Which Response Rules can be used with Data-at-Rest versus Data-in-Motion?

Products

Data Loss Prevention Cloud Detection Service

Issue/Introduction

The DLP Cloud Detection Service has multiple options for Response Rules, some of which can only be utilized with specific applications or connectors.

Cause

Information about the list of applications that CASB supports for the various Enforce response actions is included within each response action link in the online help. This is available from within Enforce – via Online Help.

Environment

DLP 14.6+ or v15.0

Resolution

The following distinctions should be made when authoring policies:

Data-at-Rest (DAR) policies only apply to CloudSOC Securlets
Data-in-Motion (DIM) policies only apply to CloudSOC Gatelets

Below detail is from the Online help page for this topic, "Configuring response rule actions".

DAR actions available in both v14.6 and v15.x
Data-at-Rest (DAR)	Custom Action on Data-at-Rest	See Configuring the Custom Action on Data-at-Rest action
Data-at-Rest (DAR)	Delete Data-at-Rest	See Configuring the Delete Data-at-Rest action
Data-at-Rest (DAR)	Encrypt Data-at-Rest	See Configuring the Encrypt Data-at-Rest action
Data-at-Rest (DAR)	Perform DRM on Data-at-Rest	See Configuring the Perform DRM on Data-at-Rest action
Data-at-Rest (DAR)	Quarantine Data-at-Rest	See Configuring the Quarantine Data-at-Rest action
Data-at-Rest (DAR)	Remove Shared Links in Data-at-Rest*	See Configuring the Break Links in Data-at-Rest action
Data-at-Rest (DAR)	Tag Data-at-Rest	See Configuring the Tag Data-at-Rest action
	*This action is named “Break Links in Data-at-Rest” action in v14.6.
DAR actions available in v15.x
Data-at-Rest (DAR)	Prevent download, copy, print*	See Configuring the Prevent download, copy, print action
Data-at-Rest (DAR)	Remove Collaborator Access*	See Configuring the Remove Collaborator Access action
Data-at-Rest (DAR)	Set Collaborator Access to 'Edit'*	See Configuring the Set Collaborator Access to 'Edit' action
Data-at-Rest (DAR)	Set Collaborator Access to 'Preview'*	See Configuring the Set Collaborator Access to 'Preview' action
Data-at-Rest (DAR)	Set Collaborator Access to 'Read'*	See Configuring the Set Collaborator Access to 'Read' action
Data-at-Rest (DAR)	Set File Access to 'All Read'*	See Configuring the Set File Access to 'All Read' action
Data-at-Rest (DAR)	Set File Access to 'Internal Edit'*	See Configuring the Set File Access to 'Internal Edit'
Data-at-Rest (DAR)	Set File Access to 'Internal Read'*	See Configuring the Set File Access to 'Internal Read' action

DIM actions available in v15.x
Data-in-Motion (DIM)	Add two-factor authentication*	See Configuring the Add two-factor authentication action
Data-in-Motion (DIM)	Block Data-in-Motion	See Configuring the Block Data-in-Motion action
Data-in-Motion (DIM)	Custom Action on Data-in-Motion	See Configuring the Custom Action on Data-in-Motion action
Data-in-Motion (DIM)	Encrypt Data-in-Motion	See Configuring the Encrypt Data-in-Motion action
Data-in-Motion (DIM)	Perform DRM on Data-in-Motion	See Configuring the Perform DRM on Data-in-Motion action
Data-in-Motion (DIM)	Quarantine Data-in-Motion	See Configuring the Quarantine Data-in-Motion action
Data-in-Motion (DIM)	Redact Data-in-Motion	See Configuring the Redact Data-in-Motion action

*Actions marked are available in v14.6, via "Custom Action" configuration – see Related Articles link to TECH248924.