From fa1ad7030401855ef395424dfbda252d41562d7a Mon Sep 17 00:00:00 2001
From: Jun Lee <junlee@cloudflare.com>
Date: Wed, 8 Apr 2026 15:58:28 +0100
Subject: [PATCH 1/3] [CF1] Fix CASB docs: grammar, navigation path, and
 terminology inconsistencies

- Fix subject-verb agreement in casb-dlp.mdx ('contains' -> 'contain')
- Align troubleshoot navigation path to canonical 'Cloud & SaaS findings > Integrations'
- Align toggle label to 'Scan for findings' per manage-integrations partial
- Replace undocumented 'Suppress' action with cross-link to ignore/hide workflow
- Apply same fixes to duplicate troubleshoot file in integrations folder
---
 .../cloud-and-saas-findings/casb-dlp.mdx            |  2 +-
 .../cloud-and-saas-findings/troubleshoot-casb.mdx   | 13 ++++++-------
 .../cloud-and-saas/troubleshooting/casb.mdx         | 11 +++++------
 3 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
index 7693efbe6bc15be..5442ec7f6a4e306 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
@@ -11,7 +11,7 @@ import { Render } from "~/components";
 Requires Cloudflare CASB and Cloudflare DLP.
 :::
 
-You can use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/) to discover if files stored in a SaaS application contains sensitive data. To perform DLP scans in a SaaS app, first configure a [DLP profile](#configure-a-dlp-profile) with the data patterns you want to detect, then [add the profile](#enable-dlp-scans-in-casb) to a CASB integration.
+You can use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/) to discover if files stored in a SaaS application contain sensitive data. To perform DLP scans in a SaaS app, first configure a [DLP profile](#configure-a-dlp-profile) with the data patterns you want to detect, then [add the profile](#enable-dlp-scans-in-casb) to a CASB integration.
 
 ## Supported integrations
 
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
index 75c70e8371a588f..e14a7777c5147c2 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
@@ -4,7 +4,7 @@ pcx_content_type: troubleshooting
 sidebar:
   order: 4
 tags:
-- Debugging
+  - Debugging
 ---
 
 Use this guide to troubleshoot common issues with Cloud Access Security Broker (CASB).
@@ -45,11 +45,10 @@ CASB integrations do not provide real-time updates. Scans are performed periodic
 
 To trigger a new scan:
 
-1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Cloud & SaaS**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Integrations**.
 2. Find your integration and select **Configure**.
-3. Go to **CASB**.
-4. Turn off **Findings scanning**.
-5. After a few minutes, turn on **Findings scanning** again.
+3. Turn off **Scan for findings**.
+4. After a few minutes, turn on **Scan for findings** again.
 
 This action will queue a fresh scan of your integration. Allow several hours for your findings to reflect the new results.
 
@@ -77,6 +76,6 @@ Carefully examine the evidence provided in the finding. An object's status in th
 
 If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID and as much detail as possible. This helps the Support team refine the detection logic for all customers.
 
-### Suppress the finding
+### Hide the finding
 
-While Cloudflare investigates the issue, you can use the **Suppress** action on the finding to remove it from your active list and reduce noise.
+While Cloudflare investigates the issue, you can [ignore the finding or hide individual instances](/cloudflare-one/cloud-and-saas-findings/manage-findings/#hide-findings) to remove it from your active list and reduce noise.
diff --git a/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx b/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx
index 0eed1f3b692764e..19ada97d45d91be 100644
--- a/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx
+++ b/src/content/docs/cloudflare-one/integrations/cloud-and-saas/troubleshooting/casb.mdx
@@ -48,11 +48,10 @@ CASB integrations do not provide real-time updates. Scans are performed periodic
 
 To trigger a new scan:
 
-1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Cloud & SaaS**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Integrations**.
 2. Find your integration and select **Configure**.
-3. Go to **CASB**.
-4. Turn off **Findings scanning**.
-5. After a few minutes, turn on **Findings scanning** again.
+3. Turn off **Scan for findings**.
+4. After a few minutes, turn on **Scan for findings** again.
 
 This action will queue a fresh scan of your integration. Allow several hours for your findings to reflect the new results.
 
@@ -80,6 +79,6 @@ Carefully examine the evidence provided in the finding. An object's status in th
 
 If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID and as much detail as possible. This helps the Support team refine the detection logic for all customers.
 
-### Suppress the finding
+### Hide the finding
 
-While Cloudflare investigates the issue, you can use the **Suppress** action on the finding to remove it from your active list and reduce noise.
+While Cloudflare investigates the issue, you can [ignore the finding or hide individual instances](/cloudflare-one/cloud-and-saas-findings/manage-findings/#hide-findings) to remove it from your active list and reduce noise.

From 8924b01d3c39ece41c0eb68b716d42799baa8252 Mon Sep 17 00:00:00 2001
From: Jun Lee <junlee@cloudflare.com>
Date: Wed, 8 Apr 2026 16:20:25 +0100
Subject: [PATCH 2/3] [CF1] Improve CASB docs clarity from ELI5 review

- Split long CASB intro sentence and explain 'API-driven' inline (index.mdx)
- Add DLP profile parenthetical definition (casb-dlp.mdx)
- Add caution callout for full-scan vs incremental-scan distinction (casb-dlp.mdx)
- Rephrase ambiguous Java/R minimum size limitation (casb-dlp.mdx)
- Add OCR cross-link to clarify that CASB does not scan images but DLP does via Gateway (casb-dlp.mdx)
- Add parenthetical for 'data at rest' (manage-findings.mdx)
- Add ignore vs hide comparison before procedures (manage-findings.mdx)
- Clarify Failed vs Rejected remediation statuses (manage-findings.mdx)
- Rewrite Gateway policy intro to bridge CASB-to-Gateway concept (manage-findings.mdx)
- Add finding ID location hint (troubleshoot-casb.mdx)
---
 .../cloud-and-saas-findings/casb-dlp.mdx             | 12 +++++++-----
 .../cloudflare-one/cloud-and-saas-findings/index.mdx |  2 +-
 .../cloud-and-saas-findings/manage-findings.mdx      |  9 ++++++---
 .../cloud-and-saas-findings/troubleshoot-casb.mdx    |  2 +-
 4 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
index 5442ec7f6a4e306..03ba281dc94233e 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
@@ -11,7 +11,7 @@ import { Render } from "~/components";
 Requires Cloudflare CASB and Cloudflare DLP.
 :::
 
-You can use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/) to discover if files stored in a SaaS application contain sensitive data. To perform DLP scans in a SaaS app, first configure a [DLP profile](#configure-a-dlp-profile) with the data patterns you want to detect, then [add the profile](#enable-dlp-scans-in-casb) to a CASB integration.
+You can use [Cloudflare Data Loss Prevention (DLP)](/cloudflare-one/data-loss-prevention/) to discover if files stored in a SaaS application contain sensitive data. To perform DLP scans in a SaaS app, first configure a [DLP profile](#configure-a-dlp-profile) (a set of patterns that define what counts as sensitive data) with the data patterns you want to detect, then [add the profile](#enable-dlp-scans-in-casb) to a CASB integration.
 
 ## Supported integrations
 
@@ -64,12 +64,14 @@ If you enable a DLP profile from the **Manage integrations** page, CASB will onl
 - Owner of the file
 - Location of the file (for example, moved to a different folder)
 
-In order to scan historical data, you must enable the DLP profile during the [integration setup flow](#add-a-new-integration).
+:::caution
+If you add a DLP profile to an existing integration, CASB only scans files modified after you enabled the profile. To scan all files, you must enable the DLP profile during the [integration setup flow](#add-a-new-integration).
+:::
 
 ## Limitations
 
 DLP in CASB will only scan:
 
-- [Text-based files](/cloudflare-one/data-loss-prevention/#supported-file-types) such as documents, spreadsheets, and PDFs. Images are not supported.
-- Files less than or equal 100 MB in size.
-- Source code with a minimum size of 5 KB for Java and R.
+- [Text-based files](/cloudflare-one/data-loss-prevention/#supported-file-types) such as documents, spreadsheets, and PDFs. Images are not scanned by CASB. For image scanning via inline traffic inspection, refer to [Optical Character Recognition (OCR)](/cloudflare-one/data-loss-prevention/dlp-profiles/advanced-settings/#optical-character-recognition-ocr).
+- Files less than or equal to 100 MB in size.
+- Java and R source code files that are at least 5 KB. Smaller files in these languages are skipped.
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx
index 7758474e529dc2c..7004b7486c393bb 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/index.mdx
@@ -16,7 +16,7 @@ Available for all Zero Trust users.
 Free users can configure up to two CASB integrations. You must upgrade to an Enterprise plan to view the details of a finding instance.
 :::
 
-Cloudflare's API-driven [Cloud Access Security Broker](https://www.cloudflare.com/learning/access-management/what-is-a-casb/) (CASB) integrates with SaaS applications and cloud environments to scan for misconfigurations, unauthorized user activity, <GlossaryTooltip term="shadow IT" link="https://www.cloudflare.com/learning/access-management/what-is-shadow-it/">shadow IT</GlossaryTooltip>, and other data security issues that can occur after a user has successfully logged in.
+Cloudflare's [Cloud Access Security Broker](https://www.cloudflare.com/learning/access-management/what-is-a-casb/) (CASB) connects to SaaS application and cloud environment APIs to scan for security issues that can occur after a user has successfully logged in. These include misconfigurations (such as overly permissive sharing settings), unauthorized user activity, <GlossaryTooltip term="shadow IT" link="https://www.cloudflare.com/learning/access-management/what-is-shadow-it/">shadow IT</GlossaryTooltip>, and other data security issues.
 
 For a list of available findings, refer to [Cloud and SaaS integrations](/cloudflare-one/integrations/cloud-and-saas/).
 
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx
index 03cf5a34a8fb66f..06524308ecd2dce 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/manage-findings.mdx
@@ -10,7 +10,7 @@ head:
 
 import { TabItem, Tabs, Details } from "~/components";
 
-Findings are security issues detected within SaaS and cloud applications that involve users, data at rest, and other configuration settings. With Cloudflare CASB, you can review a comprehensive list of findings in Cloudflare One and immediately start taking action on the issues found.
+Findings are security issues detected within SaaS and cloud applications that involve users, data at rest (files stored in your apps), and other configuration settings. With Cloudflare CASB, you can review a comprehensive list of findings in Cloudflare One and take action on the issues found.
 
 ## Prerequisites
 
@@ -93,6 +93,9 @@ File findings for some integrations (such as [Microsoft 365](/cloudflare-one/int
 
 After reviewing your findings, you may decide that certain posture findings are not applicable to your organization. Cloudflare CASB allows you to remove findings or individual instances of findings from your list of active issues. CASB will continue to scan for these issues, but any detections will appear in a separate tab.
 
+- **Ignore a finding** — Moves the entire finding type from **Active** to **Ignored**. New detections of this finding type still appear, but in the **Ignored** tab.
+- **Hide an instance** — Moves a single occurrence from **Active** to **Hidden**. Future occurrences for the same user or file go to the **Hidden** tab automatically.
+
 ### Ignore a finding
 
 1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Posture Findings**.
@@ -151,13 +154,13 @@ Remediated findings will appear in **Cloud & SaaS findings** > **Posture Finding
 | Failed     | CASB unsuccessfully remediated the finding.                                                                     |
 | Rejected   | CASB does not have the correct permissions to remediate the finding.                                            |
 
-If the status is **Completed**, remediation succeeded. If the status is **Failed** or **Rejected**, remediation failed, and you can select the finding to take action again.
+If the status is **Completed**, remediation succeeded. If the status is **Failed** or **Rejected**, remediation failed, and you can select the finding to take action again. A **Rejected** status indicates that CASB does not have the correct permissions to remediate the finding.
 
 CASB will log remediation actions in **Logs** > **Admin**. For more information, refer to [Cloudflare One Logs](/cloudflare-one/insights/logs/).
 
 ## Resolve finding with a Gateway policy
 
-Using the security findings from CASB allows for fine-grained Gateway policies which prevent future unwanted behavior while still allowing usage that aligns to your organization's security policy. You can view a CASB finding, like the use of an unapproved application, then immediately prevent or control access with Gateway.
+CASB detects security issues that already exist in your SaaS environment. To prevent the same issues from recurring, you can create a [Gateway HTTP policy](/cloudflare-one/traffic-policies/http-policies/) directly from a CASB finding. For example, you can block users from sharing files publicly or accessing unsanctioned applications.
 
 CASB supports creating a Gateway policy for findings from the [Google Workspace integration](/cloudflare-one/integrations/cloud-and-saas/google-workspace/):
 
diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
index e14a7777c5147c2..d86410abe360865 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/troubleshoot-casb.mdx
@@ -74,7 +74,7 @@ Carefully examine the evidence provided in the finding. An object's status in th
 
 ### Report the issue
 
-If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID and as much detail as possible. This helps the Support team refine the detection logic for all customers.
+If you confirm the finding is a false positive, report the behavior to Cloudflare Support. Provide the finding ID (visible in the finding's detail view) and as much detail as possible. This helps the Support team refine the detection logic for all customers.
 
 ### Hide the finding
 

From bf68ed53985ac6b7b4b205d279d5766df9ea0638 Mon Sep 17 00:00:00 2001
From: Jun Lee <junlee@cloudflare.com>
Date: Fri, 10 Apr 2026 16:46:07 +0100
Subject: [PATCH 3/3] Removing outdated limitation

---
 .../docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
index 03ba281dc94233e..91794374d3af80e 100644
--- a/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
+++ b/src/content/docs/cloudflare-one/cloud-and-saas-findings/casb-dlp.mdx
@@ -72,6 +72,5 @@ If you add a DLP profile to an existing integration, CASB only scans files modif
 
 DLP in CASB will only scan:
 
-- [Text-based files](/cloudflare-one/data-loss-prevention/#supported-file-types) such as documents, spreadsheets, and PDFs. Images are not scanned by CASB. For image scanning via inline traffic inspection, refer to [Optical Character Recognition (OCR)](/cloudflare-one/data-loss-prevention/dlp-profiles/advanced-settings/#optical-character-recognition-ocr).
 - Files less than or equal to 100 MB in size.
 - Java and R source code files that are at least 5 KB. Smaller files in these languages are skipped.