Home

Location

Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base

Home
SaaS Security
SaaS Security Administrator's Guide
SaaS Security API
Manage Policy for Sanctioned SaaS Apps
Policy Types on SaaS Security API
User Activity Rules
Match Criteria for User Activity Rules

Last Updated:

Tue Mar 28 02:47:53 UTC 2023

Table of Contents

Filter

SaaS Security

What’s SaaS Security?

SaaS Security License Types

Configure Basic Settings

Set the Time Zone

Configure the Default Language

SaaS Security API

Get Started with SaaS Security API

What’s SaaS Security API?

Navigate To SaaS Security API in Cloud Management Console

Support on SaaS Security API

Supported SaaS Applications on SaaS Security API

Supported Content, Remediation and Monitoring

Supported File Types for Scanning Assets

Supported File Types for WildFire Analysis

Supported SaaS Applications with Selective Scanning

Supported Languages for Scanning Assets

Activate SaaS Security API on the Hub

Access SaaS Security API for Standalone SaaS Security

Connect Directory Services to SaaS Security API

Begin Using Azure Active Directory Groups

Manage Your Directory Service on SaaS Security API

Manage SaaS Security API Administrators

Add SaaS Security API Administrators

Add a Custom Admin Role

Predefined Role Privileges on SaaS Security API

Select an Authentication Method

Configure SAML Single Sign-On (SSO) Authentication

Configure Google Multi-Factor Authentication (MFA)

Reset Administrator Authentication

Reset Administrator Password

Unblock an Administrator

View Administrator Activity on SaaS Security API

Create Teams (Beta)

Configure Settings on SaaS Security API

Collaborators

Exposure Level

Define Your Internal Domains

Define Trusted and Untrusted Users and Domains

Enable Data Masking

Configure the Email Alias and Logo for Sending Notifications

Secure Sanctioned SaaS Apps on SaaS Security API

Add Cloud Apps to SaaS Security API

Begin Scanning an Amazon S3 App

Scan a Single Amazon S3 Account

Cross Account Scan Multiple Amazon S3 Accounts

Add the Amazon S3 App

Exclude Amazon S3 Buckets from Scans

Begin Scanning an Amazon Web Services App

Begin Scanning a Bitbucket Cloud App

Begin Scanning a Box App

Begin Scanning a Cisco Webex Teams App

Begin Scanning a Citrix ShareFile App

Begin Scanning a Confluence App (Beta)

Begin Scanning a Confluence Data Center App

Begin Scanning Dropbox or Yammer

Begin Scanning a GitHub App

Begin Scanning a GitHub V2 App

Begin Scanning a Gmail App

Begin Scanning a Google Cloud Storage App

Begin Scanning a Google Drive App

Begin Scanning Third-Party Apps on the G Suite Marketplace

Begin Scanning a Jira Cloud App

Begin Scanning a Jira Data Center App

Add a Jive App

Install the Jive Add-On

Begin Scanning a Jive App

Begin Scanning a Microsoft Azure Storage App

Begin Scanning a Microsoft Exchange App

Begin Scanning Microsoft Office 365 Apps

Begin Scanning a Microsoft Teams App

Begin Scanning a Salesforce App

Begin Scanning a ServiceNow App

Begin Scanning a Slack for Enterprise Grid App

Begin Scanning a Slack Enterprise V2 App

Begin Scanning a Slack for Pro and Business App

Begin Scanning a Workplace by Facebook App (Beta)

Begin Scanning a Zendesk App

Begin Scanning a Zoom App (Beta)

Unmanaged Device Access Control on SaaS Security API

Configure Unmanaged Device Access Control

Reauthenticate to a Cloud App

Verify Permissions on Cloud Apps

Start Scanning a Cloud App

Stop Scanning a Cloud App

Rescan a Managed Cloud App

Delete Cloud Apps Managed by SaaS Security API

API Throttling

Configure Classification Labels

Manage Policy for Sanctioned SaaS Apps

Policy Types on SaaS Security API

Data Patterns

SaaS Security with Enterprise DLP

Predefined Data Patterns on SaaS Security API

Proximity Keywords

Confidence Levels

Shared Data Profiles and Data Patterns

Modify a Predefined Data Pattern

Create a Custom Data Profile

Add a File Property Data Pattern

Create a Custom Data Pattern

Use Exact Data Matching (EDM)

Enable or Disable a Machine Learning Data Pattern

Configure WildFire Analysis

Configure Regular Expressions

Enable or Disable a Data Pattern

View and Filter Data Pattern Match Results

Asset Rules

Predefined Policies on SaaS Security API

Add a New Asset Rule

Building Blocks in Asset Rules

Match Criteria for Asset Rules

View Asset Details

User Activity Rules

Add a New User Activity Rule

Match Criteria for User Activity Rules

Examples of User Activity Rules

View Policy Violations for User Activity

Security Control Rules

Add a New Security Control Rule

View Policy Violations for Security Controls

Third-Party App Settings

Add a New Setting for Third-Party Apps

View Information for Third-Party Apps

Fine-Tune Policy

Modify a Policy Rule

Disable a Policy Rule

Assess Incidents on SaaS Security API

What is an Incident?

Assess New Incidents on SaaS Security API

View Asset Details

Filter Incidents

Security Controls Incident Details

Track Down Threats with WildFire Report

Track Down Threats with AutoFocus

Customize the Incident Categories

Close Incidents

Download Assets for Incidents

View Asset Snippets for Incidents

Analyze Inherited Exposure

Email Asset Owners

Modify Incident Status

Generate Reports on SaaS Security API

Generate the SaaS Risk Assessment Report

Generate the GDPR Report

Assess Data Violations on SaaS Security API

What is a Data Violation?

Assess New Data Violations on SaaS Security API

Configure Data Violation Alerts on SaaS Security API

Filter Data Violations on SaaS Security API

View Asset Snippets for Data Violations on SaaS Security API

View Data Violation Metrics on SaaS Security API

Modify Data Violation Status on SaaS Security API

Remediate Risks of Sanctioned SaaS Apps

Remediation Approaches for Incidents

Automatic Incident Remediation Options

Automatically Remediate Incidents

Quarantine

Manage Quarantined Files

Change Sharing

Remediation Email Digest

View Remediation Activity Logs

Remediate Third-Party Apps

Manually Remediate Incidents

Modify Incident Status

Manually Quarantine Assets

Assign Incidents to Another Administrator

Create a Custom Email Template

Monitor SaaS Security API

Monitor Services on SaaS Security API

Monitor Scan Results on the Dashboard

View All Open Incidents

View All Domains for Collaborators

Monitor and Investigate User Activity

SaaS Application Visibility on SaaS Security API

Extend SaaS Visibility to Cortex Data Lake

View SaaS Application Usage on SaaS Security API

Group-Based Visibility

Enable Group-Based Policy

Enable Group-Based Incident Management

Enable Group-based Selective Scanning (Beta)

Use Faceted Search to Filter Assets

Use Advanced Search

Use Advanced Search Expressions

Export Results to CSV File

Enterprise DLP App on Hub

Troubleshoot Issues on SaaS Security API

Resolve Onboarding Issues

Resolve Quarantine Failures

Syslog and API Client Integration on SaaS Security API

Syslog Integration on SaaS Security API

Configure Syslog Monitoring on SaaS Security API

Syslog Field Descriptions

Incidents Log Fields

Remediation Activity Log Fields

Policy Violation Log Fields

Activity Monitoring Log Fields

Admin Audit Log Fields

API Client Integration on SaaS Security API

Cortex XSOAR for SaaS Security API

Add Your API Client to SaaS Security API

API Client Authentication

Retrieve a Token

Authentication Errors

API References on SaaS Security API

HTTP Request Methods and Status Codes

Log Events API

Incident and Remediation API

SaaS Security Inline

Get Started with SaaS Security Inline

What’s SaaS Security Inline?

Navigate To SaaS Security Inline

Navigate To SaaS Security Inline for NGFW and Panorama Managed Prisma Access

Navigate To SaaS Security Inline in Cloud Management Console

SaaS Visibility for NGFW

SaaS Visibility and Controls for NGFW

SaaS Visibility for Prisma Access

SaaS Visibility and Controls for Panorama Managed Prisma Access

SaaS Visibility and Controls for Cloud Managed Prisma Access

Activate SaaS Security Inline for NGFW

Activate SaaS Security Inline for Prisma Access

Connect SaaS Security Inline and Cortex Data Lake

Integrate with Azure Active Directory

Manage SaaS Security Inline Administrators

Add SaaS Security Inline Administrators

Predefined Role Privileges on SaaS Security Inline

View Administrator Activity on SaaS Security Inline

Select an Authentication Method

Configure Google Multi-Factor Authentication (MFA)

Configure SAML Single Sign-On (SSO) Authentication

Assess Risks of Unsanctioned SaaS Apps

View Usage Data for Unsanctioned SaaS Apps

SaaS Visibility Application Attributes

Identify Risky Unsanctioned SaaS Applications and Users

SaaS Security Report

Generate the SaaS Security Report

Filter Unsanctioned SaaS Apps

Remediate Risks of Unsanctioned SaaS Apps

Manage Policy for Unsanctioned SaaS Apps

SaaS Policy Rule Recommendations

App-ID Cloud Engine

Guidelines for SaaS Policy Rule Recommendations

Predefined SaaS Policy Rule Recommendations

Apply Predefined SaaS Policy Rule Recommendations

Create SaaS Policy Rule Recommendations

Delete SaaS Policy Rule Recommendations

Enable SaaS Policy Rule Recommendations

Modify Active SaaS Policy Rule Recommendations

Monitor SaaS Policy Rule Recommendations

Manage Enforcement of Rule Recommendations on Cloud Managed Prisma Access

Enable Automatic Updates for SaaS Policy Rule Recommendations on Cloud Managed Prisma Access

