Set Up Enterprise DLP End User Alerting with Cortex XSOAR for Microsoft Teams
Table of Contents
Set Up Enterprise DLP End User Alerting with Cortex XSOAR
for Microsoft Teams
Set up
Cortex XSOAR
to use Enterprise Data Loss Prevention (E-DLP)
End User Alerting for
Microsoft Teams.To set up
Enterprise Data Loss Prevention (E-DLP)
End User Alerting with Cortex XSOAR
and set up
automatic Microsoft Teams alerts, you need to set up integration with Microsoft
Teams and Enterprise DLP
with Cortex XSOAR
. This is integration allows
the DLP cloud service to automate sending Microsoft Teams messages to team members
who upload a file that matches your data profiles. After you successfully integrate Microsoft Teams and
Enterprise DLP
with Cortex XSOAR
, you need to enable End User Alerting with Cortex XSOAR
functionality on
the DLP app on the hub or on Prisma Access
(Cloud Management)
and configure the End User Alerting
settings as needed.- Set up the prerequisites needed to begin integrating Microsoft Teams withCortex XSOAR.
- Integrate Microsoft Teams withCortex XSOAR.You can use one of the following methods based on your preferences.
- Create the API access token.
- DLP app on the hub
- Log in to the DLP app on the hub.If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
- SelectAPIandCreate Token.
- Enter a descriptiveToken NameandCreatethe access token.
- Copy theAccess TokenandRefresh Tokenand save them in a secure location.
- Prisma Access (Cloud Management)
- Select andCreate Token.
- Enter a descriptiveToken NameandCreatethe access token.
- Copy theAccess TokenandRefresh Tokenand save them in a secure location.The access and refresh tokens are displayed only once after initial creation and can’t be viewed again. If you lose the access or refresh tokens, you must create a new access token.
- EnableEnterprise DLPonCortex XSOAR.
- OnCortex XSOAR, select and search forEnterprise DLP.
- InstalltheEnterprise DLPcontent pack.
- Select and search forEnterprise DLP.ClickAdd Instanceto integrateEnterprise DLP. See Integrate Enterprise DLP on XSOAR for more information.
- Select a descriptiveName.
- Add theAccess TokenandRefresh Tokenyou created in the previous step.
- Check (enable)Long running instance.
- (Optional) Add any data profiles to exclude from End User Alerting.Files that match data profiles added here aren’t offered block exemptions to the user who uploaded the file.
- (Optional)Modify the automatedTeams Bot Message
- Testto confirmCortex XSOARhas successfully integrated withEnterprise DLP.ASuccessis displayed whenCortex XSOARsuccessfully integrates withEnterprise DLP.
- Save & Exit.
- Confirm theCortex XSOARintegration withEnterprise DLP.
- Panorama (Next-Gen Firewalls) and Prisma Access (Panorama Managed)
- Log in to the DLP app on the hub.If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
- SelectSettingsand check (enable)Confirm the status for XSOAR Integration.
- Prisma Access (Cloud Management)
- Select and check (enable)Confirm the status for XSOAR Integration.
- Configure the End User Alerting withCortex XSOARexemption settings.
- Select and configure theExemption Duration.The file that prompted the End User Alerting withCortex XSOARnotification that was exempted can be uploaded for the duration of the exemption duration. The default is 12 hours.
- Select and configure whether toInclude Snippets in Message.You can selectOff(default) to not include a snippet of the sensitive data orOnto include a snippet of the sensitive data in the automated message on Microsoft Teams.