Exposure Level

Prisma SaaS scans assets for exposure levels to identify how and with whom the asset is shared.
Prisma SaaS uses an exposure level status to describe how your shared assets display in an application and determines file exposure by analyzing all users who have access to the file. Although every SaaS application has its own settings for controlling how and with whom users may share assets, Prisma SaaS provides a mechanism for setting and enforcing acceptable exposure levels consistently across all your managed applications.
On Prisma SaaS, each policy rule—both the default rules as well as any custom rules you define—enable you to set a level of exposure identifying an asset as being at risk (except for Sensitive Documents rules, which match documents with predefined characteristics).
The exposure level is just one match criteria available in a policy rule and, therefore, determining the minimum level of exposure posing a threat depends on the other match criteria, and what threat the policy rule protects against.
For example, the WildFire policy rule scans all your assets for files containing malware. In this case, a file containing malware poses a threat no matter the exposure level. However, if you add a Sensitive Credential policy rule to protect an engineering GitHub repository used for sharing code throughout the company, any external sharing poses a risk, so you should configure the rule to match on Public and External exposures.
Prisma SaaS scans assets for the following exposure levels:
Unknown exposure level is used exclusively to search for assets, not policies, and only applies to AWS S3 buckets.
exposure-levels.png
Exposure Level
Description
Public
An asset is Public if it contains either of the following:
  • Public share settings
    —Assets found on a public repository or publicly indexed on Google.
  • Shared links
    —The owner created a public link, vanity URL, or password-protected link for direct access to the asset.
External
The owner invited one or more users outside of your organization to collaborate on the asset.
Company
The owner created a company-wide URL giving anyone in the company direct access to the asset.
Internal
Includes assets the owner has not shared. Also includes assets the owner has shared, but only with users within the company. These users have an email address in the enterprise domain name.
Shared via Custom URL
The owner created a custom link, vanity URL, or password-protected link for direct access to the asset and then shared this asset (directly or indirectly) using the link.
This option is for Box assets only and hidden if you are not using Prisma SaaS to secure Box applications.

Recommended For You