Import New SaaS Policy Rule Recommendations on Cloud Managed Prisma Access

Update Imported SaaS Policy Rule Recommendations on Cloud Managed Prisma Access

Remove Deleted SaaS Policy Rule Recommendations on Cloud Managed Prisma Access

Manage Enforcement of Rule Recommendations on NGFW

Manage Enforcement of Rule Recommendations on Panorama Managed Prisma Access

Tag Discovered SaaS Apps

Change Risk Score for Discovered SaaS Apps

Troubleshoot Issues on SaaS Security Inline

Troubleshoot Issues on SaaS Security Inline for Cloud Managed Prisma Access

Troubleshoot Issues on SaaS Security Inline for NGFW

SaaS Security Posture Management

Get Started with SaaS Security Posture Management

What’s SaaS Security Posture Management (SSPM)?

Navigate to SSPM

Activate SaaS Security Posture Management

Add SaaS Security Posture Management Administrators

Supported SaaS Applications on SSPM

Onboard SaaS Apps Supported by SSPM

Delete SaaS Apps Managed by SSPM

Assess Posture Security

Monitor Posture Security

View All Posture Security Policies

View Misconfigurations by SaaS App

View Risky Accounts by SaaS App

Remediate Posture Security Risks

Best Practices for Posture Security Remediation

Remediate SaaS App Misconfigurations

Take Action on Risky Accounts

Change App Owner to an Onboarded Application

SaaS Security
SaaS Security API
SaaS Security Inline
SaaS Security Posture Management

Document:SaaS Security Administrator's Guide

Match Criteria for User Activity Rules

Last Updated:

Tue Mar 28 02:47:53 UTC 2023

Table of Contents

Filter

SaaS Security

What’s SaaS Security?

SaaS Security License Types

Configure Basic Settings

Set the Time Zone

Configure the Default Language

SaaS Security API

Get Started with SaaS Security API

What’s SaaS Security API?

Navigate To SaaS Security API in Cloud Management Console

Support on SaaS Security API

Supported SaaS Applications on SaaS Security API

Supported Content, Remediation and Monitoring

Supported File Types for Scanning Assets

Supported File Types for WildFire Analysis

Supported SaaS Applications with Selective Scanning

Supported Languages for Scanning Assets

Activate SaaS Security API on the Hub

Access SaaS Security API for Standalone SaaS Security

Connect Directory Services to SaaS Security API

Begin Using Azure Active Directory Groups

Manage Your Directory Service on SaaS Security API

Manage SaaS Security API Administrators

Add SaaS Security API Administrators

Add a Custom Admin Role

Predefined Role Privileges on SaaS Security API

Select an Authentication Method

Configure SAML Single Sign-On (SSO) Authentication

Configure Google Multi-Factor Authentication (MFA)

Reset Administrator Authentication

Reset Administrator Password

Unblock an Administrator

View Administrator Activity on SaaS Security API

Create Teams (Beta)

Configure Settings on SaaS Security API

Collaborators

Exposure Level

Define Your Internal Domains

Define Trusted and Untrusted Users and Domains

Enable Data Masking

Configure the Email Alias and Logo for Sending Notifications

Secure Sanctioned SaaS Apps on SaaS Security API

Add Cloud Apps to SaaS Security API

Begin Scanning an Amazon S3 App

Scan a Single Amazon S3 Account

Cross Account Scan Multiple Amazon S3 Accounts

Add the Amazon S3 App

Exclude Amazon S3 Buckets from Scans

Begin Scanning an Amazon Web Services App

Begin Scanning a Bitbucket Cloud App

Begin Scanning a Box App

Begin Scanning a Cisco Webex Teams App

Begin Scanning a Citrix ShareFile App

Begin Scanning a Confluence App (Beta)

Begin Scanning a Confluence Data Center App

Begin Scanning Dropbox or Yammer

Begin Scanning a GitHub App

Begin Scanning a GitHub V2 App

Begin Scanning a Gmail App

Begin Scanning a Google Cloud Storage App

Begin Scanning a Google Drive App

Begin Scanning Third-Party Apps on the G Suite Marketplace

Begin Scanning a Jira Cloud App

Begin Scanning a Jira Data Center App

Add a Jive App

Install the Jive Add-On

Begin Scanning a Jive App

Begin Scanning a Microsoft Azure Storage App

Begin Scanning a Microsoft Exchange App

Begin Scanning Microsoft Office 365 Apps

Begin Scanning a Microsoft Teams App

Begin Scanning a Salesforce App

Begin Scanning a ServiceNow App

Begin Scanning a Slack for Enterprise Grid App

Begin Scanning a Slack Enterprise V2 App

Begin Scanning a Slack for Pro and Business App

Begin Scanning a Workplace by Facebook App (Beta)

