: Building Blocks in Asset Rules
Focus
Focus

Building Blocks in Asset Rules

Table of Contents

Building Blocks in Asset Rules

Learn about the building blocks available to create asset rules on
Data Security
.
An asset (or content) rule has the following information:
Field
Description
Rule Name
A name for the policy rule.
Description
A description that explains the purpose of the rule.
Severity
Specify a value to indicate the impact of the issue. The value can range from 1 to 5, with 5 representing the highest severity.
Status
A rule can be in the enabled or disabled state. The predefined data patterns provided by
Data Security
are automatically enabled.
After you Configure Data Patterns, you must enable the pattern.
Match Criteria
Specifies what the rule scans for and the number of occurrences or frequency required to trigger an alert. See Match Criteria for Asset Rules for details about each rule type.
When you change the match criteria settings, you automatically trigger a rescan of all assets for the corresponding SaaS application.
Data Security
uses the updated settings in the policy rule configuration to rescan assets and identify incidents.
Actions
Allows you to specify whether
Data Security
should trigger one of the following actions to carry out Automatic Incident Remediation Options or if it should simply log the event as a incident.
  • Quarantine
    —Automatically moves the compromised asset to a quarantine folder. For
    User Quarantine
    , you can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app. For
    Admin Quarantine
    , you can send the asset to a special Admin quarantine folder which only an Admin can access. When the asset is quarantined, you can send the asset owner an email that describes the actions that were taken.
  • Change Sharing
    —Automatically removes removes public links or external collaborators.
  • Notify File Owner
    —Sends an email digest to the asset owner that describes actions they can take to fix the issue.
  • Notify via Bot
    — Sends a message using the Cisco Webex bot that you configured in Begin Scanning a Cisco Webex Teams App.
  • Apply Classification
    —Automatically applies the classification and priority labels to the third party classification data pattern match criteria.
  • Create Incident
    —Automatically changes incident status to
    Open
    and the incident category to
    New
    so the administrator can Assess Incidents.
  • Send Admin Alert
    —Select send admin alert for compliance issues that need immediate action, such as policy rules that are high risk or sensitive. Sends an email digest to the asset administrator that describes actions they can take to fix the issue.
View which autoremediate options are supported for each sanctioned SaaS application.

Recommended For You