SaaS Security Administrator's Guide
    : Building Blocks in Data Asset Policies
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Manage Policy for Sanctioned SaaS Apps
    6. Policy Types on Data Security
    7. Data Asset Policies
    8. Building Blocks in Data Asset Policies
    Download PDF

    SaaS Security Administrator's Guide

    Building Blocks in Data Asset Policies

    Table of Contents

    Building Blocks in Data Asset Policies

    Learn about the building blocks available to create data asset policies on
    Data Security
    .
    A data asset (or content) policy has the following information:
    Field
    Description
    Data Asset Policy Name
    A name for the data asset policy.
    Description
    A description that explains the purpose of the policy.
    Severity
    Specify a value to indicate the impact of the issue. The value can range from 1 to 5, with 5 representing the highest severity.
    Status
    A policy can be in the enabled or disabled state. The predefined data patterns provided by
    Data Security
     are disabled by default.
    After you Configure Data Patterns, you must enable the pattern.
    Match Criteria
    Specifies what the policy scans for and the number of occurrences or frequency required to trigger an alert. See Match Criteria for Data Asset Policies for details about each policy type.
    When you change the match criteria settings, you automatically trigger a rescan of all assets for the corresponding SaaS application.
    Data Security
     uses the updated settings in the policy configuration to rescan assets and identify incidents.
    Actions
    • Basic Actions
      • Log as an incident only
        —Automatically changes incident status to
        Open
         and the incident category to
        New
         so the administrator can Assess Incidents.
      • Send Admin Alert and log as an incident
        —Select send admin alert for compliance issues that need immediate action, such as policies that are high risk or sensitive. Sends an email digest to the asset administrator that describes actions they can take to fix the issue.
    • Autoremediate Actions
      • Quarantine
        —Automatically moves the compromised asset to a quarantine folder. For
        User Quarantine
        , you can send the asset to a quarantine folder in the owner’s root directory for the associated cloud app. For
        Admin Quarantine
        , you can send the asset to a special Admin quarantine folder which only an Admin can access. When the asset is quarantined, you can send the asset owner an email that describes the actions that were taken.
      • Change Sharing
        —Automatically removes removes public links or external collaborators.
      • Notify File Owner
         —Sends an email digest to the asset owner that describes actions they can take to fix the issue.
      • Notify via Bot
        — Sends a message using the Cisco Webex bot that you configured in Begin Scanning a Cisco Webex Teams App.
    View which autoremediate options are supported for each sanctioned SaaS application.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.