Connect SaaS Security API to your Cortex Data Lake to
retrieve logs and compile a combined view of unsanctioned and sanctioned
is the default visibility view on SaaS Security API
for tenants provisioned before June 2, 2021. This feature is no
longer available for tenants provisioned after June 2, 2021. For
inline policy enforcement on your network, more granular control
over SaaS application usage and user activity, greater analytics, and
a large increase in the number of discovered SaaS applications,
use SaaS Security Inline.
an inventory of SaaS application usage and patterns on your network,
and to identify shadow IT, you need to know about data residing
within enterprise-enabled SaaS applications, and network traffic
generated by users using managed and unmanaged devices within your
If you are using next-generation firewalls or
GlobalProtect Cloud Service as an Internet gateway to secure on-premise
or remote users and are storing traffic logs and other logs to the
Cortex Data Lake, you need to connect SaaS Security API to the Cortex
Data Lake to extend SaaS application visibility. All you need is
the serial number for your Cortex Data Lake instance.
the Cortex Data Lake serial number for your organization.