If you have enabled API access for Slack is, you can link a Slack notification to a DLP Policy, which requires using the MVISION Cloud Slack bot.
MVISION Cloud Slack Bot
In Slack, by default, when a user uploads content that violates a Data Loss Prevention (DLP) policy with a Quarantine or Delete response action, that user is notified through a Slack bot user registered by MVISION Cloud. This bot is also used to send all other types of notifications in Slack, including incident notifications to the admin.
The default Slack bot user name for MVISION Cloud is securityadmin, but you can customize the bot name if you like.
To change the Slack bot name:
- Go to Policy > Policy Settings.
- Select the Notifications tab.
- Under Slack Notifications, enter a new name for Bot User Name.
- Click Save.
Link a Slack Notification to a DLP Policy
If you have enabled API access for Slack, you can link Slack notification to a DLP Policy.
- Go to Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy.
- On the Description page, enter a name, description, and deployment type. For Services, select Slack. Then select the users the policy will apply to.
- On the Rules page, create the rule and select a severity.
- On the Responses page, select your responses:
- Send Bot Notification. The response action can be used to send an email notification to the specific pre-configured user. Click the pencil icon to add a comma-separated list of email addresses to configure the users.
- User Bot Notification. The response action can be used to send an in-app notification to the user interacting with the bot.
- User Email Notification. The response action can be used to send a predefined email notification to the user triggering the DLP rule with details regarding the policy violation.
- Review your policy and click Save.