Respond to Blocked Traffic Using Enterprise DLP End User Alerting with
Cortex XSOAR
Request an exemption for an uploaded file using the
Enterprise Data Loss Prevention (E-DLP)
Bot on
Slack.
Where Can I Use This?
What Do I Need?
NGFW (Managed by Panorama)
Prisma Access (Managed by Strata Cloud Manager)
SaaS Security
NGFW (Managed by Strata Cloud Manager)
Enterprise Data Loss Prevention (E-DLP)
license
NGFW (Managed by Panorama)
—Support and
Panorama
device management licenses
Prisma Access (Managed by Strata Cloud Manager)
—
Prisma Access
license
SaaS Security
—
SaaS Security
license
NGFW (Managed by Strata Cloud Manager)
—Support and
AIOps for NGFW Premium
licenses
Or any of the following licenses that include the
Enterprise DLP
license
Prisma Access
CASB license
Next-Generation
CASB for Prisma Access and NGFW (CASB-X)
license
Data Security
license
After you Set Up Enterprise DLP End User Alerting with Cortex XSOAR and a file upload matches your data
profile, the team member who uploaded the file is automatically alerted on Slack to
confirm whether the file they uploaded contains sensitive information.
The DLP cloud service maintains a response history for all files that trigger End User Alerting
with
Cortex XSOAR
based on your response.
Confirmed Sensitive
- End user confirmed that
Yes,
, the file contains sensitive data but
No
, the end user didn’t request an exemption.
For all future uploads of the file, the file upload remains blocked and end users aren’t prompted
to request for an exemption.
Exception Requested
- End user
confirmed that
Yes
, the file contains sensitive data
and
Yes
, the end user requested an exemption.
For all future uploads of the file, end users aren’t prompted to confirm the file contains
sensitive data but are prompted to request for an exemption.
Confirmed False Positive
- End user confirmed that
No
, the file doesn’t contain sensitive data.
For all future uploads of the file, the file uploads remain blocked and end users aren’t prompted
to confirm if the file contains sensitive data.
This procedure assumes you have already created a data profile and have successfully set up
Enterprise DLP
End User Alerting with
Cortex XSOAR
.
Upload a file containing sensitive data that matches
a data profile.
On Slack, the
Enterprise DLP
Bot sends an automated message to the team
member who uploaded the file containing sensitive data.
Select
Yes
to confirm that the uploaded file
containing sensitive data and to request an exemption.
Select
No
to confirm that the uploaded files doesn’t
contain sensitive data and flag the file as a
false
positive
. If you select
No
, the
file remains as blocked for any future upload of the same file. You will
receive confirmation for the
Enterprise DLP
Bot that your response was
successfully received.
If you selected
Yes
and the file
contains sensitive information, select
Yes
when prompted
to request a temporary exemption for the uploaded file.
Select
No
if you don’t want to request a temporary exemption for the file.
The file upload remains blocked.
Skip this step if you selected
No
in the previous step and the file
doesn’t contain sensitive data.
The
Enterprise DLP
Bot confirms that the exemption was granted.
You can now reupload the file as needed for the length of the