Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR allows your team members to understand why a file upload was blocked by Enterprise DLP and enables self-service temporary exemptions for file uploads that match your Enterprise DLP data profiles. Enterprise DLP End User Alerting with Cortex XSOAR provides an audit trail to better understand the upload and response history for every file scanned by the DLP cloud service. Additionally, enabling End User Alerting with Cortex XSOAR prevents malware triggered uploads because an affirmative action is required to request an exemption.

Enterprise DLP End User Alerting with Cortex XSOAR requires integration with the Enterprise DLP application. You can view responses to file uploads that match your data filtering profiles and data profiles on supported applications only. For some applications, End User Alerting with Cortex XSOAR requires IP mapping to email addresses to furnishing exemption queries to your team members. After you successfully integrate Enterprise DLP with Cortex XSOAR and configure the exemption duration, the team member who uploads a matched file is presented with an automated message to confirm if the file includes sensitive data that triggers a block verdict from the DLP cloud service. If the team member responds that the file does contain sensitive data, they’re given the option request a temporary exception for the specific file.

The Enterprise DLP cloud service preserves the response history for all scanned files after End User Alerting with Cortex XSOAR is enabled. For example, your team member uploads file_A.pdf that matches a data profile match criteria. The team member is prompted to confirm if the file contains sensitive information, to which they answer Yes and request an exemption. A few days later, the team member uploads file_A.pdf again. This time they’re only prompted to request an exemption because the DLP cloud service is already aware of the file response history.