The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

App Discovery Report

Monitor the cloud apps in use in your environment with the App Discovery report. To effectively reduce the risk introduced by apps, a good approach is to look for a reduction over time in the number of DNS requests made by apps with high and very high-risk assessments. You can monitor this with the App Discovery report.

Many apps can be blocked by your policy when risk levels are unacceptable and/or an app category is inappropriate for your organization. For more information, see Block Apps.

To open the App Discovery report, navigate to Reporting > Additional Reports > App Discovery.

New Data

App Discovery data is aggregated and processed once a day so it may take up to 24 hours for new data to populate in the report. Logging of traffic is required for App Discovery to function.

Overview

The Umbrella Overview page includes three data charts that summarize the last 90 days of discovered apps in your environment. Like the other graphics in the main Umbrella Overview page, the purpose to provide key information about app risk. The first chart shows the number of discovered cloud apps, risky apps, and apps that are controlled or Blocked in the environment. The middle chart shows the top four flagged app categories and the last chart shows the top four flagged apps for high risk.

In App Discovery, the overview displays information about apps being used in your environment, beginning with the number of apps discovered in your environment, sorted by label. There are four labels:

  • Unreviewed—The app has not yet been assigned any label.
  • Under Audit—The app is currently being reviewed.
  • Not Approved—The app should not be approved for use in your environment.
  • Approved—The app may be used in your environment.

Once an app has been given a label, it cannot be set back to Unreviewed. You can use the Under Audit label for apps that still need review.

Labels do not affect policy settings

When you set an app to Not Approved, it is not automatically blocked from use. Labels within the App Discovery report are used to help review apps in your environment.

You must configure application settings within a policy to block apps. See Block Apps for more information.

Flagged Categories

These cards show information about apps in the most sensitive categories. Cisco's Cloud Security researchers categorize apps according to function, source, and other factors. The categories of most interest (and most risk) are:

  • Anonymizers—Services that provide an anonymous proxy tool that attempts to make activity on the Internet untraceable. Apps in this category can introduce data exfiltration risks.
  • Cloud Storage—Applications that offer massively scalable storage capacity that can be used for applications, and file storage. Apps in this category can also be used for data exfiltration.
  • Games—Online and mobile games. While games are not notable for data exfiltration risks, some can be used as attractive ways to introduce malware.
  • P2P—Peer to Peer torrents like apps and protocols. These apps can be used for data exfiltration.

Up to three cards can be shown at once.

For a complete list of application categories, see Manage Application Categories.

Flagged Apps

These cards present apps that have been flagged based on their risk group. Risk groups differ from the regular set of application categories.

Dismissing a flagged app card hides it from the overview. It does not label or block the app.

DNS Requests by App Risk

This chart shows the total number of DNS requests of apps discovered in the past 30 days. Umbrella assigns a risk score to apps, based on a number of factors. The DNS requests made by a high-risk app can be considered more problematic than the same number of requests made by an app with a lower risk score.

The chart can be filtered by label and risk.

Apps by Category and Risk

This chart presents the top 10 categories of discovered apps, sorted by risk. The chart can be filtered by label and risk. Clicking a bar on the chart opens the App Grid for apps in the selected category.

App Discovery Report


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.