: Assess New Incidents on Data Security
Focus
Focus

Assess New Incidents on Data Security

Table of Contents

Assess New Incidents on
Data Security

Learn how to assess new incidents on
Data Security
.
Data Security
compiles a summary of incidents for you to view, assess, and address with further investigation or closure. SaaS Security web interface displays all the relevant information you need to assess the incident and understand the service’s decision to create the incident. After the initial discovery and remediation process, the same incidents don't display again.
Data Security
compares all information it discovers against the enabled data patterns and active policy rules, then identifies all violations and exposures for every asset across all cloud apps. Finally, SaaS Security does the following:
  • Assigns a unique numeric
    Incident ID
    , which associates the asset with the rule violation.
    If Incident ID does not display, the column isn't enabled. Select it from the
    Columns
    drop-down.
  • Displays match results for the specific rules that the sensitive content violated when the rule defines data patterns instead of data profiles.
  • Sorts incidents by
    Severity
    so you can assess them efficiently.
Support for automated remediation capabilities varies by SaaS application.
  1. From the
    Dashboard
    , view the summary of the
    Incidents
    , which displays:
    • Rule
      —Policy rule associated with the violations.
    • Open
      —Number of open violations.
    • New
      —Incidents discovered in the last 7 days.
    • Resolved
      —Number of resolved incidents in the last 7 days.
  2. From the
    Dashboard
    , drill down into the open incidents.
    1. From Click
      View All Open Incidents
      link to view a list of
      all
      open incidents.
    2. Narrow your search results further to pinpoint risks.
      • Select
        Columns
        drop-down to add or remove columns that display incident information.
      • Type keywords to search for a file name or part of a file name.
      • Sort column by ascending or descending data.
      • Use the built-in filters to see different views.
      • Export the incidents to a CSV file.
  3. Drill down into the
    Incident Details
    for a specific incident.
    1. Click
      Data Asset Name or Item Name
      to display summary data and match results for the specific rules that were violated.
      These match results operate on rules that define data patterns only—not data profiles. Therefore, Incident Details don't yet display match results for predefined rules, which use data profiles by default.
    2. Click
      Request Snippets
      .
      The snippet automatically displays if you recently clicked on this button and the cached data isn't expired.
    3. Navigate
      By Confidence Level
      to filter through the match results, starting with High Confidence.
  4. Drill down into the particular asset associated with a specific incident.
    1. Click
      Data Asset Name or Item Name
      .
    2. Observe Asset Details, which displays:
      • Additional policy rules the asset violated.
      • Snippet of the file with the risky content highlighted, if available.
      • Link to the asset in the associated cloud app for more context.
  5. Get a better understanding of the data behind the violation. In
    Actions
    , depending on the asset type and cloud app:
  6. Address the incidents.
    After you understand the incidents and the context around them, you can start to address incidents. If you have several incidents to resolve, you can configure Automatic Incident Remediation Options for most of the cloud apps. There are several ways to remediate an incident:

Recommended For You