SaaS Visibility for NGFW

Use this workflow to onboard SaaS Security Inline.
SaaS Security Inline provides SaaS visibility so that you can identify cloud‑based threats and risky user activity on sanctioned and unsanctioned SaaS apps.
Getting started is quite simple. If your CDL (Cortex Data Lake) is configured to receive logs from your Palo Alto Networks firewalls, after activation, SaaS Security Inline automatically discovers all SaaS applications and users and analyzes users’ SaaS activity and usage data and presents risk analytics. After you evaluate the data in the Dashboard, you’re ready to tag SaaS apps, configure risk scores, and generate reports to better understand and respond to SaaS application usage of sanctioned and unsanctioned SaaS apps.
Use the following workflow if you want to use SaaS visibility only. If you want to use all the features of SaaS Security Inline, including SaaS visibility, ACE, and policy rule recommendations to protect against cloud‑based threats, use the SaaS Visibility and Controls for NGFW workflow instead.
  • Activate SaaS Security Inline on the Hub.
  • Request that your firewall administrator forward logs to CDL so that SaaS Security Inline discovers all SaaS applications and users, if you haven’t already.
  • Configure basic settings on SaaS Security, including language and time zone, if you haven’t already
  • Add administrators to analyze SaaS visibility data.

Recommended For You