View the Enterprise DLP End User Alerting with Cortex XSOAR Response History
Focus
Focus
Enterprise DLP

View the Enterprise DLP End User Alerting with Cortex XSOAR Response History

Table of Contents

View the Enterprise DLP End User Alerting with Cortex XSOAR Response History

View the response history for Enterprise Data Loss Prevention (E-DLP) incidents.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
The Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR response history provides an audit trail for administrators to understand which end user uploaded a file containing sensitive data and how they responded to the Enterprise DLP Bot on Slack.
The possible response statuses are:
  • Pending Response - The automated Enterprise DLP Bot message was sent and is pending a response.
  • Confirmed Sensitive - End user confirmed that Yes, the file contains sensitive data but No, the end user didn’t request an exemption.
    For all future uploads of the file, the file upload remains blocked and end users aren’t prompted to request for an exemption.
  • Exception Requested - End user confirmed that Yes, the file contains sensitive data and Yes, the end user requested an exemption.
    For all future uploads of the file, end users aren’t prompted to confirm the file contains sensitive data but are prompted to request for an exemption.
  • Confirmed False Positive - End user confirmed that No, the file doesn’t contain sensitive data.
    For all future uploads of the file, the file uploads remain blocked and end users aren’t prompted to confirm if the file contains sensitive data.
  1. Log in based on the platform on which you’re using Enterprise DLP.
    • Panorama (Next-Gen Firewalls) and Prisma Access (Managed by Panorama) - Log in to the DLP app on the hub.
      If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
    • Strata Cloud Manager - Log in to Strata Cloud Manager.
  2. Navigate to the Enterprise DLP Incidents.
    • Panorama (Next-Gen Firewalls) and Prisma Access (Managed by Panorama) - In the DLP app, select Incidents.
    • Strata Cloud Manager - Select ManageConfigurationData Loss PreventionDLP Incidents.
  3. In the Incidents section, view the Response Status for all file uploads.
    You can also Add New Filter to filter Enterprise DLP Incidents based on the Response Status.
  4. Click on the File name to view the detailed Response History for that specific file.
    The detailed response history includes the team member who uploaded the file and how they responded to the Enterprise DLP Bot.