Enterprise DLP
Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR
Table of Contents
Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR
Cortex XSOAR
Request an exemption for an uploaded file using the
Enterprise Data Loss Prevention (E-DLP)
Bot on
Slack.Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
After you Set Up Enterprise DLP End User Alerting with Cortex XSOAR and a file upload matches your data
profile, the team member who uploaded the file is automatically alerted on Slack to
confirm whether the file they uploaded contains sensitive information.
The DLP cloud service maintains a response history for all files that trigger End User Alerting
with
Cortex XSOAR
based on your response.- Confirmed Sensitive- End user confirmed thatYes,, the file contains sensitive data butNo, the end user didn’t request an exemption.For all future uploads of the file, the file upload remains blocked and end users aren’t prompted to request for an exemption.
- Exception Requested- End user confirmed thatYes, the file contains sensitive data andYes, the end user requested an exemption.For all future uploads of the file, end users aren’t prompted to confirm the file contains sensitive data but are prompted to request for an exemption.
- Confirmed False Positive- End user confirmed thatNo, the file doesn’t contain sensitive data.For all future uploads of the file, the file uploads remain blocked and end users aren’t prompted to confirm if the file contains sensitive data.
This procedure assumes you have already created a data profile and have successfully set up
Enterprise DLP
End User Alerting with Cortex XSOAR
. - Upload a file containing sensitive data that matches a data profile.
- On Slack, theEnterprise DLPBot sends an automated message to the team member who uploaded the file containing sensitive data.SelectYesto confirm that the uploaded file containing sensitive data and to request an exemption.SelectNoto confirm that the uploaded files doesn’t contain sensitive data and flag the file as afalse positive. If you selectNo, the file remains as blocked for any future upload of the same file. You will receive confirmation for theEnterprise DLPBot that your response was successfully received.
- If you selectedYesand the file contains sensitive information, selectYeswhen prompted to request a temporary exemption for the uploaded file.SelectNoif you don’t want to request a temporary exemption for the file. The file upload remains blocked.Skip this step if you selectedNoin the previous step and the file doesn’t contain sensitive data.
- TheEnterprise DLPBot confirms that the exemption was granted.You can now reupload the file as needed for the length of theExemption Duration.
