Skip to content

Commit

Permalink
Update CF1 insights > anayltics to include new CF1 overview page and …
Browse files Browse the repository at this point in the history 
…the existing Access analytics
  • Loading branch information
@cdraper-cloudflare
cdraper-cloudflare committed Jan 8, 2025
1 parent 68400b9 commit 9bc675a
Show file tree
Hide file tree
Showing 4 changed files with 264 additions and 95 deletions.
119 changes: 25 additions & 94 deletions src/content/docs/cloudflare-one/insights/analytics/access.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,110 +1,41 @@
---
pcx_content_type: reference
title: Shadow IT Discovery
pcx_content_type: concept
title: Access analytics
sidebar:
order: 2
order: 3

---

The Shadow IT Discovery page provides visibility into the SaaS applications and private network origins your end users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.
Access analytics provides Cloudflare One customers with data on how Access is protecting their network.

Shadow IT Discovery is located in [Zero Trust](https://one.dash.cloudflare.com) under **Analytics** > **Access**.
Go to Access analytics by:

## Turn on Shadow IT Discovery
1. Opening the Cloudflare Zero Trust dashboard
2. Selecting **Analytics** in the left side menu
3. Selecting the **Access** tab

To allow Zero Trust to discover shadow IT in your traffic:
Customers can view the following data and filters in Access analytics:

* Turn on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/) for HTTP and network traffic.
* Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) to inspect HTTPS traffic.
* Ensure any network traffic you want to inspect is not routed around Gateway by a [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).
**Zero Trust data:**

## SaaS applications
* Applications accessed
* Failed logins
* Connected users

To see an overview of SaaS applications your users have visited, go to **Analytics** > **Access** > **SaaS**. This tab displays the following information:
**Logins overtime:**

* **Unique application users**: Chart showing the number of different users who accessed SaaS applications over time.
* **Top approved applications**: SaaS applications marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
* **Top unapproved applications**: SaaS applications marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
* **Logins**: Chart showing the number of logins for an individual Access application over time.
* **Top applications accessed**: Access applications with the greatest number of logins.
* **Top connected users**: Users who logged in to the greatest number of Access applications.
* Total count of all logins per day
* Filter to see logins for a specific application

### Review discovered applications
**Applications and users:**

You can view a list of all discovered SaaS applications and mark them as approved or unapproved. To review an application:
* Top applications accessed
* Top connected users

1. Go to **Analytics** > **Access** > **SaaS**.
2. In the **Unique application users** chart, select **Review all**. The table displays the following fields:



| Field | Description |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| Application | SaaS application's name and logo. |
| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust. |
| Status | Application's [approval status](#approval-status). |
| Secured | Whether the application is currently secured behind Cloudflare Access. |
| Users | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
| | |

3. Select a specific application to view details.
4. Assign a new [approval status](#approval-status) according to your organization's preferences.

The application's status will now be updated across charts and visualizations on the **SaaS** tab. You can block unapproved applications by creating a [Gateway policy](/cloudflare-one/policies/gateway/).

## Private network origins

To see an overview of the private network origins your users have visited, go to **Analytics** > **Access** > **Private Network**. This tab displays the following information:

* **Unique origin users**: Chart showing the number of different users accessing your private network over time.
* **Top approved origins**: Origins marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
* **Top unapproved origins**: Origins marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
* **Logins**: Chart showing the number of logins for an individual Access application over time.
* **Top applications accessed**: Access applications with the greatest number of logins.
* **Top connected users**: Users who logged in to the greatest number of Access applications.

### Review discovered origins

You can view a list of all discovered origins and mark them as approved or unapproved. To review a private network origin:

1. Go to **Analytics** > **Access** > **Private Network**.
2. In the **Unique origin users** chart, select **Review all**. The discovered origins that appear on this page are defined by unique combinations of IP address, port, and protocol.



| Field | Description |
| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
| IP address | Origin's internal IP address in your private network. |
| Port | Port used to connect to the origin. |
| Protocol | Protocol used to connect to the origin. |
| Hostname | Hostname used to access the origin. |
| Status | Origin's [approval status](#approval-status) |
| Users | Number of users who connected to the origin over the period of time specified on the Shadow IT Discovery overview page. |



3. Select a specific origin to view details.
4. Assign a new [approval status](#approval-status) according to your organization's preferences.

