View Asset Snippets
Learn how to analyze the content that triggered a match on SaaS Security API.
A snippet is evidence or identifiable information associated with a pattern match. For example, if you specified a data pattern of Credit Card Number, SaaS Security API returns the user’s social security number as the snippet that was matched. By default, SaaS Security API returns snippets if the cloud app and asset type support snippets. SaaS Security API uses data masking to mask the data in the snippets.
A snippet enables you to investigate the content behind an incident. View a snippet to:
- Locate the specific asset.
- Selectto view a list of assets that have been quarantined.ExploreQuarantine
- Selectto select from a list of all assets.ExploreAssets
- Selectto view a list of incidents.Incidents
- (SaaS Security with Enterprise DLP Add-on) ChooseHighConfidence Level to filter out false positives.
- ClickRequest Snippetsif the snippet is blurry.Wait while the service retrieves the data. Initially, the snippet is blurry. After the service verifies that you have the required role priviledges and retrieves the snippet, the SaaS Security web interface displays clear text with highlighted matches. If you recently requested to view the snippet, it displays automatically.
SymptomExplanationSolutionWhen youRequest Snippetsin an attempt to view the snippet data, a match that you previously observed no longer displays.Such a request triggers a rescan of the asset. If the contents of the asset changed or the data pattern or data profile changed in the underlying policy or both, the match might no longer apply and one or more occurs:
- Missing button—If your cloud app or asset type is not supported, the button does not display inMatching Data Patterns. Additionally, snippets are not support for machine learning data patterns; instead, the SaaS Security web interface displays the keywords that were flagged because of the machine learning data pattern.
- Greyed-out button—If it’s an asset that is unavailable, the button is disabled.
- Performance—To speed up on-demand performance, the service fetches the snippet from cache when available; if unavailable, the snippet is automatically downloaded from the cloud app.
- Mismatch—When you compare a snippet to its corresponding download file, it’s possible to overlook a match: SaaS Security API can match on an embedded text table, or image in the main document. Look closely at all embedded files.
- Error messages and behaviors—When working with snippets, you might encounter the following errors or symptoms, which are not indicative of snippet support: if theRequest Snippetsbutton displays, then SaaS Security API supports snippets for your cloud app.
No action necessary. This behavior is expected and by design.When youRequest Snippets, an error message displays:Some snippets are taking longer than expected. Please check back later.If a fetch takes longer than 2 minutes, the service returns this error.Try again in a few minutes.When you download and view the asset, the snippet does not match the document.SaaS Security API can match on an embedded text table, or image in the main document. This embedded information might not be apparent when you’re looking at the main document.No action necessary. This behavior is expected.When youRequest Snippets, an error message displays:Fetching snippets failed. Please contact support.Unfortunately, this error is not easy for you to troubleshoot because there are many system components involved.Contact SaaS Security Technical Support.
- The occurrence counter displays an updated number based on the recalculation.
- The match no longer displays inMatching Data Patterns.
- If the match previously generated an incident, that incident is closed.
Recommended For You
Recommended videos not found.