Reviewing Data at Rest tab in Threat dashboard

The Data at Rest dashboard consolidates all the malware that was identified from API scanning for the data at rest. This will help admins get a quick overview of possible risky activity occurring in their protected cloud applications.



Filtering

You can further filter the information by selecting the appropriate filter from the Search drop-down list on top of date range.

Follow the below steps to filter the information:

  1. Click into the Search box and select the Field option you are filtering by.


    Available options are App, Owner and User Groups.

    On selecting the field option, Operator drop-down list appears.

  2. Select the appropriate operator from the drop-down list.

    Available options vary as per the field option selected. Available options are equals, does not equal, Contains and does not contain.



  3. Enter the text or select the option from the drop-down list to filter the information.
    • If you have selected Owner from the Field drop-down list, then you should enter text.
    • If you have selected App or User Groups in the Field drop-down list, then select the applicable value.

    On entering the text or on selecting the option from the drop-down list, AND function appears.

  4. Select the AND function to continue your exact match filter.


    You can then continue to add refined filters as desired. Once ready to search, click into the space and press enter.

Summary

The Summary widget displays the number of malware files identified, number of quarantines files and number of copied files.



You can drill-down the Active logs by clicking the number below the Active to open Summary : Active page. This page contains a modal table with Time, File Name, Owner and App Name fields.



You can drill-down the Quarantined logs by clicking the number below the Quarantined to open Summary : Quarantined page. This page contains a modal table with Time, File Name, Owner and App Name fields.



You can drill-down the Copied logs by clicking the number below the Copied to open Summary : Copied page. This page contains a modal table with Time, File Name, Owner and App Name fields.



Top Groups Owning Malware

The Top Groups Owning Malware widget displays top 10 groups who own the files containing malware.



You can click See All next to the Top Groups Owning Malware to view all the groups owning files containing malware.



Top Owners of Malware

The Top Owners of Malware widget displays top 10 users who own the files containing malware.



To drill-down the data, click on the particular app (bar) and click Drill into all malware owned by <user> to open Analyze > Logs > API Summary logs page with the filters Owner = <user> and Status = Threat applied.

You can also click See All next to the Top Owners of Malware to view all the users owning the files containing malware.



Malware Data Spread

The Malware Data Spread widget displays top 10 applications where malware was identified.



To drill-down the data, click on the particular app (bar) and click Drill into all malware in <app> to open Analyze > Logs > API Summary logs page with the filters Application = <app> and Status = Threat applied.

Malware Exposure by App

The Malware Exposure by App widget displays top 10 applications where the specific data patterns were identified the most as being shared.

You can view Internal, External, Public or Private data only by clicking the respective ledger at the bottom of the widget. Click the same ledger again to show the Internal, External, Public and Private on the horizontal bar charts.