Begin Scanning a Zendesk App

Begin Scanning a Zoom App (Beta)

Unmanaged Device Access Control on SaaS Security API

Configure Unmanaged Device Access Control

Reauthenticate to a Cloud App

Verify Permissions on Cloud Apps

Start Scanning a Cloud App

Stop Scanning a Cloud App

Rescan a Managed Cloud App

Delete Cloud Apps Managed by SaaS Security API

API Throttling

Configure Classification Labels

Manage Policy for Sanctioned SaaS Apps

Policy Types on SaaS Security API

Data Patterns

SaaS Security with Enterprise DLP

Predefined Data Patterns on SaaS Security API

Proximity Keywords

Confidence Levels

Shared Data Profiles and Data Patterns

Modify a Predefined Data Pattern

Create a Custom Data Profile

Add a File Property Data Pattern

Create a Custom Data Pattern

Use Exact Data Matching (EDM)

Enable or Disable a Machine Learning Data Pattern

Configure WildFire Analysis

Configure Regular Expressions

Enable or Disable a Data Pattern

View and Filter Data Pattern Match Results

Asset Rules

Predefined Policies on SaaS Security API

Add a New Asset Rule

Building Blocks in Asset Rules

Match Criteria for Asset Rules

View Asset Details

User Activity Rules

Add a New User Activity Rule

Match Criteria for User Activity Rules

Examples of User Activity Rules

View Policy Violations for User Activity

Security Control Rules

Add a New Security Control Rule

View Policy Violations for Security Controls

Third-Party App Settings

Add a New Setting for Third-Party Apps

View Information for Third-Party Apps

Fine-Tune Policy

Modify a Policy Rule

Disable a Policy Rule

Assess Incidents on SaaS Security API

What is an Incident?

Assess New Incidents on SaaS Security API

View Asset Details

Filter Incidents

Security Controls Incident Details

Track Down Threats with WildFire Report

Track Down Threats with AutoFocus

Customize the Incident Categories

Close Incidents

Download Assets for Incidents

View Asset Snippets for Incidents

Analyze Inherited Exposure

Email Asset Owners

Modify Incident Status

Generate Reports on SaaS Security API

Generate the SaaS Risk Assessment Report

Generate the GDPR Report

Assess Data Violations on SaaS Security API

What is a Data Violation?

Assess New Data Violations on SaaS Security API

Configure Data Violation Alerts on SaaS Security API

Filter Data Violations on SaaS Security API

View Asset Snippets for Data Violations on SaaS Security API

View Data Violation Metrics on SaaS Security API

Modify Data Violation Status on SaaS Security API

Remediate Risks of Sanctioned SaaS Apps

Remediation Approaches for Incidents

Automatic Incident Remediation Options

Automatically Remediate Incidents

Quarantine

Manage Quarantined Files

Change Sharing

Remediation Email Digest

View Remediation Activity Logs

Remediate Third-Party Apps

Manually Remediate Incidents

Modify Incident Status

Manually Quarantine Assets

Assign Incidents to Another Administrator

Create a Custom Email Template

Monitor SaaS Security API

Monitor Services on SaaS Security API

Monitor Scan Results on the Dashboard

View All Open Incidents

View All Domains for Collaborators

Monitor and Investigate User Activity

SaaS Application Visibility on SaaS Security API

Extend SaaS Visibility to Cortex Data Lake

View SaaS Application Usage on SaaS Security API

Group-Based Visibility

Enable Group-Based Policy

Enable Group-Based Incident Management

Enable Group-based Selective Scanning (Beta)

Use Faceted Search to Filter Assets

Use Advanced Search

Use Advanced Search Expressions

Export Results to CSV File

Enterprise DLP App on Hub

Troubleshoot Issues on SaaS Security API

Resolve Onboarding Issues

Resolve Quarantine Failures

Syslog and API Client Integration on SaaS Security API

Syslog Integration on SaaS Security API

Configure Syslog Monitoring on SaaS Security API

Syslog Field Descriptions

Incidents Log Fields

Remediation Activity Log Fields

Policy Violation Log Fields

Activity Monitoring Log Fields

Admin Audit Log Fields

API Client Integration on SaaS Security API

Cortex XSOAR for SaaS Security API

Add Your API Client to SaaS Security API

API Client Authentication

Retrieve a Token

Authentication Errors

API References on SaaS Security API

HTTP Request Methods and Status Codes

Log Events API

Incident and Remediation API