This article describes how to generate a Cato Application Analytics report that highlights data related to application usage and traffic data for your account.
Cato provides a Predefined Report template that summarizes application usage and traffic in your account. Create the template for the Scheduled or One-Time report with the sites and SDP users that are included in the report over the defined time range. By default, the Predefined Report template for the Application Analytics report shows traffic and data for all sites and SDP users for the past week.
For more about working with Predefined Reports, see Cato Reports.
Create a new Scheduled report, and define the Filters for the items included in the report. Then define the Report Schedule which defines how often the report is generated - daily, weekly, or monthly. Generated reports are stored in the Cato Cloud, and they can be automatically emailed or downloaded. The Report Schedule also defines the time range that is covered by each report. The time range starts on 00:00 UTC (inclusive) at the start of each period, and ends on 00:00 UTC (non-inclusive) at the end of the period.
You can select the Mailing List of email addresses for the recipients, the list can include Cato Management Application admins and external users.
For more information about Mailing Lists, see Working with Mailing Lists.
To create a scheduled Application Analytics report:
-
From the navigation pane, select Monitoring > Reports.
-
From the Predefined Reports tab, click New > Scheduled report. The Scheduled Report panel opens.
-
Enter the Report Name for the Predefined Report.
-
In Type, select Application Analytics.
-
(Optional) In Filters, select specific sites or users for the Predefined Report.
By default, the Predefined Report includes all sites and users.
To include multiple sites or users in the report, use the IN operator.
-
In Report Schedule, configure these settings:
-
Select the Frequency that the report is automatically sent: Daily, Weekly, or Monthly.
-
For Weekly and Monthly Scheduled reports, in Every select the day that the report is sent.
-
-
In Subscriptions, select the Mailing List that receives the report.
You can click New to create a new mailing list.
-
Click Save. The report template is added to the Predefined Reports tab.
A new Scheduled report is generated based on the Report Schedule settings. For example, a weekly report configured for Monday, is generated every Monday. You can also choose to manually generate a Predefined Report, and the generated report uses the same time range based on the current day. If an admin manually generates a weekly report on a Tuesday, the time range for the report is the previous 7 days starting from that Tuesday, regardless of the starting day of the Scheduled report.
Create a new One-time report template, and define the Filters for the items included in the report. Then define the Time Range that the report covers.
To create a One-Time Application Analytics report:
-
From the navigation pane, select Monitoring > Reports.
-
From the Predefined Reports tab, click New > One-time report. The One-time report panel opens.
-
Enter the Report Name for the Predefined Report.
-
In Type, select Application Analytics.
-
(Optional) In Filters, select specific sites or users for the Predefined Report.
By default, the Predefined Report includes all sites and users.
To include multiple sites or users in the report, use the IN operator.
-
Select the Time Range of the report.
For a Custom range, select the start date (From) and the end date (To) for the Predefined Report.
-
Click Save. The report template is added to the Predefined Reports tab.
You can also click Save & Generate, and then the report is generated and you can download it from the Generated Reports tab.
For more about generating reports, see Cato Reports.
For sections in the report that show the top applications, they include up to the top 12 items for that section.
These are the sections in the Security report:
-
Application Traffic Summary
-
Application Traffic: Timeline that shows the total upstream and downstream traffic for all apps over the time range
-
Total Traffic by Direction: Chart showing volume and percentage of upstream and downstream traffic
-
Total Traffic by Application Type: Chart showing volume and percentage of Cloud/SaaS apps vs. On Premise apps
-
-
Applications by Traffic
-
Top Applications by Downstream Traffic: Top apps according to downstream traffic with the total traffic per app
-
Top Applications by Upstream Traffic: Top apps according to upstream traffic with the total traffic per app
-
Top Applications Downstream Traffic : Graph showing the daily downstream traffic of the top three apps
-
Top Applications Upstream Traffic: Graph showing the daily upstream traffic of the top three apps
-
-
-
Top Traffic Categories: Top categories according to total traffic
-
Top Applications by Users: Top apps according to total number of users accessing the app
-
Top Traffic Destination Domains: Top domains that are the destination of app traffic according to total traffic
-
Top Applications by Sites: Top apps according to total number of sites accessing the apps
-
-
-
Applications by Risk: Chart showing count and percentage of high, medium, and low risk apps used
Cato's risk level is calculated based on the analysis of millions of data flows. For more about the risk levels, see Using the App Catalog
-
Traffic by Risk: Chart showing traffic volume and percentage of traffic for high, medium, and low risk apps
-
Sanctioned vs. Unsanctioned Applications: Chart showing count and percentage of sanctioned and unsanctioned apps used
For more about working with sanctioned and unsanctioned apps, see Working with the Cloud Apps Dashboard
-
Sanctioned vs. Unsanctioned Application Traffic: Chart showing traffic volume and percentage of traffic for sanctioned and unsanctioned apps
-
-
Applications Traffic Details - The table shows the following details for up to 100 top apps according to the total traffic volume:
-
Application: Name of the app
-
Risk: Cato's risk level for the app (high, medium, or low)
-
Cloud App: Boolean value showing if this app is a cloud/SaaS app (1=cloud app, 0=on prem app)
-
Sanctioned: Boolean value showing if this app is a sanctioned app (1=sanctioned app, 0=unsanctioned app)
-
Users/Hosts: Number of users and hosts that accessed the app
-
Downstream: Total downstream traffic for the app
-
Upstream: Total upstream traffic for the app
-
Total Traffic: Total downstream and upstream traffic for the app
-
0 comments
Please sign in to leave a comment.