Skip to main content

Welcome to our updated site!

Skyhigh Security

Activity Type or Category Rules

  1. Last updated
  2. Save as PDF

IMPORTANT: Activity Type or Category and Activity Count are mandatory rules to complete your custom anomaly rule statement. The Incomplete Rule message will be displayed if these rules are not added.

The Activity Type or Category rule allows you to detect and monitor the type of user activities in the service. You can also define the rule with other parameters such as Activity Count, Device ID, Source IP, Location, and more. Anomalies are triggered when a user performs the configured activity on a service that exceeds the expected activity count. 

The Activity Types or Category displays the list of activities, you can select or deselect the required activity type from the list.
clipboard_ecda7a8de1682a9c15ad654da18ee7b8f.png

The following are some of the use cases for the Activity Type/Category rules:

Use Case 1: Suppose you want to be notified when a user is performing more than 15 administration activities in a day on AWS. 

To configure this rule:

  1. Go to Incidents > Anomalies > Anomaly Settings.
  2. Click Actions > Create a Custom Anomaly.
  3. On the Name & Scope page, enter a name, description, services, and users. 
  4. On the Rules & Exceptions page, select Activity Type or Category from the list. For example, Administration.
    clipboard_e2678b8bad6edefcc088b647c674f8744.png
  5. Click AND to:
    • Enter a value for Activity Count is greater than or equal to. For example, 15.
    • Set the Duration for a custom anomaly detection. For example, Daily.
  6. Click THEN to create an Anomaly and select a Severity. For example, Major.
  7. Click Next.
  8. Review the custom anomaly rule and click Save

Use Case 2: Suppose you want to be notified when a user fails to log in to Salesforce outside of India, or Indonesia and attempts to log in more than five times a day. 

To configure this rule:

  1. On the Name & Scope page, enter a name, description, services, and users. 
  2. On the Rules & Exceptions page, select Activity Type or Category from the list. For example, Login Failure.
  3. Click AND to:
    • Enter a value for Activity Count is greater than or equal to. For example, 5.
    • Set the Duration for a custom anomaly detection. For example, Daily.
  4. Click THEN to create an Anomaly and select a Severity. For example, Critical.
  5. Click EXCEPT and select location as an exception. For example, India and Indonesia.
    clipboard_ea923c2034e5ba02cb0cbb05fb835ac0e.png
  6. Click Next.
  7. Review the custom anomaly rule and click Save
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Anomalies
    Types
    Article type
    Topic
  2. Tags
    This page has no tags.