Data Loss Prevention

 View Only

Configure DLP to Send Email Notification to Employee's Manager 

Jan 12, 2014 07:11 AM

Some customers want to know whether the DLP can send an Email notification to the manager if an employee trigger an incident. The answer is Yes.

This is some kind of workflow in DLP that can help the manager to master and improve the employee's behavior to avoid the data leak.

In order to send email notification to the manager, the DLP need to integrate with the Active Directory where the relationship between the employee and the manager is stored. 

The basic principle of such kind of configuration is obtaining the manager's email from AD by using the sender attribute in the incident which is the employee's email address.

Here we will give an example of the configuration in the testing environment to send email notification to the manager:

1. In a SMTP incident, the value of the sender attribute is the sender's email address, we need to use this attribure to query the information of the sender's manager:

Manager_Email_Notification_00.png

2. Based on the testing environment, there are two users: dlp-test-user01 and dlp-test-manager. The dlp-test-manager is the manager of the dlp-test-user01:

Manager_Email_Notification_01.png

3. We can use a third-party LDAP browse tool, such as LDAP Browser, to find out the attributes' relationship between these two users in AD:

Manager_Email_Notification_02.png

Accordint to the screenshot above, the value of the Email Address of the employee is stored in the 'mail' attribute, and the 'manager' attribute is storing the base DN of the employee's manager.

Then we need to check the attributes of the manager:

Manager_Email_Notification_03.png

According to the screenshot above, we can find out that:

the value of the 'manager' attribute of the employee is the same to the 'distinguishedName' attribute of the manager.

That's mean we can use the employee's 'manager' to relate to the manager's 'distinguishedName'.

4. After find out the relationship of the attributes in AD, we need to create two Custom Attributes in DLP, named as 'TempManager' and 'ManagerEmail':

Manager_Email_Notification_04.png

The 'TempManager' is used to store the value of the employee's 'manager' attribute and manager's 'distinguishedName' attribute.

The 'ManagerEmail' is used to store the value of the manager's 'mail' attribute.

Remember to select the 'Is Email Address' during the creation of the 'ManagerEmail':

Manager_Email_Notification_05.png

5. In DLP, create a new Directory Connection to let the DLP Enforce connect to the AD:

Manager_Email_Notification_06.png

6. Then, we need to create the attribute lookup.

Add a new LDAP Loolup Plugin, select the 'Directory Connectiron' as the newly added one, and, on the 'Attribute Mapping', input the query as below:

attr.TempManager=:(mail=$sender-email$):manager

attr.ManagerEmail=:(distinguishedName=$TempManager$):mail
 
This query will tell the DLP to use the 'sender-email' attribute of the incident to find out the sender's (which is the employee's) manager attribute, and assign the value to 'TempManager'; then, use the 'TempManager' to find out the mail address of the manager.

Manager_Email_Notification_07.png

7. Modify the Lookup Plugin Execution Chain, and select to enable this newly added LDAP Lookup:

Manager_Email_Notification_08.png

8. Edit the Lookup Plugin Parameters, and select to enable the Sender parameter:

Manager_Email_Notification_09.png

9. Reload the plugins, and make suer the status of the newly added plugin is On:

Manager_Email_Notification_10.png

10. After all these configurations, we need to check out whether the attributes are lookuped correctly:

Manager_Email_Notification_11.png

11. At last, we need to create a response rule to send email notification to the manager.

During the creation of the Send Email Notification response, select the 'ManagerEmail' option:

Manager_Email_Notification_12.png

Note: 

It's because we create the ManagerEmail attribute as an Email Address that it can be used on the response rule.

Then, if an employee triger a SMTP incident, an email notification will be send to his/her manager.

We can check out the result on the history of the incident:

Manager_Email_Notification_13.png

 

Statistics
0 Favorited
8 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jun 20, 2014 11:26 AM

very helpful..thanks and God bless

Feb 13, 2014 07:25 AM

very helpfull article....so details steps

Related Entries and Links

No Related Resource entered.