Slack Canvas is one of the recently released features in Slack, and Slack Securlet in Cloudsoc fully supports it.

This article goes through an example on how to configure a DLP policy and what to expect.

Slack Securlet is activated.

Slack Securlet fully supports Slack Canvas, all of the supported activities on Canvas are populated to Investigate, Content inspection policies can also be configured on any object in Canvas.

Canvas objects is treated as a file object, the response action supported on it is "Quarantine", and Canvas can be restored after being quarantined from Slack Dashboard if needed.

The exception to that is the Comments made on Canvas itself, those are treated as messages and the response action supported on them is "Delete" which can not be restored once applied.

Here is an example on how to configure a DLP policy on Slack Canvas:

1- DLP Policy

Any content inspection rule can be used (Keyword, PII, PCI..etc), in this example, an SSN Policy has been used.

2- Sample Data Entered as Free Text Field

Entered a PII data which contains SSN (masked) as a free text in Canvas

3- Investigate Events including Incident

The "Slack Edit" event was populated in Investigate, the data is sent to DLP for Content inspection and it triggered the policy as expected.

4- DLP Incident

The DAR Incident in DLP shows the meta data of the incident with more details

5- Restore

If needed, the quarantined Canvas can be restored from Slack Securlet Dashboard in Cloudsoc console.