Security Controls Incident Details

Use Security Controls incident details to investigate why Prisma SaaS created an incident for a security control policy violation.
Prisma SaaS scans and analyzes email assets, settings, and user behavior and applies Security Control policies to identify exposures, risky user behavior, and sensitive documents. The service also performs a deep content inspection for known and unknown malware, data exposure, and data exfiltration. When Prisma SaaS determines that the security control is an incident, it creates an incident detail view that you use to Assess Incidents in your managed SaaS applications. These details can include some or all of the following information:
wildfire-security-controls.png
Incident Detail
Description
Setting Detail
Displays which security control rule was violated, the date Prisma SaaS discovered the incident, the scanned Cloud app, and identifies the email sender, principal owner, or folder owner.
For assets that match the WildFire Analysis rule, you can Use the WildFire Report to Track Down Threats.
Setting Name
Links to the SaaS app and displays the settings available to configure, such as key rotation, password policy, and email auto-forward rules.
Options
Option to
Email
a message to the email sender, principal owner, or folder owner or
Dismiss
the incident.

Recommended For You