ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Office 365 Securlet not showing Exposed and Unexposed files


Article ID: 172284


Updated On:


CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package


Not seeing all data in the Office 365 Securlet regarding exposed and unexposed files.


 A document will only show up as exposed once the share link has been accessed. This is how the API traffic displays the share from O365 to CloudSOC.


Files that are public and shared.  if a document is shared via a link that can be accessed by anyone, the document will show up as Exposed Content, but only after having the link accessed by the external user. 
It doesn't show up until it has been accessed.

  • A user can create public links to files or share files to external addresses and there is no visibility of these exposures until the file is accessed by the emailed recipient for the external share or accessed through the created public link. There is no way to remove, or even know about, these exposures before they are accessed once.
  • Through the Securlet dashboard, any files that are not exposed and does not contain a keyword that triggers a DLP profile will not be visible in any way to Symantec admins. Only files that have been exposed (accessed by the outside) or have a potential to expose DLP profile data are visible.
  • For O365, if a user performs an action against a file, (share, upload, etc.) it can take up to 6 hours for that to be reflected in the Securlet, although the action should be seen in Investigate in minutes. This means if we have a policy to remove public exposures, a link can be created and emailed out, and the file accessed until the Securelet becomes aware, scans it and applies applicable policy.