Assess Incidents

When you first add a new SaaS application, Prisma SaaS goes through a discovery phase where it compares the enabled data patterns and active policy rules against the information about all users associated with your assets. The service also gathers metadata for the assets (folder, repository, and table names and information about the files, such as the owner and collaborators) and the actual contents of the files. The service monitors changes in all of your monitored cloud apps and adds new incidents after it scans the assets. How soon Prisma SaaS can identify incidents depends on a variety of factors including the volume of users and assets on your SaaS application, and the SaaS application provider’s process for queuing and throttling calls to their API.

Related Documentation