Close one incident at a time or use Bulk Incident to close multiple incidents at once on Aperture.
When you Assess Incidents, you might sometimes find the content of an asset or how the asset is shared does not pose a threat to your organization. In these cases, you can close the incident individually or use Bulk Edit to close a group of incidents. You can select one of the default close categories or Customize the Incident Categories to better identify close incident states to suit your needs.
Keep in mind the Aperture service identified the asset as an incident because it matched one or more policy rules. Unless you change a setting (for example, changing a Collaborator or domain from Untrusted or Trusted), the Aperture service will identify the asset as an incident again the next time it scans that asset. You should Fine-Tune Policy rules so assets posing as real threats are the only assets identified as incidents.
If you wish to review the events recorded when the status of an incident changes, review these changes in the Remediation Activity Logs.
- To close a group of incidents, click IncidentsAssets, and select up to 1000 incidents. Click Bulk EditChange Status, and select a closed category, denoted by a red icon .
- To close a single incident associated with an asset, click the asset name to view the Asset Details or Security Controls Incident Details, and select a closed Status category.
- Choose from these Closed State Incident states.
- No Reason found for incident.
- Business Justified for incidents such as testing, Aperture tool demonstrations, and training.
- Misidentified as a data pattern match or policy violation.
Modify Incident Status
Use Aperture to update the investigation status of an incident after being identified. ...
Assess Incidents When you first add a new SaaS application, the Aperture service goes through a discovery phase where it compares the enabled data patterns ...
Customize the Incident Categories
Add custom incident categories for Open or Closed states to help filter incidents and track changes. ...
Use Advanced Search
Use Advanced Search To perform an advanced search: Show the assets. Select Explore Assets . Select Advanced to start an advanced search. Create your Use ...
What is an Incident?
The Aperture service identifies and sets the state and category for each incident discovered during the scanning of your assets. ...
Assess New Incidents
The Aperture service compiles a summary all incidents to be assessed and addressed by further investigation or closure. ...
Assign Incidents to Another Administrator
Use Bulk Incident to assign a group of incidents to another Aperture administrator or assign incidents individually. ...
Remediate Issues The Palo Alto Networks® Aperture™ service provides detailed information about the incidents it detects as it scans assets in your managed SaaS applications. ...
Specify internal and external collaborators, and trusted and untrusted users to configure the incident settings on Aperture. ...