This page will guide a user through the process of identifying risks found in their environment. These risks could include PCI, PII, Profanity, Risky Sharing, etc.
STEP ONE:
Sign into your Cloud Access Monitor instance.
Navigate to the Audit & Control page, and select the Name of your desired Cloud Environment. (Global Views will show all accounts in your domain, while filtered views will show only users for that view)
Select the Risks Tab found across the top of the page
At the top of the page you will find high level information about the risks in your environment.
Total Active Risks: By default, Cloud Access Monitor will display all active risks in the top left of the page. Active Risks are all files, and emails that contain a content risk. This includes PCI, PII, Profanity, Self Harm, and any custom risks you have put in place.
Accounts With Most Risk: This box will display your top 5 accounts that contain risk. You can filter by either File Owner / Email Sender, or File Sharer / Email receiver. Selecting any of the blue links will filter to that users specific risks.
Enabled Risks: The enabled risks will display any risks that you have actively scanning. Here you can select any of the blue text to filter by only the risk type selected. This includes PCI, PII, Profanity and any custom risks you may have in place. Selecting the gear will will you to enable / disable any risks.
RESULTS BOX:
Below the high-level overview you will find the results box. Here all risks found within your environment will be displayed. The results box has five columns with relevant information about each risk.
File: The file or attachment name that contains the risk.
Risk Type: The DLP that caught the risk, and the risk type associated.
Risk Details: Here you can click the View link to gain insight into the risk found.
Scanned On: The time the risk was found.
File Owner / Email Sender: The owner of the file that contains the risk.
Actions: After selecting a checkbox near a risk, you are able to take the following actions against a risk.
- Ignore: Ignoring the risk will remove it from the risks tab. This is used for false positives, or for incidents that have already been dealt with.
- Quarantine: If the risk is a file, it will be moved to the administrators g drive, in a folder labeled CAM_Quarantine. If the risk is an Email the email will be moved to the users trash folder.
- Delete: Deleting a risk will remove it from the users control permanently.
- Restore: Restoring a risk will un-quarantine a file that has been previously quarantined.
FILTERING:
Filtering allows you to narrow down the types of risks you would like to be shown. Simply select the Filter button on the right side of the screen to apply filters. Filters can be stacked to create very specific content.
- Start By Selecting a Parameter from the drop down
- Risk Scanned Time: Filter by the date and time a risk was found.
- Shared: Filter by how the risk is being shared. Outgoing, Incoming, Internal.
- Shared Via Link: Filter by risks that have been shared via a link. Internal Links, External Links, both have options for either view or edit permissions.
- Source: The source of the link, Email, Attachment, Drive, Teamdrive.
- Risk Type: Filter by the type of risk that you would likes to see.
Above the results box is a search box. You can use this box to search for specific risks, based off of a variety of parameters. Selecting the Down Arrow will allow you to fine tune your search.
Name: Search for a specific file or attachment by name.
Owned by: Search for all risks owned by a specific user.
Shared With: Search for all risks that have been shared with a specific user.
Risk Tag: Search for all risks with a specific risk tag, such as PII or PCI.
Risk Type: Select a specific risk type to filter by.
Select Apply, all relevant filtered risks will now be displayed in the results box.
Comments
0 comments
Please sign in to leave a comment.