Configure Forcepoint CASB cloud application assets for Forcepoint DLP policy usage

After the Forcepoint DLP and Forcepoint CASB integration is configured and the DLP Cloud Application license is active in Forcepoint CASB, a new Forcepoint Data Security DLP policy is added to the Data Leak Prevention quick policies list in the Forcepoint CASB management portal.

Enable and configure this policy to define which user activities should be monitored:

Steps

  1. In Forcepoint CASB, go to Audit & Protect > Security Policies > Data Leak Prevention.
  2. Select the cloud application (asset) from the list above the Dashboard.
  3. Expand the Forcepoint Data Security DLP policy.
    This policy is automatically set up with rules depending on the cloud application connection settings:

  4. Click the edit icon on the right side end of the rule.
  5. Edit the rule:
    1. Change the rule status to Enabled. When the status is Enabled, the on button is shown.
      If you want to disable the rule again, change the status to Disabled. When the status is Disabled, the off button is shown.
    2. Select the Severity.
    3. Select the User Actions to be flagged for this rule. You must select at least one action for the rule to work.
      If a user performs an action that matches the action selected here, Forcepoint CASB performs the selected mitigation.
      • For API-based activities, you can select download, upload, share, and external share.
      • For Proxy-based activities, you can select download and upload.
    4. Create and configure Notifications for this rule. For more information about notifications, see the “Configuring notifications” section in the Forcepoint CASB Administration Guide.
      Note: The Mitigation (Data Security Mitigation) is set in Forcepoint DLP on the Forcepoint Security Manager. When Data Security Mitigation is selected as the mitigation, the policy uses the Action Plan configured on the Forcepoint Security Manager.
  6. Click Save.
    Important: If you create custom policies for Forcepoint DLP in Forcepoint CASB, Forcepoint recommends that you disable the Data Leak Prevention security policy. If you have active custom policies and an active Data Leak Prevention policy, then the Data Leak Prevention policy takes precedence over the custom policies. This might cause reporting issues with the custom policies.