: Add a New User Activity Rule
Focus
Focus

Add a New User Activity Rule

Table of Contents

Add a New User Activity Rule

Learn how to create a new user activity rule to monitor user and administrator activity.
User activity rules enable
activity logging
and
activity alerting
, depending on the user activity support for the specific SaaS app. You can track user activities that compromise your organization. You can create a rule that sends email alerts or creates an activity monitoring log entry when a user downloads a large number of reports, or when a user tries to access a SaaS application from a malicious IP address. There are numerous other examples that warrant activity monitoring.
  1. To add a new rule, go to
    Data Security
    Policies
    User Activity Policies
    Add Policy
    .
  2. Define the basic settings.
    1. Enter a
      Name
      for the rule.
    2. (
      Optional
      ) Enter a
      Description
      for the rule.
    3. Specify a
      Severity
      for the rule ranging from 1 to 5, with 5 representing the highest risk type of incident.
  3. Specify the
    Items to Detect
    .
    1. Select one of the following:
      • Users
        —Applies the policy rule to users.
      • Assets
        —Applies the policy rule to assets such as files or folders.
    2. (
      Optional
      )
      Manage Exceptions
      for the rule. Enter the users or assets you want to exclude from the rule. For example, you might want to exclude
      Data Security
      administrators from user activity monitoring.
  4. Specify the match criteria for the activity.
  5. Specify the
    Action
    that you want
    Data Security
    to take:
    • Log Only
      (default)—For
      activity logging
      purposes, log the policy violation.
    • Send admin alert
      —For
      activity alerting
      purposes, send an email for policy violations that require immediate action by one or more administrators.
      Data Security
      can send up to five emails per hour on matches against each policy rule.
  6. Verify that the policy rule is enabled.
    In
    Basics
    , verify that the
    Status
    is
    Enabled
    . A rule can be in the enabled or disabled state. After you add a new rule, you must enable the rule.
  7. Save your new policy rule.
    Save
    your changes.
    Data Security
    starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start View Policy Violations for User Activity.

Recommended For You