Articles in this section

Automatic Remediation - Inbound Risks

Fred Holt
  • Updated
LET'S STOP SOME RISK

This guide will walk you through the process of creating a policy to prevent inbound risks in your cloud environment.

STEP ONE:

Sign into your Cloud Access Monitor Instance.

 

 

 

 
STEP TWO:

Select the "x Enabled" policies button to the right of the desired Cloud Environment.

 

 
 
STEP THREE:

Enter your Email you wish to receive alerts to.

 

 
STEP FOUR:

Select the "Add Policy" Button on the bottom right of the screen.

 

 
 
STEP FIVE:

The Add Policy window will appear.

 

Give your policy a Name.

Select the Source(s) you would like to enforce the policy on.

Select File type(s), blank (all) is recommended.

Select File Size, blank (all) is recommended.

mceclip0.png

 
STEP SIX:

Under the Threats Column select the risk(s) that you wish to apply the policy to.

 

 
STEP SEVEN:

In the Sharing Column, select the From Outside Domain Checkbox.

 

mceclip0.png

 
STEP EIGHT:

Once you have setup your custom policy select the Apply button on the bottom left.

 

 
 
STEP NINE:

At this point you may choose if you would like any Automatic Remediation to take place. Each source has its own remediation options.

 

Drive:

      • Delete: Will delete the file from the drive.
      • Quarantine: Will place the file into a folder in the administrative g-drive named CAM_Quarantine
      • Revoke Sharing From Outside Domain: Will remove the share if it is coming from an outside domain.
      • Warn User: Send the user who triggered the violation an email warning them of their behavior.

Email:

      • Delete: This will delete the e-mail as soon as it is found to contain risk.
      • Quarantine: Will move the e-mail into the users trash folder
      • Warn User: Send the user who triggered the violation an email warning them of their behavior.
 
Team drive:
  • Delete: This will delete the e-mail as soon as it is found to contain risk.
  • Warn User: Send the user who triggered the violation an email warning them of their behavior.
 
 
STEP TEN:

Once you have chosen your remediation options (if any), the next step is to choose when remediation options will occur. Options include...

 

Immediately: The action will occur as soon as the policy is violated.

One Day: In 24 Hours the remediation will occur.

Three Days: In three days the remediation will occur.

One Week: In one week the remediation will occur.

Two Weeks: In two weeks the remediation will occur

 
STEP ELEVEN:

Choose who will be notified if a remediation does occur.

 

Notify User: Notify the user that caused the policy violation to occur.

Notify Admin: Notify the Cloud Access Monitor Admin of the infraction.

 
 
STEP TWELVE:

Select the save button at the bottom right of the window.

 

 
NOTE:

Enable / Disable: To enable or disable a policy, simply click the enable button found on the policy window.

Edit: To edit an existing policy click the edit pencil on the right side of the policy window.

Delete: To delete a policy, simply click the trash can icon on the right side of the policy window.

 

 
 
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk