View Usage Data for Unsanctioned SaaS Apps
Get visibility into untrusted SaaS applications that
your employees are using.
SaaS
Security Inline identifies the SaaS applications that your employees
are using by inspecting network traffic populated from CDL (Cortex
Data Lake) logs.
For comprehensive results, wait up to
24 hours after you SaaS Security Inline on your platform to gain
insight into your SaaS applications.
- Navigate to SaaS Security Inline.
- Navigate to one of the following views:ViewShows you:Helps you:Graphical view that summarizes the overall usage of SaaS applications that are in use in your organization.Assess your overall security posture before you drill down into risk data for individual SaaS applications.List view of SaaS applications in use in your organization.Learn about the SaaS applications that are in use and how many users are accessing them. Use the filter and sort capabilities to analyze metrics and App Details to assess risks.List view of users in your SaaS application ecosystem and their individual, aggregated SaaS application usage.Learn about the users that are accessing discovered SaaS applications. You can filter users by SaaS applications that are important to your organization (for example, high risk apps or social media apps).Detail view with risk factors (attributes) for the SaaS applications in use in your organization.Drill down into individual SaaS applications in use in your organization to view details about the SaaS application, its application vendor, and compliance with regulatory standards.Catalog of SaaS applications with ability to drill down into attributes for numerous industry-wide SaaS applications and those currently in use in your organization.Data includes information about the application, vendor, compliance, and risk characteristics that underlie those SaaS applications.Research the SaaS application, its vendor, and compliance with regulatory standards, then evaluate the risk for a given SaaS application to your organization before you decide to tag it as a sanctioned SaaS application.SaaS policy rule recommendations enable you to recommend Security policy rules to your Palo Alto Networks firewall administrator.Remediate risks of unsanctioned SaaS applications and user risky behavior.
Dashboard View
The SaaS Visibility
Dashboard
view
summarizes the overall usage of SaaS applications that are in use
in your organization, the risk score for these SaaS applications,
and the number of users that are using them.
Dashboard | |
|---|---|
Time Range | Filter by Time Range : Risk , Category , Tags , Rules , Custom
Tags to render a dataset for the selected time frame.
Your filter selection persists across the session. Default time
range is 90 days for new sessions. Reset Filters to
clear selection. |
Application Overview | Displays metrics by:
|
Applications by Risk | Discovered SaaS application by risk level.
Move your cursor over each circle bar to display the number of associated
SaaS applications within each risk level. Display the data
using the icons provided:
|
Top 10 Categories by Applications | Categories with
the most Usage and Applications. View
all Categories to navigate to the complete Discovered Applications. |
Top 10 Applications by Usage | SaaS applications with the most Usage and Users of SaaS
applications in your app ecosystem. View all Applications to navigate
to the list of Discovered Applications. |
Discovered Applications View
This
Discovered Applications
view
displays a list of SaaS applications that are in use in your organization,
as well as their risk and usage details.
Discovered Applications | |
|---|---|
 | Filter by Time Range : Risk , Category , Tags , Rules , Custom
Tags to render a dataset for the selected time frame.
Your filter selection persists across the session. Default time
range is 90 days for new sessions. Reset Filters to
clear selection. |
Applications by Risk | Bar graph that displays the
total number of SaaS applications in your organization that are Low , Medium ,
or High risk score.
Click on the risk level link
to display the SaaS applications associated with a specific risk
level. |
Applications by Tag | Bar graph that displays the
total number of SaaS applications in your organization by tag. |
Configure Global Risk Score | Capability to assign unequal
weights to the attributes that underlie each SaaS application’s
risk score. |
 | Search SaaS applications in use by Application Name only. |
Bulk Tag  | Tags to help
you assign a policy decision to your selected SaaS applications. |
Change Risk Score  | Change the risk score for
the selected SaaS application. |
Download CSV  | Export of the results (dataset) of the Discovered
SaaS apps in CSV file format. To view this element you
must be Super Admin role or Admin role, and not Read Only Admin
role. |
Application Name | SaaS
application name as it’s known in the industry. |
Risk | Default,
manual, or custom risk score for the
SaaS application. |
Category | SaaS application’s service category. For
example, Google Meet is categorized as Internet Conferencing . |
Rules | SaaS policy rule recommendations that apply
to the SaaS application. |
Tag | Tags that you
assigned to these SaaS applications. If you haven’t tagged a SaaS
application, it is automatically tagged as Unknown . |
Users | Displays
the total number of users of the SaaS application. Click on the
link to go to the Discovered Users view with the necessary filters
applied to display a list of those users and related activity. From
this Discovered View, you can export a list of the usernames. |
Usage | Number
of bytes transferred for the selected app. |
Upload | Number of bytes uploaded for the selected
app. |
Download | Number of bytes downloaded for the selected
app. |
Custom Tags | Tags that you
assigned to the SaaS application. |
 | |
Discovered Users View
The
Discovered Users
view displays
a list of known users in your organization and their application usage
aggregated across all discovered SaaS applications from which you
can apply filters to customize the view.SaaS Security Inline discovers users by using CDL (Cortex Data
Lake) logs, specifically the
source_user_info
field. If
the firewall forwards a log to CDL and this field is not populated
for a given user, SaaS Security Inline considers that user unknown
.
