Looking for advice on how to accomplish the following:Identify all SaaS Apps that our users are logging into, and identify the user groups (departments, OUs, etc.) that are logging in for each SaaS App Key information that we are looking for on the App is the following: App Name URL URL Category CCI Available - Is the application in CCI? Here is what I tried that was inefficient, lack of quality data, etc.:I tried querying web_tx for URI containing /Login/ I then queried App Names against CCI via API Lastly, I manually looked up Apps in CCI to try and find users with traffic associated to the app (the issue here is that a browse to the site would show up and not indicative of a user login)Any advice and/or direction would be appreciated. (Was not sure the appropriate category to put this question into - thus chose Additional Discussions)

Solved

User Login Reporting

24 days ago
April 2, 2025
1 reply
26 views

b-rad
New Member

Looking for advice on how to accomplish the following:

Identify all SaaS Apps that our users are logging into, and identify the user groups (departments, OUs, etc.) that are logging in for each SaaS App
Key information that we are looking for on the App is the following:
- App Name
- URL
- URL Category
- CCI Available - Is the application in CCI?

Here is what I tried that was inefficient, lack of quality data, etc.:

I tried querying web_tx for URI containing /Login/
I then queried App Names against CCI via API
Lastly, I manually looked up Apps in CCI to try and find users with traffic associated to the app (the issue here is that a browse to the site would show up and not indicative of a user login)

Any advice and/or direction would be appreciated.

(Was not sure the appropriate category to put this question into - thus chose Additional Discussions)

Best answer by sshiflett

@b-rad,

If you have Advanced Analytics this can be queried in multiple ways. You can start with Application Events to see logins that Netskope was explicitly able to identify the Login Activity:

You can alternatively (or use them together) filter URLs that contain the word “Login” using TransactioN Events.

You can add additional fields as needed for OU, group, etc.

View original

Did this topic help you find an answer to your question?

+16

sshiflett
Netskope Employee
257 replies
Answer
16 days ago
April 10, 2025

@b-rad,

If you have Advanced Analytics this can be queried in multiple ways. You can start with Application Events to see logins that Netskope was explicitly able to identify the Login Activity:

You can alternatively (or use them together) filter URLs that contain the word “Login” using TransactioN Events.

You can add additional fields as needed for OU, group, etc.

Sam Shiflett | Netskope Solution Architect - North America

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

bugs ou triches sur les Challenges / bugs or cheats on Challengesicon

Bug Report : Mute Activity Not working as expectedicon

Activity-by-day challenges not picking up multiple valid activitiesicon

Bug with infinite fitnessicon

Vitesse et allure / Speed and paceicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings