View Usage Data for Unsanctioned SaaS Apps

Get visibility into untrusted SaaS applications that your employees are using.
SaaS Security Inline identifies the SaaS applications that your employees are using by inspecting network traffic populated from firewall logs.
For comprehensive results, wait for up to 24 hours after you SaaS Security Inline on your platform to gain insight into your SaaS applications.
  1. Select
    Visibility
    .
  2. Navigate to one of the following views:
    View
    Description
    Use this View when you want to:
    Graphical view that summarizes the overall usage of SaaS applications that are in use in your organization.
    Assess your overall security posture. before you drill down into risk data for individual SaaS applications.
    List view of SaaS applications in use in your organization.
    Learn about the SaaS applications that are in use and how many users are accessing them. Use the filter and sort capabilities to analyze metrics and App Details to assess risks.
    List view of users in your SaaS application ecosystem and their individual, aggregated SaaS application usage.
    Learn about the users that are accessing discovered SaaS applications. You can filter users by SaaS applications that are important to your organization (for example, high risk apps or social media apps).
    Detail view with risk factors (attributes) for the SaaS applications in use in your organization.
    Drill down into individual SaaS applications in use in your organization to view details about the SaaS application, its application vendor, and compliance with regulatory standards.
    Catalog of SaaS applications with ability to drill down into attributes for numerous industry-wide SaaS applications and those currently in use in your organization.
    Data includes information about the application, vendor, compliance, and risk characteristics that underlie those SaaS applications.
    Research the SaaS application, its vendor, and compliance with regulatory standards, then evaluate the risk for a given SaaS application to your organization before you decide to tag it as a sanctioned SaaS application.
    SaaS policy rule recommendations enable you to recommend Security policy rules to your Palo Alto Networks firewall administrator.
    Remediate risks of unsanctioned SaaS applications and user risky behavior.

Dashboard View

The SaaS Visibility
Dashboard
view summarizes the overall usage of SaaS applications that are in use in your organization, the risk score for these SaaS applications, and the number of users that are using them.
Dashboard
1
Application Overview
Displays metrics by:
  • Usage
    —total volume of traffic for both uploads and downloads across all discovered SaaS applications.
  • Users
    —total number of users across all discovered SaaS applications.
  • Apps
    —total number of discovered SaaS applications in use on your network.
2
Applications by Risk
Discovered SaaS application by risk level. Move your cursor over each circle bar to display the number of associated SaaS applications within each risk level.
View All Apps
to navigate to the Application List.
Display the data using the views provided:
  • Graphical view—color-coded circle graph that displays the distribution of risk across the SaaS applications in your organization.
  • Table view—displays SaaS application data, including Risk, Apps (Name), Tag Discovered SaaS Apps, Users, Usage, and Sessions.
3
Top 10 Categories by Total Applications
Categories with the most SaaS applications by Usage. Click
View All Apps and their Categories
to navigate to the Application List.
4
Top 20 Applications by Usage
SaaS applications with the most Usage and Users of SaaS applications in your app ecosystem.
View All Applications
to navigate to the Application List.

Discovered Applications View

This
Discovered Applications
view displays a list of SaaS applications that are in use in your organization, as well as their risk and usage details.
Discovered Applications
1
Time Range
:
Risk
,
Category
,
Tags
,
Rules
,
Custom Tags
Filter to render a dataset for the selected time frame. Your filter selection persists across the session. Default time range is 90 days for new sessions.
2
Risk
Bar graph that displays the total number of SaaS applications in your organization that are
Low
,
Medium
, or
High
risk score. Click on the risk level link to display the SaaS applications associated with a specific risk level.
3
Tag
Bar graph that displays the total number of SaaS applications in your organization by tag.
4
Bulk Tag
Tags to help you assign a policy decision to your SaaS applications.
15
Search SaaS applications in use by Application Name only.
16
Download CSV
Export of the results (dataset) of the Discovered SaaS apps in CSV file format.
To view this element you must be Super Admin role or Admin role, and not Read Only Admin role.
17
Configure Global Risk Score
Capability to assign unequal weights to the attributes that underlie each SaaS application’s risk score.
5
Application Name
SaaS application name as it’s known in the industry.
6
Risk
Default, manual, or custom risk score for the SaaS application.
7
Category
SaaS application’s service category. For example, Google Meet is categorized as
Internet Conferencing
.
8
Rules
SaaS policy rule recommendations that apply to the SaaS application.
9
Tag
Tags that you assigned to these SaaS applications. If you haven’t tagged a SaaS application, it is automatically tagged as
Unknown
.
10
Users
Displays the number of users in comparison with the SaaS application with the most users.
11
Usage
Number of bytes transferred for the selected app.
12
Upload
Number of bytes uploaded for the selected app.
13
Download
Number of bytes downloaded for the selected app.
14
Custom Tags
Tags that you assigned to the SaaS application.

