Update CF1 insights > anayltics to include new CF1 overview page and the existing Access analytics

cdraper-cloudflare · cdraper-cloudflare · commit 9bc675a60181 · 2025-01-08T15:11:55.000-05:00
diff --git a/src/content/docs/cloudflare-one/insights/analytics/access.mdx b/src/content/docs/cloudflare-one/insights/analytics/access.mdx
@@ -1,110 +1,41 @@
 ---
-pcx_content_type: reference
-title: Shadow IT Discovery
+pcx_content_type: concept
+title: Access analytics
 sidebar:
-  order: 2
+  order: 3
 
 ---
 
-The Shadow IT Discovery page provides visibility into the SaaS applications and private network origins your end users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.
+Access analytics provides Cloudflare One customers with data on how Access is protecting their network.
 
-Shadow IT Discovery is located in [Zero Trust](https://one.dash.cloudflare.com) under **Analytics** > **Access**.
+Go to Access analytics by:
 
-## Turn on Shadow IT Discovery
+1. Opening the Cloudflare Zero Trust dashboard
+2. Selecting **Analytics** in the left side menu
+3. Selecting the **Access** tab
 
-To allow Zero Trust to discover shadow IT in your traffic:
+Customers can view the following data and filters in Access analytics:
 
-* Turn on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/) for HTTP and network traffic.
-* Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) to inspect HTTPS traffic.
-* Ensure any network traffic you want to inspect is not routed around Gateway by a [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).
+**Zero Trust data:**
 
-## SaaS applications
+* Applications accessed
+* Failed logins
+* Connected users
 
-To see an overview of SaaS applications your users have visited, go to **Analytics** > **Access** > **SaaS**. This tab displays the following information:
+**Logins overtime:**
 
-* **Unique application users**: Chart showing the number of different users who accessed SaaS applications over time.
-* **Top approved applications**: SaaS applications marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
-* **Top unapproved applications**: SaaS applications marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
-* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
-* **Logins**: Chart showing the number of logins for an individual Access application over time.
-* **Top applications accessed**: Access applications with the greatest number of logins.
-* **Top connected users**: Users who logged in to the greatest number of Access applications.
+* Total count of all logins per day
+* Filter to see logins for a specific application
 
-### Review discovered applications
+**Applications and users:**
 
-You can view a list of all discovered SaaS applications and mark them as approved or unapproved. To review an application:
+* Top applications accessed
+* Top connected users
 
-1. Go to **Analytics** > **Access** > **SaaS**.
-2. In the **Unique application users** chart, select **Review all**. The table displays the following fields:
-
-
-
-| Field            | Description                                                                                                                  |
-| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
-| Application      | SaaS application's name and logo.                                                                                            |
-| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust.     |
-| Status           | Application's [approval status](#approval-status).                                                                           |
-| Secured          | Whether the application is currently secured behind Cloudflare Access.                                                       |
-| Users            | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
-|                  |                                                                                                                              |
-
-3. Select a specific application to view details.
-4. Assign a new [approval status](#approval-status) according to your organization's preferences.
-
-The application's status will now be updated across charts and visualizations on the **SaaS** tab. You can block unapproved applications by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
-
-## Private network origins
-
-To see an overview of the private network origins your users have visited, go to **Analytics** > **Access** > **Private Network**. This tab displays the following information:
-
-* **Unique origin users**: Chart showing the number of different users accessing your private network over time.
-* **Top approved origins**: Origins marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
-* **Top unapproved origins**: Origins marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
-* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
-* **Logins**: Chart showing the number of logins for an individual Access application over time.
-* **Top applications accessed**: Access applications with the greatest number of logins.
-* **Top connected users**: Users who logged in to the greatest number of Access applications.
-
-### Review discovered origins
-
-You can view a list of all discovered origins and mark them as approved or unapproved. To review a private network origin:
-
-1. Go to **Analytics** > **Access** > **Private Network**.
-2. In the **Unique origin users** chart, select **Review all**. The discovered origins that appear on this page are defined by unique combinations of IP address, port, and protocol.
-
-
-
-| Field      | Description                                                                                                             |
-| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
-| IP address | Origin's internal IP address in your private network.                                                                   |
-| Port       | Port used to connect to the origin.                                                                                     |
-| Protocol   | Protocol used to connect to the origin.                                                                                 |
-| Hostname   | Hostname used to access the origin.                                                                                     |
-| Status     | Origin's [approval status](#approval-status)                                                                            |
-| Users      | Number of users who connected to the origin over the period of time specified on the Shadow IT Discovery overview page. |
-
-
-
-3. Select a specific origin to view details.
-4. Assign a new [approval status](#approval-status) according to your organization's preferences.
-
-The origin's status will now be updated across charts and visualizations on the **Private Network** tab. You can block unapproved origins by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
-
-## Approval status
-
-Within Shadow IT Discovery, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.
-
-:::note
-
-Approval status does not impact a user's ability to access the application. Users are allowed or blocked according to your Access and Gateway policies. 
-:::
-
-
-
-| Status     | Description                                                                                            |
-| ---------- | ------------------------------------------------------------------------------------------------------ |
-| Approved   | Applications that have been marked as sanctioned by your organization.                                 |
-| Unapproved | Applications that have been marked as unsanctioned by your organization.                               |
-| In review  | Applications in the process of being reviewed by your organization.                                    |
-| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
+**Time filters:**
 
