home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Create Web & Application Policies

Policies with Content Inspection Type of Anomalous Access

  1. Select cloud applications from the Clouds list.
    Use the up or down arrows to expand/collapse the category lists to view and select the applications for the policy.

    Select the Any App option under Enterprise Apps to enforce controls for both managed and unmanaged enterprise apps.

  2. Under Activity Type, select one or more activities to which the policy should apply.

    The activities you can choose depend on the cloud application for which you are creating the policy.

    • Clipboard activities (cut, copy, and paste) are available only for Salesforce and Office 365 suite/applications.
    • The Print activity is not supported for policies with a content inspection type of DLP.
  3. Under Content Scanning/Data Type, select a data type.
    Depending on the cloud applications you choose, you will see a check box option for Unstructured Data or check boxes for both Structured Data and Unstructured Data. Check the data type or types to apply for this policy.
  4. (For DLP scan) Select a Rule Template.

  5. Under Context Rules, select a context type and its context details.

    To apply more than one context type, click the + button at the right, select an additional context type and details.

    Context TypeOptions
    UsersChoose All or Selected. For Selected, enter a valid email address for each user. Separate each address with a comma.
    User Group

    User groups are organized into directories for clearer organization. When you select User Group as a context type, the available directories containing the groups are listed in the left column.

    Select a directory to view the user groups it contains. The user groups for that directory are displayed in the right column.

    Select the groups from the list and click the right-arrow icon to move them to the Selected User Groups column and click Save. These are the groups to which the policy will apply.

    To search for a directory or group, click the Search icon at the top of the left column.

    To refresh the list, click the Refresh icon at the top of the left column.

    Folder

    Select one or more folders to include in the policy context.

    Selecting a folder

    Click the folder name once from the folder picker, then click the right-arrow icon. The folder name is added to the Selected Folders list at the right.

    If you selected an empty folder, a message appears. Hover over the folder name at the top of the list, click All Files, and select another folder.

    Viewing a list of files in a folder

    Double-click the folder name.

    To restore the folder list, hover over the folder name and click All Files.

    Removing a folder from the Selected Folders list

    Hover over the folder name and click the trash can icon. The folder is removed from the Selected Folders list.

    Searching for a folder by name or folder ID

    Click the Search icon and enter all or part of the folder name, or the folder ID. Matching folder names appear in the list.

    To restore the folder list, click the Refresh icon.

    When you are finished selecting folders, click Save to include them in the policy context.

    LocationCheck one or more locations, or check Select All.
    Device ProfileSelect a context type and a target for each type.
    Managed status: Select an option.
    Managed
    Unmanaged
    Compliance Status: Select one or more options.
    Protected
    Disconnected
    Compliant
    Non-Compliant
    Depending on what you select, some other options are disabled. For example, if you select Protected, Disconnected is disabled. If you select Disconnected, Protected is disabled.
    Threat Status: Select one or more options.
    Secure
    Low
    Medium
    High
    Click the + sign at the right to add additional Device Profile contexts.
    When you have selected and configured all of the context options for Device Profile (Managed Status, Compliance Status, and Threat Status), you cannot select additional targets if you add another Device Profile context rule.
    Device OS

    From the Match prompt, select an operator: Equal To, Not Equal To, Greater Than, or Less Than.

    Then, from the Device OS prompt, select an OS and an OS version. If you selected Equal To or Not Equal To, you can select multiple OS versions or click Select All. If you selected Greater Than or Less Than, you can select only one OS version from each category.

    Click Save.

    Device OS context policies are currently supported only on OS versions under 11 for both Windows and MacOS.

    Browser Types

    From the Match prompt, select an operator: Equal To, Not Equal To, Greater Than, or Less Than.

    Then, from the Browser Types prompt, select a browser type and version. For Equal To or Not Equal To, you can select multiple browser versions or click Select All. For Greater Than or Less Than, you can select only one browser version from each category.

    Click Save.

    Source IP

    Select a valid IP address range.

    (Optional) To enter an additional range, click the + icon and enter the range. Click Save.

    IP Risk ScoreSelect a risk score level: Low & Above, Medium & Above, or High.
    Sharing TypeSelect External or Internal.
    Adaptive Threshold

    This context type is available only for policies with a Content Inspection Type of Anomalous Access, and only for Upload, Download, and Delete activity types. It applies settings for all cloud applications selected for the policy.

    Enter an activity count and a duration for the selected cloud applications.

    Adaptive Threshold per Cloud App

    This context type is available only for policies with a Content Inspection Type of None, and only for Upload, Download, and Delete activity types. It applies settings separately to each cloud application selected to the policy.

    Enter an activity count and a duration for each selected cloud application.

  6. Click Next to select actions.

    • Session Action - Allow & Log or Deny.

    • Content Action - AIP Protect, Content Digital Rights

      The Content Action option is not available for Cloud Access Control policies with an Adaptive Threshold context type.

  7. Select a secondary action.

    • For email, the Quarantine Copy secondary action makes a copy of any email containing violating content in the subject line, body, or attachments. You can choose the Allow & Log primary action to allow access, while a copy of the message is placed in quarantine for review of the violating content.

      The Quarantine Copy action is applied only once per email, even if there are multiple violations in different parts of the content.

    • If you have set up Continuous Authentication or User Coaching, those options are also available. Select notifications from the list. The listed items are based on notifications you created previously.

    • If you select Remove Recipients as a secondary action with external domains, use the Select Domain Categories prompt to choose one or more domain categories. These are custom categories that you created as described in the Creating and managing custom categories section.

      The policy will act on all external domains if you do not enter any domain values. The value of All

      is not supported.

    • To include additional secondary actions, click the + icon to the right of the prompt.
  8. Click Save.
  9. Review the summary information for the policy.
    Click Confirm to save the policy or Previous to make any corrections.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.