>
    Strata Copilot
    Building Blocks in Data Asset Policies
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Manage Policy for Sanctioned SaaS Apps in Data Security
    4. Data Asset Policies
    5. Building Blocks in Data Asset Policies
    Download PDF
    SaaS Security

    Building Blocks in Data Asset Policies

    Table of Contents

    Building Blocks in Data Asset Policies

    Learn about the building blocks available to create data asset policies on Data Security.
    A data asset (or content) policy has the following information:
    Field
    Description
    Data Asset Policy Name
    A name for the data asset policy.
    Description
    A description that explains the purpose of the policy.
    Severity
    Specify a value to indicate the impact of the issue. The value can range from 1 to 5, with 5 representing the highest severity.
    Status
    A policy can be in the enabled or disabled state. The predefined data patterns provided by Data Security are disabled by default.
    After you Configure Data Patterns, you must enable the pattern.
    Match Criteria
    Specifies what the policy scans for and the number of occurrences or frequency required to trigger an alert. See Match Criteria for Data Asset Policies for details about each policy type.
    When you change the match criteria settings, you automatically trigger a rescan of all assets for the corresponding SaaS application. Data Security uses the updated settings in the policy configuration to rescan assets and identify incidents.
    Actions
    • Basic Actions
      • Log as an incident only—Automatically changes incident status to Open and the incident category to New so the administrator can Assess Incidents.
      • Send Admin Alert and log as an incident—Select send admin alert for compliance issues that need immediate action, such as policies that are high risk or sensitive. Sends an email digest to the asset administrator that describes actions they can take to fix the issue.
    • Autoremediate Actions
      • Quarantine—Automatically moves the compromised asset to a quarantine folder. For User Quarantine, you can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app. For Admin Quarantine, you can send the asset to a special Admin quarantine folder which only an Admin can access. When the asset is quarantined, you can send the asset owner an email that describes the actions that were taken.
      • Change Sharing—Automatically removes removes public links or external collaborators.
      • Notify File Owner —Sends an email digest to the asset owner that describes actions they can take to fix the issue.
      • Notify via Bot— Sends a message using the Cisco Webex bot that you configured in Begin Scanning a Cisco Webex Teams App.
    • Apply Data Label
    View which autoremediate options are supported for each sanctioned SaaS application.

    © 2025 Palo Alto Networks, Inc. All rights reserved.