Monitor > PDF Reports > SaaS Application Usage
Table of Contents
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
Monitor > PDF Reports > SaaS Application Usage
Use this page to generate a SaaS application usage report that
summarizes the security risks associated with the SaaS applications traversing
your network. This predefined report presents a comparison of the sanctioned
versus unsanctioned applications, summarizes the risky SaaS applications
with unfavorable hosting characteristics, and highlights the activity, usage,
and compliance of the applications by listing the top applications
for each category on the detailed pages. You can use this detailed
risk information to enforce policy for SaaS applications that you
want to allow or block on your network.
For generating an accurate and informative report, you must tag
the sanctioned applications on your network (see Generate the SaaS Application Usage Report).
The firewall and Panorama consider any application without this
predefined tag as unsanctioned for use on the network. It is important
to know about the sanctioned applications and unsanctioned applications
that are prevalent on your network because unsanctioned SaaS applications
are a potential threat to information security; they are not approved
for use on your network and can cause an exposure to threats and
loss of private and sensitive data.
Make sure you tag applications consistently across all
firewalls or device groups. If the same application is tagged as
sanctioned in one virtual system and is not sanctioned in another—or
on Panorama, if an application is unsanctioned in a parent device
group but is tagged as sanctioned in a child device group (or vice
versa)—the SaaS Application Usage report will produce overlapping
results.
On the ACC, set the
Application View
to By
Sanctioned State
to visually identify applications that
have different sanctioned state across virtual systems or device
groups. Green indicates sanctioned applications, blue is for unsanctioned applications,
and yellow indicates applications that have a different sanctioned state
across different virtual systems or device groups.To configure the report, click
Add
and
specify the following information:SaaS Application
Usage Report Settings | Description |
---|---|
Name | Enter a name to identify the report (up
to 31 characters). The name is case-sensitive and must be unique.
Use only letters, numbers, spaces, hyphens, and underscores. |
Time Period | Select the time frame for the report from
the drop-down: Last 7 Days , Last
30 Days , or Last 90 Days . The
report includes data from the current day (the day on which the
report is generated). |
Include logs from | From the drop-down, select whether you want
to generate the report on a selected user group, on a selected zone,
or for all user groups and zones configured on the firewall or Panorama.
|
Include user group
information in the report ( Not available if you choose
to generate the report on a Selected User Group .) | This option filters the logs for the user
groups you want to include in the report. Select the manage groups or
the manage groups for the selected zone link
to choose up to 25 user groups for which you want visibility.When
you generate a report for specific user groups on a selected zone,
users who are not a member of any of the selected groups are assigned
to a user group called Others. |
User group | Select the user group(s) for which you want
to generate the report. This option displays only when you choose Selected
User Group in the Include logs from drop-down. |
Zone | Select the zone for which you want to generate
the report. This option displays only when you choose Selected Zone in
the Include logs from drop-down.You
can then select include user group information in the report. |
Include detailed application category information
in report | The SaaS Application Usage PDF report is
a two-part report. By default, both parts of the report are generated.
The first part of the report (ten pages) focuses on the SaaS applications
used on your network during the reporting period. Clear this
option if you do not want the second part of the report that includes
detailed information for SaaS and non-SaaS applications for each
application subcategory listed in the first part of the report.
This second part of the report includes the names of the top applications
in each subcategory and information about users, user groups, files,
bytes transferred, and threats generated from these applications. Without
the detailed information, the report is ten-pages long. |
Limit max subcategories in the report to | Select whether you want to use all application
subcategories in the SaaS Application Usage report or whether you
want to limit the maximum number to 10, 15, 20, or 25 subcategories. When
you reduce the maximum number of subcategories, the detailed report
is shorter because you limit the SaaS and non-SaaS application activity
information included in the report. |
Click
Run Now
to generate the report on demand.You can generate this report on demand or you can schedule it
to run on a daily, weekly, or monthly cadence. To schedule the report,
see schedule reports for email delivery.
On PA-220 and PA-220R firewalls, the SaaS Application Usage report
is not sent as a PDF attachment in the email. Instead, the email
includes a link you use to open the report in a web browser.
For more information on the report, see Manage Reporting.