Configure & Enable an Auto-Remediation Rule for Unusual Access Issues
Users have the ability to auto-remediate the Unusual Access issues in Secure & Govern. Follow the steps listed to configure and enable auto-remediation rules for Unusual Access issues.
-
Navigate to Settings -> Analysis Rules
-
Select the desired Issue Type as Unusual Access
-
Click on Create an auto-remediation rule
-
Enter Rule Name and Description, then select Next
-
Select ANY or ALL for the match criteria
When ALL is selected, all the rule conditions must be met for an issue to be auto-remediated. When ANY is selected, auto-remediation will occur when any of the rule conditions are met.
-
Enter Rule Condition
- For Unusual Access issue type, there are four conditions available that can be added based on Severity, Sensitive Content, Detection type, and User type.
- Specify the criteria for the first condition selected and click on Add Condition to specify the criteria for the next condition.
- Specify the criteria for the first condition selected and click on Add Condition to specify the criteria for the next condition.
- For Unusual Access issue type, there are four conditions available that can be added based on Severity, Sensitive Content, Detection type, and User type.
-
Enter Rule Action
- For Unusual Access issue type, there are three possible actions available which are: Deactivate user account, Dismiss issue(s), and Delegate to selected user. Add one or more actions to the Analysis rule
- For Unusual Access issue type, there are three possible actions available which are: Deactivate user account, Dismiss issue(s), and Delegate to selected user. Add one or more actions to the Analysis rule
-
Select Next
-
Select whether or not to Apply this rule to previously detected issues that match the selected criteria and click Next.
-
Review the Rule Configuration and click Create
The Back button can be selected at any time to change the rule configuration prior to the rule being created.
-
The Auto-Remediation Rule is created
Currently, only one auto-remediation rule can be created per issue type.
Additional Resources
- Overview - Secure & Govern Issue Auto-Remediation
- Modify Existing Auto-Remediation Rules
- Auto-Remediation - Empty Group
- Auto-Remediation - External Sharing
- Auto-Remediation - Individual Permission
- Auto-Remediation - Open Access
- Auto-Remediation - Probable Ransomware
- Auto-Remediation - Public Links
- Auto-Remediation - Suspicious Login
- Auto-Remediation - Unused Group