Reviewing Data at Rest tab in Threat dashboard
The Data at Rest dashboard consolidates all the malware that was identified from API scanning for the data at rest. This will help admins get a quick overview of possible risky activity occurring in their protected cloud applications.
Filtering
You can further filter the information by selecting the appropriate filter from the Search drop-down list on top of date range.
Follow the below steps to filter the information:
- Click into the Search box and select the Field option you are filtering by.
Available options are App, Owner and User Groups.
On selecting the field option, Operator drop-down list appears.
- Select the appropriate operator from the drop-down list.
Available options vary as per the field option selected. Available options are equals, does not equal, Contains and does not contain.
- Enter the text or select the option from the drop-down list to filter the information.
- If you have selected Owner from the Field drop-down list, then you should enter text.
- If you have selected App or User Groups in the Field drop-down list, then select the applicable value.
On entering the text or on selecting the option from the drop-down list, AND function appears.
- Select the AND function to continue your exact match filter.
You can then continue to add refined filters as desired. Once ready to search, click into the space and press enter.
Summary
The Summary widget displays the number of malware files identified, number of quarantines files and number of copied files.
You can drill-down the Active logs by clicking the number below the Active to open Summary : Active page. This page contains a modal table with Time, File Name, Owner and App Name fields.
You can drill-down the Quarantined logs by clicking the number below the Quarantined to open Summary : Quarantined page. This page contains a modal table with Time, File Name, Owner and App Name fields.
You can drill-down the Copied logs by clicking the number below the Copied to open Summary : Copied page. This page contains a modal table with Time, File Name, Owner and App Name fields.
Top Groups Owning Malware
The Top Groups Owning Malware widget displays top 10 groups who own the files containing malware.
You can click See All next to the Top Groups Owning Malware to view all the groups owning files containing malware.
Top Owners of Malware
The Top Owners of Malware widget displays top 10 users who own the files containing malware.
To drill-down the data, click on the particular app (bar) and click Drill into all malware owned by <user> to open Summary logs page with the filters Owner = <user> and Status = Threat applied.
You can also click See All next to the Top Owners of Malware to view all the users owning the files containing malware.
Malware Data Spread
The Malware Data Spread widget displays top 10 applications where malware was identified.
To drill-down the data, click on the particular app (bar) and click Drill into all malware in <app> to open Summary logs page with the filters Application = <app> and Status = Threat applied.
Malware Exposure by App
You can view Internal, External, Public or Private data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to show the Internal, External, Public and Private on the horizontal bar charts.