View the Enterprise DLP End User Alerting with Cortex XSOAR Response History

View the response history for
Enterprise data loss prevention (DLP)
incidents.
The
Enterprise data loss prevention (DLP)
End User Alerting with
Cortex XSOAR
response history provides an audit trail for administrators to understand which end user uploaded a file containing sensitive data and how they responded to the
Enterprise DLP
Bot on Slack.
The possible response statuses are:
  • Pending Response
    - The automated
    Enterprise DLP
    Bot message was sent and is pending a response.
  • Confirmed Sensitive
    - End user confirmed that
    Yes
    , the file contains sensitive data but
    No
    , the end user didn’t request an exemption.
    For all future uploads of the file, the file upload remains blocked and end users aren’t prompted to request for an exemption.
  • Exception Requested
    - End user confirmed that
    Yes
    , the file contains sensitive data and
    Yes
    , the end user requested an exemption.
    For all future uploads of the file, end users aren’t prompted to confirm the file contains sensitive data but are prompted to request for an exemption.
  • Confirmed False Positive
    - End user confirmed that
    No
    , the file doesn’t contain sensitive data.
    For all future uploads of the file, the file uploads remain blocked and end users aren’t prompted to confirm if the file contains sensitive data.
  1. Log in based on the platform on which you’re using
    Enterprise DLP
    .
  2. Navigate to the
    Enterprise DLP
    Incidents.
    • Panorama (Next-Gen Firewalls) and Prisma Access (Panorama Managed)
      - In the DLP app, select
      Incidents
      .
    • Prisma Access (Cloud Management)
      - Select
      Logs
      DLP Incidents
      .
  3. In the Incidents section, view the Response Status for all file uploads.
    You can also
    Add New Filter
    to filter
    Enterprise DLP
    Incidents based on the
    Response Status
    .
  4. Click on the
    File
    name to view the detailed Response History for that specific file.
    The detailed response history includes the team member who uploaded the file and how they responded to the
    Enterprise DLP
    Bot.

Recommended For You