Access permissions violation

An Access Permissions Violation ticket displays details of a violation of specified access permissions for a cloud application. Tickets are raised only where the access attempt was successful, and are presented for admin user review.

The ticket includes the location of the user and identifies the specific service involved, such as Box in this example:

Admin users can specify access permissions for cloud applications through Control Panel > Cloud Security. For further information, see Setting permissions for your cloud applications.

Use the Full Details ticket section to view the activities that triggered Coro to raise the ticket, with suspicious activities highlighted in red. Coro uses IP lookup providers to derive metadata about connecting IP addresses to help admin users identify patterns in suspicious activity. Select the dropdown next to an activity to view any identified details, such as service provider, proxy, organization name, or threat type (where one is identified).

In the example below, the user account has performed several activities (Download and Login on Box) from different locations not permitted by the configured access permissions rules. By using the dropdown next to the Login activity, Coro displays metadata associated with the IP address; in this case, the service provider (ISP):

For more information about ticket types, see Ticket types for Cloud Security.