This overview will walk you through the various functionality found on the new and improved risks tab.
HIGH-LEVEL INFO:
At the top of the page you will find high level information about the risks in your environment.
Total Active Risks: By default, Cloud Access Monitor will display all active risks in the top left of the page. Active Risks are all files, and emails that contain a content risk. This includes PCI, PII, Profanity, Self Harm, and any custom risks you have put in place.
Accounts With Most Risk: This box will display your top 5 accounts that contain risk. You can filter by either File Owner / Email Sender, or File Sharer / Email receiver. Selecting any of the blue links will filter to that users specific risks.
Enabled Risks: The enabled risks will display any risks that you have actively scanning. Here you can select any of the blue text to filter by only the risk type selected. This includes PCI, PII, Self Harm ML, etc. Along with any custom risks you may have in place. Selecting the Gear icon in the top right corner will allow you to enable / disable any risks.
TYPES OF RISKS:
In your environment you may find a wide variety of risk types. Risk types can be customized for each environment to ensure you only see the risks that are relevant to you.
Risk Examples:
PCI: Payment Card Industry risks, such as a credit card number.
PII: Personally Identifiable information, such as a social security number or a drivers license.
SELF HARM ML: A machine learning model to detect self harm.
TOXICITY RISK ML: A machine learning model to detect self harm.
SELF HARM - STRICT: Keyword driven to detect self harm.
IMAGE RISK ML: A machine learning model to detect image risk.
RESULTS SUMMARY:
Below the high-level overview data points you will find the risk results summary. This summary section contains the risk results found within your environment. The results summary has four columns with relevant information about each risk.
Name: The name of content which contains the risk.
Risk Type: The scan type that caught the risk.
Scanned On: The time the risk was found.
File Owner / Email Sender: The owner of the file that contains the risk.
Results can also have deletion status indicators, reminders set or labels and notes applied to them.
Selecting a Name from the risk results summary will provide further details around that source and content in question.
Risk Detail Examples:
Details: This section shows deeper insight around the risk result.
Owner: Identifies original owner of the file.
User Shares: Indicates if any user shares are part of a file in question. These are shown as either an Internal Domain or External Domain share.
Holders: Identifies current access users and what area the content it being held within.
Domain: Identifies what domain the content is generated within.
Scanned On: Identifies when the risk was scanned.
Created: Identifies user and time of when the risky content was generated.
Link Shares: Indicates if any link shares are part of a file in question.
Details may vary based on content source type. Example of Email source risk below.
Actions:
Can be applied at a single or bulk level. Selecting "Actions" within the risk details pop up allows you to take the following actions against a risk.
Ignore: Ignoring the risk will remove it from the risks tab. This is used for false positives or for incidents that have already been dealt with.
Quarantine: If the risk is a File it will be moved to the administrators Google Drive in a folder labeled "CAM_Quarantine". If the risk is an Email it will be moved to the users trash folder.
Restore: If a file or email has been previously Quarantined it can be restored. A File will restore to its original ownership, shares and file location. A Email will be moved from the users trash folder back into their inbox.
Delete: Deleting a risk will remove it from the users control permanently.
Share Via Email: Allows the platform user to share these details to someone who does not have platform access.
Download: This allows for a download of the content to your device.
Bulk Actions:
Selecting multiple risk checkboxes from the Results Summary will enable the Action options below the Search field.
Increase the count of rows displayed in the summary by using the dropdown next to page numbers.
File Preview Actions:
Preview a file using preview button.
Download a file using the download button.
OTHER RISK TAB FEATURES:
Assigning and Creating Custom Reminders
Remind Later: Create a reminder alert for selected Risk(s). The reminder can be applied to a specific date and time then sent to a specific email.
This is very beneficial if a risk is not critical but should still be addressed. Setting a reminder for yourself or another team member better helps mitigate risky events.
You can quickly apply from already available reminders or create your own.
Once a Reminder is applied it's easily indicated by the Clock icon. This can be seen in the example below.
Creating and Managing Custom Quick Filters:
You can also apply a filter to return all Reminder results within the summary section.
Using the "Quick Filter" now allows you to create, save or remove your own filter conditions for future convenience.
Selecting "Manage Filters" then the pop ups "+ Create New Quick Filter" allows you to apply specific search data parameters. This can be highly beneficial when trying to hone into a specific subsets of risk related events.
In addition to creation custom filters you can also now apply a default or custom Flag to the associated risk result(s). This is ideal for adding your own personalized Labels to summary results for easy identification of critical risks or assigning simple notes as reference to other platform users.
Selecting the Flag icon will bring up the "Edit Quick Filter" options. There you can choose from our default list or create and apply your own custom flag.
Assigning Default or Custom Labels
Label: Create or apply a flag to a specific risk or bulk selection of risks.
The new Label feature provides user benefit by allowing further internal indicators or notes to be applied to a risk or specific sub set of risks.
These indicators can be simple default flags indicating what you believe to qualify under a "Normal", "Major" or "Critical" risk event. Furthermore if yourself or multiple users want to create a work flow you can add additional labels to identify investigation progression steps such as risk "In Review" or ownership responsibility.
Creating and Managing Custom Labels
From the "Label" action dropdown you can select "+ Create New Label". Here you can indicate a label name and assign filter parameters.
In the example below I have quickly generated a label for Self Harm risk results. This was done by selecting "Risk Type" from the available filter options. Then checking all the desired Self Harm risk scans.
Once created you can also now apply this flag label onto any other risks as deemed necessary.
From the "Label" action dropdown you can select "Manage Labels". Here you can further see the details related to labels and edit or delete them as needed.
DETAIL VIEW:
Risks can be further addressed by selecting the Name.
Managing The Risk: After selecting the risk name, a pop-up will appear containing risk the sources meta details. Depending on the source type the pop up provides further information around the risk, recipient or owner, content or attachment Information and more. You also will have the option to download the risk for further investigation from the pop-up.
Actions can be taken from the pop-up to provide efficient workflow.
Navigating Risks: You are able to use the "< Previous" or "Next >" options to quickly manage risks.
NOTES VIEW:
Add Note: Allows for custom notes to be applied on specific risk results.
Actions such as "Edit" or "Delete" are available for notes.
Risks with notes can be identified by the default "RiskNote" tag and paper icon.
SEARCHING:
Above the Results Summary is a Search filed. You can use this to search for specific risks based off of a variety of parameters. Selecting the Dropdown Arrow will allow you to fine tune your search.
Name: Search for a specific source by name.
File Owner / Email Sender: Search for all risks owned by a specific user.
File Sharer / Email Receiver: Search for all risks with access to a specific user.
Risk Tag: Search for all risks with a specific risk tag from our ML models. (Adult Images, Threatening Content, etc.)
Risk Type: Select a specific risk type to filter by such as PII, PCI, Self Harm, etc.
Label: Select a specific risk Label to filter by such as Normal, Major, Critical, etc.
FILTERING:
Filtering allows you to narrow down the types of risks you would like to be shown.
Simply select the Filter button on the far right side of the screen to apply filters. Filters can be applied in many combinations to return very specific content results.
Start By Selecting a Parameter from the drop down
Risk Status: Filter by status of Active, Quarantined or Deleted
Risk Scanned Time: Filter by the date and time a risk was found.
Shared: Filter by how the risk is being shared. Outgoing, Incoming, Internal.
Shared Via Link: Filter by risks that have been shared via a link. Internal Links, External Links, both have options for either View or Edit permissions.
Source: The source of the link, Email, Attachment, Drive, Teamdrive.
Risk Type: Filter by the type of risk that you would likes to see.
Reminder Status: Filter by results with reminders applied.
Once selecting a Parameter you will then have the options to select from further related filter conditions.
QUICK FILTERS:
Quick filters are a fast way to apply commonly used filters. Simply select the quick filters option and select the filter that applies to your search.
Emails From Outside Domain: Emails being sent to your organization from an domain outside beyond your own.
Emails To Outside Domain: Emails being sent to an outside organization from your domain.
Emails Send Within Domain: Emails being sent internally to users in your domain.
Files From Outside Domain: Files being shared to your domain from an outside account.
Files To Outside Domain: Files being shared to an organization or user outside of your domain.
Files Shared Within Domain: Files being shared internally only in your domain.
Custom Quick Filters: Custom quick filters can now be created as indicated by "PII to Outside".