Add a New Policy Rule for User Activity

To add a new policy rule for user activity:
  1. Add a new rule.
    1. Select PolicyUser Activity RulesAdd a User Activity Rule.
  2. Define the basic settings.
    1. Enter a Name for the rule.
    2. (Optional) Enter a Description that includes the purpose of the rule.
    3. Specify a Incident Score for the rule. Incident scores range from 1 to 5, with 5 representing the highest risk.
  3. Specify the items to detect.
    1. Select one of the following:
      • Users—Applies the policy rule to users.
      • Assets (such as files or folders)—Applies the policy rule to assets.
    2. (Optional) Manage Exceptions for the rule. Enter the users or assets you want to exclude from the rule. For example, you might want to exclude Aperture administrators from user activity monitoring.
  4. Specify the match criteria for the activity.
  5. Verify that an action is enabled.
    Choices include:
    • Log Only (default)—Log the policy violation.
    • Send admin alert—For policy violations that require immediate action, send an email alert. The Aperture service can send up to five emails per hour on matches against each policy rule.
  6. Verify that the policy rule is enabled.
    In Basics, verify that the Status is Enabled. A rule can be in the enabled or disabled state. After you add a new rule, you must enable the rule.
  7. Save your new policy rule.
    Save your changes.
    The Aperture service starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start View Policy Violations for User Activity.

Related Documentation