Findings are security issues detected within SaaS and cloud applications that involve users, data at rest, and other configuration settings. With Cloudflare CASB, you can review a comprehensive list of findings in Cloudflare One and immediately start taking action on the issues found.
- You have added aCloud and SaaS integration.
- Your scan has surfaced at least one security finding.
Posture findings include misconfigurations, unauthorized user activity, and other data security issues.
To view details about the posture findings that CASB found:
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings.
- ChooseSaaS orCloud.
- To view details about a finding, select the finding's name
Cloud & SaaS findings will display details about your posture finding, including the finding type,severity level, number of instances, associated integration, current status, and date detected. For more information on each instance of the finding, selectManage.
To manage the finding's visibility, you can update the finding'sseverity level orhide the finding from view. Additionally, some findings provide a remediation guide to resolve the issue or supportcreating a Gateway HTTP policy to block the traffic.
Cloudflare CASB labels each finding with one of the following severity levels:
| Severity level | Urgency |
|---|---|
| Critical | Suggests the finding is something your team should act on today. |
| High | Suggests the finding is something your team should act on this week. |
| Medium | Suggests the finding should be reviewed sometime this month. |
| Low | Suggests the finding is informational or part of a scheduled review process. |
You can change the severity level for a finding at any time in case the default assignment does not suit your environment:
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings.
- Locate the finding you want to modify and selectManage.
- In the severity level drop-down menu, choose your desired setting (Critical,High,Medium, orLow).
The new severity level will only apply to the posture finding within this specific integration. If you added multiple integrations of the same application, the other integrations will not be impacted by this change.
Content findings include instances of potential data exposure as identified byDLP.
To view details about the content findings that CASB found:
- InCloudflare One ↗, go toCloud & SaaS findings >Content Findings.
- ChooseSaaS orCloud.
- To view details about a finding, select the finding's name.
Cloud & SaaS findings will display details about your content finding, including the file name, a link to the file, matching DLP profiles, associated integration, and date detected.
AWS users can configure acompute account to scan for data security resources within their S3 resources.
File findings for some integrations (such asMicrosoft 365 andBox) may link to an inaccessible file. To access the actual shared file:
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings.
- ChooseSaaS orCloud.
- Locate the individual finding, then selectManage.
- InActive Instances, select the file name.
- InShared Links, select the linked file instance.
- InCloudflare One ↗, go toCloud & SaaS findings >Content Findings.
- ChooseSaaS orCloud.
- Select the file name of the detected asset.
- InSharing details, select the linked file instance.
After reviewing your findings, you may decide that certain posture findings are not applicable to your organization. Cloudflare CASB allows you to remove findings or individual instances of findings from your list of active issues. CASB will continue to scan for these issues, but any detections will appear in a separate tab.
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings.
- Locate the active finding you want to hide.
- In the three-dot menu, selectMove to ignore.
The finding's status will change fromActive toIgnored. CASB will continue to scan for these findings and report detections. You can change ignored findings back toActive with the same process at any time.
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings.
- Choose the active finding you want to hide, then selectManage.
- InActive, find the instance you want to hide.
- In the three-dot menu, selectMove to hidden.
The instance will be moved fromActive toHidden within the finding. If the finding occurs again for the same user, CASB will report the new instance quietly in theHidden tab. You can move hidden instances back to theActive tab at any time.
In addition to detecting and surfacing misconfigurations or issues with SaaS and cloud applications, CASB can also remediate findings directly in applications.
CASB supports remediation for findings from theMicrosoft 365 integration:
Supported CASB findings for remediation
- Microsoft: File publicly accessible with edit access
- Microsoft: File publicly accessible with view access
- Microsoft: File publicly accessible with edit access with DLP Profile match
- Microsoft: File publicly accessible with view access with DLP Profile match
Before you can remediate findings,add a new integration and chooseRead-Write mode during setup. Alternatively, you can update an existing integration:
- InCloudflare One ↗, go toCloud & SaaS findings >Integrations.
- Choose your integration, then selectConfigure.
- InIntegration permissions, chooseRead-Write mode.
- SelectUpdate integration. CASB will redirect you to your Microsoft 365 configuration.
- Sign in to your organization, then selectAccept.
CASB can now remediate supported findings directly.
To remediate a supported finding:
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings.
- Choose a supported finding type, then selectManage.
- InActive Instances, select an instance.
- InRemediation details, choose a remediation action to take.
CASB will begin remediating the instance.
Remediated findings will appear inCloud & SaaS findings >Posture Findings. The status of the finding will change depending on what action CASB has taken:
| Status | Description |
|---|---|
| Pending | CASB has set the finding to be remediated. |
| Queued | CASB has queued the finding for remediation. |
| Processing | CASB is currently remediating the finding. |
| Validating | CASB successfully completed the remediation and is waiting for confirmation that the finding has been resolved. |
| Completed | CASB successfully remediated the finding and validated that the finding has been resolved. |
| Failed | CASB unsuccessfully remediated the finding. |
| Rejected | CASB does not have the correct permissions to remediate the finding. |
If the status isCompleted, remediation succeeded. If the status isFailed orRejected, remediation failed, and you can select the finding to take action again.
CASB will log remediation actions inLogs >Admin. For more information, refer toCloudflare One Logs.
Using the security findings from CASB allows for fine-grained Gateway policies which prevent future unwanted behavior while still allowing usage that aligns to your organization's security policy. You can view a CASB finding, like the use of an unapproved application, then immediately prevent or control access with Gateway.
CASB supports creating a Gateway policy for findings from theGoogle Workspace integration:
Supported CASB findings for Gateway policies
- Google Workspace: File publicly accessible with edit access
- Google Workspace: File publicly accessible with view access
- Google Workspace: File shared outside company with edit access
- Google Workspace: File shared outside company with view access
Ensure that you haveenabled HTTP filtering for your organization.
To create a Gateway policy directly from a CASB finding:
- InCloudflare One ↗, go toCloud & SaaS findings >Posture Findings orCloud & SaaS findings >Content Findings.
- ChooseSaaS orCloud.
- Choose the finding you want to modify, then selectManage.
- Find the instance you want to block and select its three-dot menu.
- SelectBlock with Gateway HTTP policy. A new browser tab will open with a pre-filled HTTP policy.
Not all CASB findings will have theBlock with Gateway HTTP policy option. Unsupported findings can only be resolved from your application dashboard or through your domain provider.
- (Optional)Configure the HTTP policy. For example, if the policy blocks an unsanctioned third-party app, you can apply the policy to some or all users, or only block uploads or downloads.
- SelectSave.
Your HTTP policy will now prevent future instances of the security finding.
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
