Automatic remediation is a powerful tool you can use to address security incidents that the Aperture service discovers. When you Add a New Policy Rule for Content, select the remediation or action required to automatically address the incident:
Automatic remediation can modify a large number of incidents in a short amount of time. Make sure you perform a test run first (using one policy rule and a small set of assets) before including these actions on additional policy rules.
If an incident poses an immediate threat to your intellectual property or proprietary data, you can automatically move the compromised asset to a quarantine folder. You can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app, or you can send the asset to a special Admin quarantine folder which only Admin users can access. When an asset is automatically quarantined, you can send the asset owner a Remediation Digest Email that describes the changes that were made (Actions Taken).
If an incident includes a link that allows the asset to be publicly accessed (Public Link), you can automatically remove the links that allow the asset to be publicly accessed. You can remove the direct link on the asset only, or you can also remove links that expose the asset due to inheritance from parent folders. When sharing automatically changes on an asset, you can send the asset owner a Remediation Digest Email that describes the changes that were made (Actions Taken).
Notify File Owner
Instead of automatically fixing the incident, send the file owner a Remediation Digest Email that describes actions they can take to remediate the policy violation (Recommended Actions).
Notify via Bot
Instead of using the administrator account, use a machine account to send the file or message owner a message that describes the actions they can take to remediate the policy violation (Recommended Actions).
For most policy rules, verify that the Actions setting is Create Incident. This option allows you to identify potential risk for new cloud apps that you added. Then, after you uncover specific incidents that are determined to be high-compliance risks on your network, you can modify the rule or add a new rule that triggers one of the Autoremediate actions to automatically remediate the policy violation.
Send Admin Alert
Select send admin alert for compliance issues that need immediate action, such as policy rules that are high risk or sensitive. Sends the administrator an Remediation Digest Email that describes actions they can take to remediate the policy violation (Recommended Actions).
Add a New Asset Policy Rule
Add a New Asset Policy Rule To add a new policy rule for scanning assets stored on your SaaS applications: Select Policy Asset Rules Add ...
Automatically Remediate Incidents
Automatically Remediate Incidents After you Assess Incidents you can determine the best approach for remediating each incident. Refer to the following topics for more information ...
Remediate Issues The Palo Alto Networks® Aperture™ service provides detailed information about the incidents it detects as it scans assets in your managed SaaS applications. ...
Building Blocks in Aperture Asset Policy
Building Blocks in Aperture Asset Policy An asset (or content) policy rule has the following information: Field Description Rule Name A name for the policy ...
Remediation Digest Email
Remediation Digest Email The remediation digest email contains one or two reports: Actions Taken —When a risk is automatically remediated, this reports shows a description ...
Assess New Incidents
The Aperture service compiles a summary all incidents to be assessed and addressed by further investigation or closure. ...
Remediation Activity Logs
Remediation Activity Logs You can proactively monitor incident remediation logs to track activity. These logs are useful for auditing the progress of automatic remediation and ...
Remediation Activity Log Fields
Remediation Activity Log Fields This log is generated when a remediation activity occurs. Field Name Description remediated_timestamp Time the remediation action occurred. Values are in ...
New Features Introduced in October 2017
New Features Introduced in October 2017 The following table provides a snapshot of new features introduced for Aperture™ in October 2017. Refer to the Aperture ...