User activity rules enable you to track user
activities that compromise your organization. For example, you can
create a rule that sends an email alert or creates an activity monitoring
log entry when a user downloads a large number of reports,
or when a user tries to access an SaaS application from a malicious
IP address. For additional examples, refer to Examples of User Activity Rules.
Add a new rule.
User Activity Rules
Define the basic settings.
rule ranging from 1 to 5, with 5 representing the highest risk type
Items to Detect
Select one of the following:
—Applies the policy
rule to users.
Assets (such as files or folders)
policy rule to assets.
the rule. Enter the users or assets you want to exclude from the rule.
For example, you might want to exclude Prisma SaaS administrators
from user activity monitoring.