Hi Community Members,
I have recently deployed cloud exchange in my organization, and integrated few plugins, however I need further support on implementing business rule to a monitored email box for the SOC team to pick up. At this stage, I am looking to maintain a simple workflow.
- Deployed Cloud Exchange and integrated with my tenant.
- Have the plugins of Notifier & Netskope ITSM configured
- Able to receive "ALL" the alerts from Netskope tenant to cloud exchange
My further requirement as below:
- When a Web-access category is denied for a user, he may proceed with a suitable justification with "Justify Usage" or "Report False positives" description box enabled (by means of Email notification template) - I have configured this. (Completed)
- I need only the "Justify Usage" notification alerts to be received by the Cloud Exchange vs Compared to "All" the policy alerts being received by Cloud exchange - How do I tweak it ? I need to minimize the log flow here, since not much value on generic allow/deny logs in cloud exchange system. (Completed) . Found a better way, and filtered this at plugin level itself, and hence to avoid noise and overwhelm the CE resource. I have observed from the logs that "Justification Type" string parameters has "justification" and "falsepositive". Also, I have noticed the chrome/firefox browser webpages refresh on the user block page, and the alert reports Justification Reason as "N/A". Please find attached snapshots for better understanding.
- I am looking for a simple Business workflow setup, such that "Justify Usage" alerts received on the Cloud Exchange should trigger an email alert to my shared/monitored email box (pre-configured in Notifier plugin). (Work in progress - Awaiting assistance from this forum)
- Any detailed use-case guidance on "Queue" configs (Work in progress - Awaiting assistance from this forum)
Awaiting directions from the community experts.