DLP administrators can define granular actions for each Enterprise DLP policy instead of defining a single action for all the policy violations in Enterprise DLP.
- Define an HTTP response message in the response rules of your Enterprise DLP provider as per the format below:
- Policy: <Policy Name>: The name of the policy within Enterprise DLP for which this response rules is associated.The policy name is used for reporting purposes only.
- Action: <Action>: Supported values for are: Report Only, Quarantine, Delete, and Encrypt.
- Enable Enterprise DLP from Policy > Policy Settings and select the option Enterprise DLP will define the remediation action in the blocking response.
- Based on the policy settings, events from the selected cloud service will be forwarded to your Enterprise DLP.
- If your Enterprise DLP returns a blocking response for any event, remediation action will be taken by Skyhigh CASB based on the action defined in the Response Message of the response rule attached to the violated policy.
- To help the administrator identify the Enterprise DLP policy that triggered the action, the Anomalies Overview page shows the policy name in extended information.
- If the response message defined in response rule is not valid or not in the expected format, a Report Only action is generated by default for the blocking response and no other action is performed