Skip to content

Commit

Permalink
[ZT] Update analytics w/ overview page + Access (#19087)
Browse files Browse the repository at this point in the history 
Co-authored-by: Claire W <[email protected]>
Co-authored-by: Max Phillips <[email protected]>
  • Loading branch information
@cdraper-cloudflare @crwaters16 @maxvp
3 people authored Jan 8, 2025
1 parent be13e9e commit 84af769
Show file tree
Hide file tree
Showing 11 changed files with 314 additions and 171 deletions.
3 changes: 2 additions & 1 deletion public/_redirects
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1617,7 +1617,7 @@
/access/common-access-configurations/common-bypass/ /cloudflare-one/policies/access/#bypass 301
/cloudflare-one/analytics/ /cloudflare-one/insights/ 301
/cloudflare-one/analytics/logs/activity-log/ /cloudflare-one/insights/logs/gateway-logs/ 301
/cloudflare-one/analytics/private-network-discovery/ /cloudflare-one/insights/analytics/access/ 301
/cloudflare-one/analytics/private-network-discovery/ /cloudflare-one/insights/analytics/shadow-it-discovery/#private-network-origins 301
/cloudflare-one/analytics/access/ /cloudflare-one/insights/analytics/access/ 301
/cloudflare-one/analytics/gateway/ /cloudflare-one/insights/analytics/gateway/ 301
/cloudflare-one/analytics/users/ /cloudflare-one/insights/logs/users/ 301
Expand Down Expand Up @@ -1714,6 +1714,7 @@
/cloudflare-one/identity/idp-integration/saml-okta/ /cloudflare-one/identity/idp-integration/okta-saml/ 301
/cloudflare-one/identity/idp-integration/workspace-one/ /cloudflare-one/identity/devices/service-providers/workspace-one/ 301
/cloudflare-one/identity/login-page/ /cloudflare-one/applications/login-page/ 301
/cloudflare-one/insights/analytics/ /cloudflare-one/insights/analytics/analytics-overview/ 301
/cloudflare-one/insights/logs/logpush/rdata/ /cloudflare-one/insights/logs/logpush/#parse-logpush-logs 301
/cloudflare-one/applications/custom-pages/ /cloudflare-one/applications/ 301
/cloudflare-one/identity/service-auth/service-tokens/ /cloudflare-one/identity/service-tokens/ 301
Expand Down
2 changes: 1 addition & 1 deletion src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,5 @@ Here are a few ways in which the WARP client provides in-depth protection for yo

- **WARP lets you enforce security policies anywhere**. With the WARP client deployed in the Gateway with WARP mode, Gateway policies are not location-dependent — they can be enforced anywhere.
- **WARP lets you enforce HTTP filtering and user-based policies**. Download and install the WARP client to enable Gateway features such as [Anti-Virus scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), [HTTP filtering](/cloudflare-one/policies/gateway/http-policies/), [Browser Isolation](/cloudflare-one/policies/gateway/http-policies/#isolate), and [identity-based policies](/cloudflare-one/policies/gateway/network-policies/).
- **WARP lets you have in-depth, application-specific insights**. With WARP installed on your corporate devices, you can populate the [Zero Trust Shadow IT Discovery](/cloudflare-one/insights/analytics/access/) page with visibility down to the application and user level. This makes it easy to discover, analyze, and take action on any shadow IT your users may be using every day.
- **WARP lets you have in-depth, application-specific insights**. With WARP installed on your corporate devices, you can populate the [Zero Trust Shadow IT Discovery](/cloudflare-one/insights/analytics/shadow-it-discovery/) page with visibility down to the application and user level. This makes it easy to discover, analyze, and take action on any shadow IT your users may be using every day.
- **WARP allows you to build rich device posture rules.** The WARP client provides advanced Zero Trust protection by making it possible to check for [device posture](/cloudflare-one/identity/devices/). By setting up device posture checks, you can build Zero Trust policies that check for a device's location, disk encryption status, OS version, and more.
116 changes: 21 additions & 95 deletions src/content/docs/cloudflare-one/insights/analytics/access.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,110 +1,36 @@
---
pcx_content_type: reference
title: Shadow IT Discovery
title: Access analytics
sidebar:
order: 2

order: 3
---

The Shadow IT Discovery page provides visibility into the SaaS applications and private network origins your end users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.

Shadow IT Discovery is located in [Zero Trust](https://one.dash.cloudflare.com) under **Analytics** > **Access**.

