This article discusses how to use the SaaS Security API Dashboard to get a quick overview of violations and events related to the SaaS Security API Data Protection policy. You can then drill-down and analyze the threat types and easily open the relevant events.
Note: Please contact SaaSecAPI@catonetworks.com or your official Cato reseller for more information about using the SaaS Security API Dashboard.
The SaaS Security API Dashboard lets you view the data and content-related activity for the connectors that you configured for your account. The screen contains several widgets that provide visibility for the different data violation criteria for the specific connectors in Data Protection rules (Security > SaaS Security API > Data Protection) and for the general SaaS app traffic. The screen also lets you add items to the dashboard filter to drill-down and focus on the relevant data violation information and events in your account.
The SaaS Security API Dashboard screen shows the total number of data violations and SaaS app events over the time range.
The default time range for the data violations is the previous two days. You can select a different time range for the SaaS Security API Dashboard to show a longer or shorter time period. For more information, see Setting the Time Range Filter.
The maximum date range for the SaaS Security API Dashboard is 90 days.
There are two ways to filter the data in the SaaS Security API Dashboard and show the items that are most relevant: automatically update the filter with the selected item, or manually configure the filter.
As you hover over an item or field where a filter option is available, the button appears. Click the icon to show the filter options:
Add to Filter - Adds the item to the filter, and the dashboard now only shows data that includes this item. For example, if you filter for a specific activity, the screen only shows data that is related to that activity. No other SaaS Security API data is available until you change or clear the filter.
Exclude from Filter - Updates the filter to exclude this item, and the dashboard now only shows data that does NOT include this item.
View Events - Adds this item to the filter, and the Events screen opens and shows all the events that match the filter.
You can continue to add items to the filter, click again to update the filter and drill-down further.
You can manually configure the filter for greater granularity to analyze the SaaS API data control violations. After you configure the filter, it is added to the filter bar and the screen is automatically updated to show the SaaS Security API data that matches the new filter.
To manually configure a filter:
In the filter bar, click .
Start typing or select the Field.
Select the Operator, which determines the relationship between the Field and the Value you are searching for.
Select the Value.
Click Add Filter. The filter is added to the filter bar and the SaaS Security API Dashboard is updated to show results based on the filters.
The SaaS Security API Dashboard widgets give you a high-level overview of Data Protection rule violations and connector related events for SaaS app traffic.
The SaaS Security API widgets provide information about the data violations detected by the SaaS Security API engines. These are the SaaS Security API widgets:
Top Violating Rules - Shows the top Data Protection rules according to the rule name and the number of events for each one.
Click a rule to open the Events screen and show the prefiltered events for the rule and time range.
Events by Activity/Sharing Options – Shows the number of events based on the Activity and Sharing Options defined for the rules.
Click an activity or sharing option to open the Events screen and show the prefiltered events for the item and time range.
Events by Severity – Shows the number of events based on the severity for the Data Control rules.
Click a severity to open the Events screen and show the prefiltered events for the severity and time range.
Events Over Time - Shows the number of connector-related events over the time frame. You can filter the widget by:
Rule name - select the Data Protection rule that is shown in the widget.
App connector - select the connector that are shown in the widget (only shows connectors that were actually used during the time frame).
Use the mouse to select a smaller time range for the threat data, the screen is automatically updated.
Top Owners - Shows a list of the top owners and users with the number of SaaS Security API violation events for each owner.
Top Violations by Data Profile - Shows a list of top DLP Content Profiles with the number of DLP violation events for each profile.
Click a Content Profile to open the Events screen and show the prefiltered events for the profile and time range.
Top Violations by File Type - Shows a list of top File Types for Data Control rules with the number of SaaS Security API violation events for that file type.
Click a file type to open the Events screen and show the prefiltered events for the file type and time range.
Article is closed for comments.