Abstract: SaaS security configurations distribution and management are disclosed, including: providing first software as a service (SaaS) security configurations for a first organization that are applicable to the first organization based at least in part on first attributes of the first organization, wherein the first SaaS security configurations trigger first security actions upon detection of first relevant events; providing second SaaS security configurations for a second organization that are applicable to the second organization based at least in part on second attributes of the second organization, wherein the second SaaS security configurations trigger second security actions upon detection of second relevant events; and selectively presenting, at a user interface, at least a portion of the second SaaS security configurations that is applicable to the first organization based at least in part on the first attributes of the first organization.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: Remediation of detected configuration violations is disclosed, including: detecting a violation associated with a configuration at a data source server; providing a remediation corresponding to the violation; and storing an audit log that includes one or more events associated with the remediation corresponding to the violation.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: A computer system analyzes the state of a computer system to determine whether that state violates one or more security goals from a particular perspective, such as a particular user account or role. The system takes into account a combination of access rights, permissions, and entitlements to determine whether the state of the computer system violates any of the security goals. In response to determining that at least one of the security goals is violated, the computer system may change the state of the computer system so that it no longer violates the security goals, or prevent the computer system from being put into that state.

Abstract: A computer system analyzes the state of a computer system to determine whether that state violates one or more security goals from a particular perspective, such as a particular user account or role. The system takes into account a combination of access rights, permissions, and entitlements to determine whether the state of the computer system violates any of the security goals. In response to determining that at least one of the security goals is violated, the computer system may change the state of the computer system so that it no longer violates the security goals, or prevent the computer system from being put into that state.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, a method includes receiving an accepted security assessment agreement from a user, where the security assessment agreement is associated with a software application utilized in an online services system. The method also includes receiving configuration data associated with the software application; receiving scanning data associated with the software application; and sending the configuration data and scanning data to one or more security assessment systems.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, the method includes receiving a list of target data for a report; and generating fields in the report. The method also includes populating the fields with composite information; receiving a command to execute the report; fetching the target data using the composite information; and populating the report with the target data.

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for determining a confidentiality for a site record. In one embodiment, a site record for analysis is identified at a computing device. The computing device may identify a source for the site record and determine, based on the source, a source-based confidentiality for the site record. The computing device may identify, based on the site record, a designated confidentiality for the site record, and determine that the designated confidentiality is different from the source-based confidentiality. Responsive to the determination that the designated confidentiality is different from the source-based confidentiality, the computing device may store the source-based confidentiality for the site record on a storage medium.

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for analyzing computing site information. In one embodiment, an analysis tool for analyzing a first site record stored on a storage medium may be selected. The first site record comprising information may relate to a computing site. The computing site may comprise a unit of computing functionality accessible via a network. When it is determined that first confidentiality level for the computing site exceeds a trust level for the analysis tool, the first site record may be modified to create a second site record, the second site record having a second confidentiality level, the second confidentiality level not exceeding the trust level.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, the method includes receiving a list of target data for a report; and generating fields in the report. The method also includes populating the fields with composite information; receiving a command to execute the report; fetching the target data using the composite information; and populating the report with the target data.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, the method includes receiving a list of target data for a report; and generating fields in the report. The method also includes populating the fields with composite information; receiving a command to execute the report; fetching the target data using the composite information; and populating the report with the target data.

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for determining a combined trust level for a website. In one embodiment, a user account associated with the creation or maintenance of the website may be analyzed. The analysis of the user account may be capable of identifying the presence or absence of a first risk factor affecting a likelihood that the user account is engaged in a malicious activity. A source code file capable of being used to create a message for sending to a remote computing device may be analyzed. The analysis of the source code file may be capable of identifying the presence or absence of a second risk factor affecting a likelihood that the source code file is facilitating a malicious activity. Based on the analysis, a combined trust level for the website may be determined.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, the method includes receiving a list of target data for a report; and generating fields in the report. The method also includes populating the fields with composite information; receiving a command to execute the report; fetching the target data using the composite information; and populating the report with the target data.

Abstract: A system and method for performing security assessments in an online services system. In one embodiment, a method includes receiving an accepted security assessment agreement from a user, where the security assessment agreement is associated with a software application utilized in an online services system. The method also includes receiving configuration data associated with the software application; receiving scanning data associated with the software application; and sending the configuration data and scanning data to one or more security assessment systems.