Analyzing Cloud applications in Discover Report

Clicking into a cloud application will take you to the App Details page giving you more detailed information and a deeper investigation into the application's usage. This page contains four primary tabs for discovering information.



  1. The top left corner shows the application name as well as the trust rating given by Forcepoint ONE SSE and the calculated cloud risk score based on weighted attributes. The clickable question mark will explain the cloud risk score is based from 0-10 and include a link to the page to adjust attribute weights.
  2. Following tabs allow you to view different information about the app:
    1. General Info: Main tab providing general information about the application.
    2. Domains: Shows all associated domains with the application and upload paths where users can upload in the application.
    3. Attributes: Lists out all of the attributes that Forcepoint ONE SSE tracks for the application.
    4. Activity: Shows all activity discovered by all sources to the application.
  3. Allows you to directly manage the application with Zscaler.
  4. This area will present you information based on the tab you have selected.

If the application is currently being protected by Zscaler or if the application is sanctioned, you will see the associated icon in the top-right corner of the page. If the application is controlled by Zscaler, you can click the expandable option to Remove from Zscaler. If the application is sanctioned, you can expand the options to Unsanction App.

Note: You cannot sanction or unsanction the application(s) that are already secured by Zscaler as these applications are implicitly sanctioned.


The Admin logs are generated whenever an application is protected or unprotected by Zscaler or if the application is sanctioned or unsanctioned.

General Info

This tab displays information such as a Description of the application, the Categories Forcepoint ONE SSE identifies the application with, Lookup links for additional manual research, a link to the application's Data Center Location, a link the apps Privacy Policy, and also a link to the apps Terms of Service.

On the General Info tab, Corp and tenant Admins can edit following fields:
  • Tags - Add application's metadata tag in Tags field and then click the Enter on the keyboard. These metadata tags are useful for searching the application in the Investigate page.
  • Comments - Add additional information or comments about the application. After entering the comments, click Save to save it.


The Admin logs are generated whenever Admin updates metadata tags and comments for an application.

Domains

The Domains tab displays all discovered domains and subdomains related to the application. Also, displays upload paths in the application where data can be uploaded by a user.



Attributes

Displays all attributes that Forcepoint ONE SSE will track. Will indicate with a green check mark if the application possesses the attribute, a yellow check mark for attributes that are possessed but self assessed, an opaque circle with a dash for attributes that cannot be validated, and a red x if they do not have the specified attribute.



Activity

The Activity tab provides a detailed breakdown of all of the activity within that application.



  1. The top summary section shows the total number of unique sources who have connected to the application, events, and total data transacted (both uploaded and downloaded).
  2. Sources: Shows the source IP or user name (if available and sent in the log) that had connected to the application
  3. Events: Total number of events or connections made by the source/user to the application
  4. Upload: Total amount of data that user/source uploaded to the application
  5. Download: Total amount of data that user/source downloaded from the application.

Sources

You can click on a source when viewing them listed on the Investigate page or on the Cloud Application page under the Discover tab to view a detailed breakdown of that individual's activity across all applications.



  1. Lists the IP address or the username (if sent in the logs) of individual you are investigating.
  2. A summary overview of all of their activity including total number of apps/destinations, events, and data transactions.
  3. Apps/New Domains: The application or domain that the user connected to.
  4. Events: Number of unique events (connections) made to the application or domain.
  5. Upload Data: Amount of data that was uploaded to the application/domain.
  6. Cloud Score: The trust rating of the application that they were accessing.