You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/cloud-discovery-policies.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,8 +44,8 @@ Discovery policies enable you to set alerts that notify you when new apps are de
44
44
45
45
> [!NOTE]
46
46
>
47
-
> - Newly created discovery policies (or policies with updated continuous reports) trigger an alert once in 90 days per app per continuous report, regardless of whether there are existing alerts for the same app. So, for example, if you create a policy for discovering new popular apps, it may trigger additional alerts for apps that have already been discovered and alerted on.
48
-
> - Data from **snapshot reports**do not trigger alerts in app discovery policies.
47
+
> - Newly created discovery policies (or policies with updated continuous reports) trigger an alert once in 90 days per app per continuous report, regardless of whether there are existing alerts for the same app. So, for example, if you create a policy for discovering new popular apps, it might trigger additional alerts for apps that have already been discovered and alerted on.
48
+
> - Data from **snapshot reports**don't trigger alerts in app discovery policies.
49
49
50
50
For example, if you're interested in discovering risky hosting apps found in your cloud environment, set your policy as follows:
51
51
@@ -69,14 +69,14 @@ Defender for Cloud Apps searches all the logs in your cloud discovery for anomal
69
69
70
70
1. To set which discovered apps trigger this policy, select **Add filters**.
71
71
72
-
The filters are chosen from drop-down lists. To add filters, select **Add a filter**. To remove a filter, select the 'X'.
72
+
The filters are chosen from drop-down lists. To add filters, select **Add a filter**. To remove a filter, select the 'X.'
73
73
74
74
1. Under **Apply to** choose whether this policy applies **All continuous reports** or **Specific continuous reports**. Select whether the policy applies to **Users**, **IP addresses**, or both.
75
75
76
76
:::image type="content" source="media/apply-to-continous-reports.png" alt-text="Screenshot showing how to apply file polcies to specific continous reports" lightbox="media/apply-to-continous-reports.png":::
77
77
78
78
> [!IMPORTANT]
79
-
> When configuring an app discovery policy, selecting **Apply to > All continuous reports** generates individual alerts for each discovery stream, including the global stream. This results in multiple alerts, one from the global stream and additional alerts from each individual source. To customize your alerts, select **Apply to > Specific continuous reports** and choose only the relevant streams for your policy.\
79
+
> When you configure an app discovery policy and select **Apply to > All continuous reports**, multiple alerts are generated for each discovery stream, including the global stream which aggregates data from all sources. To control alert volume, select **Apply to > Specific continuous reports** and choose only the relevant streams for your policy.\
1. Select the dates during which the anomalous activity occurred to trigger the alert under **Raise alerts only for suspicious activities occurring after date.**
0 commit comments