Close Incidents

Close one incident at a time or use Bulk Incident to close multiple incidents at once on SaaS Security API.
With automatic remediation, SaaS Security API performs appropriate actions and updates the category and status for incidents matching a data pattern. For other open incidents, SaaS Security API identifies these open incidents as
When you assess new incidents, you might sometimes find the content of an asset or how the asset is shared does not pose a threat to your organization. In these cases, you can close the incident individually or close a group of incidents. You can select a default close (denoted by a red icon)
category. Additionally, you can customize the incident categories to create close incident categories to suit your organization’s needs.
SaaS Security API identified the asset as an incident because it matched one or more policy rules. Unless you change a setting (for example, changing a collaborator or domain from Untrusted or Trusted), SaaS Security API identifies the asset as an incident again the next time it scans that asset. You should fine-tune the policy rules to ensure assets that are real threats are the only assets identified as incidents.
If you want to review the events recorded when the status of an incident closes, inspect the remediation activity logs.
  • Close a group of incidents.
    1. Click
    2. Select up to 1000 incidents.
    3. Click
      Change Status
    4. Select a close
      , denoted by a red icon.
  • Close a single incident.
    1. Click the asset name to view the Asset Details or Security Controls Incident Details.
    2. Select a close
      , denoted by a red icon.

Recommended For You