Match Criteria for User Activity Rules
The following table lists the match criteria for user activity rules.
List of activities to monitor. For example, activities can include Create, Edit, Delete, Authorize, Upload, Join, or more. You can include multiple activities in a rule.
List of accessible applications to scan. By default, all cloud apps you added to the Aperture service are scanned, but you can restrict scans to specific apps.
The count and frequency of the activity that will trigger a policy violation. For example, ten (or more) times a week, or two (or more) times per day.
Users whose perform the activities. By default, all users in all domains are included. Alternatively, you can:
The Name and Type of target for the user activity. For example, a target could be any user activity that impacts a Super Admin (target name) Password (target type). Or, any user activity associated with a Client List (target name) Report (target type).
You can Add a Target to include multiple targets in a policy rule. For example, activities that add Users (target) to Teams (target), or activities that share Links (target) with Users (target) would include two targets in the rule.
The location where the activity occurs. Choices include:
The IP address where the activity was initiated. Choices include:
Use commas to separate multiple IP addresses.
Allows you to specify whether the Aperture service should trigger one of the following actions to automatically remediate incidents or log the event as a risk.
Examples of User Activity Rules
Examples of User Activity Rules The following are some examples of how to configure user activity rules. Objective Criteria Value Send an alert if any ...
Configure User Activity Rules
Configure User Activity Rules In addition to data patterns, you can configure policy rules for user activity. For example, you can create a policy that ...
Monitor User Activity
Monitor User Activity On the Aperture service, you can view user activity across all assets on Box, Microsoft Office 365 for OneDrive and SharePoint, Google ...
Match Criteria by Rule Type
Match Criteria by Rule Type When you Add a New Policy Rule for Content or you Modify a Policy Rule , you define the match ...
Define Enterprise Settings on RedLock
Learn where to set enterprise settings for UEBA, browser, alert disposition etc on the RedLock console. ...
Analysis Artifacts Analysis artifacts make up the WildFire dynamic and static analysis of a sample. WildFire Dynamic Analysis information consist of properties, activities, and behaviors ...
Samples The Samples tab in the AutoFocus search editor displays all samples that match the conditions of the search. Click the column headers for the ...
Protection Modules Each security profile applies multiple security modules to protect your endpoints from a wide range of attack techniques. While the settings for each ...
Sample Behavior Evidence
Sample Behavior Evidence AutoFocus™ provides a summary of the behaviors samples displayed in the WildFire® analysis environment. Now, for each observed behavior , you can ...