How to identify an application captured in the CloudSOC Audit is an background app or an redirection webstie or something that admin doesn't need to care about?
I would look at number of users accessing, length of time visited, and any data transfers.
Additionaly, you may want to configure your data sources to "Ignore Indirect Traffic". This will probably filter out a lot of that kind of activity.