Data rules protect your environment against malware and enable data classification. To create a data rule:
Navigate to Posture Management → Rules & Policies → Rules → Cloud Security.
Select Create Rule → Data.
In the Overview step, provide the following:
Enter a Rule Name and Description.
Select a Severity. Findings generated by this rule will inherit this severity.
(Optional) Add Labels.
(Optional) Enable Remediation using the toggle. In a later step, you'll enter the remediation instructions.
Click Next.
On the Rule Logic page, you can select options to build your data rule.
Click Select and choose from the list of supported data assets categories such as database, disk, bucket.
Click WHERE to choose from the attributes of the asset. Depending on the asset category you selected in the above step the list of attributes displayed will vary. For example, you can select FIND Bucket WHERE Type and Select values = S3 bucket.
Click + to select the Findings such as Configuration Finding, Data Finding, Identity Finding, and so on.
Click WHERE to choose from the attributes of the finding. Depending on the finding you selected in the above step the list of attributes displayed will vary.
Once the logic is defined, click Search to test the rule against your current environment and view potential findings.
Click Next to define Remediation instructions (if you had turned on Enable Remediation in the Overview step) or click Done to save your rule.