+* Last hour
+* Last 24 hours
+* Last 7 days
+* Last 30 days
+* Current calendar month
diff --git a/src/content/docs/cloudflare-one/insights/analytics/analytics-overview.mdx b/src/content/docs/cloudflare-one/insights/analytics/analytics-overview.mdx
@@ -0,0 +1,128 @@
+---
+pcx_content_type: concept
+title: Analytics overview
+sidebar:
+  order: 2
+
+---
+
+The Cloudflare One Analytics Overview provides you with a single pane of glass that reports on how Cloudflare One is protecting their network.
+
+Go to the Analytics overview by:
+
+1. Opening the Cloudflare Zero Trust dashboard
+2. Selecting **Analytics** in the left side menu
+
+The Analytics overview includes reports and insights across the following products and categories:
+
+* Cloudflare One - Global status
+* Access
+* Gateway - HTTP traffic
+* Gateway - Network traffic
+* Gateway - DNS traffic
+* Gateway - Firewall policies
+
+## Cloudflare One - Global status
+
+You can view a report on Cloudflare One adoption and usage that contains:
+
+**Metrics:**
+
+* Access apps configured
+* Gateway HTTP policies
+* Gateway network policies
+* Gateway DNS policies
+* SaaS integrations
+* DLP profiles
+
+You can also view a report on seat usage across your Cloudflare One organization that contains:
+
+**Metrics:**
+
+* Total seats
+* Used seats
+* Unused seats
+
+## Access
+
+You can view a report on Access that contains:
+
+**Filters:**
+
+* Access data by country
+
+**Metrics:**
+
+* Total access attempts
+* Granted access
+* Denied (policy violation)
+* Active logins overtime
+* Top applications with most logins
+
+## Gateway - HTTP traffic
+
+You can view a report on Gateway HTTP traffic (titled **Proxy traffic**) that contains:
+
+**Filters:**
+
+* Gateway HTTP traffic data by country
+
+**Metrics:**
+
+* Total requests overtime
+* Allowed requests
+* Blocked requests
+* Isolated requests
+* Do not inspect requests
+* Top bandwidth consumers (GB)
+* Top denied users
+
+## Gateway - Network traffic
+
+You can view a report on Gateway Network traffic (titled Gateway (network requests)) that contains:
+
+**Filters:**
+
+* Gateway network traffic data by country
+
+**Metrics:**
+
+* Total sessions
+* Authenticated sessions
+* Blocked sessions
+* Audit SSH sessions
+* Allowed sessions
+* Override sessions
+* Top bandwidth consumers (GB)
+* Top denied users
+
+## Gateway - DNS traffic
+
+You can view a report on Gateway DNS traffic that contains:
+
+**Filters:**
+
+* Gateway DNS traffic by query type
+* Gateway DNS traffic by country
+
+**Metrics:**
+
+* Total DNS queries
+* Allowed DNS queries
+* Blocked DNS queries
+* Override DNS queries
+* Safe Search DNS queries
+* Restricted DNS queries
+* Other DNS queries
+
+## Gateway - Firewall policies
+
+You can view a report on Gateway Firewall policies (titled **Gateway insights**) that contains:
+
+**Metrics:**
+
+* Top domain blocking policies
+* Top destination domains
+* Most user queries
+* Top devices
+* Top countries
diff --git a/src/content/docs/cloudflare-one/insights/analytics/gateway.mdx b/src/content/docs/cloudflare-one/insights/analytics/gateway.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: concept
 title: Gateway analytics
 sidebar:
-  order: 3
+  order: 4
 
