Understanding App Analytics

This article discusses how to use the App Analytics page to drill down and analyze the network and application usage for your entire account, a specific site, or a specific user.

Overview of App Analytics

The ​App Analytics​​ page lets you view the application and network usage data for your entire account as well as for specific sites, users, and applications. The page contains a number of widgets that provide visibility for network and application usage. The page also lets you add items to the analytics filter to drill-down and focus on the relevant analytics and data in your account.

When you manually create a filter or add an item to the update filter, the data and analytics on the App Analytics page is automatically updated. The ​App Analytics​​ page is typically up-to-date within a 5 minutes time frame. However, it is possible that some data will be delayed up to 30 minutes.

You can choose to show the App Analytics page for the data in the entire account. You can also select a specific site or user, and show the data only for that site or user.

Note

Note: The App Analytics page includes data for blocked apps. This is because the PoP allows the client device trying to access the app to send multiple packets to the PoP, so it can identify the app and apply the block rule. This request and response traffic between the client device and PoP is included in App Analytics data. For more about how the Internet Firewall blocks traffic, see Internet and WAN Firewall Policies – Best Practices

Getting Started with App Analytics

The App Analytics page shows the total network usage over the time range. There are widgets that show analytics for users, applications, and sites according to their geographical location. The analytics table at the bottom half of the page shows the data for the top items according to the current filter.

ApplicationAnalytics_callouts.png

Item

Name

Description

1

Events filter bar

Shows the filters that are applied to the events. Click Add2.png (Add) to manually configure the settings for a filter.

2

Time range

Select the time range for the events that are shown in the page.

The maximum date range for the App Analytics page is 90 days. For more about using the Time range, see Setting the Time Range Filter.

3

Network usage timeline

Timeline that shows the total upstream and downstream network usage over the time range.

Hover over a bar to show the exact usage for that time bucket.

4

Top Users

Top users based on total network usage.

5

Top Applications

Top applications based on total bandwidth used and shows the percentage of total bandwidth for each application.

6

Top Sites

Map of the top sites based on selected filters. When there are no filters, all the sites for the account are shown.

Hover over a site to show name, location and, total bandwidth usage for the site.

7

Analytics type tabs

Each tab shows the analytics and data for that entity in your network: sites, categories, applications, users, or domains.

8

Analytics data table

Shows the data for the that Analytics type , and you can expand the row to drilldown and see analytics in a sortable table.

Using the Analytics Data Table

The Analytics data table shows usage data for these entities in your account:

  • Sites

  • Applications

  • Categories

  • Users

  • Destinations

Once you select a tab, you can click plus.png to expand the row and see more data for that item. The data shown in the expanded areas is based on the current filter for the page. You can click on the columns to sort the data in ascending or descending order.

By combining inline filters or creating specific filters in the filter bar, you can investigate anomalies you see on the timeline or drill-down to understand specific instances. For example, you can easily investigate the cause for a spike in upstream bandwidth.

The following table explains the data that is shown in each tab. The Available for column shows which tabs are available for the entire account, specific sites or users (see below Accessing the Applications Analytics Page).

Name

Description

Available for

Sites

Shows all the sites that match the current filter. The default view with no filter shows all sites in the account.

Expand a site to show the analytics for all the users behind the site.

There is a separate row for Remote Users, who are connecting with the Cato Client and aren't behind a site.

Account

Applications

Shows all the applications that match the current filter. The default view with no filter shows all applications used during the time range.

Cato provides a risk score for each application between 0 (no risk) to 10 (very high risk). The risk score is calculated based on the analysis of millions of data flows. A high risk score (typically 7 or 8) indicates that Cato detected high levels of vulnerabilities for this application.

Expand an application to show the analytics and usage data for each user.

Note: Custom apps don't show a risk score.

Account, sites, users

Categories

Shows all the categories (as defined in Assets > Categories) that match the current filter. The default view with no filter shows all the categories used during the time range.

Expand a category to show the each application in the category that was used during the time range. It also shows the total usage data for the application.

Tip: To drill-down for an application in the category, hover over the application and click filter_icon.png. The application is added to the filter, and you can select a different tab for more granular data.

Account, sites, users

Users

Shows all the users that match the current filter. The default view with no filter shows all users that are connected to your account during the time range.

Expand a user to show the app analytic and usage data for that user.

Account, sites

Destinations

Shows all the destination apps according to their top level domains (TLDs) that match the current filter. The default view with no filter shows all the app domains that were accessed during the time range.

The Destinations tab can also help you identify private apps and configure them as custom apps to include in policies. For more about private apps, see Working with Private Applications on the App Analytics Page

Account, sites, users

Filtering the App Analytics Page

There are two ways to filter the data in the App Analytics page: automatically update the filter with the selected item, or manually configure the filter.

Automatically Filtering for an Item

As you hover over an item or field where a filter option is available, the filter_icon.png button appears, click the icon to add the item to the filter. The App Analytics page now only shows data that includes this item. For example, if you filter for the Zoom application, the page only shows analytics and data that are related to using the Zoom application. No other application data is available until you change or clear the filter.

You can continue to add items to the filter, click filter_icon.png again to update the filter and drill-down further.

Manually Configuring the Filter

You can manually configure the event filter for greater granularity to analyze the application usage. After you configure the filter, it is added to the filter bar and the page is automatically updated to show the analytics and data that match the new filter.

createfilter2.png

To create a filter:

  1. In the filter bar, click Add2.png.

  2. Start typing or select the Field (for example: Site Name or Risk Level).

  3. Select the Operator, which determines the relationship between the Field and the Value you are searching for.

  4. Select the Value.

  5. Click Add Filter.

    The filter is added to the filter bar and the App Analytics page is updated to show results based on the filters.

Clearing the Filter

You can remove each item in the filter separately, or clear the entire filter.

ClearFilter.png

To clear the filters for the App Analytics:

  1. To clear a single filter, click remove.png next to the filter (item 1 above).

  2. To clear all the filters, click X at the right end of the filter bar (item 2 above).

Accessing the App Analytics Page

The App Analytics page is available at the account, site and, user levels. To show the page for a specific site or user, select it and then open the App Analytics page from the navigation menu.

Accessing Account-level App Analytics

To access account-level analytics:

  • From the navigation menu, click Monitoring > App Analytics. The App Analytics page for the account is displayed.

Accessing Site-level App Analytics

The App Analytics page shows the data for the specific site. You can't edit the filter to show data for a different site.

To access site-level analytics:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Monitoring > App Analytics.

    The App Analytics page for the selected site is displayed.

Accessing User-level App Analytics

The App Analytics page shows the data for the specific user. You can't edit the filter to show data for a different user.

To access user-level analytics:

  1. From the navigation menu, click Access > Users and select a user.

  2. From the navigation menu, click User Monitoring > App Analytics.

    The App Analytics page for the selected user is displayed.

Comparing App Analytics and Network Analytics

The analytics and metrics for the App Analytics page and the pages for network analytics (such as Monitoring > Sites Overview) can have a small discrepancy because the data is calculated differently.

  • For network analytics data (including the account Metrics API query):

    • Upstream and downstream bytes are counted for encapsulated packets (including DTLS headers overhead)

    • Upstream and downstream data for all flows related to the given tunnel are aggregated together

  • For the App Analytics data:

    • Upstream and downstream bytes are counted for non-encapsulated packets (before DTLS encapsulation).

    • Upstream and downstream data is displayed per application

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment