Justifications

Justifications are prompts that offer the user the option of continuing a prevented action by selecting a response.

Justifications are assigned to notification policies for prevention rules. When a justification is configured in the notification, it appears in a pop-up when the user attempts a blocked action. The user selects a justification to proceed.

The justification displays in the Data Security Workbench > Exploration, when you select the relevant activity. The justification displays in the right-hand panel.

Default vs Rule Level Justifications

Justifications at the Realm Level (Default)

When you enable endpoint notifications at the Agent Realm level, you must configure a default notification policy in the Default Notifications for Endpoint Activities option.

The default notification policy includes a message and a justification.

You can customize the justification text or use the system-defined ones.

To access this:

1. Go to Admin application > Endpoints > Agent Realms > Advanced Settings > End User Notifications,

   

2. Click View/Edit in Default Notifications for Endpoint Activities option.

3. In the Customize Message displays, scroll to Customize Justification.

4. Click Add New Justification and select justification(s) from the Observed Values. These are all Proofpoint created justifications.

   

Justification at the Rule Level

You can define justifications at the rule level. By creating a notification policy and assigning it to specific prevention rules, you can override the default notification set at the Agent Realm level. (If you do not set up notifications at the rule level, the Agent Realm notifications are used as the default.)

Justification for prevention rules is available for Windows only.

1. Assign the justification to an end user notification, select Integrations > Notifications Policies. Justifications are used with For Endpoint Activities.

2. In the Customize Justification area, enable Allow user to respond.

   

3. In the Justifications area, click Add New Justification. The list of Observed Values displays.

   

4. Select the justification from the list Observed Values and click Done.

5. Complete the steps for the end user notification and use it in a prevention rule.

Managing Justification

Justifications Page

The Justifications page contains justifications you create and maintain. The list also includes justification predefined by Proofpoint that you can use. (Proofpoint justifications cannot be changed.)

Since all justifications are listed in the Justification page, it is easy to reuse the same text in more than one end user notification.

From the Justifications page, administrators can create, modify, access and review justifications.

You can use the customized justification values and assign them to an end user notification for a prevention rule. This is useful if you want to assign the same justification to more than one end user notification.

The page includes a list of all the justifications, the text, who modified and created the justification and the date it was created and modified. You can search for a justification by all or part of its text. You can reuse the same customized responses for multiple prevention rules.

Adding a Custom Justification

You can create a justification in the justification page.

1. From the Administration application, select Definitions > Justifications.

2. From the Justifications page, click New Justification.

3. In the Default text box, enter the text you want.

4. If you want to add language variants of the Justification, click Add Language.

5. Select the language from the list.

6. Add the justification in the relevant language text box.

   

7. In the New Justification panel, enter the text you want in the Value field and click Save.

   

 

---

Related Topic:

ITM / Endpoint DLP Prevention Rules