Monitor > PDF Reports > SaaS Application Usage
Use this page to create a report that summarizes the SaaS application activity on your network. This predefined report presents a comparison on the sanctioned versus unsanctioned SaaS application usage on your network and you can use this information to help steer your users toward sanctioned applications. You can then enforce granular context and application-based policies for SaaS applications that you want to allow or block on your network.
For generating an accurate and informative report, you must tag the sanctioned applications on your network (see Actions Supported on Applications). The firewall and Panorama consider any application without this predefined tag as unsanctioned for use on the network. It is important to know about the sanctioned applications and unsanctioned applications that are prevalent on your network because unsanctioned SaaS applications are a potential threat to information security; they are not approved for use on your network and can cause an exposure to threats and loss of private and sensitive data.
Make sure you tag applications consistently across all firewalls or device groups. If the same application is tagged as sanctioned in one virtual system and is not sanctioned in another—or on Panorama, if an application is unsanctioned in a parent device group but is tagged as sanctioned in a child device group (or vice versa)—the SaaS Application Usage report will produce overlapping results.
On the ACC, set the
By Sanctioned Stateto visually identify applications that have different sanctioned state across virtual systems or device groups. Green indicates sanctioned applications, blue is for unsanctioned applications, and yellow indicates applications that have a different sanctioned state across different virtual systems or device groups.
To configure the report, click
Addand specify the following information:
SaaS Application Usage Report Settings
Enter a name to identify the report (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the time frame for the report from the drop-down:
Last 7 Days,
Last 30 Days, or
Last 90 Days. The report includes data from the current day (the day on which the report is generated).
Include logs from
From the drop-down, select whether you want to generate the report on a selected user group, on a selected zone, or for all user groups and zones configured on the firewall or Panorama.
Include user group information in the report
Not available if you choose to generate the report on a
Selected User Group.)
This option filters the logs for the user groups you want to include in the report. Select the
manage groupsor the
manage groups for the selected zonelink to choose up to 25 user groups for which you want visibility.
When you generate a report for specific user groups on a selected zone, users who are not a member of any of the selected groups are assigned to a user group called Others.
Select the user group(s) for which you want to generate the report. This option displays only when you choose
Selected User Groupin the
Include logs fromdrop-down.
Select the zone for which you want to generate the report. This option displays only when you choose
Selected Zonein the
Include logs fromdrop-down.
You can then select Include user group information in the report.
Include detailed application category information in report
The SaaS Application Usage PDF report is a two-part report. By default, both parts of the report are generated. The first part of the report (ten pages) focuses on the SaaS applications used on your network during the reporting period.
Clear this option if you do not want the second part of the report that includes detailed information for SaaS and non-SaaS applications for each application subcategory listed in the first part of the report. This second part of the report includes the names of the top applications in each subcategory and information about users, user groups, files, bytes transferred, and threats generated from these applications.
Without the detailed information, the report is ten-pages long.
Limit max subcategories in the report to
Select whether you want to use all application subcategories in the SaaS Application Usage report or whether you want to limit the maximum number to 10, 15, 20, or 25 subcategories.
When you reduce the maximum number of subcategories, the detailed report is shorter because you limit the SaaS and non-SaaS application activity information included in the report.
Run Nowto generate the report on demand.
To schedule the report, see Monitor > PDF Reports > Email Scheduler.
On PA-200 and PA-500 firewalls, the SaaS Application Usage report is not sent as a PDF attachment in the email. Instead, the email includes a link you use to open the report in a web browser.
For more information on the report, see Manage Reporting.