Apply Event Filtering to Onboarded Cloud Applications

If you selected API Access as a protection model, you can select event filtering options for an onboarded cloud application.

You can set default filters for allowing or denying all events for users, user groups, domains, or events. These filters can help narrow the focus to specific groups and will require less processing time and less demand on system resources.

Select Administration > App Management.
Click the Edit icon for the cloud application to which you want to apply event filtering.
Select filtering options:
- Default filters - Choose a default filter.
  - Deny All Events - No events are processed.
  - Allow All Events - All events are processed.
- Exceptions - Select exceptions to the chosen filter for users or user groups. Example: To apply an exception for one group -- the engineering team -- you would apply these default filter actions:
  - For Deny All Events, no events are processed except those for the engineering team.
  - For Allow All Events, all events are processed except those for the engineering team.
- Exclusions - Select any criteria not to include in the exceptions. Example: To deny (not to process) events for staff in engineering except for managers, you would apply these default filter exclusions:
  - For Deny All Events -- No events are processed except for the engineering team. The managers are excluded from this exception, which means that events for managers within the engineering team are not processed.
  - For Allow All Events -- Events are processed except for the engineering team. The managers are excluded from this exception, which means that events for managers within the engineering team are processed.
Click Next.

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Apply Event Filtering to Onboarded Cloud Applications

lookout-footer