Generate the SaaS Application Usage Report

The SaaS Application Usage PDF report is a two-part report that is based on the notion of sanctioned and unsanctioned applications. A sanctioned application is an application that you formally approve for use on your network; a SaaS application is an application that has the characteristic SaaS=yes in the applications details page in
Objects
Applications
, all other applications are considered as non-SaaS. To indicate that you have sanctioned a SaaS or non-SaaS application, you must tag it with the new predefined tag named Sanctioned. The firewall and Panorama consider any application without this predefined tag as unsanctioned for use on the network.
  • The first part of the report (8 pages) focuses on the SaaS applications used on your network during the reporting period. It presents a comparison of sanctioned versus unsanctioned SaaS applications by total number of applications used on your network, bandwidth consumed by these applications, and the number of users using these applications. This first part of the report also highlights the top SaaS application subcategories listed in order by maximum number of applications used, the number of users, and the amount of data (bytes) transferred in each application subcategory.
  • The second part of the report focuses on the detailed browsing information for SaaS and non-SaaS applications for each application subcategory listed in the first-part of the report. For each application in a subcategory, it also includes information about the top users who transferred data, the top blocked or alerted file types, and the top threats for each application. In addition, this section of the report tallies samples for each application that the firewall submitted for WildFire analysis, and the number of samples determined to be benign and malicious.
Use the insights from this report to consolidate the list of business-critical and approved SaaS applications and to enforce policies for controlling unsanctioned applications that pose an unnecessary risk for malware propagation and data leaks.
The predefined SaaS application usage report introduced in PAN-OS 7.0 is still available as a daily report that lists the top 100 SaaS applications (with the SaaS application characteristic, SaaS=yes) running on your network on a given day.
  1. Tag applications that you approve for use on your network as Sanctioned.
    The accuracy of the report depends on whether you have tagged an application as Sanctioned. You can tag both SaaS and non-SaaS applications as Sanctioned; the detailed browsing section of the SaaS Application Usage report displays whether the application is SaaS and whether it is sanctioned.
    1. Select
      Object
      Applications
      .
    2. Click the application
      Name
      to edit an application and select
      Edit
      in the Tag section.
    3. Select
      Sanctioned
      from the
      Tags
      drop-down.
      You must use the predefined
      Sanctioned
      tag (with the azure colored background). If you use any other tag to indicate that you sanctioned an application, the firewall will fail to recognize the tag and the report will be inaccurate.
      tag_app_sanctioned.png
    4. Click
      OK
      and
      Close
      to exit all open dialogs.
  2. Configure the SaaS Application Usage report.
    1. Select
      Monitor
      PDF Reports
      SaaS Application Usage
      .
    2. Click
      Add
      , enter a
      Name
      , and select a
      Time Period
      for the report (default is
      Last 7 Days
      ).
      By default, the report includes detailed information on the top SaaS and non-SaaS application subcategories, which can make the report large by page count and file size. Clear the
      Include detailed application category information in report
      check box if you want to reduce the file size and restrict the page count to eight pages.
      saas-usage_PDFreport.png
    3. To generate the report on-demand, click
      Run Now
      . Make sure that the pop-up blocker is disabled on your browser because the report opens in a new tab.
    4. Click
      OK
      to save your changes.
  3. On the PA-200, PA-500, and PA-2000 Series firewalls, the SaaS Application Usage report is not sent as a PDF attachment in the email. Instead, the email includes a link that you must click to open the report in a web browser.

Recommended For You