Match Criteria by Rule Type

When you Add a New Policy Rule for Content or you Modify a Policy Rule, you define the match criteria that the policy rule uses when scanning for matches. The Aperture service compares all of the information it discovers against the enabled policy rules and identifies incidents and exposures in every asset across all your monitored SaaS applications. Match criteria is critical for successful discovery of risks in SaaS application usage across your organization so, when you set the match criteria, you must carefully consider the thresholds, types of information, and risks associated with how assets are shared. Use match criteria to enforce compliance with your corporate acceptable use policy.
Rule Type
Description
Activity
Select the asset access and modification activities within a selected time frame to match. For example, activities can include Accessed, Not Accessed, Modified, and Not Modified. Time frames include in the past week, in the past month, and in the past 6 months.
Asset Name
Enter the Asset Name to include or exclude in the match results. Select either Equals to match the asset, or Does not Equal to exclude the asset from matching.
Cloud Apps
Select the managed applications to scan and match. By default, all cloud apps you added to the Aperture service are scanned, but you can Rescan a Managed Cloud App.
Data Pattern
Select the available data patterns to match including predefined or custom data patterns or a file property you defined when you Configure Data Patterns. Enter the number of Occurrences required to display a data pattern match.
Exposure
Select the match conditions for how the asset is shared (Public, External, Company, or Internal).
File Extension
Enter the File Extension to include or exclude in the match results. Select either Equals to match the asset file extension, or Does not Equal to exclude the asset file extension from matching.
Owner
Enter the email address for the asset Owner to Include or Exclude in the match results.
File Hash
Files are scanned using WildFire analysis to detect and protect against malicious portable executables (PEs) and known threats based on file hash. Enter the Hash (SHA256) details of the file to match. Select Equals (include in matching), or Does not Equal (exclude in matching).
Trust State
When you Define Untrusted Users and Domains or if you are matching on an assets trust state, all assets shared with a user in the selected Trusted, Untrusted, or Anyone Not Trusted users list are detected as a match. Specify the number of occurrences (such as Any, More than, Fewer than, or Between with whom a file must be shared to trigger a match.
Account
Select the Cloud App and the Project/Subscription in the storage Account to include in the match results.
asset-rule-add-account.png

Related Documentation