The origin's status will now be updated across charts and visualizations on the **Private Network** tab. You can block unapproved origins by creating a [Gateway policy](/cloudflare-one/policies/gateway/).

## Approval status

Within Shadow IT Discovery, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.

:::note

Approval status does not impact a user's ability to access the application. Users are allowed or blocked according to your Access and Gateway policies.
:::



| Status | Description |
| ---------- | ------------------------------------------------------------------------------------------------------ |
| Approved | Applications that have been marked as sanctioned by your organization. |
| Unapproved | Applications that have been marked as unsanctioned by your organization. |
| In review | Applications in the process of being reviewed by your organization. |
| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
**Time filters:**

* Last hour
* Last 24 hours
* Last 7 days
* Last 30 days
* Current calendar month
128 changes: 128 additions & 0 deletions src/content/docs/cloudflare-one/insights/analytics/analytics-overview.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
---
pcx_content_type: concept
title: Analytics overview
sidebar:
order: 2

---

The Cloudflare One Analytics Overview provides you with a single pane of glass that reports on how Cloudflare One is protecting their network.

Go to the Analytics overview by:

1. Opening the Cloudflare Zero Trust dashboard
2. Selecting **Analytics** in the left side menu

The Analytics overview includes reports and insights across the following products and categories:

* Cloudflare One - Global status
* Access
* Gateway - HTTP traffic
* Gateway - Network traffic
* Gateway - DNS traffic
* Gateway - Firewall policies

## Cloudflare One - Global status

You can view a report on Cloudflare One adoption and usage that contains:

**Metrics:**

* Access apps configured
* Gateway HTTP policies
* Gateway network policies
* Gateway DNS policies
* SaaS integrations
* DLP profiles

You can also view a report on seat usage across your Cloudflare One organization that contains:

**Metrics:**

* Total seats
* Used seats
* Unused seats

## Access

You can view a report on Access that contains:

**Filters:**

* Access data by country

**Metrics:**

* Total access attempts
* Granted access
* Denied (policy violation)
* Active logins overtime
* Top applications with most logins

## Gateway - HTTP traffic

You can view a report on Gateway HTTP traffic (titled **Proxy traffic**) that contains:

**Filters:**

* Gateway HTTP traffic data by country

**Metrics:**

* Total requests overtime
* Allowed requests
* Blocked requests
* Isolated requests
* Do not inspect requests
* Top bandwidth consumers (GB)
* Top denied users

## Gateway - Network traffic

You can view a report on Gateway Network traffic (titled Gateway (network requests)) that contains:

**Filters:**

* Gateway network traffic data by country

**Metrics:**

* Total sessions
* Authenticated sessions
* Blocked sessions
* Audit SSH sessions
* Allowed sessions
* Override sessions
* Top bandwidth consumers (GB)
* Top denied users

## Gateway - DNS traffic

You can view a report on Gateway DNS traffic that contains:

**Filters:**

* Gateway DNS traffic by query type
* Gateway DNS traffic by country

**Metrics:**

* Total DNS queries
* Allowed DNS queries
* Blocked DNS queries
* Override DNS queries
* Safe Search DNS queries
* Restricted DNS queries
* Other DNS queries

## Gateway - Firewall policies

You can view a report on Gateway Firewall policies (titled **Gateway insights**) that contains:

**Metrics:**

* Top domain blocking policies
* Top destination domains
* Most user queries
* Top devices
* Top countries
2 changes: 1 addition & 1 deletion src/content/docs/cloudflare-one/insights/analytics/gateway.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
pcx_content_type: concept
title: Gateway analytics
sidebar:
order: 3
order: 4

---

Expand Down
110 changes: 110 additions & 0 deletions src/content/docs/cloudflare-one/insights/analytics/shadow-it.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
---
pcx_content_type: reference
title: Shadow IT Discovery
sidebar:
order: 5

---

The Shadow IT Discovery page provides visibility into the SaaS applications and private network origins your end users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.

Shadow IT Discovery is located in [Zero Trust](https://one.dash.cloudflare.com) under **Analytics** > **Access**.

## Turn on Shadow IT Discovery

To allow Zero Trust to discover shadow IT in your traffic:

* Turn on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/) for HTTP and network traffic.
* Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) to inspect HTTPS traffic.
* Ensure any network traffic you want to inspect is not routed around Gateway by a [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).

## SaaS applications

To see an overview of SaaS applications your users have visited, go to **Analytics** > **Access** > **SaaS**. This tab displays the following information:

* **Unique application users**: Chart showing the number of different users who accessed SaaS applications over time.
* **Top approved applications**: SaaS applications marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
* **Top unapproved applications**: SaaS applications marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
* **Logins**: Chart showing the number of logins for an individual Access application over time.
* **Top applications accessed**: Access applications with the greatest number of logins.
* **Top connected users**: Users who logged in to the greatest number of Access applications.

### Review discovered applications

You can view a list of all discovered SaaS applications and mark them as approved or unapproved. To review an application:

1. Go to **Analytics** > **Access** > **SaaS**.
2. In the **Unique application users** chart, select **Review all**. The table displays the following fields:



| Field | Description |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| Application | SaaS application's name and logo. |
| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust. |
| Status | Application's [approval status](#approval-status). |
| Secured | Whether the application is currently secured behind Cloudflare Access. |
| Users | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
| | |

3. Select a specific application to view details.
4. Assign a new [approval status](#approval-status) according to your organization's preferences.

The application's status will now be updated across charts and visualizations on the **SaaS** tab. You can block unapproved applications by creating a [Gateway policy](/cloudflare-one/policies/gateway/).

## Private network origins

To see an overview of the private network origins your users have visited, go to **Analytics** > **Access** > **Private Network**. This tab displays the following information:

* **Unique origin users**: Chart showing the number of different users accessing your private network over time.
* **Top approved origins**: Origins marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
* **Top unapproved origins**: Origins marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
* **Logins**: Chart showing the number of logins for an individual Access application over time.
* **Top applications accessed**: Access applications with the greatest number of logins.
* **Top connected users**: Users who logged in to the greatest number of Access applications.

### Review discovered origins

You can view a list of all discovered origins and mark them as approved or unapproved. To review a private network origin:

1. Go to **Analytics** > **Access** > **Private Network**.
2. In the **Unique origin users** chart, select **Review all**. The discovered origins that appear on this page are defined by unique combinations of IP address, port, and protocol.



| Field | Description |
| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
| IP address | Origin's internal IP address in your private network. |
| Port | Port used to connect to the origin. |
| Protocol | Protocol used to connect to the origin. |
| Hostname | Hostname used to access the origin. |
| Status | Origin's [approval status](#approval-status) |
| Users | Number of users who connected to the origin over the period of time specified on the Shadow IT Discovery overview page. |



3. Select a specific origin to view details.
4. Assign a new [approval status](#approval-status) according to your organization's preferences.

The origin's status will now be updated across charts and visualizations on the **Private Network** tab. You can block unapproved origins by creating a [Gateway policy](/cloudflare-one/policies/gateway/).

## Approval status

Within Shadow IT Discovery, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.

:::note

Approval status does not impact a user's ability to access the application. Users are allowed or blocked according to your Access and Gateway policies.
:::



| Status | Description |
| ---------- | ------------------------------------------------------------------------------------------------------ |
| Approved | Applications that have been marked as sanctioned by your organization. |
| Unapproved | Applications that have been marked as unsanctioned by your organization. |
| In review | Applications in the process of being reviewed by your organization. |
| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |

0 comments on commit 9bc675a

Please sign in to comment.