Policy Configuration Examples
Threat Protection - Suspicious Time
- Go to Policy > Threat Protection > Suspicious Time.
- Click on the right arrow key > next to the policy to display configuration setting.
- Click Context tab.
- Click on Enabled toggle button to enable the policy.
- Click Applied To field to select target cloud account.
- In Event field, select Specify events to select event(s) to be associated with the policy or Select all events.
- In Suspicious Time field, select the day in the week and start and end time that the policy monitors the event. (You may repeat this step to add more time)
- Click Save.
- Click the sign to monitor Suspicious Time on a different cloud account (optional).
Threat Protection - Suspicious Movement
- Go to Policy > Threat Protection > Suspicious Movement.
- Click on the right arrow key > next to the policy to display configuration setting.
- Click Context tab.
- Click on Enabled toggle button to enable the policy.
- Click Applied To field to select target cloud account(s).
- In Velocity Settings field, enter a velocity greater than the maximum speed in international travel, e.g. commercial flight speed. The purpose is to monitor an unidentified login from another country.
- In Distance Tolerance field, enter the maximum distance for a user to travel in the vicinity before checking the velocity of the user. The purpose is to monitor for an unidentified login from another region within the country.
- Click Save.
- Click the sign to monitor Suspicious Movement on a different cloud account. (optional)
To setup a allow list for the Suspicious Movement Policy, please refer to Allow List |
SOX/COBIT - Access to Sensitive Data
- Go to Policy > Compliance > SOX/COBIT.
- Click on the right arrow key > next to the policy to display configuration setting.
- Click Context.
- Click on Enabled toggle button to enable the policy.
- Click Applied To field to select targeted cloud account.
- Click on Compliance Collection field to select the compliance collection that this policy should be monitoring against. To select the data pattern associated with the compliance collection, please refer to Compliance Collection.
- Click Save.
To setup notification to receive policy triggered alerts, refer to Notifications. |