Customizing Notifications
Notifications sent to users can be customized to match your organizational culture and needs. It is important to maintain an impersonal and nonjudgmental format.
When you handle an incident:
-
Focus on the issue.
-
Focus on helping users change future behavior.
User notification contains this:
-
The data as an attachment (if an email).
-
A subject/title that lets the user know this incident should be handled quickly.
-
If the data was a zip file, the email lists the zipped files and explains why they should not be transmitted.
-
Explanation of what is being done. For example:
The message is being held until further action.
>
Best Practice - Explain that the data may be read by others, for the protection of organization-wide data or legal compliance.
-
Links to the Self Incident-Handling Gaia Portal
Web interface for the Check Point Gaia operating system., to continue, discard, or review the offending transmission. -
Link to the corporate information security guidelines.
-
The main body of the email explains the rule
Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. For example:The attached message, sent by you, is addressed to an external email address. Our Data Loss PreventionData Loss Prevention system determined that it may contain confidential information.
To include more information, add these fields:
|
Field |
Description |
|---|---|
|
Part name |
Location of the data in violation: Email's Body or the name of the attachment |
|
Rule name |
Name of the rule that matched the transmission |
|
Data objects |
Name of the Data Types that represent matched data in the transmission |
The next fields are applied to emails that match Unintentional Recipient or External BCC rules.
|
Field |
Description |
|---|---|
|
Internal Recipients Number |
Number of intended destinations inside My Organization |
|
External Recipient |
List of external addresses (user@domain.com) in the destination |
Customizing Notifications to Data Owners
To change the text of a notification to Data Owners:
-
In SmartConsole
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > DLP and click Open DLPPolicy in SmartDashboard.SmartDashboard
Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab. -
From the navigation tree, click Policy.
-
Right-click in the Track column of a rule and select Email.
The Email window opens.
-
Click Customize and enter the text for the email message.
-
Click OK.
-
Click Save and then close SmartDashboard.
-
In SmartConsole, install policy.
Customizing Notifications for Self-Handling
To change the text of a notification to users to handle an incident:
-
In SmartConsole, select Security Policies > Shared Policies > DLP and click Open DLPPolicy in SmartDashboard.
SmartDashboard opens and shows the DLP tab.
-
From the navigation tree, click Policy.
-
Right-click in the Action column of a rule and select Edit Rule Notification.
To notify the user and pass the data, change the action to Inform User.
-
In the window that opens, change the text with your own message to fit the rule. You can use text or variables.
-
Click OK.
-
Click Save and then close SmartDashboard.
-
In SmartConsole, install policy.