View Asset Details

Learn about how SaaS Security API displays detailed information about an asset violating a policy rule.
As SaaS Security API scans your managed cloud apps and discovers content, you can view the details on
. This page provides context into the findings so you can Assess Incidents and Monitor and Investigate User Activity across these applications.
The details for each incident vary depending on:
  • Which cloud app retains the asset.
  • Whether the asset is a file or a container (for example, a folder or a repository).
  • The policy rule the asset violated.
  • How the asset is shared.
  • Whether users accessed the file or took other actions on the file.
Asset Detail Description
Asset Summary
Summarizes asset file name, file type, exposure on cloud app, owner, and last updated timestamp.
Indicates that an admin quarantined the file. Depending on your admin role permissions, you can
the asset.
Basic Info
Displays metadata about the asset, including:
  • Cloud app—app in which the asset resides.
  • Exposure—exposure level of the asset.
  • Owner—owner of the asset.
  • File Owner’s Groups—groups used for group-based policy.
  • Created—date on which the asset was created.
  • Type—one of the following:
    • Specific file format—when the asset is a supported file type.
    • OBJ
      —when C++ code is compiled, it results in an
      file. Additionally,
      is used when file type is unrecognizable.
    • MSG
      —when the asset is a chat message.
  • Size—file size of the asset.
Displays which policy rule or rules that an asset violates, the date SaaS Security API identified the incident, the status of the incident, and whether there have been previous incidents associated with the asset. From here you can Assign Incidents to Another Administrator.
Matching Data Patterns
Displays the data pattern that the asset matched, number of occurrences, and date found. Administrators with specific role priviledges can request snippets to view any available details about the asset matching the data pattern.
For assets that match the WildFire Analysis rule, you can Use the WildFire Report to Track Down Threats.
How is this File exposed?
Details how the asset is exposed (Published to the web, accessible by a public URL, if sign-in is required, or the asset is exposed by a parent folder). You can
View Details
to access the asset URL, if available. Strikethrough text on attributes denotes no exposure.
Who is accessing this File?
Lists information about the users that most recently interacted with the file: timestamp, event (for example, whether the user downloaded the file), username, IP address, and location. You can
View All Related Activities
to see details about this event and all other events associated with this file. Such information helps you investigate whether there is malicious or inappropriate access to the file.
collaborators for the asset. This section appears only if the asset has an
exposure level. Additionally, if the collaboration settings are defined at the asset level, you can change the trust settings. You can define a collaborator as
. If the asset inherits a collaborator from a parent folder, you must change these settings from the parent folder.
Explore on
Cloud App
Displays the asset tree, policy violations, and exposure level for a given asset. View the asset in context of its file and folder hierarchy to help you identify risks and inherited exposure.
Displays a list of collaborators (members) to help you identify who has access to shared drives (Google Drive) or team folders (Dropbox) and inherited exposure.
Events inside this folder
Displays user activity for all the files within the selected folder, depending on your cloud app.
Lists available actions for an asset, depending on the cloud app and admin role permissions:

Recommended For You