Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
>
Clear
Examples of User Activity Policies
Updated on
Thu Aug 07 09:45:27 PDT 2025
Focus
Download PDF
Updated on
Thu Aug 07 09:45:27 PDT 2025
Focus
Home
SaaS Security
Manage Policy for Sanctioned SaaS Apps in Data Security
User Activity Policies
Examples of User Activity Policies
Download PDF
SaaS Security
Examples of User Activity Policies
Table of Contents
Filter
Expand All
|
Collapse All
SaaS Security Docs
Activation & Onboarding
Getting Started
Data Security
SaaS Security Inline
SSPM
Behavior Threats
Release Notes
Examples of User Activity Policies
Examples of user activity policies on
Data Security
.
The following are some examples of how to
configure user activity rules
.
Objective
Criteria
Value
Send an alert if any user downloads more than 500 files in a day.
Activity
Count or Frequency
Target Type
Action
Download
500, 1 day
File
Send Admin Alert
Send an alert for failed logins on Salesforce.
Activity
Cloud Apps
Action
Failed Login
Salesforce
Send Admin Alert
Log any activity from a malicious IP address.
Activity
IP Address
Action
Any Activity
127.31.52.12
Log only
Send an alert if a user outside of paloaltonetworks.com uploads an executable file.
Activity
Domain
Target Name
Target Type
Action
Upload
Any Domain Except paloaltonetworks.com
*.exe
File
Send Admin Alert
Log an activity when users change their passwords.
Activity
Target Type
Action
Edit
Password
Log only
