documents are identified as a policy rule violation only if the
exposure level is violated. For example, you can configure a policy
rule to trigger a an alert for a sensitive document that has a Public
or External exposure. To specify the exposure level for which to
flag a sensitive document as an incident:
for the new asset
Automatic remediation is a powerful
tool and can modify a large number of assets in a short amount of
time. Make sure you perform a test run first (using one policy rule
and a small set of assets) before including these actions on additional
a specific administrator
who has context to triage the incident and address the potential
risk. Then, after you uncover specific issues that are high-compliance
risks on your network, you can modify the rule or add a new rule
that triggers Automatic Remediation:
—Automatically moves the
compromised asset to a quarantine folder.
—Automatically removes links that allow the asset
to be publicly-accessed.
Notify File Owner
an email digest to the asset owner that describes actions they can
take to fix the issue.
Notify via Bot
for Cisco Webex Teams) Uses a machine account that you created to
send a direct message to the asset owner who triggered the policy
Send Administrator Alert
for compliance issues for which you need to take immediate action,
such as policy rules that are high-risk or sensitive. Prisma SaaS
can send up to five emails per hour on matches against each Cloud
Enable email alerts only after
Prisma SaaS completes the initial discovery scan so that you are
not inundated with emails when historical assets are scanned.