Adding filters to a DLP sensor

Chapter 15 Security Profiles : Data leak prevention : Creating/editing a DLP sensor : Adding filters to a DLP sensor

Once you have created a DLP sensor, you need to add filters.

1. To add filters to a DLP sensor

2. Go to Security Profiles > Data Leak Prevention.

3. Select the Sensor you wish to edit using the drop down menu or the sensor list window.

4. Within the Edit DLP Sensor window select Create New. A New Filter window should pop up.

5. Select the type of filter. You can choose either Messages or Files. Depending on which of these two are chosen different options will be available

Message filter will have these configuration options:

• [radio button] Containing: [drop down menu including: Credit Card # or SSN]

• [radio button] Regular Expression [input field]

Examine the following Services:

Web Access

• HTTP-POST

• [check box] SMTP

• [check box] POP3

• [check box] IMAP

• [check box] MAPI

Others

• [check box] NNTP

Action [from drop down menu]

• None

• Log Only,

• Block

• Quarantine IP address

Files filter will have these options:

• [radio button] Containing: drop down menu including: Credit Card # or SSN

• [radio button] File Size >= [ ]KB

• [radio button] Specify File Types

File Types: [“Click to add...”drop down menu of File extensions]

File Name Patterns:[“Click to add...”drop down menu]

• [radio button] File Finger Print : [drop down menu]

• [radio button] Watermark Sensitivity: [drop down menu] and Corporate Identifier [id field]

• [radio button] Regular Expression [input field]

• [radio button] Encrypted

Examine the following Services:

Web Access

• [check box] HTTP-POST

• [check box] HTTP-GET