Add a New Asset Rule
Learn how to create a new asset rule.
SaaS Security API enables you to add new rules for scanning assets (content) stored on your sanctioned SaaS applications. For example, you can create a rule that triggers an alert based on match criteria such a given exposure level (for example, an asset is publicly accessible) needed to protect a specific asset. An exclamation point for your cloud app denotes no active rules.
When you create a new asset rule, you have the option to automatically remediate incidents that violate that rule. Automatic remediation is a powerful tool and can modify a large number of assets in a short amount of time: before you include these remediation actions in additional rules, perform a test using one rule and a small set of assets.
- Select.PolicyAsset RulesAdd New Rule
- Enter aRule Nameand an optionalDescription.
- Select a
- Verify that theStatusisEnabled.
- Create Incident—Do one of the following:
- Disable to add the violation in the Remediation Email Digest and display the violation daily until the asset owner remediates the violation. Repeating the same violation in an email digest might cause user fatigue, resulting in asset owners ignoring daily email digests. However, if you know that administrators do not have time to remediate issues, an alternative is to repeatedly ask asset owners to remediate issues themselves.
- Quarantine—Automatically move the compromised asset to a quarantine folder.
- Notify File Owner—Include in the email digest actions (Recommended Action) asset owners can take to remediate policy violations (Issue).Issueis an in-line link that takes asset owners to the file or folder that needs remediation. From there, asset owners can change share settings within the cloud app.Best practice is for you to provide text in these fields and provide detailed explanations and instructions via internal links in the email digest body as outlined in Remediation Email Digest.
- (Designated Apps Only)Notify via Bot—Uses a machine account that you created to send a direct message to the asset owner who triggered the policy match. Only designated SaaS apps support this capability.
- Include Remediation Email Digest—When you eitherQuarantineorChange Sharingfor an asset, includeinthe email digest actions taken along with the specific policy violation (Issue).
- Send Administrator Alert—Temporarily choose an administrator who has context to triage the policy violations and address the potential risk. By default any incidents generated by this asset rule are not assigned to an administrator. As a best practice, after you uncover specific issues that are high-compliance risks on your network, modify the rule or add a new rule that triggers automatic remediation instead of sending alerts. If you Connect Directory Services to SaaS Security API, the SaaS Security web interface displaysAssign to.
- Use for compliance issues for which administrators need to take immediate action, such as policy rules that identify high-risk or sensitive assets.
- Consider your administrators’ areas of expertise and triage accordingly to minimize overloading any one administrator. SaaS Security API sends up to five emails per hour on matches against each Cloud app instance.
- Enable alerts only after SaaS Security API completes the initial discovery scan so that administrators are not inundated with emails when historical assets are scanned.
Recommended For You
Recommended videos not found.