User activity rules enable you to track user
activities that compromise your organization. For example, you can
create a rule that sends an email alert or creates a log entry when
a user downloads a large number of reports, or when a user tries
to access an SaaS application from a malicious IP address. For additional
examples, refer to Examples of User Activity Rules.
Add a new rule.
User Activity Rules
Define the basic settings.
rule ranging from 1 to 5, with 5 representing the highest risk type
Items to Detect
Select one of the following:
—Applies the policy rule
Assets (such as files or folders)
the policy rule to assets.
the rule. Enter the users or assets you want to exclude from the
rule. For example, you might want to exclude Prisma SaaS administrators
from user activity monitoring.