PDF Report for Visibility into SaaS Applications
To maintain network security and ensure compliance with corporate policy, you must identify and monitor the use of SaaS applications on your network. To meet this challenge, the firewall includes a new SaaS Application Usage report in PDF format to give you visibility into the SaaS applications that users on your network are accessing. You can generate this report on demand or you can schedule it to run on a daily, weekly, or monthly cadence and then use the findings in this report to consolidate the list of business-critical and approved SaaS applications and to enforce policies for controlling unsanctioned applications that pose an unnecessary risk for malware propagation and data leaks.
Configure and Schedule the SaaS Application Usage Report
Tag applications that you approve for use on your network as Sanctioned. The accuracy of the report depends on whether you have tagged an application as Sanctioned. You can tag both SaaS and non-SaaS applications as Sanctioned; the detailed browsing section of the SaaS Application Usage report displays whether the application is SaaS and whether it is sanctioned. Select Object > Applications. Click the application Name to edit an application and select Edit in the Tag section. Select Sanctioned from the Tags drop-down. You must use the predefined Sanctioned tag (with the azure colored background). If you use any other tag to indicate that you sanctioned an application, the firewall will fail to recognize the tag and the report will be inaccurate.
Click OK and Close to exit all open dialogs.
Configure the SaaS Application Usage report. Select Monitor > PDF Reports > SaaS Application Usage. Add a Name and select a Time Period for the report (default is Last 7 Days). By default, the report includes detailed information on the top SaaS and non-SaaS application subcategories, which can result in a report with a large page count and file size. Disable the Include detailed application category information in report option as needed to reduce the file size and restrict the page count to eight pages.
Run Now to generate the report on demand. Make sure pop-up blocker is disabled on your browser because the report opens in a new tab. Panorama running PAN-OS 7.1 can generate the SaaS Application Usage report for managed firewalls running PAN-OS 6.1 and later releases except for PA-7000 Series firewalls. Because logs are stored locally on PA-7000 Series firewalls and are not forwarded to Panorama, these firewalls must be running PAN-OS 7.1 to include information on SaaS application usage. Click OK to save your changes.
Schedule the report for email delivery. On the PA-200, PA-500, and PA-2000 Series firewalls, the SaaS Application Usage report is not sent as a PDF attachment in the email. Instead, the email includes a link you use to open the report in a web browser.
Use the informative PDF report to learn about SaaS application usage on your network.

Related Documentation