: Building Blocks in Data Asset Policies
Focus
Focus

Building Blocks in Data Asset Policies

Table of Contents

Building Blocks in Data Asset Policies

Learn about the building blocks available to create data asset policies on Data Security.
A data asset (or content) policy has the following information:
Field
Description
Data Asset Policy Name
A name for the data asset policy.
Description
A description that explains the purpose of the policy.
Severity
Specify a value to indicate the impact of the issue. The value can range from 1 to 5, with 5 representing the highest severity.
Status
A policy can be in the enabled or disabled state. The predefined data patterns provided by Data Security are disabled by default.
After you Configure Data Patterns, you must enable the pattern.
Match Criteria
Specifies what the policy scans for and the number of occurrences or frequency required to trigger an alert. See Match Criteria for Data Asset Policies for details about each policy type.
When you change the match criteria settings, you automatically trigger a rescan of all assets for the corresponding SaaS application. Data Security uses the updated settings in the policy configuration to rescan assets and identify incidents.
Actions
  • Basic Actions
    • Log as an incident only—Automatically changes incident status to Open and the incident category to New so the administrator can Assess Incidents.
    • Send Admin Alert and log as an incident—Select send admin alert for compliance issues that need immediate action, such as policies that are high risk or sensitive. Sends an email digest to the asset administrator that describes actions they can take to fix the issue.
  • Autoremediate Actions
    • Quarantine—Automatically moves the compromised asset to a quarantine folder. For User Quarantine, you can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app. For Admin Quarantine, you can send the asset to a special Admin quarantine folder which only an Admin can access. When the asset is quarantined, you can send the asset owner an email that describes the actions that were taken.
    • Change Sharing—Automatically removes removes public links or external collaborators.
    • Notify File Owner —Sends an email digest to the asset owner that describes actions they can take to fix the issue.
    • Notify via Bot— Sends a message using the Cisco Webex bot that you configured in Begin Scanning a Cisco Webex Teams App.
View which autoremediate options are supported for each sanctioned SaaS application.