![]() |
Click New in the toolbar at the top of the content pane on the Action Plans page.
|
1.
|
3.
|
For Cloud Channels, use the CASB service drop-down list to select an action to take when an incident involves files uploaded to, downloaded from, or used by a cloud application.
|
![]() |
Select Permit to allow files to be uploaded, synchronized, downloaded, shared, and so on.
|
![]() |
Select Safe copy to keep a copy of the file in the cloud archive that is accessible only to administrators.
|
![]() |
Select Quarantine to save the file in a quarantine folder defined in the CASB portal.
|
![]() |
Select Quarantine with note to quarantine the file and leave a message in place of the original file.
|
![]() |
Select Unshare internal to remove sharing permissions for any internal address.
|
![]() |
Select Unshare external to remove sharing permissions for any external address.
|
![]() |
Select Unshare all to remove all sharing permissions from the file.
|
4.
|
By default, all incidents are audited. Clear the Audit incident check box if you do not want to audit incidents.
|
![]() |
Select Include forensics to include information about the transaction that resulted in the incident, such as the contents of an email body: From:, To:, Cc: fields; attachments, URL category, hostname, file name, and more.
|
![]() |
Select Run remediation script to have the system run a script when an incident is discovered, then select the script to use from the drop-down list. See Remediation scripts for more information.
|
![]() |
Select Run endpoint remediation script to have the system run an endpoint remediation script when an incident is discovered, then select the script to use from the drop-down list.
|
![]() |
Select Send syslog message to notify an outside syslog server or ticketing system of the incident.
|
![]() |
Select Send email notifications to send an email message to a designated recipient when a policy is breached.
|
![]() |
Click New to create a custom message.
|
5.
|
To configure discovery options, continue to the next section. Otherwise, click OK to save the changes.
|
1.
|
To have the system run a remediation script for network discovery incidents, select Run remediation script, then select a script from the drop-down list. See Remediation scripts.
|
2.
|
Under Endpoint Discovery, if classification tagging is enabled for the deployment, mark Add classification tag to specify the tag or tags to apply to files.
|
![]() |
3.
|
4.
|
To have the system run an endpoint remediation script for endpoint discovery incidents, select Run endpoint remediation script, then select a script from the drop-down list.
|
5.
|
Click OK to save the changes.
|
![]() |
Permit or allow the HTTP, HTTPS, or FTP request to go through.
|
![]() |
Block or deny the request.
|
2.
|
Select Audit incident to have Forcepoint DLP to log incidents. When logging is enabled, email notifications are also available.
|
3.
|
Select Send email notifications to send an email message to a designated recipient when a policy is breached.
|
![]() |
Click New to create a custom message.
|
4.
|
Click OK to save your changes.
|
![]() |
Permit the message to go through.
|
![]() |
Block or deny the message or post.
|
![]() |
Quarantine the message.
|
![]() |
Drop attachments that are in breach of policy. Quarantines email messages that:
|
![]() |
Encrypt the message.
|
2.
|
Select Audit incident to have Forcepoint DLP to log incidents in the incident database. By default, audit is selected irrespective of the action.
|
3.
|
If you select Send email notifications:
|
![]() |
Click New to create a custom message.
|
4.
|
Click OK to save your changes.
|