Configure Prisma SaaS Security Control Rules

Prisma SaaS Security Control Rules allow you to define and enforce policy rules for monitoring settings and activities so you can automatically detect and remediate risks around data exfiltration, exposure, or risky user behavior. For example, you can create a policy that sends an email alert or creates a log entry when a user forwards a corporate email to a personal email address or when a security key pair rotation does not follow defined policies. Security Control Rules include a robust set of match criteria that allow you to precisely define which settings and activities to track.
security-control-rules.png
Prisma SaaS supports the following types of security controls:
Security Control Setting Type
Action
Administrative Access of End Users Inbox
Identifies administrators who have access to an end users inbox. The
Admin Email
lists the email address of the administrator and the
User Email
lists the email address of the user whose inbox can be accessed by the administrator.
Email Forwarding Rule
Identifies Corporate emails that are forwarded to personal email domains.
Rule Name
identifies the email forwarded and the email address is listed in
Forwarded Email Address
.
Email Public Folder
Identifies exposed public folders that users can access within the Enterprise, and
Folder Name
and
Folder Owner
to exclude.
Email Retention
Identifies user-generated email retention settings that vary from the Corporate Administrator policy settings.
Inbound Accessible Services
Identifies Inbound Security Groups that have access to specific services and ports that are scanned in AWS.
Key Rotation
Sends an alert for keys that have not been rotated within a specific time frame such as one week, one month, three months, or one year.
Multi-Factor Authentication
Identifies users and sends an alert when they log in to the SaaS application without multi-factor authentication.
Non-Standard Amazon Web Services EC2 Appliance (AMI)
Identifies AMIs that are not trusted by the organization and sends an alert on non-standard AMIs.
Outbound Accessible Services
Identifies Outbound Security Groups that have access to specific services and ports that are scanned in Amazon Web Services.
Password Policy
Checks the password (such as complexity, reuse, or expiration) against the password policy and sends an alert when there is a discrepancy.
Unencrypted Storage
Identifies and alerts on Elastic Block Storage
(EBS) storage volumes that are not encrypted.

Related Documentation