Skip to main content
McAfee Enterprise MVISION Cloud

Link a Slack Notification to a DLP Policy

MVISION Cloud Slack Bot

In Slack, by default, when a user uploads content that violates a Data Loss Prevention (DLP) policy with a Quarantine or Delete response action, that user is notified through a Slack bot user registered by MVISION Cloud. This bot is also used to send all other types of notifications in Slack, including incident notifications to the admin. 

The default Slack bot user name for MVISION Cloud is securityadmin, but you can customize the bot name if you like. 

To change the Slack bot name:

  1. Go to Policy > Policy Settings
  2. Select the Notifications tab. 
  3. Under Slack Notifications, enter a new name for Bot User Name
  4. Click Save
    clipboard_ec002ac5274847a0268eb5e86423225db.png

Link a Slack Notification to a DLP Policy

If API access for Slack is enabled, you can link Slack notification to a DLP Policy. 

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Slack. Then select the users the policy will apply to. 
  4. On the Rules page, create the rule and select a severity. 
  5. On the Responses page, select your responses:
    • Send Bot Notification. The response action can be used to send an email notification to the specific pre-configured user. Click the pencil icon to add a comma-separated list of email addresses to configure the users.
    • User Bot Notification. The response action can be used to send an in-app notification to the user interacting with the bot.
    • User Email Notification. The response action can be used to send a predefined email notification to the user triggering the DLP rule with details regarding the policy violation.
  6. Review your policy and click Save
    slack_policy_response.png