SaaS Security Administrator's Guide
    : Add a New Security Control Policy
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Manage Policy for Sanctioned SaaS Apps
    6. Policy Types on Data Security
    7. Security Control Policies
    8. Add a New Security Control Policy
    Download PDF

    SaaS Security Administrator's Guide

    Add a New Security Control Policy

    Table of Contents

    Add a New Security Control Policy

    Learn how to enable security control policies on Data Security.
    Add a new security control policies to monitor activities. For example, you can create a policy that sends an email alert or creates a log entry when a user forwards a corporate email to a personal email address. Security control policies include a robust set of match criteria that enable you to precisely define which settings and activities to track.
    1. To add a new policy, go to Data SecurityPoliciesSecurity Control PoliciesAdd Policy.
    2. Define the basic settings.
      1. Enter a Policy Name for the policy.
      2. (Optional) Enter a Description for the policy.
      3. Specify the Severity for the policy. Severity ranges from Very Low, Low, Medium, High, and Critical.
      4. Enable or disable the Status.
      5. Under Security Control Criteria, by default the Application Type is Email Applications.
      6. Select your Sanctioned Applications from the drop-down list.
      7. Select one of the following from the Setting Type.
        SaaS Security web interface dynamically displays the cloud apps that support the setting you select.
        Setting Type
        Description
        Administrative Access
        Identifies administrators who have access to an end users inbox. The Admin Email lists the email address of the administrator and the User Email lists the email address of the user whose inbox can be accessed by the administrator.
        Email Forwarding Rule
        Identifies Corporate emails that are forwarded to personal email domains. Rule Name identifies the email forwarded and the email address is listed in Forwarded Email Address. Add a comma-separated list of domains to consider as risky in Risky Domains.
        Email Public Folder
        Identifies exposed public folders that users can access within the Enterprise, and Folder Name and Folder Owner to exclude.
        Email Retention
        Identifies user-generated email retention settings that vary from the Corporate Administrator policy settings.
        Setting Options with Exclude are Optional.
      8. The ADVANCED OPTIONS (OPTIONAL) for the above setting types are as follows:
        • Administrative Access
          • Excluded Administrator Email Addresses: Add a comma-separated list of administrators that should not be flagged as risky
          • Excluded End-User Email Addresses: Add a comma-separated list of end-users that should not be flagged as risky
        • Email Forwarding Rule
          • Excluded Users: Add a comma-separated list of user email addresses to exclude from this rule
          • Excluded Rules for Exchange only
        • Email Public Folder
          • Excluded Folders: Add a comma-separated list of folder names to exclude from this rule
          • Excluded Folder Owners: Add a comma-separated list of folder owner email addresses to exclude from this rule
        • Email Retention
          • Excluded Users: Add a comma-separated list of user email addresses to exclude from this rule
      9. Under Actions, choose either Send Administrator Alert or Log only.
      10. Create your new security control policy.
    3. Verify the Security Control policy is enabled.
      After saving, the policy is listed on the Security Control Policy under Enabled or Disabled. Data Security starts scanning files against the policy as soon as you save the changes. After the scan starts, you can start to View Policy Violations for Security Controls.

    © 2024 Palo Alto Networks, Inc. All rights reserved.