search

Threats

Software as a Service (SaaS) applications offer a convenient and scalable way to conduct business. However, this ease of cloud-based services also enhances exposure to threats.

All Threats

This section captures the correlation of events that pose as threat and need your attention.

  • Rule - Names of the open threats along with the security domain these fall into.

  • Actor - The user account associated with the threat.

  • Severity - This indicated the potential this threat holds to hamper the security posture of the organization.

  • Application - The application through which this threat was discovered.

  • Created - The time of occurance.

  • Status - Updates the status of rule.

  • Investigate - Further details and actionable items to contain/mitigate threat.

Selecting a threat allows you to view following tabs about the threat:

  • Details - Provides necessary primary information about the threat.

  • Investigate - Gives technical details about the specific activities that triggered the threat.

  • Respond - Suggests the actions one may choose to execute.

  • Logs - Summary of actions performed on detection of threat along with actor and timeline.

The top right corner allows you to

- Set Notifications to act on a threat at a later suitable point of time - Dismiss the threat - Get Sharable link to threat details - Set Due Date - View Rule Details that contributes to this threat mechanism

Quick Response Actions

Quick response actions help contain threats on an actor's account as an immediate defense measure.

  • Revoke All Active Sessions: Revoke the actor's active sessions to neutralize threats.

  • Disable Actor's Account: Disable the account to prevent further threat events.

Collect Information

To get further information to aid decision making and help audit events, application owner or suitable personnel may be enquired from this space.

Finish Responding to the Threat

Once the security personnel has throughly assessed the details and legitimacy of actions, that party may choose to act accordingly either by Reporting the threat or dismissing it.

The Threat may be reported to Application administrator, Issue User or any other account.

Threats may also be responded to as per Use Case:

These can be Filtered and Sorted baased on Count, Duration, Favourites or be manually searched.

Individuat threat rules may be enabled/disabled for the group.

PreviousUse Case IssuesNextRules

Last updated