Assess New Incidents

Prisma SaaS compiles a summary of incidents for you to view, assess and address by further investigation or closure.
Prisma SaaS compares all information it discovers against the enabled data patterns and active policy rules and identifies all violations and exposures for every asset across all cloud apps.
The service then sorts the violations by severity so you can assess them. After the initial discovery and remediation process, you should never see the same incidents again.
  1. Select
    Dashboard
    and view open
    Incidents
    , which displays:
    • Summary of policy rules with the number of open violations.
    • New incidents discovered in the last seven days.
    • Number of resolved incidents.
    dashboard-incident-pane.png
  2. Drill down into the incidents associated with a policy rule.
    1. Click the corresponding link or
      View All Open Incidents
      , which takes you to a list of all open incidents.
    2. Narrow your search results further to pinpoint risks.
      • Select
        Columns
        to add or remove columns that display incident information.
      • Type keywords to search for file name or part of a file name.
      • Sort column by ascending or descending data.
      • Use the built-in filters to see different views.
      • Export the incidents to a CSV file.
      filter-incidents.png
  3. Drill down into a particular asset.
    1. Click on the
      Item Name
      .
    2. Observe Asset Details, which displays:
      • Policy rule the asset violated.
      • Snippet of the file with the risky content highlighted, if available
      • Link to the asset in the associated cloud app for more context.
    incident-details.png
  4. Get a better understanding of the data behind the violation. In
    Actions
    , depending on the asset type and cloud app:
    incident-details-actions.png
  5. Address the incidents.
    After you understand the incidents and the context around them, you can start to address incidents. If you have several incidents to resolve, you can configure Automatic Remediation for most of the cloud apps. There are several ways to remediate an incident:

Recommended For You