Sales

FAQ ACC Demo

General

Q. What has changed in the ACC with PAN-OS 7.0 and beyond?
A: The new ACC offers a fully re-designed layout that enhances the visualization of threats and
improves response time thanks to a highly interactive and customizable dashboard that
provides easily understood, actionable threat information with simple drill down capabilities,
trending information, device group segmentation, as well as correlation events. The new ACC is
very interesting for potentially new as well as existing customers. You can use the new ACC as
an excuse to meet and talk with existing customers on whats new.

Q: Which versions of the demo can demonstrate the automated correlation engine?
A: Correlation events can be demonstrated in all Panorama deployments. They will NOT show up
on a single-machine VM deployment. Since most of our demo environments utilize VMs, you
should conduct a demo of the ACC (if you plan to show correlation) in one of the Panorama
deployments. (us1rama, uk1rama, etc).

User Interface Layout and Design Elements

Q: Why did we move to a widget-based design?
A: A widget-based design allows for easy customization and improved visibility of the data.
Widgets improve the actionability of data by displaying only desired content, thus making the
UI more user friendly and improving response times.

Q: What do the icons in the top right of each widget mean?

A: There are 4 icons in the blue shaded area in the top right of each widget:
Maximize Widget Icon: Clicking on the icon with the diagonal arrow mazimizes the view of
the current widget and shows more detailed data.
Custom Filter Icon: Click on the icon with the funnel to create a custom filter that will remain
active even when all Global Filters get deleted.
Jump to Log Icon: Click on the icon with the bulleted list to jump to the log data associated
with the particular widget.
Print/Export Icon: Click on this icon to export or print a particular widget. In most cases, data
will be exported as a PDF. From the maximized view you can also export data as a CSV file.
Graph Selection Icons: There are two more icons in the white area. These are the Graph type
icons. Click on these icons to select the appropriate graph to display the widget in a way best
suited for your needs.

Palo Alto Networks Proprietary and Confidential Internal Use Only Sales FAQ ACC Demo

Q: How can I customize the ACC to my needs?
A: You can modify the default views (Application, Threat Activity, and Blocked Activity tabs), but
you cant delete them. In addition you can create any number of custom tabs for custom views.

Q: How do I change the graph type?
A: In the top right of each widget are the different graph types you can select for each widget. The
available graph types vary by widget. Simply click on the icon that displays the desired graph
type and the widget will automatically display the selected graph.

Shortcuts, Tips and Tricks

Q: What are the different ways you can promote an item as a Global Filter?
A: (Just look for the left pointing arrow)<-| There are multiple ways you can promote any item
as a global filter:
1. The easiest way is to click on the left pointing arrow behind the items name, which will
immediately promote the item as a global filter.
2. If you have a widget-specific filter in any widget, the filter string appears in the top of
that widget. You can click on the left pointing arrow behind any item in that string and
promote the local filter as a global filter.
3. You can do a step-by-step promotion by clicking on any item in the table, and do a local
promotion first, then select the item from the filter string above to do a global
promotion.

Q: No compromised host (correlation event) shows up in the Threat tab. How can I trigger a
correlation event to demonstrate the correlation engine?
A: Correlation events dont happen all the time. Check the time frame of your demo. It is most
likely set at 1 hour. If you extend the time frame to 12 hours or even 24 hours,
correlation events should show up. Please note that if you are trying to do this in a POC
environment the customer may not have any threat licenses, and correlation object may not be
triggered.

Q: How do I create a custom tab that monitors an individual user?
A: First create a new tab and select the desired widgets for this tab from the drop down list. Next
use the filter in the top right of each widget to add the filter criteria (in this case the criteria is
the name of the user). Note, creating a custom filter like just described is the best way to
generate a permanent customized filter. If you only decide to promote the filter in each widget
to get the same result, the filter will be eliminated the next time someone removes all Global
Filters.

Q: How do I zoom in on a specific timeframe within the trending graphs?
A: If you look at a trending graph and notice a particularly interesting time period within the graph
you can zoom in by highlighting the desired timeframe inside the graph. This will automatically
create a custom time period and the graph will be re-built with the highlighted time period

Palo Alto Networks Proprietary and Confidential Internal Use Only Sales FAQ ACC Demo
 (zoomed-in view). Please ensure you highlight an area that goes beyond the desired time
frame, since the zoomed in view will display a time frame from the start of the highlighted area
to just before the highlighted area (less than the latest time frame selected)

Q: How do I promote a time from a zoomed-in graph?
A: After you have selected the desired time frame inside the trending graph, the selected time
zone shows up as a custom time frame on the filter string on top of the widget. To promote this
time zone as a global filter, simply click on the left-pointing arrow behind the custom time zone,
which will automatically promote the item as a global filter.

Q: What export options do I have?
A: You can export or print individual widgets or all widgets on a given tab. You can export in PDF,
and in maximized views you can also export data in CSV format.

Q: How can I drill down from a maximized view?
A: If you are in a maximized view on a specific widget you can promote each item on the list as a
global filter in the same way you usually promote a filter simply click on the left-pointing
arrow behind the item.

Q: How can I see the log data associated with a threat highlighted in the ACC?
A: In the top right of each widget you find an icon that says Jump to logs. Click on the Jump to
logs icon and you will be taken automatically to the log data associated with the selected
threat.

Q: Why cant I change the data source on top of the UI?
A: This selection criterion is only active once all devices in the configuration have been moved to
PAN OS 7.0. At that point you can select different data sources for display in the ACC.

Q: What is the definition of aggregated content in the widgets?
A: Aggregated content is an accumulated view of all file transfers and data pattern matches we
have seen.

Palo Alto Networks Proprietary and Confidential Internal Use Only Sales FAQ ACC Demo