Understading use cases of API logs

This topic describes use cases related to API logs.

  • Automated tuning for cloud policy actions:

    Admins can utilize the API Logs and the manual cloud action feature to identify offending files and adjust policies accordingly or quarantine files that are outliers.

    • Admins can configure cloud policies using the Create Copy action.
    • Filtering by CreatedCopy, admins can then analyze the files and adjust the policy criteria or DLP patterns accordingly.
      • If files seem to be out of line with current policy (for example, containing sensitive information), the DLP policy can be adjusted to encapsulate and quarantine those files.
      • Similarly if the majority of files are benign while a few files are outliers, the outliers can be manually quarantined without having to adjust or change the DLP policy.
  • Exceptions for false positives:

    Admins can utilize the manual cloud action feature to whitelist files that users say are benign.

    Admins can click the link to review the file, and if the file is benign, the admin can manually whitelist the file or use the information to adjust the DLP cloud policy patterns to ensure the file does not trigger the DLP policy.

  • Triage of whitelisted files:
    • Periodically (at least monthly) admins should review whitelisted files to ensure they are still benign and safe especially if policies have adjusted over time or if the information in the file has changed over time.
    • Admins should filter by whitelisted items and review DLP pattern matches to see if they are inline with expected policies.
    • Manually creating copies can be used to take a look at the file content if necessary.

      If the file ends up being egregious or out of line with new policies, the file can be removed from the Whitlist so the automated policy actions will trigger appropriately.