Cloud app security¶
Can I view audit reports from the Coro Console?¶
Although you don't have the ability to generate audit reports directly from the Coro Console, quarterly threat reports are provided to Coro customers.
What user behaviors does Coro monitor and track for anomalies?¶
Coro identifies anomalies such as abnormal admin activity, dormant account activities, and more.
Does Coro provide granularity regarding which folders are being affected by a mass deletion event or malware infection?¶
Yes, Coro displays the full file path of the affected file. This applies to both local and cloud folders (1Drive, Sharepoint, Google-Drive, Dropbox etc.)
How does Coro identify Suspected Identity Compromise¶
Coro calculates the login frequency of cloud application users from various locations. For example, a user logged into a cloud app 2000 times. 1000 of these were from Italy, 999 from Israel, and 1 from Poland. Coro will generate a Suspected Identity Compromise ticket for the login from Poland due to the fact that the frequency is less than 0.03.
(1/(1+999+1000)) = 0.0005
Tickets are not created for the logins from Italy or Israel due to the fact that the frequency is greater than 0.03.
Are file locations included in Google Workspace related tickets?¶
No, file locations are not included in Google Workspace related tickets.
What detection and remediation functionality does Box offer?¶
Box does not support malware detection by default, but does offer a paid for feature named Box Shield, that detects malware in Box storage and restricts download and sharing.
What detection and remediation functionality does Dropbox offer?¶
Dropbox does not support malware detection.
What detection and remediation functionality does Salesforce offer?¶
Salesforce also does not provide malware detection in its repositories.
What detection and remediation functionality does Slack offer?¶
Slack provides partial coverage for malware detection. Detection occurs both when a file is uploaded to a Slack channel and through periodic offline scans of the uploaded files. When malware is detected during an upload, the upload is terminated.
What detection and remediation functionality does Microsoft 365 offer?¶
Microsoft 365 provides partial coverage for malware detection, which is performed periodically via offline scans (15+ minutes after download). Once a malicious file has been identified, it becomes unshareable and the OneDrive user interface displays a warning that it cannot be shared. There are however file types that Microsoft 365 does not detect.
What detection and remediation functionality does Google Workspace offer?¶
Google Workspace does not provide malware detection and remediation on the cloud drive. Only partial coverage is provided for malware detection which is only initiated upon file download (also via the Google Download API). The Google Workspace UI displays a warning when trying to download a malicious file. There are however file types that Google Workspace does not detect.
Can an admin approve an access permission violation when Automatic Remediation is enforced for sign-in? For example, permission is granted to all users in the United States only, but a user then travels to another country and cannot log in.¶
An admin can Undo the action, add the user to a specific group, and then allow country-level Access Permissions to that group (Settings > Cloud Apps > Access Permissions).
Is it safe for Coro to use my M365/GW global admin account in order to connect?¶
Yes, Direct Oauth authentication is performed with M365/GW. OAuth permits Coro to use only the information that the user consents to share. OAuth protects your passwords from being compromised.
What Box subscription plan is required to connect Box to Coro?¶
A Business Plus Box subscription plan is required to connect Box to Coro.
Are the contents of slack messages monitored and flagged for DLP?¶
No, the contents of slack messages are not monitored and flagged for DLP.