Product Enhancement: DLP End User Alerting With Cortex XSOAR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

kiwi_3-1657722453291.png

 

 

The Enterprise Data Loss Prevention (DLP) End User Alerting with Cortex XSOAR allows users to understand why a file upload was blocked by Enterprise DLP, and enables self-service temporary exemptions for file uploads that match the users Enterprise DLP data profiles. 

 
This feature provides an audit trail to better understand the upload and response history for every file scanned by the DLP cloud service. Additionally, enabling End User Alerting with Cortex XSOAR prevents malware triggered uploads because an affirmative action is required to request an exemption.
 
This alert function requires an active XSOAR license and integration with the Enterprise DLP application. Make sure to check out the setup prerequisites and supported applications.
 
To set this up, first integrate Microsoft Teams and Enterprise DLP with Cortex XSOAR. For detailed step-by-step instructions, check out: Set Up Enterprise DLP End User Alerting with Cortex XSOAR for Microsoft Teams.
 
To set up automatic Slack alerts, you need to configure the Cloud Identity Engine to map IP addresses to emails to allow for automatic messages to be sent on Slack. For step-by-step instructions, check out Set Up Enterprise DLP End User Alerting with Cortex XSOAR for Slack.
 
Cloud Identity EngineCloud Identity Engine

 

 

 
After you Set Up the Enterprise DLP End User Alerting with Cortex XSOAR and a file upload matches your data profile, the team member who uploaded the file is automatically alerted on Slack to confirm whether the file they uploaded contains sensitive information. The DLP cloud service maintains a response history for all files that trigger End User Alerting with Cortex XSOAR based on your response. This procedure assumes you have already created a data profile and have successfully set up Enterprise DLP End User Alerting with Cortex XSOAR.  For detailed information check out Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR.
 
Enterprise DLP Bot on SlackEnterprise DLP Bot on Slack

 

 

The Enterprise data loss prevention (DLP) End User Alerting with Cortex XSOAR response history provides an audit trail for administrators to understand which end user uploaded a file containing sensitive data and how they responded to the Enterprise DLP Bot on Slack.  For step-by-step instructions and possible response statuses please refer to this TechDoc, "View the Enterprise DLP End User Alerting with Cortex XSOAR Response History."

 

MORE RESOURCES

 

 

Feel free to share your questions, comments and ideas in the section below.

 

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Stay secure!

Kiwi out

  • 3500 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels