Close one incident at a time or use Bulk Incident to
close multiple incidents at once on SaaS Security API.
With automatic remediation,
SaaS Security API performs appropriate actions and updates the category
and status for incidents matching a data pattern. For other open
incidents, SaaS Security API identifies these open incidents as
you assess new incidents,
you might sometimes find the content of an asset or how the asset
is shared does not pose a threat to your organization. In these
cases, you can close the incident individually or close a group
of incidents. You can select a default close (denoted by a red icon)
for the incident.
because an asset owner’s
job responsibilities necessitate the specific user behaviors identified
in the policy or because the incident was triggered as part of testing
you performed in the process of fine-tuning your policies.
SaaS Security API identified the asset
as an incident because it matched one or more policy rules. Unless
you change a setting (for example, changing a collaborator or
domain from Untrusted or Trusted), SaaS Security API identifies
the asset as an incident again the next time it scans that asset.
You should fine-tune the policy rules
to ensure assets that are real threats are the only assets identified