Netskope DLP when posting on ChatGPT

  • 11 August 2023
  • 4 replies
  • 59 views

Badge

I have few alerts triggered for the policy that I have created for DLP related policy when user post on ChatGPT.
However, I am unable to know the exact reason why the alert was flagged. Also, I cannot view the content/part of the content of the post that was considered as a DLP violation. 

How and where can I view these details?

 

Regards,

Thomas


4 replies

Userlevel 4
Badge +12

Enable Forensics in Netskope and you'll have access to the actual content people submitted to ChatGPT. 

Doing DLP without Forensics enabled is extremely risky since there is an extremely high ratio of false-positives with pre-built DLP profile/rules. You want to be certain your matches are working as expected before enabling block actions.

Userlevel 6
Badge +16

@thomasmichael,


As @nduda mentioned, the Forensics capability of the Netskope platform captures this data as the incident is generated and forwards it to a repository you own (AWS S3 Bucket, Sharepoint, etc) as Netskope does not store this data.  For additional info on this capability see:

https://docs.netskope.com/en/netskope-help/data-security/forensics/

Once enabled, this data can be viewed in DLP Incidents page.  One other item to keep in mind is that you can optionally enable Original File Access which also takes a copy of the original object and stores it in Forensics as well but this is behind a feature flag that you can request be enabled:

https://docs.netskope.com/en/netskope-help/admin-console/incidents/about-dlp/downloading-dlp-incident-files/

It's not applicable for ChatGPT as the original object is a message in the browser rather than an actual file but it's helpful for file based objects. 



Badge

By enabling the Forensics capability will this have any performance impact?

Userlevel 6
Badge +16

@thomasmichael,

I am not aware of any performance impact with this change.  This forensics capture happens in conjunction with the DLP scan so it's not adding additional data processing beyond the copy from the DLP engine to your forensics repository.  

Reply