Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 2

Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 2

Created On 09/25/18 18:59 PM - Last Modified 06/14/23 07:21 AM


Are you gaining some familiarity with the new Application Command Center (ACC) in PAN-OS 7.0? Are you as impressed as we are with the wealth of information you can view, filter, and export? Learn more about Threat Activity, Blocked Activity, and using widgets to create and select information you want to see in Part 2 of this series.


If you missed out on reading Part 1 of this series, please see Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 1. This week's Tips & Tricks covers additional features of the Application Command Center (ACC) for PAN-OS 7.0.  

In Part 1 of this series, I covered the new look and feel and the overall layout of the ACC. Now, I will be going into more detail of the rest of the tabs not covered in Part 1, and how to use the ACC and get more information from it.


I have already talked about the Network Activity tab, and will now cover Threat Activity and Blocked Activity tabs.


Inside the Threat Activity tab

You will find the following widgets selected by default:

  • Hosts Visiting Malicious URL's
  • Hosts Resolving Malicious Domains
  • Threat Activity
  • Wildfire Activity By File Type
  • Wildfire Activity By Application
  • Applications Using Non Standard Ports
  • Rules Allowing Apps On Non Standard Ports


Inside the Blocked Activity tab

You will find the following widgets selected by default:

  • Blocked User Activity
  • Security Policies Blocking Activity
  • Blocked Threats
  • Blocked Content
  • Blocked Application Activity



The very last tab you will notice is a "+" Plus symbol. Clicking on this creates a new Tab, which you can give a name to, then add as many widget groups and widgets respectively.


One area that I did not talk about already are the Widget options in the upper right corner of every widget:


There are 4 options:

  • Maximize & View more data — Creates a popup window that fills the screen and does not display any graphs, only text. The option also expands the number of lines that are displayed. (You have 2 additional options in the upper right to Export as PDF and to close this window, which is the X.)
  • Set local filtersThis popup window allows you to create a new filter for this widget.  Select Apply to display the filter.
  • Jump to Logs — Brings you directly to the logs associated with the widget. Threat Activity will bring you directly to the Threat Logs.
  • Export as PDF — Popup window displays status as the widget data is exported.


You also have graph options (located below the Widget options) that vary depending on the data, but can be:

  • Bar
  • Area
  • Column
  • Line
  • Treemap


Now that you know what those options do, you can extract more information from the data being displayed.
While looking at a widget, you can click a number of different options to display different data.

Some widgets can be sorted by different data.


For example, Application usage can be sorted by

  • Bytes
  • Sessions
  • Threats
  • Content
  • URLs


If you click on a graph or on the text below, it will drill down and add that information to the local filter.

To remove the filter, click the "X" to the left of the filter name. In this example, it is Application[panorama].
You also can add this to the global filter by clicking  the "<-|" to the right of the filter.
You will also see this same symbol "<-|" when hovering over any text that is clickable.

Another nice feature that you will find in the new ACC — on any of the values displayed, a dropdown arrow  provides even more options.


Depending on what you are looking at, you will have different options:
For example, if you hover over an application, and select the dropdown, you will see:

  • Global Find — Displays a  Search window in the upper right corner of the WebGUI, and displays search results.
  • Value — Displays value information about the application.

If you are looking at IP-related data, you will have other options:


  • Global Find — same as above
  • Who Is - Pulls up a new browser window to Network Solutions, and shows the "Who Is" record of this IP.
  • Search HIP Report — Allows you to search through the Host Information Profile on this IP to correlate the data with a possible GlobalProtect user.

This concludes Part 2 of this week's Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later.


I hope this helps you understand the new ACC even better.


I will also be creating a Video Tutorial on Part 1 and Part 2.


In case you missed it, Part 1 of this series is here:
Tips & Tricks: The Application Command Center (ACC) for PAN-OS 7.0 and Later — Part 1


As always, please feel free to post feedback or comments below. Please also Like this if it has helped you in any way.


Thanks for reading.
Joe Delio

  • Print
  • Copy Link

Choose Language