimed device for the
corresponding branch and data center.

On clicking either, Branch or Data Center on the interactive graph, you can view the claimed and
unclaimed devices name, status, software version installed, last activity, and redundancy status of
the device.

Insights: Prisma SD-WAN Applications

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Applications widget displays information about the application utilization at the site during
the selected time range. The total application ingress and egress traffic for the time range is

Strata Cloud Manager Getting Started 254 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

displayed. The top 10 applications by traffic volume are displayed along with the other traffic.
Click View All to see the application health distribution, TCP application health distribution over
time, new flows, bandwidth utilization, transaction stats for the selected time range along with the
top applications. You can drill down to view an application's performance and metrics per site for
the selected time range in the dashboard.

The metrics for all TCP applications are initially displayed but, any one of the top 10 TCP
applications can be selected to more narrowly focus on a specific top application.

Prisma SD-WAN Dashboard: Top Alerts by Priority

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Top Alerts by Priority widget displays the top 5 alerts by priority. You can see information on
the top branch and data center sites by the number of alerts generated in the selected time range.
You can drill down to view the alert information per site for the selected time range.

Strata Cloud Manager Getting Started 255 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Click View All to see the following information on the alerts:

• When the alert was created.
• Name of the incident.
• The primary impacted object.
• The severity of the alert.
• The priority of the alert.
Click the ellipsis to troubleshoot the alert.

Prisma SD-WAN Dashboard: Overall Link Quality

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Overall Link Quality widget provides an overall snapshot of the current state of links for
all your sites for the selected time range. You can drill down to view the Link Performance, Link
Packet Loss, Link Jitter, and Link Latency and allows you to analyze information you want to view
in greater detail in the Link Quality Metrics dashboard.

Strata Cloud Manager Getting Started 256 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Prisma SD-WAN Dashboard: Bandwidth Utilization

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Bandwidth Utilization widget displays the amount of bandwidth utilized on a trail in a
network. It is a visual representation of bandwidth spike, total bandwidth consumed by a
particular site, and the application; if the upload is in ingress, egress direction or both.

Move your cursor in the Bandwidth Utilization chart to get a more granular view of the
bandwidth utilization with an application or time-stamp. Typically, the apps are listed in order of
their bandwidth utilization. The chart displays the bandwidth consumed over time. The 1H view
provides granular per minute data, and the 1D picture shows data every 5 minutes. The 1D chart
data averages above 5 minutes for each sample. If utilization sustains above 5 minutes, you can
see the corresponding peak utilization in both charts.

Strata Cloud Manager Getting Started 257 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

You can use the download option from the widget to download the Bandwidth Utilization chart in
either PDF, CSV, XLS, or PNG formats.

Prisma SD-WAN Dashboard: Transaction Stats

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Transaction Stats widget provides transaction statistics on TCP flows, including initiation/
transaction successes and failures for a specific application or all applications, a particular path
or all paths, and all health events. It measures the performance and availability of networks
and applications that run on network paths. For each request on a given path, Prisma SD-WAN
monitors, in real-time, the transaction error rates for initiation and data transfer transactions.

From the Transaction Stats chart, view the list of Apps by their bandwidth utilization or by path.
You can filter out successful transactions to get a granular view of transaction failure stats. The
chart displays the count of successful or failed transactions for the following categories:
• Init Sucessful: Successful completion of the three-way handshake.
• TXNs Sucessful: Successful transfer of data after the completion of the three-way handshake.
• Init Failure: Failure to complete the three-way handshake. Reasons for failure may include
a misconfiguration firewall, an application server issue, a misconfiguration network access
control list, or a WAN network provider issue.

Strata Cloud Manager Getting Started 258 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• TXNs Failure: Unsuccessful transfer of data after the completion of the three-way handshake.
Reasons for failure can include a mis-configured firewall, an application server issue, a mis-
configured network access control list, or a WAN network provider issue.
You can use the download option from the widget to download the Bandwidth Utilization chart in
either PDF, CSV, XLS, or PNG formats.

Prisma SD-WAN Dashboard: Predictive Analytics

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Predictive Analytics widget provides insight into the health of sites and applications and
proactive monitoring to identify critical issues and troubleshoot them faster, thus enhancing
service levels. It identifies critical sites, links, and applications and categorizes them as Good,
Fair, and Poor at the tenant level, based on the AI/ML health scores. The widget includes
predicting capacity utilization at the branch site level based on the previous three to six months of
information.

Strata Cloud Manager Getting Started 259 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The default time range to view the metrics is three hours; however, you can adjust it to shorter
or longer periods depending on the desired scope of information. Gain insights into the top 10
sites whose bandwidth utilization increased in the previous 28 days; you can view seven days
prediction whenever 28 days prediction is unavailable and predict the future branch capacity
utilization.
Click View All to gain insights on Branch Sites, Applications, Links, Network Insights, Top Sites
with Traffic Volume Growth in Past 30 days, and Site Capacity Prediction And Anomaly.

Strata Cloud Manager Getting Started 260 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Branch Sites

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
ADEM Observability
Autonomous DEM for Remote Networks
AI-Powered ADEM
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Branch Sites: Prisma Access

Select Insights > Prisma SASE > Branch Sites > Prisma Access to view the health and connectivity
of your Remote Networks and the usage of all your Remote Networks deployed in different
Prisma Access locations. It shows you the real-time connectivity status and bandwidth
consumption details, along with other deployment details. Mobile Users, branch offices, and retail
locations connect to Remote Networks. You can also view the health of the tunnels configured in
your Remote Networks and Mobile Users.
In addition to the widgets that display with the Prisma Access license, this dashboard displays the
Site Experience Score and Prisma SD-WAN branch site details page only if you have the ADEM
Observability or the AI-Powered ADEM license.
Branch Sites: Prisma SD-WAN
Select Insights > Prisma SASE > Branch Sites > Prisma SD-WAN to set up a branch site in
Prisma SD-WAN. Branch sites include branch offices that you have in your wide area network in
Prisma SD-WAN. You can set up a branch site before or after the ION devices arrive at a given
site. The branch site in Prisma SD-WAN provides the following views:
• The Map view of the branch site provides the connectivity status of your branch site devices to
the controller and the alarm status for the site.

Strata Cloud Manager Getting Started 261 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• The List view shows you how many sites were active during the Time Range selected and the
overall health metrics of the branch sites.
• The Activity view presents key application analytics, the latest site health score and site health
distribution over time.
• Prisma Access
• Prisma SD-WAN

Branch Sites (Prisma Access)

Select Insights > Prisma SASE > Branch Sites > Prisma Access to view the health and connectivity
of your Remote Networks and the usage of all your Remote Networks deployed in different
Prisma Access locations. It shows you the real-time connectivity status and bandwidth
consumption details, along with other deployment details. You can also view the health of the
tunnels configured in your Remote Networks.
See Prisma Access Remote Networks for information about how to plan your remote networks,
allocate remote network bandwidth, and onboard remote networks. To view your branch sites, go
to Insights > Prisma SASE > Branch Sites > Prisma Access.

Baselines in Widgets
If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly

Strata Cloud Manager Getting Started 262 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Sites by Status
View your Remote Networks Sites by Status. You can see how many sites are Up, Down, Inactive,
or Not Available, and how many sites have a Warning during the selected Time Range.

Bandwidth Consumption
Bandwidth Consumption shows the highest peak bandwidth consumed at a compute region
across all of the tenant's compute regions in the aggregate bandwidth allocation model. The
highest peak bandwidth consumed by a site across all sites is shown for the per-site bandwidth
allocation model. The peak values are computed for the selected time filter duration.
Select View Consumption by Compute Region to view consumption values and trend charts for
all compute regions and their configured IPSec termination nodes.
View Consumption by Compute Regions
Navigate to . When using the Aggregate Bandwidth Allocation model, select View Consumption
by Compute Regions in the Bandwidth Consumption widget to see bandwidth consumption
and trends for your regions. The Compute Regions page shows bandwidth consumption data
during the Time Range you select. You can view a table with your Compute Regions' Average
Bandwidth, Median Bandwidth, and Peak Bandwidth.
The Bandwidth Consumption Trend by Compute Region graph shows data about your Compute
Region. Filter the data to refine the information you want to view.

Strata Cloud Manager Getting Started 263 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Select Cumulative (Ingress + Egress), Ingress, Egress, or Ingress vs. Egress from the drop-
down.

• View the Peak, Median, or Average bandwidth consumption trend during the selected time
range. The default setting is Peak bandwidth consumption.

• Log Scale or Linear Scale.

• Compute Region—Select one or more region to view.
The IPSec Termination Node Utilization graph allows you to view bandwidth consumption for the
IPSec Termination Nodes configured at a specific Compute Region. Filter the data to refine the
information you want to view:
• Select the Compute Region for which you want to view data.
• Select the specific Site of the Compute Region you want to see.
• Choose Node Aggregate or Breakdown by Sites to view the bandwidth consumption trend for
the sites that terminate at the selected IPSec Termination Node.
• View Peak, Average, or Median.

Strata Cloud Manager Getting Started 264 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• View Log Scale or Linear Scale.

Bandwidth Consumption Trend

On the main Branch Sites page, you can view your Bandwidth Consumption Trend Sites per
Compute Region for all Compute Regions when using the Aggregate Bandwidth Allocation
model or Bandwidth Consumption Trend per Branch Sites when using the Per-Site Bandwidth
Allocation Model. For the Aggregate Bandwidth Allocation model, you can select a Compute
Region and then select the sites in that Compute Region whose bandwidth consumption trend is
of interest. Filter the data to refine the information you want to view, and you can hover over the
chart to view the sites' bandwidth consumption at that time:
• The default view shows Cumulative (Ingress + Egress) bandwidth consumption. Other options
are Ingress, Egress, or Ingress vs. Egress.

Strata Cloud Manager Getting Started 265 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• View the Peak, Median, or Average bandwidth consumption trend during the selected time
range. The default setting is Peak bandwidth consumption.
• Log Scale or Linear Scale.
• Compute Region—View Compute Regions with a breakdown of sites terminating in the region
when the tenant uses the Aggregate Bandwidth Allocation model. For each Compute Region,
select the sites terminating in the Compute Region to view their bandwidth consumption trend.
• Branch Sites—Select a minimum of 1 site and a maximum of 10 sites to view their trend lines
on the graph during the selected time range.

Prisma Access Sites

The Prisma Access Sites table lists your remote Prisma Access sites and information.
• Site Name—The Prisma Access site's unique name.
• Site Status—Up, Down, Warning, or Unknown.
• Site Type—Third Party.

Strata Cloud Manager Getting Started 266 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Site Location—Prisma Access site location.

• Site BGP Status—Whether the site BGP status is Up, Down, or Unknown.
• Tunnel Status—The number of the site's tunnels and how many of those tunnels are up.
• Tunnel BGP Status—The BGP status for each tunnel.
• Prisma Access Location—This Prisma Access site's location. Select a location to view its Prisma
Access Locations details.
• Service Status—This field indicates the status of the instance or firewall to which the site is
connected. The status can be Up, Down, or Unknown.
• Compute Location—All Prisma Access locations are mapped to a security processing compute
location or region based on optimized performance and latency. At least two (often more)
Prisma Access locations that are geographically near each other are grouped into a single
compute location.
• Aggregated Bandwidth Allocated—The allocated aggregated bandwidth for the site during the
time range selected. This column appears only if you used the aggregate bandwidth model.
• Peak Burst Bandwidth Consumed—The cumulative peak value obtained by combining the
ingress and egress values for this site during the selected time range selected.
• Avg Bandwidth Consumed—The cumulative average value obtained by combining the ingress
and egress values for this site during the selected time range.
• Disconnections—How many disconnections occurred at this site during the selected time
range.
• Disconnections Duration—The total amount of time, in seconds, the site was disconnected
during the selected time range.

High-Performance Branch Site Visibility

High-performance branches (RN-HP) have different attributes than the legacy branches, and both
will coexist in your tenant. High-performance branch sites in Prisma Access have the following
benefits:
• The architecture addresses capacity efficiencies by separating network processing functions
from security processing functions. An ION device with large packet-processing ability
terminates multiple branch connections with up to 5-Gbps capacity and distributes the security
processing to SPNs.
• You can use a single IP or FQDN to terminate multiple branches in the region to a single
network processing node (NPN).
• You no longer have to monitor and manage the termination of branch sites to IPSec
termination nodes. Suitable SPNs carry out branch traffic inspection, and the NPN performs
load balancing.

Strata Cloud Manager Getting Started 267 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• You can attain true high availability by being able to specify different regions for redundancy.
You can view both high-performance and legacy branches in your environment. In Strata Cloud
Manager, go to , and from the Prisma Access Sites table, select a branch site.
Prisma Access Site Details
Select any Prisma Access Site Name to view its Site Status, where you can see its Connectivity
and BGP Status (Up, Down, Inactive, or Not Available). View the bandwidth Peak Consumption
for the selected time interval.

You can view Cumulative (Ingress + Egress) information in the Bandwidth Consumption Trend
chart.
• Use the drop-down to view the bandwidth consumption chart by Ingress, Egress, Ingress Vs.
Egress, or Cumulative (Ingress + Egress).

• View the Bandwidth Consumption Trend chart metrics by Peak (default), Average, or Median
for the branch site.

Strata Cloud Manager Getting Started 268 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Route Table Visibility

To help you address reachability challenges, we offer visibility into the route table at each remote
network site. You can perform a route table search for a destination IP address to determine
whether there is a route available to reach the desired destination. With this information, you can
investigate other potential causes of failure. This knowledge allows you to focus your efforts on
resolving any issues that might be affecting reachability.
Select View Routing Table to see this branch's Routing Table, which has IP routes for destinations
available at the branch from Prisma Access.
• Use the search bar to select the destination or look up the route.
• Use the drop-down to filter by Flag.
The routing table shows:
• #—Route number.
• Destination—IP address and subnet of the reachable network.
• Next Hop—IP address of gateway at the next hop toward the destination network. A next hop
of 0.0.0.0 indicates the default route.
• Metric—Metric for the route determined by the routing protocol.
• Flag—Information for this route, as follows:

Strata Cloud Manager Getting Started 269 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• • A B—Active and learned from BGP.

• A C—Active and connected. Destination—network.
• A H—Active and connected. Destination—host only.
• A R—Active and learned from RIP.
• O1—OSPF external type-1.
• O2—OSPF external type-2.
• Oi—OSPF intra-area.
• Oo—OSPF interarea.
• S—Inactive and static.
• A S—Active and static.

View this branch's Bandwidth Consumption Trend for the last 30 days.

Baseline computation requires you to have the ADEM-AIOps license.

Tunnels
See how many tunnels there are for this site, and view each tunnel's details. To download tunnels
data, select the Download icon.
• Tunnel Name—The tunnel's unique name.

Strata Cloud Manager Getting Started 270 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Prisma Access Location—The Prisma Access location for this remote network.
• Tunnel Status—Up, Down, Init, or Unavailable.
• Tunnel BGP Status—Up, Down, or Unknown.
• Tunnel Monitoring—If you have enabled Tunnel Monitoring, this column shows whether it's
Up or Down. If you haven't enabled it, this column shows Not Configured.
• Average Throughput—The average bandwidth for the tunnel for the selected time range.
• Peak Throughput—The peak bandwidth for the tunnel for the selected time range.
• Source IP Address—The source IP address.
• Destination Endpoint Address—IP or FQDN address for Prisma Access to determine whether
the tunnel is up.
• Disconnections—Number of disconnections during the selected time range.
• Disconnections Duration—How long, in seconds, the tunnel is disconnected during the
selected time range.
Select a Tunnel Name to see its Tunnel Status, Bandwidth Consumption Trend, and other tunnel
details.
Tunnels in High-Performance Branch Sites
The Tunnels table for RN-HP branches shows two different Prisma Access Locations for Active
and Backup tunnels. You can have as many as eight tunnels in your environment—four Active
and four Backup. The Tunnels table includes a column for Destination Endpoint Address. RN-HP
branches always show an FQDN specification.

Tunnel Trends
With Tunnel Monitoring enabled, you can select a number of tunnels and view their median
Round-Trip Time. If you don’t specify a set of tunnels, by default the median RTT is computed for
the 10 tunnels with the highest observed RTT.
Aggregated Tunnel Connectivity shows you the total number of connected tunnels for the
selected time range. Hover over either graph to see the number of connections at a specific time.
Commits Pushed shows how many commits were pushed during the selected Time Range and
when the Last Push Commit occurred.

Strata Cloud Manager Getting Started 271 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Site Status
Site Status shows site availability during the time range selected. Green means the site was up
during this time, red means the site was down, and gray means no data was available during the
time shown.

Branch Sites (Prisma SD-WAN)

You can set up a branch site before or after the ION devices arrive at a given site. The branch site
in Prisma SD-WAN provides the following views:
• The Map view of the branch site provides the connectivity status of your branch site devices
to the controller and the alarm status for the site. When a branch site is selected the following
information is displayed:
• Site Summary: is used for Analytics and Troubleshooting.
• Configurations: is used for Site and Device Configuration.
• Overlay Connections: is used to view the status of all VPN Overlay Connections.
• The List view shows you how many sites were active during the Time Range selected and
the overall health metrics of the branch sites. A poor site's average score is the average of all
the poor samples of sites identified as poor. The time-series graph is computed and refreshed
based on the selected duration. For example, supported durations are one hour, three hours,

Strata Cloud Manager Getting Started 272 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

24 hours, seven days, 30 days, and 90 days and the interval is one minute, five minutes, one
hour, and one day, respectively.
• Site Connectivity Health Distribution: The distribution of Good, Fair, and Poor sites graph
for a given tenant based on the latest site connectivity health distribution.
• Site Connectivity Health Distribution Over Time: The time series graph of the health score
running devices software 5.6.1 or higher.
• Site Application Experience Score: The site application experience score.
• Prisma SD-WAN Branch Sites: View the site health, site connectivity health, circuit health,
secure fabric health, and the approaching capacity threshold of a branch site. You can
further drill down and filter a branch site by site prediction, alarm status, and ADEM status.
• The Activity view presents key application analytics, the latest site health score and site health
distribution over time. These include:
• Site Health Distribution: displays the distribution of Good, Fair, and Poor sites graph for a
given tenant based on the latest site health score.
• Site Health Distribution Over Time: displays the time series graph of site health distribution
over time for a given tenant based on the health score for a branch site.
• Bandwidth Utilization: displays bandwidth utilization of each application on a site and WAN
path, with data on the top ten apps that consume the most bandwidth in the network.
• Transaction Stats: displays transaction statistics on TCP flows, including initiation/
transaction successes and failures for a specific application or all applications, a particular
path or all paths, and all health events.
• New Flows: displays new TCP and UDP flows for an application, a specific set of
applications, or all applications for a given period.
• Concurrent Flows: helps you understand how many connections are active on your network
by application.

Strata Cloud Manager Getting Started 273 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Data Centers

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
ADEM Observability
Autonomous DEM for Remote Networks
AI-Powered ADEM
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Monitor how the service connections, ZTNA connectors, and site connectivity are performing in
and Prisma SD-WAN data centers. Select the Insights > Prisma SASE > Data Centers > Service
Connections or ZTNA Connectors tab to view the health and status of the service connections
and ZTNA connectors in Prisma Access.
For each Prisma SD-WAN data center, select Insights > Prisma SASE > Data Centers >
Prisma SD-WAN to view the site connectivity information and the status of the VPN overlay
connections.
• Service Connections
• Configuration: ZTNA Connectors
• Prisma SD-WAN

Service Connections
See aggregated service connections data as well as information about individual service
connections. Beyond providing access to corporate resources, service connections allow your
mobile users to reach branch locations. You can view your service connections in Strata Cloud
Manager to see service connection status, bandwidth consumption trends, tunnel data and trends,
and information about overall service connection health. Select Insights > Prisma SASE > Data
Centers > Service Connections to get started.

Strata Cloud Manager Getting Started 274 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Service Connections by Status

You can view the health status of all your service connections. The color-coded chart shows you
a distribution of how many service connections are up, down, or need attention. You can view a
synopsis of the bandwidth your service connections consumed in the last 30 days.

Bandwidth Consumption shows the highest peak bandwidth consumed by a site across all sites
for the per-site bandwidth allocation model. The peak values are computed for the selected time
filter duration.

Bandwidth Consumption Trend

View Bandwidth Consumption Trend per Service Connection. The trend shows the bandwidth
consumption by each of your service connections, as well as their average and peak utilizations.
• The default view shows Cumulative (Ingress + Egress) bandwidth consumption. Other options
are Ingress, Egress, or Ingress vs. Egress.
• View the Peak, Median, or Average bandwidth consumption trend during the selected time
range. The default setting is Peak bandwidth consumption.
• Log Scale or Linear Scale.
• Select 1 to 10 Service Connections to view their trend lines on the graph during the selected
time range. Hover over the graph to information about each of the service connections you
selected.

Baselines in Widgets

Strata Cloud Manager Getting Started 275 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly
onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Service Connections Table

The Service Connections table shows you data about your service connections, such as the
status, the remote IP address, BGP status, current tunnel status, and other data. Select a Service
Connection Name for details about that service connection.
• Service Connection Name—The service connection's unique name.
• Site Status—Up, Down, Warning, or Unknown.
• Transport Type—IPSec.
• Remote IP—The remote IP address.
• BGP Status—Whether the site BGP status is Up, Down, or Unknown.
• Tunnels Status—The number of the site's tunnels and how many of those tunnels are up.
• Tunnel BGP Status—The BGP status for each tunnel.
• Service Connection Endpoint IP—The service connection's endpoint IP address.

Strata Cloud Manager Getting Started 276 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Service Status—This field indicates the status of the instance or firewall to which the site is
connected. The status can be Up, Down, or Unknown.
• Prisma Access Location—The service connection's Prisma Access location.
• Average Bandwidth Consumption—Average bandwidth consumption in Kbps.
• Peak Bandwidth Consumption—Peak bandwidth consumption in Kbps.

Service Connection Details

Select any Service Connection Name to view its details. View its Service Connection Status,
Bandwidth Consumed during the last 30 days. The Bandwidth Consumption Trend chart shows
bandwidth consumption by each of your service connections during the selected time range.
Site Status
Select any Service Connection Name to view its Site Status, where you can see its Connectivity
and BGP Status (Up, Down, Inactive, or Not Available). View the bandwidth Peak Consumption
for the selected time interval.

Route Table Visibility

To help you address reachability challenges, we offer visibility into the route table at each service
connection. You can perform a route table search for a destination IP address to determine
whether there is a route available to reach the desired destination. With this information, you can
receive guidance from your Prisma Access infrastructure to investigate other potential causes
of failure. This knowledge allows you to focus your efforts on resolving any issues affecting
reachability.
Select View Routing Table to see this branch's Routing Table, which has IP routes for destinations
available at the branch from Prisma Access.
• Use the search bar to select the destination or look up the route.

Strata Cloud Manager Getting Started 277 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Use the drop-down to filter by Flag.

The routing table shows:
• #—Route number
• Destination—IP address and subnet of the reachable network.
• Next Hop—IP address of gateway at the next hop toward the destination network. A next hop
of 0.0.0.0 indicates the default route.
• Metric—Metric for the route determined by the routing protocol.
• Flag—Information for this route, as follows:
• • A B—Active and learned from BGP.
• A C—Active and connected. Destination—network.
• A H—Active and connected. Destination—host only.
• A R—Active and learned from RIP.
• O1—OSPF external type-1.
• O2—OSPF external type-2.
• Oi—OSPF intra-area.
• Oo—OSPF interarea.
• S—Inactive and static.
• A S—Active and static.

Strata Cloud Manager Getting Started 278 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Bandwidth Consumption Trend

The Bandwidth Consumption Trend shows Cumulative (Ingress + Egress) information by default.
• Use the drop-down to view the bandwidth consumption chart by Ingress, Egress, Ingress Vs.
Egress, or Cumulative (Ingress + Egress).

• View the Bandwidth Consumption Trend chart metrics by Peak (default), Average, or Median
for the branch site.

Strata Cloud Manager Getting Started 279 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Tunnels
See how many Tunnels there are for this service connection, and view each tunnel's details. To
download Tunnels data, select the Download icon.

Tunnel Trends
You can select a number of tunnels and view their median Round-Trip Time. If you don’t specify a
set of tunnels, the median RTT is computed for the 10 tunnels with the highest observed RTT.
Aggregated Tunnel Connectivity shows you the total number of connected tunnels for the
selected time range. Hover over either graph to see the number of connections at a specific time.
Commits Pushed shows how many commits have been pushed during the selected Time Range
and when the Last Push Commit occurred.

Strata Cloud Manager Getting Started 280 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Site Status
Site Status shows site availability during the time range selected. Green means the site was up
during this time, red means the site was down, and gray means no data was available during the
time shown.

Health
Health shows you the Site Status, and it shows the name and status of each tunnel in the site.

Connectivity
Connectivity shows the Prisma Access location the site is connected to, its source and destination
IPs, and the Prisma Access node status.

Strata Cloud Manager Getting Started 281 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Consumption
Consumption shows bandwidth consumption details.

Configuration: ZTNA Connectors

Zero Trust Network Access (ZTNA) Connector simplifies private application access for all
your applications. The ZTNA Connector VM in your environment automatically forms tunnels
between your private applications and Prisma Access. View a summary of all configured ZTNA
connectors, including the Application Targets associated with the connector, its average and
median bandwidth, and the Status (Up, Partially Up, or Down). Select in Strata Cloud Manager to
see how your ZTNA connectors and connector groups are performing.

Total Connector Groups

Select the Total Connector Groups to get the details about the Connector Groups and the
associated Connectors. You can filter the information using:

Strata Cloud Manager Getting Started 282 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Time Range: Select and available range or use a custom range.

• PA Location: Select the location as per your requirement.
• Connector Group: List of available Connector Groups.
• Status: Select either Up, Down or Partially Up.

• If all Connectors in a Connector Group are up, the Status is Up (green).

• If all the Connectors are down, the status is Down (red).
• If some Connectors are up and some are down, the Status is Partially Up (orange).
• Disabled Connectors appear as gray.
On the right-side of the screen, you get the details such as Group Name, Connector Status,
Targets for the Connector Group.

Select Connector Status and then Action, to get the Device Metrics (Memory, CPU, Bandwidth,
and Connector Availability).

Strata Cloud Manager Getting Started 283 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Select Target to get the following details such as Target, Status, FQDN/IP Subnet, and Enabled.

Total Wildcards
Wildcards—For wildcard-based apps, create an FQDN-based Connector Group, and then, specify
the wildcard to use (for example, *.example.com) for the app target. When users access sites that
match the wildcard, those apps are automatically onboarded for access from ZTNA Connector for
your mobile users and remote network users.
Total Wildcards summarizes how many Wildcard rules you have onboarded. This is the number
of wildcard rules that you created, which is a different total than the number of apps discovered
as a result of creating these rules. Select the number next to Total Wildcards to get the following
details such as Wildcard, Connector Group, Targets, and Enabled.

Select Action to get the bandwidth.

Target
FQDNs—Prisma Access resolves the FQDNs of the applications you onboard to ZTNA Connector
to the IP addresses in the Application IP address block.

Strata Cloud Manager Getting Started 284 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

IP Subnets—Create an IP subnet-based Connector Group, and then enter the IP subnet to use for
the app target.
Select the number to view the total number of FQDNs and get the details such as Target, Status,
FQDN, Connector Group, and Enabled.

Select Action to get the bandwidth.

Select the number to view the total number of IP Subnet and get the details such as Target,
Status, IP Subnet, Connector Group, and Enabled.

Data Centers (Prisma SD-WAN)

Prisma SD-WAN sites include data centers that you wish to have in your wide area network. You
can host enterprise applications and services in a data center. As part of creating a data center,
you can select a default domain and policy set, set up WAN networks, circuit categories, circuit
labels, and circuit specifications. The Prisma SD-WAN Data Center screen displays the list of data
centers with the data center name, the ION device, and any open alarms for the site.
For a data center, you see:
• The Configuration tab that shows you the site connectivity information, deployment modes,
WAN multicast peer group profiles, Internet and private WAN circuits, and IP Prefixes. You can
also configure a User Agent and view details of the cluster configuration for the data center.

Strata Cloud Manager Getting Started 285 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• The Overlay Connections tab shows you the status of all VPN overlay connections. Each site's
connectivity is computed based on the status of its VPN overlay connections.

Strata Cloud Manager Getting Started 286 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: ION Devices

Where Can I Use This? What Do I Need?

• license
→ The features and capabilities available to
you in depend on which license(s) you are
using.

ION Devices in Prisma SD-WAN enable you to combine disparate WAN networks, such as; MPLS,
LTE, and internet links, into a single, high-performance, hybrid wide area network (WAN).
The Device List screen provides information on the list of Prisma SD-WAN devices including the
software version and status of the ION device, where you can upgrade the device’s software
version or configure a device.

Entity Description

Device Name Displays the name configured for the ION

device.

Device Info Displays the type and serial number of the

ION device.

Software Displays the current software version of the

device. Click Upgrade to change the device
software version.

