Cloud app use

Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x

Related topics:

Application reporting

User Summary Report

Cloud App Summary

Use the data on the Cloud Apps tab to gain visibility into the use of cloud applications and the potential risks associated with their use. Data is provided for both on-site requests and, with the Forcepoint Web Security Hybrid Module, off-site requests.

Use the Filters to change the data that is displayed. If no filters are specifically selected, all data will display.

The Time period for the report.

Select Today, 2 days, 7 days (default), 14 days, 30 days, 60 days, or 90 days from the drop down.

If you are using Microsoft SQL Express, the maximum time period is 30 days.

The calculated "from date" is provided below the selection.

The App risk levels to be reported.

Check the box next to High, Medium, or Low to include data for applications that have been assigned the selected risk level.

The types of Requests for the report.

Select Blocked, Permitted, or both to report on a specific set of requests.

The type of User Access to include. (Available with the Forcepoint Web Security Hybrid Module.)

Select On-site to report on user requests that are managed in network or Off-site to report on requests made by roaming users. Select both to report on all requests, regardless of where they are managed.

Click Update to display a new report that uses your selected filters or to include more recent data in the report.

Data above the table shows:

The number of Cloud apps used

The number of Users accessing cloud apps

The total Traffic volume associated with cloud app usage.

The results that match your filter are included in a columnar table.

The linked pages (User Summary Report and Cloud App Summary) automatically use the Time period, Requests, and User access filters selected on the main Cloud Apps page.

Reviewing cloud app data

A View by option is provided to change the report contents. Select Cloud app to produce a report on use of the applications. Select Cloud app user to generate a report about users of cloud applications.

When Cloud app is selected, the following columns are included in the table:

Risk Level: an assessment of the level of threat (High, Medium, or Low) associated with each cloud application.

By default, the table is sorted by Risk Level, using the risk value assigned to each threat level. The values are 1, 2, and 3 for High, Medium, and Low, respectively.

Click the link provided in this column to open a window with information about the application and the associated risk.

Cloud App: the application name.

Click a link in this column to open a User Summary Report for the selected application.

Type: the type of application being accessed.

Users: the number of users who have accessed the application.

Requests: the total number of requests made to the application.

Bytes Sent: the total number of bytes sent by requests to the application.

Bytes Received: the total number of bytes received from the responses to requests for an application.

Last Accessed: the date and time the application was last accessed.

When the View by selection is Cloud app user, the following columns are included:

User: the user or IP address of the user accessing cloud applications.

Click a link in this column to open a summary of cloud application use by the user. See Cloud App Summary.

Apps: the total number of cloud applications accessed by the user.

Requests: the total number of requests made to cloud applications.

Bytes Sent: the total number of bytes sent by requests to cloud applications.

Bytes Received: the total number of bytes received from the responses to requests for the applications.

Last Accessed: the date and time a cloud application was last accessed by the user.

By default, the table is sorted on the last accessed date.

Using cloud app reports

Controls are provided with each table, including the User Summary Report and the Cloud App Summary.

Use the Find feature to restrict the information in the table.

Enter up to 50 characters (special characters are not supported) and click Search (or Enter on the Cloud App and Cloud App User reports) to filter on:

Cloud App: application name or type

Cloud App User: user information

User Summary Report: user information

Cloud App Summary: application name, application type, or risk level

Click Clear to remove your entry.

Hint text is provided to explain which columns the search will consider.

Click Export to CSV to generate a comma-separated table (maximum of 10,000 rows) of the data. The Time Period and Find values become part of the query used by the export, even if the filters were not used to update the table.

Exports include the app information provided by the Risk Level link.

When you export from a table, the name of the export file depends on which view you are using.

When viewing by cloud app, the file is called cloudapps.csv.

When viewing by cloud app user, the file is called cloudappusers.csv.

From the summary pages, the export file names are:

cloudapps_<app_name>.csv (User Summary)

cloudappusers_<user_name>.csv (Cloud App Summary).

The date and time of the export is appended to the file name.

The default time for the export to complete is 30 seconds. If the export times out, consider updating the filters to report on less data.

Use the paging options below the table to navigate to other report pages.

Use the arrows next to column headings to change the sort order of each report.

Click the icon in the upper right of each chart to expand it and display it on it's own page.

Click and drag the edge of table column headers to manually adjust the default column width.

Define delegated administrator access to cloud app reports on the Delegated Administration > Edit Roles page. Look for Access application reports under Reporting Permissions. This option gives administrators access to all tabs of the Application Reports page.

To support the ability to report on cloud applications, a Cloud Apps database is downloaded on a regular basis. The schedule defined for the Forcepoint URL Database download on the Settings > General > Database Download page is also used for the Cloud Apps database.