## Turn on Shadow IT Discovery

To allow Zero Trust to discover shadow IT in your traffic:

* Turn on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/) for HTTP and network traffic.
* Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) to inspect HTTPS traffic.
* Ensure any network traffic you want to inspect is not routed around Gateway by a [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).

## SaaS applications

To see an overview of SaaS applications your users have visited, go to **Analytics** > **Access** > **SaaS**. This tab displays the following information:

* **Unique application users**: Chart showing the number of different users who accessed SaaS applications over time.
* **Top approved applications**: SaaS applications marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
* **Top unapproved applications**: SaaS applications marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
* **Logins**: Chart showing the number of logins for an individual Access application over time.
* **Top applications accessed**: Access applications with the greatest number of logins.
* **Top connected users**: Users who logged in to the greatest number of Access applications.

### Review discovered applications

You can view a list of all discovered SaaS applications and mark them as approved or unapproved. To review an application:

1. Go to **Analytics** > **Access** > **SaaS**.
2. In the **Unique application users** chart, select **Review all**. The table displays the following fields:



| Field | Description |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| Application | SaaS application's name and logo. |
| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust. |
| Status | Application's [approval status](#approval-status). |
| Secured | Whether the application is currently secured behind Cloudflare Access. |
| Users | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
| | |

3. Select a specific application to view details.
4. Assign a new [approval status](#approval-status) according to your organization's preferences.

The application's status will now be updated across charts and visualizations on the **SaaS** tab. You can block unapproved applications by creating a [Gateway policy](/cloudflare-one/policies/gateway/).

## Private network origins

To see an overview of the private network origins your users have visited, go to **Analytics** > **Access** > **Private Network**. This tab displays the following information:

* **Unique origin users**: Chart showing the number of different users accessing your private network over time.
* **Top approved origins**: Origins marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
* **Top unapproved origins**: Origins marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
* **Logins**: Chart showing the number of logins for an individual Access application over time.
* **Top applications accessed**: Access applications with the greatest number of logins.
* **Top connected users**: Users who logged in to the greatest number of Access applications.

### Review discovered origins

You can view a list of all discovered origins and mark them as approved or unapproved. To review a private network origin:

1. Go to **Analytics** > **Access** > **Private Network**.
2. In the **Unique origin users** chart, select **Review all**. The discovered origins that appear on this page are defined by unique combinations of IP address, port, and protocol.



| Field | Description |
| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
| IP address | Origin's internal IP address in your private network. |
| Port | Port used to connect to the origin. |
| Protocol | Protocol used to connect to the origin. |
| Hostname | Hostname used to access the origin. |
| Status | Origin's [approval status](#approval-status) |
| Users | Number of users who connected to the origin over the period of time specified on the Shadow IT Discovery overview page. |


Access analytics provide Cloudflare One users with data on how Access is protecting their network.

3. Select a specific origin to view details.
4. Assign a new [approval status](#approval-status) according to your organization's preferences.
To view Access analytics in [Zero Trust](https://one.dash.cloudflare.com), go to **Analytics**, then select **Access**.

The origin's status will now be updated across charts and visualizations on the **Private Network** tab. You can block unapproved origins by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
You can view the following data and filters in Access analytics:

## Approval status
**Zero Trust data:**

Within Shadow IT Discovery, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.
- Applications accessed
- Failed logins
- Connected users

:::note
**Logins over time:**

Approval status does not impact a user's ability to access the application. Users are allowed or blocked according to your Access and Gateway policies.
:::
- Total count of all logins per day
- Filter to see logins for a specific application

**Applications and users:**

- Top applications accessed
- Top connected users

| Status | Description |
| ---------- | ------------------------------------------------------------------------------------------------------ |
| Approved | Applications that have been marked as sanctioned by your organization. |
| Unapproved | Applications that have been marked as unsanctioned by your organization. |
| In review | Applications in the process of being reviewed by your organization. |
| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
**Time filters:**

- Last hour
- Last 24 hours
- Last 7 days
- Last 30 days
- Current calendar month
121 changes: 121 additions & 0 deletions src/content/docs/cloudflare-one/insights/analytics/analytics-overview.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
---
pcx_content_type: reference
title: Analytics overview
sidebar:
order: 2
---

The Cloudflare One Analytics overview provides a dashboard that reports on how Cloudflare One is protecting your organization and networks.

To view the Analytics overview in [Zero Trust](https://one.dash.cloudflare.com), go to **Analytics**.

