Monitor > PDF Reports > SaaS Application Usage
Use this page to generate a SaaS application usage report that summarizes the security risks associated with the SaaS applications traversing your network. This predefined report presents a comparison of the sanctioned versus unsanctioned applications, summarizes the risky SaaS applications with unfavorable hosting characteristics, and highlights the activity, usage, and compliance of the applications by listing the top applications for each category on the detailed pages. You can use this detailed risk information to enforce policy for SaaS applications that you want to allow or block on your network.
For generating an accurate and informative report, you must tag the sanctioned applications on your network (see Generate the SaaS Application Usage Report). The firewall and Panorama consider any application without this predefined tag as unsanctioned for use on the network. It is important to know about the sanctioned applications and unsanctioned applications that are prevalent on your network because unsanctioned SaaS applications are a potential threat to information security; they are not approved for use on your network and can cause an exposure to threats and loss of private and sensitive data.
Make sure you tag applications consistently across all firewalls or device groups. If the same application is tagged as sanctioned in one virtual system and is not sanctioned in another—or on Panorama, if an application is unsanctioned in a parent device group but is tagged as sanctioned in a child device group (or vice versa)—the SaaS Application Usage report will produce overlapping results.
On the ACC, set the Application View to By Sanctioned State to visually identify applications that have different sanctioned state across virtual systems or device groups. Green indicates sanctioned applications, blue is for unsanctioned applications, and yellow indicates applications that have a different sanctioned state across different virtual systems or device groups.
To configure the report, click Add and specify the following information:
SaaS Application Usage Report Settings
Enter a name to identify the report (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select the time frame for the report from the drop-down: Last 7 Days, Last 30 Days, or Last 90 Days. The report includes data from the current day (the day on which the report is generated).
Include logs from
From the drop-down, select whether you want to generate the report on a selected user group, on a selected zone, or for all user groups and zones configured on the firewall or Panorama.
Include user group information in the report
(Not available if you choose to generate the report on aSelected User Group.)
This option filters the logs for the user groups you want to include in the report. Select the manage groups or the manage groups for the selected zone link to choose up to 25 user groups for which you want visibility.
When you generate a report for specific user groups on a selected zone, users who are not a member of any of the selected groups are assigned to a user group called Others.
Select the user group(s) for which you want to generate the report. This option displays only when you choose Selected User Group in the Include logs from drop-down.
Select the zone for which you want to generate the report. This option displays only when you choose Selected Zone in the Include logs from drop-down.
You can then select include user group information in the report.
Include detailed application category information in report
The SaaS Application Usage PDF report is a two-part report. By default, both parts of the report are generated. The first part of the report (ten pages) focuses on the SaaS applications used on your network during the reporting period.
Clear this option if you do not want the second part of the report that includes detailed information for SaaS and non-SaaS applications for each application subcategory listed in the first part of the report. This second part of the report includes the names of the top applications in each subcategory and information about users, user groups, files, bytes transferred, and threats generated from these applications.
Without the detailed information, the report is ten-pages long.
Limit max subcategories in the report to
Select whether you want to use all application subcategories in the SaaS Application Usage report or whether you want to limit the maximum number to 10, 15, 20, or 25 subcategories.
When you reduce the maximum number of subcategories, the detailed report is shorter because you limit the SaaS and non-SaaS application activity information included in the report.
Click Run Now to generate the report on demand.
You can generate this report on demand or you can schedule it to run on a daily, weekly, or monthly cadence. To schedule the report, see schedule reports for email delivery.
On PA-220 and PA-220R firewalls, the SaaS Application Usage report is not sent as a PDF attachment in the email. Instead, the email includes a link you use to open the report in a web browser.
For more information on the report, see Manage Reporting.
Generate the SaaS Application Usage Report
Generate the SaaS Application Usage Report The SaaS Application Usage PDF report is a two-part report that allows you to easily explore SaaS application activity ...
Actions Supported on Applications
Actions Supported on Applications You can perform any of the following actions on this page: Actions Supported for Applications Description Filter by application To search ...
Application Whitelist Example
Application Whitelist Example Keep in mind that you do not need to capture every application that might be in use on your network in your ...
Monitor > PDF Reports > Email Scheduler
Monitor > PDF Reports > Email Scheduler Use the Email scheduler to schedule reports for delivery by email. Before adding a schedule, you must define ...
View and Manage Reports
View and Manage Reports The reporting capabilities on the firewall allow you to keep a pulse on your network, validate your policies, and focus your ...
Monitor > PDF Reports
Monitor > PDF Reports The following topics describe PDF reports. Monitor > PDF Reports > Manage PDF Summary Monitor > PDF Reports > User Activity ...
Objects > Tags
Objects > Tags Tags allow you to group objects using keywords or phrases. You can apply tags to address objects, address groups (static and dynamic), ...
Map Applications to Business Goals for a Simplified Rulebas...
Map Applications to Business Goals for a Simplified Rulebase As you inventory the applications on your network, consider your business goals and acceptable use policies ...
Use HTTP Headers to Manage SaaS Application Access
Use Palo Alto Networks® firewall URL profiles to insert custom headers into HTTP requests so that you can control access to differing versions of web ...