The SaaS Security web interface excludes all application usage data
for unknown users.
Discovered Users | |
|---|---|
| Filter by Time Range to
render a dataset for the selected time frame. Your filter selection
persists across the session. Default time range is 90 days for new sessions.Applications filter
and Users filter enable you to select up
to 100 apps and users. You can:
Reset
Filters to clear selection. |
User ID | Sort column to display users alphabetically. |
| Search that enables you to identify distinct
users across filtered and unfiltered apps. |
Sessions | Total number of login sessions across filtered
and unfiltered apps. |
Total Usage | Number
of bytes transferred by the user across filtered or unfiltered apps. |
Upload | Number of bytes uploaded by the user across
filtered or unfiltered apps. |
Download | Number of bytes downloaded by the user across
filtered or unfiltered apps. |
Last Session | Last session initiated by the specific user. |
Download CSV | Export the results (dataset) for all users
to a CSV file. To view this element you must be Super
Admin role or Admin role, and not Read Only Admin role. |
Application Detail View
The
Application Detail
view displays
details about the application, application vendor, and compliance
with regulatory standards for the selected SaaS application that
is in use in your organization.
Application Detail | |
|---|---|
Application Type | Product’s
service category. For example, SugarCRM is categorized as ERP . |
Risk Score | Displays the risk score for
the SaaS application. |
Status | Default Tag (aka Sanctioned
Status) that you assigned to the SaaS application. |
Custom Tags | Tags that you
assigned to the SaaS application. |
Policy Recommendations Supported
in Cloud Managed Prisma Access under , but not . | Recommendations that
define this SaaS application. |
Block Access Supported in Cloud
Managed Prisma Access under , but not . | Quick method to create a recommendation that
blocks access to this SaaS application. |
Users | Total number of users of the selected SaaS application. |
Usage | Total volume of traffic, both uploads and
downloads, transferred by users of the selected the SaaS application. |
Upload | Total number of bytes uploaded for the selected
SaaS application. |
Download | Number of bytes downloaded by the user across
filtered or unfiltered apps. |
Basic Info | Vendor and market information about this
SaaS application, including NPS. |
| Search that enables you to find compliance
attributes by name of a specific compliance regulation, standard,
framework, or certification. |
Configure Global Risk Score | Capability to assign unequal
weights to the attributes that underlie each SaaS application’s
risk score. |
Security and Privacy | Security attributes to
help you assess if this SaaS application meets your organization’s
security policies. |
Compliance | Compliance information to
help you assess if this SaaS application meets your organization’s
security policies. |
Risk | SaaS application’s risk score. |
Application Dictionary View
The
Application Dictionary
view
simplifies the process of identifying SaaS applications that are security
risks. You can use this dictionary as impartial security analysis
to help you evaluate a given SaaS application.
Application Dictionary | |
|---|---|
 | Collapse icon to display App Details for the
SaaS application, including SaaS application characteristics such
as Vendor Attributes and Compliance Attributes. |
Application Name | The
SaaS application name as it’s known in the industry. |
Risk | Displays the risk score for
the SaaS application. |
Category | Product’s
service category. For example, SugarCRM is categorized as ERP . |
| Search that enables you to find SaaS applications
by category and Application Name. |
Policy Recommendations View
The
Policy Recommendations
view
enables you to filter on or search for the SaaS rule recommendations
you created or edited and determine if those rules were approved
by your firewall administrator or pending.
Policy Recommendations | |
|---|---|
Synced | Status that
indicates whether or not your firewall received the SaaS policy rule recommendations. |
Name | Name assigned to the SaaS policy rule recommendations. |
Default | |
Description | Description assigned to the SaaS policy rule recommendations. |
Last Modified | Date that indicates the last time you changed
the rule. |
Enabled | Toggle to submit your SaaS policy rule recommendations. |
| Keyword search that enables you to find SaaS policy rule recommendations that
you created. |
Download CSV | Export the results (dataset) to a CSV file. To
view this element you must be Super Admin role or Admin role, and
not Read Only Admin role. |
