Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Resources > Cloud resources
Cloud resources
Cloud applications resources are instances of cloud application types (such as Office365) that can be defined as destinations of sensitive data rules. These resources are available only to customers who have Forcepoint DLP version 8.7.1 or later, and a Forcepoint DLP Cloud Applications license.
Use the Main > Policy Management > Resources > Cloud Applications page in the Data Security module of the Forcepoint Security Manager to view a list of cloud applications.
Administrators can add and edit cloud applications that support DLP Cloud API and Cloud Data Discovery, but not DLP Cloud Proxy. All cloud applications that support DLP Cloud Proxy are defined in the Forcepoint CASB portal, and are automatically displayed on this page. The page also includes links to the CASB portal, where custom policies can be configured, or applications can be completely removed.
The Show/Hide Columns button enables control of the columns to display, including:
*
Application Name
*
Application Type
*
Description
*
DLP Cloud API Status
*
DLP Cloud Proxy Status
*
Cloud Data Discovery Status
To add a cloud application that supports DLP Cloud API and Cloud Data Discovery:
1.
Click the Add button at the top of the page.
The Add DLP Cloud Application window appears, displaying a list of all the available cloud application types defined in the system.
 
* 
Note 
*
Pop-up blockers may prevent this page from opening. If this occurs, disable the pop-up blocker and try again.
*
It might take a while for the tab to open. Wait for the tab to load, and then complete the steps below. Do not close the page while it is still loading.
2.
Select an application type, and then click OK.
The application is added to the list of application resources.
To edit a cloud application:
1.
Click the name of the application in the Application Name column.
The Cloud Application Properties window appears in a new browser tab.
For more information on managing these properties, see Forcepoint CASB Administration Guide, "Managing Service Assets".
2.
Enter a descriptive Application name and Service description to help administrators manage the service.
3.
Under Connection, enter the Key and Secret to enable a connection to the selected cloud application, then click Configure Connection.
The Cloud Applications service uses the connection to retrieve activity logs, scan files at rest, and retrieve user lists. It does not store the user credentials.
4.
Under Service Type, specify whether or not to Enable activity import and allow the Cloud Applications service to access and import user activity logs for the selected cloud application.
5.
Under Mitigation, configure an Archive folder within the cloud service for files moved or copied in response to a DLP incident.
6.
Under Quarantine, optionally configure messages than can be left in place of quarantined files to explain to users that their file has been moved.
Click Test Connection to verify that the message file can be copied to the cloud application.
7.
To save the changes, click OK.
*
The new application is added to the cloud applications list, which shows the application's name, type, description, and status.
*
The Edit link opens the properties window in the CASB portal, which can be used to update configuration for the application.
Repeat these steps as many times as needed to enable the CASB service for each cloud application to which DLP policies will be applied.
Error handling
The following are instructions and recommendations for some of the errors you might encounter:
Error message
Details
Handling
No CASB policy is defined, or a CASB policy is configured incorrectly. Enable the CASB policy and select either Download or Upload user action in the CASB portal.
In DLP Cloud Proxy Status column
In the CASB portal do one of the following:
*
Create and enable a Forcepoint Data Security DLP Policy, and select a user action (Upload, Download)
*
Create a custom policy with a Forcepoint DLP predicate, and select a user action (Upload, Download)
Without one of these configurations, no transaction is sent by DLP to data inspection.
For more information, see the Forcepoint CASB documentation.
CASB gateway doesn't exist. Contact Forcepoint support.
One of the following issues might have occurred:
*
No CASB Gateway was installed (needed to support DLP Cloud Proxy)
*
CASB license has expired, and the CASB Gateway was therefore removed.
Contact Forcepoint Technical Support.
Endpoint resources
These resources are only available to accounts with a Forcepoint DLP Endpoint subscription.
*
Endpoint Devices may be the source or destination of sensitive data.
*
Endpoint Applications may be a source or destination of sensitive data on endpoint machines.
*
Endpoint Application Groups may be a source or destination of sensitive data on endpoint machines.
*
Endpoint Printers may be a source or destination of sensitive data.
 
* 
Important 
Note that Networks is not an available source for endpoint channels, even if they are defined in the system as a resource. This is not a bug.
Remediation resources
*
Action Plans define the action to take when a breach is discovered.
*
Remediation scripts define the external script to run when a breach is discovered. (Not available with all subscriptions.)
*
Notifications can be sent to a specific person or email alias when a breach is discovered.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Resources > Cloud resources
Copyright 2021 Forcepoint. All rights reserved.