Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Rules to a CASB Profile

Configure rules for a Cloud Access Security Broker (CASB) profile to control specific actions that can be performed on each cloud application. Once you create the rules, associate the CASB profile with a Secure Edge policy. You can edit, delete, or clone a CASB profile rule. For more information on the common operations that you can perform on the CASB Rules Page, see About the CASB Rules Page.

Table 1 lists the Juniper Secure Edge supported cloud applications and their activities.

Table 1: Juniper Secure Edge Supported Cloud Applications and their Activities

Cloud Application

Supported Activities

Group: Chat

Microsoft Teams

Login, Chat, Audio/Video, and FileTransfer

Slack

Login, Chat, Audio/Video, and FileTransfer

Group: Cloud Storage

Amazon EFS

Upload, Download, Create, Delete, and Edit

Amazon S3

Upload, Download, Create, and Delete

Group: Email

Gmail

Login, Read, Compose, Send, UploadAttachment, and DownloadAttachment

Group: File Sharing

Box

Login, Upload, Download, and Share

Dropbox

Login, Upload, Download, and Share

Google Docs

Login, Upload, Download, and Share

Microsoft OneDrive

Login, Upload, Download, and Share

Microsoft OneDrive Personal

Login, Upload, Download, and Share

Salesforce

Login, Upload, Download, and Share

SharePoint

Login, Upload, Download, and Share

Group: Source control

GitHub

Login, Upload, Download, Create, View, and CreateRepo

To add a rule to a CASB profile:

  1. Select Secure Edge > Security Subscriptions > CASB > CASB Profiles.
    The CASB Profiles page opens.
  2. Click + to create a CASB profile.
    The Create CASB Profile page opens.
  3. Click Add Rules or on the rule number available next to the column of your CASB profile name.

    The CASB Rules page opens.

  4. Click + if you have selected Add Rules.
  5. Complete the configuration according to the guidelines provided in Table 2.
  6. Click the tick icon on the right-side of the row once done with the configuration.

    After you create the rules, you can assign the CASB profile to a Secure Edge policy. Ensure to select the cloud application groups for the respective CASB-supported cloud applications. For more information on how to select the cloud application groups, see Security Subscriptions row in the Fields on the Secure Edge Policy Add Page table in Add a Secure Edge Policy Rule.

    For example, if your CASB profile covers Amazon EFS and Amazon S3 applications, choose casb-amazonefs-group and casb-amazons3-group respectively.

    Table 2: Fields on the CASB Rules Page

    Setting

    Guideline

    Seq

    Displays the rule number order.

    Name

    Enter a rule name.

    Name must begin with an alphanumeric character; colons, periods, slashes, dashes, and underscores are allowed; cannot exceed 29 characters.

    Cloud Applications

    Click + to configure rules to control access to the cloud applications for the CASB profile.

    Enter the following details:

    1. Type—Select Cloud application group or Cloud applications.

      If you select Cloud application group, do the following:

      1. Cloud application group—Select Any or an application group from the list to match all cloud application groups.

      2. Activities—Add activities to which the rule applies. Select Any to match all the activities or select Specific to choose one or more activities for the CASB profile rule. For example, the supported activities are Login, Upload, and Share.

      Note:

      There is no instance selection option for cloud application groups.

    2. If you select Cloud applications, do the following:

      1. Cloud applications—Select Any to match all cloud applications

        Select Specific to choose one or more cloud applications from the list for the CASB profile rule.

        To add a new cloud application, do the following after selecting Specific:

        1. Click +.

          The Add Cloud Application page opens.

        2. Cloud application—Select one of the cloud applications from the list.

        3. Activities—Add activities to which the rule applies. Select Any to match all the activities or select Specific to choose one or more activities for the CASB profile rule. For example, the supported activities are Login, Upload, and Share.

        4. Application instance—Select the application instance from the list. Or click + to create a new application instance.

          The Create Application Instance page opens.

          For more information on creating an application instance, see Create an Application Instance.

        5. Click OK and then click Close.

    3. Click OK.

    Action

    Select Deny or Permit to take an action when traffic matches the criteria.

    Options

    Enable or disable the activity logging option.

Related Documentation