While previous versions relied on cloud lookups, 11.0 enhances the engine. The firewall now blocks never-before-seen (Zero-Day) evasive command-and-control traffic directly in the data path without a signature update.
For those following Sarah's lead, the PAN-OS 11.0 New Features Guide serves as the definitive manual for configuring these advanced capabilities. x or a specific chart? PAN-OS 11.0.0 Known and Addressed Issues panos 11 release notes link