Assess New Incidents
The Aperture service compiles a summary of open incidents for you to view, assess and address by further investigation or closure.
The Aperture service compares all information it discovers against the enabled data patterns and active policy rules and identifies all violations and exposures for every asset across all cloud apps. The service then sorts the violations by severity so you can assess and either close or address them. After the initial discovery and remediation process, you should never see the same incidents again.
- Select Dashboard and view open Incidents to see a summary of data pattern rules with the number of open violations, any new incidents discovered in the last seven days, and the number of resolved incidents.
- Drill down into the incidents associated with a data
pattern rule by clicking the corresponding link or View
All Open Incidents. This takes you to a list of all
open incidents associated with a data pattern rule where you can
narrow your search results further or edit multiple incidents at
- Select Display to customize the columns displaying incident information.
- To filter Incidents and pinpoint risks, you can enter keywords to search for, such as a file name or part of a file name, sort each column by ascending or descending data, or you can use the built-in filters to see different views.
- Click Export CSV to download the current view of incidents in a comma-separated list.
- Use Bulk Edit to change the status of or assign up to 1000 incidents to another admin. You can view status changes in Remediation Activity Logs and incident assignment updates in the Admin Activity Logs.
- Drill down into a particular asset by clicking on the Item Name. Asset Details displays basic info, the data pattern rules the asset violated, a snippet of the file with the risky content highlighted, if available, and a link to the asset in the associated cloud app so you can get more context into the incident.
- In Actions, depending on the asset type and cloud app, you can open the asset, quarantine, explore the hierarchy of the file, send an email to the owner, download the file, or apply classification labels to third-party apps.
- To filter incidents associated with users, click ExplorePeople, select Internal Users or External Users, and scan the columns for Owned Items and Collaboration Items to identify users with a pattern of risky behavior. Click the value in a column to view their email, any cloud applications used, role, and activity as well as More Info to see detailed information associated with the user.
- After you understand the incidents and the context around them, you can start to address incidents. If you have several incidents to address, you can Automatically Remediate Incidents for most of the cloud apps. There are several ways to address a risk:
Modify Incident Status
Use Aperture to update the investigation status of an incident after being identified. ...
Close one incident at a time or use Bulk Incident to close multiple incidents at once on Aperture. ...
What is an Incident?
The Aperture service identifies and sets the state and category for each incident discovered during the scanning of your assets. ...
Assign Incidents to Another Administrator
Use Bulk Incident to assign a group of incidents to another Aperture administrator or assign incidents individually. ...
Assess Incidents When you first add a new SaaS application, the Aperture service goes through a discovery phase where it compares the enabled data patterns ...
Remediate Issues The Palo Alto Networks® Aperture™ service provides detailed information about the incidents it detects as it scans assets in your managed SaaS applications. ...
Customize the Incident Categories
Add custom incident categories for Open or Closed states to help filter incidents and track changes. ...
Use Advanced Search
Use Advanced Search To perform an advanced search: Show the assets. Select Explore Assets . Select Advanced to start an advanced search. Create your Use ...
Security Controls Incident Details
Security Controls Incident Details The Aperture service scans and analyzes email assets, settings, and user behavior and applies Security Control policies to identify exposures, risky ...