App Catalog

List view

Quick Start
Welcome
Console & Settings
Release Notes
October 9, 2025 WitnessAI Update
October 23, 2025 WitnessAI Update
October 2, 2025 WitnessAI Update
September 30, 2025: WitnessAI Update
September 23, 2025: WitnessAI Update
August 12, 2025: WitnessAI Update
July 31, 2025: WitnessAI Update
July 18, 2025: WitnessAI Update
June 23, 2025: WitnessAI Update
June 9, 2025: WitnessAI Update
April 11, 2025: WitnessAI Release v2.0
Copy August 12, 2025: WitnessAI Update
Supported Applications & LLMs
User Guide
Lists - OLD
Private Applications
Home
Discovery
Discovered Apps
App Catalog
Analytics
Conversations
Users
Alerts
Policies
Lists
Settings
Configuration
Access Control
System
Secure AI Portal
User Menu
Policies & GuardRails
Policy Creation
Policy Precedence
GuardRail: Behavioral Activity
GuardRail: Data Protection
GuardRail: Harmful Response Prevention (Beta)
GuardRail: Model Identity Protection
GuardRail: Model Protection
GuardRail: Organizational Behavior (Beta)
GuardRail: Risk Analysis
Witness Anywhere: Remote Device Security
Witness Anywhere Overview
Witness Anywhere with Stunnel
Witness Anywhere: Azure VDI - Intune
Witness Anywhere: CrowdStrike (Windows)
Witness Anywhere: GPO (Windows)
Witness Anywhere: Jamf (macOS) (Beta)
Witness Anywhere: SentinelOne
Witness Anywhere: FAQ
Witness Attack
Witness Attack: AI Red Teaming 
Administrator Guide
Integrations: Identity Providers
Identity: Microsoft Entra ID (Azure AD)
Identity: Okta Identity
Integrations: Network Security
Netskope SWG
Palo Alto Networks NGFW
Prisma Access: DNS Sinkhole
Prisma Access: Explicit Proxy
Zscaler Internet Access
Zscaler Beta
Status Page
API Reference
Input API
Complete API
Text-Completion API
Prompt-Protect API
Encryption

App Catalog Overview

The App Catalog is your single place to see, add, and protect all the AI Apps your company uses. Think of it as your company’s app store.

Open the App Catalog

To open the App Catalog, click the Discovery menu (item 1 below). When the menu is collapsed, click the Discovery telescope icon below the Home icon. Then click on the App Catalog tab (item 2 below).
notion image
The first time you see the App Catalog, it may look similar to the “Discovered Apps” list. The difference is that now you’re seeing every app WitnessAI knows about, including Apps no one in your organization has used yet.

Finding an App

Searching for Apps by App name.
  1. Click in the Search box at the top, and begin typing the name of the application you want (e.g., “Co-Assist”).
  1. As you type, matching apps will appear immediately below the search bar. The search function looks for App Names that begin with the characters you enter. Searching for characters in the middle or end of the App Name will not match any Catalog entries.
      2. notion image
  • If an app shows up:
    • Click its name to view details, check its status, or apply policy controls.
  • If no match is found:
    • You’ll see this message:
        • “No applications found that begin with ‘…’. Would you like to add a new application?”
    • Click Add Application to start registering it yourself.
      • notion image
 
Tip: If you don’t see an expected app right away, try typing just the first few letters—search results update live as you type.

Adding a New Application

When an app has not been added to our catalog yet, you can add it yourself. This adds an App to the App Catalog.
From the empty-state prompt, click Add Application.
Enter the App’s base URL into the Domain field.
Click Submit.
notion image
You’ll get a confirmation banner—e.g., “Co-Assist AI was submitted to the catalog.” The new entry appears at the very top with a Pending Enrichment badge.
Why “Pending Enrichment”?
While our backend gathers risk data and usage stats (via public and our internal intelligence), we let you start applying policies right away—so there’s no gap in your security defenses.
 
By default, added Apps can be seen in the App Catalog and shared by everyone.  You can make the App private by choosing ‘internal/private’ thus making it visible to your company only. To keep the app fully private you may also disable enrichment and analytics processing. Users and groups associated with apps are viewable, along with insights charts providing additional perspectives about each app.
After submitting, the application then appears at the top of the catalog with a ‘pending enrichment’ status.  There is minimum data initially while enrichment is in progress.
You can:
  • Control the app through policy actions, like blocking for example.
  • Block the app while waiting for enrichment.
Security decisions follow a workflow modeled on shadow IT governance while new apps enter a “needs review” state until explicitly allowed or blocked. Blocked apps appear on a block list; allowed apps are removed from it. The history tab logs events affecting the application, such as submission, state changes, or updates to security attributes and risk scores. This acts as a mini audit log for the app.
Supported Actions
  • Proactive blocking of apps based on risk categories, enabling admins to inoculate their environment against risky applications before anyone uses them.
  • Navigation between discovered apps and the full app catalog, which includes browsing by categories (e.g., analytics, business intelligence).
  • Policy-based protections, allowing customers to create lists and reference them in policies (e.g., only allowing specific user groups access to certain apps). The goal is to protect as much app usage as possible via policy.

Controlling Access: Blocking & Policy Actions

Once an app is in the catalog, you can decide who gets to use it.
  • Immediate Block
    • Click the Block button next to any app to deny access at once—even before enrichment finishes.
  • Policy-Based Protection
    • Create named Lists (e.g., “Design Tools” or “Sales Apps”) in the Lists console, then tie those lists to user groups, and add Guardrails to enforce your policies.
    • Example: Allow only the Design team to access Figma, while blocking it for everyone else.

Preemptively block all high-risk tools company-wide:

  1. In the catalog, filter by Risk = Very High.
  1. Click the Select All checkbox (1) next to the APPLICATION label (2), then the Block button (3).
      2. This ensures employees can’t accidentally visit or launch dangerous apps.
notion image