Building Blocks in Aperture Asset Policy

An asset (or content) policy rule has the following information:
Field
Description
Rule Name
A name for the policy rule.
Description
A description that explains the purpose of the rule.
Severity
Specify a value to indicate the impact of the issue. The value can range from 1 to 5, with 5 representing the highest severity.
Status
A rule can be in the enabled or disabled state. The predefined data patterns provided by Aperture are automatically enabled.
After you Configure Data Patterns, you must enable the pattern.
Match Criteria
Specifies what the rule scans for and the number of occurrences or frequency required to trigger an alert. See Match Criteria by Rule Type for details about each rule type.
When you change the match criteria settings, you automatically trigger a rescan of all assets for the corresponding SaaS application. The Aperture service uses the updated settings in the policy rule configuration to rescan assets and identify incidents.
Actions
Allows you to specify whether the Aperture service should trigger one of the following actions to Automatically Remediate Risks or if it should simply log the event as a incident.
  • Quarantine—Automatically moves the compromised asset to a quarantine folder. For User Quarantine, you can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app. For Admin Quarantine, you can send the asset to a special Admin quarantine folder which only an Admin can access. When the asset is quarantined, you can send the asset owner an email that describes the actions that were taken.
  • Change Sharing—Automatically removes links that allow the asset to be publicly-accessed. For Direct Links you can remove the direct link on the asset only. For Public Links on Parent Folders you can also remove links that expose the asset due to inheritance from the parent folders.
  • Notify File Owner —Sends an email digest to the asset owner that describes actions they can take to fix the issue.
  • Notify via Bot— Sends a message using the Cisco Webex bot that you configured in Begin Scanning a Cisco Webex Teams App.
  • Apply Classification—Automatically applies the classification and priority labels to the third party classification data pattern match criteria.
  • Create Incident—Automatically changes incident status to Open and the incident category to New so the administrator can Assess Incidents.
  • Send Admin Alert—Select send admin alert for compliance issues that need immediate action, such as policy rules that are high risk or sensitive. Sends an email digest to the asset administrator that describes actions they can take to fix the issue.

Related Documentation