AIP question on alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-253833%22%20slang%3D%22en-US%22%3EAIP%20question%20on%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-253833%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20starting%20to%20switch%20over%20from%20labelling%20and%20classification%20In%20the%20S%26amp%3BC%20centre%20over%20to%20AIP%20(pending%20the%20hopefully%20soon%20integration%20of%20the%20two).%3C%2FP%3E%3CP%3EIn%20the%20S%26amp%3BC%20DLP%20I%20can%20set%20alerts%2C%20so%20for%20example%20if%20someone%20attempts%20to%20send%20out%20a%20bunch%20of%20Credit%20Card%20data%20I%20can%20get%20an%20alert%20emailed%20to%20an%20admin.%3C%2FP%3E%3CP%3EI%20cannot%20find%20how%20to%20do%20this%20in%20AIP%2C%20where%20can%20I%20configure%20alerts%3F%20All%20I%20can%20find%20is%20Powershell%20stuff%20around%20interrogating%20the%20logfiles.%3C%2FP%3E%3CP%3EI%20hope%20I'm%20missing%20something%20really%20obvious!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-253833%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-256565%22%20slang%3D%22en-US%22%3ERe%3A%20AIP%20question%20on%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-256565%22%20slang%3D%22en-US%22%3E%3CP%3EAIP%20can%20auto%20classify%20based%20on%20sensitive%20information%20types%20such%20as%20PCI%20which%20will%20apply%20access%20permissions%20to%20the%20document.%20Users%20not%20allowed%20access%20could%20not%20get%20access%2C%20even%20if%20emailed%20the%20document%2C%20unless%20you%20use%20AIP%20P2%20which%26nbsp%3Bhas%20ability%20for%20business%26nbsp%3Busers%20to%20provide%20permission%20overrides%20with%20a%20business%20justification.%20Then%20you%20would%20want%20to%20explore%20the%20Azure%20and%20Office%20365%20audit%20logs%20for%20capturing%20and%20alerting%20on%20the%20override.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20are%20trying%20to%20audit%20and%20train%20business%20users%26nbsp%3Bwho%20email%26nbsp%3Ban%20AIP%20document%20to%20an%20unauthorized%20user%2C%20despite%20the%20recipient%20being%26nbsp%3Bnot%20able%20to%20access%20the%20document%2C%20I%20would%20explore%20Exchange%20transport%20rules%20to%20see%20if%20you%20can%20apply%20an%20alert%20looking%20for%20the%20AIP%20classification%20on%20the%20document.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-254038%22%20slang%3D%22en-US%22%3ERe%3A%20AIP%20question%20on%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-254038%22%20slang%3D%22en-US%22%3E%3CP%3EThere's%20no%20such%20functionality%20within%20AIP%2C%20stick%20to%20using%20the%20DLP%20controls%20in%20the%20SCC.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Mike Rowland
Contributor

I'm starting to switch over from labelling and classification In the S&C centre over to AIP (pending the hopefully soon integration of the two).

In the S&C DLP I can set alerts, so for example if someone attempts to send out a bunch of Credit Card data I can get an alert emailed to an admin.

I cannot find how to do this in AIP, where can I configure alerts? All I can find is Powershell stuff around interrogating the logfiles.

I hope I'm missing something really obvious!

2 Replies

There's no such functionality within AIP, stick to using the DLP controls in the SCC.

AIP can auto classify based on sensitive information types such as PCI which will apply access permissions to the document. Users not allowed access could not get access, even if emailed the document, unless you use AIP P2 which has ability for business users to provide permission overrides with a business justification. Then you would want to explore the Azure and Office 365 audit logs for capturing and alerting on the override.

 

If you are trying to audit and train business users who email an AIP document to an unauthorized user, despite the recipient being not able to access the document, I would explore Exchange transport rules to see if you can apply an alert looking for the AIP classification on the document.

 

 

 

 

 

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies