Which Response Rules can be used with Data-at-Rest versus Data-in-Motion?

book

Article ID: 170889

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service

Issue/Introduction

The DLP Cloud Detection Service has multiple options for Response Rules, some of which can only be utilized with specific applications or connectors.

Cause

Information about the list of applications that CASB supports for the various Enforce response actions is included within each response action link in the online help. This is available from within Enforce – via Online Help.

Environment

DLP 14.6+ or v15.0

Resolution

The following distinctions should be made when authoring policies:

  • Data-at-Rest (DAR) policies only apply to CloudSOC Securlets
  • Data-in-Motion (DIM) policies only apply to CloudSOC Gatelets

 

Below detail is from the Online help page for this topic, "Configuring response rule actions".

 

DAR actions available in both v14.6 and v15.x

Data-at-Rest (DAR)

Custom Action on Data-at-Rest

See Configuring the Custom Action on Data-at-Rest action

Data-at-Rest (DAR)

Delete Data-at-Rest

See Configuring the Delete Data-at-Rest action

Data-at-Rest (DAR)

Encrypt Data-at-Rest

See Configuring the Encrypt Data-at-Rest action

Data-at-Rest (DAR)

Perform DRM on Data-at-Rest

See Configuring the Perform DRM on Data-at-Rest action

Data-at-Rest (DAR)

Quarantine Data-at-Rest

See Configuring the Quarantine Data-at-Rest action

Data-at-Rest (DAR)

Remove Shared Links in Data-at-Rest*

See Configuring the Break Links in Data-at-Rest action

Data-at-Rest (DAR)

Tag Data-at-Rest

See Configuring the Tag Data-at-Rest action

 

*This action is named “Break Links in Data-at-Rest” action in v14.6.

DAR actions available in v15.x

Data-at-Rest (DAR)

Prevent download, copy, print*

See Configuring the Prevent download, copy, print action

Data-at-Rest (DAR)

Remove Collaborator Access*

See Configuring the Remove Collaborator Access action

Data-at-Rest (DAR)

Set Collaborator Access to 'Edit'*

See Configuring the Set Collaborator Access to 'Edit' action

Data-at-Rest (DAR)

Set Collaborator Access to 'Preview'*

See Configuring the Set Collaborator Access to 'Preview' action

Data-at-Rest (DAR)

Set Collaborator Access to 'Read'*

See Configuring the Set Collaborator Access to 'Read' action

Data-at-Rest (DAR)

Set File Access to 'All Read'*

See Configuring the Set File Access to 'All Read' action

Data-at-Rest (DAR)

Set File Access to 'Internal Edit'*

See Configuring the Set File Access to 'Internal Edit'

Data-at-Rest (DAR)

Set File Access to 'Internal Read'*

See Configuring the Set File Access to 'Internal Read' action

     

DIM actions available in v15.x

Data-in-Motion (DIM)

Add two-factor authentication*

See Configuring the Add two-factor authentication action

Data-in-Motion (DIM)

Block Data-in-Motion

See Configuring the Block Data-in-Motion action

Data-in-Motion (DIM)

Custom Action on Data-in-Motion

See Configuring the Custom Action on Data-in-Motion action

Data-in-Motion (DIM)

Encrypt Data-in-Motion

See Configuring the Encrypt Data-in-Motion action

Data-in-Motion (DIM)

Perform DRM on Data-in-Motion

See Configuring the Perform DRM on Data-in-Motion action

Data-in-Motion (DIM)

Quarantine Data-in-Motion

See Configuring the Quarantine Data-in-Motion action

Data-in-Motion (DIM)

Redact Data-in-Motion

See Configuring the Redact Data-in-Motion action

 

 

 

 

*Actions marked are available in v14.6, via "Custom Action" configuration – see Related Articles link to TECH248924.