Add a New User Activity Rule
To add a new user activity rule:
- Add a new rule.
- Select.PolicyUser Activity RulesNew Rule
- Define the basic settings.
- Enter aNamefor the rule.
- (Optional)Enter aDescriptionfor the rule.
- Specify aSeverityfor the rule ranging from 1 to 5, with 5 representing the highest risk type of incident.
- Specify theItems to Detect.
- Select one of the following:
- Users—Applies the policy rule to users.
- Assets (such as files or folders)—Applies the policy rule to assets.
- (Optional)Manage Exceptionsfor the rule. Enter the users or assets you want to exclude from the rule. For example, you might want to exclude Prisma SaaS administrators from user activity monitoring.
- Specify the match criteria for the activity.
- Verify that an action is enabled.Choices include:
- Log Only(default)—Log the policy violation.
- Send admin alert—For policy violations that require immediate action, send an email alert. Prisma SaaS can send up to five emails per hour on matches against each policy rule.
- Verify that the policy rule is enabled.InBasics, verify that theStatusisEnabled. A rule can be in the enabled or disabled state. After you add a new rule, you must enable the rule.
- Save your new policy rule.Saveyour changes.Prisma SaaS starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start View Policy Violations for User Activity.
Configure Prisma SaaS User Activity Rules
Configure Prisma SaaS User Activity Rules In addition to data patterns, you can add user activity rules for comprehensive coverage. For example, you can create ...
View Policy Violations for User Activity
View Policy Violations for User Activity Prisma SaaS starts scanning files and matching them against enabled policy rules as soon as you save a new ...
Add a New Asset Rule
Add a New Asset Rule To add a new rule for scanning assets (content) stored on your sanctioned SaaS applications: Select Policy Asset Rules Add ...
Begin Scanning a Cisco Webex Teams App (Beta)
Use these steps to connect your Cisco Webex Teams application to Prisma SaaS. ...
Begin Scanning Microsoft Office 365 Apps
Learn how to connect Microsoft Office 365 apps to Prisma SaaS to begin scanning for security violations. ...
Begin Scanning a Box App
Use these steps to connect the Box application to Prisma SaaS to begin scanning assets for policy violations. ...
Begin Scanning a Gmail App
Begin Scanning a Gmail App To begin scanning a Gmail app: Enable the privileges required for communication between Prisma SaaS and the Gmail app. To ...
Begin Scanning a Microsoft Exchange App
Use Prisma SaaS to scan and identify incidents found when scanning assets and email attachments in your MS Exchange app. ...
Modify a Policy Rule
Modify a Policy Rule When you modify a policy rule, Prisma SaaS scans all content against the newly defined criteria to assess incidents. Click Policy ...