Configure User Activity Rules

In addition to data patterns, you can configure policy rules for user activity. For example, you can create a policy that sends an email alert or creates a log entry when a user downloads a large number of reports or when a user tries to access an SaaS application from a malicious IP address. Similar to content-based rules, user activity rules include a robust set of match criteria that allow you to precisely define which activities to track.
po-configure-user-activity-rules.png

Related Documentation