Close one incident at a time or use Bulk Incident to
close multiple incidents at once on SaaS Security API.
With automatic remediation,
SaaS Security API performs appropriate actions and updates the category
and status for incidents matching a data pattern. For other open
incidents, SaaS Security API identifies these open incidents as
you assess new incidents,
you might sometimes find the content of an asset or how the asset
is shared does not pose a threat to your organization. In these
cases, you can close the incident individually or close a group
of incidents. You can select a default close (denoted
by a red icon)
SaaS Security API identified
the asset as an incident because it matched one or more policy rules.
Unless you change a setting (for example, changing a collaborator or
domain from Untrusted or Trusted), SaaS Security API identifies
the asset as an incident again the next time it scans that asset.
You should fine-tune the policy rules
to ensure assets that are real threats are the only assets identified