Discovered Users View

The
Discovered Users
view displays a list of known users in your organization and their application usage aggregated across all discovered SaaS applications from which you can apply filters to customize the view.
SaaS Security Inline discovers users by using CDL (Cortex Data Lake) logs, specifically the
source_user_info
field. If the firewall forwards a log to CDL and this field is not populated for a given user, SaaS Security Inline considers that user
unknown
. The SaaS Security web interface excludes all application usage data for unknown users.
Discovered Users
1
Time Range
:
Applications
,
Users
Filter to render a dataset for the selected time frame. Your filter selection persists across the session. Default time range is 90 days for new sessions.
Applications filter and Users filter enable you to select up to 100 apps and users. You can:
  • Select
    All
    and exclude up to 100.
  • Clear
    All
    and include up to 100.
2
Users
Sort column to display users alphabetically.
3
Search that enables you to identify distinct users across filtered and unfiltered apps.
4
Sessions
Total number of login sessions across filtered and unfiltered apps.
5
Upload
Number of bytes uploaded by the user across filtered or unfiltered apps.
6
Download
Number of bytes downloaded by the user across filtered or unfiltered apps.
7
Usage
Number of bytes transferred by the user across filtered or unfiltered apps.
8
Last Session
Last session initiated by the specific user.
9
Download CSV
Export the results (dataset) for all users to a CSV file.
To view this element you must be Super Admin role or Admin role, and not Read Only Admin role.

Application Detail View

The
Application Detail
view displays details about the application, application vendor, and compliance with regulatory standards for the selected SaaS application that is in use in your organization.
Application Detail
1
Application Type
Product’s service category. For example, SugarCRM is categorized as
ERP
.
2
Risk Score
Displays the risk score for the SaaS application.
3
Status
Default Tag (aka Sanctioned Status) that you assigned to the SaaS application.
4
Custom Tags
Tags that you assigned to the SaaS application.
5
SaaS Rule Recommendations
Recommendations that define this SaaS application.
6
Block Access
Quick method to create a recommendation that blocks access to this SaaS application.
7
Time Range
Filter to render a dataset for the selected time frame. Your filter selection persists across the session. Default time range is 90 days for new sessions.
2
Users
Total number of users of the selected SaaS application.
3
Usage
Total volume of traffic, both uploads and downloads, transferred by users of the selected the SaaS application.
4
Upload
Total number of bytes uploaded for the selected SaaS application.
6
Basic Info
Vendor and market information about this SaaS application.
12
Search that enables you to find compliance attributes by name of a specific compliance regulation, standard, framework, or certification.
5
Download CSV
Export the results (dataset) of the SaaS app to a CSV file.
To view this element you must be Super Admin role or Admin role, and not Read Only Admin role.
13
Configure Global Risk Score
Capability to assign unequal weights to the attributes that underlie each SaaS application’s risk score.
7
Security and Privacy
Security attributes to help you assess if this SaaS application meets your organization’s security policies.
8
Compliance
Compliance information to help you assess if this SaaS application meets your organization’s security policies.
9
Category
SaaS application’s category.
10
Risk
SaaS application’s risk score.
11
NPS Score
Indicator of future growth as measured by customer experience and loyalty between a score of <0 (weak) and 100 (strong) where % of Promoters - % of Detractors = Net Promoter Score (NPS).
For example, if the SaaS application has 35% Promoters and 25% Detractors, the SaaS application’s NPS score is 10.

Application Dictionary View

The
Application Dictionary
view simplifies the process of identifying SaaS applications that are security risks. You can use this dictionary as impartial security analysis to help you evaluate a given SaaS application.
Application Dictionary
1
Add Filter
:
Risk
,
Category
Filter icon to display the SaaS applications by risk and Application category.
2
Collapse icon to display App Details for the SaaS application, including SaaS application characteristics such as Vendor Attributes and Compliance Attributes.
3
Application Name
Represents the SaaS application name as it’s known in the industry.
4
Risk
Displays the risk score for the SaaS application.
5
Category
Product’s service category. For example, SugarCRM is categorized as
ERP
.
6
Search that enables you to find SaaS applications by category and Application Name.
7
Configure Global Risk Score
Capability to assign unequal weights to the attributes that underlie each SaaS application’s risk score.

Security Rules View

The
Security Rules
view enables you to filter on or search for the SaaS rule recommendations you created or edited and determine if those rules were approved by your firewall administrator or pending.
Security Rules
1
Create New Rule
Button to initiate a new SaaS policy rule recommendations.
2
Add Filter
:
Application
,
Activity
,
Response
,
Risk
,
Category
Filter icon to display the SaaS applications by Application name, activity, response, risk, and Application category.
3
Synced
Status that indicates whether or not your firewall received the SaaS policy rule recommendations.
4
Name
Name assigned to the SaaS policy rule recommendations.
5
Description
Description assigned to the SaaS policy rule recommendations.
6
Last Modified
Date that indicates the last time you changed the rule.
7
Enabled
8
Keyword search that enables you to find SaaS policy rule recommendations that you created.
9
Download CSV
Export the results (dataset) to a CSV file.
To view this element you must be Super Admin role or Admin role, and not Read Only Admin role.

Recommended For You