Begin Scanning a Cisco Webex Teams App (Beta)

Use these steps to connect your Cisco Webex Teams application to Prisma SaaS.
Prisma SaaS scans messages and files shared on spaces within the Cisco Webex Teams application. To begin scanning a Cisco Webex Teams application:
  1. Ensure that the Webex Teams account you plan to use with Prisma SaaS has sufficient privileges.
    To connect a Webex Teams instance to Prisma SaaS, you must use a Webex Teams account with Administrator privileges. Make sure the following settings are enabled:
    1. Log in to https://admin.webex.com, select
      Users
      admin_account_username
      Roles and Security
      .
    2. Enable
      Full administrator
      and
      Compliance Officer
      privileges.
      Make sure to request another administrator to assign the Compliance Officer role to you, so your account has the correct privileges required to search for sensitive information in the Cisco Webex Teams app.
      cisco-webex-teams-permissions.png
      The Webex Teams standard service plan supports data generated during the last 90 days. To enable longer-term visibility, consider upgrading to Cisco Webex Teams Pro Pack service plan before connecting to Prisma SaaS.
  2. Add the Webex Teams app.
    1. From the Prisma SaaS
      Dashboard
      , select
      Add a Cloud App
      .
    2. Select the
      Cisco Webex Teams
      app.
      cisco-webex-teams-tile-beta.png
    3. Connect to Webex Teams Account
      .
    4. Prisma SaaS redirects you to Cisco identity broker to authorize access so that you can enter the email address and password for the Administrator account you want to use when connecting to the Webex Teams application.
    5. Review and
      Accept
      the permissions to onboard the account to Prisma SaaS.
      The new Webex Teams instance is added to the list of Cloud Apps as Webex Teams 
      n,
      where
      n
      is the number of Webex Teams instances you have connected to Prisma SaaS. For example, if this is the second Webex Teams instance you connected to Prisma SaaS, the name displays as Webex Teams 2.
      If you want to give a descriptive name for the instance, select the link on
      Settings
      Cloud Apps & Scan Settings
      , and enter a new name.
  3. Configure a bot.
    A bot is a machine account that automates the process of sending messages to users on your behalf. To use a bot, you must create an access token to enable the bot to send these messages. When you Add a New Asset Rule, select the
    Notify via bot
    auto-remediation action, and Prisma SaaS will send a direct message on Webex Teams to the user whose messages or files triggered the incident. If you do not create a bot, Prisma SaaS sends a message using the administrator’s name to the space where the user originally shared the file or message.
    cisco-webex-teams-configure-bot.png
    1. Create a bot on the Webex developer portal using your administrator credentials, and copy the access token.
      cisco-webex-teams-create-bot.png
    2. Select
      Actions
      Configure Bot
      on
      Settings
      Cloud Apps & Scan Settings
    3. Paste the access token on the app, and save your changes.
      cisco-webex-teams-bot-access-token.png
  4. Define global scan settings.
  5. Add policy rules or edit existing policy rules.
    When you add a new cloud application, Prisma SaaS automatically scans assets against the default data patterns and displays the match occurrences. If you want to generate incidents and identify potential issues that are unique to the new instance, as a best practice consider the business use of your app to determine whether you want to Add a New Asset Rule.
  6. (Optional)
    Configure or edit a data pattern.
    If you find the existing data patterns do not identify the incidents you want to prevent from occurring, you can Configure Data Patterns (Basic DLP) to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  7. Start scanning the Cisco Webex Teams instance for issues.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new Webex Teams instance, select
      Actions
      Start Scanning
      .
      Prisma SaaS starts scanning all assets—files, messages—and spaces in the associated Webex Teams application and identifies incidents. Depending on the number of Webex Teams users and assets, it may take some time for the service to complete the process. However, as soon as you begin to see this information populating on the Prisma SaaS
      Dashboard
      , you can begin to Assess Incidents.
      On a Webex Teams account, Prisma SaaS monitors the following activities:
      • Adding or removing a user from a space.
      • Adding a moderator to a space.
      • Deleting a message — the deletion of a message is logged if the message had a file attached to it, or if the message had a policy violation and created an incident.
      All activities that occurred before you added the Cisco Webex Teams application to Prisma SaaS are not displayed on
      Explore
      Activities
      .
  8. Monitor the results of the scan.
    As Prisma SaaS starts scanning files and matching them against enabled policy rules, you can Monitor Scan Results on the Dashboard (Basic DLP) to verify that your policy rules are effective. Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation