SaaS Security Administrator's Guide
    : Assess New Incidents on Data Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Assess Incidents on Data Security
    6. Assess New Incidents on Data Security
    Download PDF

    SaaS Security Administrator's Guide

    Assess New Incidents on Data Security

    Table of Contents

    Assess New Incidents on
    Data Security

    Learn how to assess new incidents on
    Data Security
    .
    Data Security
     compiles a summary of incidents for you to view, assess, and address with further investigation or closure. SaaS Security web interface displays all the relevant information you need to assess the incident and understand the service’s decision to create the incident. After the initial discovery and remediation process, the same incidents don't display again.
    Data Security
     compares all information it discovers against the enabled data patterns and active policy rules, then identifies all violations and exposures for every asset across all cloud apps. Finally, SaaS Security does the following:
    • Assigns a unique numeric
      Incident ID
      , which associates the asset with the rule violation.
    • Displays match results for the specific rules that the sensitive content violated when the rule defines data patterns instead of data profiles.
    • Sorts incidents by
      Severity
       so you can assess them efficiently.
    Support for automated remediation capabilities varies by SaaS application.
    1. From the
      Dashboard
      , view the summary of the
      Incident By Status
      , which displays:
      • Open
        —Number of open violations.
      • Resolved
        —Number of closed incidents .
    2. From the
      Dashboard
      , select either
      View All Open Incidents
       from the Open Incidents by Severity section or
      View all Incidents
       from the Incidents by Status section.
      This opens the
      Data Security
      Incidents
      page.
      1. Narrow your search results further to pinpoint risks.
        • Type keywords to search for an asset name or owner.
        • Sort column by ascending or descending data.
        • Use the built-in filters to see different views.
        • Export the incidents to a CSV file.
    3. Get more information about specific incidents.
      1. Click
        Data Asset Name
        to display summary data and match results for the specific rules that were violated.
        These match results operate on rules that define data patterns only—not data profiles. Therefore, Incident Details don't yet display match results for predefined rules, which use data profiles by default.
      2. Click
        Request Snippets
        .
        The snippet automatically displays if you recently clicked on this button and the cached data isn't expired.
      3. Navigate
        By Confidence Level
         to filter through the match results, starting with High Confidence.
      4. Observe Asset Details.
      5. Get a better understanding of the data behind the incident. In
        Actions
        , depending on the asset type and cloud app:
        • Open File.
        • Download File
        • Admin Quarantine
        • User Quarantine
        • Change Sharing
    4. Address the incidents.
      After you understand the incidents and the context around them, you can start to address incidents. If you have several incidents to resolve, you can configure Automatic Incident Remediation Options for most of the cloud apps. There are several ways to remediate an incident:

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.