Enable detection of security risks and anomalies through correlation of signals across different sources and specify the action to apply to any match.
Procedure
- Select Correlated Intelligence.
- Enable Correlated Intelligence.
- Configure Action settings for emails detected as
security risks.For details about the actions, see Actions Available for Different Services.
- Turn on notification for Cloud App Security to send notification emails upon security risk detection.
- Specify rules for detecting anomalies and select the action.
- For details about the rules, see Viewing Correlation Rules and Detection Signals.
-
For details about the actions, see Actions Available for Different Services.
- Turn on notification for Cloud App Security to send notification emails upon anomaly detection.
- Configure Notification
settings.Notify administrator
-
Specify the administrators to notify by selecting a recipient group or specifying individual recipients. You can click Manage recipient groups to edit the members in a group or add more groups.
-
Specify message details to notify administrators that Cloud App Security detected a security risk and took action on an email message, attachment, or file.
-
Set the notification threshold which limits the number of notification messages to send. Threshold settings include:
-
Send consolidated notifications periodically: Cloud App Security sends an email message that consolidates all the notifications for a period of time. Specify the period of time by typing a number in the box and selecting hour(s) or day(s).
-
Send consolidated notifications by occurrences: Cloud App Security sends an email message that consolidates notifications for a set number of filtering actions. Specify the number of virus/malware occurrences by typing a number in the box.
-
Send individual notifications: Cloud App Security sends an email message notification every time Cloud App Security performs a filtering action.
-
Notify UserSpecify message details that notify recipients that Cloud App Security detected a security risk and took action on their email message or attachment. -