Viewing Discovered Applications and Understanding the Results

View and process information on discovered applications.

Users utilize IaaS, PaaS, or SaaS applications. Oracle CASB Cloud Service - Discovery examines these applications to determine their risk profile and customer's exposure.

The results of the analysis of IaaS, PaaS, and SaaS applications are displayed in a grid view in the Discovery page. The specific applications accessed varies among customers, so the details of the discovered applications will vary. The grid offers a consistent view. Oracle CASB Cloud Service console users can view the following:

  1. Select Discovery from the Navigation menu.

  2. If you see Key Security Indicators and App Discovery tabs below the Discovery: App Discovery heading, click the App Discovery tab.

    These two tabs appear only when key security indicators (KSIs) are enabled for Oracle CASB Cloud Service - Discovery. This feature must be enabled in addition to enabling the basic Oracle CASB Cloud Service - Discovery functionality. To enable KSIs for App Discovery, contact Oracle Support (http://support.oracle.com).  If you have not registered yet, you will need your Customer Support Identifier (CSI) in order to register to submit service request tickets.  As an alternative, you can also contact your Oracle CASB Customer Success Manager.

  3. Set the month slider to the month for which you want data to be displayed.

    Data is available for the past 3 months. The date and time of the last log data ingestion is displayed to the right of the month slider.

  4. To display a different set of data for the month:

    • To search for applications, click the Search icon Image of the Search icon and start entering the application name.

      As you type, the applications list is filtered to show only those application names that contain a text string that matches what you entered.

    • To filter the application rows, click the Filter icon Image of Filter icon to the right of the headers for the application rows.

      Then, in the panel of filtering options that's displayed:

      • To filter applications by source, under Source select either Perimeter (source is log files), or a listed application. If you select a listed application, then you may also be able to select a specific instance of that application.

      • To filter applications by category, select one or more options under Category. Applications matching any category are displayed.

      • To filter applications by a user, start entering the user name under Users, and then select the best match that appears as you type.

      • To filter applications by tags, select one or more tag values under Tags. Applications matching any one tag will be displayed.

      • To save the current filter settings, click Set as Default on the right side. These filter settings will then be automatically set next time you open the App Discovery tab.

    • To get back the entire list of discovered applications:

      • In the filter options panel, click Clear Filter.

      • Ensure there is no text in the Search box.

  5. To control the order in which the items are listed, click the Sort icon Image of the Sort icon next to the heading for a sortable column.

    For individual items, in the ACTION column for the item:

    • To see more detailed information about a discovered application, click anywhere in the row for that application.
    • To open an incident ticket on an application, in the ACTION column, click the Create Incident icon Image of the Create Incident icon..

      See Tracking Incident Tickets.

    • To assign a tag, or change the assigned tag, for the discovered application, click the Edit Tags icon Image of the Edit Tags icon..

      In the Tag Selected App dialog box, select one of the other predefined tags:

      • Sanctioned — applications like this are officially sanctioned and should be available to all users.

      • Permitted — applications like this are not officially sanctioned, but are permitted when a user or group has asked to use the application and the request has been approved.

      • Restricted — applications like this are restricted to use by only specific individuals.

      • Prohibited — applications like this should never be used by anyone in the organization.

      • Irrelevant — applications like common websites or an advertisement that can be excluded from a security analysis.

      By default, newly discovered applications are assigned the “Discovered” tag. You should change this to a more meaningful tag, in terms of your organization’s security policies for applications that users install on their own.

      Note:

      When you assign a tag to a discovered application:

      • That same tag then will be automatically assigned to applications discovered in the future that originate from the same domain, as listed in the APP/DOMAIN column.
      • You can define custom policy alerts to generate risk events based on the tag.

        See Creating Policy Alerts for Discovered Applications.

  6. For the entire month’s data:

    • To export the list of discovered applications to a comma-separated values (CSV) file, click the Export to CVS icon Image of the Export to CVS icon..

    • To delete the data for the entire list of discovered applications displayed for the current month, click the Delete icon Image of the Delete icon..

      Caution:

      The Delete icon Image of the Delete icon. on the App Discovery tab always deletes all discovered application data for the selected month, not just the subset you may see listed.

  7. If KSIs are enabled for Oracle CASB Cloud Service - Discovery:

    1. Ensure that the month slider is set to the month for which you want to view the KSI summary data.

      The month slider on the App Discovery tab also controls the data displayed on the Key Security Indicators tab.

    2. Click the Key Security Indicators tab.

    3. Continue with the next topic, Working with the Key Security Indicators Tab.

Working with the Key Security Indicators Tab

Understand how use the App Discovery Key Security Indicators tab to view summary information on discovered shadow applications, and to list the discovered applications behind each summary on the App Discovery tab.

The table below lists the key security indicators (KSIs) provided by Oracle CASB Cloud Center - Discovery, with a description of the information summarized in each.

Key Security Indicator Description

Top 10 App Categories Traffic

Summarizes traffic in MB for different application categories, for the selected month's discovered applications.

Top 10 App Categories (User Count)

Summarizes user counts for different application categories, for the selected month's discovered applications.

Traffic Distribution by Risk

Summarizes, in a pie chart, the distribution of traffic (in megabytes) by risk level (normal, low, medium, high), for the selected month's discovered applications.

User Distribution by Risk

Summarizes, in a pie chart, the distribution of user counts by risk level (normal, low, medium, high), for the selected month's discovered applications.

App Distribution by Risk

Summarizes, in a pie chart, the distribution of applications by risk level (normal, low, medium, high), for the selected month's discovered applications.

Users with most apps

Lists the top 10 users with the most applications, in the selected month's discovered applications.

Top 10 most used apps

Lists the top 10 applications that appear most frequently, in the selected month's discovered applications.

To manipulate the KSI information that's displayed and drill down into the details:

  1. Move your mouse around the information displayed on the Key Security Indicators tab and notice:
    • Some items always have a number displayed.
    • Some items display a number only when you move the mouse pointer over them.
    • The mouse pointer changes to indicate that it's over a link in both cases.

    Note:

    Whenever the mouse pointer changes to indicate a link:

    • The number displayed is the number of discovered applications involved in the item you are pointing to in that KSI.
    • You can click to display the all those discovered applications on the App Discovery tab.
  2. Control what’s displayed in App Categories Traffic (in MB) and App Categories (User Count) KSIs.

    Note:

    Color code for tags (Discovered, Sanctioned, Permitted, Restricted, Prohibited) appears on right side of each of these KSIs.

    Horizontal bars to right of each category listed for each of these KSIs indicate the proportion of the total number of discovered applications that each tag is contributing to that total.

    1. Click a tag color code to remove it from the horizontal bars for each category.

    2. Click the same tag color code again to restore it in the horizontal bars for each category.

  3. Control what's displayed in pie charts.

    Note:

    Three KSIs (Traffic Distribution by Risk (in MB), User Distribution by Risk, and App Distribution by Risk) display their summary information in pie charts, with color code at the bottom

    1. Color codes are displayed below each pie chart.

    2. Color codes indicate risk level: Normal, Low, Medium, High.

    1. Click a color code to remove that risk level from the pie chart.

    2. Click the same color code again to restore that risk level to the pie chart.

  4. View the list of discovered applications summarized in a KSI.
    1. Locate an item, outside of the tag color codes, that changes the mouse pointer to indicate a link.

    2. Click the item.

      The App Discovery tab is brought forward, listing all the discovered applications that were summarized by the item you clicked. Notice that either Filter or Search options were automatically set to produce this list.

  5. View and process the list.

    You can process this list of discovered applications in the same way that you can process the entire list for the selected month. See Viewing Discovered Applications and Understanding the Results.

    Caution:

    The Delete icon Image of the Delete icon. on the App Discovery tab always deletes all discovered application data for the selected month, not just the subset you may see listed.

  6. Click the Key Security Indicators tab to view more summary information there.

    Ensure that the month slider is set to the correct month for which you wish to view summary date before you switch tabs.