Using Default Recommended CASB/DLP Policy

This article explains the default Cato recommended rules for the Application Control CASB and DLP policy.

For accounts that only have the CASB license, the Data Control (DLP) rules are not included in the Application Control policy.

Default_AppControl_Policy.png

Rule Name

Description

Comments

Block uploading credit card numbers

Data Control rule that blocks uploading credit card numbers based on the predefined Credit cards Content Profile

 

Microsoft - Only allow the tenant catonetworks.com

Uses the Microsoft app with the Allow action for the example tenant catonetworks.com

Replace the example tenant with the value for your company

For example, see Get subscription and tenant IDs in the Azure portal

Microsoft - Monitor logins for external Microsoft tenants (click rule to read Description)

Monitors any Microsoft logins that are not for the tenant defined in the rule above

After you replace the example tenant in the previous rule, enable this rule

OneDrive - Only allow the catonetworks.com tenant

Uses the OneDrive Business app with the Allow action for the example tenant catonetworks.com

Replace the example tenant with the value for your company

For example, see View the list of OneDrive URLs for users in your organization

OneDrive - Monitor access to external OneDrive tenants (click rule to read Description)

Monitors access to the OneDrive Business app which aren't for the tenant defined in the rule above

After you replace the example tenant in the previous rule, enable this rule

OneDrive - Monitor personal OneDrive tenants

This rule monitors the OneDrive app which is used for personal accounts and tenants

 

Gmail - Monitor Gmail attachments

Monitors adding attachment to email using the Gmail app

 

Monitor online storage apps: risk higher than 3, or no ISO

Monitors apps in the Online Storage category the matches one of these criteria:

  • Cato risk score is higher than 3 (4 or higher)

  • Doesn't meet ISO 27001

For more about the Cato risk score, see Using the App Catalog

Twitter/X - Block posts with the string “samplekeyword”

Data Control rule that blocks Twitter/X posts or tweets that match the strings in the Sample Keyword Profile

Replace the string samplekeyword with the relevant keywords for your organization

Twitter/X - Monitor posts with long words (more than 8 characters)

Data Control rule that monitors Twitter/X posts or tweets that are longer than 8 characters

The User Defined Data Type uses REGEX to identify the long words

Twitter/X - Monitor all posts

Monitors Twitter/X posts or tweets (with the Post activity)

 

OpenAI - Restrict logins for allowed users and tenants

Uses the Open AI app (ChatGPT) with the Login action for allowed users and tenants defined in the value set

Edit the value set and define the allowed users and tenants

For more information, see Working with Categories (EA - Value Sets)

Open AI - Monitor logins for external tenant (click rule to read Description)

Monitors any OpenAI (ChatGPT) logins that are not for the tenant defined in the rule above

After you replace the example tenant in the previous rule, enable this rule

OpenAI - Monitor third-party logins

Monitors the OpenAI app for third party logins

 

Google Drive - Restrict view to allowed folders

Restricts the view activity for Google Drive to paths defined in the value set

Edit the value set and define the allowed Google Drive paths

For more information, see Working with Categories (EA - Value Sets)

Google Drive - Monitor non-allowed folders (click rule to read Description)

Monitors the view activity for Google Drive for all paths not defined in the previous rule

After you replace the example paths in the previous rule, enable this rule

Test sensitivity labels - edit MIP labels before enabling

Data Control rule that lets you test uploading files that contain content defined in MIP labels

After you import the MIP labels to your account, enable this rule

For more information about using MIP labels, see Using MIP Sensitivity Labels in your Cato DLP Policy

Skip monitoring uploads to sanctioned apps

Data Control rule that allows uploading to the sanctioned apps without generating events

For new CASB and DLP licenses after September 2023, Cato automatically defines sanctioned apps for your account

We recommend that you review these sanctioned apps and edit them to meet the requirements of your organization

For more information see, Working with the Cloud Apps Dashboard

Non-sanctioned apps - Monitor uploads

Monitors the upload activity for Cloud applications that are not defined in the previous rule (as sanctioned apps)

 

Was this article helpful?

2 out of 2 found this helpful

0 comments

Add your comment