Applying Notification Policies for CASB

The following are suggested templates that can be used to notify the Admin team and end users.

For more details about notification policies, see Creating a Notification Policy for a Rule.

CASB Admin Notification

This suggested template can be used to notify the team provisioning the solution about new alerts.

Recipients

Set the recipients based on your needs

Subject

{{event.entity.suite}} Alert from Proofpoint team -

Body

Dear Admin,

An alert for the following activity was generated: {{event.incident.name}}

File: {{event.resources.[0].name}}

Alert Severity: {{stringLastElementByDelimiter event.incident.severity delimiter=':'}}

User: {{event.user.email}}

Cloud Service: {{event.entity.suite}}

Alert Time: {{event.event.createdAt}}

Event Time: {{event.event.occurredAt}}

User Agent: {{#if event.remote.client.agent.description}}{{event.remote.client.agent.description}}{{else}}N\A{{/if}}

Device: {{#if event.remote.client.device.kind}}

{{stringLastElementByDelimiter event.remote.client.device.kind delimiter=':'}}{{else}}N\A{{/if}}

Risk Level: {{stringLastElementByDelimiter this.risk.level delimiter=':'}}

Description: {{#if this.description}}{{this.description}}{{else}}{{this.name}}{{/if}}{{/filter}}

To find more regarding this alert, please click <a href={{#if config.vanityExploreZoneName}}https://{{event.feed.details.tenant.alias}}.{{config.vanityExploreZoneName}}{{else}}{{config.externalURL}}{{/if}}{{#if event.incident}}/v2/apps/search/incidents/new/search?fqid={{else}}/v2/apps/search/activities/new/search?fqid={{/if}}{{event.fqid}}&region={{event.feed.region}}>here</a>

Thank you,

The Proofpoint team

CASB End-User Notification

This suggested template can be used to notify end-users about alerts that were triggered related to their activities.