DLP administrators can define granular actions for each Enterprise DLP policy instead of defining a single action for all the policy violations in Enterprise DLP. This is called granular closed-loop remediation.
To configure granular actions for your DLP policy:
- Define an HTTP response message in the response rules of your Enterprise DLP provider as per the format below:
- Policy: <Policy Name>: The name of the policy within Enterprise DLP that the response rules are associated with. The policy name is used for reporting purposes only.
- Action: <Action>: Supported response actino values are: Report Only, Quarantine, Delete, and Encrypt.
- Enable Enterprise DLP from Policy > Policy Settings and select the option Enterprise DLP will define the remediation action in the blocking response.
- Based on the policy settings, events from the selected cloud service will be forwarded to your Enterprise DLP.
- If your Enterprise DLP returns a blocking response for any event, remediation action will be taken by Skyhigh Security Cloud based on the action defined in the Response Message of the response rule attached to the violated policy.
- To help you identify the Enterprise DLP policy that triggered the action, the Anomalies page shows the policy name and extended information.
- If the response message defined in the response rule is not valid or not in the expected format, a Report Only action is generated by default for the blocking response, and no other action is performed