Notifications

Notifications

Notifications are an optional but significant element of a data protection rule that enable effective informing of administrators and end users about security-related events in the system. Adding notifications increases transparency of rule operation and enables quick response to incidents.

After adding actions, the user can enable the notifications section to configure appropriate alerts, e-mails, or other messages displayed in the system.

If you do not want to define notifications, select the option No action and proceed to the next step - Assign to policy.

New data protection rule step by step - Notifications

1

Enabling notifications

After adding actions, the next optional step is adding notifications. To enable this step, toggle the switch in the field “...and send a notification.”

2

Selecting the notification type

After activation, a window opens with notification options. The following options are available:

• Log

  • Display a notification in the system for the specified device.

• Admin alert

  • Send an e-mail message to the specified address or addresses.

  • Requires entering:

    • E-mail address,

    • Notification content.

• Notify end user

  • Display a pop-up on the user's workstation with the provided message.

• Warn user

  • Display a window in the center of the screen that overlays the user's active windows. The message must be closed manually by the user.

3

Notification parameterization

If notifications are added as part of the configuration, additional information must be provided:

• Message content – The message that will be displayed or sent.

• E-mail addresses – For e-mail notifications, one or more recipient addresses must be provided.

4

Adding multiple notifications (optional)

Similar to actions, multiple notifications can be added. All of them are executed simultaneously, according to the logic.

Depending on the selected trigger, available parameters will vary in subsequent steps.

Parameters in DLP policy notifications serve to provide the administrator or end user with precise information about the event that triggered the policy. They ensure the message is not generic but contains specific data - what happened, where, when, and who was responsible. This facilitates rapid assessment of the situation, incident response, and subsequent analysis and reporting.

When an event occurs, the system automatically substitutes current parameter values into the notification content according to the policy configuration.

Available parameters:

• Date and time of the event - allows precise determination of the incident time and correlation with other system events.

• Computer name - enables quick identification of the device on which the event occurred.

• Logged-in user - indicates who performed the operation at the time of the event.

• Process name - informs which application or process executed the operation.

• Process directory - allows verification of the process launch source and differentiation between system and custom applications.

• File name - identifies the file related to the event.

• File directory - shows the file location, which is important when analyzing sensitive areas of the system.

• Old file name - enables detection of attempts to hide a file by renaming it.

• Old file directory - allows checking where the file was moved from.

• File size (B) - helps assess the scale of the event, e.g., during copying or exfiltration of data.

• Operation - specifies which action was performed, e.g., copy, delete, or write.

• Type of storage media - indicates on which medium the operation was performed, e.g., local disk, USB, or network resource.

After configuring notifications, the data protection rule creation process is completed. To save the rule, select the button Assign to policy. Then the rule will be assigned to the selected policy, and the user will be taken to the main policy view where existing rules can be managed or new ones created.