This article discusses how to use the Applications Analytics screen to drill down and analyze the network and application usage for your entire account, a specific site, or a specific user.
The Applications Analytics screen lets you view the application and network usage data for your entire account as well as for specific sites, users, and applications. The screen contains a number of widgets that provide visibility for network and application usage. The screen also lets you add items to the analytics filter to drill-down and focus on the relevant analytics and data in your account.
When you manually create a filter or add an item to the update filter, the data and analytics on the Applications Analytics screen is automatically updated.
You can choose to show the Application Analytics screen for the data in the entire account. You can also select a specific site or user, and show the data only for that site or user.
Note
Note: The Application Analytics screen includes data for blocked apps. This is because the PoP allows the client device trying to access the app to send multiple packets to the PoP, so it can identify the app and apply the block rule. This request and response traffic between the client device and PoP is included in Application Analytics data. For more about how the Internet Firewall blocks traffic, see Internet and WAN Firewall Policies – Best Practices
The Application Analytics screen shows the total network usage over the time range. There are widgets that show analytics for users, applications, and sites according to their geographical location. The analytics table at the bottom half of the screen shows the data for the top items according to the current filter.

Item |
Name |
Description |
---|---|---|
1 |
Events filter bar |
Shows the filters that are applied to the events. Click |
2 |
Select the time range for the events that are shown in the screen. The maximum date range for the Applications Analytics screen is 90 days. For more about using the Time range, see Setting the Time Range Filter. |
|
3 |
Network usage timeline |
Timeline that shows the total upstream and downstream network usage over the time range. Hover over a bar to show the exact usage for that time bucket. |
4 |
Top Users |
Top users based on total network usage. |
5 |
Top Applications |
Top applications based on total bandwidth used and shows the percentage of total bandwidth for each application. |
6 |
Top Sites |
Map of the top sites based on selected filters. When there are no filters, all the sites for the account are shown. Hover over a site to show name, location and, total bandwidth usage for the site. |
7 |
Analytics type tabs |
Each tab shows the analytics and data for that entity in your network: sites, categories, applications, users, or domains. |
8 |
Analytics data table |
Shows the data for the that Analytics type , and you can expand the row to drilldown and see analytics in a sortable table. |
The Analytics data table shows usage data for these entities in your account:
-
Sites
-
Applications
-
Categories
-
Users
-
Destinations
Once you select a tab, you can click to expand the row and see more data for that item. The data shown in the expanded areas is based on the current filter for the screen. You can click on the columns to sort the data in ascending or descending order.
By combining inline filters or creating specific filters in the filter bar, you can investigate anomalies you see on the timeline or drill-down to understand specific instances. For example, you can easily investigate the cause for a spike in upstream bandwidth.
The following table explains the data that is shown in each tab. The Available for column shows which tabs are available for the entire account, specific sites or users (see below Accessing the Applications Analytics Screen).
Name |
Description |
Available for |
---|---|---|
Sites |
Shows all the sites that match the current filter. The default view with no filter shows all sites in the account. Expand a site to show the analytics for all the users behind the site. There is a separate row for Remote Users, who are connecting with the Cato Client and aren't behind a site. |
Account |
Applications |
Shows all the applications that match the current filter. The default view with no filter shows all applications used during the time range. Cato provides a risk score for each application between 0 (no risk) to 10 (very high risk). The risk score is calculated based on the analysis of millions of data flows. A high risk score (typically 7 or 8) indicates that Cato detected high levels of vulnerabilities for this application. Expand an application to show the analytics and usage data for each user. Note: Custom apps don't show a risk score. |
Account, sites, users |
Categories |
Shows all the categories (as defined in Assets > Categories) that match the current filter. The default view with no filter shows all the categories used during the time range. Expand a category to show the each application in the category that was used during the time range. It also shows the total usage data for the application. Tip: To drill-down for an application in the category, hover over the application and click |
Account, sites, users |
Users |
Shows all the users that match the current filter. The default view with no filter shows all users that are connected to your account during the time range. Expand a user to show the applications analytic and usage data for that user. |
Account, sites |
Destinations |
Shows all the destination apps according to their top level domains (TLDs) that match the current filter. The default view with no filter shows all the app domains that were accessed during the time range. |
Account, sites, users |
There are two ways to filter the data in the Application Analytics screen: automatically update the filter with the selected item, or manually configure the filter.
As you hover over an item or field where a filter option is available, the button appears, click the icon to add the item to the filter. The Application Analytics screen now only shows data that includes this item. For example, if you filter for the Zoom application, the screen only shows analytics and data that are related to using the Zoom application. No other application data is available until you change or clear the filter.
You can continue to add items to the filter, click again to update the filter and drill-down further.
You can manually configure the event filter for greater granularity to analyze the application usage. After you configure the filter, it is added to the filter bar and the screen is automatically updated to show the analytics and data that match the new filter.

To create a filter:
-
In the filter bar, click
.
-
Start typing or select the Field (for example: Site Name or Risk Level).
-
Select the Operator, which determines the relationship between the Field and the Value you are searching for.
-
Select the Value.
-
Click Add Filter.
The filter is added to the filter bar and the Applications Analytics screen is updated to show results based on the filters.
You can remove each item in the filter separately, or clear the entire filter.

The Application Analytics screen is available at the account, site and, user levels. To show the screen for a specific site or user, select it and then open the Application Analytics screen from the navigation menu.
The Applications Analytics screen shows the data for the specific site. You can't edit the filter to show data for a different site.
The Applications Analytics screen shows the data for the specific user. You can't edit the filter to show data for a different user.
To access user-level analytics:
-
From the navigation menu, click Access > Users and select a user.
-
From the navigation menu, click User Monitoring > Applications Analytics.
The Applications Analytics screen for the selected user is displayed.
Comparing Application Analytics and Network Analytics
The analytics and metrics for the Application Analytics screen and the screens for network analytics (such as Monitoring > Sites Overview) can have a small discrepancy because the data is calculated differently.
-
For network analytics data (including the account Metrics API query):
-
Upstream and downstream bytes are counted for encapsulated packets (including DTLS headers overhead)
-
Upstream and downstream data for all flows related to the given tunnel are aggregated together
-
-
For the Application Analytics data:
-
Upstream and downstream bytes are counted for non-encapsulated packets (before DTLS encapsulation).
-
Upstream and downstream data is displayed per application
-
Comments
0 comments
Please sign in to leave a comment.