Match Criteria for User Activity Rules
Learn about the match criteria available for user activity
rules on SaaS Security API.
When you create a user activity
rule, you need to specify match criteria. The following table
lists the match criteria for user activity rules on SaaS Security
API.
Match Criteria | Description |
---|---|
Activity | List of activities to monitor. For example,
activities can include Create , Download ,Edit , Delete , Authorize , Upload , Join ,
or more. You can include multiple activities in a rule.The
activities available depend on your SaaS app. If a specific activity
does not display in Explore > Activities ,
then the event is not supported for your SaaS app and, therefore,
you cannot define it in a rule. |
Cloud Apps | List of accessible applications to scan.
By default, all cloud apps you added to SaaS Security API are scanned,
but you can restrict scans to specific apps. |
Count and Frequency | The count and frequency of the activity
that will trigger a policy violation. For example, ten (or more)
times a week, or two (or more) times per day. |
User (Actor) | Users whose perform the activities. By default,
all users in all domains are included. Alternatively, you can:
|
Target | The Name and Type of
target for the user activity. For example, a target could be any
user activity that impacts a Super Admin (target
name) Password (target type). Or, any user
activity associated with a Client List (target
name) Report (target type).You can Add
a Target to include multiple targets in a policy rule.
For example, activities that add Users (target)
to Teams (target), or activities that share Links (target)
with Users (target) would include two targets
in the rule.Folder alerts you when
the user activity occurs on any file contained in the folder. Folder File alerts
you when there is user activity on the specific file defined in
the Name . The
targets available depend on your SaaS app. If a specific target
does not display in Explore > Activities ,
then the event is not supported for your SaaS app and, therefore,
you cannot define it in a rule. |
Location | The location where the activity occurs.
Choices include:
|
IP Address | The IP address where the activity was initiated.
Choices include:
Use
commas to separate multiple IP addresses. |

Recommended For You
Recommended Videos
Recommended videos not found.