建立 Cloud Discovery 原則Create Cloud Discovery policies

適用於:Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

重要

Microsoft 的威脅防護產品名稱即將變更。Threat protection product names from Microsoft are changing. 如需有關此變更的詳細資訊與其他更新,請參閱這裡Read more about this and other updates here. 我們將在不久的將來更新產品與文件中的名稱。We'll be updating names in products and in the docs in the near future.

您可以建立應用程式探索原則,使其在偵測到新的應用程式時通知您。You can create app discovery policies to alert you when new apps are detected. Cloud App Security 也會搜尋 Cloud Discovery 中所有記錄,檢查是否有異常。Cloud App Security also searches all the logs in your Cloud Discovery for anomalies.

建立應用程式探索原則Creating an app discovery policy

探索原則可讓您設定警示,在您的組織內偵測到新的應用程式時通知您。Discovery policies enable you to set alerts that notify you when new apps are detected within your organization.

  1. 在主控台中,依序按一下 [控制]**** 和 [原則]****。In the console, click on Control followed by Policies.

  2. 按一下 [建立原則]****,然後選取 [應用程式探索原則]****。Click Create policy and select App discovery policy.

    應用程式探索原則功能表app discovery policy menu

  3. 為您的原則提供名稱及描述。Give your policy a name and description. 如果您想的話,也可以範本為依據。If you want, you can base it on a template. 如需原則範本的詳細資訊,請參閱使用原則控制雲端應用程式For more information on policy templates, see Control cloud apps with policies.

  4. 設定原則的 [嚴重性]****。Set the Severity of the policy.

  5. 若要設定有哪些已探索到的應用程式會觸發此原則,請新增篩選。To set which discovered apps trigger this policy, add filters.

  6. 您可以設定原則敏感度的閾值。You can set a threshold for how sensitive the policy should be. 啟用如果下列情況在同一天發生,就觸發原則比對Enable Trigger a policy match if all the following occur on the same day. 您可以設定應用程式每天必須超過的準則來比對原則。You can set criteria that the app must exceed daily to match the policy. 選取下列其中一個準則:Select one of the following criteria:

    • 每日流量Daily traffic
    • 下載的資料Downloaded data
    • IP 位址數目Number of IP addresses
    • 交易數Number of transactions
    • 使用者人數Number of users
    • 上傳的資料Uploaded data
  7. 在 [警示]**** 下設定每日警示限制Set a Daily alert limit under Alerts. 選取警示要以電子郵件或簡訊傳送,或兩者皆是。Select whether the alert is sent as an email, a text message, or both. 接著,依據需要提供手機號碼及電子郵件地址。Then provide phone numbers and email addresses as needed.

    • 按一下 [將警示設定儲存為組織的預設]****,讓日後的原則可以使用該設定。Clicking Save alert settings as the default for your organization enables future policies to use the setting.
    • 如果您有預設的設定,可以選取 [使用組織的預設設定]****。If you have a default setting, you can select Use your organization's default settings.
  8. 選取在應用程式符合此原則時,要套用的 [治理]**** 動作。Select Governance actions to apply when an app matches this policy. 原則可標記為獲批准的待批准的或自訂標籤。It can tag policies as Sanctioned, Unsanctioned, or a custom tag.

  9. 按一下 [建立]。Click Create.

注意

  • 新建立的探索原則 (或具有更新連續報告的原則) 在每個連續報告的每個應用程式90天內觸發警示,不論相同應用程式是否有現有的警示。Newly created discovery policies (or policies with updated continuous reports) trigger an alert once in 90 days per app per continuous report, regardless of whether there are existing alerts for the same app. 比方說,如果您建立一個原則來探索新的熱門應用程式,它可能會針對已探索併發出警示的應用程式觸發額外的警示。So, for example, if you create a policy for discovering new popular apps, it may trigger additional alerts for apps that have already been discovered and alerted on.
  • 來自 快照集報表 的資料不會在應用程式探索原則中觸發警示。Data from snapshot reports do not trigger alerts in app discovery policies.

例如,如果您想要探索雲端環境中具風險的託管應用程式,請依下列方式設定您的原則︰For example, if you're interested in discovering risky hosting apps found in your cloud environment, set your policy as follows:

設定原則篩選以探索託管服務類別中風險分數為 1 的服務,表示這些服務有高風險。Set the policy filters to discover any services found in the hosting services category, and that have a risk score of 1, indicating they're highly risky.

設定閾值,以對在底部找到的某個應用程式觸發警示。Set the thresholds that should trigger an alert for a certain discovered app at the bottom. 例如,只有在超過 100 位環境中的使用者使用應用程式,而且他們從服務中下載了一定的資料量時,才發出警示。For instance, alert only if over 100 users in the environment used the app and if they downloaded a certain amount of data from the service. 此外,您可以設定想要接收的每日警示限制。Additionally, you can set the limit of daily alerts you wish to receive.

應用程式探索原則範例app discovery policy example

Cloud Discovery 異常偵測Cloud Discovery anomaly detection

Cloud App Security 會搜尋 Cloud Discovery 的所有記錄檔是否有異常。Cloud App Security searches all the logs in your Cloud Discovery for anomalies. 例如,有位使用者之前從未使用過 Dropbox,但突然上傳了 600 GB 的資料,或者特定應用程式出現了比平常多很多的交易量。For instance, when a user, who never used Dropbox before, suddenly uploads 600 GB to it, or when there are a lot more transactions than usual on a particular app. 根據預設,會啟用異常偵測原則。The anomaly detection policy is enabled by default. 不需要設定新的原則,異常偵測就會執行。It's not necessary to configure a new policy for it to work. 但您可以在預設原則中,微調您希望收到相關警示的異常類型。However, you can fine-tune which types of anomalies you want to be alerted about in the default policy.

  1. 在主控台中,依序按一下 [控制]**** 和 [原則]****。In the console, click on Control followed by Policies.

  2. 按一下 [建立原則]**** ,然後選取 [Cloud Discovery 異常偵測原則]****。Click Create policy and select Cloud Discovery anomaly detection policy.

    Cloud Discovery 異常偵測原則功能表cloud discovery anomaly detection policy menu

  3. 為您的原則提供名稱及描述。Give your policy a name and description. 如果您想的話,也可以範本為依據。如需原則範本的詳細資訊,請參閱使用原則控制雲端應用程式If you want, you can base it on a template, For more information on policy templates, see Control cloud apps with policies.

  4. 若要設定有哪些已探索到的應用程式會觸發此原則,請按一下 [新增篩選]****。To set which discovered apps trigger this policy, click Add filters.

    篩選會從下拉式清單中選擇。The filters are chosen from drop-down lists. 若要新增篩選,請按一下加號按鈕。To add filters, click the plus button. 若要移除篩選,請按一下 [X]。To remove a filter, you click the 'X'.

  5. 在 [套用至]**** 下選擇此原則要套用 [所有連續報告]**** 或 [特定連續報告]****。Under Apply to choose whether this policy applies All continuous reports or Specific continuous reports. 選取原則要套用至使用者IP 位址,或兩者皆是。Select whether the policy applies to Users, IP addresses, or both.

  6. 在 [只對下列日期以後發生的可疑活動引發警示]**** 下選取發生異常活動的日期,來觸發警示。Select the dates during which the anomalous activity occurred to trigger the alert under Raise alerts only for suspicious activities occurring after date.

  7. 在 [警示]**** 下設定每日警示限制Set a Daily alert limit under Alerts. 選取警示要以電子郵件或簡訊傳送,或兩者皆是。Select whether the alert is sent as an email, a text message, or both. 接著,依據需要提供手機號碼及電子郵件地址。Then provide phone numbers and email addresses as needed.

    • 按一下 [將警示設定儲存為組織的預設]****,讓日後的原則可以使用該設定。Clicking Save alert settings as the default for your organization enables future policies to use the setting.
    • 如果您有預設的設定,可以選取 [使用組織的預設設定]****。If you have a default setting, you can select Use your organization's default settings.
  8. 按一下 [建立]。Click Create.

新的異常行為探索原則new discovery anomaly policy

下一步Next steps

若您遇到任何問題,我們隨時提供協助。If you run into any problems, we're here to help. 若要取得產品問題的協助或支援,請建立支援票證To get assistance or support for your product issue, please open a support ticket.