View the App Discovery Report
Monitor the cloud apps in use by your organization with the App Discovery report. To effectively reduce the risk introduced by apps, monitor app use and look for a reduction over time in the number of DNS requests made by apps with high and very high-risk assessments.
Prerequisites
- A minimum user role of Read-Only. For more information, see Manage Accounts.
View the App Discovery Report
- Navigate to Monitor > Reports > App Discovery.
- View the discovered apps in your environment.
- Unreviewed—The app has not yet been assigned any label.
- Under Audit—The app is currently being reviewed.
- Not Approved—The app should not be approved for use in your environment.
- Approved—The app may be used in your environment.
Note: Once you relabel an Unreviewed app, you cannot change the app label back to Unreviewed. Use the Under Audit label for apps that still need review.
Note: Labels do not automatically block apps from use. You must configure a rule to block specific apps or apps with specific labels. For more information, see Control Apps.
- View the flagged categories.
Cisco's Cloud Security researchers categorize apps according to function, source, and other factors. The categories of most interest (and most risk) are:- Anonymizers—Services that provide an anonymous proxy tool that attempts to make activity on the Internet untraceable. Apps in this category can introduce data exfiltration risks.
- Cloud Storage—Applications that offer massively scalable storage capacity that can be used for applications and file storage. Apps in this category can also be used for data exfiltration.
- Collaboration—Apps that may store sensitive data in unreliable services or unsecured environments.
- Games—Online and mobile games. While games are not notable for data exfiltration risks, some can be used as attractive ways to introduce malware.
- Media—Apps that can contribute to productivity loss and are frequently managed as unwanted bandwidth consumers.
- P2P—Peer to Peer torrents like apps and protocols. These apps can be used for data exfiltration.
- Social Networking—Can be used to transmit sensitive data as well as contribute to productivity loss.
For a complete list of application categories, see Application Categories.
- View the flagged application protocols.
These protocols are flagged based on the protocol used by the application.
Note: Dismissing a flagged app card hides it from the overview. It does not label or block the app.
- View DNS requests and traffic by App Risk.
The graph shows the total number of DNS requests for apps discovered in the past 30 days. Secure Access assigns a risk score to apps based on several factors. The DNS requests made by a high-risk app can be considered more problematic than the same number of requests made by an app with a lower risk score.
a. Filter the graph by label and risk.
b. Select Web and review Traffic (bytes in and out) by App Risk for the last 30 days.
c. View All Traffic, Outbound Traffic or Inbound Traffic.
- View apps by category and risk.
Click a bar on the chart to view apps in that category in the App Grid.
a. Filter by label and risk.
App Discovery Report < View the App Discovery Report > View the Highest Risk Report
Updated 4 months ago