Security Controls Incident Details

The Aperture service scans and analyzes email assets, settings, and user behavior and applies Security Control policies to identify exposures, risky user behavior, and sensitive documents. The service also performs deep content inspection for known and unknown malware, data exposure, and data exfiltration. When the Aperture service determines that a security control is an incident, it creates a incident detail view that you use to Assess Incidents in your managed SaaS applications. These details can include some or all of the following information:
Incident Detail
Description
Setting Detail
Displays which security control rule or rules that were violated and the number of violations, the date the Aperture service discovered the incident, the scanned Cloud app, and identifies the email sender, key owner, or folder owner.
For assets that match the WildFire Analysis rule, you can Use the WildFire Report to Track Down Threats.
Setting Link
Links to the SaaS app and displays the settings available to configure, such as key rotation, password policy, and email auto-forward rules.
Workflow
Displays notes that other Aperture administrators added for that asset to help you understand the incident and provides options to add notes, categorize the incidents, and Assign Incidents to Another Administrator.

Related Documentation