Configure Prisma SaaS Security Control Rules
Prisma SaaS Security Control Rules allow you to define and enforce policy rules for monitoring settings and activities so you can automatically detect and remediate risks around data exfiltration, exposure, or risky user behavior. For example, you can create a policy that sends an email alert or creates a log entry when a user forwards a corporate email to a personal email address or when a security key pair rotation does not follow defined policies. Security Control Rules include a robust set of match criteria that allow you to precisely define which settings and activities to track.
Prisma SaaS supports the following types of security controls:
Security Control Setting Type
Administrative Access of End Users Inbox
Identifies administrators who have access to an end users inbox. The
Admin Emaillists the email address of the administrator and the
User Emaillists the email address of the user whose inbox can be accessed by the administrator.
Email Forwarding Rule
Identifies Corporate emails that are forwarded to personal email domains.
Rule Nameidentifies the email forwarded and the email address is listed in
Forwarded Email Address.
Email Public Folder
Identifies exposed public folders that users can access within the Enterprise, and
Folder Ownerto exclude.
Identifies user-generated email retention settings that vary from the Corporate Administrator policy settings.
Inbound Accessible Services
Identifies Inbound Security Groups that have access to specific services and ports that are scanned in AWS.
Sends an alert for keys that have not been rotated within a specific time frame such as one week, one month, three months, or one year.
Identifies users and sends an alert when they log in to the SaaS application without multi-factor authentication.
Non-Standard Amazon Web Services EC2 Appliance (AMI)
Identifies AMIs that are not trusted by the organization and sends an alert on non-standard AMIs.
Outbound Accessible Services
Identifies Outbound Security Groups that have access to specific services and ports that are scanned in Amazon Web Services.
Checks the password (such as complexity, reuse, or expiration) against the password policy and sends an alert when there is a discrepancy.
Identifies and alerts on Elastic Block Storage
(EBS) storage volumes that are not encrypted.
Add a New Security Control Rule
Add a New Security Control Rule To add a new security control rule: Add a new rule. Select Policy Security Control Rules New Rule . ...
What is an Incident?
Prisma SaaS identifies and sets the state and category for each incident discovered during the scanning of your assets. ...
Security Controls Incident Details
Use Security Controls incident details to investigate why Prisma SaaS created an incident for a security control policy violation. ...
Prisma SaaS focuses on Content Security, User Activity Monitoring, Security Configuration Controls and Third-Party App Integrations. ...
Begin Scanning a Cisco Webex Teams App (Beta)
Use these steps to connect your Cisco Webex Teams application to Prisma SaaS. ...
Generate the SaaS Risk Assessment Report
Generate the SaaS Risk Assessment Report Use the SaaS Risk Assessment Report to proactively identify problems with how assets are stored and shared across all ...
Change Sharing SaaS applications make it easy for users to collaborate and share information in the cloud. However, tracking and controlling the different types of ...
Supported SaaS Applications
Prisma SaaS provides a consistent security policy for your applications to detect data exfiltration and malware propagation. ...
Learn about the automatic remediation options available when an incident is discovered by Prisma SaaS. ...