Add a New Security Control Rule

Learn how to enable security control rules on Prisma SaaS.
Add a new security control rule to monitor activities. For example, you can create a policy that sends an email alert or creates a log entry when a user forwards a corporate email to a personal email address. Security control rules include a robust set of match criteria that enable you to precisely define which settings and activities to track.
  1. Add a new rule.
    1. Select
      Policy
      Security Control Rules
      New Rule
      .
  2. Define the basic settings.
    1. Enter a
      Name
      for the rule.
    2. (
      Optional
      ) Enter a
      Description
      for the rule.
    3. Specify the
      Severity
      for the rule. Severity ranges from 1 to 5, with 5 representing the highest risk.
    4. Enable or disable the
      Status
      .
    5. Select a
      Setting Type
      ,
      Cloud apps
      , if applicable, and the
      Setting Options
      .
      Setting Type
      Setting Options
      Administrative Access of End Users Inbox
      Enter the
      Admin Emails to Exclude
      , and
      End User Emails to Exclude
      .
      Email Forwarding Rule
      List the
      Risky Domain
      ,
      Email Addresses of Users to Exclude
      , and
      Rule Names to Exclude
      .
      Email Public Folder
      Enter the
      Folder Names
      and
      Email Addresses of the Folder Owners to Exclude
      .
      Email Retention
      Enter the
      Email Addresses of the Users to Exclude
      .
      Actions
      Allows you to specify whether Prisma SaaS should trigger one of the following actions to automatically remediate incidents or log the event as a risk.
      • Send Admin Alert
      • Log Only
      Setting Options with
      Exclude
      are
      Optional
      .
    6. Save
      your new security control rule.
  3. Verify the Security Control rule is enabled.
    After saving, the rule will be listed on the
    Security Control Rules
    under
    Enabled
    or
    Disabled
    . Prisma SaaS starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start to View Policy Violations for Security Controls.

Recommended For You