Create a SaaS Security Posture Rule

Create a SaaS Security Posture Rule

To create a SaaS security posture rule:

1. Log in to the Netskope tenant UI.

2. Navigate to Policies > Security Posture. Then, click the SaaS tab.

   The Security Posture page opens.

3. Click the Rules tab.

4. Click New Rule.

   The New Custom Rule page opens.

5. Under Rule Name, enter a rule name.

6. Under Severity, select the rule severity from the drop-down list. The available options are Critical, High, Medium, and Low. Select the level of severity you want to assign to this rule.

7. Under Definition, enter a rule definition using Netskope Governance Language (NGL). For information on NGL, see Custom Rules Using Netskope Governance Language.

   When you type a text inside the definition edit box, Netskope gives the NGL syntax along with auto suggestions for your reference.

8. Under the Category tab, specify the category, and sub-category. You can select from the following categories:

   • Compliance Standard: A compliance standard is a policy library of security best practices. It is organized into sections and controls. Each control is mapped to one or many rules.

     If you select the compliance standard category, specify:

     • Sub-Category: The name of the compliance standard, like CIS Benchmark v3.0.1, NIST-CSF, etc.
     • Section: The section of the document that describes the compliance standard.
     • Control: The section control of the document that describes the compliance standard.

   • Domain: In the context of Security Operations (SecOps), there are several well-known domains or categories that are commonly addressed to ensure a comprehensive security posture. These domains cover various aspects of security operations and help organizations in managing and responding to security incidents effectively.

   • MITRE ATT&CK: MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally recognized framework and knowledge base that helps organizations understand and categorize the tactics, techniques, and procedures (TTPs) used by cyber adversaries during various stages of a cyberattack.

   • Netskope Best Practices: These are Netskope-recommended rules for the supported SaaS apps.

9. Click +Add to specify a new category that the rule must satisfy.

10. (Optional) Under the Remediation tab and enter the manual remediation steps.

11. (Optional) Under the Description tab and a short description of the custom rule.

12. Alternatively, use the Import from Rule option in the Definition tab to import an existing rule and modify it. This option will copy the Severity, Definition, Remediation and Description from the existing rule.

13. When you click on the Search In Inventory in Definition tab, Netskope searches this custom rule on the API-enable Protection > Security Posture SaaS > Inventory page and lists the inventory impacted by this custom rule.

14. Click Validate Definition in the Definition tab to validate the rule and fix any syntax errors.

15. Click Save to save the rule.

    The rule is displayed in the Rules section of the Rules page.

16. On the Security Posture page, click Apply Changes.

• Custom Rules Using Netskope Governance Language