Oct 10 2022 01:53 AM
Can we monitor cloud platform security while we do not actively monitor (and protect) user activity for the connected Cloud app?
In preparation for the MDCA roll-out, I want our SecOps teams to be informed about the misconfiguration of Cloud apps. But, for now, we do not want to create events about usage.
Is this possible? For example, by connecting the Cloud app via an API but excluding all users from monitoring (based on the scoped deployment practice)? Will this allow the MDCA feature to discover issues in the configuration, or are those only triggered based on users' activity?
Oct 10 2022 08:35 AM
Hi @RVC,
I would expect if using a scoped deployment that will limit activities that are ingested but shouldn't impact misconfiguration details available through SSPM.
Oct 10 2022 10:12 AM
and with not impact you mean; misconfiguration will not detect OR it should be no issue to find them?
Oct 10 2022 10:36 AM
@RVC I would still expect to see SSPM recommendations even with a scoped deployment.