Last Activity Displays information on when the ION device

was last configured and upgraded.

State Displays the current state of the ION device.

Redundancy Displays if the ION device is part of a High

Availability (HA) configuration.

Actions You can choose to configure the ION device

from the ellipsis menu.

The Device Activity screen displays various device activity reports for a site in the last 24 hours.

Strata Cloud Manager Getting Started 287 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Prisma Access Locations

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

Select Insights > Prisma SASE > Prisma Access Locations to get started. From here, you can view
the health of all your Prisma Access locations for your remote networks and mobile users.
It also shows the compute locations that correspond to the locations you have onboarded.

Top 5 Prisma Access Locations

The bars show data about the Top 5 Prisma Access locations for remote networks, service
connections, GlobalProtect™ mobile users, or Explicit Proxy mobile users, based on the total
bandwidth consumed during the selected time range. Hover over any bar to see how many users
are in that particular location.

Strata Cloud Manager Getting Started 288 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Prisma Access Location Status

Depending on your license, this widget shows the number of connected remote network sites,
service connection sites, unique GlobalProtect users, and unique explicit proxy users logged
in to Prisma Access. The widget's pie charts are based on how many remote networks, service
connections, GlobalProtect users, and Explicit Proxy users are in the following status:
• Up (green)—All cloud firewalls for this Prisma Access location are Up.
• Down (red)—All cloud firewalls for this Prisma Access location are Down.
• Need Attention (orange)—Some cloud firewalls for this Prisma Access location are Up and
some are Down.

Strata Logging Service Connectivity to PA Compute Locations

The Strata Logging Service Connectivity to PA Compute Locations widget gives you visibility into
the Strata Logging Service connectivity health status from all your Prisma Access instances for the
Strata Logging Service region that you selected during your Prisma Access license activation.
• Connected—Strata Logging Service is receiving logs from all cloud firewalls in this compute
location.
• Disconnected—Strata Logging Service isn’t receiving any logs from any of the cloud firewalls in
this compute location.
• Partially Connected—Strata Logging Service is receiving logs from some but not all of the cloud
firewalls in this compute location.
Each tenant can connect to only one Strata Logging Service instance in any region of its choice.
Prisma Access polls the Strata Logging Service database every 5 minutes to check for connectivity
between the nodes (Remote Networks, Service Connections, GlobalProtect, and Explicit Proxy)
and the Strata Logging Service database.

View User IP Mappings

The View User IP Mappings widget enables you to view User ID-to-IP address mappings of the
currently connected users. This widget only shows the information of the currently connected
users.

Strata Cloud Manager Getting Started 289 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Click Users and Search Mappings to view the username-to-IP address mapping. Clicking the
username shows the user groups that the user is a part of.
• Click User Groups and Search Mappings to view all users that are a part of a particular User
Group. Clicking the user group names shows all the currently connected users in that group.

Prisma Access Locations and PA Compute Location

View the Prisma Access Locations status in real time. In a specific location, if a user logs in from
multiple hosts, the user is counted as a single user, but if any user logs in from two different
Prisma Access locations by disconnecting from one and logging in from another within the time
period, the user is counted as two users. Select a location to view details, such as bandwidth
consumed, status, Strata Logging Service Connectivity, and User-ID and group mappings.

To download this table to a .csv file, click the Download arrow next to the View User IP
Mappings button.

Field Description

Prisma Access Location The Prisma Access location.

Prisma Access Location Status The status of the Prisma Access location
(either Up, Down, or Need Attention).

PA Compute Locations The compute location that corresponds to the

selected location.

SLS Connectivity to PA Compute Locations The connectivity status between Strata

Logging Service and the compute location that
corresponds with the selected location (either
Up, Down, or Need Attention).

SLS Disconnection from PA Compute The number of disconnection events between

Locations Strata Logging Service and the instances in
that compute location that occurred in the
selected time range selected.

MU Cloud Agent Experience (Autonomous DEM License Required) The

end-to-end performance metrics from the
selected Prisma Access location to the
applications that are being monitored for that
location.

GlobalProtect Connected Users The number of GlobalProtect users currently

logged into the selected location.

Strata Cloud Manager Getting Started 290 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Field Description

Devices of Monitored Users The total number of user devices that are
connected to Prisma Access through the
Autonomous DEM agent.
Since GlobalProtect users can have more than
one device connected, this number can be
greater than the number of logged-in users.

RN Cloud Agent Experience (Autonomous DEM License Required) The

end-to-end performance metrics from the
selected Prisma Access location to the
applications that are being monitored for that
location.

Connected Sites (Remote Network Deployments Only) The

number of remote network sites that are
connected to instances in this Prisma Access
location.

Connected Data Centers (Service Connection Deployments Only) The

number of service connection sites that are
connected to instances in this Prisma Access
location.

Strata Cloud Manager Getting Started 291 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Network Services

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
ADEM Observability
Autonomous DEM for Remote Networks
AI-Powered ADEM
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

From the Insights > Prisma SASE > Network Services page, you can view the performance of
common network services that affect your user experience for accessing applications. Select
the GlobalProtect Authentication tab to view the authentication success or failure counts for
GlobalProtect for different locations. Select Network Services: DNS to see DNS Proxy requests
and responses received across tenants with respect to Prisma Access DNS Proxy.
• GlobalProtect Authentication
• DNS

GlobalProtect Authentication
You can see the performance of common network services that affect your user experience
for accessing applications. Network services include reporting the number of GlobalProtect
authentication successes and failures as a measure of mobile users being able to connect to
Prisma Access and displays of DNS proxy requests and responses forwarded to servers during
a time range you specify. Select Insights > Prisma SASE > Network Services > GlobalProtect
Authentication to get started.
• Set the Time Range filter to review network services data for that time range.
• Specify a Prisma Access Location to view its authentication success, total failures, and timeout
failures in the time range selected.

Strata Cloud Manager Getting Started 292 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The data represents how many mobile users at a given time are trying to authenticate to a
GlobalProtect portal, which then sends the mobile users’ credentials for verification to an on-
premises active directory (AD) server, resulting in an authentication success or failure. If you see
a large number of authentication failures, you can correlate the failures with a network event
that indicates a problem with a certain location or an on-premises authentication server that
was down. The data in these charts provide troubleshooting insights for network administrators
who resolve network issues. You can view the count of authentication success or failure
trends for mobile users at GlobalProtect portals and gateways, use this data to learn about the
patterns of authentication successes or failures over time, and establish count ranges that can be
normal or anomalous in your Prisma Access deployment. For example, anomalous counts could
indicate existing users’ inability to connect to Prisma Access because to availability issues with
GlobalProtect portals or slow authentication servers. Or, anomalous counts might represent large
numbers of users onboarded to the customer’s network all at once.

GlobalProtect Authentication Success

View specifics about authentication success counts for GlobalProtect for different locations.
Hover your cursor over any point in the graph to see details about the user counts for successful
authentications at different Prisma Access location sites shown at a particular time.

GlobalProtect Authentication Total Failures

View specifics about authentication failure counts for GlobalProtect for different locations.
Hover your cursor over any point in the graph to see details about the user counts for failed
authentications at different Prisma Access location sites shown, such as US East and Canada East,
at a particular time.

Strata Cloud Manager Getting Started 293 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

GlobalProtect Authentication Timeout Failures

View specifics about authentication failure count for GlobalProtect for different locations.
Hover your cursor over any point in the graph to see details about the user counts for failed
authentications at different Prisma Access location sites shown, such as US East and Canada East,
at a particular time.

DNS
Select Insights > Prisma SASE > Network Services > DNS to get started.
Network Services: DNS displays DNS Proxy requests and responses. You can use the following
filters:
• Time Range
• DNS Proxy Names
DNS Proxy filter values are related to the last 30 days and are automatically selected when you
load (that is, if there is no Explicit Proxy data, then there is no Explicit Proxy filter). For more
detailed information, see View and Monitor Network Services.

Requests Sent
View network requests and queries forwarded to servers over the time range you specify. Hover
your cursor over any point in the graph to see information about the requests sent to the DNS
proxy servers at that time. If you selected a proxy name on which to filter, you see the data for
that proxy.

Strata Cloud Manager Getting Started 294 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Responses Received
View the total responses received across tenants during the time range you specify. Hover your
cursor over any point in the graph to see information about the responses received at that time. If
you selected a proxy name on which to filter, you see the data for that proxy.
Baselines in Widgets
If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly
onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Strata Cloud Manager Getting Started 295 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Prisma Access Usage

Where Can I Use This? What Do I Need?

• One of these:
license

→ The features and capabilities available to

you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Insights > Prisma Access Usage to get started.

What does this dashboard show you?

See how you’re leveraging what’s available to you with your license, and get a high-level view into
the health and performance of your Prisma Access environment.
Prisma Access Usage data includes:
• An overview of your Prisma Access usage—your licenses, Prisma Access locations, and mobile
user capacity and/or bandwidth utilization
• Top Prisma Access locations for mobile users and remote networks
• Overall bandwidth consumption for remote network and service connection sites, and the
highest-consuming remote network and service connection sites
• Tunnel disconnection trends, including the most impacted tunnels

Strata Cloud Manager Getting Started 296 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The dashboard shows the aggregated data per Prisma Access tenant.

This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.

How can you use the data from dashboard?

This dashboard helps to get visibility into the Prisma Access usage in your network and adjust
your configuration settings based on the dashboard data.

Strata Cloud Manager Getting Started 297 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Capacity Analyzer

Where Can I Use This? What Do I Need?

• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Capacity Analyzer allows you to analyze and monitor your devices' resource capacity by keeping
track of their metrics usage based on their model types. Capacity Analyzer provides the following
benefits:
• A comprehensive understanding of the existing metric utilization and the unutilized metric
capacity up to the maximum limit.
• A heatmap visualization that showcases metrics usage with respect to the hardware platforms
in a single view and helps drill-down into details.
• The ability to plan for upgrading to higher capacity firewalls based on your specific needs.

The Capacity Analyzer feature is not supported for the VM-Series firewalls.

Capacity Analyzer is enhanced to support alerts that help you to anticipate resource consumption
nearing its maximum capacity and trigger timely notifications. The Capacity Analyzer alerts are
generated three months in advance identifying potential capacity bottlenecks. This helps you
to plan configuration cleanup or upsize NGFW capacities before they hit maximum usage and
maintain system stability. See Premium Health Alerts for the list of supported Capacity alerts.
Capacity Analyzer supports the following metrics:
• Configuration resource metrics:
• ARP table size
• GlobalProtect™ Clientless VPN
• IKE Peers
• VPN Tunnels
• Address Objects
• Address Groups
• FQDN Address
• Service Objects
• Service Groups
• NAT Policies
• Security Policies
• Virtual Systems (Count)

Strata Cloud Manager Getting Started 298 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• System resource metrics:

• Dataplane (DP) CPU
• Management Plane (MP) CPU
• MP Memory
• Traffic resource metrics:
• Concurrent Decryption Sessions
• Sessions Table Utilization

The heatmap shows metrics usage for every device. The darker color represents a higher
utilization and the lighter color indicates a lower utilization. By default, the Multicolor View is
selected. You can switch to the Monochrome View as well.
Here are the different ways in which you can use the Capacity Analyzer heatmap to obtain
information about metric usage:

Strata Cloud Manager Getting Started 299 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Hover your cursor on a metric block for a device to view a tooltip that provides the following
details:
• Name of the metric
• Device model and list of devices
• Device capacity range

• Filter data using the following attributes:

• Metric - Select one or more metrics that you want to view or search using the metric name.
• Model - Select one or more device models or search using the model name.
• Capacity - Select the capacity on the Capacity Filter scale.
To learn more about how to use the Capacity Analyzer heatmap, see Analyze Metric Capacity.

Strata Cloud Manager Getting Started 300 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: SD-WAN Dashboard

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Insights > NGFW > SD-WAN Dashboard to get started.

To utilize this dashboard, you can set up a Software-Defined Wide Area Network (SD-WAN) on
Strata Cloud Manager for your Palo Alto Networks Next-Generation Firewalls.

What does this dashboard show you?

The NGFW SD-WAN dashboard shows you the performance metrics for links and application
traffic for cloud managed firewalls with SD-WAN.

How can you use the data from the dashboard?

This dashboard helps you with:
• Visibility into application and links performance metrics in your VPN clusters to troubleshoot
issues by viewing summary information across all VPN clusters.
• Drilling down to isolate the issues to affected sites, applications, and links.

Strata Cloud Manager Getting Started 301 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• Raising actionable alerts to investigate and remediate poor links and applications. With ML-
powered anomaly detection, normality band, and forecasting, the actionable alerts are based
on data-driven thresholds, and you will get insights around trends.

SD-WAN Dashboard: Application Health

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The dashboard shows:

• The total number of applications for the selected time duration and VPN cluster.
• The number of impacted applications, that is, one or more applications in the VPN cluster for
which none of the paths have jitter, latency, or packet loss performance that meet the specified
thresholds in the Path Quality Profile in the list of paths from which the firewall can choose.
• The number of applications whose health is good, that is, applications in the VPN cluster that
are not experiencing jitter, latency, or packet loss performance issues.

SD-WAN Dashboard: Top Impacted Applications

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits

Strata Cloud Manager Getting Started 302 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

For the selected time duration and VPN cluster, Strata Cloud Manager displays your top 5
impacted applications based on their computed percentage of impacted traffic out of total bytes.
A higher computed percentage indicates a greater impact on the application.

Click View More to check all the impacted applications.

Strata Cloud Manager Getting Started 303 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 304 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Furthermore, click an application to view its details including traffic and the used links. You can
also click a used link to view its details.

Strata Cloud Manager Getting Started 305 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 306 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

SD-WAN Dashboard: Impacted Applications

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Chart shows a trend showing impacted applications in the last 24 hours. Hover your cursor
over the trend line to view impacted applications at a specific point of time.
• Click View Alerts to view the associated alerts that are raised due to the impacted applications.

SD-WAN Dashboard: Link Health

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• The total number of links for the selected time duration and VPN cluster.
• The number of links classified as Critical, Warning, and Good.
• Click the number link for Critical to view the alerts raised due to SD-WAN link performance.

Strata Cloud Manager Getting Started 307 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

SD-WAN Dashboard: Top Worst Links

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

For the selected time duration and VPN cluster, Strata Cloud Manager displays your top 5 worst
links based on the computed average of the interface metrics (Tunnel downtime, Latency, Jitter,
and Packet Loss). The links are ranked based on the priority of Tunnel downtime, Latency, Packet
Loss, and Jitter. A higher computed average indicates the poor quality of the links.

Strata Cloud Manager Getting Started 308 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

You click View More to check all the impacted links.

Furthermore, click a link to view its details including charts based on link performance.

Strata Cloud Manager Getting Started 309 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

SD-WAN Dashboard: Poor Links

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Chart shows a trend showing poor links detected in the last 24 hours. Hover your cursor over
the trend line to view poor links at a specific point of time.
• Click View Alerts to view the associated alerts that are raised due to the poor links.

Strata Cloud Manager Getting Started 310 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

SD-WAN Dashboard: Health By Cluster and Sites

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

View the number of links, their health, and the impacted applications for every site.

Click the number links under these columns to view details about them.

Strata Cloud Manager Getting Started 311 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Status and Monitoring

Where Can I Use This? What Do I Need?

• NGFWs or
(with or configuration management) Software NGFW Credits
(for VM-Series software NGFWs)

Monitor the health and performance of your NGFW devices in a unified view through Insights
> NGFW > Status and Monitoring. This feature facilitates a seamless transition from Panorama-
based monitoring to Strata Cloud Manager, offering a consolidated perspective of both your
NGFW and Prisma Access environments.
You can get an overview of your deployed devices:
• Total Onboarded Devices
• Quantum Readiness
• Sending logs to SLS
• Sending Telemetry
• with Delayed Telemetry
• Number of Models
• ➡ of Software Versions
You can filter the devices based on their type, model, software version, host name, serial number
and telemetry status. You can also Export the list of devices.
Toggle Quantum Readiness to view the devices that are quantum ready and not ready.

Strata Cloud Manager Getting Started 312 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

View Device Details

By selecting a device from the NGFW List visualization or by following a link from elsewhere
in the app, you can view specific details about a firewall or Panorama appliance, such as health
grade, metrics, connections, and more.

Device Health Grade

The current health grade of the device and a chart showing its history over the past 30<x> days.
Possible health grades are Good, Fair, Poor, and Critical.
Health Grade After Remediation
The health grade of the device after you have addressed open alerts. This tile also shows you the
health of your overall deployment after closing alerts.
Total Alerts
The total number of open alerts on the device.
Top 5 Alerts
Five of the most common alerts on this device over the past 30 days.

Strata Cloud Manager Getting Started 313 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Overview > Device

Connections
The other devices
connected to the one
you are currently
viewing. Select a
device to view its
details.

Overview > Service

Connections
An overview of all
Security and Logging
services integrated
with the device. Select
a service to view its
details.

Strata Cloud Manager Getting Started 314 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Alert Timeline
A timeline of device
alerts and commit
events. Alerts are
categorized as Critical,
Warning, or Commit
Events. Toggle to view
the alert data in table
format.

Top Alert Types for

this Device
The most common
alerts over the past 30
days. Select an alert to
view its alert details.

Top 10 Application
Usage
The ten applications
using the most data on
the firewall.

Metrics for this

Device
A list of all health
metrics collected for
the security checks
run against the device,
including HA link data.
Select a metric to view
its details.

Strata Cloud Manager Getting Started 315 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 316 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Strata Cloud Manager Getting Started 317 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: SASE Health

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

What does this dashboard show you?

This dashboard shows you the overall health of your Mobile Users, Remote Sites, and Applications
(if you have purchased an AI-Powered ADEM license) that are currently connected to Prisma
Access. The numbers in the circles represent the number of users or sites that are currently
connected from the Prisma Access Location where they appear. A dot represents a single user or
site. The areas on the map that have a blue background indicate that the numbers shown in that
region are a prediction or forecast.
Filter the data shown in this dashboard with one or more of the following filters
• Time range
• Prisma Access Location
• Source Location

How can you use the data from dashboard?

Use the dashboard to get an overview and overall health of how many Mobile Users and Remote
Sites that are connected to Prisma Access categorized by their location on the map. You can view
their overall health in this dashboard too.

SASE Health Insights: Current Mobile Users - Map View

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard

Strata Cloud Manager Getting Started 318 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Current Mobile Users tab in the SASE Health dashboard shows you an overview of
the breakdown of Mobile User experience across all locations. The number in the circles
correspond to the number of Mobile Users who are currently connected to Prisma Access using
GlobalProtect. A dot represents a single Mobile User. A green circle or dot indicates Good
user experience score. Likewise, a red one indicates a degraded experience score. Degraded
experience scores comprise of Fair and Poor scores combined. The line chart to the right of
Current Mobile Users shows you a trend of the average experience scores for all Mobile Users
during the selected Time Range.

Click the number (representing the potentially degraded-experience user count) next to the
Potential Degraded Experience or Incidents to see the details of the degraded user experience in
a pane that opens on the left.

SASE Health Insights: Current Sites - Map View

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard

Strata Cloud Manager Getting Started 319 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

The SASE Health dashboard provides a unified view of the SD-WAN and third-party sites
connected to the Prisma Access remote network location. It displays a map view of sites and data
centers connected to Prisma Access Remote Networks and provides detailed metrics of on-site
connectivity and experience scores across networks. This enables you to monitor the status of
your remote sites and data centers.
This dashboard shows the number of configured sites connecting to Prisma Access Locations
worldwide. The number enclosed in parenthesis is the total number of connected sites and the
number to the right is the number of sites that are up with Good experience scores. Sites are
considered based on score for SD-WAN or tunnel status and incidents.
The blue line chart indicates the trend of average experience score for all sites over time. Below
the Current Sites you see the number of sites with degraded (Poor) experience score along with
the number of Incidents for all sites.
Use the detailed metrics and trend charts in the dashboard to monitor the health of distributed
sites and quickly troubleshoot any connectivity or performance issues by drilling down into
specific sites or regions. You can filter the data by Sites only, Sites and Data Centers, or Sites and
Prisma Access Locations.

If you have Juniper Mist integrated third-party sites, you will see Juniper Mist sites in the
dashboard. To know more about the integration, refer to Juniper Mist Integration.

To view the dashboard, navigate to Insights > Prisma SASE > SASE Health, select Current Sites
on the page. Drill down to a specific site to know the site details such as the PA location, DC
connected to, standard VPN, secure fabric, and any open incidents.

Degraded Site Experience displays the data by Incidents and Segments. Incidents, for SD-WAN
and Juniper Mist, are categorized into Infrastructure, network services, data centers, and third-
party sites. You can further drill down to a specific incident by selecting the incident you want to
investigate.
If you have ADEM enabled, you can view Site trend. Click the Experience Trends & Network
Topology icon to view a time series, followed by the end-to-end topology chart for Prisma SASE
sites.

Strata Cloud Manager Getting Started 320 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

SASE Health Insights: Monitored Applications

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

See the application availability metrics in the Monitored Applications tab of the SASE Health
dashboard. This dashboard shows you how many applications are monitored through ADEM
and how many of them are experiencing a degraded score. This number takes into consideration
the application experience for both Mobile Users and Remote Sites. Applications with Poor or
Fair application experience scores are considered as degraded experience. You can also see the
application's availability during the time range you select using the filter.

Strata Cloud Manager Getting Started 321 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

The number to the right of the application name tells you the percentage of time during the Time
Range that the application was available.

Strata Cloud Manager Getting Started 322 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Upgrade Recommendations

Where Can I Use This? What Do I Need?

• • At least one of these licenses is needed

• to manage your configuration with ; for
unified management of NGFWs and Prisma
Access, you'll need both NGFW and Prisma
Access licenses:
license

Use Strata Cloud Manager to plan and manage your software upgrades for NGFW and Prisma
Access. Here are the workflows that you can perform:
• Upgrade Recommendations: Create upgrade recommendations to determine the best software
version for your devices that can be upgraded. Software Upgrade Recommendations analyzes
the features enabled on firewalls and provides a customized recommendation.
• Prisma Access Upgrade Dashboard: Choose a preferred time window for certain Prisma Access
upgrades.
• NGFW - Scheduler: Schedule a PAN-OS software update to upgrade or downgrade your
firewalls to a target PAN-OS version at a date and time of your choosing.
• NGFW
• Prisma Access

Upgrade Recommendations (NGFW)

Select Insights > NGFW > Upgrade Recommendations to plan the upgrade of your devices by
analyzing them and creating upgrade recommendations.

Upgrade Recommendations
In Insights > NGFW > Upgrade Recommendations, you can create recommendations to
determine the best software version for your devices that can be upgraded. Software Upgrade
Recommendations analyzes the features enabled on firewalls and provides a customized
recommendation that includes:
• Best software version for your devices that you can upgrade.
• Information about new features, changes to behavior, vulnerabilities and software issues in
each recommended software version.
The types of upgrade recommendations are:
• System-generated recommendations that are generated every week and contain the suggested
upgrade options.

Strata Cloud Manager Getting Started 323 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

• User-generated custom recommendations that are generated based on the selected devices for
specific CVEs in Security Advisory Summary.
• User-generated recommendations that are generated based on the upload of a Tech Support
File (TSF) of a firewall.

For every plan in Upgrade Recommendations, you can:

• view the number of devices that require an upgrade and the must fix vulnerabilities.
• edit the name of a recommendation report to differentiate custom reports.
• filter the recommendation reports by Creation Date, Plan Name, and Recommendations
Generated By.
• delete an upgrade recommendation that is failed or no longer required.
Click a recommendation report to view the detailed report with the upgrade options for the
devices. Select an upgrade option to view further details about New Features, PAN-OS Known
Vulnerabilities, Changes of Behavior and PAN-OS Known Issues. For a known issue under
PAN-OS Known Issues, the value under Associated Case Count is obtained by the number of
customers that have reported this issue.
Click Export to download this report in a CSV format.

Generate On-Demand Software Upgrade Recommendations

1. Navigate to Insights > NGFW > Upgrade Recommendations.
2. Generate New Upgrade Recommendations.

Strata Cloud Manager Getting Started 324 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

3. Select a Tech Support File (TSF) and Upload.

• You can upload TSF of only one device at a time and it must be TSF in the .tgz file
format.
• Software Upgrade Recommendations supports TSF from devices with the PAN-OS
version 9.1 or above for report generation.

4. View the software upgrade recommendations after the status is displayed as Ready. You can
also check the Status column to see if there are any errors related to the upload, file format, or
processing of the TSF file.

Upgrade Recommendations (Prisma Access)

Select Insights > NGFW > Upgrade Recommendations > Prisma Access to view information
about the Prisma Access dataplane upgrade process.
You can:
• Understand the Prisma Access dataplane upgrade process.
• Choose your upgrade preferences:
Select a tenant name to choose your upgrade preferences.

Strata Cloud Manager Getting Started 325 ©2025 Palo Alto Networks, Inc.
Insights: Strata Cloud Manager

Insights: Access Analyzer

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

Select Insights > NGFW > Access Analyzer to start a new Access Analyzer query and view a table
of existing queries.

The Access Analyzer provides automatic monitoring of your SASE environment. It offers a
conversational AI tool for contextual troubleshooting and what-if analysis to analyze access and
connectivity issues in your SASE environment.
You can:
• Learn how to create a natural language query in Access Analyzer.
• Start a new Access Analyzer query.
• View a list of existing queries, and select any query from the table to view further details.

Strata Cloud Manager Getting Started 326 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud
Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• NGFWs
(with or configuration management)
•

Software NGFW Credits

(for VM-Series software NGFWs)
WAN Clarity Report license
A role that has permission to download, share,
and schedule reports.

Get reports on the network traffic patterns, bandwidth utilization, and your security subscription
data in Strata Cloud Manager. Reports provide actionable insight into your network that you can
use for planning and monitoring purposes.
Reports are supported on certain Prisma Access and NGFW dashboards, Activity Insights
overview, and Prisma SD-WAN. Prisma Access and NGFW users who have full access to use the
dashboard, can download dashboard data as PDFs, share the report within their organization, and
schedule reports to get delivered to their email inbox at regular intervals. Reports are a licensed
subscription service in Prisma SD-WAN. You can download and view reports from controllers,
across sites, and circuits in Prisma SD-WAN.
View these reports in Strata Cloud Manager.

327
Report Templates: Strata Cloud Manager

The SaaS Risk Assessment and GDPR reports have been migrated from SaaS Security >
Data Security > Reports to Strata Cloud Manager > Reports.

• Activity Insights-Summary
• Advanced Threat Prevention
• App Usage Report
• DNS Security
• Executive Summary
• SaaS Risk Assessment: Use the SaaS Risk Assessment Report to proactively identify problems
with how assets are stored and shared across all applications secured by Data Security and
take action to reduce exposure.
• GDPR: The GDPR Report summarizes evidence related to the data privacy regulations for your
sanctioned SaaS applications on Data Security.
• Network Activity
• User Activity
• WildFire

Strata Cloud Manager Getting Started 328 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

• View the following WAN Clarity reports in the Prisma SD-WAN tab:
• WAN Clarity Branch Reports
• WAN Clarity Data Center Reports
• Aggregate Bandwidth Usage Reports

Strata Cloud Manager Getting Started 329 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: Activity Insights - Summary

Activity Insights summary can be shared within your organization as PDF reports, and you also
schedule reports so that they’re delivered to your email inbox—and your colleagues’ inboxes—at
regular intervals (daily, weekly, or monthly).
So that you can easily share reports with people in your organization, set up Cloud Identity
Engine (Directory Sync) for this app. Cloud Identity Engine gives apps read-only access to your
Active Directory information. With Cloud Identity Engine set up, you can easily add recipients
to a scheduled report. Your report recipients are checked against Cloud Identity Engine, and if it
doesn’t find a match, it performs an extra validation step by checking the email address domain
against the email address domains associated with your support account. These checks ensure
that reports are not sent outside of your organization.
STEP 1 | To download, share, or schedule a report, select Reports > Report Templates > Activity
Insights-Summary and select any of these icons .
By default, reports are generated with the last 24 hours data or 30 days data based on the
type of dashboard for which you are generating report. You can customize the time period for
which you want to gather data in the report when scheduling the report.

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Interval for which to gather data
• the Schedule Parameters, which is the frequency at which you’d like the report to be
delivered (daily, weekly, or monthly)

STEP 3 | The downloaded report shows the summary of most seen applications, threats, users, URLs,
and rules in your network for the selected time period. For detailed information on the data
displayed in this report, see Activity Insights.

STEP 4 | Select the Scheduled Reports tab to view, edit, or delete the reports that have been
scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 5 | Select the History tab to view the list of reports generated in the past 30 days.

Strata Cloud Manager Getting Started 330 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: Advanced Threat Prevention

Use the Advanced Threat Prevention report to examine the threats detected on your network and
identify opportunities to strengthen your security posture. The report shows the following details:
• The delta between the threats that are allowed and blocked by your security rules.
• The source IPs and users responsible for generating command and control (C2) traffic.
Advanced Threat Prevention uses cloud-based engines and inline cloud analysis to detect and
analyze traffic for unknown C2 and vulnerabilities. Using the Threat Search and Log Viewer,
you can review the usage patterns of Source IP and analyze the threat sessions, download the
packet capture and cloud report to get additional context and leverage Palo Alto Networks
threat analytics data and improve your incident response processes.
• IPs targeted by vulnerability exploits. Advanced Threat Prevention uses cloud-based engines
and inline cloud analysis to detect and analyze this traffic. Using Threat Search, you can review
the usage patterns of the destination IP. Additionally, view logs to get context around the
threat.
• The threat sessions that matched the security policy rule and see if you need to modify the
policy rule to strengthen your security posture. You can further analyze the threats and
matching rules in Activity Insights.
STEP 1 | To download, share, or schedule a report, select Reports > Report Templates > Advanced
Threat Prevention and select any of these icons .

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Interval for which to gather data
• the Schedule Parameters, which is the frequency at which you’d like the report to be
delivered (daily, weekly, or monthly).

STEP 3 | Select the Scheduled Reports tab to view, edit, or delete the reports that have been
scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 4 | Select the History tab to view the list of reports generated in the past 30 days.

Strata Cloud Manager Getting Started 331 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: App Usage

Where Can I Use This? What Do I Need?

• Prisma Access (Managed by Strata Cloud Manager)

AIOps for NGFW Free (use the AIOps for NGFW Free ap
• Prisma Access (Managed by Panorama) or
AIOps for NGFW Premium license (use the Strata Cloud M
• NGFW (Managed by PAN-OS or Panorama) license
• NGFW (Managed by Strata Cloud Manager) Strata Logging Service license
• VM-Series, funded with Software NGFW Credits A role that has permission to view the
dashboard
Prisma Access license

Know the security challenges associated with the applications traversing your network.
Application Usage findings can help you to refine your security policy to control unsanctioned and
risky applications.
Application Usage report includes:
• An overview of the applications on your network, including risk, sanction status, bandwidth
consumed, and the top users of these applications.
• Applications and users with the most data transfer - Examine the activity of users who share
the most data viewed by amount of data transferred or number of applications used
• Applications blocked by your security policy rules. Review to see if all the high risk applications
are enforced appropriately in your network.
• Top application types and subcategories on your network. Application subcategories classify
applications into groups based on function; you can filter your logs based on application
subcategory to dive more deeply into the date you see here.
• Most heavily used applications by users on your network - Review the high risk applications in
detail under each subcategory. Users most contributing to the traffic, threats the applications
are exposed to, and statistics of WildFire submissions.
• Applications that use non-standard ports - Monitor the traffic from these applications that
are transferring data through non-standard ports. Refine the security policy rules for these
applications to prevent threats from entering your network. You have the search option to
filter users who are using the application and click View Logs to view traffic sessions related to
the application.
• Unsanctioned applications that are transferring the most amount of data and the users using
those unsanctioned applications. Review the traffic log and see if you need to modify the
enforcement by security policy rule to reduce the risk.
STEP 1 | To download, share, or schedule a report, select Reports > Report Templates > App Usage
Report and select any of these icons .

Strata Cloud Manager Getting Started 332 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Interval for which to gather data
• the Schedule Parameters, which is the frequency at which you’d like the report to be
delivered (daily, weekly, or monthly).

STEP 3 | Select the Scheduled Reports tab to view, edit, or delete the reports that have been
scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 4 | Select the History tab to view the list of reports generated in the past 30 days.

Strata Cloud Manager Getting Started 333 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: DNS Security

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
DNS Security or Advanced DNS Security
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The DNS Security dashboard and its associated reports have been deprecated. You can access the
related use cases on the Insights > Activity Insights > Domains page.
To view the DNS Security and Advanced DNS Security insights, generate a Security Lifecycle
Review (SLR) report. The DNS Security Analysis section of the SLR report provides detailed
insights into various aspects of DNS activity and threats including DNS Security Analysis
(Summary), Traffic Distribution, DNS Traffic Insight, Malicious Traffic Insights, Known Malware
and Families, Advanced DNS Security Resolver, and DNS Zone Misconfiguration.

Strata Cloud Manager Getting Started 334 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: Executive Summary

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
Licenses to unlock certain widgets in the
dashboard
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Executive Summary report shows you how your Palo Alto Networks security subscriptions
are protecting you. This report breaks down malicious activity in your network that these
subscriptions are detecting: WildFire, Advanced Threat Prevention, Advanced URL Filtering, and
Enterprise DLP. You can use this report to:
• Review all the malicious activity that the active Palo Alto Networks subscriptions are detecting.
See if you need to refine the subscription settings or security rule settings to close any security
gaps.
• Shows you industry data to gives you perspective on the threat landscape you’re facing and
how you stack up against your peers.
Executive Summary report includes:
• The numbers on the malicious activity your subscriptions are detecting and preventing:
• high-risk applications
• severe threats (exploits, malware, and C2)
• malicious web activity
• file-based threats (including never-before-seen threats)
• data loss
• the traffic logs for high-risk applications.

Strata Cloud Manager Getting Started 335 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

• the security policy rules that allow most threats. Review these rules to see where you can
enable stricter threat enforcement. Learn more
• The malicious web activity in your network, particularly the number of malicious web sites that
your users are attempting to access.
• Peer data in this report gives you a view into your industry’s threat landscape and how your
security coverage compares to similar organizations. This industry data is also shown for
subscriptions you’re not using; this helps you to see if there are places where you can increase
coverage to close security gaps.
• See how your Palo Alto Networks Enterprise DLP service is protecting your data by enforcing
data security standards. The report gives insights into the applications to which most uploads
are prevented by DLP and the total number of files that are blocked by DLP in your network.
You can also use this data to compare with your industry peers and benchmark your security
posture standards. Review the applications and source usernames to better understand where
the DLP incidents originated and manage them.
STEP 1 | To download, share, or schedule a report, select Reports > Report Templates > Executive
Summary and select any of these icons .

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Interval for which to gather data
• the Schedule Parameters, which is the frequency at which you’d like the report to be
delivered (daily, weekly, or monthly).

STEP 3 | Select the Scheduled Reports tab to view, edit, or delete the reports that have been
scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 4 | Select the History tab to view the list of reports generated in the past 30 days.

Strata Cloud Manager Getting Started 336 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: GDPR Report

The GDPR Report summarizes evidence related to the data privacy regulations for your
sanctioned SaaS applications on Data Security. Access to the report depends on your team and
your administrator role permissions:
• GDPR link is hidden if you do not have Report permissions.
• GDPR report only includes cloud apps for which you have Team permissions.
The report provides actionable intelligence around sensitive data exposure, user activities, your
security posture, and the personal data that resides on your applications; however, the report
does not provide a verdict for compliance.
You can export the report to help your GDPR regulator review how you collect, use, and share PII
data across your SaaS applications. For example, you can generate a report to view the number
of records transferred to a third country or an international organization, or to learn which
sanctioned applications are sharing data externally.
STEP 1 | To download, share, or schedule a report, select Strata Cloud Manager > Reports > Report
Templates > GDPR and choose the required action.
View the report and review evidence identified and possible compliance issues.

STEP 2 | Expand each section to review the report’s contents.

• Regulation—Summary of regulation.
• Article—Verbatim text of articles from the regulation.
• Evidence—Verdict and link to supporting cloud assets (folder icon), configurations (gear
icon), and actions (lightning bolt icon).
• Validation—Method used to determine compliance with the regulation.
• Cloud Apps—Applications with assets that pertain to this regulation.

STEP 3 | Select the Scheduled Reports tab to view the reports that have been scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 4 | Select the History tab to view the list of reports generated in the past.

Strata Cloud Manager Getting Started 337 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: Network Activity

Where Can I Use This? What Do I Need?

• Prisma Access (Managed by Strata Cloud Manager) AIOps for NGFW Free (use the AIOps for NGFW Free
• Prisma Access (Managed by Panorama) or
AIOps for NGFW Premium license (use the Strata Clou
• NGFW (Managed by PAN-OS or Panorama) license
• NGFW (Managed by Strata Cloud Manager) Prisma Access license
• VM-Series, funded with Software NGFW Credits Strata Logging Service license
A role that has permission to view the
dashboard

The Network Activity report shows what’s driving your network traffic. Dive in to see who
or what is using your network (users, apps, IP addresses, and countries), and the apps and
sites they’re accessing and their threat exposure. This report helps you understand the traffic
traversing your network, including source to destination flows, and all the users and IP addresses
generating traffic. This data helps to decide if you need to refine traffic attributes (source and
destination security zone, the source and destination IP address, the application, and the user) in
your security rules.
The report includes:
• insights into network activities such as the total data transfer, uploads, downloads, sessions,
and the number of users initiating sessions on your network. Review the traffic logs and see if
you need to refine traffic attributes in the security rules.
• the countries from which your network traffic is originating, and the countries with the most
users, apps, threats, files, URLs, sessions, and data transfer.
• the users initiating traffic on your network, the countries, applications, threats, files, URLs,
sessions, and data transfer associated with their network activity.
• the source IP addresses from which traffic is originating on your network, and the associated
countries, users, apps, threats, files, URLs, sessions, and data transfer.
STEP 1 | To download, share, or schedule a report, select Reports > Report Templates > Network
Activity and select any of these icons .

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Interval for which to gather data
• the Schedule Parameters, which is the frequency at which you’d like the report to be
delivered (daily, weekly, or monthly).

STEP 3 | Select the Scheduled Reports tab to view, edit, or delete the reports that have been
scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

Strata Cloud Manager Getting Started 338 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

STEP 4 | Select the History tab to view the list of reports generated in the past 30 days.

Strata Cloud Manager Getting Started 339 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: SaaS Risk Assessment Report

Use the SaaS Risk Assessment Report to proactively identify problems with how assets are stored
and shared across all applications secured by Data Security and take action to reduce exposure.
You can share this on-demand PDF report with your information security team for a periodic
check-in, or email it to your executives to highlight SaaS applications usage on your network and
how your security posture for SaaS data and applications compares against competitors in your
industry.
The SaaS Risk Assessment Report summarizes the following information across managed cloud
applications:
• key findings
• policy violations
• exposure of sensitive content
• top domains with which your users are sharing files
• users with the most incidents
• most popular file types
• incidents per file type
The contents of the report use the data available at the time you generate it, and it is a snapshot
of the findings up to the time you make the request: you can neither configure a time period nor
schedule this on-demand report.
STEP 1 | To download, share, or schedule a report, select Strata Cloud Manager > Reports > Report
Templates > SaaS Risk Assessment and choose the required action.

STEP 2 | Select the Scheduled Reports tab to view the reports that have been scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 3 | Select the History tab to view the list of reports generated in the past.

Strata Cloud Manager Getting Started 340 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: User Activity

Where Can I Use This? What Do I Need?

• Prisma Access (Managed by Strata Cloud Manager) AIOps for NGFW Free (use the AIOps for NGFW Free
• Prisma Access (Managed by Panorama) or
AIOps for NGFW Premium license (use the Strata Clou
• NGFW (Managed by PAN-OS or Panorama) license
• NGFW (Managed by Strata Cloud Manager) Prisma Access license
• VM-Series, funded with Software NGFW Credits Advanced URL Filtering license
Cloud Identity Engine license
Advanced Threat Prevention license
Strata Logging Service license
A role that has permission to view the
dashboard

Get visibility into an individual users’ browsing patterns: their most frequently visited sites, the
sites with which they’re transferring data, and attempts to access high-risk sites.
The data here is based on what’s reported in your URL Filtering logs. This report also depends on
the Cloud Identity Engine (formely Directory Sync)—the Cloud Identity Engine gives you read-
only access to your Active Directory information, so you can filter this report based on user. If you
haven’t yet set up the Cloud Identity Engine, here’s how. Or, if you already have it set up, here’s
how to integrate the Cloud Identity Engine with your app.
Monitoring the user activity helps to detect and stop potential threats, protect sensitive
information being misused, and adjust your security policy rule to close security gaps. The report
includes the following data.

Browsing Summary See the numbers for the types of sites with
which the user had the most data transfer and
Requires Advanced URL Filtering number of site visits by the user.
license.

Top 10 Most Visited URL CategoriesRequires View the top URL categories for the user
Advanced URL Filtering license. based on data transfer. You can also see the
number of unique URLs visited that fall into
each URL category.

Web Browsing Risk Summary Out of the unique URLs visited by the user,
watch out for visits to malicious and high-
Requires Advanced URL Filtering risk URLs — these sites can expose your
license. network to threats, data loss, and compliance
violations. If you see more visits to these sites

Strata Cloud Manager Getting Started 341 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

than you’d expect, adjust your security policy

rule to close the gaps.

Most Visited Sites Review the risk level for the most frequently
visited sites by the user. High risk URLs need
Requires Advanced URL Filtering to be monitored as they are likely to expose
license. your network to threats.

Blocked URLs with the Most Attempted These are the blocked URLs that the user
Visits most frequently attempted to access. Review
URL filtering logs and see if you need to
Requires Advanced URL Filtering adjust the security policy rule to change the
license. action.

Severe Threats View the total threats detected for the user
and the numbers based on the severity of the
Requires Advanced Threat threats. Compare with the number with other
Prevention license. users. Adjust the security policy rule if the
numbers are unusually high.

Top Severe Threats These are the threats most frequently

detected for the user. Learn more.
Requires Advanced Threat
Prevention license

STEP 1 | To download, share, or schedule a report, select Reports > Report Templates > Advanced
Threat Prevention and select any of these icons .

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Interval for which to gather data
• the Schedule Parameters, which is the frequency at which you’d like the report to be
delivered (daily, weekly, or monthly).

STEP 3 | Select the Scheduled Reports tab to view, edit, or delete the reports that have been
scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 4 | Select the History tab to view the list of reports generated in the past 30 days.

Strata Cloud Manager Getting Started 342 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Report Templates: Wildfire

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Use this report to:

• monitor WildFire submissions and get details of WildFire samples submitted to WildFire cloud
for analysis.
• view details of targeted users, the applications that delivered the files, the firewalls that
submitted the samples for analysis, and all URLs involved in the command-and-control activity
of the files.
For more information, see WildFire dashboard.

Strata Cloud Manager Getting Started 343 ©2025 Palo Alto Networks, Inc.
Report Templates: Strata Cloud Manager

Reports (Prisma SD-WAN)

Prisma SD-WAN WAN Clarity reports provide an aggregate view of traffic distribution and
bandwidth utilization in your network. You can download the entire reports package or view the
reports from the Prisma SD-WAN controller, allowing for week-over-week trend comparisons, as
well as comparisons across sites and circuits.
Reports are available for immediate use as a licensed subscription service. Contact the Prisma SD-
WAN sales team to enable the subscription.
STEP 1 | Select Reports > Report Templates > Prisma SD-WAN.

STEP 2 | Click View Reports on WAN Clarity Reports.

The Prisma SD-WAN WAN Clarity reports include:
• WAN Clarity Branch Reports
• WAN Clarity Data Center Reports
• Aggregate Bandwidth Usage Reports

STEP 3 | Select a Time Range and select any of the following in the Report for field.
• Branch
• Data Center
• Aggregate Bandwidth Usage

Strata Cloud Manager Getting Started 344 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager gives you a common framework for interacting and investigating the
incidents and alerts that Palo Alto Networks products and subscriptions detect in your enterprise:
• Incidents: NGFW
• Incidents: Prisma Access
• Incidents: Prisma SD-WAN
To help you maintain the ongoing health of your devices and deployments, and to avoid
disruption to your business, explore each of the incidents and alerts pages to:
• View incidents and alerts across your network, and drill down to investigate.
• Create and review rules that trigger incident and alert notifications.
You can move between your incidents and alerts and the Log Viewer: Strata Cloud Manager to
investigate activity on your network that's triggering or is associated with incidents and alerts.

345
Incidents: Strata Cloud Manager

Strata Cloud Manager Getting Started 346 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Incidents: NGFW
Where Can I Use This? What Do I Need?

• , including those funded by Software One of the following licenses:

NGFW Credits
or

To help you maintain the ongoing health of your devices and avoid incidents that disrupt your
business, your applications generate incidents and alerts based on one or more issues that it has
detected with your firewall deployment. With Incidents > NGFW, you get a singular view of your
incidents and alerts across NGFWs.
Here’s how to get up and running with NGFW Incidents & Alerts:
• Incidents keep you informed about vulnerabilities. You can investigate them and take
preventive actions if necessary.
Navigate to Incidents > NGFW > All Incidents to view incidents across your network, and
interact with them.

• An alert indicates a specific problem (degradation or loss of firewall functionality) that needs to
be addressed. Alerts can also be generated based on correlation or aggregation across multiple

Strata Cloud Manager Getting Started 347 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

events. This aggregation of events into a single alert helps triage, streamline alert hand-off
between teams, centralize critical information, and reduce notification fatigue.
Navigate to Incidents > NGFW > All Alertsto view alerts across your network, and interact
with them.

• To define notification preferences, such as which alerts trigger notifications, how you receive
notifications, and how often you receive them, create a notification rule.
Navigate to Incidents & Alerts > Incident & Alert Settings > Notification Rulesto view and add
rules to trigger notifications.

• Strata Cloud Manager generates alerts and incidents that dynamically adjust based on the
metric’s historical value and your usage trends. You can adjust this setting to control the
sensitivity level of the anomaly detection algorithm.
Navigate to Incidents & Alerts > Incident & Alert Settings > Anomaly Sensitivity to configure
the sensitivity level of the anomaly detection algorithm.

Strata Cloud Manager Getting Started 348 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Incidents: Prisma Access

Where Can I Use This? What Do I Need?

• , including those funded by Software One of the following licenses:

NGFW Credits
or

Select Incidents & Alerts > Prisma Access to get started. The Incidents and Alerts available in your
environment depend on your licenses.

The Incidents & Alerts > Prisma Access page does not support custom roles.

Get an Overview
See an Overview of Incidents and Alerts information related to your Prisma Access environment.
The Incidents and Alerts available in your environment depend on your licenses.

See All Incidents

View the Incident List, which shows all incidents in your environment. Use the Add Filter drop-
down to select Incidents by the columns in the table (you can filter on more than one). From
within the table, select any Incident to view its detailed information.

Strata Cloud Manager Getting Started 349 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

View Priority Alerts

See Priority Alerts, which describe the status of your Prisma Access environment.

View Informational Alerts

View Informational Alerts, which notify you about upcoming software upgrades and status for
upgrades that are in progress or completed.

Notification Profiles
From Notification Profiles, you can view information about Notification Subscriptions and create
a new or modify an existing Notification Profile.

ServiceNow Audit Log

If you're using ServiceNow, you can review the ServiceNow Audit Log, which shows you each
ServiceNow Incident ID. It also shows you the ServiceNow operations performed on each
Incident, such as Create, Update, and Delete.

Incident Settings
From Incident Settings, you can customize the incidents you receive by Incident category and
Incident code.

Incidents and Alerts by Code

View incidents and alerts by their code IDs, understand the problems and issues they describe,
and find out how to remediate them. Incidents and alerts are categorized by license:
• AI-Powered ADEM Incidents
• ADEM Incidents
• Prisma Access Incidents
• Priority Alerts
• Informational Alerts
For information about Incidents and Alerts, see the Incidents and Alerts Reference Guide.
For information about ServiceNow integration, see Integrate ServiceNow with Prisma Access in
the Integrations Guide.

Strata Cloud Manager Getting Started 350 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Incidents: Prisma SD-WAN

Where Can I Use This? What Do I Need?

• license
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Prisma SD-WAN generates incidents and alerts when the system reaches system-defined or
customer-defined thresholds or there is a fault in the system. Use these incidents and alerts to
troubleshoot the system.
Select Incidents > Prisma SD-WAN to view incidents and alerts in Strata Cloud Manager.
Use the following tabs to navigate through incidents and alerts in Prisma SD-WAN.
• Overview
• Incidents
• Alerts
• Settings
Overview
View incidents and alerts and their categories in Prisma SD-WAN. The Overview tab is your
default view.
View the top incidents and alerts which display the following information.

Type of Incident Displays the category of the incident.

Description Displays the description of the incident.

Severity Displays the severity of the incident.

Priority Displays the priority of the incident.

Correlated Alerts Displays the number of incidents aggregated

in this incident.

Status Displays the status of the incident.

Created Displays when the incident was raised by the

system.

Last Updated Displays when the incident was last updated

by the system.

Strata Cloud Manager Getting Started 351 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Incidents
An incident is an indication of a fault in the system. Incidents are raised and cleared and vary in
severity:
• Critical—Whole or part of a network is down and requires immediate action.
• Warning—Impacts the network and needs immediate attention.
• Informational—Network is degraded and needs attention soon.
Alerts
An alert may or may not be an indication of a fault in the network. An alert is raised when the
system reaches system-defined or customer-defined thresholds.
Settings
Use the Settings tab to create incident policies to manage event code suppression based on the
specified classifications and action attributes configured. You can use incident policy rules to
suppress or escalate incidents that arise during a scheduled time period. In addition, you can also
change the default priority of system generated incidents to a priority level that is more aligned
with your business requirements.

Strata Cloud Manager Getting Started 352 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Incidents
Where Can I Use This? What Do I Need?

• NGFW, including those funded by One of the following licenses:

Software NGFW Credits
AIOps for NGFW Free (use the AIOps
• Prisma Access for NGFW Free app) or AIOps for
NGFW Premium license (use the Strata
Cloud Manager app)
Prisma Access
Strata Cloud Manager Essentials
Strata Cloud Manager Pro

Incidents provides a centralized solution for managing incidents across Palo Alto Networks
products: Next-Generation Firewalls (NGFW) and Prisma Access. The incident framework
aggregates incident data, offering a consolidated view for monitoring, troubleshooting, and
resolving issues impacting network availability, security posture, and performance.
An incident is a current or emerging degradation in availability, security posture, or performance
requiring your action. Incidents provides the following capabilities:
• Display the total number of open incidents.
• Provide breakdowns of incidents by product type, category, severity, and priority.
• Track trends in incident creation and resolution.
• Show operational status and assigned operators.
Each incident includes the following fields:
• ID, title, severity, priority, and state
• Product category and subcategory
• Impacted objects
• Remediation information

Some of the incidents contain the root cause information along with remediation.

• Timestamps and history

The incident framework aims to provide a comprehensive solution for incident management with
features varying by license tier, focusing on providing IT admins with the tools to effectively
monitor and respond to issues in their deployments.

Strata Cloud Manager Getting Started 353 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Here’s the data shown under Summary:

• RAISED PAST 24H: Displays the number of incidents raised in the last 24 hours and the
preceding 24-hour period.
• CLEARED PAST 24H: Displays the number of incidents cleared in the last 24 hours and the
preceding 24-hour period.
• SUPPRESSED PAST 24H: Displays the number of incidents suppressed in the last 24 hours and
the preceding 24-hour period.
• RECOMMENDED ACTIONS: Provides suggestions for optimizing incident management,
including:
• Setting up default notification profiles
• Configuring incident parameters
• Improving operational health

Strata Cloud Manager Getting Started 354 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

• BY SEVERITY: Categorizes incidents by severity (Critical, High, Warning, and Informational)

and displays the count for each.

Click the counts within the widgets to apply a filter to display only the corresponding
incidents. For example, click the count next to Critical to filter the view to show only
critical incidents. Alternatively, you can use the filters on the page to focus on specific
incidents.
• BY PRODUCT: Categorizes incidents by product type.
• BY PRIORITY: Categorizes incidents by priority with P1 being the most severe.
• BY CATEGORY: Categorizes incidents by category. You can further drill down to the device
sub category.
• INCIDENT TREND: Displays a historical graph of incident trends over time. Hover over the
graph to view the number of incidents raised, cleared, and newly raised at specific points in
time. Use the drop-down to select the desired time range.

Strata Cloud Manager Getting Started 355 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

• A tabular view of all incidents is available with the following functionalities:

• Expand to view only the table.
• Perform actions:
• Acknowledge or Unacknowledge: Toggle the acknowledgment status of an incident.
• Add Comment: Add comments to an incident.
• Manually Clear: Manually resolve and clear an incident.
• Click an incident to view its details.
• Customize displayed columns and their order.

View Incident Details

From Incidents, select an incident to open a page with the following details about it.

• Description: Comprehensive details of the incident, including:

• Primary impacted objects
• Related objects
• Priority: Ability to set or modify the incident priority.
• Raised time: The timestamp when the incident was created.
• Last updated: The timestamp of the last modification to the incident.
• More: Provides additional information such as Category, Sub-category, Raise Conditions,
and Clear Conditions. Acknowledge or unacknowledge actions are also available here.
• Evidence: A list of devices impacted by the incident.
• Remediation: Recommendations and resources for resolving the issue.
• Activity Log: A chronological record of notifications sent, comments, parent, child, and related
incidents, and recent occurrences.
For posture-related incidents, the following additional information is provided:
• A list of impacted checks and posture check recommendations.
• The destination address displayed in a side panel.

Strata Cloud Manager Getting Started 356 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Settings
Where Can I Use This? What Do I Need?

• NGFW, including those funded by One of the following licenses:

Software NGFW Credits
AIOps for NGFW Free (use the AIOps
• Prisma Access for NGFW Free app) or AIOps for
NGFW Premium license (use the Strata
Cloud Manager app)
Prisma Access
Strata Cloud Manager Essentials
Strata Cloud Manager Pro

Incident Settings is a centralized framework that defines, stores, and applies rules for handling
incidents. This feature allows you to define how to handle different types of incidents, including
their detection, suppression, notification, and prioritization.
Strata Cloud Manager organizes Security Posture Settings under the Incident Settings to deliver a
unified and contextual incident management experience. Previously, you could access the security
posture check from Configuration > Posture > Settings. With the unified incident framework,
these security posture settings have moved to Incidents > Incidents > Settings. This aligns all
posture-related rules and custom checks with incident workflows, enabling easier correlation
between configuration issues and the incidents they generate. See Incident Settings Framework.

Strata Cloud Manager Getting Started 357 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Notification Profiles
Where Can I Use This? What Do I Need?

• NGFW, including those funded by One of the following licenses:

Software NGFW Credits
AIOps for NGFW Free (use the AIOps
• Prisma Access for NGFW Free app) or AIOps for
NGFW Premium license (use the Strata
Cloud Manager app)
Prisma Access
Strata Cloud Manager Essentials
Strata Cloud Manager Pro

Strata Cloud Manager Getting Started 358 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Integrating Strata Cloud Manager into your existing operations involves setting up proactive
incidents, allowing you to detect and manage potential issues before they escalate into serious
complications. These incidents can be tailored to match your operations team's case management
protocol, such as the commonly used P1s or P2s.
For instance, you might set up an alert system wherein critical incidents, which represent the most
critical issues, are instantaneously escalated to your security team for immediate attention. On the
other hand, warning incidents, which are of lesser urgency but still significant, can be arranged for
daily review. Such an arrangement ensures efficient incident management while maintaining the
smooth running of your operations.
Another option is to route incidents based on teams; certain categories of incidents, or even
specific incidents, can be routed to different teams that will be best equipped to handle them. You
can define notification preferences, such as which incidents trigger notifications, how you receive
notifications, and how often you receive them, creating a notification rule.
When you create or modify a notification profile, you can enable Strata Cloud Manager to send
email or webhook alerts when it initially detects an issue and when the issue is resolved. These
notifications describe the issue and impact, and include a link to Strata Cloud Manager where
you can investigate further. The Palo Alto Networks email address from which you receive alert
notifications is [email protected]. See Create Notification Profiles.

Informational Alerts
Where Can I Use This? What Do I Need?

• NGFW, including those funded by One of the following licenses:

Software NGFW Credits
AIOps for NGFW Free (use the AIOps
• Prisma Access for NGFW Free app) or AIOps for
NGFW Premium license (use the Strata
Cloud Manager app)
Prisma Access
Strata Cloud Manager Essentials
Strata Cloud Manager Pro

Informational Alerts notify you about upcoming software upgrades and status for upgrades that
are in progress or completed. Select any row to see more information about the Alert. You can
filter this table by Time Range or Alert Code.
The Informational Alerts table includes details about open Informational Alerts.
• Alert Name—Unique alert name.
• Code—Unique incident code.
• Generated—Date and time Strata Cloud Manager generated the incident.
• Notifications Sent—The notifications sent about this alert.
• ID—Unique alert ID.

Strata Cloud Manager Getting Started 359 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

ServiceNow Audit Log

Where Can I Use This? What Do I Need?

• NGFW, including those funded by One of the following licenses:

Software NGFW Credits
AIOps for NGFW Free (use the AIOps
• Prisma Access for NGFW Free app) or AIOps for
NGFW Premium license (use the Strata
Cloud Manager app)
Prisma Access
Strata Cloud Manager Essentials
Strata Cloud Manager Pro

In Strata Cloud Manager, select Incidents > Incidents > ServiceNow Audit Log to view the
ServiceNow Audit Log. This table shows each incident ID and the ServiceNow operations
performed on each Incident, such as create, update, and delete. View the timestamp, which shows
when an Incident operation started, the operation's status, and a message about this operation.
See Integrate ServiceNow with Strata Cloud Manager.

Strata Cloud Manager Getting Started 360 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Strata Cloud Manager Getting Started 361 ©2025 Palo Alto Networks, Inc.
Incidents: Strata Cloud Manager

Strata Cloud Manager Getting Started 362 ©2025 Palo Alto Networks, Inc.
Log Viewer: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• , including those funded by Software
NGFW Credits or

A role that has permission to view the

dashboard

Log Viewer provides the capabilities of Explore — where you can view and interact with your logs
stored in Strata Logging Service.
Log Viewer provides an audit trail for system, configuration, and network events. Jump from
a dashboard to your logs to get details and investigate findings. A query field and time range
preferences help you narrow down the specific logs that are of interest to you.
• Learn more about how to build your queries
• Discover new Log Viewer features in the Strata Logging Servicerelease notes.
Log Viewer highlights actions and severity of the logs to help you understand how sessions are
enforced. You can also view the details of the security artifacts of the logs in Search page.

363
Log Viewer: Strata Cloud Manager

Select the log type you want to view. For details on the log types and definition of each of their
log fields, see the Log Reference guide.

Strata Cloud Manager Getting Started 364 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud
Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager enables you to configure a security policy that is shared across your
NGFWs and Prisma Access. Continue on here to set up the following.

365
Configuration: Strata Cloud Manager

• Onboarding is the process of integrating your existing NGFWs and Prisma Access into Strata
Cloud Manager for management, visibility, or both. You can manage NGFWs directly through
Strata Cloud Manager along with Prisma Access deployments, or connect your Panorama
instance to Strata Cloud Manager to gain visibility.
• Discovery is where you can start critical and recommended actions you can take to improve
security posture or optimize your configuration management, as soon as they're available to
you.
• Enhance security for both managed and unmanaged devices using Prisma Access Browser.
Prisma Access Browser provides a natively integrated enterprise browser that extends
protection to unmanaged devices, helping safeguard business applications and data by
implementing security directly within the browser.

Strata Cloud Manager Getting Started 366 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Manage your organization's shadow IT risks, secure SaaS applications from cloud threats, and
ensure compliance across all SaaS applications.
• Enforce your organization's data security standards and stop the loss of sensitive data across
mobile users and remote networks using Enterprise Data Loss Prevention.
• App Acceleration directly addresses the causes of poor app performance and acts in real-time
to mitigate them, dramatically improving the user experience for Prisma Access GlobalProtect
and Remote Network users.
• ZTNA Connector provides a simple solution to onboard private applications to Prisma Access,
while enabling true least privilege access using Zero Trust Network Access principles.
• Create security policy rules based on the discovered device profiles and network behaviors
using IoT Security Policy Recommendation.
• Push configuration changes, review the configuration push history to your deployments,
compare the configuration versions or revert to an earlier version.
• Customize security posture checks for your deployment to maximize relevant
recommendations.
• Set up branch sites, data center, configure policies, CloudBlades, manage resources, monitor
uses and permissions in Prisma SD-WAN using Strata Cloud Manager.

Strata Cloud Manager Getting Started 367 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: NGFW and Prisma Access

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Go to Configuration > NGFW and Prisma Access to get started.

Strata Cloud Manager Getting Started 368 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager enables you to configure a security policy that is shared across your
NGFWs and Prisma Access.
Set up Prisma Access, your NGFWs, or both with Strata Cloud Manager
Set up folders to group NGFWs that require similar settings. Prisma Access folders are
predefined, and enable you to target configuration based on deployment type: mobile users,
remote networks, service connections.
Set the Manage: Configuration Scope you want to work in. You can configure settings that will
apply globally, across both your NGFWs and Prisma Access environment, and can also target
configuration to specific NGFWs or Prisma Access deployments based on folders.
Use Configuration: Snippets to standardize a common base configuration for a set of NGFWs
or deployments. Snippets enable you to quickly onboard new devices, users, or locations with a
known good configuration and reduce the time required to onboard a new device.

Strata Cloud Manager Getting Started 369 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Start building the following your Security policy rules and share it across your NGFWs and
Prisma Access using the management features described above.
• Security Services
• Network Policies
• Identity Services
• Objects
• Device Settings
• Global Settings

Configuration: Overview
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Think of the Overview page as your launching point in to NGFW and Prisma Access both for first
time setup, and for day-to-day configuration management (Configuration > NGFW and Prisma
Access > Overview).

Configuration Scope
With Strata Cloud Manager, you can apply configuration settings and enforce policy globally
across your environment, or target them to specific parts of your organization. When working in
your Strata Cloud Manager configuration management, the current Configuration Scope is always
visible to you, and you can toggle your view to manage a broader or more granular configuration.

Strata Cloud Manager Getting Started 370 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager Getting Started 371 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Learn more about:

• Folder Management
Use folders to logically group your devices and deployment types for simplified configuration
management.
• Snippets
Use snippets to group configurations that you can quickly push to your firewalls or
deployments.
• Variables
Use variables your configurations to accommodate device or deployment-specific
configuration objects.

Global Find Using Config Search

Config Search enables you to search configuration objects and settings for a particular string, such
as IP addresses, object name, referenced objects, duplicate objects, policy names, policy rules,
policies covered for specific CVEs, rule UUID, predefined snippets, or application name and get
the list of all references where the object is used.
1. To launch Config Search, click the

icon beside Push Config on the upper right side of the web interface. Config Search is available
from all pages under Manage.

Strata Cloud Manager Getting Started 372 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

2. In the Config Search screen, you can search by using the Config String, Location, Object Type,
Edited By, or Edited At fields.

Search tips:
• To find an exact phrase, enclose the phrase in quotes.
• Spaces in search terms are handled as AND operations. For example, if you search on corp
policy, the search results include instances where corp and policy exist in the configuration.
• To rerun a previous search, click the Config Search icon, which displays the last 50 searches.
Click any item in the list to rerun that search. The search history list is unique to each
administrator account.
• Config Search is available for each field that’s searchable. For example, you can search on
the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
• Location is grouped by folders and snippets. You can select more than one location to
search. If you do not select any location, All locations will be selected by default.
• If the object type is not selected, All will be selected.
3. The search results are categorized and provide links to the configuration location in the Strata
Cloud Manager, allowing you to easily find all occurrences and references of the searched
string.

• Global
• Prisma Access
• Configuration Overview (Strata Cloud Manager)

Global

Where Can I Use This? What Do I Need?

•
• license
•
•

If you select the Global configuration scope, you can view the following details:

Strata Cloud Manager Getting Started 373 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Global folders you create and their variables

• Firewalls with config conflicts
• Firewall sync status
• Firewall connectivity status
• General information
• Configuration snippets
• License
• Optimize
• Trusted tenants for snippet sharing
• Config version snapshots

Configuration Overview (Prisma Access)

Where Can I Use This? What Do I Need?

• license

If you’re just getting started with Prisma Access:

• The Basics checklist shows you on how to get up and running with Prisma Access; complete
the tasks and walkthroughs here to get started with a basic setup; then, test your environment
and build out your deployment.

Strata Cloud Manager Getting Started 374 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Here’s how policy and configuration folders work.

• Here’s how to push configuration changes to Prisma Access.
For details on your Prisma Access environment:
• Review License details to see what’s included with your Prisma Access subscription.
• The About panel displays the software and tenant information for your Prisma Access
environment.
For day-to-day configuration management:
• Get at-a-glance configuration status
• Standardize a common base configuration for a set of Prisma Access deployments using the
configuration snippets
• Find configuration snapshots—compare configuration versions and restore (or load) an earlier
version to recover from a configuration push with unintended impact to traffic flow or security
• Optimize your configuration by cleaning up unused objects and rules, and tightening rules that
are introducing security gaps by allowing applications you’re not using
• Pinpoint areas where you can make configuration changes that would strengthen your security
posture

Strata Cloud Manager Getting Started 375 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• You can also find details about your Prisma Access license and what it includes

Strata Cloud Manager Getting Started 376 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager Getting Started 377 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

After completing basic setup, you can start testing your environment and building out your
deployment.

Configuration Overview (Strata Cloud Manager)

Where Can I Use This? What Do I Need?

•
•
•

If you’re just getting started with Cloud Management of NGFW:

• Here’s how policy and configuration folders work.
• Here’s how to push configuration changes to firewalls.
For day-to-day configuration management:
• Get at-a-glance summary of the current folder name, number of firewalls added to the folder,
number of variables created for the folder.

Strata Cloud Manager Getting Started 378 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Gain visibility and control over local firewall configurations without the need for switching
between the central management and individual firewalls for managing local configurations.
• Firewalls with config conflicts shows the number of firewalls with conflicts. View Conflicts
to see conflicts for all firewalls and their respective locations. Click the individual firewall to
further investigate device-level conflicts.
• Objects with config conflicts shows the number of conflicts per firewall. Click the number
to view the conflicted objects and their corresponding types specific to that firewall. Click
the object to get the granular details on the conflict.
• Connectivity Status
Review the Connectivity Status of managed firewalls to Strata Cloud Manager.
• Sync Status
Review the configuration Sync Status between Strata Cloud Manager and the current
running configuration on your managed firewalls.

• Configuration Snippets
Standardize a common base configuration for a set of managed firewalls using configuration
snippets.
• HA Devices
Configure managed firewalls in a high availability (HA) configuration to provide redundancy
and ensure business continuity.
• For details on your managed firewalls:
• Review Content Distribution and Software Versions details to see which dynamic
content updates and PAN-OS software versions are running on your managed firewalls.
• Review License details to see which licenses are activate on your managed firewalls.

Strata Cloud Manager Getting Started 379 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Snippets

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Use snippets to group configurations that you can quickly push to your firewalls or deployments.
A snippet is a configuration object, which can't fit into a hierarchy, or grouping of configuration
objects, that you can associate with a folder, deployment, or device. Snippets are used to
standardize a common base configuration for a set of firewalls or deployments allowing you to
quickly onboard new devices with a known good configuration and reducing the time required
to onboard a new device. For example, you can onboard a new firewall in a remote branch
office. You can associate a set of snippets that contain all of the required network and policy rule
configurations with the folder the new firewall belongs to. This reduces the time required to set
up the firewall to protect the remote branch office.
Snippet associations have a top-down priority in the event of conflicting object values. Rules with
duplicate names are not allowed, and validation fails during the creation of a snippet with the
same name in any folder or while associating a snippet to a folder if the snippet with the same
name is already associated.
This means that if the first and the last associated snippets have different values for the same
object, the value from the first snippet is inherited by the device or deployment. Additionally,
all configurations inherited from a snippet can be overridden at the child folder, deployment, or
device level.

Strata Cloud Manager Getting Started 380 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Within a folder hierarchy, a snippet might only be associated one time within any folder hierarchy.
This means that a snippet can’t be associated with both a folder and the folder nested under
it. However, you can associate the same snippet with different folders or folders nested under
different folders. Snippets that are already associated with a folder in the folder hierarchy are
grayed out so they can’t be used more than once where applicable.

Snippet Classification
• Predefined: All Strata Cloud Manager users can access these snippets to quickly set up new
firewalls and deployments with best practice configurations.

Strata Cloud Manager Getting Started 381 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Local: These editable snippets are created within the tenant and can't share them with other
subscriber tenants. Local snippets can be shared. After sharing the local snippet, it will change
to Published snippets
• Published: Trusted subscriber tenants have access to these shared snippets, which can't be
deleted, but can be cloned and updated.
• Subscribed: These snippets, shared by the publisher tenant, can be cloned by users but can't be
edited.

Cross-Scope References Using Snippets

This feature allows you to reference any common configurations or objects attached to a global
scope and push it to Prisma Access and NGFW firewalls. These shared objects and configurations
within the global scope are available to all the snippets. A snippet associated with the global scope
is considered as a global snippet. Objects defined within these snippets attached to the global
scope, can be referenced across any snippets in the configuration.
For example, you can create a snippet named Global Variable to consolidate variables and attach
it to a Global scope. This ensures easy referencing and availability across all other snippets in the
configuration. Similarly, you can effectively manage custom URL categories for access policy rules,
threat prevention profiles, zones, addresses, and other objects representing standard network
segments.

Strata Cloud Manager Getting Started 382 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Create a Snippet
Create and associate a snippet with a folder, deployment, or device to apply a common
base configuration to a group of devices. You can associate as many snippets with a folder,
deployment, or device as needed.
Snippets can be modified and reassociated with any folder, deployment, or device at any time
after creation.
Custom snippets that are no longer in use can be deleted.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview and expand the Configuration
Scope to view the Snippets.

Strata Cloud Manager Getting Started 383 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Add Snippet.

1. Enter a descriptive Name for the snippet.
2. (Optional) Provide a Description.
3. (Optional) Assign one or more Labels.
You can select existing labels or create a new one by typing the desired label.
4. Create the snippet.
Newly created snippets appear under Local snippets. After publishing, they move to
Published snippets.

STEP 4 | Configure your snippet.

You are now in the Configuration Scope for the snippet. All configurations made here apply
only to this snippet.
Review the snippet Overview for detailed information, including the number of variables,
creation and update details, and associated folders, deployments, and devices.

Strata Cloud Manager Getting Started 384 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 5 | Add Subscriber Tenants:

1. Add Subscriber.

2. Select the Tenant Name and Save.

3. Click the Tenant Name link to edit subscriber tenant properties for shared snippets,
controlling snippet management during disassociation.

• The Do not delete from subscriber tenant option is checked by default.

• When this option is checked, snippets cannot be deleted from the subscriber, even
without associations.
• When unchecked, snippets without folder associations can be deleted from the
subscriber. Deleting the subscriber will not remove the snippets.

Strata Cloud Manager Getting Started 385 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Save your changes.

4. Select the Tenant Name, and Publish.

Choose Validate before update for a pre-update validation check on the subscriber
before applying changes. If the validation fails, an error message appears. If the
validation succeeds, publisher request is sent to the subscriber.

5. The Status column shows Snippet Successfully Published to Subscriber Tenant.

6. The published snippet appears under Subscribed. Use the

refresh icon if the subscribed snippet doesn't appear immediately.

Strata Cloud Manager Getting Started 386 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 6 | To delete a subscribed snippet, select the Tenant Name and Delete Subscriber.
The deleted subscriber tenant will be removed and will not appear under Subscribed.

Strata Cloud Manager Getting Started 387 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 7 | Associate a snippet.

1. Select Manage > Configuration > NGFW and Prisma Access > Overview and expand the
Configuration Scope to view the Config Tree.
2. Select the folder, deployment, or device you want to associate the snippet with.
3. Edit the Config Snippet.
4. Add the snippets that you want to associate and order them as needed.
If you're associating a snippet to the global scope, it becomes referenceable and available
to all the other snippets in the configuration. All the snippets will be able to reference
the objects you have in the snippet attached to the global folder.
5. Close.

STEP 8 | Push Config to push your configuration changes to your network.

Modify a Snippet
Modify your snippet configurations, details, and associations.
Custom snippets no longer associated with a folder, deployment, or device can be deleted.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview and expand the Configuration
Scope to view the Snippets.

Strata Cloud Manager Getting Started 388 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Select the snippet you want to modify.

After you select a snippet, you’re redirected to the snippet Overview.

STEP 4 | (Optional) Edit the snippet to modify the Name, Description, or to change or assign
additional Labels. Enable or disable Pause Update to see the configuration diffs and decide
to accept the change.

STEP 5 | Edit the Snippet Associations to reassociate the snippet with a different folder, deployment,
or device or to associate the snippet with additional folders, deployments, or devices.
Exit the snippet reassociation screen to apply the changes.

STEP 6 | Make any changes to the snippet configuration as needed.

STEP 7 | Push Config.

Delete a Snippet
Delete your custom snippets to keep your configurations organized. Snippets must be
unassociated with any firewalls, folders, or deployments before they are able to be deleted.
Deleting predefined snippets is not supported.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview and expand the Configuration
Scope to view the Snippets.

Strata Cloud Manager Getting Started 389 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Click the three vertical dots of the custom snippet you want to delete.

STEP 4 | Delete the snippet.

Snippets currently associated with folders, deployments, or devices can't be deleted.

First edit the Snippet Associations to remove all existing associations before it can be
deleted.

Clone a Snippet
If you want to use an existing snippet as a template for a new snippet, you can easily clone it so
you do not have to configure a new object.
Cloned snippets are not associated with any devices, folders, or deployments, allowing you to
customize them freely without having to disassociate them before you begin your configurations.
STEP 1 | Log in to Strata Cloud Manager.

Strata Cloud Manager Getting Started 390 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview and expand the Configuration
Scope to view the Snippets.

STEP 3 | Click the three vertical dots of the custom snippet you want to clone.

STEP 4 | Clone the snippet.

1. (Optional) Give the cloned snippet a new name.

Share a Snippet Configuration

This feature provides a unique and flexible method for sharing common configurations across any
tenants including in a multitenant environment. You can save and manage various configurations
as snippets, easily sharing them across tenants under a customer account. This capability provides
considerable flexibility and control in managing shared configurations across different tenant
environments.
Additionally, this feature supports centralizing configuration management for common scenarios
among tenants and overseeing global configurations within a multibusiness unit setup.
In this framework, the publisher tenant shares snippets with the subscriber tenant, while the
subscriber tenant receives snippets from the publisher tenant.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | On the publisher tenant, select Configuration > NGFW and Prisma Access > Overview,
select the Global configuration scope.

Strata Cloud Manager Getting Started 391 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Establish Trust Between the Tenants: Establish a connection between the subscriber and
publisher tenants to enable the sharing of snippets.
1. Click Subscriber Tenant under Trusted Tenants for Snippet Sharing.

2. Add Subscriber Tenant.

3. Enter the TSG ID to add as a subscriber tenant, and Check TSG ID. This ensures prevention
of randomly generated TSG or serialized TSG-based attacks.
Upon successful validation, a confirmation message indicates that the TSD ID has been
verified.

4. Next: Generate Pre Shared Key.

Copy the generated PSK. You will enter this PSK when validating the publisher tenant in
step 4.

Strata Cloud Manager Getting Started 392 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 4 | Go to subscriber tenant, select Configuration > NGFW and Prisma Access > Overview and
set the configuration scope to Global.
1. The Publisher Tenants status under Trusted Tenants for Snippet Sharing shows as Pending.

2. Click Publisher Tenants and Enter Pre Shared Key generated in the previous step, and
Validate the subscriber tenant.
After successful validation, a message confirms the tenant as trusted, establishing trust
between the subscriber and publisher tenants.

Strata Cloud Manager Getting Started 393 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 5 | Publish a Snippet to a subscriber tenant.

1. Create and associate the snippet with a folder.
Newly created snippets are available under Local snippets.
• The Overview tab shows snippet details such as name, description, creation time (when
the snippet was loaded on the subscriber side), last updated time, and labels details.
Creation time on Subscriber also reflects the same time as that of Publisher. It denotes
the time when the snippet was created.
• The Subscriber Tenants tab shows the tenant name, published version on the tenant, last
published date, and publish status.
• Click Published Version to review configuration changes.
• Before publishing a snippet to a tenant, Add Subscriber and Save it.
• The Version Snapshots gives a history of your snippet configuration. In this screen,
you can compare configuration snapshots with your candidate configuration, and Save
Version Snapshot or Load an earlier configuration snapshot as your candidate. Click the
Version number to view the configuration differences.
• The Audit History provides an audit trail of all actions initiated by the administrator.
It logs details such as the published version number, changes made, the owner of the
change, the date and time of the change, and specifics of the change.
2. On the Subscriber Tenant tab, select the tenant name and Publish.
This sends publish request to the subscriber tenant. In the Status column indicates that
Snippet Successfully published to subscriber and the snippet will be available under
Published snippets.

Strata Cloud Manager Getting Started 394 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 6 | Verify on the subscriber tenant.

1. Go to Overview > Configuration Scope > Snippets, and select the snippet under Subscribed
snippets.
You're redirected to the snippet Overview which shows details such as the publisher
tenant's name, description, TSG ID, snippet creation time, last updated time, labels, and
pause update details.
With pause update enabled, user has the option to Validate Before Update on Publisher
before loading the latest version.

STEP 7 | Delete the trust.

Subscribed snippets associated with folders or firewalls can only be cloned and can't be
deleted.

With snippet sharing hardening, now we have option to select how we want to manage the
deletion of snippets on Subscriber. So, while adding a Subscriber tenant, we have option
to select/unselect "Do Not Delete" When no associations, so if subscribed snippet has
associations, even with "Do Not Delete" disabled, snippet will not be deleted.
1. Go to subscriber or publisher tenant.
2. Click Subscriber Tenant under Trusted Tenants for Snippet Sharing.
3. Select the Tenant Name, and Delete Trust.
After deleting the trust, the snippet will no longer be associated with the firewall or folder and
becomes a local snippet.

Convert Local NGFW Configurations to Reusable Snippets

Maintaining consistent configurations across multiple NGFWs often requires manual effort and
risks configuration drift. Strata Cloud Manager simplifies the migration of locally created NGFW
configurations into reusable, shared configuration snippets. The conversion process transforms
device-level configurations into a reusable snippet format that you can import and reuse across
your NGFW deployment.
This feature automatically handles complex interface configurations, including tunnel, VLANs,
loopback, Ethernet, and aggregate Ethernet interfaces, along with their associated subinterfaces.
For each interface type, Strata Cloud Manager creates appropriate object variables that maintain
the relationships between parent interfaces and subinterfaces.
By converting local configurations to centrally managed snippets, you gain immediate benefits in
consistency, scale, and operational efficiency. You can review a detailed pre-conversion report
showing successfully converted objects and those automatically pruned due to incompatibility
with centralized management. This ensures full transparency before saving the snippet, facilitating
consistent, synchronized configuration deployment across your entire network. This capability
accelerates operational efficiency and strengthens your overall security posture.
STEP 1 | Log in to Strata Cloud Manager.

Strata Cloud Manager Getting Started 395 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview and expand the Configuration
Scope.

STEP 3 | Select the device whose local configuration you want to convert.
You're redirected to the Overview page.

Strata Cloud Manager Getting Started 396 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 4 | You cannot configure policies and objects in device scope by default. To configure them,
enable Device Scope Configuration.

STEP 5 | On the Overview page, under Configuration Snippets, select Convert local configs to
snippet.

STEP 6 | Review the detailed report showing the Pruned and Converted configuration objects.

STEP 7 | Enter a Snippet Name.

STEP 8 | Provide and confirm your Master Key.

STEP 9 | Save.

STEP 10 | Expand the Configuration Scope to view the Snippets.

Newly created snippets appear under Local snippets. After publishing, they move to Published
snippets.

Strata Cloud Manager Getting Started 397 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Variables

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Use variables in your configurations to accommodate device or deployment-specific configuration

objects.
Variables are an advanced tool that allows you to standardize your configurations while giving you
the flexibility to accommodate unique configuration values that are device or deployment specific.
Variables allow you to reduce the number of snippets you need to manage while allow you to
keep any firewall or deployment-specific configuration values as needed.
For example, you have a snippet for the configuration you want to associate with multiple nested
where each nested folder contains a set of firewalls specific to a geographic location. In the
snippet, you have configured policy rules to restrict access to business critical systems for specific
IP ranges only. In this scenario, you can create a variable for each IP range specific to each nested
folder and use that variable in the inherited snippet configuration. This allows you to manage and
push configuration changes while using fewer snippets to accommodate device or deployment-
specific configuration values.
Variables can be created at the folder, deployment, or firewall level. When you create a variable
for a folder, the variable is inherited by all folders nested under the folder. In the event of
conflicting variables in a folder Configuration Scope, the firewall or deployment inherits the
variable value from the folder containing the nested folders. However, you can override an
inherited variable at the nested folder, deployment, or firewall level.
The following types of variables are supported:

Variable Type Description

AS Number Autonomous system number to use in your BGP configuration.

Count Number of events that must occur to trigger an action.

Device ID Device-ID to use to assign a device priority valuer in an active/active high

availability (HA) configuration.

Strata Cloud Manager Getting Started 398 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Variable Type Description

Device Priority Device priority to indicate a preference for which firewall should assume
the active role in an active/passive high availability (HA) configuration.

Egress Max Egress max value to use in Quality of Service (QoS) Profile configuration.

FQDN Fully qualified domain name.

Group ID High availability Group ID.

IP Netmask Static IP or network address.

IP Range An IP range. For example, 192.168.1.10-192.168.1.20.

IP Wildcard IP wildcard mask to allow or deny similar IP addresses. For example,

10.0.0.5/255.255.0.255.

Link Tag Link tag to use in your SD-WAN configuration.

Percent Percentage between 0 and 99.

Port Source or destination port.

QoS Profile QoS Profile for use in QoS configurations.

Rate Rate to specify a threshold that triggers an action. For example, the Alarm
rate for a DoS Protection profile.

Router ID Router ID when you configure Border Gateway Protocol (BGP) for a logical
router.

Timer Timer in seconds to configure a threshold that triggers an action.

Zone A security zone.

Create a Variable

You can also create a variable inline where a variable is supported.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview and select the Configuration
Scope where you want to create the variable.
In the Folders, select the folder or device for which you want to create a variable.
In the Snippets, select the specific snippet for which you want to create a variable.

Strata Cloud Manager Getting Started 399 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | In the Variables section, click the Variables count displayed.

STEP 4 | Add Variable.

Strata Cloud Manager Getting Started 400 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 5 | Create the variable.

In this example, an IP Netmask variable is created for use as an address object for a critical
internal resource.
1. Select the variable Type.
2. Give the variable a descriptive Name.
All variable names must begin with $.
3. (Optional) Enter a Description for the variable.
4. Enter the variable Value.
5. Save.

STEP 6 | Add the variable to your configuration.

In this example, the $internal-lab-storage variable created in the previous step is added
to the address object configuration.

STEP 7 | Push Config.

Strata Cloud Manager Getting Started 401 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Import a Variable

Where Can I Use This? What Do I Need?

• Strata Cloud Manager AIOps for NGFW Premium license

Prisma Access license

Import variables to Strata Cloud Manager using a CSV file. Variable imports are designed to
overwrite multiple variables inherited from the folder hierarchy by the firewall, or already
configured in the firewall Configuration Scope, with new firewall-specific values.
The variable must already be inherited from the folder hierarchy or configured in the firewall
Configuration Scope to overwrite using variable imports. Importing variables to create entirely
new variables isn’t supported.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview.

STEP 3 | In the Variables section, click the Variables count displayed.

STEP 4 | Select CSV Export/Import > Export to export the variables you want to overwrite.
Palo Alto Networks recommends you first export the variables you want to overwrite. This
guarantees the CSV file you upload to Strata Cloud Manager is properly formatted. This also
expedites the import process by ensuring the target folder and firewall variables are properly
attributed.

STEP 5 | Modify the variables in the exported CSV file.

Consider the following when modifying your CSV file for import.
• Only Simple text editors, such as Notepad, are supported for modifying an exported CSV
file.
• # signifies that the variable is created in the folder hierarchy and inherited by the firewall.
Remove the # to override the inherited variable value with a firewall-specific value.
A variable value appended with # is ignored by Strata Cloud Manager on import as only
overriding variable values at the firewall Configuration Scope is supported.
• -NA- signifies that the variable doesn’t exist in the firewall configuration. This means that
the variable was created outside of the folder hierarchy the firewall belongs to.
Changing a variable value to -NA- isn’t supported. Strata Cloud Manager ignores any
variable value modified to -NA-.
Assigning a firewall-specific value to a variable with a value of -NA- isn’t supported because
the variable doesn’t exist in the firewall Configuration Scope. The variable must be inherited

Strata Cloud Manager Getting Started 402 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

by the firewall from the folder hierarchy, or configured in the firewall Configuration Scope,
in order to be overridden using variable import.
• A variable value of None# or None means that the variable was created with the variable
Value as None.
You can modify any variable value as None to remove the value but not delete the variable.
• For a variable created in the firewall Configuration scope, deleting a variable value and
leaving it blank deletes the variable.
For a variable created in the folder hierarchy and inherited by the firewall, deleting a
variable value and leaving it blank reverts the variable value to that inherited from the
folder hierarchy.
1. Locate and open the CSV file you exported. The format of the exported CSV file the
name is:
<cloud-management-tenant-name> - Prisma Access_<export-
date>_variables
2. Modify the variables as needed.

Palo Alto Networks does not recommend modifying the folder names, device
names, or device serial numbers. This might result in import failures.

In the example below, the following changes were made to the variable values in the
Firewall-A Configuration Scope to illustrate how variable imports can be used to
modify multiple variables with one operation.
• $example1—Overwrite the inherited None# value with a firewall-specific value.
• $example2—Overwrite the firewall-specific None value with a firewall-specific
value.
• $example3—If the variable was created in the firewall Configuration Scope, an
empty value deletes the variable.
If the variable was inherited from the folder hierarchy, and was overridden in the
firewall Configuration Scope, an empty value restores the variable value inherited
from the folder hierarchy.
• $example4—Overwrite the inherited 192.168.1.101 value with a firewall-specific
value.
• $example5—Example of a variable change Strata Cloud Manager ignores because #
is still appended.

Strata Cloud Manager Getting Started 403 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 6 | Save your changes.

Select File > Save to save the changes you made to the CSV file.
Alternatively, select File > Save As to save your changes in a new CSV file. To create a new
CSV file, you must include .csv as the file extension.

STEP 7 | Import the CSV file to Strata Cloud Manager.

1. Select Configuration > Overview.
2. In the Variables section, click the Variable count displayed.
3. Select CSV Export/Import > Import.
4. Choose File and select the CSV file containing the variables you modified.
5. Import.

Export Variables
Export your folder and firewall configuration variables in CSV format to your local device.
Exporting your variables is useful when overwriting a large number of variables across multiple
firewalls.
Exporting interface variables created when you configure an interface at the folder-level isn’t
supported.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Configuration > NGFW and Prisma Access > Overview.

STEP 3 | In the Variables section, click the Variable count displayed.

STEP 4 | Select CSV Export/Import > Export.

Strata Cloud Manager Getting Started 404 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 5 | Select the folder and firewalls with the variables you want to export and click Next.

If you want to export all variables created on Strata Cloud Manager, select All
Firewalls.

STEP 6 | Select one or more variables to export.

STEP 7 | (Optional) Preview the selected variables to view additional details.

From the variables preview, you can view information such as the variable name, the
Configuration Scope where the variable was created, and the variable value.
Click Cancel and continue to the next step or Download CSV to your local device.

STEP 8 | Export the selected variables in CSV format.

The CSV is exported and downloaded locally to your device. The format of the exported CSV
file the name is:
<cloud-management-tenant-name> - Prisma Access_<export-
date>_variables

Configuration: Security Services

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Go to Configuration > NGFW and Prisma Access > Security Services to manage your security
services and protect your network, systems, and users.

Feature Highlights
Understand key features that help you define and enforce security policies within your Prisma
Access and Next - Generation Firewall deployments.
Security Policy
Define and enforce how traffic is allowed or denied. All traffic that passes through your Strata
Cloud Manager environment is evaluated against the security policy, and rules are applied in a
top-down manner.

Strata Cloud Manager Getting Started 405 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Profile Groups
A security profile group is a set of security profiles that can be treated as a unit and then easily
added to Security policies. Profiles that are often assigned together can be added to profile
groups to simplify the creation of Security policies.
Anti-Spyware
Blocks spyware from compromised hosts attempting to connect to external command-and-
control (C2) servers, helping you to detect malicious outbound traffic.
Vulnerability Protection
Protects systems from known vulnerabilities and exploits, preventing unauthorized access
attempts as traffic enters the network.
Wildfire and Antivirus profiles
Detects and prevents malware, worms, trojans, and spyware downloads using a stream-
based malware prevention engine without significant performance impact. Scans files such as
executables, PDFs, HTML and JavaScript malware,compressed files, and encrypted content if
decryption is enabled.
DNS Security
A cloud-based, continuously evolving threat prevention service that defends your network
against advanced DNS-based threats.
URL Access Management
Monitors and controls user access to web content over HTTP and HTTPS based on URL
categories.
File Blocking
Identifies and blocks or monitors specific file types to prevent unwanted file transfers.
HTTP Header Inspection
Provides additional inspection by examining HTTP headers.
AI Security
Protects AI-specific traffic. Available for AI Runtime Security: Network intercept firewalls.
Internet Security
Applies internet security settings to protect against specific threats and vulnerabilities, without
needing individual policy assignments.
Decryption
Enables visibility into encrypted traffic. Start by importing your decryption certificates — for
everything else, we've built in best practices settings that you can use to get up and running.
DoS Protection
Protect critical systems against flood attacks. A DoS Protection profile specifies the threshold
to trigger alarms and actions for new connection rates.

Configuration: Network Policies

Strata Cloud Manager Getting Started 406 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Feature Highlights
Network policies allow you to optimize network resource allocation, prioritize traffic, and
configure application classifications.
Quality of Service (QoS)
Prioritize business-critical traffic and latency-sensitive applications such as VoIP and video.
Application Override
Create rules that force traffic to use fast path Layer-4 processing instead of App-ID for
Layer-7 inspection. Ideal for custom applications between known IP addresses., improving
performance.
Policy Based Forwarding
Direct specific traffic along an alternative path different from the routing table's next hop.
NAT
Allows you to not disclose the real IP addresses of hosts that need access to public addresses
and to manage traffic by performing port forwarding. You can use NAT to solve network
design challenges, enabling networks with identical IP subnets to communicate with each
other.
SD-WAN Policy
Use application(s) and/or service specific policies to select the preferred path based on latency,
jitter, and packet loss. Automatically reroute traffic when the preferred path degrades.

Configuration: Identity Services

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Go to Configuration > NGFW and Prisma Access > Identity Services.

Strata Cloud Manager Getting Started 407 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Feature Highlights
Learn how to manage identity services and ensure that only authorized users can access the right
data on your network.
Authentication
Authenticate users so that they can securely connect to Prisma Access and access enterprise
applications and services. Add authentication services to Prisma Access, define traffic requiring
authentication, enable MFA or IP-user mapping.
Cloud Identity Engine
Sync Prisma Access with Active Directory (on-premises or Azure). To set up Cloud Identity
Engine with Prisma Access, start by going to the hub to activate Cloud Identity Engine and
to add it to Prisma Access. Then go to Prisma Access to validate that Prisma Access is able to
access directory data.
Identity Redistribution
Enable consistent security enforcement across NGFWs and Prisma Access by setting up
identity redistribution.
Local Users & Groups
Create a local user database on the firewall for authentication purposes. Authenticate firewall
administrators accessing the web interface. Authenticate end users connecting through
Authentication Portal or GlobalProtect.

Configuration: Objects
Where Can I Use This? What Do I Need?

• At least one of these licenses is needed

(with or configuration management)
to manage your configuration with ; for

Strata Cloud Manager Getting Started 408 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• NGFWs unified management of NGFWs and Prisma
Access, you'll need both:
(with or configuration management)
• AI Runtime Security license

AI Runtime Security Licenses (BYOL)

AI Runtime Security Deployment Profile

Go to Configuration > NGFW and Prisma Access > Objects to get started with policy objects.

Objects are policy building blocks that group discrete identities such as IP addresses, URLs,
applications, or users. Use them to define and group entities, settings, or preferences. You can
then easily reference and reuse the objects in your policies. When you update an object definition
(or if it can be updated dynamically), the policy rules referencing that object automatically enforce
your latest changes. By grouping objects, you can significantly reduce the administrative overhead
in creating policies.

When used together, some objects can help you to automate policy action: auto-tags,
dynamic user groups, and dynamic address groups.

Strata Cloud Manager Getting Started 409 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Feature Highlights
Address
Reuse IP addresses or address groups across policies. Define regions to apply policy rules by
country or location.
Application
Classify network traffic by application. Use applications or application group to simplify policy
creation.
Traffic Objects
Define cloud entities within specific clusters or VPC endpoints to apply customized security
policy rules.
Service
Define security rules for specific applications by selecting one or more services to limit the
port numbers that the applications can use. Combine services into service groups for easier
management.
SaaS Tenant Restrictions
Centrally manage your SaaS applications for each of your SaaS apps. Use SaaS App
Management to enforce safe access for your enterprise.
HIP
Use host information (HIP) from GlobalProtect to asses endpoint security posture. Grant hosts
access to your network or to sensitive resources based on their security posture compliance.
Dynamic user groups
Auto-remediate anomalous user behavior and malicious activity. Membership in a dynamic user
group is tag-based – users are included in the group only so long as they match your defined
criteria.
Tags
Use tags to identify the purpose of a rule or configuration object and to help you better
organize your rulebase.
Auto-Tag Actions
Assign tags based on log triggered activity. Specify the log criteria that triggers security policy
enforcement.
Log Forwarding
Configure log forwarding profile to send selected logs to your logging service.
External Dynamic Lists
Use externally hosted text file for policy enforcement. EDLs are checked at regular intervals for
dynamic policy enforcement.
Certificate Management
Manage certificates centrally to secure communication across your network.

Strata Cloud Manager Getting Started 410 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Schedules
Limit enforcement of a security policy rule to specific times that you define.
Quarantined Device List
Manually or automatically (based on auto-tags) isolate quarantined devices from accessing the
network or restrict the device traffic based on a security rule.

Certificate Management

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Centrally manage the certificates you use to secure communication across your network. In
one place, set up your certificates, add certificate authorities (Prisma Access includes preloaded
certificates for well-known CAs), add OCSP responders, and define certificate checks you want to
require. The certificates and settings you set up here can be used throughout your Prisma Access
deployment to secure features like decryption, your authentication portal, and the GlobalProtect
app.
To ensure trust between parties in a secure communication session, Prisma Access uses digital
certificates. Each certificate contains a cryptographic key to encrypt plaintext or decrypt
ciphertext. Each certificate also includes a digital signature to authenticate the identity of the
issuer. The issuer must be in the list of trusted certificate authorities (CAs) of the authenticating
party. Optionally, the authenticating party verifies the issuer did not revoke the certificate.Prisma
Access uses certificates to secure features like decryption and authentication, and to secure
communication between all the clients, servers, users, and devices connecting to your network.
Here are some of the keys and certificates that Prisma Access uses.

As a best practice, use different keys and certificates for each usage.

• Authentication—You can use certificate-based authentication for mobile users connecting

to Prisma Access. Additionally, in deployments where Authentication policy identifies users
who access HTTPS resources, designate a server certificate for the authentication portal. If you
configure the authentication portal to use certificates for identifying users (instead of, or in
addition to, interactive authentication), deploy client certificates also.
• Decrypting Trusted Sites—For outbound SSL/TLS traffic, if a firewall acting as a forward proxy
trusts the CA that signed the certificate of the destination server, the firewall uses the forward
trust CA certificate to generate a copy of the destination server certificate to present to the

Strata Cloud Manager Getting Started 411 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

client. To set the private key size, see Configure the Key Size for SSL Forward Proxy Server
Certificates.
• Decrypting Untrusted Sites—For outbound SSL/TLS traffic, if a firewall acting as a forward
proxy does not trust the CA that signed the certificate of the destination server, the firewall
uses the forward untrust CA certificate to generate a copy of the destination server certificate
to present to the client.
Go to Manage > Configuration > NGFW and Prisma Access > Objects > Certificate Management.
From this interface, you can manage:
• Custom Certificates—Generate, import, renew, revoke, and export certificates and private key.
To generate a certificate, you must first Create a Self-Signed Root CA Certificate or import
one (Import a Certificate and Private Key) to sign it. To use Online Certificate Status Protocol
(OCSP) for verifying certificate revocation status, add an OCSP Responder before generating
the certificate. And as part of generating or importing a certificate, you’ll need to define what
type of certificate it is.
You can export the private key in the following format:
• Base64 Encoded Certificate (PEM)—This is the default format. It's the most common and
has the broadest support on the internet. Export Private Key if you want the exported file to
include the private key.
• Encrypted Private Key and Certificate (PKCS12)—This format is more secure than PEM but
isn't as common or as broadly supported. The exported file will automatically include the
private key.
• Binary Encoded Certificate (DER)—More operating system types support this format than
the others. You can't export the private key in this format.
• Certificate Profiles—Certificate profiles define user and device authentication for the features
and interactions that rely on certificate authentication. The profiles specify which certificates
to use, how to verify certificate revocation status, and how that status constraints access.
Configure a certificate profile for each of your use cases.
• OCSP Responders—Use Online Certificate Status Protocol (OCSP) to check the revocation
status of authentication certificates. The authenticating client sends a request containing the
serial number of the certificate to the OCSP responder (server). The responder searches the
database of the certificate authority (CA) that issued the certificate and returns a response
containing the status (good, revoked or unknown) to the client. The advantage of the OCSP
method is that it can verify status in real-time, instead of depending on the issue frequency
(hourly, daily, or weekly) of CRLs.
• SSL/TLS Service Profiles—Prisma Access uses SSL/TLS service profiles to specify a certificate
and the allowed protocol versions for SSL/TLS services. By defining the protocol versions, you
can use a profile to restrict the cipher suites that are available for securing communication
with the clients requesting the services. This improves network security by enabling Prisma
Access SSL/TLS versions that have known weaknesses. If a service request involves a protocol
version that is outside the specified range, the firewall or Panorama downgrades or upgrades
the connection to a supported version.
• Default Trusted Certificate Authorities (CAs))—Prisma Access trusts the most common and
trusted authorities (CAs) by default. These trusted certificate providers are responsible for
issuing the certificates the firewall requires to secure connections to the internet.The only

Strata Cloud Manager Getting Started 412 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

additional CAs you might want to add are trusted enterprise CAs that your organization
requires.

Attempting to renew a nearly expired certificate by importing a new certificate with

identical properties (same issuer-hash, same subject-hash, different validity period) will
cause issues in Strata Cloud Manager.
Use one of the following options when renewing expired or nearly expired certificates:
Renew the certificate from the Certificate Management table.
Delete the certificate from the Certificate Management table and re-import it.

SaaS Application Management

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Prisma Access gives you simple, centralized management for your SaaS applications. For each
of the apps listed on the SaaS Application Management dashboard—Microsoft 365 apps,
Google apps, Dropbox, and YouTube—you’ll find features that you can use to safely enable the
applications for enterprise use.

Strata Cloud Manager Getting Started 413 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

The EDL Hosting Service for Application Endpoint Management

SaaS providers publish lists of the IP addresses and URL endpoints their SaaS applications
use, and frequently update these lists. Palo Alto Networks hosts these lists for you, and
you can reference them in policy.
For Microsoft 365, you can subscribe to endpoint lists directly from Prisma Access
managed by Strata Cloud Manager (including optional and required lists). Sometimes,
the EDL Hosting Service releases support for SaaS providers and endpoint list feeds
that is not yet available directly in Prisma Access managed by Strata Cloud Manager.
To enforce policy for application endpoints from these SaaS providers—including Azure,
Amazon Web Services (AWS), Google Cloud Platform (GCP), Salesforce (SFDC) public
endpoints, Microsoft Defender, Zoom, and GitHub—you can create an external dynamic
list based on the feed URL.
Learn more about the EDL Hosting Service.

• Microsoft 365
• Google Apps
• Dropbox
• YouTube
Microsoft 365
Prisma Access gives you simple, centralized management for your SaaS applications, including
Microsoft 365 apps.
• Easy M365 Enablement—Use the built-in settings and guided walkthrough to safely enable
M365 in just a few clicks.

Strata Cloud Manager Getting Started 414 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• M365 for Enterprise Use—See all the controls available to you to safely enable M365:
• Microsoft 365 Endpoint Lists
• Microsoft 365 Tenant Restrictions
Easy M365 Enablement
Built-in security and decryption rules, as well as a guided walkthrough, mean you can safely
enable M365 in just a few clicks.
• Built-in security rules allow M365 apps, and ensure that they connect only to Microsoft
endpoints
• Built-in decryption rules skip decryption for traffic destined to Microsoft-categorized Optimize
endpoints (this is Microsoft’s recommendation)
• The guided walkthrough will get you up and running with M365 in two steps.

M365 for Enterprise Use

Safely enable your Microsoft apps for enterprise use by:
• Ensuring that Microsoft apps connect only to Microsoft endpoints
• Restricting app access to enterprise accounts (disallow personal use)
To manage Microsoft 365 usage, go to Manage > Configuration > NGFW and Prisma Access.
Select Prisma Access configuration scope, go to Objects > SaaS App Management and edit
Microsoft 365 settings.
Microsoft 365 Endpoint Lists
Microsoft publishes lists of the IP addresses and URL endpoints their SaaS applications use, and
frequently updates these lists.

Strata Cloud Manager Getting Started 415 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Palo Alto Networks hosts these lists for you, and from within Prisma Access, you can subscribe to
the lists that are relevant to you (including optional and required lists). You can use the lists you’re
subscribe to in policy. As Microsoft refreshes their endpoint lists, your policy dynamically enforces
the latest version of the list; there’s no need for you to monitor list changes or make manual policy
updates to catch the latest updates.
STEP 1 | Subscribe to an endpoint list
1. Edit Microsoft 365 settings and go to Endpoint Lists.
2. Select Customize Subscription and choose the endpoint lists you want to subscribe to,
based on the services you’re using and the list type (IPv4, IPv6, or URL).

Strata Cloud Manager Getting Started 416 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Add the endpoint list to a security policy rule

Your subscribed lists are available for you to use as match criteria in a security policy rule.
1. Go to Manage > Configuration > NGFW and Prisma Access > Security Services >
Security Policy and add or edit a rule.
2. Add SaaS Application Endpoint lists as match criteria for the rule.

Strata Cloud Manager Getting Started 417 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Microsoft 365 Tenant Restrictions

Tenant restrictions give you a way limit app usage to enterprise accounts (stop users from
accessing their personal Microsoft accounts on the company network). To put tenant restrictions
in place:
Specify the Microsoft 365 tenants to which you want to allow access.

STEP 1 | Specify the Microsoft 365 domains and tenants to which you want to allow access.

Strata Cloud Manager Getting Started 418 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Add the tenant restrictions to a security policy rule.

While you can add tenant restrictions to a security policy rule directly from the Microsoft 365
settings here, any tenant restrictions you’ve configured can also be easily added to new and
existing security policy rules:

Google Apps
Prisma Access gives you simple, centralized management for your SaaS applications – including
Google apps – and you can enforce application traffic differently for personal and enterprise
versions of the apps. For example, you can safely enable Google apps on your company network
by restricting employees on managed devices to Google enterprise accounts, and block or limit
access to personal Google accounts.

The EDL Hosting Service releases support for SaaS providers and endpoint list feeds that
are not yet available directly in Prisma Access managed by Cloud Manager. To enforce
policy for Google Cloud Platform (GCP) endpoints, you can create an external dynamic list
based on the feed URL. Learn more about the EDL Hosting Service

To enable tenant restrictions for Google apps:

STEP 1 | Go to Manage > Configuration > NGFW and Prisma Access. Select Prisma Access
configuration scope, go to Objects > SaaS App Management, and edit Google Apps settings.

Strata Cloud Manager Getting Started 419 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Add approved domains and tenants for your users to access

STEP 3 | Assign the tenant restrictions to a security policy rule

While you can add tenant restrictions to a security policy rule directly from the Google app
settings here, all tenant restrictions you’ve configured for SaaS apps are available to you when
you’re editing or creating security policy rules:

Strata Cloud Manager Getting Started 420 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Dropbox
Prisma Access gives you simple, centralized management for your SaaS applications, including
Dropbox. You can safely enable Dropbox on your company network by restricting usage only to
enterprise accounts.
Go to Manage > Configuration > NGFW and Prisma Access. Select Prisma Access configuration
scope, go to Objects > SaaS App Management, and edit Dropbox settings.
To enable tenant restrictions:
STEP 1 | Add approved domains and tenants for your users to access

Strata Cloud Manager Getting Started 421 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Assign the tenant restrictions to a security policy rule

While you can add tenant restrictions to a security policy rule directly from the Dropbox
settings here, all tenant restrictions you’ve configured for SaaS apps are available to you when
you’re editing or creating security policy rules:

YouTube
Prisma Access gives you simple, centralized management for your SaaS applications, including
YouTube. For YouTube, you can enforce Safe Search settings.
Go to Manage > Configuration > NGFW and Prisma Access. Select Prisma Access configuration
scope, go to Objects > SaaS App Management, and edit YouTube settings.
To enforce Safe Search for YouTube:

Strata Cloud Manager Getting Started 422 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 1 | Add the domains for which you want to enforce Safe Search

Strata Cloud Manager Getting Started 423 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Add the Safe Search settings to a security policy rule

While you can add safe search to a security policy rule directly from the YouTube settings
here, the settings you’ve configured for SaaS apps are also available to you when you’re editing
or creating security policy rules:

Configuration: Device Settings

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Go to Configuration > NGFW and Prisma Access > Device Settings to configure these settings
for your cloud-managed firewalls.

Strata Cloud Manager Getting Started 424 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Feature Highlights
Interfaces
Configure interfaces to enable your firewall to operate across multiple deployment types.
On the Ethernet tab, use the Show local device configs to view the various configuration
present on the local Firewall and Strata Cloud Manager.
Zones
Segment your network into functional or organizational zones to minimize your attack surface.
Virtual Wire
Integrate a firewall interface into a topology so that the two connected interfaces on the
firewall don’t need to do any switching or routing.
Routing
Set up routing profiles, logical router, and a static routes for your firewalls.
IPSec Tunnels
Authenticate and encrypt IP packets as they traverse the tunnel.
DHCP
Automatically assign IP addresses and essential network parameters to client devices
connecting to your TCP/IP network.
DNS Proxy
Configure the firewall to act as an intermediary between DNS clients and servers.
GlobalProtect
Enable cloud-managed NGFWs as GlobalProtect gateways and portals for secure remote
access to users everywhere.

Strata Cloud Manager Getting Started 425 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Device Setup
Configure service routes, connection settings, allowed services, and administrative access
settings for firewall management and auxiliary interfaces.
Proxy
Consolidate proxy and firewall functionality in one device.
Administrators

Configuration: Setup
Where Can I Use This? What Do I Need?

• One of these:
license

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Go to Configuration > NGFW and Prisma Access > Setup to configure the global settings.

Feature Highlights
Auto VPN
Automates VPN tunnel creation between network devices, eliminating manual configuration
errors. You can create VPN clusters to connect multiple LANs and simplify SD-WAN
deployments with integrated management capabilities.

Strata Cloud Manager Getting Started 426 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

SaaS Application Endpoints

Centrally manage your SaaS applications from a single dashboard. This solution provides
visibility and granular controls to safely enable cloud applications while maintaining security
compliance and operational efficiency.
User Coaching Notification Templates
Centrally manage the end user notification templates to alert users through AI-Powered
ADEM if the user generates an Enterprise Data Loss Prevention (E-DLP) incident when traffic
containing sensitive data is inspected and blocked.

Strata Cloud Manager Getting Started 427 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Discovery
Where Can I Use This? What Do I Need?

• license or license
•
•

Discovery is where you can start critical and recommended tasks as soon they become available.
There may be guided workflows or tasks you can complete on your own. In this topic, we’ll show
you how to use the guided workflow to create your folder structure and assign devices to them,
effortlessly and intuitively.

Follow these steps to create folders for your firewalls:

STEP 1 | Go to Configuration > Discovery and select Get Started.

Strata Cloud Manager Getting Started 428 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Choose how you want to share your policy rules and configurations.
• By Functions of Firewall – Does your organization have different policies for data centers,
branches, and internet gateways? This might be the option for you.
• By Region – Does your organization span regions that have different rules or comply with
different laws? Consider this option.
• Mix of Functions & Regions – Does your cross-region organization want to separate
policies for different data centers, branches, and internet gateways? Give this option a try.
• I have my own way – If none of the above examples are suitable for your use case, you can
also build a device architecture according to your own situation.
For this example, we'll choose the I have my own way option.

Turn on Show Tips to see help tips to help you make an informed decision.

STEP 3 | Select Next to build your folder structure.

Strata Cloud Manager Getting Started 429 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 4 | Use the following actions to build your folder structure based on the template you selected
in step 1. You can:
• Add a new Folder – Hover your cursor over a folder to show the option to add a new
folder. Click , and then name your new folder.
• Delete Folder – Hover your cursor over a folder to show the option to delete the folder.
Select to delete the folder.
• Rename Folder – Double-click on a folder to type a new for the folder. Press the enter key
or click outside of the text field for your new name to take effect.
• Expand or Collapse folder nodes that have children.

• Folder trees can have a maximum of four levels.

• Top-level folders can’t be deleted or renamed.
• Check the Tips for hints about certain folder actions.
• We’ll save your work, you can Exit anytime and come back later.

STEP 5 | Select Next to assign your firewalls to folders.

STEP 6 | Select one or more firewalls from this list.

Strata Cloud Manager Getting Started 430 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 7 | Select Assign To, choose a folder you want to assign your firewalls to, and then select Apply.
Cloud management is enabled for firewalls you assign to a Cloud Managed folder.

Strata Cloud Manager Getting Started 431 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 8 | Confirm your assignments and select Done.

You'll see the folders you created and the firewalls you assigned on the main Discovery page,
as well as under the System Settings > Folder Management tab.

Strata Cloud Manager Getting Started 432 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager Getting Started 433 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Prisma Access Browser

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

From Strata Cloud Manager, select Configuration > Prisma Access Browser.

Strata Cloud Manager Getting Started 434 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager Getting Started 435 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Prisma Access Secure Enterprise Browser (Prisma Access Browser) is the only solution that
secures both managed and unmanaged devices, through a natively integrated enterprise browser
that extends protection to unmanaged devices. See What is the Prisma Access Browser?

Feature Highlights
Home
Home is the landing page when you access Prisma Access Browser from Strata Cloud
Manager. From the home page, you can use the Prisma Access Browser Dashboards to derive
meaningful insights from the analysis of user behavior and browsing data. There are a variety
of dashboards for specific use cases you might want to monitor, such as user behavior, data
leak prevention, web security, and policy. Each dashboard contains a collection of widgets and
some of the widgets appear in multiple dashboards.
Analytics
The Prisma Access Browser Events screen is the key visibility tool for investigating every
activity within your Enterprise Browser deployment to verify that policies and rules are
working as they should. This is where you investigate Prisma Access Browser Events.
Directory
• The Users directory serves as a central location for information regarding the users and their
Prisma Access Browser connected devices, membership in user groups, and related policy
rules. Manage Prisma Access Browser Users
• The device directory provides a roster of your Prisma Access Browser devices and device
groups. Manage Prisma Access Browser Devices
• The Prisma Access Browser comes equipped with a preexisting list of Verified applications.
The Verified applications list references the Palo Alto Networks App-ID™ catalog of
applications, and is regularly synced with the cloud database. You can also create custom
and private applications. Manage Prisma Access Browser Applications
• The Prisma Access Browser maintains an Extension directory that includes extensions
installed by end-users on the browser. This information allows you to maintain proper
corporate policy management, manage visibility and risk analysis.Manage Prisma Access
Browser Extensions
Policy
• You can use Rules to specify the Users, User Groups, and Device Groups that will be
impacted by the various policies. These rules govern access to web applications, security
policies, and customization options. By utilizing rules, you can precisely control user access
to organizational tools and components.Manage Prisma Access Browser Policy Rules
• The Controls for the Prisma Access Browser rules can be configured within the body of
the individual rule. Profiles (external controls) can be used when you want to save reusable
(legacy) profiles and add them to the rules later. Manage Prisma Access Browser Policy
Profiles
• Use sign-in rules to determine which users and devices have access to Prisma Access
Browser. Manage Prisma Access Browser Sign-in Rules
• After you define the bypass conditions within the policy rules, when users attempt to
perform and action or visit a site blocked by the corresponding rule, they can submit a

Strata Cloud Manager Getting Started 436 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

bypass request. To set bypass conditions, you configure the prompt action to enable
permission requests. Manage Prisma Access Browser Requests to Bypass Policy Rules.
Administration
Manage integrations for additional functionality with the following:
• Microsoft 365
• Microsoft Information Protection
• Google Workspace
• Votiro
• CrowdStrike Falcon Intelligence
• OPSWAT MetaDefender
• YazamTech SelectorIT
• Symantec DLP

Home
Home is the landing page when you access Prisma Access Browser from Strata Cloud Manager.
From the home page, you can use the Prisma Access Browser Dashboards to derive meaningful
insights from the analysis of user behavior and browsing data. There are a variety of dashboards
for specific use cases you might want to monitor, such as user behavior, data leak prevention, web
security, and policy. Each dashboard contains a collection of widgets and some of the widgets
appear in multiple dashboards.

Analytics
The Prisma Access Browser Events screen is the key visibility tool for investigating every activity
within your Enterprise Browser deployment to verify that policies and rules are working as they
should. This is where you investigate Prisma Access Browser Events.

Directory
• The Users directory serves as a central location for information regarding the users and their
Prisma Access Browser connected devices, membership in user groups, and related policy
rules. Manage Prisma Access Browser Users
• The device directory provides a roster of your Prisma Access Browser devices and device
groups. Manage Prisma Access Browser Devices
• The Prisma Access Browser comes equipped with a preexisting list of Verified applications. The
Verified applications list references the Palo Alto Networks App-ID™ catalog of applications,
and is regularly synced with the cloud database. You can also create custom and private
applications. Manage Prisma Access Browser Applications
• The Prisma Access Browser maintains an Extension directory that includes extensions installed
by end-users on the browser. This information allows you to maintain proper corporate policy
management, manage visibility and risk analysis.Manage Prisma Access Browser Extensions

Strata Cloud Manager Getting Started 437 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Policy
• You can use Rules to specify the Users, User Groups, and Device Groups that will be impacted
by the various policies. These rules govern access to web applications, security policies, and
customization options. By utilizing rules, you can precisely control user access to organizational
tools and components.Manage Prisma Access Browser Policy Rules
• The Controls for the Prisma Access Browser rules can be configured within the body of the
individual rule. Profiles (external controls) can be used when you want to save reusable (legacy)
profiles and add them to the rules later. Manage Prisma Access Browser Policy Profiles
• Use sign-in rules to determine which users and devices have access to Prisma Access Browser.
Manage Prisma Access Browser Sign-in Rules
• After you define the bypass conditions within the policy rules, when users attempt to perform
and action or visit a site blocked by the corresponding rule, they can submit a bypass request.
To set bypass conditions, you configure the prompt action to enable permission requests.
Manage Prisma Access Browser Requests to Bypass Policy Rules.

Administration
Manage integrations for additional functionality with the following:
• Microsoft 365
• Microsoft Information Protection
• Google Workspace
• Votiro
• CrowdStrike Falcon Intelligence
• OPSWAT MetaDefender
• YazamTech SelectorIT
• Symantec DLP

Strata Cloud Manager Getting Started 438 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: SaaS Security

Where Can I Use This? What Do I Need?

• Either one of these licenses:

license
license or license

Go to Configuration > SaaS Security to manage your organization’s shadow IT risks, secure SaaS
applications from cloud threats, and ensuee compliance across all SaaS applications.

Strata Cloud Manager Getting Started 439 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Identify cloud-based threats and risky user activity in sanctioned and unsanctioned apps with
SaaS Security Inline.
SaaS Security is an integrated CASB (Cloud Access Security Broker) solution that:
• Provides visibility and control over all your shadow IT risks.
• Secures SaaS apps from known and unknown cloud threats.
• Protects sensitive data and ensures compliance across all SaaS apps.

Strata Cloud Manager Getting Started 440 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Allows access to corporate apps only for legitimate users.

SaaS Security Inline is built-in to Prisma Access Managed by Strata Cloud Manager to give you a
centralized view of network and CASB security. It offers SaaS visibility—which includes advanced
analytics and reporting—so that your organization has the insights to understand the data security
risks of sanctioned and unsanctioned SaaS application usage on your network.
Cloud Access Security Broker (CASB) bundle includes Saas Security Inline, Enterprise Data Loss
Prevention (DLP) Inline, SaaS Security API, Data Loss Prevention (DLP) API, and SaaS Security
Posture Management (SSPM).
The Next-Generation Cloud Access Security Broker (CASB-X) license contains all the CASB
components such as SaaS Security Inline, SaaS Security API, SaaS Security Posture Management
(SSPM), and Enterprise DLP. It can be applied on Cloud-Managed Prisma Access, Panorama
Managed Prisma Access, and Panorama-Managed Next Generation Firewall (NGFW) devices in a
single tenant environment.

Here’s everything you need to know to use SaaS Security on Strata Cloud Manager.

Get Started
Here’s how to get up and running with SaaS Security Inline on Prisma Access Managed by Strata
Cloud Manager:

Confirm that the SaaS Security add-on license is included with your Prisma Access
subscription.
Go to Configuration > Overview to check what's available with your license.

If you haven’t already, activate the SaaS Security Inline app on the hub.
After activation, SaaS Security Inline automatically discovers all SaaS applications and users
and analyzes users’ SaaS activity and usage data from your Prisma Access logs that are stored
in Strata Logging Service.

Review and manage administrator roles and access

Go to System Settings > Identity and Access to provide role-based access to SaaS Security
controls in Prisma Access Managed by Strata Cloud Manager.

To comprehensively manage SaaS Security, users must also be an administrator for the
SaaS Security Inline app. Jump directly from the Prisma Access Cloud Management
dashboard to the SaaS Security Console to add SaaS Security Inline administrators.

Strata Cloud Manager Getting Started 441 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Explore the SaaS Security dashboard

Discovered Apps
Learn about the SaaS apps that are in use and how many users are accessing them. Use the
filter and sort capabilities to analyze metrics and App Details to assess risks.
Data Security
Data Security protects against cloud➡based threats by scanning and analyzing all your
assets and applying Security policy to identify exposures, external collaborators, risky user
behavior, and sensitive documents and identifying the potential risks associated with each
asset.
Posture Security
To detect posture risks, the apps must first be connected to SSPM. SSPM must also have
the necessary permissions to scan a SaaS app's settings. During onboarding, SSPM prompts
you for the configuration information that is needed to establish a connection with the SaaS
app.
Behavior Threats
Identify potential threats to your organization from compromised accounts, malicious
insiders, and data breaches. Specifically, Behavior Threats examines how your organization’s
users are interacting with sanctioned SaaS apps to identify suspicious user activities that
might indicate attempts to steal or corrupt data.
All dashboard views are supported directly in Prisma Access Managed by Strata Cloud
Manager. Examine these views to identify risky SaaS applications and users and SaaS Security
Posture Management. SaaS Security Posture Management (SSPM) helps detect and remediate
misconfigured settings in sanctioned SaaS applications through continuous monitoring.

Review and share the SaaS Security report

SaaS Security Inline includes a SaaS Security report that provides a snapshot of application
usage with advanced aggregated data and views. This report serves as a communication tool
between your SaaS security team and executive management. You can share this on-demand
PDF report with your SaaS security team for a periodic check-in, or email the report to your
executives to highlight the SaaS applications in use in your organization and the security risks
they pose.
• Here’s more on the SaaS Security report
• Here’s how to generate the SaaS Security report in the SaaS Security Inline app

See what else you can do with SaaS Security and Prisma Access Managed by Strata Cloud
Manager.

Strata Cloud Manager Getting Started 442 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Enterprise DLP

Where Can I Use This? What Do I Need?

• • license
(with or configuration management)
• —Support and device management
• NGFWs
licenses
(with or configuration management) • — license
• — license
• —Support and licenses
Or any of the following licenses that include
the license
• CASB license
• license
• license

Enterprise Data Loss Prevention (E-DLP) protects sensitive information against unauthorized
access, misuse, extraction, or sharing. Enterprise DLP on Strata Cloud Manager enables you to
enforce your organization’s data security standards and prevent the loss of sensitive data across
your NGFWs, and your Prisma Access mobile users and remote networks.

Strata Cloud Manager Getting Started 443 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Feature Highlights
The Enterprise Data Loss Prevention (E-DLP) Dashboard
Go to Configuration > Data Loss Prevention to configure and manage Enterprise DLP.
Your Enterprise DLP configuration is shared across the products where you’re using Enterprise
DLP. So you might see settings here that were configured elsewhere, and some settings you
can configure here can also be leveraged in other products.
Predefined + Custom Enterprise DLP Settings
Enterprise DLP includes built-in settings that you can use to quickly start protecting your most
sensitive content:
• Predefined regex and ML-based data pattern specify common types of sensitive information
(like credit cards and social security numbers) that you might want to scan for and protect
• Predefined data profiles group together data patterns that commonly require the same type
of enforcement
You can also create custom data patterns and profiles directly on Strata Cloud Manager.

Strata Cloud Manager Getting Started 444 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Investigation for DLP Incidents

A DLP incident is generated when traffic matches a DLP data profile attached to a security
policy rule on Strata Cloud Manager. On the DLP Incidents dashboard, you can view details
for the traffic that triggered the incident, such as matched data patterns, the source and
destination of the traffic, the file and file type.
Scanning for Images in Supported File Formats
Strengthen your security posture to further prevent accidental data misuse, loss, or theft with
Optical Character Recognition (OCR). OCR allows the DLP cloud service to scan supported file
types with images containing sensitive information that match your Enterprise DLP filtering
profiles.
Exact Data Matching (EDM)
EDM is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use
EDM to detect sensitive and personally identifiable information (PII) such as social security
numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a
structured data source such as databases, directory servers, or structured data files (CSV and
TSV), with high accuracy.
Custom Document Types
Upload your custom documents that contain intellectual property or sensitive information
to Enterprise Data Loss Prevention (E-DLP) to create custom document types. Your custom
document types are used as match criteria in advanced data profile to detect and prevent
exfiltration.
Email DLP
Email DLP prevents exfiltration of emails containing sensitive information with AI/ML powered
data detections. For example, Enterprise DLP can prevent exfiltration of sensitive data over an
outbound email sent from a salesperson within your organization to their personal email.
Role-Based Access for Enterprise DLP
You can enable role-based access to Enterprise DLP controls inside Strata Cloud Manager. This
allows you to control which users have read and write access privileges to different parts of
Enterprise DLP.

Get Started
STEP 1 | Enable Enterprise DLP on Strata Cloud Manager.
To set up Enterprise DLP, you need to create a decryption profile to allow the DLP cloud
service to inspect traffic. Select Configuration > Security Services > Decryption and:
1. Select Configuration > NGFW and Prisma Access > Security Services > Decryption and
Add Rule.
The predefined decryption profile settings enable Enterprise DLP to inspect traffic.
Modifying the predefined decryption profile settings isn't required unless you need to
enable Strip ALPN (Advanced Settings > SSL Forward Proxy).
2. Add the decryption profile to an SSL Forward Proxy decryption rule.
• Here’s how to enable Enterprise DLP

Strata Cloud Manager Getting Started 445 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | (Optional) Select Configuration > Data Loss Prevention > Detection Methods and create a
Data Pattern
You can create custom Enterprise DLP data patterns to specify what content is sensitive
and needs to be protected—this is the content you’re filtering. You can create a custom data
pattern based on regular expressions or a data pattern based on file properties.
• Here’s how to create a data pattern

STEP 3 | Create a Data Profile

Group data patterns that should be enforced the same way into a data profile. You can also
use data profiles to specify additional match criteria and confidence levels for matching.
• Here’s how to create a data profile

STEP 4 | Create a DLP Rule

Specify the traffic and file types you want Enterprise DLP to protect. Set the action for
Enterprise DLP to take when it detects a DLP incident.
• Here’s how to create a DLP rule

Strata Cloud Manager Getting Started 446 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: App Acceleration

Where Can I Use This? What Do I Need?

• Prisma Access (Managed by Strata Cloud • Prisma Access license

Manager)
• Prisma Access (Managed by Panorama)

Go to Configuration > App Acceleration to get started.

App Acceleration addresses the causes of poor application performance and acts in real time
to mitigate them, improving the user experience for Prisma Access GlobalProtect and Remote
Network users.
When your users access applications, they might experience poor application performance caused
by decreased throughput, which could be caused by degraded wireless connectivity, network
congestion, and other factors. These networking issues can adversely affect the employee
experience and reduce their productivity. App Acceleration securely builds an understanding of
the device capability, network capability, and application context to maximize throughput and
adjusts in real-time to account for changing network conditions.

Strata Cloud Manager Getting Started 447 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: ZTNA Connectors

Zero Trust Network Access (ZTNA) Connector simplifies private application access for all
your applications. The ZTNA Connector VM in your environment automatically forms tunnels
between your private applications and Prisma Access. View a summary of all configured ZTNA
connectors, including the Application Targets associated with the connector, its average and
median bandwidth, and the Status (Up, Partially Up, or Down). Select in Strata Cloud Manager to
see how your ZTNA connectors and connector groups are performing.

Total Connector Groups

Select the Total Connector Groups to get the details about the Connector Groups and the
associated Connectors. You can filter the information using:
• Time Range: Select and available range or use a custom range.
• PA Location: Select the location as per your requirement.
• Connector Group: List of available Connector Groups.
• Status: Select either Up, Down or Partially Up.

• If all Connectors in a Connector Group are up, the Status is Up (green).

• If all the Connectors are down, the status is Down (red).
• If some Connectors are up and some are down, the Status is Partially Up (orange).
• Disabled Connectors appear as gray.

Strata Cloud Manager Getting Started 448 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

On the right-side of the screen, you get the details such as Group Name, Connector Status,
Targets for the Connector Group.

Select Connector Status and then Action, to get the Device Metrics (Memory, CPU, Bandwidth,
and Connector Availability).

Select Target to get the following details such as Target, Status, FQDN/IP Subnet, and Enabled.

Total Wildcards
Wildcards—For wildcard-based apps, create an FQDN-based Connector Group, and then, specify
the wildcard to use (for example, *.example.com) for the app target. When users access sites that
match the wildcard, those apps are automatically onboarded for access from ZTNA Connector for
your mobile users and remote network users.
Total Wildcards summarizes how many Wildcard rules you have onboarded. This is the number
of wildcard rules that you created, which is a different total than the number of apps discovered
as a result of creating these rules. Select the number next to Total Wildcards to get the following
details such as Wildcard, Connector Group, Targets, and Enabled.

Strata Cloud Manager Getting Started 449 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Select Action to get the bandwidth.

Target
FQDNs—Prisma Access resolves the FQDNs of the applications you onboard to ZTNA Connector
to the IP addresses in the Application IP address block.
IP Subnets—Create an IP subnet-based Connector Group, and then enter the IP subnet to use for
the app target.
Select the number to view the total number of FQDNs and get the details such as Target, Status,
FQDN, Connector Group, and Enabled.

Select Action to get the bandwidth.

Select the number to view the total number of IP Subnet and get the details such as Target,
Status, IP Subnet, Connector Group, and Enabled.

Strata Cloud Manager Getting Started 450 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager Getting Started 451 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: IoT Policy Recommendation

Where Can I Use This? What Do I Need?

• subscription
• NGFWs
(with or configuration management) Software NGFW Credits
(for VM-Series software NGFWs)

IoT Security provides Strata Cloud Manager with automatically generated Security policy rule
recommendations organized by device profile. There is one recommendation per application per
profile. Choose a profile, select the rule recommendations you want to use, and then the next-
generation firewalls or Prisma Access deployment types where you want to enforce them.

Get Started
Select Security policy rule recommendations and apply them to next-generation firewalls or
Prisma Access.

Strata Cloud Manager Getting Started 452 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 1 | Create folders or snippets for next-generation firewalls.

Skip this step if you want to use predefined folders or previously created folders or
snippets. Prisma Access folders are predefined.

Folders are essentially containers that hold various kinds of rules, security configurations, and
objects. For importing the policy rule recommendations that Device Security generated, the
folders would hold next-generation firewalls or Prisma Access deployments.
Snippets are also a type of container that can be associated with multiple folders. With folders
and snippets, you can import policy rules into whichever groups of firewalls or deployments
you want.
For example, you might create a folder named California and put 60 firewalls in it and then
create another folder named Hawaii and put 15 firewalls in that. You then create a snippet
called CA-HI and apply it to the California and Hawaii folders. When you want to import
rule recommendations only to firewalls in California, you set the scope as Folder and select
the California folder. If you want to import the rule recommendations to both California and
Hawaii, set the scope as Snippet and select the CA-HI snippet.
Depending on the hierarchy of the folder structure, we might have a parent folder like US-
West above California and Hawaii. Then if you import rule recommendations while the scope
is set as Folder with US-West selected, then both of the children folders California and Hawaii
would inherit the imported rules. However, this wouldn't work if you only wanted to import
rules to California and Hawaii if they had sibling folders like Oregon, Alaska, Washington, and
Arizona under the US-West folder. Then you'd have to use the CA-HI snippet.

STEP 2 | Create Security policy rules.

1. Select Configuration > IoT Policy Recommendation.
2. Select a profile name.
Device Security uses machine learning to automatically generate Security policy rule
recommendations based on the normal, acceptable network behaviors of IoT devices in
the same device profile. Strata Cloud Manager displays a list of these recommendations
organized by application. For each behavior, you can see the following:

Behavior Component Explanation

App Risk This is the level of risk that’s inherent in an

application as determined by various factors
on a scale of increasing risk from 1 to 5.

Security Policy Created When one or more names of folders or

snippets appear here, it indicates a Security
policy rule was previously created for this
behavior. Clicking one of them opens a
side panel with the names of the profile,
application, and folder or snippet, and the
policy rule action. When No appears here, it
indicates a rule has not yet been created.

Strata Cloud Manager Getting Started 453 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Behavior Component Explanation

Discovered Location Internal indicates that the destination is on

the local network. External indicates that the
destination is outside the local network.

Locally Observed Yes indicates the behavior was observed

in your IoT Security tenant environment.
No indicates it was observed in multiple IoT
Security tenant environments but not in
yours.

App Usage Common indicates that an application has

been detected in multiple IoT Security tenant
environments. Unique indicates that it has
been observed in your environment but not in
those of other tenants that also have devices
in the same profile.

Destination Address & FQDN This is the destination for a recommended

policy rule. It can be Any, an IP address, or an
FQDN.

Destination Profile A profile is shown when the destination

is internal and the device profile of the
destination is identified.

Last Seen For locally observed behaviors, this is the

timestamp when it was last observed. For
common behaviors not observed locally, a
dash is shown.

3. Select one or more behaviors and then Create Security Policy.

4. Review the Security policy rules that will be created and then select the config scope for
where Strata Cloud Manager will apply them.
To apply the rules to one or more next-generation firewalls or Prisma Access deployments
in a folder, select Folders and then choose the folder from Scope Selection.
To apply the rules to one or more next-generation firewalls or Prisma Access deployments
in a snippet, select Snippets and then choose the snippet from Scope Selection.
5. Create Security Policy.

Strata Cloud Manager Getting Started 454 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Push the configuration to next-generation firewalls and Prisma Access deployments.
1. Select Operations > Push Config.
2. Select the folders with the configuration changes, Push Config, Push, and then Push again.
Strata Cloud Manager displays an ID number in the Job ID column for the selected folders
and the status of the configuration push in the Push Status column.
When the Push Status changes from Pending to Success, you know the pushed
configuration has started running.
3. To see the status of a push job, select Operations > Push Status. There you can see the
status of the parent job and also the status of the children jobs, one for each firewall or
deployment.

Strata Cloud Manager Getting Started 455 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Operations
Where Can I Use This? What Do I Need?

• At least one of these licenses is needed to

(with or configuration management)
manage your configuration with ; for unified
• , including those funded by Software NGFW management of NGFWs and Prisma Access,
Credits you'll need both:
license

→ The features and capabilities available to you

in depend on which license(s) you are using.

Use the Strata Cloud Manager operations to push configuration changes, review past
configuration pushes, and manage your configuration versions snapshots to load or revert them to
a previous configuration version.
• Push your configuration changes
• Review the status of a configuration push
• See how you can clean up your configuration

Configuration: Push Config

Where Can I Use This? What Do I Need?

Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

Strata Cloud Manager:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFW, including those funded by AIOps for NGFW Premium license (use
Software NGFW Credits the Strata Cloud Manager app) or AIOps
for NGFW Free (use the AIOps for
NGFW Free app)
Strata Cloud Manager Essentials
Strata Cloud Manager Pro
A role that has permission to view the
dashboard

Strata Cloud Manager Getting Started 456 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

After you make configuration changes and are ready to activate them, you must push the changes
to your firewalls. You have the option to push all configuration changes or to select specific
administrators to include in the push. Pushing changes from all administrators is required for your
first configuration push. You can choose which configuration changes you want to push to Prisma
Access:
• Mobile Users — GlobalProtect
Push Global Protect updates to Prisma Access.
• Mobile Users — Explicit Proxy
Push Explicit Proxy updates to Prisma Access.
• Remote Networks
Push Remote Networks updates to Prisma Access.
• Service Connections
Push Service Connection updates to Prisma Access.
You can push a configuration while another configuration push is taking place. Prisma Access
applies configuration changes in the order you submit them.
In the event a configuration is pushed in error, or a change causes network or security disruption,
you can revert the Prisma Access configuration to the most recent running Prisma Access
configuration. This allows you to revert the Prisma Access configuration back to a running
configuration you know is functional and does not compromise your network security. You do not
have the option to select a specific running configuration. Prisma Access automatically selects the
last known running configuration and reverts to it.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Make configuration changes as needed.

Strata Cloud Manager Getting Started 457 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Push Config and Push your configuration changes.

Alternatively, you can select Configuration > Operations > Push Config.

In the Push Config dialog box, you can Ignore Security Check Failures. This feature allows you
to continue with push operations even when certain checks would block the process. If you
leave the check box unchecked (the default setting), and a best practice check with a “block”
action fails, Strata Cloud Manager stops the push.

You can Ignore Security Check Failures only if your role includes the Override Security
Check Block Action permission.

STEP 4 | (Optional) Add New Filter.

You can filter the devices displayed in the push scope by applying filters. Applying filters
impacts only which firewalls or Prisma Access deployments are displayed in the push scope
and has no impact on which devices you push to.

Strata Cloud Manager Getting Started 458 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 5 | Edit the Push Scope.

Editing the push scope allows you to push targeted configuration changes to some or all of
your firewalls or Prisma Access deployments.

Performing a partial configuration push is not supported and you must push the entire
Strata Cloud Manager configuration if you:
• Configure a new tenant and this is your first configuration push.
• Onboard a firewall to Strata Cloud Manager.
• Onboard a Prisma Access mobile users and remote users.
• Rename or move a folder so that it’s nested under a different folder.
• Move a firewall to a different folder.
• Rename, associate, or disassociate a snippet.
• Load a configuration.
• Revert the configuration to the last pushed configuration or to a previous
configuration version snapshot.

• Admin Scope — Select which administrator configuration changes to include in the push. By
default, admin scope selects the current user, and changes made by that user are pushed to
the selected firewalls or Prisma Access deployments. Selecting changes Changes from all
admins includes all configuration changes made by all administrators.
Editing the admin scope to select specific administrators includes all the configuration
changes made by the selected administrators. This option can't be used when performing
your first config push. Selecting specific configuration changes to include in the push is not
supported.
• Push Scope — Select the deployment types or folders you want to push to. When you
select a deployment or folder, the configuration changes are pushed to all firewalls or
deployments.
When you select a folder that contains child folders, all child folders and the associated
firewalls or Prisma Access deployments are included in the push. Selecting a specific firewall
or a Prisma Access deployment automatically selects the folder it’s associated with.

Strata Cloud Manager Getting Started 459 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 6 | Push Config and Push.

Review the push targets and Push.

STEP 7 | Review configuration push status.

In the event a configuration is pushed in error, or a change causes network or security disruption,
you can revert your Prisma Access configuration.
➡ Restore, load, and compare configuration versions

View Prisma Access Jobs

You can view the Jobs history on Prisma Access to display details about operations that admins
initiated, as well as automatic content and license updates. This includes any configuration
commits, pushes and reverts. You can use the Jobs view to troubleshoot failed operations,
investigate warnings associated with completed commits, or cancel pending commits.
STEP 1 | Launch Prisma Access.

STEP 2 | On the top menu bar, select Push Config and view the Prisma Access Jobs.

Strata Cloud Manager Getting Started 460 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Perform any of the following tasks:

• Investigate warnings or failures—Read the entries in the Summary column for warning or
failure details.
• View a commit description—If an administrator entered a commit description, you can refer
to the Description column to understand the purpose of the commit.
• Check the position of an operation in the queue—View the operation position and status to
determine the position of the operation.

Configuration: Push Status

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• , including those funded by Software
NGFW Credits or

A role that has permission to view the

dashboard

Review the push status for your past configuration pushes to your firewalls to review details such
as the push operation result, the admin that initiated the push, and the target firewalls.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Push your configuration changes.

STEP 3 | Select Configuration > Operation > Push Status and locate the configuration push operation
you want to review.

STEP 4 | Expand the Job ID for the configuration push you want to review.
A configuration Validation job is always performed before any configuration push occurs.
When you push to multiple firewalls, each configuration push has a unique Job ID with push
details.

Strata Cloud Manager Getting Started 461 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 5 | Review details about the configuration push status.

For example, review the push Result, the Admin who initiated the configuration push, the
configuration push Summary, and the End Time and Start Time of the configuration push.
The configuration push Result can be either OK if the push was successfully or FAIL if the
configuration push failed.

STEP 6 | Click the unique Job ID for a configuration push to a firewall to review the Job Details.
The Job Details provide detailed information about Warnings and Errors encountered
when performing the configuration push. For example, if a push to a firewall failed you can
review the Job Details to understand what caused the configuration push to fail.

Configuration: Config Version Snapshots

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Configuration snapshots give you a view into your Strata Cloud Manager configuration history.
When a configuration push has unintended security implications or an unexpected impact on
traffic, you can recover by reverting to an earlier version. You can also compare configurations to
see what’s changed across versions.

Config Snapshot Overview

The Config Snapshot Version screen is the place to review pushed configurations, compare config
snapshots with your configuration candidate, and load or restore older configurations.
Select Configuration > Operations > Config Version Snapshots to find configuration snapshots
and restore, load, or compare versions.

Strata Cloud Manager Getting Started 462 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

1. Add New Filter—Choose filters to sort and filter config versions by column.
2. Version—The version number of the configuration that was pushed.
The Candidate allows you to compare the currently pending configuration changes to Strata
Cloud Manager with a previous configuration version.

The configuration version number is incremental. For example, if you have 10

versions and restore configuration version 2, the configuration version will change
from 10 to 11 (it won’t show as 2).
3. Date—Date and time the config was pushed.
4. Pushed By—Administrator who pushed the changes.
5. Edited By—Administrator who made the configuration changes before they were pushed.
6. Object Changes—See how many objects were added, removed, or modified when the
config was pushed.
7. Target Devices—Devices that were targeted in the scope of the configuration push
snapshot.
When performing a Restore action, you can choose which of the devices to perform the
operation on.
8. Impacted Devices—Devices that have been modified since the previous configuration push.
Devices are only considered to be impacted to the previous configuration push snapshot.

Impacted and Target Devices

If you have two devices, A and B, and only push to device A, A becomes the Target
and Impacted device.
If you then push again to device A and B, A and B are both targeted devices, but
only B is an Impacted device.

When performing a Load action, the listed devices will be impacted.

9. Description—Review any information provided at the time the config was pushed.
10.Refresh—Update the information in the snapshot table.
11.Reset Filters—Clear all the filters to display all config versions.
12.Compare—See what has changed from version to version.
You can compare only two versions at a time.

Strata Cloud Manager Getting Started 463 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

13.Actions— You can Restore or Load a config version.

• Restore – Restore an earlier configuration version.
Restoring a configuration version directly updates the running configuration on the
deployments within the scope of the original push and does not require you to Push
Config.
Restore all the devices or deployments in the original scope of the configuration push or
select specific devices or deployments to restore. You can’t expand the configuration to
include devices or deployments outside of the original scope.
Restoring a config version does not delete or modify the candidate configuration. The
configuration in progress will be saved. Restoring a configuration just updates the
running configuration version. Deployments may appear out of sync when the restore
action is used.
• Load – Load an earlier version as your candidate configuration in Strata Cloud Manager.
Your current candidate configuration will be lost when an older configuration is loaded.
Make updates to the new candidate configuration or apply the configuration to new
devices and deployments outside of the original configuration snapshot, and, when
you’re ready, Push Config.
• Save – Save the candidate configuration as a named snapshot to use as a known
configuration. Having a known configuration allows you to easily bring your deployments
to a known and workable state. You can switch back and forth between your Named
Snapshots and the automatically logged configuration pushes in Version Snapshots.

Strata Cloud Manager will save up to 6 months of snapshots or 200 individual

snapshots.

Save a Named Snapshot

Save the current configuration candidate as a named snapshot. You can't save a partial
configuration as a named snapshot. Saving a named snapshot allows you to load a known
configuration state without having to keep track of individual snapshots that will eventually be
cycled out of the Config Versions Snapshot table.
STEP 1 | Log into Strata Cloud Manager.

STEP 2 | Select configuration > Operations > Config Version Snapshots.

Strata Cloud Manager Getting Started 464 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Select the Candidate.

STEP 4 | Click Save.

STEP 5 | Enter a Name up to 64 characters.

The Name for the snapshot will default to config_year-month-day-timestamp.

STEP 6 | Save your snapshot.

When you save a Named Snapshot, it will replace the current candidate configuration.

Strata Cloud Manager Getting Started 465 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 7 | (Optional) Verify that your snapshot was saved by navigating to the Named Snapshots in the
Config Version Snapshot table.

Managing Named Snapshots

Administrators can delete their own Named Snapshots. Superusers can delete all
Named Snapshots.

Restore a Snapshot
Restore a previously pushed configuration. Restoring an older configuration updates the
configuration running on the deployments and devices. These changes are not reflected in the
Strata Cloud Manager, so deployments and devices may appear out of sync.
Only configured devices that were within the scope of the original configuration push can be
restored to a selected version.
STEP 1 | Log into Strata Cloud Manager.

STEP 2 | Select Configuration > Operations > Config Version Snapshots.

STEP 3 | Select the config version you want to restore.

1. (Optional) Select the version number to review the changes made by the config
snapshot.

STEP 4 | Restore the version.

1. (Optional) Select the devices you would like to target with the restore action.
2. Restore.

STEP 5 | (Optional) Select Configuration > Configuration > Operations > Push Config to validate the
configuration was restored.

Load a Snapshot
Load an earlier configuration snapshot to use as your candidate configuration.

Strata Cloud Manager Getting Started 466 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Once the configuration has been loaded, you can continue to make modifications to it before
pushing.
STEP 1 | Log into Strata Cloud Manager.

STEP 2 | Select Configuration > Operations > Config Version Snapshots.

STEP 3 | Select the config version you want to load.

1. (Optional) Select the version number to review the changes made by the config
snapshot.

STEP 4 | Load the version.

For published snippets, you can:

• Keep Current: This loads the version you selected.
• Revert All: This reverts changes made by published snippets. On the subscriber tenant,
if you selected Do not delete from subscriber tenant, snippets will not be deleted even
without association.

STEP 5 | (Optional) Modify the loaded configuration candidate as needed.

STEP 6 | Push Config.

Strata Cloud Manager Getting Started 467 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Posture
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Use these tools to improve your security posture and verify that you're protected against threats
by following security policy best practices.
• Customize security posture checks for your deployment to maximize relevant
recommendations in Configuration: Security Posture Settings
• Use Config Cleanup to identify and remove unused configuration objects and policy rules.
• Configure Compliance Checks to hone and optimize overly permissive security rules so that
they only allow applications that are actually in use in your network.
• Create your own Configuration: Security Posture Settings – Customize existing best practice
checks and create and manage special exemptions to better align to your organization’s
business requirements.
• Use Policy Analyzer to quickly ensure that updates you make to your security policy rules meet
your requirements and do not introduce errors or misconfigurations (such as changes that
result in duplicate or conflicting rules).

Configuration: Security Posture Settings

Where Can I Use This? What Do I Need?

• , including those funded by Software • One of these licenses that includes access
NGFW Credits to Strata Cloud Manager:
• Prisma Access
•

Strata Cloud Manager Getting Started 468 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• A role with permission to view or manage
the Security Checks and Security Check
Exceptions.
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager leverages a set of predefined Best Practice Checks that align with industry-
specific standard cybersecurity controls, such as CIS (Center for Internet Security), and NIST
(National Institute of Standards and Technology) and custom checks you create based on the
specific needs of your organization. These checks evaluate configurations and settings within the
cloud infrastructure, identifying deviations from best practices or compliance requirements.
The security posture checks in Strata Cloud Manager encompass a range of security domains,
including network security, data protection, and identity and access management. These
checks assess firewall rules, encryption, authentication mechanisms, and the overall integrity of
configurations.
When your configuration detects deviations, Strata Cloud Manager provides actionable insights
and remediation recommendations, and can even automate some parts of the process for
correcting misconfigurations and noncompliant settings to help you maintain a secure and
compliant cloud environment with minimal manual intervention.
Security posture settings bring together the functionality of both the AIOps and Strata Cloud
Manager security check settings pages.
Select Configuration > Posture > Settings to view, manage, and customize security posture
checks for your deployment to maximize relevant recommendations.

Strata Cloud Manager Getting Started 469 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Security Checks – List of the best practice checks that are used to evaluate your configuration.
Your configuration is compared against these checks to assess the security posture of your
devices and to generate security alerts. You can perform the following actions to manage these
checks based on your environment:
1. Set the severity level for your custom checks to identify the checks that are the most critical
to your deployment.

You can change the severity level for your custom checks, but the severity levels for
Palo Alto Networks Best Practice Checks are fixed and can't be changed.
2. Create and delete your own custom checks, clone and edit existing checks to create new
ones, and make special exceptions for checks that you don't want applied to portions of
your deployment.

As part of the initial rollout of these checks, you can clone checks that are in the
custom check framework.
3. Set the response when a check fails.
• Alert (default)—Raises an alert for the failed check.
• Block—Stop potential misconfigurations before they enter your deployment. Block can
mean any of the following depending on how you manage it:
• Inline Checks on Strata Cloud Manager—Prevents you from committing or pushing
a noncompliant configuration, but won't prevent you from saving your configuration
locally.
• Real-Time* Inline Checks on Strata Cloud Manager—Prevents you from even saving a
noncompliant configuration.
• Panorama Managed**—Prevents you from committing a noncompliant configuration
to Panorama but won't prevent you from saving it to the Panorama candidate
configuration.
• PAN-OS Web Interface, API, or CLI management—Block has no enforcement effect
on configurations that are not either managed by Strata Cloud Manager or Panorama.

• *Due to their logical complexity, some inline checks are run asynchronously
on a fixed schedule but not in real time. A failure of a real-time check in your
configuration will prevent you from saving that configuration, even locally.
• **The Panorama CloudConnector Plugin is required to enforce the block
commit action on Panorama.

Strata Cloud Manager Getting Started 470 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Security Check Exceptions

Turn off individual checks for devices or groups of devices you specify.
• Zone to Role Mapping
Map the zones in NGFWs to roles to get customized recommendations.
• Role-to-Security Service Mapping
Manage the security services needed for traffic between zones and roles in all NGFWs.

Create a Custom Check

Create your own custom check from an existing check. Alternatively, skip to step ➡4 to create a
custom check from scratch.

Strata Cloud Manager Getting Started 471 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 1 | Select Configuration > Posture > Settings.

STEP 2 | Identify the check you want to clone and Clone.

STEP 3 | Edit the check you cloned and skip to step ➡5 to make your changes.

STEP 4 | Go to Configuration > Posture > Settings, and select Create Custom Check.

STEP 5 | Specify the General Information for your check. Your custom check must have a Name and
a Description, but you should also add a Recommendation and a Rationale for your check to
help others understand the intent of and best practice for your custom check.

STEP 6 | Optional Select an Object Type– the section of your configuration for which you're creating
a check that determines which Rule Properties to Match you can choose when creating your
check.

STEP 7 | Use the Logic Builder for your custom check.

1. Add Expression–A single line of logic that describes the match criteria for a
configuration.

Rule Properties to Match Match Operator Specific Criteria

• General–Name, • Is [Text field]

Description, Position, and • Is not
Schedule
• Is empty
• Sources–Zones, addresses,
Users • Is not empty
• Destinations–Zones and • Starts with
addresses • Ends with
• Applications, Services, and • Contains
URLs
• Greater than
• Actions and Advanced
• In
Inspection
• Is equal or greater than
• Is equal or less than
• Less than
• Equal
• Not equal
• Does not contain
• All of
• Some of

Strata Cloud Manager Getting Started 472 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• None of

2. Add Condition–Use logical operators (such as AND, OR, IF, THEN, ELSE, and ELSE IF) to
connect or combine expressions, additional conditions, and groups.
3. Add Group–Create a set of expressions, conditions, or both. This group, taken together,
results in a True or False condition.

• Adds a new expression or condition

• Clones an expression or condition
• Removes an expression or condition

The expression in this example issues a warning when it sees policy rules that allow Okta
traffic to and from Russian IP addresses. The example simply illustrates how the logic
builder works, and isn't intended to be a recommendation.

STEP 8 | Save your check.

Manage Your Checks

You can perform any of the following Actions on your security checks:
• Clone*–Creates a copy of a check.
• Edit**–Make changes to an existing custom check.
• Delete**–Removes a custom check you created.
Select the checks you want to take action on and select the appropriate action.

Strata Cloud Manager Getting Started 473 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• *You can clone only one check at a time.

• **You can edit or delete custom checks only.
• You may need to get permission from an administrator to edit a custom check.

Create an Exception for a Check

Where needed, you can restrict where checks are applied in your deployment.
STEP 1 | Select Configuration > Posture > Settings > Security Check Exceptions and Create Security
Check Exception.
Alternatively, Select Configuration > Posture > Settings, and identify the check you want to
exclude and select it (Exceptions column).

STEP 2 | Specify the information needed to Create Exception Rule for your check. Provide a name, a
reason, and conditions for your exception.

The Security Check Exception feature is currently only applicable to alerts, and the
Best Practices and Security Posture Insights dashboards.

STEP 3 | Optional Add a Ticket Number or a Description for your exception to help others
understand the intent and history behind for your exception.

STEP 4 | Save your exception.

Your Checks at Work

Field-level checks show you where your configuration does not align with a best practice or
custom check. The checks provide best practice guidance inline, so that you can immediately take
action.
You can also view and manage security checks right where you are.

Strata Cloud Manager Getting Started 474 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Create and manage your policy rules–Security policy rules allow you to enforce rules and take
action, and can be as general or specific as needed. (Configuration > NGFW and Prisma Access
> Security Services > Security Policy)

• Setup Devices–Configure service route, connection settings, allowed services, and

administrative access settings for the management and auxiliary interfaces for your firewalls.
(Configuration > NGFW and Prisma Access > Device Settings > Device Setup)

If the configuration you're trying to save does not pass your criteria to pass, you will have the
option to remediate the issue, or override* the warning and save your changes anyway.

Strata Cloud Manager Getting Started 475 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• *Override permission is governed by role-based access controls (RBAC) and must be

enabled for your role for this option to appear. Actions pertaining to overrides, custom
checks, and exceptions, are logged in Audit Logs:Log Viewer > Audit (log type).
• Everything you do with custom checks, overrides, and exceptions is logged in Audit: Log
Viewer > Audit (log type).

Configuration: Config Cleanup

Where Can I Use This? What Do I Need?

• , including those funded by Software NGFW One of these:

Credits (Managed by Strata Cloud Manager)
• (Managed by Strata Cloud Manager)

→ The features and capabilities available to you

in depend on which license(s) you are using.

To streamline your configuration, use the Config Cleanup feature, which helps you to identify and
remove unused configuration objects and policy rules. It also detects objects within security policy
rules that have not matched any traffic.
By reducing configuration clutter, Config Cleanup ensures that only essential configuration
objects are retained, improving the overall efficiency and maintainability of your security policies.
Role-based access control (RBAC) governs access to Config Cleanup operations. Your assigned
role determines the actions you can perform:
• Administrators can delete unused objects, disable or delete policy rules that have not matched
any traffic, and delete objects within rules that have not seen traffic matches.
• Users may see a limited view and can perform only the actions allowed by their RBAC
permissions.

Config Cleanup supports only deployments managed by Strata Cloud Manager, including
NGFW and Prisma Access configurations.

In Config Cleanup, you can view the following information:

• Unused Objects exist in the configuration but are not referenced by any active configurations,
such as policy rules or group objects. These objects may become orphaned when their parent
objects are deleted or may have been created without ever being used. Regardless of how they

Strata Cloud Manager Getting Started 476 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

were introduced, unused objects increase configuration size and can lead to longer commit
times. Regularly review and delete these objects to maintain a clean and efficient configuration.

• Zero Hit Objects are objects within security policy rules that have not matched any traffic.
Their presence can make rules overly permissive and increase the attack surface, even if the
same objects are used in other policies. Removing zero-hit objects from specific rules helps

Strata Cloud Manager Getting Started 477 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

harden the policy rule and improve overall security posture. You can view a list of all rules
containing zero-hit objects under Zero Hit Objects.

Config cleanup calculates zero-hit objects based on traffic logs sent to Strata Logging
Service. If the firewall does not send logs to Strata Logging Service or if logging is
disabled for a rule, the computation may be incomplete or inaccurate.

To see all objects with zero hits in a specific rule, select the rule to open its side panel. Within
the side panel, you can select and delete any objects that have zero hits.

Strata Cloud Manager Getting Started 478 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Zero Hit Policy Rules are security policy rules that have not matched any traffic for at least one
day. A rule may stop matching traffic due to modifications, the addition of new rules that take
precedence, or changes in the traffic patterns. Regularly review zero-hit rules to determine

Strata Cloud Manager Getting Started 479 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

whether to remove them or reposition them within the policy. This recommended practice
helps maintain a clean and efficient security policy configuration.

Use filters and other controls to refine your view and target specific unused objects and policy
rules.
• Unused Objects – Filter unused objects by:
• Name – Search for and select a specific configuration object by name.
• Object Type – Select the type of configuration object.
• Days Unused – Choose from predefined time ranges (30+ days, 60+ days, 90+ days) or use
the customizable More than option for more granular filtering.
• Zero Hit Objects – Filter policy rules based on:
• Days with Zero Hits – Select from predefined ranges (30+ days, 60+ days, 90+ days) or use
the More than option to identify objects within rules that haven't matched traffic within the
specified timeframe. Use this filter to locate and remove objects that no longer meet traffic
thresholds.
• You can also apply filters to additional columns, such as source zone, destination zone/
address, source user, or URL category, to further refine your search for rules.

Strata Cloud Manager Getting Started 480 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Zero Hit Policy Rules – Filter, enable, disable, or delete zero-hit policy rules using any available
column as a filter.

Configuration: Policy Optimizer

Where Can I Use This? What Do I Need?

• , including those funded by Software NGFW One of these:

Credits (Managed by Strata Cloud Manager)
• (Managed by Strata Cloud Manager)

→ The features and capabilities available to you

in depend on which license(s) you are using.

Try out Policy Optimizer while it’s available for early access. If you’re interested in
continuing to use this future beyond the early access period, check in with your account
team.

Rules that are too broad introduce security gaps because they allow traffic that isn't in use in your
network. Policy Optimizer enables you to convert these overly permissive rules to more specific,
focused rules that only allow the applications you’re actually using.

Policy Optimizer supports only deployments managed by Strata Cloud Manager, including
NGFW and Prisma® Access configurations.

Strata Cloud Manager analyzes log data and flags rules as overly permissive if they are at least
15 days old and have "any" specified in the source address, destination address, source user, or
application fields.
For rules identified as overly permissive, Strata Cloud Manager auto generates recommendations
you can accept to optimize the rule. The new, recommended rules are more specific and targeted
than the original rule; they explicitly allow only the applications that have been detected in your
network in the last 90 days.
Select an overly permissive rule to review, adjust, and accept optimization recommendations.
Replacing these rules with the more specific, recommended rules strengthens your security
posture.
Accepting recommendations to optimize a rule does not remove the original rule. The original rule
remains listed below the new rules in your Security policy so you can monitor the rule and remove
it when there is zero traffic hit on the original rule. Policy Optimizer process runs daily and you
can see the timestamp of the last successful process run at the top-right corner of the Policy
Optimizer page. Both the original rule and optimized rules are tagged so you can easily identify
them in your Security policy.

Strata Cloud Manager Getting Started 481 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Policy Optimizer analyzes rules that are at least 15 days old for optimization. You can customize
the policy rule analysis lookback period between 15 and 90 days in the Policy Optimizer settings
to align with your security posture requirements. To adjust the lookback period, go to Policy
Optimizer, open the Policy Optimizer Settings at the top-right corner of the page, and enter a
value between the default 15 days and the maximum 90 days.

You can view the below information in Policy Optimizer:

• Ready for Optimization: Rules available for optimization.
• Removed from Optimization: Rules excluded from optimization.
• Optimization Failed: Rules with failed optimization attempts.

Guidelines and Limitations for Policy Optimizer

• You can create address groups only when the recommendations contain IP addresses.
• Policy Optimizer does not support address group creation if the recommendations include:
• A combination of IP addresses and existing address or address group objects.
• Existing address objects.
• Both IPv4 and IPv6 addresses.

Strata Cloud Manager Getting Started 482 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• The check box for creating address groups in the side panel isn’t selected by default for rules in
the global scope.
• When you perform multiple actions such as deleting users, user groups, applications, or
application groups on the same optimized rule where you created an address group, Policy
Optimizer might reset or remove the address group. To avoid this, make all edit changes before
you add the address group.
• A validation error doesn’t appear if the address group name is a duplicate or if an address
object with the same name already exists.
• User or user groups are supported only if the user or user groups data in CIE is approximately
50,000 user-ids/user groups or fewer.
• Policy Optimizer does not consider security policy rules based on snippets for optimization.

Optimize a Rule
STEP 1 | Go to Configuration > Posture > Policy Optimizer.
The Ready for Optimization tab lists all overly permissive rules for which recommendations are
available. These rules are sorted by traffic volume, with the highest-hit rules appearing first.
Review the overly permissive rules and select one to view its optimization recommendations.
If multiple such rules exist, prioritize optimizing those with the highest traffic impact to achieve
the most significant improvements in your security posture. You can remove a rule from
optimization to prevent the Policy Optimizer from processing it. The rule settings remain as is.

Strata Cloud Manager Getting Started 483 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 2 | Select a rule to see the optimization recommendations.

You can see how much of the original rule’s traffic that each new rule will cover. Note the
specific applications that each new rule enforces.
You can view the optimized security rules by selecting one of the following parameters:
• View by Overall Traffic
• View by Session Count
• View by Number of Unique Users

All the rule recommendations suggested by Policy Optimizer are prepended by optrule and
appended by an integer.

Strata Cloud Manager Getting Started 484 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 3 | Accept some or all the rule recommendations.

Accepting the new, optimized rules adds the rules to your rulebase. They won't be active yet;
that will happen in the next step when you Push Config.
Accept All accepts the recommended rules as they are. You can also make changes before
accepting the optimized rules:
• If you want to accept only specific rules, then you need to disable the remaining rules and
Accept All the remaining rules. Disabling an optimized rule means that you're not accepting
it, and it won’t be added to the rulebase.
• Delete individual applications, application groups, or both in the Applications sidecar.
• Remove any users or user groups from the Source User sidecar. To investigate traffic
matching the original rule where the Source User is listed as Unknown, click Unknown User
to open Log Viewer and view additional context.
• Remove a rule from optimization. Add this rule to a list of rules that you want to exclude
from optimization (this time and moving forward).
• Disable an optimized rule to indicate that you’re not accepting it. The rule won't be added
to the rulebase and will be moved out of the recommendation rule list. Disable an optimized
rule.
• Revert any changes you’ve made. This undoes any edits you’ve made and reverts the rules
back to the recommendations.
• Merge rules. You might decide to do this if you find any of the recommended rules to be
similar. Note that with the merging of rules, negated and unnegated addresses cannot be
merged.
• Create address groups within policy rule recommendations, addressing challenges in
efficiently managing firewall policies at scale. You can create source and destination address

Strata Cloud Manager Getting Started 485 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

groups within recommended rules, allowing you to adjust and preview suggested groups
before accepting recommendations.

The address group retains the original configuration scope. You can change it to the
global configuration scope by checking the check box.

After you accept the optimized rules, you’ll be prompted to Update Rulebase. When you
agree, the optimized rules are added to your Security policy. However, they’re not yet
enforcing traffic.
When multiple uncovered public networks remain, Policy Optimizer uses negated RFC-1918
ranges. To make recommendations that are clear and manageable, it identifies existing address
objects, groups, or standard subnets to suggest in the address fields. For example, instead of
recommending 1,000 individual source IP addresses seen in traffic, Policy Optimizer suggests
an address object like “user-addresses” (e.g., 10.5.0.0/16) if it matches, or a standard private
subnet like RFC-1918 10.0.0.0/8. For public IPs, however, matching objects or groups are
less likely to be defined in the configuration. If Policy Optimizer encounters a wide variety
of public IPs and can't suggest a small set of public subnets, it defaults to recommending all
public IPs, represented by negation of RFC-1918, where the three standard private subnets
are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

After optimizing a security rule, Policy Optimizer will not reselect it for further
optimization for the next 90 days. This prevents redundant recommendations
on the same traffic, which may no longer be applicable after implementing other
recommended rules. Policy Optimizer waits 90 days because the 90 days period
corresponds to the maximum look back period for log analysis.

Strata Cloud Manager Getting Started 486 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

STEP 4 | Push Config to send the configuration updates and start enforcing the optimized rules.

STEP 5 | Monitor the original rule until you’re confident that you don't need it.
The original, overly permissive rules remain in your Security policy; it’s listed below the
optimized rules in your rulebase and is tagged so you can easily identify it. The tag name
appends _original to the rule name (for example, security-rule-name_original).

User to Application Optimization

When you integrate Cloud Identity Engine (CIE) with Strata Cloud Manager, Policy Optimizer can
optimize overly permissive policies to include recommendations for source user along with source
address, destination address, and application fields. This enhancement uses the user ID and user
group information from CIE to optimize the source user field in the security rules.
If CIE user data isn’t available, Policy Optimizer skips optimization for the source user field and
recommendations will include optimizations only for source address, destination address and
application fields. The source user field will remain the same as that of the original rule. For
example, if the rule includes the source user “any”, the recommendation will also use “any”.
Source User Optimization
Policy Optimizer analyzes traffic logs to detect and recommend specific users or user groups
for the Source User field. You can review these recommendations and delete any users or user
groups before accepting the recommended rules.
Policy Optimizer follows these rules when generating source user recommendations:
• If Policy Optimizer can’t identify a relevant set of users, groups, or both within the defined
threshold (10 by default), it recommends the predefined keyword known-user for known users.

Strata Cloud Manager Getting Started 487 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• If the traffic logs don’t contain the source user data, Policy Optimizer recommends unknown
for the Source User field.
If the original rule specified certain users, Policy Optimizer makes sure that the new optimized
rule will not allow additional users than the original rule. It will only refine the rule to be more
specific.
• If there are too many individual users in the source user field, Policy Optimizer may
recommend known-users to simplify the rule while maintaining least-privilege access.
• A minimum threshold of 75% is required to associate individual users with a user group. This
means that at least 75% of the user group's resolved user IDs must be present in the log data
for the user group to be considered in the recommendations.
You can click Users to view the list of users in a side car panel.

Policy Optimizer provides contextual logs to offer insights into the traffic triggering the rule with
an unknown user. For recommendations where the source user is unknown, click Unknown User
to open Log Viewer.

Strata Cloud Manager Getting Started 488 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Strata Cloud Manager Getting Started 489 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Manually Select a Rule for Optimization

You can add the predefined Enable-AIOps-Optimization tag to a rule to optimize it if it wasn't
automatically selected by Strata Cloud Manager. Consider the scenario where a rule's source,
destination, and application fields may still be more permissive than necessary. In this case, adding
the Enable-AIOps-Optimization tag prompts Policy Optimizer to attempt further optimization of
these fields. Or if the rules are not automatically selected if the zone fields are any, adding the tag
could help to get recommendations on these fields as well.

Remove a Rule from Optimization

Move a rule to the Removed from Optimization list, and Policy Optimizer won’t optimize it. The
rule settings remain as is.

Make sure to Push Config after moving a rule to the exclusion list; after pushing the configuration,
it can take up to 24 hours for the rule to display on the list. You can always choose to add the rule
back to the optimization list later.
Under Optimization Failed, you can also view the rules that failed optimization and check the
reason for failure.

Strata Cloud Manager Getting Started 490 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Track Optimization Results

Policy Optimizer shows a history of the security rules you have optimized. Historical data includes
the optimization results: compare the original rule’s traffic coverage against optimized rules. You
can also view how many days have passed since you accepted a rule for optimization.
If an original rule (a rule you optimized) gets no hits, Policy Optimizer removes it from the Policy
Optimizer history and is classified instead as a zero-hit policy rule.

Configuration: Policy Analyzer

Where Can I Use This? What Do I Need?

• , including those funded by Software At least one of these licenses is needed:

NGFW Credits
•

Panorama Cloud Connector Plugin for

Panorama managed deployments

Updates to your Security policy rules are often time-sensitive and require you to act quickly.
However, you want to ensure that any update you make to your security policy rulebase meets
your requirements and does not introduce errors or misconfigurations (such as changes that result
in duplicate or conflicting rules).
To achieve this, Policy Analyzer in Strata Cloud Manager enables you to optimize time and
resources when implementing a change request. Policy Analyzer not only analyzes and provides
suggestions for possible consolidation or removal of specific rules to meet your intent but
also checks for anomalies, such as Shadows, Redundancies, Generalizations, Correlations, and
Consolidations in your rulebase.
Use Policy Analyzer to add or optimize your Security policy rulebase.

Strata Cloud Manager Getting Started 491 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

• Before adding a new rule—Check to see if new rules need to be added. Policy Analyzer
recommends how best to change your existing Security policy rules to meet your requirements
without adding another rule, if possible.
• Streamline and optimize your existing rulebase—See where you can update your rules to
minimize bloat and eliminate conflicts and also to ensure that traffic enforcement aligns with
the intent of your Security policy rulebase.
Analyze your Security policy rules both before and after you commit your changes.
• Pre-Change Policy Analysis—Enables you to evaluate the impact of a new rule and analyze the
intent of the new rules against the rules that already exist to recommend how to best meet the
intent.
• Post-Change Policy Analysis—Enables you to clean the existing rulebase by identifying
Shadows, Redundancies, and other anomalies that have accumulated over time.
Policy Analyzer supports both Strata Cloud Manager and Panorama deployments. See Policy
Analyzer to learn more.

Strata Cloud Manager Getting Started 492 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Configuration: Prisma SD-WAN

Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

Select Configuration > Prisma SD-WAN to manage Prisma SD-WAN configurations.

Prisma SD-WAN provides a software-defined, wide area network (SD-WAN) solution that
transforms legacy wide area networks (WANs) into a radically simplified, secure, application fabric
(AppFabric), virtualizing heterogeneous underlying transports into a unified hybrid WAN. At the
core of the system is the application performance engine.
You can view granular application-driven analytics, build a robust policy, and performance-based
traffic management of the WAN. Through Instant-On Network (ION) devices, Prisma SD-WAN
simplifies how WANs are designed, built, and managed, securely extending data center-class
security to the network edge.
Prisma SD-WAN supports stacked policies for flow forwarding operations. Using centrally-defined
policies, each ION device performs actions such as automatic path selection, traffic shaping, or
active-active load balancing between links, while the Prisma SD-WAN controller provides full
visibility into application performance and response times across all WAN links.
Prisma SD-WAN controls network application performance based on application-performance
service level agreements (SLAs) and business priorities. You can configure policies, resources,
CloudBlades, and system settings for Prisma SD-WAN using Strata Cloud Manager.

Feature Highlights
Branch Sites: Prisma SD-WAN Sites represent branch offices and data centers that form your
wide-area network. The Prisma SD-WAN solution is the primary WAN gateway, managing all
inbound and outbound traffic to ensure secure, reliable, and optimized connectivity.
Data Centers : Data center sites are connected to branch sites, and you can host enterprise
applications and services in a data center. When creating a data center, you can select circuit
categories, circuit labels, and circuit and device specifications.
ION Devices: ION devices can be deployed at a branch site or a data center site. These are
available in both hardware and software form factors that meet the needs of any location and
any deployment scenario.
Policies: Prisma SD-WAN supports centrally defined policies, such as automatic path selection,
traffic shaping, and active-active load balancing between links. The Prisma SD-WAN controller
provides full visibility into application performance and response times across all WAN links.
CloudBlades: CloudBlades is a platform that delivers best-of-breed infrastructure services to
branch offices from the cloud, eliminating the need for additional hardware or software. Utilize
the Prisma SD-WAN CloudBlades to securely access ION devices and automate web interface
workflows with customized templates, reducing operational complexity.

Strata Cloud Manager Getting Started 493 ©2025 Palo Alto Networks, Inc.
Configuration: Strata Cloud Manager

Resources: Manage resources in Prisma SD-WAN, which include Applications, Probes, Circuit
Categories, Network Contexts, Service and DC Groups, Security Zones, Prefix Filters, and
Certificate Management.
Profiles and Templates: Utilize configuration profiles and templates to configure settings
for various resources within the Profiles and Templates option. You can configure the Site
Templates, IPSec, IPFIX, APN, DNS, Syslog, NTP, Multicast, VRF, IoT Discovery, and AAA.
System: Manage and monitor tenants, users, and permissions in Prisma SD-WAN using the
resources available under the System option, which include Audit Logs, Enterprise Prefixes,
Device Toolkit Access, Device Offline Access, Auth Token, and Cloud Identity Engine.

Strata Cloud Manager Getting Started 494 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud
Manager
Where Can I Use This? What Do I Need?

• Any Tenant or Tenant Service Group

(TSG) supported app
A role depending on your needs
to manage logs

From System Settings, you can manage the processes that pertain to all services offered in Strata
Cloud Manager. These processes include:

Identity & Access

Control authentication and authorization of user roles and permissions for all applications and
API-based access. Through Identity & Access, you can manage:
• User access
• Service accounts
• Roles
• Third-party identity provider integration
Get started with Identity & Access.

Products
If you have a single tenant environment, view, launch, and manage your products:
• Get product information
• Rename instance
• Manage sharing
• Add a tenant
Get started with Product Management.

Tenants
If you're a managed security service provider (MSSP) or distributed enterprise, you can create
and manage your hierarchy of business organizations and units, represented by tenants. From
Tenants, you can:
• Add a tenant
• Edit a tenant
• Manage tenant licenses

495
System Settings: Strata Cloud Manager

• Delete a tenant
• Transition from a single tenant to a multitenant deployment
Get started with Tenant Management.

Audit Logs
View records of all actions initiated by users of Strata Cloud Manager
View Audit Logs.

Device Associations
Most often used in device and app onboarding, Device Associations enables you to:
• Associate new devices with a tenant
• Associate apps with your devices
• Manage device and app associations
Get started with Device Associations.

Trusted IPs
Use Trusted IP Lists to restrict access to your applications by specifying IP addresses that are
allowed on a per tenant basis.
Configure a Trusted IP List.

Device Management
Review all your NGFW device and choose a device to move to cloud management. NGFW device
that is managed by Strata Cloud Manager is called a Cloud Managed Device
System Settings: Device Management.

Folder Management
Create and manage folders, which are a logical group of firewalls and deployments, for simplified
configuration management.
System Settings: Folder Management.

Scope Management
Configure scope management to enforce custom role-based access control. This allows you
to specify which Strata Cloud Manager administrators can access and modify specific folders,
firewalls, Prisma Access deployments, and snippet configurations.
System Settings: Scope Management.

Access Experience Management

Allows you to manage your Autonomous DEM users and remote sites.
System Settings: Access Experience Management.

Strata Cloud Manager Getting Started 496 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Subscriptions List
View the approved subscriptions for your product.
Manage Subscriptions.

vION Subscription Management

Generate authorization tokens for virtual ION devices. This provides a set of controls to prevent
unauthorized addition of virtual devices to an environment.
Manage vION Subscriptions.

Strata Cloud Manager Getting Started 497 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Audit Logs

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Under Settings > Audit LogsSystem Settings > Audit Logs, you can see a list of actions initiated
by users of Strata Cloud Manager. It provides logs on changes made, the owner of the change,
the date and time of the change, and the description of the change. You can use these logs for
compliance and troubleshooting purposes. You can filter the audit logs by the date range with the
capability, by a user, category, and type of change.
d

Strata Cloud Manager Getting Started 498 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Trusted IPs

Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

Cloud-delivered applications offer the convenience of accessibility from anywhere in the world.
However, this allows for exposure to risks such as access using stolen credentials, dictionary
attacks, and other forms of brute-force attacks to gain access to the applications.
While Identity and Access Management mitigates some of this risk, you can use Trusted IP Lists
to further restrict access to your applications by specifying IP addresses that are allowed on a per
tenant basis.
By default, during the creation of a new tenant, access is allowed to both the web interface and
the API from any IP address. The Trusted IP List is a list of trusted IP addresses that are allowed
to access a tenant. You can use a Trusted IP List to limit access to a single tenant, or you can use
it to limit access to a parent tenant and its children in a multitenant hierarchy. In a multitenant
hierarchy, you add the Trusted IP List on the parent tenant, the list gets inherited from the parent
tenant to its child tenants, and is enforced from the top-down.
To streamline IP address management, Strata Cloud Manager offers a bulk import feature for
trusted IP addresses. This functionality allows you to upload multiple IP addresses via a CSV file,
significantly reducing the time and effort required for manual entry. The default limit is set to 100
IP addresses per tenant security group (TSG), providing flexibility for managing larger sets of IP
addresses.

How to Manage a Trusted IP List from How to Manage a Trusted IP List from the hub
Strata Cloud Manager

To manage a Trusted IP List from To manage a Trusted IP List from the hub,
Strata Cloud Manager, select System Settings select tenant view of the hub > Common
> Trusted IPs . Services > Trusted IP List.

You can manage Trusted IP Lists You can manage Trusted IP Lists from the
from Strata Cloud Manager and the hub, but the hub is exempt from the trusted
Strata Cloud Manager web interface and IP address enforcement, so your access to
API will allow access to only those trusted IP the hub is not restricted to the trusted IP
addresses. addresses. If your IP address gets blocked
from a tenant on Strata Cloud Manager that
you should have access to, you can go to the
hub and unlock your access if you have the
listed permissions.

Strata Cloud Manager Getting Started 499 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Add Trusted IPs

Delete Trusted IPs

Unlock Access

Add Trusted IPs

Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

After you have activated your license, created your tenants, and managed user access to Strata
Cloud Manager, you can further restrict access to your tenants by adding trusted IP addresses to a
Trusted IP List. By default, any IP address is permitted to access Strata Cloud Manager.
You can add trusted IP addresses using two methods: adding a single IP address or importing
multiple IP addresses in bulk using a CSV file. When adding IP addresses, adhere to the following
guidelines:
• Use CIDR notation for IPv4 addresses only.
• For IP address pools (private address ranges), RFC 1918 and RFC 6598 compliant IP addresses
are recommended.
• Specify a single IP address (e.g., 192.168.1.1) or an IP address range with a subnet mask (e.g.,
10.0.0.0/24)
• Subnet addresses are not supported. Use IP addresses or ranges only.
• (Prisma Access only) Avoid overlapping with these reserved internal IP addresses:
• 169.254.169.253 and 169.254.169.254
• 100.64.0.0/10
• 169.254.201.0/24
• 169.254.202.0/24
When you add new IP addresses, Strata Cloud Manager automatically logs the user who
performed the action. For auditing and visibility purposes, you can easily track this information in
the Added By field field, which populates without any manual input.

Add a Single IP Address

STEP 1 | Select System Settings > Trusted IP List.

STEP 2 | Search or scroll to find and select your tenant.

Strata Cloud Manager Getting Started 500 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 3 | Select Add New.

STEP 4 | Enter an IP Address that can access this tenant.

Strata Cloud Manager validates the specified value to ensure they meet the IP address
guidelines and displays any error.

STEP 5 | If there are no errors, Save.

The change takes effect immediately, so make sure that your IP address is correct or
you can lose access to the tenant.

Add IP Addresses in Bulk

STEP 1 | Select Settings > Trusted IP List.

STEP 2 | Search or scroll to find and select your tenant.

STEP 3 | Select Bulk Add.

STEP 4 | Upload the CSV file containing the list of IP addresses. If necessary, you can download a
sample CSV template.

Strata Cloud Manager Getting Started 501 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 5 | Select Add IPs.

Strata Cloud Manager validates the specified values to ensure it meets the IP address
guidelines and displays any errors.

You can also click See Details to download the list of IP addresses and the corresponding error
in CSV format.

STEP 6 | If there are no errors, Save.

The change takes effect immediately, so make sure that your IP address is correct or
you can lose access to the tenant.

Delete Trusted IPs

Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

After you add trusted IPs to a Trusted IP List for your tenant, you can return to unrestricted
access by deleting the trusted IP addresses.
Delete trusted IPs using Strata Cloud Manager.
STEP 1 | Select Settings > Trusted IP List.

STEP 2 | Search or scroll to find and select your tenant.

Strata Cloud Manager Getting Started 502 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 3 | Use one of the following options:

• Delete multiple IPs — select the IP Address check box to highlight all IP addresses at the
same time, then select the Delete button.

• Delete a single IP — select the individual check box of the IP, then delete from Actions >
Delete.

If you inherited a Trusted IP List from a parent tenant, you can't delete it from a child
tenant because those are inherited. You can only delete a Trusted IP List from a child
tenant if you added it directly at the child-level.

STEP 4 | Select OK at the prompt.

The change takes effect immediately. If you delete all the trusted IPs, then IP access goes back
to Any.

Unlock Access
Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

After you add trusted IPs to a Trusted IP List for your tenant, that access is enforced by
Strata Cloud Manager. If your IP address is not on the Trusted IP List for the tenant, then you see
an access denied message if you try to access it.

If your IP address gets blocked from a tenant that you should have access to, you can go to the
hub to unlock yourself if you have the listed permissions.

Strata Cloud Manager Getting Started 503 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 1 | From the hub, select tenant view of the hub > Common Services > Trusted IP List.

STEP 2 | Add your IP address to the Trusted IP address list.

Strata Cloud Manager Getting Started 504 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Device Management

Where Can I Use This? What Do I Need?

A Palo Alto Networks NGFW that is managed by Strata Cloud Manager is called a Cloud Managed
Device. Strata Cloud Manager can manage firewalls running PAN-OS 10.2.3 or newer.
For more information about prerequisites for Strata Cloud Manager, click here.
With the Device Management dashboard (System Settings > Device Management) you can
review important device and version details about all your managed devices and select which
devices to move to cloud management.

See All Cloud Managed NGFWs Details

The Cloud Managed Devices tab (System Settings > Device Management > Cloud Managed
Devices) displays all of your SCM onboarded firewalls, the folders they are assigned to, and
important details about them.

Device Information Description

Name The name of the NGFW and the folder(s) it is organized

under.

Labels Any labels attached to the NGFW.

Config Sync Status The synchronization status of the NGFW:

• Synced
• Out of Sync

HA Status The HA Status of the onboarded NGFW:

• Active—Normal traffic-handling operational state.
• Passive—Normal backup state.
• Initiating—The firewall is in this state for up to 60
seconds after bootup.
• Non-functional—Error state.
• Suspended—An administrator disabled the firewall.
• Tentative—For a link or path monitoring event in an
active/active configuration.

Serial Number The serial number of the onboarded NGFW.

Model The model number of the onboarded NGFW.

Strata Cloud Manager Getting Started 505 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Device Information Description

Type They type of the onboarded NGFW:

• VM
• PA

Address The IP Address of the onboarded NGFW.

License The license information for the onboarded NGFW

• Matched
• Mismatched

Software Version | App and Displays the software and content versions that are
Threat | Antivirus | URL Filtering currently installed on the firewall. For details, see Firewall
Software and Content Updates.

Device Dictionary A file for firewalls to import. The dictionary file provides
the Strata Cloud Manager and firewall administrator with
a list of device attributes for selection when importing
recommended security policy rules.

Actions The actions for the onboarded firewall:

• Fetch License Info
• Reboot
• Change Routing Mode
• Local Config Management
• Force Boot Strap

Remove an NGFW from the Cloud Managed Devices

The Available Devices tab displays all of your NGFWs available to onboard to SCM and NGFWs
already managed by Strata Cloud Manager.

For more information about the onboarding process for Strata Cloud Manager, click here.

You can use the available devices tab to move devices in and out of Strata Cloud Manager.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select System Settings > Device Management > Available Devices.
1. Select Back to Available Devices to move a firewall out of Strata Cloud Manager.

Strata Cloud Manager Getting Started 506 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Restore a Local Configuration Version Snapshot on the Firewall

Follow these steps to restore any version of the local configuration on your firewall and download
the configuration details in XML format.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select System Settings > Device Management, then select Local Configuration Management
from the available Actions.

STEP 3 | Load the version to restore the local configuration.

STEP 4 | Click Yes to replace the current local configuration on the firewall with the selected version
You can use the Jobs view to troubleshoot failed operations, investigate warnings associated
with completed commits, or cancel pending commits.

STEP 5 | Download configuration details for the selected version.

Replace an RMA Firewall

To minimize the effort required to restore the configuration on a cloud managed NGFW involving
a Return Merchandise Authorization (RMA), you can now trigger an RMA workflow through
Device Management.
The new RMA workflow will automatically restore the configuration of the original NGFW to your
replacement NGFW. By importing the state of your original NGFW, you can quickly resume using
Strata Cloud Manager to manage your network.
Before you trigger the RMA process, complete the following prerequisites:
The RMA request has been placed in the Customer Support Portal.
Replacement device should be of the same hardware model.
Replacement device is registered in the CSP and associated with the correct tenant.
Replacement device is found in Available Devices(System Settings > Device Management >
Available Devices).

VM-Series devices are not supported for this RMA process.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select System Settings > Device Management > Cloud Managed Devices.

STEP 3 | Locate the faulty device in the table.

Strata Cloud Manager Getting Started 507 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 4 | Start the RMA process.

1. Select Actions.
2. Start RMA.
3. Select the replacement device that will replace your old NGFW.
4. Start RMA.
The old device is removed from Cloud Managed Devices.

STEP 5 | Remove the old device from your support portal account.

Strata Cloud Manager Getting Started 508 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Folder Management

Where Can I Use This? What Do I Need?

• license
• license

Folders are used to logically group your firewalls or deployment types (Prisma Access mobile
users, remote networks, or service connections) for simplified configuration management. You
can create a folder that contains multiple nested folders to group firewalls and deployments that
require similar configurations. Folders that are already nested can have multiple nested folders as
well.
Folders for Prisma Access and your NGFWs are separate; you can't group NGFWs in a folder with
Prisma Access deployments. However, you can easily apply shared settings globally across all
folders or use Configuration: Snippets to easily apply standard settings and policy requirements
across multiple folders.

Strata Cloud Manager Getting Started 509 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

• NGFW
• Prisma Access

Folder Management (NGFWs)

To help manage folders and firewalls, you can apply labels to filter and target specific groups
of firewalls for configuration changes. Additionally, each folder displays the currently installed
software version, dynamic content release versions, and GlobalProtect app Version of the
firewalls associated with the folder.
For firewall folders, Strata Cloud Manager supports up to four nested folders within any given
folder hierarchy, with the default All Firewalls folder always being the top-most level of
any folder hierarchy. For example, consider the below when designing your folder hierarchy.
In the example below Folder1, Folder2, Folder3, and Folder4 are nested under the All
Firewalls folder and you can’t best any additional folders to this particular folder hierarchy.
Additionally, Folder2.1 and Folder2.2 are nested under Folder2 and you can’t add any nest
any additional folders either.

Strata Cloud Manager Getting Started 510 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Create a Folder
Create a folder to logically group your firewalls for simplified configuration management. You can
create a folder under the default Firewalls folder or under another existing folder.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select System Settings > Folder Management and Add Folder.

STEP 3 | Give the folder a descriptive Name.

STEP 4 | (Optional) Enter a Description for the folder.

STEP 5 | (Optional) Assign one or more Labels.

You can select an existing label or create a new label by typing the label you wanted to create.

STEP 6 | Specify where to create the folder In.

Select All Firewalls or select an existing folder to nest the folder under it.

Strata Cloud Manager Getting Started 511 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 7 | Create the folder.

Modify a Folder
Modify an existing folder to edit the name, description, and to add or change the labels.
Additionally, you can move or delete the folder as needed.
STEP 1 | Log in to Strata Cloud Manager.

Strata Cloud Manager Getting Started 512 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 2 | Select System Settings > Folder Management and expand the Actions menu.

STEP 3 | Modify the folder as needed.

• Edit the folder
1. Edit the folder Name.
2. (Optional) edit the folder Description.
3. Select or create Labels.
You can assign entirely different labels to the folder or add additional labels.
4. Save.
• Move the folder and select the Destination.
You can move a folder in the following ways.
• You can move a folder to nest it under a different folder.
• You can move a nested folder under the Firewalls folder.
• You can move a nested folder from one folder to another.
Move the folder after you select the folder destination.
• Delete Folder and click OK to confirm.
You can only delete a folder that has no firewalls associated with it and no folders nested
under it.

Strata Cloud Manager Getting Started 513 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Folder Management (Prisma Access)

Prisma Access folders are predefined; you can use them to specify configuration scope and ensure
that Prisma Access deployment types – mobile users, remote networks, and service connections –
receive all global settings and then settings that are required or specific for each type.
The configurations defined under a folder are inherited by all folders nested under that folder
hierarchy. For example, you can configure settings that are common across GlobalProtect, Explicit
Proxy, Remote Networks, and Service Connections under the Prisma Access folder. Similarly, you
can configure settings that are common across GlobalProtect and Explicit Proxy under the Mobile
Users Container and so on.
You cannot edit the folder hierarchy for Prisma Access.
At the folder level, you can also enable web security for the Prisma Access mobile user, remote
network, or service connection deployment.

Strata Cloud Manager Getting Started 514 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Scope Management

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Configure scope management to enforce custom role-based access control. This allows
you to specify which Strata Cloud Manager administrators can access and modify specific
folders, firewalls, Prisma Access deployments, and snippet configurations. Defining the scope
management for your cloud admins ensures they aren’t overprovisioned and defines the read
and writing access privileges for the selected folders, firewalls, Prisma Accessdeployments, and
snippet configurations. The Common Services Multiple Platform and Enterprise Roles are used to
define the read and write access privileges for a Strata Cloud Manager admin.
The Scope management configuration is defined across your entire Strata Cloud Manager tenant.
Scope management can’t be defined for a specific folder, Prisma Access, or firewall Configuration
Scope.

Only a Strata Cloud Manager administrator with a Superuser, Multitenant Superuser, IAM
Administrator, Multitenant IAM Administrator, or Business Administrator role can create a
scope object. The Scope Management widget is not available for users with other roles.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select System Settings > Scope Management.

STEP 3 | Create New Scope.

Strata Cloud Manager Getting Started 515 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 4 | Define the Scope Management configuration.

Scope Management configurations are labeled as a scope object.
1. Enter a descriptive Name.
2. Select Folders and check (enable) the folders, firewalls, and Prisma Access deployments
you want to include in the scope.

Selecting a firewall also includes the folder that the selected firewall is
associated with in the scope management configuration. Only the immediately
associated folder is included, and not the parent folder.
3. Select Snippets and check (enable) the snippets you want to include.
4. Add the scope object.

Strata Cloud Manager Getting Started 516 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

STEP 5 | Apply the scope management configuration to Strata Cloud Manager admins.
1. Assign Users to the Scope Object you created in the previous step.

2. Select a Role for the Strata Cloud Manager admin. For example, you can select MSP
Superuser for a user who needs access to all functions for all tenants.
Default is None. See the Common Services Multiple Platform and Enterprise Roles for
more information about the read and write access privileges for each available Role.

Select a specific Strata Cloud Manager admin and Clear Role to remove the
currently assigned Common Services role. This applies the default None role to
the admin.
3. To modify an existing scope to edit the name, and to add or remove folders, select the
scope object, modify the scope as needed, and Update the scope.
4. To modify the assigned users, to add more users or change the users, click Assigned
Users and modify as needed, and Close the window.

Strata Cloud Manager Getting Started 517 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Access Experience Management

Where Can I Use This? What Do I Need?

• Either one of these licenses:

license
license or license

Use the Access Experience Management page to manage your Autonomous DEM users and
remote sites. View the audit logs to see which administrators have authenticated to Prisma Access
during the selected Time Range.
Refer to the Manage Autonomous DEM Agent Upgrades to learn about the Upgrade Options.

Access Experience Agent Management

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

Use this tab to get details about all of your registered ADEM users, such as whether the user is
online (the user device is sending keep-alive messages to the ADEM service) or offline (the ADEM
service has not received a keep-alive message from the user device in the last ten minutes), when
the user device was last seen, the username, device type, and hostname of the ADEM user, and
what ADEM agent version they are running.
Each row in the table in this tab represents a unique user in a separate row. Every user/device
combination is considered as a unique user. For example, if 2 users are logged in to 3 devices
each, the number of unique users will be 6. Hence, a user name could be duplicated across
multiple rows depending on the number of devices they are logged in to.
In the title of the table in this widget, the number of Total Endpoint Agents denotes the total
number of devices monitored. The number of Users is the total users regardless of the number of
devices they are logged into. This is because the license consumption is based on the total number
of users regardless of how many devices each user is logged into.
Use the check boxes to the left of the Last logged in User to make bulk configuration by selecting
the row for the endpoints. Deleting an entry by selecting it from the Access Experience Agent
Management table will release the license entry.

Column Name Description

Last Logged in User A device can have multiple users logging into
it. This column lists the user ID of the most

Strata Cloud Manager Getting Started 518 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Column Name Description

recent user who has logged into GlobalProtect
using this device.

Device The OS that is running on this device.

Hostname The host name of the device.

Last Seen The the last message sent from the device to
the DEM server.

First Seen The the first message received from this

device by the DEM server.

User Status Connection status of the current user.

Monitoring State Whether app tests are running on the device.

Endpoint Agent Version The version of the ADEM agent installed on

the device.

Remote Site Experience Management

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

This tab gives you details on the branch Prisma SD-WAN ION devices that are enabled for digital
experience management. Use this tab to get details about all of your registered ADEM remote
sites, such as the device model, hostname, site status, monitoring state (whether monitoring is
enabled for the site), hostname of the high availability server (if there is one), and the remote site
agent version.

Column Name Description

Remote Site Name Pisma SD-WAN branch site.

Device Model Prisma SD-WAN ION device model number.

Hostname Hostname of the ION device.

HA Peer Hostname Whether a high availability standby ION

device has been configured at that site.

Strata Cloud Manager Getting Started 519 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Column Name Description

Last Seen The last message sent from the ION device to
the DEM server.

First Seen The first message received from the ION

device by the DEM server.

Site Status Connectivity status of the site ION device

with the DEM agent.

Monitoring State Whether the site is configured to run app

tests.

Remote Site Agent Version The version of the ADEM agent installed on
the ION device.

Health Score Profiles

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

View the domain health score details in this tab.

Column Name Description

Domain Health Score Metric Lists the domains for which ADEM calculates health score
Name metrics. Click on a Domain name in this column to view
its metrics. These metrics include the lower and upper
thresholds and how much the numbers impact the total
experience score when they cross the thresholds. These
metrics are not editable.

Type Domain Type

Associated Use Case The dashboard or widget on which the calculated experience
score displays.

Strata Cloud Manager Getting Started 520 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Audit Logs
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

View the audit logs for all the events that are triggered due to API calls..

Column Name Description

Event Time The time when the event was triggered which caused
the log to be created.

Email Email address of the person who was notified when the
log was created.

Description The API call that caused the event to trigger thus
creating the log.

Strata Cloud Manager Getting Started 521 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Strata Logging Service

Where Can I Use This? What Do I Need?

•
•
•
•

Strata Logging Service (formerly Cortex Data Lake) is a cloud-based logging system that stores
context-rich enhanced network logs generated by our security products, including our NGFWs,
Prisma Access, and Cloud NGFW for AWS. With Strata Logging Service, you can collect ever-
expanding volumes of data without needing to plan for local compute and storage, and it's ready
to scale from the start. Learn how to activate and deployStrata Logging Service in your product.

Additionally, you can also access and manage logs with Strata Logging Service app
available on the hub. The logging data is the same in both Strata Logging Service app and
Strata Cloud Manager, except for their web interface differences.

Use Strata Logging Service to:

• Check the status of a Strata Logging Service instance- click Strata Logging Service > Overview
• View and onboard firewalls, Cloud NGFW, Prisma Access, or Panorama appliances- click
Strata Logging Service > Inventory

Strata Cloud Manager Getting Started 522 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

• View the allocated log storage quota, the available storage space, and the number of days
the logs are retained based on your incoming log rate - click Strata Logging Service > Storage
Status
• Configure log storage quota- click Strata Logging Service > Configure Quota
• Search, filter, and export log data- click Log Viewer. Log Viewer has same features as Explore
in Strata Logging Service app.
• Forward log data to external servers for long-term storage, SOC, or internal audit- click
Strata Logging Service > Log Forwarding

Strata Cloud Manager Getting Started 523 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

System Settings: Subscription Usage

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

Select System Settings > Subscription Usage to view details about your Prisma Access Base
Subscription usage, including the total number of unique users connected, bandwidth consumed
by remote network users, the total number of service connections deployed, and details about
any add-on subscriptions.

• Total Data Transfer— Monitor your usage against your licensed data transfer limit, providing
you with a visual representation of your tenant-level data usage for Mobile Users, Remote

Strata Cloud Manager Getting Started 524 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Networks, and combination licenses over a 12-month period starting from your license
activation date.

Show Usage Details to display the details of your data transfer and the percentage of data that
is left in your license.

• Mobile Users—View how many unique Mobile Users licenses you have consumed so far. The
widget displays the total number of licenses consumed by unique Mobile Users connected in
the last 30 days. License usage is based on the previous 30 days of login data. A user who has
logged in at least once in the previous 30 days through one of these three connection methods
—Global Protect Agent, Prisma Access Agent, or Agentless (or Explicit Proxy)—contributes
toward consumption of one Mobile User license. If a user connects through multiple connect
methods—say, Global Protect Agent and Explicit Proxy—in the previous 30 days, the user is
reflected in both GlobalProtect Connected Users and Explicit Proxy Active Users counts but is
counted only once for Total Unique Users count.
Select View Usage Detail to see details about license use during the past 30 days. You
can view the total number of unique users during the past 30 days, the total GlobalProtect

Strata Cloud Manager Getting Started 525 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

connected users, and the total Explicit Proxy active users. Hover over the graph to see the
licenses consumed at that time.

• Branch Sites—See the total bandwidth usage by all Remote Networks connected to Prisma
Access. View how much bandwidth you have allocated and how much you have consumed,
in Mbps. You see usage by total bandwidth consumed by all Remote Networks connected to
Prisma Access.
Select View Usage Detail to see your licensed bandwidth consumption by Compute Regions or
branch sites based on your Bandwidth Allocation Model. In each case, a daily peak bandwidth
consumption value is indicated for each of the 30 days considered for the license computation.
You can filter the graph view by selecting Compute Regions or branch sites. There are three
lines plotted per Compute Region or per site in the chart indicating daily peak consumption
values, the allocated bandwidth to the Compute Region or site, and the 95th percentile value
obtained from the daily peaks.
• Service Connections—See how many Service Connections licenses you have consumed so far.

See the Add-On Subscriptions section on this page to see the additional licenses that you
have purchased. You can see the total number of licenses purchased as well as the number of
unconsumed licenses so far. The following images describe some of the additional licenses you
can purchase.

Strata Cloud Manager Getting Started 526 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

• Colo-Connects—Prisma Access Colo-Connect leverages the cloud-native GCP technology to

provide high-bandwidth service connections to your private applications.

• Prisma Access Browser—Prisma Access Secure Enterprise Browser (Prisma Access Browser)
is the only solution that secures both managed and unmanaged devices through a natively
integrated enterprise browser that extends protection to unmanaged devices. Prisma Access
Browser protects business apps and data by placing security in the browser. Your Prisma
Access Browser subscription appears in the Add-on Subscriptions or Prisma Access Base
Subscriptions.
• Prisma Access Base Subscriptions—The tenant has a Prisma Access Browser standalone
license.
• Add-on Subscriptions—When you have purchased the Prisma Access Browser license for all
mobile users, the Prisma Access Browser subscription is Activated.

See the Add-on Subscriptions section on this page to see the additional licenses that you have
purchased, such as the Autonomous Digital Experience Management licenses for Mobile Users
and Remote Networks. You can see the total number of licenses purchased as well as the
number of unconsumed licenses so far. View Application Tests for Mobile User Monitoring - the
number of application tests left that you can create for your Mobile Users. Application tests are
determined by the number of Monitored Mobile Users with up to 10 app tests allowed per Mobile
User.
For more information, see View and Monitor Subscription Usage.

Strata Cloud Manager Getting Started 527 ©2025 Palo Alto Networks, Inc.
System Settings: Strata Cloud Manager

Strata Cloud Manager Getting Started 528 ©2025 Palo Alto Networks, Inc.
Favorites: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to

(with or configuration management)
:
• NGFWs
(with or configuration management)

Any Tenant or Tenant Service Group

(TSG) supported app
A role depending on your needs

The Favorites feature enables you to save items of interest and then quickly access them when
needed from any location in Strata Cloud Manager. You can personalize your favorite menu item
names in your own private list by organizing, editing, and deleting the content of your list.
Manage your favorites as follows:
• Add Favorites
• View Favorites
• Edit Favorites
• Delete Favorites

529
Favorites: Strata Cloud Manager

Add Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

Strata Cloud Manager:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Premium license
(use the Strata Cloud Manager app)
(with Strata Cloud Manager or Panorama
configuration management) Strata Cloud Manager Essentials
Strata Cloud Manager Pro
Any Tenant or Tenant Service Group
(TSG) supported app
A role depending on your needs

If you have menu items or pages in Strata Cloud Manager where you repeatedly need to go, but
you no longer want to search for them or navigate to them, you can save these items to a list of
favorites.
STEP 1 | Navigate to the menu item or page that you want to save.

STEP 2 | Hover over the item to view the star icon.

Strata Cloud Manager Getting Started 530 ©2025 Palo Alto Networks, Inc.
Favorites: Strata Cloud Manager

STEP 3 | Select the star to add this item to your Favorites.

The very top level menu items cannot be added as favorites. Only sub-menus can be
added as favorites.

Strata Cloud Manager Getting Started 531 ©2025 Palo Alto Networks, Inc.
Favorites: Strata Cloud Manager

View Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

Strata Cloud Manager:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Premium license
(use the Strata Cloud Manager app)
(with Strata Cloud Manager or Panorama
configuration management) Strata Cloud Manager Essentials
Strata Cloud Manager Pro
Any Tenant or Tenant Service Group
(TSG) supported app
A role depending on your needs

After you add favorites, you can view your favorites and their original locations.
STEP 1 | Select Favorites.

STEP 2 | Hover over the item to view the location icon.

STEP 3 | The path to the actual location and menu name is displayed.

Clicking the item in your favorites list takes you to its original location.

Strata Cloud Manager Getting Started 532 ©2025 Palo Alto Networks, Inc.
Favorites: Strata Cloud Manager

Edit Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

Strata Cloud Manager:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Premium license
(use the Strata Cloud Manager app)
(with Strata Cloud Manager or Panorama
configuration management) Strata Cloud Manager Essentials
Strata Cloud Manager Pro
Any Tenant or Tenant Service Group
(TSG) supported app
A role depending on your needs

After you add favorites, you can edit your favorites to personalize them.
STEP 1 | Select Favorites.

STEP 2 | Hover over the item to view the edit icon.

STEP 3 | Rename the item.

Renaming the item in your favorites list does not rename the original item in its original
location.

Strata Cloud Manager Getting Started 533 ©2025 Palo Alto Networks, Inc.
Favorites: Strata Cloud Manager

Delete Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

Strata Cloud Manager:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Premium license
(use the Strata Cloud Manager app)
(with Strata Cloud Manager or Panorama
configuration management) Strata Cloud Manager Essentials
Strata Cloud Manager Pro
Any Tenant or Tenant Service Group
(TSG) supported app
A role depending on your needs

After you add favorites, you can delete favorites from your list.
STEP 1 | Select Favorites.

STEP 2 | Hover over the item to view the delete icon.

STEP 3 | Click the icon to delete the favorite from the list.

Deleting the item from your favorites list does not remove the original item from its
original location.

Strata Cloud Manager Getting Started 534 ©2025 Palo Alto Networks, Inc.