How do I configure DLP notifications?

You can create templates for the email notifications that are sent to your organization's auditors when a DLP policy triggers. When configuring DLP policy rules, you can reference one of the templates you configure here.

To add a DLP notification template:

  1. Go to Administration > Resources > DLP Notification Templates.
  2. Click Add and complete the following:
    • Enter a notification Name.
    • Enable Attach Violating Content if you want an attachment of the violating content added to the notifications emailed to auditors.
      • Enable Use TLS to use a TLS connection to send email. If you enable this option, ensure that the customer's SMTP server supports TLS. Zscaler recommends that you use TLS because email (sent by you) might contain sensitive content.

        NOTE: These attachments and the violating content contained in them are never stored on disk. The attachments, violating content, and body of the notification emails are placed in RAM, and the Zscaler service creates and sends an encrypted email via TLS. All data is then deleted from RAM, and no sensitive information is ever stored.
    • Subject contains a macro - ${ENGINES}  that is used to list the DLP engines that were triggered.
    • In the Message as Plain Text or Message as HTML sections, you can create a customized message detailing why the content was blocked. This message is delivered via email (Delivery Status Notification) to the auditor when a policy triggers and blocks content. The following macros are in the message:
      • ${CLIENT_IP}: This macro is used to specify the user's IP address (if available).
      • ${DICTIONARIES}: This macro is used to list the DLP dictionaries that were triggered.
      • ${DLPTRIGGERS}: This macro is used to list the content (up to 10 items) that matched the dictionary.
      • ${ENGINES}: This macro is used to list the DLP engines that were triggered.
      • ${TIMESTAMP}: This macro is used to specify the time the user attempted to send violating content.
      • ${TYPE}: This macro is used to specify the type of attachment. For example, “Web posting” could a type for posts.
      • ${URL}: This macro is used to specify the destination URL (that is, the URL accessed).
      • ${USER}: This macro is used to specify the name of the user (if any). If user name is unavailable, “unknown” is used.
  3. Click Save and activate the change.