Enterprise DLP
Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR
Table of Contents
Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR
Request an exemption for an uploaded file using the Enterprise Data Loss Prevention (E-DLP) Bot on
Slack.
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP
addresses to improve performance and expand availability for these services
globally.
You must allow these new service IP addresses on your network
to avoid disruptions for these services. Review the Enterprise DLP
Release Notes for more
information.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
After you Set Up Enterprise DLP End User Alerting with Cortex XSOAR and a file upload matches your data
profile, the team member who uploaded the file is automatically alerted on Slack to
confirm whether the file they uploaded contains sensitive information.
The DLP cloud service maintains a response history for all files that trigger End User Alerting
with Cortex XSOAR based on your response.
- Confirmed Sensitive - End user confirmed that Yes,, the file contains sensitive data but No, the end user didn’t request an exemption.For all future uploads of the file, the file upload remains blocked and end users aren’t prompted to request for an exemption.
- Exception Requested - End user confirmed that Yes, the file contains sensitive data and Yes, the end user requested an exemption.For all future uploads of the file, end users aren’t prompted to confirm the file contains sensitive data but are prompted to request for an exemption.
- Confirmed False Positive - End user confirmed that No, the file doesn’t contain sensitive data.For all future uploads of the file, the file uploads remain blocked and end users aren’t prompted to confirm if the file contains sensitive data.
This procedure assumes you have already created a data profile and have successfully set up Enterprise DLP End User Alerting with Cortex XSOAR.
- Upload a file containing sensitive data that matches a data profile.
- On Slack, the Enterprise DLP Bot sends an automated message to the team member who uploaded the file containing sensitive data.Select Yes to confirm that the uploaded file containing sensitive data and to request an exemption.Select No to confirm that the uploaded files doesn’t contain sensitive data and flag the file as a false positive. If you select No, the file remains as blocked for any future upload of the same file. You will receive confirmation for the Enterprise DLP Bot that your response was successfully received.
- If you selected Yes and the file contains sensitive information, select Yes when prompted to request a temporary exemption for the uploaded file.Select No if you don’t want to request a temporary exemption for the file. The file upload remains blocked.Skip this step if you selected No in the previous step and the file doesn’t contain sensitive data.
- The Enterprise DLP Bot confirms that the exemption was granted.You can now reupload the file as needed for the length of the Exemption Duration.
