1. Using Oracle CASB Cloud Service
  2. Monitoring Cloud Applications
  3. Analyzing User Activity Risks and Trends
  4. Searching For and Viewing Risks

Searching For and Viewing Risks

Find and view risks from the Dashboard and from the Risk Events page.

The Risk Events page in the Oracle CASB Cloud Service console shows a risk event for each weak or non-compliant security control setting, policy violation, and behavioral anomaly or potential threat. By default, the page shows different types of risk for up to 90 days of data.

You can view risk events several different ways:

  • To view risk events for all application instances, drill down from the Health Summary tile in the Dashboard.

  • To view risk events for a single application instance, drill down from health summary information in Applications.

  • To view risk events for all or selected application instances, go directly to Risk Events.

Viewing Risk Events from the Risk Events Page

On the Risk Events page, filter the list or search for risk events containing specified text, sort the list, and view detailed information for individual events.

  1. Select Risk Events from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. To search for risk events:
    1. Click the Search icon Image of Search icon. at the upper right.
    2. Enter the text that you want to find.
    3. Press Enter.

      The search results display all risk events that contain the text you entered anywhere in the Summary, Category, and Status columns.

    • Click any column heading that has a sort icon (arrows) to sort the table alphabetically by the information in the column.

    • To filter by application instance, click Filter App Instances at the top of the page.

  3. To filter risk events:
    1. Click the Filter icon Image of Filter icon. at the upper right.
    2. Set any combination of filters to focus on specific groups of risk events.

      • Risk Level — high-, medium-, or low-risk events.

      • Category — a single risk event category.

      • App Instance — one or more application instances.

        Deselect All, then select individual application instances.

      • Status — open or resolved risk events.

      • Date Range — risk events logged in a specific date range.

        Note:

        Date ranges labeled “Last # days” all start at midnight on the first date, and end at the present moment. “Last 1 day” includes all of yesterday.

    3. Click Search.

      The search results now display all risk events matching your filter settings.

      Note:

      The filter icon is highlighted to indicate that you are viewing a subset of the risk events. If you return to the Risk Events page in the same session, or later in another session, the events remain filtered.

  4. To sort risk events, click any column header that has the up and down arrows beside it.
  5. To view details for a risk event, click the event.

    The row for the risk even expands to show additional information.

    • For a weak or non compliant security setting in the application, the event is a security control alert, and the details will show which setting should be updated and the recommended value for the new setting.

    • For a policy violation, the event is a policy alert, and the event details will show the user who triggered the alert and the affected resource.

    • For a behavioral threat, the event can fall into several categories. The event details will show the variables that triggered the alert (for example, unusually high failed logins or administrative changes), the user who performed the actions, and other details.

  6. To view the settings that are causing security control alerts and behavioral threats to appear in Risk Events, select Configuration, Threat Management from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.

    A risk events entry is triggered whenever THRESHOLD values on the Threat Management page are exceeded.

Viewing Risk Events from the Dashboard

From the Dashboard, go directly to the risk events behind the summary information for all registered application instances.

  1. Select Dashboard from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. In the Health Summary card, click the number beside a risk event type (policy alerts, security controls, or threats).

    The Risk Events page displays, showing the risk event type you selected in the Dashboard, for all registered application instances.

  3. Sort or filter the list, and view details for individual events..

Viewing Risk Events from the Applications Page

From the Applications page, go directly to the risk events behind the summary information for a specific application instance.

  1. Select Applications from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. Locate the application instance for which you want to see risk events, and:

    • In card view, click the icon for the instance you want to modify, and then in the Health Summary, click a non-zero number beside one of the four risk event categories.

    • In grid view, click a non-zero number in one of the four risk event category columns.

  3. Sort or filter the list, and view details for individual events..