Focus

Strata Cloud Manager

User Coaching Notification Template

Table of Contents

Manage: Global Settings

Manage: IoT Policy Recommendation

User Coaching Notification Template

Centrally manage the end user notification templates to alert users through

Autonomous DEM

if the users generate an

Enterprise Data Loss Prevention (E-DLP)

incident.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)	GlobalProtect app version 6.3 or later Enterprise Data Loss Prevention (E-DLP) license Prisma Access Mobile Users License Prisma Access license Prisma Access 5.1 or later Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license

The End User Coaching Notification Template allows you to configure the notification displayed to your users in the Access Experience User Interface (UI) when they generate an

Enterprise Data Loss Prevention (E-DLP)

incident. An

Enterprise DLP

incident is generated when a file containing sensitive data is downloaded or uploaded, or if non-file based traffic containing sensitive data is posted in a web form.

To determine what is considered sensitive data, you add one or more

Inline DLP Rules

. DLP Rules containing the traffic match criteria that defines what is considered sensitive data. The DLP Rule is derived from the

Enterprise DLP

data profile of the same name. Additionally, you can configure custom messages for when a

File Based

Non-File Based

Enterprise DLP

incident is generated. After an

Enterprise DLP

incident is generated, the user who generated the incident can view the Data Security notification for more information about the sensitive data uploaded, downloaded, or posted.

Contact your

Palo Alto Networks

representative to enable End User Coaching on your tenant.

Install the

GlobalProtect app

version6 6.3 or later on Windows or macOS.

Strata Cloud Manager

Enable

Autonomous DEM

App Settings

User Behavior

Digital Experience Management (DEM)

, you must configure these required settings to display notifications to your users in the Access Experience UI.

Enable

Autonomous DEM and GlobalProtect Log Collection for Troubleshooting

DEM for Prisma Access (Windows and Mac Only)

—Select

Install and User Cannot Enable or Disable DEM

DEM for Prisma Access version 6.3 and above (Windows and Mac Only)

—Select

Install the Agent

Configure

Enterprise DLP

Create a decryption profile and policy rule.

This is required for

Enterprise DLP

to decrypt and inspect traffic for sensitive data.

Create custom data patterns to define your match criteria.

Alternatively, you can use the predefined data patterns instead of creating custom data patterns.

Create a data profile and add your data patterns.

Only custom data profiles are supported. By default, all predefined DLP Rules'

Action

are set to

Alert

. If you must clone the predefined data profile to edit the DLP Rule

Action

Modify the DLP Rule.

When modifying the DLP Rule, you must set the

Action

Block

. This is required to generate alerts in the Access Experience UI. No alerts are displayed if the

Action

is set to

Alert

Add the DLP Rule to a Profile Group and attach the Profile Group to a Security policy rule. This is required for

Enterprise DLP

to generate a DLP incident that then generates a notification in the Access Experience UI.

Select

Manage

Configuration

NGFW and Prisma Access

Global Settings

User Coaching Notification Template

and

Add Notification Template

Configure the

General Information

Verify the

Product Name

Inline DLP

This is the default setting and can't be changed

Select

Enable Notification Template

to enable the template after you save.

This setting is enabled by default.

Enter a descriptive

Notification Template Name

(Optional) Enter a

Description

for the Notification Template.

(Optional) Select

High Confidence Detections Only

to only generate Access Experience alerts for high confidence traffic matches.

High confidence matches reflect how confident

Enterprise DLP

is when detecting matched traffic. For regular expression (regex) patterns, this is based on the character distance to the configured proximity keywords. For machine learning (ML) patterns, this confidence level is calculated by the ML models.

Add one or more

Applied Rules

to the notification template.

DLP Rules must have the rule

Action

set to

Block

and be added to a Profile Group that is attached to a Security policy rule to generate an Access Experience notification. Only add DLP Rules added to a Profile Group that is associated with a Security policy rule. This is required for

Enterprise DLP

to generate a DLP incident that then generates a notification in the Access Experience UI. A single DLP Rule can be added to multiple User Coaching Notification Templates.

All DLP Rules added to the notification template generate the same

Notification Message

when

Enterprise DLP

blocks sensitive data that match the data profiles associated with the DLP Rule.

You can

View Details

for each DLP Rule you add to review the specific inspection details. This includes the traffic inspection

Direction

, applicable

File Type

Action

, and whether the DLP Rule is inspecting for

File Based Match Criteria

Non-File Based Match Criteria

, or both.

Define the

Notification Message

users receive when

Enterprise DLP

blocks sensitive data that match the data profiles associated with the DLP Rule.

The message templates are the Access Experience toast notifications users receive when

Enterprise DLP

blocks sensitive data. You can use the following variables in your message templates. You must include the brackets for each variable.

[file name]

—File name and extension containing sensitive data blocked by

Enterprise DLP

(File Based only)

[direction

]—Specifies whether

Enterprise DLP

blocked a file upload or download.

[app name]

—Application user attempted to upload to, download from, or post non-file based content.

[action

]—Action

Enterprise DLP

took when sensitive data was detected. This value is always

Blocked

Define the

Message Template for File

based detections.

Skip this step if the DLP Rule isn't configured for file based detections.

Define the

Message Template for Non-File

based detections.

Skip this step if the DLP Rule isn't configured for non-file based detections.

Add a

Support Link

You can add links directly into the Access Experience toast notification that describe your company policy for sharing or downloading sensitive data.

Save

The user who generated the

Enterprise DLP

incident can view the Data Security notification to see a snippet of the sensitive data that was uploaded, downloaded, or posted.

Manage: Global Settings

Manage: IoT Policy Recommendation

Strata Cloud Manager Docs

User Coaching Notification Template

Strata Cloud Manager Docs

User Coaching Notification Template

Recommended For You

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner