Files that are domain-wide shared in an external domain with internal collaborators can be classified as shared externally even with users in the internal secondary domains. As a result of this behavior, we will see false positives if the policy is configured with internal domain-wide sharing as one of the filtering criteria.
Broadcom is aware and is planning a future change to address limitations in how CASB classifies files which are shared domain-wide in the external domain and few internal collaborators.
Workaround:
Policy
In order to see file exposures:
Select the internal or external slider to display the files by exposure.
CASB securlets do not support group synchronization to CloudSOC.
The possibility of a group being overwritten by another securlet with different users would make group syncronization unmanageable.