Add a New Asset Policy Rule

To add a new policy rule for scanning assets stored on your SaaS applications:
  1. Select PolicyAsset RulesAdd an Asset Rule.
  2. Enter a Rule Name and an optional Description.
  3. Select a Severity for the rule.
  4. Verify that the Status is Enabled.
  5. Specify the Match Criteria by Rule Type for your assets.
    Sensitive documents are identified as a policy rule violation only if the exposure level is violated. For example, you can configure a policy rule to trigger a an alert for a sensitive document that has a Public or External exposure. To specify the exposure level for which to flag a sensitive document as an incident:
    1. Select the exposure levels for which you want an alert. For example, most sensitive documents should not have a Public exposure so you would select Public to match sensitive documents that have a Public exposure level.
    2. Select the cloud applications for which this rule is used during a scan.
  6. Define Untrusted Users and Domains, if you have not already done so.
  7. Verify that an action is enabled.
    Automatic remediation is a powerful tool and can modify a large number of assets in a short amount of time. Make sure you perform a test run first (using one policy rule and a small set of assets) before including these actions on additional policy rules.
    1. For most policy rules, verify that Actions setting is Create Incident. This option allows you to identify potential risks for new cloud apps that you add. Then, after you uncover specific issues that are high-compliance risks on your network, you can modify the rule or add a new rule that triggers one of the following actions to Automatically Remediate Risks:
      Quarantine—Automatically moves the compromised asset to a quarantine folder.
      Change Sharing—Automatically removes links that allow the asset to be publicly-accessed.
      Notify File Owner—Sends an email digest to the asset owner that describes actions they can take to fix the issue.
      Notify via Bot—(Only for Cisco Webex Teams) Uses a machine account that you created to send a direct message to the asset owner who triggered the policy match.
    2. Select Send admin alert only for compliance issues for which you need to take immediate action, such as policy rules that are high-risk or sensitive. The Aperture service can send up to five emails per hour on matches against each Cloud App instance.
      Enable email alerts only after the Aperture service completes the initial discovery scan so that you are not inundated with emails when historical assets are scanned.
  8. Save your new policy rule.
    Save your changes.
    The Aperture service starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start to View Active Incidents and Automatically Remediate Risks.

Related Documentation