Policies

Coro's Cloud Security module enables admin users to configure user access permissions for connected cloud applications and threat detection policies for specified users or user groups.

To configure cloud security policies:

1. Sign in to the Coro console .
2. From the sidebar, select to access the Control Panel .
3. Select Cloud Security :

   

4. Select the Policies tab:

   

Use this tab to configure:

• Access permissions
• Threat types

Access permissions

Coro supports the ability to set access permissions for connected cloud applications. Admin users with sufficient permissions can allow access to a cloud application based on whether a user meets a defined set of criteria.

Coro creates an Access permissions violation ticket if a user successfully logs into a protected service from an origin in violation of the configured access policy.

For Coro to monitor and report security issues, at least one cloud application must be connected.

To view the currently configured access permissions, select the Permitted Locations dropdown:

Coro displays each access permission policy, showing:

• Users : The users or user groups that this policy affects.
• Cloud app : The cloud application that this policy affects.
• Allowed countries/IPs : The locations (countries and/or US states) or IP addresses that this policy allows.
• Automatic Remediation : The type of automatic remediation Coro applies if a user attempts to access the named cloud application from a location or IP address not listed.

Configuring new access permissions

To configure new access permissions for a connected cloud application:

1. In Access Permissions , select + ADD POLICY :

   

   Coro displays the Create access policy dialog:

   

2. Select the cloud application for your policy:

   

   Select a connected cloud application, or select All connected apps to apply this policy to all connected applications.

3. In Allow access based on , select from the following options:
   • IP Address : Restricts access to a defined range of IP addresses. Enter the allowed IP addresses into the IP Addresses field and provide an optional short description:

     

   • Location : Restricts access to named countries or US states. Select either All Countries or USA States :

     warning

     US state permissions are independent of country permissions. You can select several countries and/or states. If United States is selected as a Country then permissions apply to all US states.

     

     Coro displays a list of countries or US states based on your selection. Select the US states and/or countries to allow access from:

     

4. Set the type of automatic remediation Coro should apply when a user that does not meet the permission criteria attempts to access the application:

   

   • None : No remediation steps are required.
   • Suspend : The user account is automatically suspended.
   • Sign out : The user is signed out.

   note

   In all cases, Coro creates a ticket to alert admin users to the event.

5. Select the users or groups to assign to this policy:

   

   • All Users : The new permission applies to protected and protectable users.
   • Specific Groups : The new permission applies to a named group within the corresponding cloud application.

     note

     When a user belongs to several groups, they inherit the collective permissions of all those groups.

   • Specific Users : The new permission applies to users within the application, specified by their email addresses.

     note

     You can assign access permissions to existing admin users within the corresponding cloud application.

6. Select SAVE PERMISSIONS to save your changes.

Editing and deleting existing access permissions

Admin users with sufficient permissions can edit and delete existing access permissions.

To edit or delete existing access permissions for a connected cloud service, select the corresponding action from the three-dot menu:

• Select Edit to change an existing access permission.
• Select Delete to remove an existing access permission.

Threat types

Coro supports the ability to create threat detection policies.

Coro creates a ticket for the named threat if a user violates the policy.

To view the currently configured threat detection policies, select the dropdown header for the policy type:

Coro displays each policy, showing:

• Users : The users or user groups that this policy affects.
• Automatic Remediation : The type of automatic remediation Coro applies if a user violates the policy.

Configuring new threat detection policies

To configure a new threat detection policy:

1. In Threat types , select + ADD POLICY :

   

   Coro displays the Add new threat detection policy dialog:

   

2. Select a threat type for the policy:

   

3. Set the type of automatic remediation Coro should apply when a user violates the policy:

   

   • None : No remediation steps are required.
   • Suspend : The user account is automatically suspended.
   • Sign out : The user is signed out..

   note

   In all cases, Coro creates a ticket to alert admin users to the event.

4. Select the users or groups to assign to this policy:

   

   • All Users : The policy applies to protected and protectable users.
   • Specific Groups : The policy applies to named user groups.
   • Specific Users : The policy applies to named users, specified by their email addresses.
5. Select SAVE to save your changes.

Editing and deleting existing threat detection policies

Admin users with sufficient permissions can edit and delete existing threat detection policies.

To edit or delete existing policies, select the corresponding action from the three-dot menu:

• Select Edit to change the settings in an existing policy.
• Select Delete to remove an existing policy.