Focus

SaaS Security Administrator's Guide

View Asset Snippets for Incidents

Table of Contents

View Asset Snippets for Incidents

Learn how to analyze the content that triggered a match on Data Security.

A snippet is evidence or identifiable information associated with a pattern match. For example, if you specified a data pattern of Credit Card Number, Data Security returns the user’s social security number as the snippet that was matched. By default, Data Security returns snippets if the cloud app and asset type support snippets. Data Security uses data masking to mask the data in the snippets.

Snippets are available only if you have set Write access for Request Snippets in Common Services.
Snippets are available for 90 days only.

A snippet enables you to investigate the content behind an incident. View a snippet to:

Analyze the content that triggered a match.
Inspect the content before you delete a quarantined file. You cannot restore a deleted file. Alternatively, you can download a quarantined file.

Locate the specific asset.
- Select Data SecurityData AssetsQuarantined Data Assets to view a list of assets that have been quarantined.
- Select Data SecurityData Assets to select from a list of all assets.
- Select Data SecurityIncidents to view a list of incidents.
Choose High Confidence Level to filter out false positives.

If you have Write access, the Data Security displays clear text with highlighted matches.

You will not be able to view Snippets if:

If your cloud app or asset type is not supported. Additionally, snippets are not supported for machine learning data patterns; instead, the Data Security displays the keywords that were flagged because of the machine learning data pattern.
Missing snippet text—To intentionally obscure sensitive data, depending on your data masking, some of the text in the snippet might not be in clear text.
Performance—To speed up on-demand performance, the service fetches the snippet from cache when available; if unavailable, the snippet is automatically downloaded from the cloud app.
Mismatch—When you compare a snippet to its corresponding download file, it’s possible to overlook a match: Data Security can match on an embedded text table, or image in the main document. Look closely at all embedded files.
Error messages and behaviors—When working with snippets, you might encounter the following errors or symptoms, which are not indicative of snippet support:

Symptom	Explanation	Solution
An error message displays: Some snippets are taking longer than expected. Please check back later.	If a fetch takes longer than 2 minutes, the service returns this error.	Try again in a few minutes.
When you download and view the asset, the snippet does not match the document.	Data Security can match on an embedded text table, or image in the main document. This embedded information might not be apparent when you’re looking at the main document.	No action necessary. This behavior is expected.
When you try to view snippets, an error message displays: Fetching snippets failed. Please contact support.	Unfortunately, this error is not easy for you to troubleshoot because there are many system components involved.	Contact SaaS Security Technical Support.

Analyze the snippet, then make an assessment.
- Obvious threat—remediate.
- False-positive—Configure Data Patterns and add proximity keywords or close.
- Unclear threat—open and inspect the file.

Download Assets for Incidents

Analyze Inherited Exposure