Use Faceted Search to Filter Assets

Learn how to use faceted search on Aperture to investigate and view details about incidents discovered when scanning your SaaS applications.
In addition to the highlights from the Dashboard, the Aperture service provides visibility into all assets in your managed SaaS applications. Search provides you with different views to help you find the incidents that are most important to you. You can view incidents by user to see if any of your users (or external collaborators) have a history of misuse or you can view all incidents for a specific file type. You can also use search to simplify the remediation process and to determine if you should Fine-Tune Policy. For example, you can find PII violations with external exposure, assign issues to an administrator, and send an email to the owners—all in one streamlined workflow.
  1. Select ExploreAssets to view any scanned assets.
    By default, Aperture displays the Exposure, Type, Item Name, Owner, and Content columns but you can add additional columns such as Creator, Owner Email, Creator Email, Date Created, Date Updated, and File Type.
    po-faceted-search-assets.png
  2. Use the facets to narrow your search results.
    Dropbox folders do not have metadata for the creation or updated date, preventing search filters other than Any Date to return these folders. However, you can still search for individual files within a folder by a creation or last modified date.
    faceted-search-facets-post-po.png
    1. Select one or more of the following facets to create your search expression. With multiple filters, the Aperture service performs a logical AND search and rounds up the asset total in the search results.
      • Enter the filename (or part of the filename), folder name, or email address in the Search box to find an item. To find specific users or Collaborators, enter their full email address.
      • Date—The date range of the exposure. Choices include any date, past year, past month, and past week (default).
      • Cloud App (instance name)—Assets associated with each instance of a cloud application.
      • Policy Rules—Data pattern types available for scanning assets. Click to select the data patterns in which you are interested. For example, you can filter on assets that are sensitive documents with PII violations.
      • Content—Lists the six predefined data pattern content categories, and Uncategorized for violations that are not associated with a specific data pattern.
        filter-classification-in-faceted-search.png
      • Exposure Level—Details about shared assets and who can access and view the asset.
      • Buckets—Lists the number of assets associated to a bucket.
      • Shared With—Select users or collaborators with access to shared assets. To see a list of shared assets, you can filter Trusted Users (those with internal domains), Untrusted Users (those with external domains), and Anyone Except Trusted Users (anyone other than a trusted user).
      • Top Owners—Users who own the highest number of assets.
      • Top Creators—Users who created the highest number of assets.
      • Shared with Domains—Lists the domains with the highest number of sharing listed in order.
      • File Type—File formats of the assets that reside in the cloud applications.
      If you want investigate incidents associated with a specific cloud application, select IncidentsAssets, and select the cloud app from Cloud Apps to view a list incidents along with the policy rule violation.
  3. Download your current view into a CSV file.
    When you download asset details to review offline, additional information such as external and internal collaborators, file size, and parent folder are included in the CSV file.
  4. Click Advanced to use RegEx to perform Advanced Searches.

Related Documentation