For ITM / Endpoint DLP prevention rules, a notification policy lets you define an endpoint notification that will notify end users via about disallowed activities.
From 3.3.0.x, this feature is also available for macOS on request. Contact your Proofpoint representative.
Notification policies are assigned to one or more prevention rules. The notification appears as a pop-up message when an activity is blocked by a prevention rule.
From a prevention rule, you select the action:
-
Block the action
-
Prompt the user to provide a justification
Then you assign the notification policy to the rule. To create a Notification Policy for a prevention rule, do the following:
-
From the Proofpoint Information and Cloud Security Platform, select the Administration application. Select Integrations > Notification Policies.
-
Click New Notification.
-
In the For Endpoints area, click Create.
-
For Endpoint, configure the following in the Message tab:
-
Logo: Click Upload and select and upload the logo.
-
Subject: Modify the text in the Subject area.
-
Message: Enter a message in the Message area.
-
You can use any of the following variables. Click on the variable you want.
-
Rule Name
-
Application (process name)
-
Username
-
IP
-
Hostname
-
Time
-
-
Insert Link
-
Allow user to respond: Use this option to allow the user selects to select a response so the action will not be blocked.
-
Label above selection: In the text box, enter text you want to appear above the list of justifications.
-
Justifications: Click Add New Justification if you want to select a response from the list of justification in the Justifications page. (See Justifications.)
-
If you choose Allow User to enter freeform text reply, you can provide the text message you want users to see. If this is not selected, you choose the reply from the predefined list of texts.
-
-
-
Click Done.
