Setting up and monitoring Forcepoint CASB policies on protected cloud apps
Forcepoint CASB has a few preset dashboards for setting and customizing Forcepoint CASB predefined policies on the protected cloud apps, in addition to an Incidents reporting dashboard. These dashboards can be accessed directly from the Forcepoint Cloud Security Gateway Portal.
To access these Forcepoint CASB dashboards from the cloud portal:
- Go to Web > Settings > Protected Cloud Apps.
- Click one of the buttons beneath the app selection box to open the relevant page in Forcepoint CASB:
- View Incidents: Open the Forcepoint CASB incident log (Audit & Protect > Incidents) to view incidents such as alerts and policy
violations.
Forcepoint CASB incidents let you see and understand the overall problems affecting your network, instead of searching through and investigating the multiple individual symptoms of the problem.
You can view the Incidents log and filter the results according to various parameters. Forcepoint CASB provides many different ways to view incidents, including by user and by asset.
- View Access Policies: Manage and configure user access policies for cloud apps within your Forcepoint CASB account. This button opens Audit & Protect >
Security Policies > User Access Management (per selected asset).
You can configure access policies to managed assets without needing to rely on the native permission systems for the app, which in some cases can be limited or insecure. Forcepoint CASB includes several pre-configured simple access policies that can be enabled and in some cases further configured.
- View Assets: Manage settings for the cloud apps protected by Forcepoint CASB. This button opens Settings > Assets.
The Assets page is a Settings dashboard where you can add more assets (also known as apps) to monitor with Forcepoint CASB, edit an asset's configuration, or remove an asset.
In addition to those quick access Forcepoint CASB dashboards available from the Forcepoint Cloud Security Gateway portal, more dashboards are available from the Forcepoint CASB management portal, including: - Audit & Protect > Activity Audit > Realtime Monitoring > Audit Log(available for all assets or a selected asset):
For protected apps, Forcepoint CASB can identify activity details such as data object, source locations, and actions (e.g., password change or data modification). All the activities and their details can be seen in this dashboard. Filtered activity lists can be exported for further analysis and compliance.
- Audit & Protect > Security Policies > Custom Policy Editor (per selected asset):
Forcepoint CASB gives you the ability to create custom policies to be triggered by granularly defined custom conditions. These conditions consist of configured generic and asset-specific parameters (predicates) separated by Boolean operators (AND / OR / NOT).
- View Incidents: Open the Forcepoint CASB incident log (Audit & Protect > Incidents) to view incidents such as alerts and policy
violations.