Some customers want to know whether the DLP can send an Email notification to the manager if an employee trigger an incident. The answer is Yes.
This is some kind of workflow in DLP that can help the manager to master and improve the employee's behavior to avoid the data leak.
In order to send email notification to the manager, the DLP need to integrate with the Active Directory where the relationship between the employee and the manager is stored.
The basic principle of such kind of configuration is obtaining the manager's email from AD by using the sender attribute in the incident which is the employee's email address.
Here we will give an example of the configuration in the testing environment to send email notification to the manager:
1. In a SMTP incident, the value of the sender attribute is the sender's email address, we need to use this attribure to query the information of the sender's manager:
2. Based on the testing environment, there are two users: dlp-test-user01 and dlp-test-manager. The dlp-test-manager is the manager of the dlp-test-user01:
3. We can use a third-party LDAP browse tool, such as LDAP Browser, to find out the attributes' relationship between these two users in AD:
Accordint to the screenshot above, the value of the Email Address of the employee is stored in the 'mail' attribute, and the 'manager' attribute is storing the base DN of the employee's manager.
Then we need to check the attributes of the manager:
According to the screenshot above, we can find out that:
the value of the 'manager' attribute of the employee is the same to the 'distinguishedName' attribute of the manager.
That's mean we can use the employee's 'manager' to relate to the manager's 'distinguishedName'.
4. After find out the relationship of the attributes in AD, we need to create two Custom Attributes in DLP, named as 'TempManager' and 'ManagerEmail':
The 'TempManager' is used to store the value of the employee's 'manager' attribute and manager's 'distinguishedName' attribute.
The 'ManagerEmail' is used to store the value of the manager's 'mail' attribute.
Remember to select the 'Is Email Address' during the creation of the 'ManagerEmail':
5. In DLP, create a new Directory Connection to let the DLP Enforce connect to the AD:
6. Then, we need to create the attribute lookup.
Add a new LDAP Loolup Plugin, select the 'Directory Connectiron' as the newly added one, and, on the 'Attribute Mapping', input the query as below:
attr.TempManager=:(mail=$sender-email$):manager
7. Modify the Lookup Plugin Execution Chain, and select to enable this newly added LDAP Lookup:
8. Edit the Lookup Plugin Parameters, and select to enable the Sender parameter:
9. Reload the plugins, and make suer the status of the newly added plugin is On:
10. After all these configurations, we need to check out whether the attributes are lookuped correctly:
11. At last, we need to create a response rule to send email notification to the manager.
During the creation of the Send Email Notification response, select the 'ManagerEmail' option:
Note:
It's because we create the ManagerEmail attribute as an Email Address that it can be used on the response rule.
Then, if an employee triger a SMTP incident, an email notification will be send to his/her manager.
We can check out the result on the history of the incident:
