Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 2

Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 2

23580
Created On 09/25/18 18:59 PM - Last Modified 06/14/23 07:21 AM


Resolution


Are you gaining some familiarity with the new Application Command Center (ACC) in PAN-OS 7.0? Are you as impressed as we are with the wealth of information you can view, filter, and export? Learn more about Threat Activity, Blocked Activity, and using widgets to create and select information you want to see in Part 2 of this series.

 

If you missed out on reading Part 1 of this series, please see Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 1. This week's Tips & Tricks covers additional features of the Application Command Center (ACC) for PAN-OS 7.0.  

In Part 1 of this series, I covered the new look and feel and the overall layout of the ACC. Now, I will be going into more detail of the rest of the tabs not covered in Part 1, and how to use the ACC and get more information from it.

 

I have already talked about the Network Activity tab, and will now cover Threat Activity and Blocked Activity tabs.

 

Inside the Threat Activity tab
tnt-2015-12-1-pic2.png

You will find the following widgets selected by default:

  • Hosts Visiting Malicious URL's
  • Hosts Resolving Malicious Domains
  • Threat Activity
  • Wildfire Activity By File Type
  • Wildfire Activity By Application
  • Applications Using Non Standard Ports
  • Rules Allowing Apps On Non Standard Ports

tnt-2015-12-1-pic1.png


Inside the Blocked Activity tab
tnt-2015-12-1-pic3.png

You will find the following widgets selected by default:

  • Blocked User Activity
  • Security Policies Blocking Activity
  • Blocked Threats
  • Blocked Content
  • Blocked Application Activity

tnt-2015-12-1-pic4.png

 

The very last tab you will notice is a "+" Plus symbol. Clicking on this creates a new Tab, which you can give a name to, then add as many widget groups and widgets respectively.
tnt-2015-12-1-pic5.png

 

One area that I did not talk about already are the Widget options in the upper right corner of every widget:
tnt-2015-12-1-pic6.png

 

There are 4 options:

  • Maximize & View more data — Creates a popup window that fills the screen and does not display any graphs, only text. The option also expands the number of lines that are displayed. (You have 2 additional options in the upper right to Export as PDF and to close this window, which is the X.)
    tnt-2015-12-1-pic7.png
  • Set local filtersThis popup window allows you to create a new filter for this widget.  Select Apply to display the filter.
    tnt-2015-12-1-pic8.png
  • Jump to Logs — Brings you directly to the logs associated with the widget. Threat Activity will bring you directly to the Threat Logs.
  • Export as PDF — Popup window displays status as the widget data is exported.

 

You also have graph options (located below the Widget options) that vary depending on the data, but can be:

  • Bar
  • Area
  • Column
  • Line
  • Treemap

 

Now that you know what those options do, you can extract more information from the data being displayed.
While looking at a widget, you can click a number of different options to display different data.

Some widgets can be sorted by different data.
tnt-2015-12-1-pic9.png

 

For example, Application usage can be sorted by

  • Bytes
  • Sessions
  • Threats
  • Content
  • URLs

 

If you click on a graph or on the text below, it will drill down and add that information to the local filter.

tnt-2015-12-1-pic10.png
To remove the filter, click the "X" to the left of the filter name. In this example, it is Application[panorama].
You also can add this to the global filter by clicking  the "<-|" to the right of the filter.
You will also see this same symbol "<-|" when hovering over any text that is clickable.

Another nice feature that you will find in the new ACC — on any of the values displayed, a dropdown arrow  provides even more options.
tnt-2015-12-1-pic11.png

 

Depending on what you are looking at, you will have different options:
For example, if you hover over an application, and select the dropdown, you will see:

  • Global Find — Displays a  Search window in the upper right corner of the WebGUI, and displays search results.
    tnt-2015-12-1-pic12.png
  • Value — Displays value information about the application.
    tnt-2015-12-1-pic13.png

If you are looking at IP-related data, you will have other options:

tnt-2015-12-1-pic14.png

  • Global Find — same as above
  • Who Is - Pulls up a new browser window to Network Solutions, and shows the "Who Is" record of this IP.
    tnt-2015-12-1-pic15.png
  • Search HIP Report — Allows you to search through the Host Information Profile on this IP to correlate the data with a possible GlobalProtect user.

This concludes Part 2 of this week's Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later.

 

I hope this helps you understand the new ACC even better.

 

I will also be creating a Video Tutorial on Part 1 and Part 2.

 

In case you missed it, Part 1 of this series is here:
Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 1

 

As always, please feel free to post feedback or comments below. Please also Like this if it has helped you in any way.

 

Thanks for reading.
Joe Delio
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSQCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language