The assets discovered on your company’s cloud apps will have an exposure level that usually forms the basis of your Prisma SaaS policies. That exposure may be set depending on defaults defined by the cloud app administrator. For example, as the Prisma SaaS administrator you might find an incident for an asset exposed in a way that the owner didn’t intend. That could be because the administrator of the cloud app chose a default that was automatically applied. The exposure level is also determined by the URLs created to share assets and who those links can be shared with.
Exposure Levels in Prisma SaaS
The owner created a shared public link that is capable of being shared with anyone.
The owner created a password-protected link for direct access to the asset.
The owner has invited one or more users from outside the organization to collaborate on the asset.
The owner has created a company-wide link that gives anyone in the company direct access to the asset.
Assets that the owner has not shared are “internal”.
Assets that the owner has shared, but only with users within the company are also considered “internal”. These users have an email address within the enterprise domain name.
More information can be found about an asset's exposure from your cloud app's reports. Below is a sample Audit Log for Google Drive from Google Admin. Note the values in the "Visibility" column. Other file storage cloud apps have similar reporting to help learn more about the configuration.
A closer look at links
Here are some examples from OneDrive of file exposure determined by an asset's sharing URL.
Internal: In this case no sharing link is provided. This file is available internally to your company only.
Company: In this example any person with an email address in your company's domain name may access the file.
Public: In this example anyone with the link has access to the file.
The Explore > Assets tab
File exposure status is displayed in the Assets menu item under the Explore tab within Prisma Saas.
A closer look at folders
Let's look at folders in OneDrive. Here one folder is "Shared'. Every file in that folder will have the exposure of that parent folder. Similarly, the contents within the "Private" folder will inherit the sharing settings of the parent folder.
Something's not right...
If you believe Prisma SaaS is identifying an asset’s exposure incorrectly please open a support case. Attach the following items to the case to assist the technical support engineer.
Sharing Report from the cloud app
Screenshot of the Sharing Link settings from the asset
The Asset ID of the file in question (include link to Sean’s article on data to gather)