The App Details provides information about the app, its risk and its use in the environment. The page is comprised of summary details, events, user and access scopes. The App Details also provides three actions for the app:
The lefthand panel provides the Classification and various risk scores (CTR, Access Scopes Risk, Cisco Cloudlock Risk Score) of the app. For more information on how these scores are calculated, see Risk Scores.
The righthand panel covers information about the app including when it was detected, which platform it is installed by (Google or Azure), the App ID provided by the vendor, and how many users have the app currently installed.
The Events tab is a list of activities performed regarding the app such as classifications or revocations. The chart lists the event, description of the event, which user performed the activity and the date and time the activity took place. The chart can also be filtered by event type, detection date, and event creator.
Possible Events include:
- App Access Authorization
- Manual App Revoke
- External App Revoke
- Automatic App Revoke
- Manual App Classification
- Automatic App Classification
- Access Scope Update
- Automatic Blacklisting (Blocklisting)
- Unmonitored User
The Users tab provides a list of users who have currently or previously installed the app. The user name, email, and domain are provided as well as an OU or Group the user belongs to. The panel also displays the date and time the app was installed and if it is currently installed in the environment.
Clicking on an individual user will expose a list of apps installed by that user. This panel provides a list of apps the user has currently or previously installed, the classification and access scopes of the app, as well as the CTR and detection date.
The Access Scopes tab displays the scope categories, individual scopes, Permission IDs (provided by the vendor), and the descriptions of the scopes for the app. For more details see Access Scopes.