Personas workflow for DLP - The data security administrator and data security viewer are responsible for identifying DLP requirements for creating data-in-motion rules and investigating issues and cases. - Administrator Guide - Cortex - Cortex XDR - Cortex - Security Operations

Configuring Endpoint DLP Settings: Configure the settings according to your organization's needs.

Configuring sensitive data definitions: Identify and classify sensitive data (Data Profiles and Data Patterns).

Configuring policies: Setting rules to apply to sensitive data.

Investigate: Review and analyze DLP-related issues to gather information that will help reduce false positives, refine policies, and improve incident response and auditing.

Refine policies: Adjust DLP rules to be more accurate, reduce false positives, and cover new risks.

Investigate and remediate: For true incidents, stop the data loss and investigate what happened and why.

Document and report: Create a record of the incident for legal and compliance purposes.

Communicate and educate: Speak to the user involved and update security training to prevent future issues.