Investigate specific internal user activity to determine risk posture

Investigate specific internal user activity to determine risk posture

Prerequisites for the API protection use casesRoles/actors using the use cases
  • Tenant creation
  • User accounts created
  • CASB API Protection connected to CSP (Cloud Service Provider)
  • CSP (Cloud Service Provider) administrator
  • Cloud governance team
  • Security Analyst

Navigation to API protection users (internal and external) is detailed in the API-Protection ‘Observe’ VRP category. For internal users, the following view is displayed with public files and non-expiring links.


For external users, the following view is displayed.


Clicking the files provides a list of all files accessed by a user (highlighted in the red box shown above). Clicking a specific file (such as VMWorld in the image below), would provide file attribute details and its usage such as DLP violations, Sharing, Links, Recent activities and Versions.


Clicking on the username in the ‘Internal users’ link would provide user activity details as shown below:


Select the files and click the “TAKE ACTION” button and finally, select the desired option.


To learn more: Understanding API Protection

Share this Doc
In this topic ...