Detecting Shadow IT Cloud Usage Overview Shadow IT refers to unauthorized SaaS applications and cloud services used without IT approval. This skill analyzes proxy logs, DNS query logs, and firewall/netflow data to identify unauthorized cloud service usage, classify discovered domains against known SaaS categories, measure data transfer volumes, and flag high-risk services based on security posture and compliance requirements. When to Use - When investigating security incidents that require detecting shadow it cloud usage - When building detection rules or threat hunting queries for this domai…