Assess New Incidents
Prisma SaaS compiles a summary of incidents for you to view, assess and address by further investigation or closure.
Prisma SaaS compares all information it discovers against the enabled data patterns and active policy rules and identifies all violations and exposures for every asset across all cloud apps. The service then sorts the violations by severity so you can assess and either close or address them. After the initial discovery and remediation process, you should never see the same incidents again.
- SelectDashboardand view openIncidentsto see a summary of policy rules with the number of open violations, any new incidents discovered in the last seven days, and the number of resolved incidents.
- Drill down into the incidents associated with a policy rule by clicking the corresponding link orView All Open Incidents, which takes you to a list of all open incidents where you can narrow your search results further or edit multiple incidents at once.
- SelectDisplayto customize the columns displaying incident information.
- To filter Incidents and pinpoint risks, you can enter keywords to search for, such as a file name or part of a file name, sort each column by ascending or descending data, or you can use the built-in filters to see different views.
- ClickExport CSVto download the current view of incidents in a comma-separated list.
- Drill down into a particular asset by clicking on theItem Name. Asset Details displays basic info, the policy rule the asset violated, a snippet of the file with the risky content highlighted, if available, and a link to the asset in the associated cloud app so you can get more context into the incident.
- InActions, depending on the asset type and cloud app, you can open the asset, quarantine, explore the hierarchy of the file, send an email to the owner, download the file, or apply classification labels to third-party apps.
- To filter incidents associated with users, click, selectExplorePeopleInternal UsersorExternal Users, and scan the columns forOwned ItemsandCollaboration Itemsto identify users with a pattern of risky behavior. Click the value in a column to view their email, any cloud applications used, role, and activity as well asMore Infoto see detailed information associated with the user.
- After you understand the incidents and the context around them, you can start to address incidents. If you have several incidents to resolve, you can configure Automatic Remediation for most of the cloud apps. There are several ways to remediate an incident:
Modify Incident Status
Use Prisma SaaS to modify and record the investigation status of an incident discovered when scanning your SaaS applications. ...
View All Open Incidents
View All Open Incidents The Incidents pane on the Dashboard summarizes the number of open incidents detected against each policy rule. When Prisma SaaS starts ...
What is an Incident?
Prisma SaaS identifies and sets the state and category for each incident discovered during the scanning of your assets. ...
Close one incident at a time or use Bulk Incident to close multiple incidents at once on Prisma SaaS. ...
Customize the Incident Categories
Add custom incident categories for Open or Closed states to help filter incidents and track changes. ...
Manually Remediate Incidents
Manually Remediate Incidents After you Assess Incidents you can determine the best approach for remediating each identified issue. For a large number of assets, you ...
Assess Incidents When you first add a new SaaS application, Prisma SaaS goes through a discovery phase where it compares the enabled data patterns and ...
Remediate Issues Palo Alto Networks® Prisma SaaS provides detailed information about the issues it detects as it scans the assets in your managed SaaS applications. ...
Assign Incidents to Another Administrator
Use Bulk Incident to assign a group of incidents to another Prisma SaaS administrator or assign incidents individually. ...