This guide takes you through the configuration steps you need to complete to begin using the Zscaler real-time Data Loss Prevention (DLP) for your organization. Because Zscaler real-time DLP uses Zscaler DLP tools to monitor and prevent the leakage of sensitive data in Webex Teams messages and files, Zscaler recommends reading the following articles before you begin configuring your real-time DLP policy.

• About Data Loss Prevention
• About DLP Dictionaries
• Understanding Predefined DLP Dictionaries
• About DLP Engines
• About Zscaler Incident Receiver
• What Is Workflow Automation?

Configuring Zscaler Real-Time DLP

To configure Zscaler Real-time DLP, complete the following steps:

• Step 1: Complete Prerequisite Tasks

  Ensure that Internet & SaaS is fully configured for your organization.

  Close
• Step 2: Configure Company Profile

  Ensure that your company details are set up in your Company Profile. To learn more, see Configuring the Company Profile.

  Close
• Step 3: Add Webex Teams as a SaaS Application Tenant

  Adding Webex Teams as a SaaS application tenant is the first step in setting up your real-time DLP policy. You can use the tenant you create to configure your real-time DLP policy that protects your organization from data loss by monitoring and taking action on sensitive data that end users include in their Webex Teams messages and the files users might attach to those messages. Adding Webex Teams as a SaaS application tenant allows the Zscaler service to act as a smart host where Webex Teams can send messages and files for content inspection.

  To learn more, see Adding SaaS Application Tenants.

  Close
• Step 4: Configure DLP Policy Rules

  You can use Zscaler's DLP engines to detect data and allow or block messages and files. If you don't use Zscaler DLP engines, the service functions instead as a filter, only flagging content based on specific criteria.

  The Data at Rest Scanning DLP policy allows you to create rules to discover and protect sensitive data at rest in sanctioned SaaS applications. Webex Teams messages are managed by configuring web DLP policies, while file attachments are managed by configuring the Data at Rest Scanning DLP policies.

  To learn more, see Configuring DLP Policy Rules with Content Inspections and Configuring the Data at Rest Scanning DLP Policy.

  Close
• Step 5: Configure Scan Configuration

  In order for the Data at Rest Scanning DLP policies to inspect content in sanctioned SaaS applications, you must create SaaS Security scan schedules.

  To learn more, see About SaaS Security Scan Configuration.

  Close
• (Optional) Step 6: Use Zscaler Workflow Automation to Manage and Resolve Incidents

  If you configured an Incident Receiver as part of your real-time DLP policy rules, you can integrate it with Workflow Automation to capture and remediate incidents generated by policy violations.

  To learn more, see About Incidents.

  Close
• (Optional) Step 7: Configure NSS Feeds

  You can configure Nanolog Streaming Service (NSS) feeds to specify the data from the Zscaler real-time DLP policy logs that the NSS sends to your security information and event management (SIEM) system.

  To learn more, see About NSS Feeds.

  Close
• Step 8: Monitor Activity with Dashboards and Reports

  You can use Zscaler Insights and SaaS Security Insights Logs and reports to gain visibility and insight into your organization's messaging activity. You can view the logs for messages that triggered the inline DLP rules in the Web Insights Logs for Webex and you can view the logs for files that triggered the real-time SaaS Security DLP rules in the SaaS Security Insights Logs page for Webex.

  To learn more, see About Insights Logs and About SaaS Security Insights Logs.

  Close