SaaS Security
Configure Slack Notification Alerts on Data Security
Table of Contents
Configure Slack Notification Alerts on Data Security
Learn how to configure notifications on Data Security so that administrators and
end users are notified of incidents.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
Data Security enables you to configure immediate Slack notifications (alerts)
when an asset is deleted or quarantined. The notification is sent via a Slack bot to
the end user. Notifications to end users provide administrators a low-touch
mechanism for training end users on your organization’s internal policy rules.
Notification via Slack through policy rules is supported for
all apps. However, ensure that you have onboarded the Slack Enterprise or
Slack Pro and Business app so that Data Security can send
notifications through Slack.
Enable Admin and End User Notifications
- Log in to Strata Cloud Manager.Enable Admin User Notification when you create a data asset policy rule.
- Select the Slack application instance.If not already done, configure your Slack Bot for slack notification.Specify the private Slack channel name and validate it.
- You must be a member of the channel.
- The channel must be private.
- The Palo Alto Networks NG-CASB app must be integrated in the private channel.
Enter a custom message to display in the notification.![]()
Enable End User Notification when you create a data asset policy rule.As an end user, you get notification only if you're a part of the Slack Workspace that the bot is configured for.- Select the Slack application instance.If not already done, configure your Slack Bot for slack notification.Enter a custom message to display in the notification.
![]()
Configure Manual End User Notification for Deleted and Quarantined Slack Enterprise Assets
You can manually configure custom messages to the end user for deleted and quarantined assets. These custom messages override the custom messages you created using the Workflow settings. However, this manual end user notification is applicable only for that specific asset. To configure your custom end user notification:- As an end user, you get notification only if you are a part of the Slack Workspace that the bot is configured for.
- Configuring manual end user notification for deleted and quarantined assets is applicable only for Slack Enterprise.
- Log in to Strata Cloud Manager.Select .Choose the Application and enter a Custom Message to inform that the asset was deleted or quarantined.Use the following best practices in your message:
- Begin with a concise headline. For example, A potential information security incident was detected and deleted/quarantined!
- Educate your users on the risks to sensitive content.
- Link to your company’s policy rule.
- Include a call to action statement.
Save your changes.Send Manual End User Notification for Deleted and Quarantined Slack Enterprise Assets
After configuring manual slack notifications, follow the procedure given below to send manual slack notifications.- Log in to Strata Cloud Manager.Select .Choose the Data Asset you want to delete or quarantine and select .In the Delete/Admin Quarantine Confirmation pane, select the Send End user notification.Enter your custom message and then Delete/Admin Quarantine.
