DLP Notification - One Click White listing possible?

(Omar ) #1


I understand that when a DLP policy triggers a DLP notification is sent to an auditor (Whom we specify) to check the notification and take the necessary action.
The first rule in the DLP policy is configured to allow sites that are part of the “Allow DLP” URL category without notifying the auditor, therefore bypass all below DLP rules.

I am looking for a way to embed a link in the DLP notification, when clicked, adds the reported site to the “Allow DLP” URL category instead of logging to Zscaler portal and adding the site the URL category manually. We don’t want to give the auditor access to Zscaler portal.

I am aware of a 3rd party software “Splunk Phantom”, but it is too advanced for such a simple feature.

(Thomas Quinlan) #2

Hi Omar,

What you’re looking for could likely be scripted with access to the Zscaler API. More information is here:


Access to the API is not yet generally available but you can request it via a support ticket or your partner/sales rep.

1 Like
(Omar ) #3

Thanks for link, this is really helpful.