Monitor SAAS for configuration flaws, while not actively monitor user behaviour


Can we monitor cloud platform security while we do not actively monitor (and protect) user activity for the connected Cloud app?


In preparation for the MDCA roll-out, I want our SecOps teams to be informed about the misconfiguration of Cloud apps. But, for now, we do not want to create events about usage.


Is this possible?  For example, by connecting the Cloud app via an API but excluding all users from monitoring (based on the scoped deployment practice)? Will this allow the MDCA feature to discover issues in the configuration, or are those only triggered based on users' activity?

3 Replies

Hi @RVC,


I would expect if using a scoped deployment that will limit activities that are ingested but shouldn't impact misconfiguration details available through SSPM.

and with not impact you mean; misconfiguration will not detect OR it should be no issue to find them?

@RVC I would still expect to see SSPM recommendations even with a scoped deployment.