Forum Discussion

Christo De Lange's avatar
Christo De Lange
Brass Contributor
Oct 08, 2019

Discovered app Security Breach query

Hi All   I am trying to understand the CAS Dashboard alerts and need a bit of guidance and understanding, please I see an alert for "Discovered app security breach" for Premera Blue Cross.(See ...
Cloud App Security
Banu Jafarli's avatar
Banu Jafarli
Former Employee
Oct 10, 2019

Christo De Lange 

 

That's a built-in alert in the product when we know there is a public breach with a specific application. Since there are users in your network who've accessed this application based on your traffic logs - we're letting you know that there is breach associated with this application. 

 

The discovery dashboard is based on your traffic logs which we parse and create the dashboard with. Please let me know if this answers your question. 

 

https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery

  • Christo De Lange's avatar
    Christo De Lange
    Brass Contributor
    Oct 16, 2019

    Hi Banu
    Banu Jafarli 


    Thanks so much for your reply. Ok I understand the built-in alert for breached apps(Kudos!), I also understand traffic logs would advise that there was traffic between 2 of our computer clients and a URL associated with a breached app, however, the 2 users do not have the associated app installed or use it, they simply browsed to a website to investigate the URL.

    Which then looks to me like a false alert. No breached app was actually in use. So my understanding now is the dashboard alert is based on traffic logs between two points(One being host to a breached app) rather than traffic between a specific "breached" application and our clients. Hope this makes sense?