Investigate specific internal user activity to determine risk posture

Investigate specific internal user activity to determine risk posture

Prerequisites for the API protection use casesRoles/actors using the use cases
  • Tenant creation
  • User accounts created
  • CASB API Protection connected to CSP (Cloud Service Provider)
  • CSP (Cloud Service Provider) administrator
  • Cloud governance team
  • Security Analyst

Navigation to API protection users (internal and external) is detailed in the API-Protection ‘Observe’ VRP category. For internal users, the following view is displayed with public files and non-expiring links.

vrp_api_monitor_use_case8-10.jpg

For external users, the following view is displayed.

vrp_api_monitor_use_case8-10b.jpg

Clicking the files provides a list of all files accessed by a user (highlighted in the red box shown above). Clicking a specific file (such as VMWorld in the image below), would provide file attribute details and its usage such as DLP violations, Sharing, Links, Recent activities and Versions.

vrp_api_monitor_use_case8-10c.jpg

Clicking on the username in the ‘Internal users’ link would provide user activity details as shown below:

vrp_api_monitor_use_case8-10d.jpg

Select the files and click the “TAKE ACTION” button and finally, select the desired option.

vrp_api_monitor_use_case8-10e.jpg

To learn more: Understanding API Protection

Share this Doc

Investigate specific internal user activity to determine risk posture

Or copy link

In this topic ...