• Cloud App Security
• Understanding Cloud App Security
• Configuring Cloud App Security
  • Subscribing to Cloud App Security
  • Activating Cloud Applications for Cloud App Security
  • Activating Citrix ShareFile for Cloud App Security
• Managing Quarantine for Citrix ShareFile
  • Setting Up a Quarantine Folder for Citrix ShareFile
  • Using the Quarantine Page
  • Using the Quarantined File Creator Dashboard
  • Using the User Dashboard for Citrix ShareFile
  • Managing Restore Requests
• Using the SonicWall Cloud App Security Dashboard
  • Using the Security Events Widgets
    • Changing a Security Event Widget to an Alert or Custom Query
    • Resetting a Security Event Widget
    • Hiding a Security Event Widget
    • Configuring Security Event Widget Custom Queries
    • Adjusting the Time Scale
  • Viewing the Summary of Security Events
  • Viewing Login Events
  • Viewing Secured Applications
  • Viewing the Scanned Files Summary
• Managing Security Events
  • Using the Security Event Graphs
    • Viewing Security Events by Severity
    • Viewing Security Events by State
    • Viewing Security Events by Cloud Application
  • Viewing and Acting on Security Events
    • Removing Filters
    • Acting on Security Events
  • Managing Multiple Events
• Managing Policies
  • Understanding Cloud App Security Policies
    • Monitor only
    • Detect and Prevent
  • Creating New Policy Rules
    • Creating Data Leak Protection Policy Rules
    • Creating Malware Policy Rules
    • Creating Threat Detection Policy Rules
    • Creating Custom Query Policies
  • Stopping Policy Rules
  • Removing Policy Rules
• Using Data Leak Protection
  • Configuring Data Leak Protection Detection Rules
  • Reactivating Data Leak Protection
  • Predefined Data Leak Protection Policy Rules
    • Global Rules
    • Credentials and Secrets
    • Predefined Data Leak Protection Rules for Specific Countries
      • Argentina
      • Australia
      • Belgium
      • Brazil
      • Canada
      • Chile
      • China
      • Columbia
      • Denmark
      • Finland
      • France
      • Germany
      • Hong Kong
      • India
      • Indonesia
      • Ireland
      • Israel
      • Italy
      • Japan
      • Korea
      • Mexico
      • The Netherlands
      • Norway
      • Paraguay
      • Peru
      • Poland
      • Portugal
      • Singapore
      • Spain
      • Sweden
      • Taiwan
      • Thailand
      • Turkey
      • United Kingdom
      • United States
      • Uruguay
      • Venezuela
• Using Cloud App Security Analytics
  • Viewing the Summary Report
  • Viewing the Weekly Reports
  • Viewing Citrix ShareFile Analytics
  • Viewing Shadow SaaS Analytics
  • Viewing and Creating Custom Queries
    • Creating Custom Queries
    • Adding Custom Queries to the Dashboard
• Configuring Cloud Applications in the Cloud App Store
  • Configuring Citrix ShareFile for Cloud App Security
  • Re-Authorizing Cloud Applications
• Managing Security Applications in the Security App Store
  • Starting Security Applications
  • Stopping Security Applications
• Managing Security Tool Exceptions
• Using the System Log
  • Viewing the System Log
  • Exporting the System Log
• Managing Cloud App Security Licenses
  • Adding Administrator Users
  • Adding Read-Only Users
  • Unassigning Cloud App Security Licenses
• SonicWall Support
  • About This Document

Creating Threat Detection Policy Rules

To create a Threat Detection policy rule

1. In the Rule Name field, enter the name you want to use to identify the rule.
2. From the Mode dropdown list, select the mode in which you want the DLP policy rule to operate:
   • Monitor only
   • Detect and Prevent
3. In the Scope section, either:
   • Select All users and groups (all licensed users) to have the policy rule either apply to all users.
   • In the Specific users and groups list, select the specific users or user groups to which the policy should apply or be excluded from being applied.
4. In the Advanced > Security Tools section:
   1. Select All running threat detection tools to use all of the activated Security Tools. (This is on by default.) If you unselect this option, you can then select which specific Security Tools are used.
   2. Click Ok.
5. In the Advanced > Alerts section:
   1. Select Send Email alert to… to notify specific users sharing the file when a possible threat is detected.
      • Click the gears icon to modify the email message sent to the users.
   2. Select Send email alert to admin(s) about malware to notify administrators when a possible threat is detected.
      • Click the gears icon to modify the email message sent to administrators.
      • Click the users icon to select which administrators should receive the message.
   3. Select Alert recipient to inform the recipient of the message when a possible threat is detected.
      • Click the gears icon to modify the email message sent to the recipient.
6. Click Save and Apply.