Skip to main content
McAfee MVISION Cloud

Slack Enterprise Secure Collaboration Use Cases

Supported Features

MVISION Cloud for Slack Enterprise supports these features for the secured collaboration of users:

  • Identify and remove sensitive content shared with unauthorized guest users.
  • View Slack incident metadata to monitor the shared file in public/private/shared channels.
  • Monitor and Remove Guest Users joining the Slack channels from an unauthorized domain.

NOTE: The secured collaboration use cases are supported only for the Slack Enterprise version.

Identify and Remove Sensitive Content Shared with Unauthorized Guest Users

MVISION Cloud for Slack Enterprise allows security admins to define the DLP policies to monitor and remove sensitive data posted in Slack channels having unauthorized guest users as members. Messages or files posted in the regular channels and 1:1 or 1: many chat conversations are monitored and deleted.

For example, say your organization has the domain myorg.com. Some of the Slack channels in MyOrg allows guest users as members. So the organization wants to detect and remove any sensitive data such as credit card numbers posted in channels that allow guest users. 

To identify and remove the sensitive content posted in channels with guest users, define the DLP policy for Slack in the MVISION Cloud as described.

Rule Group

Create the folder/file collaboration rule.

To create a Folder/File rule:

  1. Go to Policy > DLP Policies
  2. Click Actions > Create New Policy
  3. Under Add Rules, select Collaboration
  4. Select Folder/File Collaboration and enter the value * for both From and To fields.
  5. Under Add Rules, select any options such as Data IdentifierKeywordRegular Expression.1a.png

Exception Group 

To add an exception to a policy:

  1. In the Create New DLP Policy page, under Exceptions > Add Exception, select Collaboration.
  2. Select Folder/File Collaboration, enter the value * for From field, and enter the value as a list of internal domains for the To field. For example, internal-domain1.cominternal-domain2.com, etc. In this case, the internal domain of the organization is 'myorg.com'. 

    2A.png

Response Action

To add a response action to a policy:

  1. In the Create New DLP Policy page, under Response, select Delete to remove the sensitive data.
  2. Under Response, select Send Bot and enter the Slack User Email to notify the user about the DLP policy violation. Or click the pencil icon to add a comma-separated list of email addresses. 

    3A.png
  3. Click Save.

View Slack Incident Metadata for Shared Files

Let's say you have shared a file with a member in Slack. You can forward the same file to a public or private channel, by direct message, or by sharing a link. Any member with access to that file can also share it with others. So you can track the file shared with other members using Slack Incident Metadata.

To view the Slack Incident Metadata:

  1. Go to Incidents > Policy Incidents.
  2. Select Service Name as Slack from the filter.
  3. On the Policy Incidents page, click the required incident in the table to see the metadata in the Details pane.

    4A.png
  4. Slack Incident metadata displays the following attributes to track the file-sharing activities:
    • Path. The unique path of the file in Slack.
    • Shared In. The name of the workspace / the channel name where the file is shared and displays the channel type (Public/Private).

Monitor and Remove Guest Users  from Unauthorized Domains 

MVISION Cloud for Slack Enterprise allows security admins to define DLP policies to monitor and alert if any unauthorized guest users join the Slack channels. 

For example, say you have an organization that wants to allow guest users from allowed domains allowed-domain1.com and allowed-domain2.com, but wants to alert if any guest or external users from other domains join the Slack channel. This can be accomplished by defining DLP policies for Slack in MVISION Cloud.

Rule Group 

Create a Folder/File Collaboration rule.

To create a Folder/File Collaboration rule:

  1. Go to Policy > DLP Policies
  2. Click Actions > Create New Policy
  3. Under Add Rules, select Collaboration
  4. Select Folder/File Collaboration and enter the value * for both From and To fields.
    5a.png

Exception Group 

To add an exception to a policy:

  1. In the Create New DLP Policy page, under Exceptions > Add Exception, select Collaboration.
  2. Select Folder/File Collaboration, enter the value * for From field, and enter the list of internal domains or list of allowed domains for To field. For example, allowed-domain1.comallowed-domain2.com, etc. If any external user joins Slack channels from outside of the listed domains, then the policy is triggered.
    6A.png

Response Action 

To add a response action to a policy:

  1. In the Create New DLP Policy page, under Response, select Send Bot and enter the Slack User Email to notify the user about the DLP policy violation. Or click the pencil icon to add a comma-separated list of email addresses. 
  2. Under Response, select Modify Permissions to None for Everyone to remove the guest user.
    clipboard_ea8f1df5095e6788293cbc4a1ec7087bd.png
  3. Click Save.
  4. If any external user joins Slack channels by violating the DLP policy, then the DLP incident is created in the Policy Incidents page.
    LA.png

Here, the incident metadata displays the email ID of the guest/external user who joined the Slack channel. Also, displays the workspace name, channel name, and channel type.

  • Was this article helpful?