View Asset Snippets

Learn how to analyze the content that triggered a match on SaaS Security API.
A snippet is evidence or identifiable information associated with a pattern match. For example, if you specified a data pattern of Credit Card Number, SaaS Security API returns the user’s social security number as the snippet that was matched. By default, SaaS Security API returns snippets if the cloud app and asset type support snippets. SaaS Security API uses data masking to mask the data in the snippets.
A snippet enables you to investigate the content behind an incident. View a snippet to:
  1. Locate the specific asset.
    • Select
      Explore
      Quarantine
      to view a list of assets that have been quarantined.
    • Select
      Explore
      Assets
      to select from a list of all assets.
    • Select
      Incidents
      to view a list of incidents.
  2. (
    SaaS Security with Enterprise DLP Add-on
    ) Choose
    High
    Confidence Level to filter out false positives.
    This feature and more are available if you have SaaS Security with Enterprise DLP Add–on.
  3. Click
    Request Snippets
    if the snippet is blurry.
    Wait while the service retrieves the data. Initially, the snippet is blurry. After the service verifies that you have the required role priviledges and retrieves the snippet, the SaaS Security web interface displays clear text with highlighted matches. If you recently requested to view the snippet, it displays automatically.
    • Missing button
      —If your cloud app or the asset type (file vs. chat) is not supported, the button does not appear. Support highly depends on the API made available by the cloud app.
    • Greyed-out button
      —If it’s an asset that is unavailable, the button is disabled.
    • Missing snippet text
      —To intentionally obscure sensitive data, depending on your data masking, some of the text in the snippet might not be in clear text.
    • Performance
      —To speed up on-demand performance, the service fetches the snippet from cache when available; if unavailable, the snippet is automatically downloaded from the cloud app.
    • Mismatch
      —When you compare a snippet to its corresponding download file, it’s possible to overlook a match: SaaS Security API can match on an embedded text table, or image in the main document. Look closely at all embedded files.
    • Error messages and behaviors
      —When working with snippets, you might encounter the following errors or symptoms, which are not indicative of snippet support: if the
      Request Snippets
      button displays, then SaaS Security API supports snippets for your cloud app.
    Symptom
    Explanation
    Solution
    When you
    Request Snippets
    in an attempt to view the snippet data, a match that you previously observed no longer displays.
    Such a request triggers a rescan of the asset. If the contents of the asset changed or the data pattern or data profile changed in the underlying policy or both, the match might no longer apply and one or more occurs:
    • The occurrence counter displays an updated number based on the recalculation.
    • The match no longer displays in
      Matching Data Patterns
      .
    • If the match previously generated an incident, that incident is closed.
    No action necessary. This behavior is expected and by design.
    When you
    Request Snippets
    , an error message displays:
    Some snippets are taking longer than expected. Please check back later.
    If a fetch takes longer than 2 minutes, the service returns this error.
    Try again in a few minutes.
    When you download and view the asset, the snippet does not match the document.
    SaaS Security API can match on an embedded text table, or image in the main document. This embedded information might not be apparent when you’re looking at the main document.
    No action necessary. This behavior is expected.
    When you
    Request Snippets
    , an error message displays:
    Fetching snippets failed. Please contact support.
    Unfortunately, this error is not easy for you to troubleshoot because there are many system components involved.
    Contact SaaS Security Technical Support.
  4. Analyze the snippet, then make an assessment.

Recommended For You