The deployment-mssp Developer Hub

Welcome to the deployment-mssp developer hub. You'll find comprehensive guides and documentation to help you start working with deployment-mssp as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Cloud Services Report

The Cloud Services report gives you insight into the cloud-based applications that your customers are using so that you can look to mitigate, restrict, or supplement their usage.

  1. Navigate to Centralized Reports > Cloud Services.

The Cloud Services report gives you insight into the cloud-based applications that your customers are using so that you can look to mitigate, restrict, or supplement their usage. This information can be used in several ways:

  • Find out if there are users with a software need for which there isn't a formal tool. For instance, if your users are using an online storage system instead of the file server, this could be in order to boost their productivity rather than bypass security.
  • Find cloud services that are being used to bypass the traditional safeguards you have in place for data loss prevention. Knowing that it's being used can assist in better securing your work environment from the loss of personally identifiable data or confidential company information.
  • Identifying cloud service usage and shadow IT with your customers can also lead to possible opportunities to sell additional SaaS solutions to these customers.

The Cloud Services summary includes the number of Cloud Services seen over the specified time period. This summary includes the number of new cloud services for that time period.

  • Cloud Services —The number of individual discrete cloud services observed being accessed by identities within your organization over the time period set in the filter.
  • Never Before Seen—The number of cloud services—seen over the time period set in the filter—that are new to your organization's usage.

Searching

The Cloud Services report includes an Advanced Filter, which allows you to specify the Find or Filter options from drop-down lists.

How does the Cloud Service report work?

The Cloud Services report takes DNS information about your customer's user behaviour when accessing services in the cloud and matches it to known domains for these services. Because of Umbrella's “any device, anywhere, anytime” approach, Umbrella is able to let you know about cloud services that your customers are using even when they're not on the network. Umbrella discovers all cloud services in use, including email, file sharing, SaaS, IaaS, and PaaS services and reports on their use.

Data from your Umbrella dashboard, including existing settings for identities you've already provisioned, is checked and matched against the DNS traffic from your organization to specific cloud services to let you know more about how your users are using cloud services. The report includes trends for any new services being adopted, including dates when they were first used and last seen.

How are cloud services determined?

These days, nearly everyone uses online storage, web-based email, collaboration tools, educational sites or social media in their personal and professional lives. For this report, a 'cloud service' is any of the hundreds of SaaS, IaaS, PaaS or other "cloud" computing services available today. In fact, Umbrella itself is a cloud service and is listed as one in the report.

We've compiled a list of thousands of cloud services ranging from very small companies to software giants. If a domain that’s been visited by someone in your organization matches a domain we've identified as part of a cloud service, there’s a match for that cloud service in the report. The cloud services report provides details on which URL each cloud service consists.

Ensuring request logging is enabled

In order for the report to generate data, logging of content requests must be enabled in your customer's policies—it's enabled by default. However, if you have disabled logging, you will need to re-enable it in order for the Cloud Services report to have data to display.

In the customer's organization, under Policies, check Step 4 of the policy builder (Set Policy Details). The Request Logging drop-down list must be set to "Logging enabled" and NOT have "Content logging disabled" or "Logging Disabled." Logging is required for the requests for these cloud services because they are not security events (for example, malware), but content related DNS queries.

It’s also important that the policy with logging enabled is in the proper order for policy hierarchy so that it can collect events from all relevant identities. For more information, see our Umbrella documentation.

List of cloud services

The Cloud Services report then lists all of the cloud services that your customers have seen in their environments. This isn't the total list of all cloud services that Umbrella could list, just the ones that have been seen in the time frame specified in the report. By default, the report is sorted with the cloud service with the highest number of requests at the top, but each column is sortable, so you can pinpoint features that are of importance.

  • Name—The name of the cloud service itself. For more information regarding what this service is, select the service and click it.
  • Classification—Classifications describe what the service is typically used for. Each service has one or more classifications. For a complete list of cloud service classifications, click Filter by Classification in the lower left.
  • Customers—The number of customers using this service.
  • Identities—The number of identities within your organization accessing this cloud service.
  • Trend—The increase or decrease in the number of identities requesting this cloud service over the time period selected.
  • Requests—The total number of requests for this cloud service from your organization over the time period selected.
  • Blocked—Percentage of your requests for a service that were blocked over the time period selected.
  • First Seen—The date at which this service was first seen being used by identities within your organization.
  • Last Seen—The date that the most recent request for a service was made.

Service Detail

You can drill down into each cloud service to show a report of the use of individual services by your customers. Simply click the name of the Cloud Service in the report. In this example, we've selected Tumblr.

Clicking through brings you to the Service Details for this service.

The details for each service are:

  • Website—The website is for the company that provides the cloud service. In this case, the name of the cloud service and the company name are the same but that is not always the case.
  • Cloud Service Domains—This is the list of URLs that Umbrella has matched against to determine if the cloud service is in use. Often a cloud service will only have one cloud service domain. However, if a service has more than one, if a user visits any one of the cloud service domains listed, it's considered a match. In the example of Twitter, there's only one domain that matches this service. However, if there were more than four or five domains, clicking the (+) plus symbol will show the rest.
  • Classifications—The types or classifications of the service is shown. In this example, there is only one, but a cloud service can belong to multiple classifications.
  • Description—A brief description of the cloud service gives perspective on what this cloud service is and what potential IT services it provides for the users using the service.

Below the details for the Service, statistics specific to the total number of customers and identities help you to get a good sense of trend over time for this service and are most helpful when comparing two time periods.

  • Total Customers—The total number of customers that have used this cloud service in the date range specified.
  • Total Identity Count—The total number of identities from all of the customers that have used this cloud service in the date range specified.
  • Total Requests—The total number of requests to this cloud service. Requests by individual identity can be broken down within the customer's own dashboard. Includes the percentage of these requests allowed or blocked by your customer's configurations.

Lastly, when you click the name of the customer, you are taken directly to their Umbrella dashboard and into the cloud services report for their org. The report will be pre-filtered for the cloud service you had drilled through on earlier, so you can then see the exact identities within each customer environment and what they're using.


Security Summary Report < Cloud Services Report > Configure Centralized Settings

Cloud Services Report


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.