Match Criteria for Asset Rules
Table of Contents
Expand all | Collapse all
-
-
- What’s Data Security?
- Navigate To Data Security in Cloud Management Console
- Activate Data Security on the Hub
- Access Data Security for Standalone SaaS Security
-
- Allowed List of IP Addresses
-
- Begin Scanning an Amazon Web Services App
- Begin Scanning a Bitbucket Cloud App
- Begin Scanning a Box App
- Begin Scanning a Cisco Webex Teams App
- Begin Scanning a Citrix ShareFile App
- Begin Scanning a Confluence App
- Begin Scanning a Confluence Data Center App
- Begin Scanning a Dropbox App
- Begin Scanning a GitHub App
- Begin Scanning a GitHub V2 App
- Begin Scanning a Gmail App
- Begin Scanning a Google Cloud Storage App
- Begin Scanning a Google Drive App
- Begin Scanning a Jira Cloud App
- Begin Scanning a Jira Data Center App
- Begin Scanning a Microsoft Azure Storage App
- Begin Scanning a Microsoft Exchange App
- Begin Scanning Microsoft Office 365 Apps
- Begin Scanning a Microsoft Teams App
- Begin Scanning a Salesforce App
- Begin Scanning a ServiceNow App
- Begin Scanning a Slack for Enterprise Grid App
- Begin Scanning a Slack Enterprise App
- Begin Scanning a Slack for Pro and Business App
- Begin Scanning a Workday App (Beta)
- Begin Scanning a Yammer App
- Begin Scanning a Zendesk App
- Begin Scanning a Zoom App
- Reauthenticate to a Cloud App
- Verify Permissions on Cloud Apps
- Start Scanning a Cloud App
- Stop Scanning a Cloud App
- Rescan a Managed Cloud App
- Delete Cloud Apps Managed by Data Security
- API Throttling
- Configure Classification Labels
-
-
-
- SaaS Security with Enterprise DLP
- Predefined Data Patterns on Data Security
- Proximity Keywords
- Confidence Levels
- Shared Data Profiles and Data Patterns
- Modify a Predefined Data Pattern
- Create a Custom Data Profile
- Add a File Property Data Pattern
- Create a Custom Data Pattern
- Use Exact Data Matching (EDM)
- Enable or Disable a Machine Learning Data Pattern
- Configure WildFire Analysis
- Configure Regular Expressions
- Enable or Disable a Data Pattern
- View and Filter Data Pattern Match Results
-
-
-
- What is an Incident?
- Assess New Incidents on Data Security
- View Asset Details
- Filter Incidents
- Security Controls Incident Details
- Track Down Threats with WildFire Report
- Track Down Threats with AutoFocus
- Customize the Incident Categories
- Close Incidents
- Download Assets for Incidents
- View Asset Snippets for Incidents
- Analyze Inherited Exposure
- Email Asset Owners
- Modify Incident Status
-
- What is a Data Violation?
- Assess New Data Violations on Data Security
- Configure Data Violation Alerts on Data Security
- Filter Data Violations on Data Security
- View Asset Snippets for Data Violations on Data Security
- View Data Violation Metrics on Data Security
- Modify Data Violation Status on Data Security
-
-
-
-
- What’s SaaS Security Inline?
- Navigate To SaaS Security Inline
- SaaS Visibility for NGFW
- SaaS Visibility and Controls for NGFW
- SaaS Visibility for Prisma Access
- SaaS Visibility and Controls for Panorama Managed Prisma Access
- SaaS Visibility and Controls for Cloud Managed Prisma Access
- Activate SaaS Security Inline for NGFW
- Activate SaaS Security Inline for VM-Series Firewalls with Software NGFW Credits
- Activate SaaS Security Inline for Prisma Access
- Connect SaaS Security Inline and Cortex Data Lake
- Integrate with Azure Active Directory
-
-
- SaaS Policy Rule Recommendations
- App-ID Cloud Engine
- Guidelines for SaaS Policy Rule Recommendations
- Predefined SaaS Policy Rule Recommendations
- Apply Predefined SaaS Policy Rule Recommendations
- Create SaaS Policy Rule Recommendations
- Delete SaaS Policy Rule Recommendations
- Enable SaaS Policy Rule Recommendations
- Modify Active SaaS Policy Rule Recommendations
- Monitor SaaS Policy Rule Recommendations
-
