Add a New User Activity Rule

Learn how to create a new user activity rule to monitor user and administrator activity.
User activity rules enable
activity logging
activity alerting
. You can track user activities that compromise your organization. You can create a rule that sends email alerts or creates an activity monitoring log entry when a user downloads a large number of reports, or when a user tries to access a SaaS application from a malicious IP address. There are numerous other examples that warrant activity monitoring.
  1. Add a new rule.
    1. Select
      User Activity Rules
      New Rule
  2. Define the basic settings.
    1. Enter a
      for the rule.
    2. (
      ) Enter a
      for the rule.
    3. Specify a
      for the rule ranging from 1 to 5, with 5 representing the highest risk type of incident.
  3. Specify the
    Items to Detect
    1. Select one of the following:
      • Users
        —Applies the policy rule to users.
      • Assets
        —Applies the policy rule to assets such as files or folders.
    2. (
      Manage Exceptions
      for the rule. Enter the users or assets you want to exclude from the rule. For example, you might want to exclude SaaS Security API administrators from user activity monitoring.
  4. Specify the match criteria for the activity.
  5. Verify that an action is enabled.
    Choices include:
    • Log Only
      activity logging
      purposes, log the policy violation.
    • Send admin alert
      activity alerting
      purposes, send an email for policy violations that require immediate action. SaaS Security API can send up to five emails per hour on matches against each policy rule.
  6. Verify that the policy rule is enabled.
    , verify that the
    . A rule can be in the enabled or disabled state. After you add a new rule, you must enable the rule.
  7. Save your new policy rule.
    your changes.
    SaaS Security API starts scanning files against the policy rule as soon as you save the changes. After the scan starts, you can start View Policy Violations for User Activity.

Recommended For You