# Monthly reports ### Data Sources | File | Key Fields | | -------------- | ------------------------------------------------------------------------------------------------------- | | `applications` | `status`, `accountsUsed`, `accountsDetected`, `category`, `classificationId`, `sources`, `lastActivity` | | `users` | `status`, `vendorsUsed`, `vendorsDetected`, `emails` | *** ### 1. Application Status Distribution Each application is bucketed by its `status` field: | Status | Filter | | ---------------- | ------------------------------- | | Approved | `status == 'approved'` | | Discovered | `status == 'discovered'` | | Security Concern | `status == 'security-concern'` | | In Review | `status == 'in-review'` | | Evaluation | `status == 'evaluation-period'` | | Closed | `status == 'closed'` | Each is displayed as a count and percentage of `total_apps`. *** ### 2. Security Threat Metrics | Metric | Formula | | --------------------------- | -------------------------------------------------------- | | **Total Security** | Count of apps where `status == 'security-concern'` | | **Contained** | Subset where `accountsUsed == 0` (no active users) | | **Active** | Subset where `accountsUsed > 0` (still in use) | | **Active Security Users** | Sum of `accountsUsed` across all active security threats | | **Threat Containment Rate** | `contained / total_security × 100` | A security threat is considered **contained** when it has been driven to zero active users. *** ### 3. Shadow IT Metrics Shadow IT includes apps with status in: `discovered`, `security-concern`, `in-review`. | Metric | Formula | | ------------------------- | ----------------------------------- | | **Total Shadow** | Count of apps with shadow IT status | | **Eliminated** | Subset where `accountsUsed == 0` | | **Active Shadow** | Subset where `accountsUsed > 0` | | **Shadow Reduction Rate** | `eliminated / total_shadow × 100` | *** ### 4. Governance Coverage Governed statuses: `approved`, `in-review`, `evaluation-period`, `closed`. | Metric | Formula | | ------------------- | ------------------------------------ | | **Governed Apps** | Count of apps with a governed status | | **Governance Rate** | `governed_apps / total_apps × 100` | *** ### 5. User Metrics #### User Segmentation | Segment | Filter | | -------------------------- | ---------------------------------------------------------------- | | **Active Users** | `status == 'live'` AND `vendorsUsed > 0` | | **Offboarding with Usage** | `status in ['offboarding', 'deactivated']` AND `vendorsUsed > 0` | | **Inactive Users** | `vendorsUsed == 0` (any status) | #### User Compliance Rate A user is **compliant** if they use fewer than **30 vendors** (`compliance_threshold`). | Metric | Formula | | ------------------- | -------------------------------------- | | **Compliant Users** | Active users where `vendorsUsed < 30` | | **Compliance Rate** | `compliant_users / active_users × 100` | #### Usage Efficiency | Metric | Formula | | -------------------- | --------------------------------------------- | | **Avg Detected** | Average `vendorsDetected` across active users | | **Avg Used** | Average `vendorsUsed` across active users | | **Usage Efficiency** | `avg_used / avg_detected × 100` | #### User Distribution Active users are bucketed by `vendorsDetected` into ranges: 0–20, 21–50, 51–100, 101–150, 150+. *** ### 6. AI Metrics #### AI App Detection An app is classified as **AI** if: * Its category is "Artificial Intelligence and Automation" #### AI Indicators | Metric | Filter | | --------------------- | ------------------------------------------------------------ | | **AI Total** | All AI-classified apps | | **AI Security** | AI apps with `status == 'security-concern'` | | **AI Active Threats** | AI security apps with `accountsUsed > 0` | | **AI Active Users** | Sum of `accountsUsed` on active AI threats | | **AI Discovered** | AI apps with `status == 'discovered'` and `accountsUsed > 0` | | **AI Approved** | AI apps with `status == 'approved'` | | **AI Pending** | AI apps with `status in ['in-review', 'discovered']` | *** ### 7. Report Tables #### Active Security Threats Top 15 `security-concern` apps with `accountsUsed > 0`, sorted by active users descending. Shows a conversion percentage: `accountsUsed / accountsDetected × 100`. #### High-Risk Discoveries `discovered` apps with `accountsUsed >= 10` (`high_risk_user_threshold`), sorted by active users descending, top 15. #### Remediation Priority Active security threats are assigned a priority based on `accountsUsed`: | Priority | Condition | | ----------------- | -------------------- | | **P1 — Critical** | `accountsUsed >= 15` | | **P2 — High** | `accountsUsed >= 5` | | **P3 — Medium** | `accountsUsed < 5` | #### Pending Governance `discovered` apps with `accountsUsed >= 20`, sorted by active users descending, top 10. *** ### Key Concepts * An app is **contained/eliminated** when `accountsUsed == 0` — no one is actively using it. * An app is an **active risk** when `accountsUsed > 0`. * User **compliance** is based on keeping vendor usage below 30 apps per user. * **Usage efficiency** measures what fraction of detected apps are actually used. * **Governance coverage** tracks how many apps have moved beyond the "discovered" stage into a managed status.