- Enable Automatic Updates for SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Import New SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Update Imported SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Remove Deleted SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Manage Enforcement of Rule Recommendations on NGFW
- Manage Enforcement of Rule Recommendations on Panorama Managed Prisma Access
- Change Risk Score for Discovered SaaS Apps
-
-
-
-
- Onboarding Overview for Supported SaaS Apps
- Onboard an Aha.io App to SSPM
- Onboard an Alteryx Designer Cloud App to SSPM
- Onboard an Aptible App to SSPM
- Onboard an ArcGIS App to SSPM
- Onboard an Articulate Global App to SSPM
- Onboard an Atlassian App to SSPM
- Onboard a BambooHR App to SSPM
- Onboard a Basecamp App to SSPM
- Onboard a Bitbucket App to SSPM
- Onboard a BlueJeans App to SSPM
- Onboard a Box App to SSPM
- Onboard a Bright Security App to SSPM
- Onboard a Celonis App to SSPM
- Onboard a Cisco Meraki App to SSPM
- Onboard a ClickUp App to SSPM
- Onboard a Confluence App to SSPM
- Onboard a Contentful App to SSPM
- Onboard a Convo App to SSPM
- Onboard a Couchbase App to SSPM
- Onboard a Coveo App to SSPM
- Onboard a Crowdin Enterprise App to SSPM
- Onboard a Customer.io App to SSPM
- Onboard a Databricks App to SSPM
- Onboard a Datadog App to SSPM
- Onboard a DocHub App to SSPM
- Onboard a DocuSign App to SSPM
- Onboard a Dropbox Business App to SSPM
- Onboard an Envoy App to SSPM
- Onboard an Expiration Reminder App to SSPM
- Onboard a Gainsight PX App to SSPM
- Onboard a GitHub Enterprise App to SSPM
- Onboard a GitLab App to SSPM
- Onboard a Google Analytics App to SSPM
- Onboard a Google Workspace App to SSPM
- Onboard a GoTo Meeting App to SSPM
- Onboard a Grammarly App to SSPM
- Onboard a Harness App to SSPM
- Onboard a Hellonext App to SSPM
- Onboard an IDrive App to SSPM
- Onboard an Intercom App to SSPM
- Onboard a Jira App to SSPM
- Onboard a Kanbanize App to SSPM
- Onboard a Kanban Tool App to SSPM
- Onboard a Kustomer App to SSPM
- Onboard a Lokalise App to SSPM
- Onboard a Microsoft Azure AD App to SSPM
- Onboard a Microsoft Exchange App to SSPM
- Onboard a Microsoft OneDrive App to SSPM
- Onboard a Microsoft Outlook App to SSPM
- Onboard a Microsoft Power BI App to SSPM
- Onboard a Microsoft SharePoint App to SSPM
- Onboard a Microsoft Teams App to SSPM
- Onboard a Miro App to SSPM
- Onboard a monday.com App to SSPM
- Onboard a MongoDB Atlas App to SSPM
- Onboard a MuleSoft App to SSPM
- Onboard a Mural App to SSPM
- Onboard an Office 365 App to SSPM
- Onboard Office 365 Productivity Apps to SSPM
- Onboard an Okta App to SSPM
- Onboard a PagerDuty App to SSPM
- Onboard a RingCentral App to SSPM
- Onboard a Salesforce App to SSPM
- Onboard an SAP Ariba App to SSPM
- Onboard a ServiceNow App to SSPM
- Onboard a Slack Enterprise App to SSPM
- Onboard a Snowflake App to SSPM
- Onboard a SparkPost App to SSPM
- Onboard a Tableau Cloud App to SSPM
- Onboard a Webex App to SSPM
- Onboard a Workday App to SSPM
- Onboard a Wrike App to SSPM
- Onboard a YouTrack App to SSPM
- Onboard a Zendesk App to SSPM
- Onboard a Zoom App to SSPM
- Onboarding an App Using Azure AD Credentials
- Onboarding an App Using Okta Credentials
- Delete SaaS Apps Managed by SSPM
Match Criteria for Asset Rules
Define the match criteria that an asset rule uses when
the service scans for matches.
Define the match criteria that an asset rule uses when
the service scans for matches.
We are in the process of
replacing SaaS Security DLP (Classic) with SaaS
Security DLP. During this process, use the topic that matches
your tenant. If you purchased SaaS Security with Enterprise
DLP Add‑on, opted in for a trial of SaaS
Security with Enterprise DLP Add‑on, or have a new tenant with SaaS
Security DLP, use Match Criteria for an Asset Rule; otherwise,
use Match Criteria for an Asset Rule—SaaS Security DLP (Classic).
Match Criteria for an Asset Rule—SaaS Security DLP (Classic)
When you Add a New Asset Rule or
you Modify
an Asset Rule, you define the match criteria that the asset
rule uses when
Data Security
scans for matches. The service
compares all of the information it discovers against the enabled
asset rules and identifies incidents and exposures in every asset
across all your monitored SaaS applications. Match criteria is critical
for successful discovery of risks in SaaS application usage across
your organization so, when you set the match criteria, you must
carefully consider the thresholds, types of information, and risks
associated with how assets are shared. Use match criteria to enforce
compliance with your corporate acceptable use policy.Match Criteria | Description |
---|---|
Account | Select the Cloud App and
the Project/Subscription in the storage Account to
include in the match results. |
Activity | Select the asset access and modification
activities within a selected time frame to match. For example, activities
can include Created , Not Accessed , Modified ,
and Not Modified for a specified time frame. |
Asset Name | Enter the Asset Name to
include or exclude in the match results. Select either Equals to
match the asset, or Does not Equal to exclude
the asset from matching. |
Cloud Apps | Select the managed applications to scan
and match. By default, all cloud apps you added to Data Security are scanned, but you can Rescan
a Managed Cloud App. |
Data Pattern | Select the available data patterns to match
including predefined or custom data patterns or a file property
you defined when you Create a Custom Data Pattern. Enter the
number of Occurrences required to display
a data pattern match. |
Exposure | Select the match conditions for how the
asset is shared (Public, External, Company, or Internal). The ideal exposure level that
you specify depends on the asset you’re want to protect. |
File Extension | Enter the File Extension to
include or exclude in the match results. Select either Equals to
match the asset file extension, or Does not Equal to
exclude the asset file extension from matching. |
File Owner’s Group | To enforce group-based policy using File
Owner’s Group , you must Connect Directory Services to Data Security.Select
either Equals , or Does not Equal and
the Azure Active Directory Group to which the file owner must belong.
You can also select Not Available if you
want to enforce an action for any users who are not identified either
because the email address is unavailable or because they belong
to an AD group that is not being scanned by Data Security . |
Owner | Enter the email address for
the asset Owner to Include or Exclude in
the match results. You can add one or more Directory groups |
File Hash | Files are scanned using WildFire
analysis to detect and protect against malicious portable executables
(PEs) and known threats based on file hash. Enter the Hash (SHA256)
details of the file to match. Select Equals (include
in matching), or Does not Equal (exclude
in matching). |
Trust State | When you Define
Untrusted Users and Domains or if you are matching on an
assets trust state, all assets shared with a user in the selected Trusted , Untrusted ,
or Anyone Not Trusted users list are detected
as a match. Specify the number of occurrences (such as Any , More
than , Fewer than , or Between with
whom a file must be shared to trigger a match. |
Match Criteria for an Asset Rule
When you add
a new asset rule or you modify
a policy rule, you define the match criteria that the asset
rule uses when
Data Security
scans for matches. The service
compares all of the information it discovers against the enabled
asset rules and identifies incidents and exposures in every asset
across all your monitored SaaS applications. Match criteria is critical
for successful discovery of risks in SaaS application usage across
your organization so, when you set the match criteria, you must
carefully consider the thresholds, types of information, and risks
associated with how assets are shared. Use match criteria to enforce
compliance with your corporate acceptable use policy.Match Criteria | Description |
---|---|
Activity | Select the asset access and modification
activities within a selected time frame to match. For example, activities
can include Accessed , Not Accessed , Modified ,
and Not Modified . Time frames include in the
past week , in the past month ,
and in the past 6 months . |
Asset Name | Enter the Asset Name to include
or exclude in the match results. Select either Equals to
match the asset, or Does not Equal to exclude
the asset from matching. |
Cloud Apps | Select the managed applications to scan
and match. By default, all cloud apps you added to Data Security are scanned, but you can Rescan
a Managed Cloud App. |
Data Pattern | Select the available data patterns to match, including
predefined or custom data patterns or a file property you defined
when you Create a Custom Data Pattern. Specify your
include or exclude logic. Enter the number of Occurrences and Confidence (Confidence Level)
required to display a data pattern match. |
Data Profiles | Select the available data profiles to match
when you Create a Custom Data Profile. |
Exposure | Select the match conditions for how the
asset is shared (Public, External, Company, or Internal). |
File Extension | Enter the File Extension to
include or exclude in the match results. Select either Equals to
match the asset file extension, or Does not Equal to exclude
the asset file extension from matching. |
File Owner’s Group | To enforce group-based policy using File
Owner’s Group , you must Connect Directory Services to Data Security.Select
either Equals , or Does not Equal and
the Azure Active Directory Group to which the file owner must belong.
You can also select Not Available if you
want to enforce an action for any users who are not identified either
because the email address is unavailable or because they belong
to an AD group that is not being scanned by Data Security . |
Owner | Enter the email address for
the asset Owner to Include or Exclude in
the match results. You can add one or more Directory groups |
File Hash | Files are scanned using WildFire
analysis to detect and protect against malicious portable executables
(PEs) and known threats based on file hash. Enter the Hash (SHA256)
details of the file to match. Select Equals (include in
matching), or Does not Equal (exclude in
matching). |
Trust State | When you Define
Untrusted Users and Domains or if you are matching on an
assets trust state, all assets shared with a user in the selected Trusted , Untrusted ,
or Anyone Not Trusted users list are detected
as a match. Specify the number of occurrences (such as Any , More
than , Fewer than , or Between with
whom a file must be shared to trigger a match. |
Account | Select the Cloud App and the Project/Subscription in
the storage Account to include in the match
results. |