Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Edit an Activity

When you edit an activity, you can edit the name of an activity, or more in-depth information, including Activity Categories.

To edit an activity:

  1. Go to Custom Apps > My Apps and click the App. 
  2. To the right of the activity, you want to edit, click Actions > Edit
  3. Under General Information, you can edit the following:
    • Name. Edit the name of the activity.
    • Description. Enter or edit an optional description.
    • Activity Category. Choose an Activity Category that describes the activity.
  4. Under Matching Rules, set or edit any of the following. Some fields can be converted to regex, which allows you to use wildcards (*) to make the field less specific.
    • URL. 
    • Host.
    • Path.
    • Query. 
    • Content-Type.
    • Method.
    • Object Identifier.
    • Generated Expression. 
  5. For Enable Policies, enable or disable for this activity:
    • Query Parameters Encryption
    • Data Loss Protection (DLP) and Cloud Access Policies

  6. Click Save.

Activity Categories

Activity Categories are the same as CSP Categories that are used with Anomalies. Skyhigh CASB automatically assigns Activity Categories when possible, but sometimes you'll need to manually add this information.

Activity Category Description of Activity Anomalies Triggered When
Data Access User accesses data A user accesses an abnormally large amount of data in an expected amount of time. This can represent a combined threshold of uploads and downloads or an abnormally large number of page views.
Data Download User downloads data A user downloads an abnormally large amount of data in the specified duration, exceeding the expected threshold.
Report Exclusion User creates or generates reports The report duration (of creation or generation) exceeds the expected threshold.
Data Sharing User shares data internally (within the organization) Anomalies are triggered if an abnormal amount of data is shared from one employee to another.
External Data Sharing User shares data externally An abnormal amount of data is shared outside your organization's CSP accounts (such as shares using an external link or public folder).
Data Updates User updates data An abnormally large amount of data is updated, edited, or changed.
Data Upload User uploads data An abnormally large amount of data is uploaded.
Service Usage User accesses a CSP The period of usage exceeds normal thresholds.
Data Delete User deletes data A large amount of data is deleted.


  • Was this article helpful?