Netskope Help

Analyze user activity, such as uploads or posts, in cloud apps that create or shares content

To apply inline policies based on user activity such as uploads or posts, in cloud apps that create or shares content, follows the steps as shown below:

  1. Navigate to Policies > Real time Protection > New Policy > Cloud App access.

  2. Under ‘Source’ section, select Users/User groups or Organizational Unit. Options selected here will apply in the policy being created.

    vrp_inline_monitoring_use_case_8.jpg
  3. Under ‘Source’ section, select ‘ADD CRITERIA’ drop down option.

    vrp_inline_monitoring_use_case_8b.jpg
  4. Select ‘Access method’ option and select the required source of traffic and proxy type (forward, reverse).

    vrp_inline_monitoring_use_case_8c.jpg
  5. To apply policies based on cloud apps that create or share content, navigate to ‘Destination’ section of the policy creation template, and select the ‘Category’’ option. Select categories such as Cloud storage, Collaboration for creation and sharing of content.

    vrp_inline_monitoring_use_case_8d.jpg
  6. In the ‘Activities and Constraints’ section where activities that have to act as constraints can be placed in the policy.

    vrp_inline_monitoring_use_case_8e.jpg
  7. Under ‘Profiles & Action’ section in the policy creation template, select the desired action to be taken. 

  8. To view the alerts generated by the policy created, navigate to Skope IT > Alerts. Select the policy created in the filter. The results displayed can be exported and analyzed offline with the Export button. Ensure that ‘Username’ field is selected in the list of fields displayed or exported.  

To learn more: Real-time Protection Policies