Add a New Security Control Rule

To add a new security control rule:
  1. Add a new rule.
    1. Select
      Policy
      Security Control Rules
      New Rule
      .
  2. Define the basic settings.
    1. Enter a
      Name
      for the rule.
    2. (
      Optional
      ) Enter a
      Description
      for the rule.
    3. Specify the
      Severity
      for the rule. Severity ranges from 1 to 5, with 5 representing the highest risk.
    4. Enable or disable the
      Status
      .
    5. Select a
      Setting Type
      ,
      Cloud apps
      , if applicable, and the
      Setting Options
      .
      Setting Type
      Setting Options
      Administrative Access of End Users Inbox
      Enter the
      Admin Emails to Exclude
      , and
      End User Emails to Exclude
      .
      Email Forwarding Rule
      List the
      Risky Domain
      ,
      Email Addresses of Users to Exclude
      , and
      Rule Names to Exclude
      .
      Email Public Folder
      Enter the
      Folder Names
      and
      Email Addresses of the Folder Owners to Exclude
      .
      Email Retention
      Enter the
      Email Addresses of the Users to Exclude
      .
      Inbound Accessible Services
      Enter the
      Source IP Address
      ,
      Service to Exclude
      ,
      Security Groups to Exclude
      ,
      VPCs to Exclude
      and
      ELBs to Exclude
      .
      Key Rotation
      Select a time frame in
      Keys not rotated within
      , list the
      Keys to Exclude from Key Rotation Check
      , and
      Roles to Exclude from Key Rotation Check
      .
      Multi-Factor Authentication (MFA)
      List the
      Exclude MFA Check User
      , and
      Exclude MFA Check for User with Role
      .
      Non-Standard Amazon Web Services EC2 Appliance (AMI)
      List the
      Exclude AMIs
      .
      Outbound Accessible Services
      List the
      Destination IP Address
      ,
      Service to Exclude
      ,
      Security Groups to Exclude
      ,
      Virtual Private Cloud (VPC) to Exclude
      and
      Elastic Load Balancing (ELB) to Exclude
      .
      Password Policy
      Flag if password does not follow password policy rules.
      Unencrypted Storage
      List the
      Exclude Volumes
      ,
      Exclude Volumes attached to EC2
      , and
      Exclude Volumes in VPC
      .
      Actions
      Allows you to specify whether Prisma SaaS should trigger one of the following actions to automatically remediate incidents or log the event as a risk.
      • Send Admin Alert
      • Log Only
      Setting Options with
      Exclude
      are
      Optional
      .
    6. Save
      your new security control rule.
  3. Verify the Security Control rule is enabled.
    After saving, the rule will be listed on the
    Security Control Rules
    under
    Enabled
    or
    Disabled
    . Prisma SaaS starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start to View Policy Violations for Security Controls.

Related Documentation