Add a New Security Control Rule

Learn how to enable security control rules on SaaS Security API.
Add a new security control rule to monitor activities. For example, you can create a policy that sends an email alert or creates a log entry when a user forwards a corporate email to a personal email address. Security control rules include a robust set of match criteria that enable you to precisely define which settings and activities to track.
  1. Add a new rule.
    1. Select
      Policy
      Security Control Rules
      +New Rule
      .
  2. Define the basic settings.
    1. Enter a
      Name
      for the rule.
    2. (
      Optional
      ) Enter a
      Description
      for the rule.
    3. Specify the
      Severity
      for the rule. Severity ranges from 1 to 5, with 5 representing the highest risk.
    4. Enable or disable the
      Status
      .
    5. Select a
      Setting Type
      .
      SaaS Security web interface dynamically displays the cloud apps that support the setting you select.
      Setting Type
      Setting Options
      Administrative Access
      Identifies administrators who have access to a user's Inbox.
      Email Forwarding Rule
      Identifies email forwarding rules that users have configured in their respective Inbox.
      Email Public Folder
      Identifies the email public folders that users within the enterprise can access.
      Email Retention
      Identifies users who updated their own email retention policies and are no longer using the company default settings.
      Encryption
      Identifies if resources within the IaaS environment are encrypted and how they are encrypted.
      Inbound Accessible Services
      Checks for AWS services that can be accessed from outside. The rules of a security group control the inbound traffic that's allowed to reach the instances that are associated with the security group.
      Keys
      Checks the security posture of a key including key rotation, whether the key is customer managed or not and automated generation of keys.
      Multi-factor authentication (MFA)
      Identifies users who can login to the SaaS application without Multi-factor Authentication (MFA).
      Non‑standard AMIs
      Identifies AMIs that are not trusted by the organization.
      Outbound Accessible Services
      Checks for services that can exit AWS. The rules of a security group control the outbound traffic that's allowed to exit the instances that are associated with the security group.
      Actions
      Indicates whether SaaS Security API logs the incident as a risk or sends the administrator a notification of the incident.
      Setting Options with
      Exclude
      are
      Optional
      .
    6. Select
      Cloud apps
      and, if applicable, the
      Setting Options
      .
    7. Save
      your new security control rule.
  3. Verify the Security Control rule is enabled.
    After saving, the rule will be listed on the
    Security Control Rules
    under
    Enabled
    or
    Disabled
    . SaaS Security API starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start to View Policy Violations for Security Controls.

Recommended For You