>
    Strata Copilot
    Application Catalog
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Strata Cloud Manager Getting Started
    4. Configuration: Strata Cloud Manager
    5. Application Catalog
    Download PDF
    Strata Cloud Manager

    Application Catalog

    Table of Contents

    Application Catalog

    Use the Application Catalog to view, classify, and tag Palo Alto Networks–provided applications at the container level so that classifications and tags automatically apply to all underlying functional activities.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • NGFW (Managed by Strata Cloud Manager)
    • At least one of these licenses is needed to manage your configuration with Strata Cloud Manager; for unified management of NGFWs and Prisma Access, you'll need both NGFW and Prisma Access licenses:
    Strata Cloud Manager normalizes application names and consolidates application management into a unified view, so you no longer need to navigate across multiple pages to find the information required to configure security policy.
    You can use a common Application Catalog page in Strata Cloud Manager to view and manage applications from one location. This ensures consistent application naming across all services.
    From the ConfigurationApplication Catalog page, you can access application details, manage tags, review content updates, and classify applications. To help you identify the risk posture of each application, the application grid displays icons and includes a Classification column that separates your sanctioned, unsanctioned, and tolerated applications. The predefined applications side panel provides metadata so you can review application attributes without leaving the page.
    The Application Catalog includes only Palo Alto Networks–provided applications. Custom applications you create in ConfigurationNGFW and Prisma AccessObjectsApplications do not appear in the catalog and do not affect the application count.
    • Classification—Determines the app's policy status. Only one classification can be active per container: Sanctioned, Tolerated, or Unsanctioned. Applying a new classification automatically removes the previous one. An application with no classification is Unclassified by default.
    • Tags—Descriptive labels used to organize and filter applications for policy. A container can carry multiple tags simultaneously. Includes system-generated predefined tags (for example, Web App, Enterprise VoIP) and admin-defined custom tags.
    The Application Catalog includes only Palo Alto Networks-provided applications. Custom applications you create in ConfigurationNGFW and Prisma AccessObjectsApplications do not appear here.
    When you classify or tag applications in the Application Catalog, Strata Cloud Manager writes those classifications and tags to the Application-Tagging snippet. The Application-Tagging snippet is a predefined snippet associated with the global scope that stores all application classification and tag data across Strata Cloud Manager. Conversely, classification and tag changes you make to predefined applications in ConfigurationNGFW and Prisma AccessObjectsApplications are also reflected in the Application Catalog. Both surfaces read from and write to the same Application-Tagging snippet. Storing application data in a single global snippet makes it available across all product areas, including Security policy app filters, Activity Insights, and SaaS Inline.

    Classify and Tag Applications

    Use the Application Catalog to review application details and classify or tag applications to govern their use across your organization.
    The Application Catalog gives you a consolidated view of all Palo Alto Networks–provided applications. You can review application details, assess risk, and apply a Sanctioned, Tolerated, or Unsanctioned classification — or a custom tag — directly from the catalog. Strata Cloud Manager automatically propagates your classification or tag to all underlying App-IDs.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationApplication Catalog.
      The application catalog lists all Palo Alto Networks-provided applications. The total application count appears above the table.
    3. Review application details using the following columns:
      • Name: Normalized product name of the application.
      • App-ID Name: Underlying identifier used in security policy enforcement.
      • Classification: Governance status: Sanctioned, Tolerated, or Unsanctioned, or Unclassified.
      • Tags: Predefined system tags and any custom tags you've applied.
      • Category: Broad application grouping, such as SaaS or business-systems.
      • Subcategory: More specific grouping within the application's category.
      • Risk: Score from 1 (lowest) to 5 (highest), based on file sharing capability, misuse potential, and evasion behavior.
      • Application Type: Type of content the application handles.
      • Technology: How the application communicates over the network, such as browser-based or client-server.
      • Standard Ports: Default network ports the application uses.
      • Characteristics: Behavioral security attributes, such as Evasive, Excessive Bandwidth, or Vulnerability.
    4. (Optional) Use the Search bar to filter by category, subcategory, technology, risk, tags, or characteristics.
    5. (Optional) Click the > arrow next to a container to expand it and view its functional App-IDs. The number in parenthesis indicates how many functional App-IDs the container has.
    6. Select an application name to open the Application Details panel.
      The Application Details panel displays any applied tags as badges at the topc, followed by these sections:
      • General: Basic identification and classification details.
      • Security and Privacy: Attributes to help you assess whether the application meets your security policy rules.
      • Identity and Access Management: Authentication and access control capabilities.
      • Compliance: Whether the application meets key standards and regulatory requirements.
      • GenAI: Details specific to generative AI applications.
      • Additional: Supplementary metadata.
    7. (Optional) To classify or tag one or more applications, select their checkboxes and click Add/Edit Tag.
      The Edit Application Tags panel opens with two sections:
      • Edit Classification: Select one classification. Only one is active at a time; selecting a new one removes the previous.
        • Sanctioned: Explicitly approved for business use.
        • Tolerated: Permitted but not IT-managed; typically restricted to certain user groups.
        • Unsanctioned: Explicitly prohibited or blocked.
        • Unclassified: Removes any existing classification.
      • Edit Tags—Add or remove tags. When multiple applications are selected, choose to add new tags alongside existing ones or replace all existing tags. Predefined tags cannot be edited.
      Select the classification or tags to apply and click Save. The Classification and Tags columns update immediately. All functional App-IDs under the container inherit the assignment automatically.
    8. (Optional) To remove all tags from a classified application, select its checkbox and click Remove Tag.
    9. Push Config to push your configuration changes to your network.

    © 2026 Palo Alto Networks, Inc. All rights reserved.