Remediate Third-Party Apps

Learn how to remediate third-party apps that Prisma SaaS discovered.
You can view and assess third-party apps to determine if the potential security threats are real and, if so,
Block
or
Restrict
them and send notifications to users. When you block an app after it’s already in use, Prisma SaaS revokes access for all users that are currently using that app. Sometimes you’ll determine that an identified app does not pose a real threat. In that case, simply
Approve
it.
Use the following workflow to drill down into an app and assess whether it poses a security threat. Alternatively, you can automaticalty block an app.
  1. Select
    Explore > Third-Party apps
    .
    By default, all discoveries are listed as
    Unclassified
    until you assess and remediate them. You can:
    • Immediately
      Approve
      or
      Block
      any third-party app in the list view.
    • Click an app in the
      Name
      column to view the details and then
      Approve
      ,
      Block
      , or
      Restrict
      the app.
    explore-third-party-apps.png
  2. Filter third-party apps associated with a particular end user:
    Explore
    People
    .
  3. Drill down into the details by clicking
    Name
    .
    This detailed view displays the metadata of the third-party app and the associated links and cloud apps so that you can get more context around them.
  4. After you understand the details, remediate the third-party apps.
    There are several ways to manually remediate:
    • Remediate one or more results—Select the log entry and click
      Actions
      >
      Allow
      or
      Block
      .
    • Filter by users accessing a specific third-party app and apply remediation—Click
      Name
      on the log entry,
      Manage User Permissions
      , then
      All
      ,
      Inactive
      , or
      Active
      .
    • Filter by third-party app status—Select one of the following states:
      • Unclassified
        —You have not yet assessed this app. Meanwhile, any user can provide this app authorization to company data. By default, Prisma SaaS assigns all new discoveries this state.
      • Approved
        —Any user can provide this app authorization to company data.
      • Restricted
        —The users you define can provide this app authorization to company data. The app is blocked for all other users.
      • Blocked
        —No users can provide this app authorization to company data if you configured the third-party setting to automatically block or you manually blocked the app.
    When an app is either blocked or restricted, the user is sent an email to notify them of their access status.
  5. (
    Optional
    ) Export the third-party list.

Recommended For You