I understand that when a DLP policy triggers a DLP notification is sent to an auditor (Whom we specify) to check the notification and take the necessary action.
The first rule in the DLP policy is configured to allow sites that are part of the “Allow DLP” URL category without notifying the auditor, therefore bypass all below DLP rules.
I am looking for a way to embed a link in the DLP notification, when clicked, adds the reported site to the “Allow DLP” URL category instead of logging to Zscaler portal and adding the site the URL category manually. We don’t want to give the auditor access to Zscaler portal.
I am aware of a 3rd party software “Splunk Phantom”, but it is too advanced for such a simple feature.