Configuring API Policy Actions in Forcepoint ONE SSE
Once you have completed the API setup, you can then specify what you are scanning for as well as policy actions to take.
Steps
- On the AWS API Setup page, select the AWS tenant that you have created to configure what wish to scan for and identify. You can choose to scan all buckets within the tenant or specific buckets as needed.
-
Further down, you can select if you wish to identify files have been shared externally and the specific data patterns you wish to identify for sensitive data.
Note: To configure API policies with the Forcepoint DLP data pattern, refer to Configuring FSM controlled policies for CASB and SWG channels. - Once you have configured the policy of what sensitive content you wish to identify with your scans, you can now go back to the Policy page to configure which actions are taken by the API.
-
Scrolling to AWS, you will see a new section titled Cloud. Click the green plus icon to add a new policy line to configure the API policy actions.
-
Configuring the API policy actions is similar to how you create the API policy actions for other apps. You can view more information about this on the guide page.
- At the top of the dialog box, select if the policy action will apply to all buckets that you have scanned or only particular buckets.
- In the condition section, configure what will trigger the policy action below. You can select it by specific matching Data Pattern, Sharing Status, File Name, Owner, Shared With, or File Path location.
- Once you have selected your condition(s) select the action to be taken. You can choose Allow for visibility, Encrypt to encrypt the file at rest in S3, Quarantineto quarantine the file to a configured admin bucket, or Create Copy to create a copy of a the file in a specified location (for admin review or legal hold).
- If choosing to quarantine or create copy files, you will need to specify where the file will be quarantined/copied to. Click the green plus icon add the details to "File To" section. Select the app, instance name, Admin account and directory path (bucket name and folder path where you want the file sent to) details. For quarantine actions, the file will be replaced in it's original location by a quarantine notification file.