Netskope Help

Behavior-Based Policies

To access the Machine Learning Based (ML Based) policy page, go to Policies > Behavior Analytics > Behavior-Based tab.

BehaviorBasedAnalyticsUEBA.jpg

There are three default Behavior-Based policies:

  1. Compromised Account: Monitor for and detect activity indicative of a corporate cloud application account that has been compromised and controlled by an external attacker. Possible detectors include anomalous access of new file types on a cloud app, new device, or new IPblock.

    Note

    You must select at least one app.

  2. Data Exfiltration: Detect suspicious transfer of data outside the organization. Possible detectors include anomalous large number of uploads and large size of uploaded data.

  3. Malicious Insider: Identify corporate users whose activity indicates a potential risk - either accidental or deliberate - to the security posture of your environment. Possible detectors include anomalous large numbers of downloads, deletes, and large size of downloaded data.

    Note

    You must select at least one app.

To edit the policy, select the tile and click the pencil icon to open the Configure Policy window.