Security Controls Incident Details
Use Security Controls incident details to investigate
why SaaS Security API created an incident for a security control policy
violation.
SaaS Security API scans and analyzes email assets, settings,
and user behavior and applies Security Control policies to identify
exposures, risky user behavior, and sensitive documents. The service
also performs a deep content inspection for known and unknown malware,
data exposure, and data exfiltration. When SaaS Security API determines
that the security control is an incident, it creates an incident
detail view that you use to Assess
Incidents in your managed SaaS applications. These details
can include some or all of the following information:
Incident Detail | Description |
|---|---|
Setting Detail | Displays which security control rule was
violated, the date SaaS Security API discovered the incident, the
scanned Cloud app, and identifies the email sender, principal owner,
or folder owner. For assets that match the WildFire Analysis
rule, you can Use
the WildFire Report to Track Down Threats. |
Setting Name | Links to the SaaS app and displays the settings
available to configure, such as key rotation, password policy, and
email auto-forward rules. |
Options | Option to Email a
message to the email sender, principal owner, or folder owner or Dismiss the
incident. |
