Monitor > PDF Reports > SaaS Application Usage
Use this page to create a report that summarizes the SaaS application activity on your network. This predefined report presents a comparison on the sanctioned versus unsanctioned SaaS application usage on your network and you can use this information to help steer your users toward sanctioned applications. You can then enforce granular context and application-based policies for SaaS applications that you want to allow or block on your network.
To accurately generate this report, you must tag the sanctioned applications on your network (See Actions Supported on Applications). The firewall and Panorama consider any application without this predefined tag as unsanctioned for use on the network. Is is important to know about the sanctioned applications and unsanctioned applications that are prevalent on your network because unsanctioned SaaS applications are a potential threat to information security; they are not approved for use on your network and can cause an exposure to threats and loss of private and sensitive data.
To configure the report, click Add and specify the following information.
SaaS Application Usage Report Setting Description
Name Enter a name to identify the report (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Time Period Select the time frame for the report from the drop-down: Last 7 days or Last 30 days.
Include detailed application category information in report The SaaS Application Usage PDF report is a two-part report. By default, both parts of the report are generated. The first part of the report (8 pages) focuses on the SaaS applications used on your network during the reporting period. Clear this option if you do not want the second part of the report that includes detailed information for SaaS and non-SaaS applications for each application subcategory listed in the first part of the report. This second part of the report includes the names of the top applications in each subcategory and information about users, files, bytes transferred, and threats generated from these applications. Without the detailed information, the report is eight-pages long.
Click Run Now to generate the report on demand.
To schedule the report, see Monitor > PDF Reports > Email Scheduler. On PA-200, PA-500, and PA-2000 Series firewalls, the SaaS Application Usage report is not sent as a PDF attachment in the email. Instead, the email includes a link you use to open the report in a web browser.
.
For generating an accurate and informative report, you need to tag the sanctioned applications consistently across firewalls with multiple virtual systems and device groups. If the same application is tagged as sanctioned in one virtual system and is not sanctioned in another or, on Panorama, if an application is unsanctioned in a parent device group but is tagged as sanctioned in a child device group (or vice versa), the SaaS Application Usage report will produce overlapping results. Example: If Box is sanctioned on vsys1 and Google Drive is sanctioned on vsys2, Google Drive users in vsys1 will be counted as users of an unsanctioned SaaS application and Box users in vsys2 will be counted as users of an unsanctioned SaaS application. The key finding in the report will highlight that a total of two unique SaaS applications are discovered on the network with two sanctioned applications and two unsanctioned applications.
For more information on the report, see Manage Reporting .

Related Documentation