Files that are domain-wide shared in an external domain with internal collaborators can be classified as shared externally even with users in the internal secondary domains. As a result of this behavior, we will see false positives if the policy is configured with internal domain-wide sharing as one of the filtering criteria.

Broadcom is aware and is planning a future change to address limitations in how CASB classifies files which are shared domain-wide in the external domain and few internal collaborators.

Workaround:

Policy

• Create a policy for each domain where the policy should affect the users of the domain.
• Create\Sync Groups from a directory to CloudSOC and assign the group to the policy. (Note see Additional info: The securlet does not sync groups for Google Workspace to CloudSOC).

In order to see file exposures:

    Select the internal or external slider to display the files by exposure.

CASB securlets do not support group synchronization to CloudSOC.

The possibility of a group being overwritten by another securlet with different users would make group syncronization unmanageable.