Public Application Discovery

Automatically discover public applications accessed by your users

  • Updated on May 21, 2024
  • 4 minutes to read
  • Contributors


IT and Security teams tend to have low visibility into devices that are not connected to their network, given that, traditionally, the point of visibility has been the office’s network gateway. This lack of visibility often results in applications being accessed that Security/IT teams haven’t reviewed or adequately protected.

App Discovery is a new feature that provides admins visibility by recording end users’ DNS requests, mapping them back to Cloud Secure Edge’s (CSE) database of public apps, and providing the admin a list of all the public applications used by employees who have the desktop app installed. CSE leverages existing ITP architecture to deliver this capability.

The Public Applications list can then be used to secure public resources via CSE’s Secure Public Applications capability.


  • Desktop app v.3.11
  • ITP enabled on the device

How It Works

Once a device has the desktop app installed, each DNS request sent from the device is captured (by the desktop app) while the request is resolved at one of CSE’s global DNS servers.

App Discovery List

The App Discovery list can be found in the Command Center under Internet Access > App Discovery. CSE tracks thousands of public applications, helping to surface the resources that are critical to your organization’s security posture.

Note: CSE surfaces all public resources in its inventory, including ones that have not yet been accessed by end users.

Details Page

Once captured, the DNS request is analyzed and the domain is mapped to one of our 1300+ cataloged Applications. If successfully mapped, CSE then records the time the device user pair has accessed the application inside the Application Inventory section of CSE’s console.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.