The Analytics overview includes reports and insights across the following products and categories:

- [Global status](#global-status) of your Cloudflare One organization
- [Access](#access)
- Gateway
- [HTTP traffic](#proxy-traffic)
- [Network traffic](#gateway-network-requests)
- [DNS traffic](#dns-traffic)
- [Firewall policies](#gateway-insights)

## Global status

In **Global status**, you can view a report on your organization's Cloudflare One adoption that contains the following metrics:

- Access apps configured
- Gateway HTTP policies
- Gateway network policies
- Gateway DNS policies
- SaaS integrations
- DLP profiles

You can also view a report on your [seat usage](/cloudflare-one/identity/users/seat-management/) across your Cloudflare One organization that contains the following metrics:

- Total seats
- Used seats
- Unused seats

## Access

In **Access**, you can view a report on your Access configuration that contains:

**Metrics:**

- Total access attempts
- Granted access
- Denied (policy violation)
- Active logins overtime
- Top applications with most logins

**Filters:**

- Access data by country

## Gateway

### Proxy traffic

In **Proxy traffic**, you can view a report on your Gateway HTTP traffic that contains:

**Metrics:**

- Total requests overtime
- Allowed requests
- Blocked requests
- Isolated requests
- Do not inspect requests
- Top bandwidth consumers (GB)
- Top denied users

**Filters:**

- Gateway HTTP traffic data by country

### Gateway (network requests)

In **Gateway (network requests)**, you can view a report on your Gateway network traffic that contains:

**Metrics:**

- Total sessions
- Authenticated sessions
- Blocked sessions
- Audit SSH sessions
- Allowed sessions
- Override sessions
- Top bandwidth consumers in GB
- Top denied users

**Filters:**

- Gateway network traffic data by country

### DNS traffic

In **DNS traffic**, you can view a report on your Gateway DNS traffic that contains:

**Metrics:**

- Total DNS queries
- Allowed DNS queries
- Blocked DNS queries
- Override DNS queries
- Safe Search DNS queries
- Restricted DNS queries
- Other DNS queries

**Filters:**

- Gateway DNS traffic by query type
- Gateway DNS traffic by country

### Gateway insights

In **Gateway insights**, you can view a report on your Gateway firewall policies that contains the following metrics:

- Top domain blocking policies
- Top destination domains
- Most user queries
- Top devices
- Top countries
16 changes: 6 additions & 10 deletions src/content/docs/cloudflare-one/insights/analytics/gateway.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@
---
pcx_content_type: concept
pcx_content_type: reference
title: Gateway analytics
sidebar:
order: 3

order: 4
---

To see the top Allowed and Blocked requests across all of your DNS locations, go to **Analytics** > **Gateway**. You can filter the data by selecting a specific location and/or time.

* **Requests** — This chart shows an overview of the number of requests made by end users within the time period you specify. It shows a breakdown of requests based on the decision Gateway took (either Allowed or Blocked).

* **Allowed requests** — This chart shows a breakdown of the five domains which received the highest number of Allowed requests. It also shows the five domains which received the lowest amount of Allowed requests. By selecting **View all** to the right of either section of the chart, you will see a list of highest 100 and lowest 100 domains ranked by number of Allowed requests.

* **Top blocked requests** — This chart shows a breakdown of the five domains which received the highest number of Blocked requests. It also shows the five domains which received the lowest number of Blocked requests. By selecting **View all** to the right of either section of the chart, you'll see a list of highest 100 and lowest 100 domains ranked by number of Blocked requests.

* **Requests by category** — The charts in this card show a breakdown of the **Top allowed categories** and the **Top blocked categories** based on the number of requests that Gateway classified as belonging to a content category.
- **Requests** — This chart shows an overview of the number of requests made by end users within the time period you specify. It shows a breakdown of requests based on the decision Gateway took (either Allowed or Blocked).
- **Allowed requests** — This chart shows a breakdown of the five domains which received the highest number of Allowed requests. It also shows the five domains which received the lowest amount of Allowed requests. By selecting **View all** to the right of either section of the chart, you will see a list of highest 100 and lowest 100 domains ranked by number of Allowed requests.
- **Top blocked requests** — This chart shows a breakdown of the five domains which received the highest number of Blocked requests. It also shows the five domains which received the lowest number of Blocked requests. By selecting **View all** to the right of either section of the chart, you'll see a list of highest 100 and lowest 100 domains ranked by number of Blocked requests.
- **Requests by category** — The charts in this card show a breakdown of the **Top allowed categories** and the **Top blocked categories** based on the number of requests that Gateway classified as belonging to a content category.

## GraphQL queries

Expand Down
Loading

0 comments on commit 84af769

Please sign in to comment.