 ---
 
diff --git a/src/content/docs/cloudflare-one/insights/analytics/shadow-it.mdx b/src/content/docs/cloudflare-one/insights/analytics/shadow-it.mdx
@@ -0,0 +1,110 @@
+---
+pcx_content_type: reference
+title: Shadow IT Discovery
+sidebar:
+  order: 5
+
+---
+
+The Shadow IT Discovery page provides visibility into the SaaS applications and private network origins your end users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.
+
+Shadow IT Discovery is located in [Zero Trust](https://one.dash.cloudflare.com) under **Analytics** > **Access**.
+
+## Turn on Shadow IT Discovery
+
+To allow Zero Trust to discover shadow IT in your traffic:
+
+* Turn on the [Gateway proxy](/cloudflare-one/policies/gateway/proxy/) for HTTP and network traffic.
+* Turn on [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) to inspect HTTPS traffic.
+* Ensure any network traffic you want to inspect is not routed around Gateway by a [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).
+
+## SaaS applications
+
+To see an overview of SaaS applications your users have visited, go to **Analytics** > **Access** > **SaaS**. This tab displays the following information:
+
+* **Unique application users**: Chart showing the number of different users who accessed SaaS applications over time.
+* **Top approved applications**: SaaS applications marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
+* **Top unapproved applications**: SaaS applications marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
+* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
+* **Logins**: Chart showing the number of logins for an individual Access application over time.
+* **Top applications accessed**: Access applications with the greatest number of logins.
+* **Top connected users**: Users who logged in to the greatest number of Access applications.
+
+### Review discovered applications
+
+You can view a list of all discovered SaaS applications and mark them as approved or unapproved. To review an application:
+
+1. Go to **Analytics** > **Access** > **SaaS**.
+2. In the **Unique application users** chart, select **Review all**. The table displays the following fields:
+
+
+
+| Field            | Description                                                                                                                  |
+| ---------------- | ---------------------------------------------------------------------------------------------------------------------------- |
+| Application      | SaaS application's name and logo.                                                                                            |
+| Application type | [Application type](/cloudflare-one/policies/gateway/application-app-types/#app-types) assigned by Cloudflare Zero Trust.     |
+| Status           | Application's [approval status](#approval-status).                                                                           |
+| Secured          | Whether the application is currently secured behind Cloudflare Access.                                                       |
+| Users            | Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page. |
+|                  |                                                                                                                              |
+
+3. Select a specific application to view details.
+4. Assign a new [approval status](#approval-status) according to your organization's preferences.
+
+The application's status will now be updated across charts and visualizations on the **SaaS** tab. You can block unapproved applications by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
+
+## Private network origins
+
+To see an overview of the private network origins your users have visited, go to **Analytics** > **Access** > **Private Network**. This tab displays the following information:
+
+* **Unique origin users**: Chart showing the number of different users accessing your private network over time.
+* **Top approved origins**: Origins marked as [**Approved**](#approval-status) which had the greatest number of unique visitors.
+* **Top unapproved origins**: Origins marked as [**Unapproved**](#approval-status) which had the greatest number of unique visitors.
+* **Zero Trust**: Metrics for your Access applications including the total number of accessed applications, failed logins, and connected users over the selected time period.
+* **Logins**: Chart showing the number of logins for an individual Access application over time.
+* **Top applications accessed**: Access applications with the greatest number of logins.
+* **Top connected users**: Users who logged in to the greatest number of Access applications.
+
+### Review discovered origins
+
+You can view a list of all discovered origins and mark them as approved or unapproved. To review a private network origin:
+
+1. Go to **Analytics** > **Access** > **Private Network**.
+2. In the **Unique origin users** chart, select **Review all**. The discovered origins that appear on this page are defined by unique combinations of IP address, port, and protocol.
+
+
+
+| Field      | Description                                                                                                             |
+| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
+| IP address | Origin's internal IP address in your private network.                                                                   |
+| Port       | Port used to connect to the origin.                                                                                     |
+| Protocol   | Protocol used to connect to the origin.                                                                                 |
+| Hostname   | Hostname used to access the origin.                                                                                     |
+| Status     | Origin's [approval status](#approval-status)                                                                            |
+| Users      | Number of users who connected to the origin over the period of time specified on the Shadow IT Discovery overview page. |
+
+
+
+3. Select a specific origin to view details.
+4. Assign a new [approval status](#approval-status) according to your organization's preferences.
+
+The origin's status will now be updated across charts and visualizations on the **Private Network** tab. You can block unapproved origins by creating a [Gateway policy](/cloudflare-one/policies/gateway/).
+
+## Approval status
+
+Within Shadow IT Discovery, applications are labeled according to their status. The default status for a discovered application is **Unreviewed**. Your organization can determine the status of each application and change their status at any time.
+
+:::note
+
+Approval status does not impact a user's ability to access the application. Users are allowed or blocked according to your Access and Gateway policies.
+:::
+
+
+
+| Status     | Description                                                                                            |
+| ---------- | ------------------------------------------------------------------------------------------------------ |
+| Approved   | Applications that have been marked as sanctioned by your organization.                                 |
+| Unapproved | Applications that have been marked as unsanctioned by your organization.                               |
+| In review  | Applications in the process of being reviewed by your organization.                                    |
+| Unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
+
