: About Inspection of Contextual Secrets
Focus
Focus

About Inspection of Contextual Secrets

Table of Contents

About Inspection of Contextual Secrets

SaaS Security
using
Enterprise Data Loss Prevention (E-DLP)
can inspect contextual messages to detect and prevent exfiltration of passwords communicated through chat-based applications.
Where Can I Use This?
What Do I Need?
  • Strata Cloud Manager
  • Enterprise Data Loss Prevention (E-DLP)
    license
  • SaaS Security
    license
  • (
    Strata Cloud Manager
    )
    Prisma Access
    license
  • (
    Strata Cloud Manager
    )
    AIOps for NGFW Premium
    license
  • (
    Strata Cloud Manager
    )
    AIOps for NGFW Free
    license
SaaS Security
on
Strata Cloud Manager
supports inspection of contextual chat messages to monitor sharing of sensitive passwords over chat-based applications.
Enterprise Data Loss Prevention (E-DLP)
uses contextual messages to understand instances where a password might have been shared. When
Enterprise DLP
detects that a password was shared, a DLP Incident is generated that displays a snippet of the response containing the password.

Which Chat Applications Are Supported?

The Slack V2 chat application is currently supported for inspection of contextual secrets.

Which Data Patterns and Profiles Detect Passwords?

Data Patterns:
Data Profiles

What Kind of Contextual Messages Are Supported?

Enterprise DLP
supports inspection of one contextual message and one immediate response message containing a password in a private channel or public channel, and includes inspection of threaded replies. For
Enterprise DLP
to detect a shared password, the response message containing the password must be sent within 60 minutes of the contextual message. Review the Contextual Chat Examples for more information on the types of contextual messages that trigger inspection by
Enterprise DLP
.
For example, James asks Justin for a password. At
8:45 AM
, Justin responds with the password James requested. At
10:11 AM
, Justin again replies but this time in a threaded response to the contextual message and shares a second password. In this example,
Enterprise DLP
is able to detect and generate a DLP Incident when Justin shares with James the first password at
8:45 AM
. However,
Enterprise DLP
can’t detect the second password Justin shared with James because the contextual message was already associated with the first response message and the second threaded response exceeds the 60-minute time limit.
The contextual message, and password shared in response to a contextual message, must be in text format for
Enterprise DLP
to detect and generate a DLP Incident.
Enterprise DLP
can’t detect if a password was shared in a response to a contextual message if:
  • The contextual message is a text or image attachment
  • The response to the contextual message is a text or image attachment

Recommended For You