About Enterprise DLP End User Alerting with Cortex XSOAR

About Enterprise DLP End User Alerting with Cortex XSOAR.
The Enterprise data loss prevention (DLP) End User Alerting with Cortex XSOAR allows your team members to understand why a file upload was blocked by Enterprise DLP and enables self-service temporary exemptions for file uploads that match your Enterprise DLP data profiles. The Enterprise DLP End User Alerting with Cortex XSOAR provides an audit trail to better understand the upload and response history for every file scanned by the DLP cloud service. Additionally, enabling End User Alerting with Cortex XSOAR prevents malware triggered uploads because an affirmative action is required to request an exemption.
Enterprise DLP End User Alerting with Cortex XSOAR requires an active XSOAR license and integration with the Enterprise DLP application. You can view responses to file uploads that match your data filtering profiles and data profiles on supported applications only. For some applications, End User Alerting with Cortex XSOAR requires IP mapping to email addresses to furnishing exemption queries to your team members. After you successfully integrate Enterprise DLP with XSOAR and configure the exemption duration, the team member who uploads a matched file is presented with an automated message to confirm if the file includes sensitive data that triggers a block verdict from the DLP cloud service. If the team member responds that the file does contain sensitive data, they are given the option request a temporary exception for the specific file.
If the team member responds that the file does not contain sensitive information, the DLP cloud service flags the file as a false positive. However, Enterprise DLP continues to block the file upload.
The Enterprise DLP cloud service preserves the response history for all scanned files after End User Alerting with Cortex XSOAR is enabled. For example, your team member uploads
file_A.pdf
that matches a data profile match criteria. The team member is prompted to confirm if the file contains sensitive information, to which they answer
Yes
and request an exemption. A few days later, the team member uploads
file_A.pdf
again. This time they are only prompted to request an exemption because the DLP cloud service is already aware of the file response history.

Recommended For You