Use Faceted Search to Filter Assets

Learn how to use faceted search on Prisma SaaS to investigate and view details about incidents discovered when scanning your SaaS applications.
In addition to the highlights from the Dashboard, Prisma SaaS provides visibility into all assets in your managed SaaS applications. Search provides you with different views to help you find the incidents that are most important to you. You can view incidents by user to see if any of your users (or external collaborators) have a history of misuse or you can view all incidents for a specific file type. You can also use search to simplify the remediation process and to determine if you should Fine-Tune Policy. For example, you can find PII violations with external exposure, assign issues to an administrator, and send an email to the owners—all in one streamlined workflow.
  1. Select
    Explore
    Assets
    to view any scanned assets.
    By default, Prisma SaaS displays the Exposure, Type, Item Name, Owner, and Content columns but you can add additional columns such as Creator, Owner Email, Creator Email, Date Created, Date Updated, and File Type.
    faceted-search-assets.png
  2. Use the facets to narrow your search results.
    Dropbox folders do not have metadata for the creation or updated date, preventing search filters other than Any Date to return these folders. However, you can still search for individual files within a folder by a creation or last modified date.
    faceted-search-option-pane.png
    1. Select one or more of the following facets to create your search expression. With multiple filters, Prisma SaaS performs a logical AND search and rounds up the asset total in the search results.
      • Enter the filename (or part of the filename), folder name, or email address in the
        Search
        box to find an item. To find specific users or Collaborators, enter their full email address.
      • Date
        —The date range of the exposure. Choices include any date, past year, past month, and past week (default).
      • Cloud App
        (instance name)—Assets associated with each instance of a cloud application.
      • Policy Rules
        —Data pattern types available for scanning assets. Click to select the data patterns in which you are interested. For example, you can filter on assets that are sensitive documents with PII violations.
      • Content
        —Lists the six predefined data pattern content categories, and
        Uncategorized
        for violations that are not associated with a specific data pattern.
        faceted-search-content.png
      • Exposure Level
        —Details about shared assets and who can access and view the asset.
      • Buckets
        —Lists the number of assets associated to a bucket.
      • Shared With
        —Select users or collaborators with access to shared assets. To see a list of shared assets, you can filter
        Trusted Users
        (those with internal domains),
        Untrusted Users
        (those with external domains), and
        Anyone Except Trusted Users
        (anyone other than a trusted user).
      • Top Owners
        —Users who own the highest number of assets.
      • Top Creators
        —Users who created the highest number of assets.
      • Shared with Domains
        —Lists the domains with the highest number of sharing listed in order.
      • File Type
        —File formats of the assets that reside in the cloud applications.
      If you want investigate incidents associated with a specific cloud application, select
      Incidents
      Assets
      , and select the cloud app from
      Cloud Apps
      to view a list incidents along with the policy rule violation.
  3. Download your current view into a
    CSV
    file.
    When you download asset details to review offline, additional information such as external and internal collaborators, file size, and parent folder are included in the CSV file.
  4. Click
    Advanced
    to use RegEx to perform Advanced Searches.

Related Documentation