About Enterprise DLP End User Alerting with Cortex XSOAR
Focus
Focus
Enterprise DLP

About Enterprise DLP End User Alerting with Cortex XSOAR

Table of Contents

About Enterprise DLP End User Alerting with Cortex XSOAR

About Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR allows your team members to understand why a file upload was blocked by Enterprise DLP and enables self-service temporary exemptions for file uploads that match your Enterprise DLP data profiles. Enterprise DLP End User Alerting with Cortex XSOAR provides an audit trail to better understand the upload and response history for every file scanned by the DLP cloud service. Additionally, enabling End User Alerting with Cortex XSOAR prevents malware triggered uploads because an affirmative action is required to request an exemption.
Enterprise DLP End User Alerting with Cortex XSOAR requires integration with the Enterprise DLP application. You can view responses to file uploads that match your data filtering profiles and data profiles for supported apps only. For some applications, End User Alerting with Cortex XSOAR requires IP mapping to email addresses to furnishing exemption queries to your team members. After you successfully integrate Enterprise DLP with Cortex XSOAR and configure the exemption duration, the team member who uploads a matched file is presented with an automated message to confirm if the file includes sensitive data that triggers a block verdict from the DLP cloud service. If the team member responds that the file does contain sensitive data, they’re given the option request a temporary exception for the specific file.
If the team member responds that the file doesn’t contain sensitive information, the DLP cloud service flags the file as a false positive. However, Enterprise DLP continues to block the file upload.
The Enterprise DLP cloud service preserves the response history for all scanned files after End User Alerting with Cortex XSOAR is enabled. For example, your team member uploads file_A.pdf that matches a data profile match criteria. The team member is prompted to confirm if the file contains sensitive information, to which they answer Yes and request an exemption. A few days later, the team member uploads file_A.pdf again. This time they’re only prompted to request an exemption because the DLP cloud service is already aware of the file response history.