Mass event tickets

Coro provides two ticket types for detected data exposure in large amounts:

  • Mass Data Download
  • Mass Data Deletion

These ticket types are created when abnormally large amounts of data deletion or data download is detected from cloud application accounts of individual users.

image info

To identify mass data events, Coro creates and uses normative and non-normative behavior models for individual users, customers as an organization, and a set of global models capturing the patterns of all Coro customers. A ticket is created when the behavior of a user falls outside of these parameters.

Mass data event tickets are closed immediately by Coro as remediated. An admin user can review mass data event tickets in the Ticket Log, and can review information such as the cloud Service used for the event, and full details of the files involved, in order to determine if action should be taken.

For more information about ticket types, see Ticket types for Cloud Security.