Match Criteria for Asset Rules
When you Add a New Asset Rule or you Modify an Asset Rule, you define the match criteria that the asset rule uses when scanning for matches. Prisma SaaS compares all of the information it discovers against the enabled asset rules and identifies incidents and exposures in every asset across all your monitored SaaS applications. Match criteria is critical for successful discovery of risks in SaaS application usage across your organization so, when you set the match criteria, you must carefully consider the thresholds, types of information, and risks associated with how assets are shared. Use match criteria to enforce compliance with your corporate acceptable use policy.
Select the asset access and modification activities within a selected time frame to match. For example, activities can include
Not Modified. Time frames include
in the past week,
in the past month, and
in the past 6 months.
Asset Nameto include or exclude in the match results. Select either
Equalsto match the asset, or
Does not Equalto exclude the asset from matching.
Select the available data patterns to match including predefined or custom data patterns or a file property you defined when you Configure Data Patterns. Enter the number of
Occurrencesrequired to display a data pattern match.
Select the match conditions for how the asset is shared (Public, External, Company, or Internal).
File Extensionto include or exclude in the match results. Select either
Equalsto match the asset file extension, or
Does not Equalto exclude the asset file extension from matching.
File Owner’s Group
To enforce group-based policy using
File Owner’s Group, you must Connect Prisma SaaS to Directory Services (Beta).
Does not Equaland the Azure Active Directory Group to which the file owner must belong. You can also select
Not Availableif you want to enforce an action for any users who are not identified either because the email address is unavailable or because they belong to an AD group that is not being scanned by Prisma SaaS.
Enter the email address for the asset
Excludein the match results. You can add one or more Directory groups
Files are scanned using WildFire analysis to detect and protect against malicious portable executables (PEs) and known threats based on file hash. Enter the
Hash(SHA256) details of the file to match. Select
Equals(include in matching), or
Does not Equal(exclude in matching).
When you Define Untrusted Users and Domains or if you are matching on an assets trust state, all assets shared with a user in the selected
Anyone Not Trustedusers list are detected as a match. Specify the number of occurrences (such as
Fewer than, or
Betweenwith whom a file must be shared to trigger a match.
Cloud Appand the
Project/Subscriptionin the storage
Accountto include in the match results.
Begin Scanning a Box App
Use these steps to connect the Box application to Prisma SaaS to begin scanning assets for policy violations. ...
Begin Scanning Microsoft Office 365 Apps
Learn how to connect Microsoft Office 365 apps to Prisma SaaS to begin scanning for security violations. ...
Building Blocks in Asset Rules
Building Blocks in Asset Rules An asset (or content) rule has the following information: Field Description Rule Name A name for the policy rule. Description ...
Connect Prisma SaaS to Directory Services (Beta)
Retrieve user group membership information by connecting your directory service to Prisma SaaS. ...
Add a New Asset Rule
Add a New Asset Rule To add a new rule for scanning assets (content) stored on your sanctioned SaaS applications: Select Policy Asset Rules Add ...
Begin Scanning a Gmail App
Begin Scanning a Gmail App To begin scanning a Gmail app: Enable the privileges required for communication between Prisma SaaS and the Gmail app. To ...
Configure Prisma SaaS Asset Rules
Configure Prisma SaaS Asset Rules In addition to the predefined data patterns and asset rules already configured on Prisma SaaS, you can add your own ...
Begin Scanning a Microsoft Exchange App
Use Prisma SaaS to scan and identify incidents found when scanning assets and email attachments in your MS Exchange app. ...
Begin Scanning Dropbox or Yammer
Steps to connect your Dropbox or Yammer application to Prisma SaaS. ...