Monitor > PDF Reports > SaaS Application Usage
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device Setup Ace
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Monitor > PDF Reports > SaaS Application Usage
Use this page to generate a SaaS application usage report
that summarizes the security risks associated with the SaaS applications
traversing your network. This predefined report presents a comparison
of the sanctioned versus unsanctioned applications, summarizes the
risky SaaS applications with unfavorable hosting characteristics,
and highlights the activity, usage, and compliance of the applications
by listing the top applications for each category on the detailed
pages. You can use this detailed risk information to enforce policy
for SaaS applications that you want to allow or block on your network.
For generating an accurate and informative report, you must tag
the sanctioned applications on your network (see Generate the SaaS Application Usage Report).
The firewall and Panorama consider any application without this
predefined tag as unsanctioned for use on the network. It is important
to know about the sanctioned applications and unsanctioned applications
that are prevalent on your network because unsanctioned SaaS applications
are a potential threat to information security; they are not approved
for use on your network and can cause an exposure to threats and
loss of private and sensitive data.
Make sure you tag applications consistently across all
firewalls or device groups. If the same application is tagged as
sanctioned in one virtual system and is not sanctioned in another—or
on Panorama, if an application is unsanctioned in a parent device
group but is tagged as sanctioned in a child device group (or vice
versa)—the SaaS Application Usage report will produce overlapping
results.
On the ACC, set the Application View to By
Sanctioned State to visually identify applications that
have different sanctioned state across virtual systems or device
groups. Green indicates sanctioned applications, blue is for unsanctioned
applications, and yellow indicates applications that have a different
sanctioned state across different virtual systems or device groups.
To configure the report, click Add and
specify the following information:
SaaS Application Usage
Report Settings | Description |
---|---|
Name | Enter a name to identify the report (up
to 31 characters). The name is case-sensitive and must be unique.
Use only letters, numbers, spaces, hyphens, and underscores. |
Time Period | Select the time frame for the report from
the drop-down. The report includes data from the current day (the
day on which the report is generated). |
Include logs from | From the drop-down, select whether you want
to generate the report on a selected user group, on a selected zone,
or for all user groups and zones configured on the firewall or Panorama.
|
Include user group information
in the report (Not available if you choose to generate
the report on a Selected User Group.) | This option filters the logs for the user
groups you want to include in the report. Select the manage
groups or the manage groups for the selected
zone link to choose up to 25 user groups for which you
want visibility. When you generate a report for specific user
groups on a selected zone, users who are not a member of any of
the selected groups are assigned to a user group called Others. |
User group | Select the user group(s) for which you want
to generate the report. This option displays only when you choose Selected
User Group in the Include logs from drop-down. |
Zone | Select the zone for which you want to generate
the report. This option displays only when you choose Selected
Zone in the Include logs from drop-down. You
can then select include user group information in the report. |
Include detailed application category information
in report | The SaaS Application Usage PDF report is
a two-part report. By default, both parts of the report are generated.
The first part of the report (ten pages) focuses on the SaaS applications
used on your network during the reporting period. Clear this
option if you do not want the second part of the report that includes
detailed information for SaaS and non-SaaS applications for each
application subcategory listed in the first part of the report.
This second part of the report includes the names of the top applications
in each subcategory and information about users, user groups, files,
bytes transferred, and threats generated from these applications. Without
the detailed information, the report is ten-pages long. |
Limit max subcategories in the report to | Select whether you want to use all application
subcategories in the SaaS Application Usage report or whether you
want to limit the maximum number to 10, 15, 20, or 25 subcategories. When
you reduce the maximum number of subcategories, the detailed report
is shorter because you limit the SaaS and non-SaaS application activity
information included in the report. |
Click Run Now to generate the report on
demand.
You can generate this report on demand or you can schedule it
to run on a daily, weekly, or monthly cadence. To schedule the report,
see schedule reports for email delivery.
On PA-220 and PA-220R firewalls, the SaaS Application Usage report
is not sent as a PDF attachment in the email. Instead, the email
includes a link you use to open the report in a web browser.
For more information on the report, see Manage Reporting.