diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
index 7693efbe6bc15be..91794374d3af80e 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
@@ -11,7 +11,7 @@ import { Render } from "~/components";
Requires Cloudflare CASB and Cloudflare DLP.
:::
-You can use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/) to discover if files stored in a SaaS application contains sensitive data. To perform DLP scans in a SaaS app, first configure a [DLP profile](#configure-a-dlp-profile) with the data patterns you want to detect, then [add the profile](#enable-dlp-scans-in-casb) to a CASB integration.
+You can use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/) to discover if files stored in a SaaS application contain sensitive data. To perform DLP scans in a SaaS app, first configure a [DLP profile](#configure-a-dlp-profile) (a set of patterns that define what counts as sensitive data) with the data patterns you want to detect, then [add the profile](#enable-dlp-scans-in-casb) to a CASB integration.
## Supported integrations
@@ -64,12 +64,13 @@ If you enable a DLP profile from the **Manage integrations** page, CASB will onl
- Owner of the file
- Location of the file (for example, moved to a different folder)
-In order to scan historical data, you must enable the DLP profile during the [integration setup flow](#add-a-new-integration).
+:::caution
+If you add a DLP profile to an existing integration, CASB only scans files modified after you enabled the profile. To scan all files, you must enable the DLP profile during the [integration setup flow](#add-a-new-integration).
+:::
## Limitations
DLP in CASB will only scan:
-- [Text-based files](/cloudflare-one/data-loss-prevention/#supported-file-types) such as documents, spreadsheets, and PDFs. Images are not supported.
-- Files less than or equal 100 MB in size.
-- Source code with a minimum size of 5 KB for Java and R.
+- Files less than or equal to 100 MB in size.
+- Java and R source code files that are at least 5 KB. Smaller files in these languages are skipped.
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx
index c79ed94bd33d0e3..815b34c192fa73a 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx
@@ -16,7 +16,7 @@ Available for all Zero Trust users.
Free users can configure up to two CASB integrations. You must upgrade to an Enterprise plan to view the details of a finding instance.
:::
-Cloudflare's API-driven [Cloud Access Security Broker](https://www.cloudflare.com/learning/access-management/what-is-a-casb/) (CASB) integrates with SaaS applications and cloud environments to scan for misconfigurations, unauthorized user activity, shadow IT, and other data security issues that can occur after a user has successfully logged in.
+Cloudflare's [Cloud Access Security Broker](https://www.cloudflare.com/learning/access-management/what-is-a-casb/) (CASB) connects to SaaS application and cloud environment APIs to scan for security issues that can occur after a user has successfully logged in. These include misconfigurations (such as overly permissive sharing settings), unauthorized user activity, shadow IT, and other data security issues.
For a list of available findings, refer to [Cloud and SaaS integrations](/cloudflare-one/integrations/cloud-and-saas/). You can also send posture finding instances to external systems with [CASB webhooks](/cloudflare-one/integrations/cloud-and-saas/webhooks/).
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx
index 1401e80f33ed80c..5a5ec9b83c58164 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx
@@ -10,7 +10,7 @@ head:
import { TabItem, Tabs, Details } from "~/components";
-Findings are security issues detected within SaaS and cloud applications that involve users, data at rest, and other configuration settings. With Cloudflare CASB, you can review a comprehensive list of findings in Cloudflare One and immediately start taking action on the issues found.
+Findings are security issues detected within SaaS and cloud applications that involve users, data at rest (files stored in your apps), and other configuration settings. With Cloudflare CASB, you can review a comprehensive list of findings in Cloudflare One and take action on the issues found.
## Prerequisites
@@ -93,6 +93,9 @@ File findings for some integrations (such as [Microsoft 365](/cloudflare-one/int
After reviewing your findings, you may decide that certain posture findings are not applicable to your organization. Cloudflare CASB allows you to remove findings or individual instances of findings from your list of active issues. CASB will continue to scan for these issues, but any detections will appear in a separate tab.
+- **Ignore a finding** — Moves the entire finding type from **Active** to **Ignored**. New detections of this finding type still appear, but in the **Ignored** tab.
+- **Hide an instance** — Moves a single occurrence from **Active** to **Hidden**. Future occurrences for the same user or file go to the **Hidden** tab automatically.
+
### Ignore a finding
1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Posture Findings**.
@@ -169,13 +172,13 @@ Remediated findings will appear in **Cloud & SaaS findings** > **Posture Finding
| Failed | CASB unsuccessfully remediated the finding. |
| Rejected | CASB does not have the correct permissions to remediate the finding. |
-If the status is **Completed**, remediation succeeded. If the status is **Failed** or **Rejected**, remediation failed, and you can select the finding to take action again.
+If the status is **Completed**, remediation succeeded. If the status is **Failed** or **Rejected**, remediation failed, and you can select the finding to take action again. A **Rejected** status indicates that CASB does not have the correct permissions to remediate the finding.
CASB will log remediation actions in **Logs** > **Admin**. For more information, refer to [Cloudflare One Logs](/cloudflare-one/insights/logs/).
## Resolve finding with a Gateway policy
-Using the security findings from CASB allows for fine-grained Gateway policies which prevent future unwanted behavior while still allowing usage that aligns to your organization's security policy. You can view a CASB finding, like the use of an unapproved application, then immediately prevent or control access with Gateway.
+CASB detects security issues that already exist in your SaaS environment. To prevent the same issues from recurring, you can create a [Gateway HTTP policy](/cloudflare-one/traffic-policies/http-policies/) directly from a CASB finding. For example, you can block users from sharing files publicly or accessing unsanctioned applications.
CASB supports creating a Gateway policy for findings from the [Google Workspace integration](/cloudflare-one/integrations/cloud-and-saas/google-workspace/):
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
index 09489c99f5b4165..788fc99063dec5e 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
@@ -4,7 +4,7 @@ pcx_content_type: troubleshooting
sidebar:
order: 4
tags:
-- Debugging
+ - Debugging
---
Use this guide to troubleshoot common issues with Cloud Access Security Broker (CASB).
@@ -45,11 +45,10 @@ CASB integrations do not provide real-time updates. Scans are performed periodic
To trigger a new scan:
-1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Cloud & SaaS integrations**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Integrations**.
2. Find your integration and select **Configure**.
-3. Go to **CASB**.
-4. Turn off **Findings scanning**.
-5. After a few minutes, turn on **Findings scanning** again.
+3. Turn off **Scan for findings**.
+4. After a few minutes, turn on **Scan for findings** again.
This action will queue a fresh scan of your integration. Allow several hours for your findings to reflect the new results.
@@ -91,8 +90,8 @@ Carefully examine the evidence provided in the finding. An object's status in th
### Report the issue
-If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID and as much detail as possible. This helps the Support team refine the detection logic for all customers.
+If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID (visible in the finding's detail view) and as much detail as possible. This helps the Support team refine the detection logic for all customers.
-### Ignore or hide the finding
+### Hide the finding
-While Cloudflare investigates the issue, you can use **Move to ignore** on the finding or **Move to hidden** on an individual instance to remove it from your active list and reduce noise.
+While Cloudflare investigates the issue, you can [ignore the finding or hide individual instances](/cloudflare-one/cloud-and-saas-findings/manage-findings/#hide-findings) to remove it from your active list and reduce noise.
diff --git a/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx b/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx
index 1de6c558bff64d5..a4ab04c95fcc6c3 100644
--- a/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx
+++ b/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx
@@ -48,11 +48,10 @@ CASB integrations do not provide real-time updates. Scans are performed periodic
To trigger a new scan:
-1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Cloud & SaaS integrations**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Integrations**.
2. Find your integration and select **Configure**.
-3. Go to **CASB**.
-4. Turn off **Findings scanning**.
-5. After a few minutes, turn on **Findings scanning** again.
+3. Turn off **Scan for findings**.
+4. After a few minutes, turn on **Scan for findings** again.
This action will queue a fresh scan of your integration. Allow several hours for your findings to reflect the new results.
@@ -96,6 +95,6 @@ Carefully examine the evidence provided in the finding. An object's status in th
If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID and as much detail as possible. This helps the Support team refine the detection logic for all customers.
-### Ignore or hide the finding
+### Hide the finding
-While Cloudflare investigates the issue, you can use **Move to ignore** on the finding or **Move to hidden** on an individual instance to remove it from your active list and reduce noise.
+While Cloudflare investigates the issue, you can [ignore the finding or hide individual instances](/cloudflare-one/cloud-and-saas-findings/manage-findings/#hide-findings) to remove it from your active list and reduce noise.