Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR

Request an exemption for an uploaded file using the Enterprise data loss prevention (DLP) Bot on Slack.
After you Set Up the Enterprise DLP End User Alerting with Cortex XSOAR and a file upload matches your data profile, the team member who uploaded the file is automatically alerted on Slack to confirm whether the file they uploaded contains sensitive information.
The DLP cloud service maintains a response history for all files that trigger End User Alerting with Cortex XSOAR based on your response.
  • Confirmed Sensitive
    - End user confirmed that
    Yes,
    , the file contains sensitive data but
    No
    , the end user did not request an exemption.
    For all future uploads of the file, the file upload remains blocked and end users are not prompted to request for an exemption.
  • Exception Requested
    - End user confirmed that
    Yes
    , the file contains sensitive data and
    Yes
    , the end user requested an exemption.
    For all future uploads of the file, end users are not prompted to confirm the file contains sensitive data but are prompted to request for an exemption.
  • Confirmed False Positive
    - End user confirmed that
    No
    , the file does not contain sensitive data.
    For all future uploads of the file, the file uploads remain blocked and end users are not prompted to confirm if the file contains sensitive data.
This procedure assumes you have already created a data profile and have successfully set up Enterprise DLP End User Alerting with Cortex XSOAR.
  1. Upload a file containing sensitive data that matches a data profile.
  2. On Slack, the Enterprise DLP Bot sends an automated message to the team member that uploaded the file containing sensitive data.
    Select
    Yes
    to confirm that the uploaded file containing sensitive data and to request an exemption.
    Select
    No
    to confirm that the uploaded files does not contain sensitive data and flag the file as a
    false positive
    . If you select
    No
    , the file remains as blocked for any future upload of the same file. You will receive confirmation for the Enterprise DLP Bot that your response was successfully received.
  3. If you selected
    Yes
    and the file contains sensitive information, select
    Yes
    when prompted to request a temporary exemption for the uploaded file.
    Select
    No
    if you do not want to request a temporary exemption for the file. The file upload remains blocked.
    Skip this step if you selected
    No
    in the previous step and the file does not contain sensitive data.
  4. The Enterprise DLP Bot confirms that the exemption was granted.
    You can now re-upload the file as needed for the length of the
    Exemption Duration
    .

Recommended For You