View the Enterprise DLP End User Alerting with Cortex XSOAR Response History
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
View the Enterprise DLP End User Alerting with Cortex XSOAR
Response History
View the response history for
Enterprise Data Loss Prevention (E-DLP)
incidents. The
Enterprise Data Loss Prevention (E-DLP)
End User Alerting with Cortex XSOAR
response history
provides an audit trail for administrators to understand which end user uploaded a
file containing sensitive data and how they responded to the Enterprise DLP
Bot
on Slack. The possible response statuses are:
- Pending Response- The automatedEnterprise DLPBot message was sent and is pending a response.
- Confirmed Sensitive- End user confirmed thatYes, the file contains sensitive data butNo, the end user didn’t request an exemption.For all future uploads of the file, the file upload remains blocked and end users aren’t prompted to request for an exemption.
- Exception Requested- End user confirmed thatYes, the file contains sensitive data andYes, the end user requested an exemption.For all future uploads of the file, end users aren’t prompted to confirm the file contains sensitive data but are prompted to request for an exemption.
- Confirmed False Positive- End user confirmed thatNo, the file doesn’t contain sensitive data.For all future uploads of the file, the file uploads remain blocked and end users aren’t prompted to confirm if the file contains sensitive data.
- Log in based on the platform on which you’re usingEnterprise DLP.
- Panorama (Next-Gen Firewalls) and Prisma Access (Panorama Managed)- Log in to the DLP app on the hub.If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
- - Launch the Cloud Management Console.Prisma Access (Cloud Management)
- Navigate to theEnterprise DLPIncidents.
- Panorama (Next-Gen Firewalls) and Prisma Access (Panorama Managed)- In the DLP app, selectIncidents.
- - SelectPrisma Access (Cloud Management).LogsDLP Incidents
- In the Incidents section, view the Response Status for all file uploads.You can alsoAdd New Filterto filterEnterprise DLPIncidents based on theResponse Status.
- Click on theFilename to view the detailed Response History for that specific file.The detailed response history includes the team member who uploaded the file and how they responded to theEnterprise DLPBot.