Webex Messaging (Teams)
Table of Contents
- Introduction
- Policies
- Exposure Settings for Webex messaging (Teams)
- Ownership section in Webex Messaging (Teams)
- Response Actions
- Incident Examples
For prerequisites and installation steps for Webex, see Webex Quick Start Guide
Introduction
Cloudlock for Webex supports a monitoring scope for organizations wanting to customize which users are monitored. You can configure your monitoring scope in the Platforms tab of the Settings page by selecting the Webex platform. You have the option to monitor files of all users, specific users, or all users with the exception of specific users. Adding a list of domains will monitor the selected scope within those domains.
Monitoring Scope
Monitoring scope applies only to Webex Messaging (Teams).
Policies
Data Loss Prevention (DLP)
- Write your own: Predefined Policies
- Build your own: Context Only
- Build your own: Custom Regex
User Events and Behavior Analytics (UEBA)
- Build Your Own: Event Analysis
Events Analysis
Please note that only Platforms, Events, Users and Exposure fields are available for Events Analysis policies for Webex.
Exposure Settings for Webex messaging (Teams)
Monitor content that is exposed to users other than the owners, as selected. Exposure categories are specific to each platform.
Exposure Settings
In the Webex Messaging (Teams) page, under Exposure Settings:
Shared with any External User
A violation is triggered in the following situations:
- The message is posted in a direct space with an external user.
- The message is posted in an internal group space with at least one external user.
- The message is posted in an external group space.
A violation is not triggered in any of the following situations:
- The message is posted in a direct space with an internal user.
- The message is posted in an internal group space with only internal users.
- The message is posted in an external group space with only internal users.
Shared with any users outside the domain(s) in Settings
A violation triggers if one or more users in the space is not part of the domains mentioned in the Monitoring Scope Settings.
Specific Shares
A violation is triggered in the following situations:
- The participating user or space is mentioned here.
- The participating space classification belongs to the classification name mentioned here.
- The user domain is one of the domains mentioned here.
- The participating Webex group, including synced Active Directiory (AD) group is mentioned here.
Specific shares
- Only spaces created by the Webex Teams Admin who authorized Cloudlock can be selected for policy-specific monitoring.
- If a group is selected in exceptions along with another user or group being selected in specific shares, then specific shares will take precedence.
Ownership section in Webex Messaging (Teams)
Monitor content owned by listed users, user lists (limit of 5), and Webex groups (including Active Directory groups synced within Webex).
Ownership Settings
In the Webex Messaging (Teams) page, under Ownership Settings:
Specific Users
A violation is triggered in the following situations:
- The selected user sends the message or file.
- The user belonging to the selected group sends the message/file.
Specific users
If a group is selected in exceptions along with another user or group being selected in specific users, then the exception will take precedence.
Response Actions for Webex Teams Violations
Delete Message and/or File
Deletes a message or attachment with sensitive information (according to the policy's configuration.)
Limitations and Parameters
Only messages and files from internal users can be deleted. Messages and files from external users will be deleted from the internal chat space (for internal viewers) but external users will still be able to view the message or file.
Example Scenarios:
A) User A and User B are both part of an organization monitored by Cloudlock.
- In a private chat with User B, who is also in this organization, User A posts a message that violates a policy and triggers this response action. The message will be deleted from the chat and not visible to either user.
- In a group chat or space with other internal users, User A posts the same message which violates the policy. The message is deleted from the group space and no user can view it.
B) User A is part of an organization monitored by Cloudlock, while User C is an external user from an organization not monitored by Cloudlock.
- If User A posts a message which violates a policy and triggers this response action, the message is deleted and neither party can view the message.
- If User C posts a message in the chat that violates the policy and triggers this response action, the message is deleted from User A's view of the chat, but cannot be deleted from the external user.
C) User A and User C are part of a group space that contains mostly internal users and some external users.
- User A posts a message that violates a policy. The message is deleted from the space and no user is able to view the message.
- User C posts a message in the chat that violates the policy. The message is deleted from the space but only internal users cannot view the message; any external users will still see the message in the chat.
Notify Admin via Message
Sends a Webex Teams customizable message to specified users when a Webex Teams incident is triggered.
Notify User via Message
When a Webex Teams incident is triggered, it sends a customizable message to the user that triggered the incident via Webex Teams.
Notify Admin or User by Message
Please note that the Notify Admin by Message and Notify User by Message response actions cannot perform if external messaging is blocked. The option to block external contacts from Team Spaces must remain unchecked for either action to occur. This setting can be found in the Cisco Webex Teams Control Hub.
Remove User
Removes the user that triggered an incident from the Team Space.
Exceptions:
- Users in direct messages cannot be removed.
- Moderators of a Space or Team cannot be removed.
- If a user is removed from a Team’s default space General, the user is also removed from all other spaces within that Team.
Incidents
Webex incidents include all the same details as other platforms' incidents, and add the space where the attachment or post was made. For direct messages, the field will say Direct with an ID of the chat between the two users.
For messages posted in spaces, the name of the space and the ID number is listed.
The space is listed as the collaborator as everyone with access to that space has access to the post or attachment.
If the participating space has an associated classification, the name of the classification will be listed.
Examples- DLP
An incident that violated a custom regex policy (US SSN) when the user attached a word document with social security numbers.
A similar policy was violated when a social security number was posted in a chat space.
Examples - Events Analysis
Member Added to Webex Messaging
Member Deleted from Webex Messaging
Member Promoted to Moderator
File Preview
File Download
File Upload
Updated about 1 month ago