Skip to main content
McAfee MVISION Cloud

Link a Slack Notification to a DLP Policy

MVISION Cloud Slack Bot

In Slack, by default, when a user uploads content that violates a Data Loss Prevention (DLP) policy with a Quarantine or Delete response action, that user is notified through a Slack bot user registered by MVISION Cloud. This bot is also used to send all other types of notifications in Slack, including incident notifications to the admin. 

The default Slack bot user name for MVISION Cloud is securityadmin, but you can customize the bot name if you like. 

To change the Slack bot name:

  1. Go to Policy > Policy Settings
  2. Select the Notifications tab. 
  3. Under Slack Notifications, enter a new name for Bot User Name
  4. Click Save
    clipboard_ec002ac5274847a0268eb5e86423225db.png

Link a Slack Notification to a DLP Policy

If API access for Slack is enabled, you can link Slack notification to a DLP Policy. 

  1. Choose Policy > DLP Policies.
  2. Click Create Policy. Then click Create New Policy. (See Creating a DLP Policy from a Template for information about templates.)
  3. Under Response, click Add Action
  4. Select your required settings, then for severity then, select either:
    • User Email Notification. The response action can be used to send a predefined email notification to the user triggering the DLP rule with details regarding the policy violation.
    • Send Bot Notification. The response action can be used to send an email notification to the specific pre-configured user. Click the pencil icon to add a comma-separated list of email addresses to configure the users.
    • User Bot Notification. The response action can be used to send an in-app notification to the user interacting with the bot.
  5. Click Save
    clipboard_e34a24554ab4cad717c469d61d07f8f12.png