Forum Discussion

Scott Batchelor's avatar
Scott Batchelor
Copper Contributor
Nov 08, 2017

CAS Remediation

Currently using CAS to scan SharePoint Online for any documents that contain sensitive data, and the product seems to do a fine job of detection.   But it seems to be lacking in tools or process for ...
Cloud App Security
Dima Donhin's avatar
Dima Donhin
Icon for Microsoft rankMicrosoft
Nov 09, 2017

Hello Scott,

Thanks for your feedback.

 

All alerts are generated at the specific point of time where a policy match was detected and aren’t edited later (after a file was remediated for example) in order to provide an investigation timeline and let you control the process.

What you can do is use the “Matched Policy” filter on the Files page in order to see a real-time status of your files. When using this filter you will only see the files which trigger the policy in the present and not the ones that were already remediated, thus getting an up-to-date status of what still needs to be resolved.

 

The “Resolve” action on alerts is supposed to be taken after you finish solving the issue it reported, so I would suggest “dismissing” the alerts you identify as false/positive or non-threat and “resolving” the ones you took action on. Both of these actions can be also done in bulk by selecting the checkbox next to the alerts.

 

More info regarding alerts actions can be found here:

https://docs.microsoft.com/en-us/cloud-app-security/managing-alerts

 

Does this answer your question? Feel free to expand if not.

 

Regards,

Dima.

Scott Batchelor's avatar
Scott Batchelor
Copper Contributor
Nov 13, 2017
Dima,

Thank you for your response. I appreciate the work around to my questions.