Assess New Incidents

The Aperture service compiles a summary of open incidents for you to view, assess and address by further investigation or closure.
The Aperture service compares all information it discovers against the enabled data patterns and active policy rules and identifies all violations and exposures for every asset across all cloud apps. The service then sorts the violations by severity so you can assess and either close or address them. After the initial discovery and remediation process, you should never see the same incidents again.
  1. Select Dashboard and view open Incidents to see a summary of data pattern rules with the number of open violations, any new incidents discovered in the last seven days, and the number of resolved incidents.
    po-dashboard-incident-widget.png
  2. Drill down into the incidents associated with a data pattern rule by clicking the corresponding link or View All Open Incidents. This takes you to a list of all open incidents associated with a data pattern rule where you can narrow your search results further or edit multiple incidents at once.
    • Select Display to customize the columns displaying incident information.
    • To filter Incidents and pinpoint risks, you can enter keywords to search for, such as a file name or part of a file name, sort each column by ascending or descending data, or you can use the built-in filters to see different views.
    • Click Export CSV to download the current view of incidents in a comma-separated list.
    • Use Bulk Edit to change the status of or assign up to 1000 incidents to another admin. You can view status changes in Remediation Activity Logs and incident assignment updates in the Admin Activity Logs.
    po-filter-incidents.png
  3. Drill down into a particular asset by clicking on the Item Name. Asset Details displays basic info, the data pattern rules the asset violated, a snippet of the file with the risky content highlighted, if available, and a link to the asset in the associated cloud app so you can get more context into the incident.
    po-incident-details.png
  4. In Actions, depending on the asset type and cloud app, you can open the asset, quarantine, explore the hierarchy of the file, send an email to the owner, download the file, or apply classification labels to third-party apps.
    asset-details-applying-classifications.png
  5. To filter incidents associated with users, click ExplorePeople, select Internal Users or External Users, and scan the columns for Owned Items and Collaboration Items to identify users with a pattern of risky behavior. Click the value in a column to view their email, any cloud applications used, role, and activity as well as More Info to see detailed information associated with the user.
    po-incident-details-collaborators.png
  6. After you understand the incidents and the context around them, you can start to address incidents. If you have several incidents to address, you can Automatically Remediate Incidents for most of the cloud apps. There are several ways to address a risk:

Related Documentation