Use Faceted Search to Filter Assets

Learn how to use faceted search on SaaS Security API to investigate and view details about assets discovered when scanning your SaaS applications.
The SaaS Security web interface provides faceted search to help you investigate and view details about assets discovered when scanning your SaaS applications.
We are in the process of replacing SaaS Security DLP (Classic) with SaaS Security DLP. During this process, use the topic that matches your tenant. If you purchased SaaS Security with Enterprise DLP Add–on, opted in for a trial of SaaS Security with Enterprise DLP Add–on, or have a new tenant with SaaS Security DLP, use Use Faceted Search to Filter Assets; otherwise, use Use Faceted Search to Filter Assets—SaaS Security DLP (Classic).

Use Faceted Search to Filter Assets—SaaS Security DLP (Classic)

In addition to the highlights from the Dashboard, SaaS Security API provides visibility into all assets in your managed SaaS applications. Search provides you with different views to help you find the incidents that are most important to you. For example, search to:
  • View incidents by user to determine if specific users (or external collaborators) have a history of misuse.
  • View all incidents for a specific file type.
  • Simplify the remediation process and determine if you should Fine-Tune Policy. For example, you can find PII violations with external exposure, assign issues to an administrator, and send an email to the owners—all in one streamlined workflow.
If you cannot locate the incidents you need with a faceted search, perform an advanced search.
  1. Select
    Explore
    Assets
    to view any scanned assets.
    By default, SaaS Security API displays a set of columns, but you can add additional columns to customize your default view.
  2. Use the filters to narrow your search results.
    Dropbox folders do not have metadata for the creation or updated date, preventing search filters other than Any Date to return these folders. However, you can still search for individual files within a folder by a creation or last modified date.
    1. Select one or more of the following facets to create your search expression. With multiple filters, SaaS Security API performs a logical
      AND
      search and rounds up the asset total in the search results.
      • Enter the filename (or part of the filename), folder name, or email address in the
        Search
        box to find an item. To find specific users or Collaborators, enter their full email address.
      • Date
        —The date range of the exposure. Choices include any date, past year, past month, and past week (default).
      • Cloud App
        (instance name)—Assets associated with each instance of a cloud application.
      • Policy Rules
        —Data pattern types available for scanning assets. Click to select the data patterns in which you are interested. For example, you can filter on assets that are sensitive documents with PII violations.
      • Content
        —Lists the predefined data pattern content categories, and
        Uncategorized
        for violations that are not associated with a specific data pattern.
      • Exposure Level
        —Details about shared assets and who can access and view the asset.
      • Buckets
        —Lists the number of assets associated to a bucket.
      • Shared With
        —Select users or collaborators with access to shared assets. To see a list of shared assets, you can filter
        Trusted Users
        (those with internal domains),
        Untrusted Users
        (those with external domains), and
        Anyone Except Trusted Users
        (anyone other than a trusted user).
      • Top Owners
        —Users who own the highest number of assets.
      • Top Creators
        —Users who created the highest number of assets.
      • Shared with Domains
        —Lists the domains with the highest number of sharing listed in order.
      • File Type
        —File formats of the assets that reside in the cloud applications.
      If you want investigate incidents associated with a specific cloud application, select
      Incidents
      Assets
      , and select the cloud app from
      Cloud Apps
      to view a list incidents along with the policy rule violation.
  3. (
    Optional
    ) Export this data to a CSV file to review the asset details offline.
  4. Click
    Advanced
    to use RegEx to perform Advanced Searches.

Use Faceted Search to Filter Assets

In addition to the highlights from the Dashboard, SaaS Security API provides visibility into all assets in your managed SaaS applications. Search provides you different views to help you:
  • Find the incidents that are most important to you.
  • Simplify the remediation process. For example, you can find PII violations with external exposure, assign issues to an administrator, and send an email to the owners—all in one streamlined workflow.
  • Explore the assets to determine if you should Fine-Tune Policy.
Use the filters to narrow your search results.
If you cannot locate the incidents you need with a faceted search, perform an advanced search. Additionally, you can use faceted search to filter user activity for assets.

Search by Filename, User, or Email

You can view incidents by user to determine if specific users (or external collaborators) have a history of misuse. Use the Search box to search for an item by:
  • filename (or part of the filename)
  • folder name
  • email address
  • full name of user or collaborator
  • user or collaborator email address
  1. Select
    Explore
    Assets
    to view any scanned assets.
  2. Enter your text to
    Search
    for the item.

Show and Hide by Asset Metadata

By default, SaaS Security API displays asset metadata in a subset of the columns provided. You can customize your view based on your audit needs.
  1. Select
    Explore
    Assets
    to view any scanned assets.
  2. In Column Selector, select the columns you want SaaS Security API to display.

Filter by Asset Metadata and Data Exfiltration Detection

SaaS Security API enables you to apply filters so your assets. Your assets can be filtered by:
  • asset metadata
    —basic information about the asset such as date, owner, creator, cloud app, and file type.
  • data exfiltration detection
    —method by which the asset was made visible such as data pattern, data profile, exposure level, and policy rule.
When you specify more than one filter at a time, SaaS Security API aggregates the data (performs a logical
AND
search) and rounds up the asset total in the search results.
  1. Select
    Explore
    Assets
    to view any scanned assets.
  2. Expand the filter type and select your desired filter options.
    Wait a few seconds for SaaS Security API to return the filter results, depending on the number of assets. The numbers to the right of each filter option reflects the total number of assets included in the filter results.
    Filter
    Description
    Date
    —Date range of the exposure. Default is
    Past Week
    .
    Dropbox folders do not have metadata for the creation or updated date, preventing search filters other than Any Date to return these folders. However, you can still search for individual files within a folder by a creation or last modified date.
    Cloud App
    —Assets associated with each instance of a cloud application.
    Policy Rules
    —Data pattern types available for scanning assets. Click to select the data patterns in which you are interested. For example, you can filter on assets that are sensitive documents with PII violations.
    Data Pattern
    —Lists the violations associated with the predefined data pattern.
    Data Profiles
    —Lists the violations associated with the data profile.
    Exposure Level
    —Details about shared assets and who can access and view the asset.
    With the exception of
    Unknown
    , which is used exclusively to search for assets, you can use these Exposure Levels as match criteria when you define policies.
    Unknown
    only applies to AWS S3 buckets: in some cases, SaaS Security API is not able to calculate exposure for an S3 bucket and, therefore, records such assets accordingly.
    Buckets
    —Lists the assets associated with an AWS S3 bucket.
    Shared With
    —Select users or collaborators with access to shared assets. To see a list of shared assets, you can filter
    Trusted Users
    (those with internal domains),
    Untrusted Users
    (those with external domains), and
    Anyone Except Trusted Users
    (anyone other than a trusted user).
    Top Owners
    —Users who own the highest number of assets.
    Top Creators
    —Users who created the highest number of assets.
    Shared with Domains
    —Lists the domains with the highest number of sharing listed in order.
    File Type
    —Top 20 supported file formats of the assets and directly correlates with the asset’s details (Type icon). SaaS Security API determines the file extension based on the string that trails the last dot (
    .
    ) in the file name. Additionally:
    • message
      —Chat message for applicable SaaS apps.
    • apperture_other
      —Unrecognizable file type. If the file type does not have a dot (
      .
      ) in the file name, SaaS Security API assigns this other file type.

Recommended For You