Using the App Catalog

This article discusses how to use the App Catalog to get more information about cloud-based and on-premise applications and services.

Overview of the App Catalog

The App Catalog contains general information, compliance, and security data for thousands of apps and services. You can use the catalog to learn more about an app and decide how to use the app in your organization. All the apps and services can be used in the policies and rulebases in the Cato Management Application. The following screenshot is an example of the Zoom app:


Getting Started with the App Catalog

The App Catalog has these columns:

  • Logo and Name of the app.

    Apps are labeled New for 30 days after they are added to the catalog. You can use the Status drop-down menu to filter the catalog to show only new apps.

  • A Description of the app

  • Cato Category that the app belongs to

  • Risk score for the app (Cato provides a risk score for each application between 0 (no risk) to 10 (very high risk). The risk score is calculated based on the analysis of millions of data flows.

  • Sanctioned - Shows if the app has been defined as a sanctioned app. For more about sanctioned vs. unsanctioned apps, see Working with the Cloud Apps Dashboard

  • App Type - Cloud, on-premise, or service

Understanding an App

Expand an app to show the following additional information and options:

  • Click Add to Sanctioned Apps to include the app in the Sanctioned Apps category for your organization's Application Control policy. You can also click RemoveApp.png to remove an app from the Sanctioned Apps category

  • General information about the app and the company that created it

  • Compliance shows which standards the app is compliant with and supports

  • Security shows the security features that the app supports

  • Activities shows the granular activities that are available for the app in Application Control rules. If there are fields that can be configured for an activity, they are listed under the activity. For example, the catalog shows that one of the activities you can add to a rule for Slack is ​Add Reaction​​, and that you can configure a specific ​Reaction name​ for the activity. For more about configuring Application Control rules, see Managing the Application Control Policy​​.

AppCatalog Slack Activities.png

Understanding a Service

Expand a service to show the following additional information:

  • General information about the service and protocols it uses

  • Standard Ports - The common ports used by the service

To show the App Catalog:

  • From the navigation menu, select Assets > App Catalog.

Understanding the Risk Score

Cato assigns each app a Risk Score between 0 (no risk) to 10 (very high risk) to help you evaluate if the app meets the requirements of your security policy. Cato uses an in-house artificial intelligence engine to analyze the relevant data and metrics and generate the Risk Score, including:

  • General, Compliance, and Security data (shown in the App Catalog)

  • Sentiment analysis (machine learning technique) based on recent news articles regarding the company

  • Information about relevant software vulnerabilities and breaches

  • Internal threat intelligence and domain related information from the Cato Research Labs

The Risk Score is divided into the following risk levels:

  • Low - apps with a Risk Score between 0 - 3

  • Medium - apps with a Risk Score between 4 - 6

  • High - apps with a Risk Score between 7 - 10

Was this article helpful?

0 out of 0 found this helpful


  • Comment author
    Yaakov Simon

    Odis Massey  Thanks for your comment. It is not possible to export the App Catalog.

  • Comment author
    Odis Massey

    Is there an export of the app catalog or a way to export it?

Add your comment