Data Loss Prevention Settings

This article consists of instructions on how to properly configure and customise the Filter settings in Email DLP Admin Console in order to best suit the environment of your organisation.

This guide is consists of three parts:

1) Define Mail Groups
2) Define Rule Groups
3) Define Filters

1) Define Mail Groups

This part of the guide is consists of three components:

a) Define Mail Groups
b) Add email address to exist Mail Groups
c) Delete Mail Groups

a) Define Mail Groups

☆ 1 - First, click "Filter" - "Define Mail Groups" in the left pane and click the "Create Mail Group" button.
 

☆ 2 - Enter "Mail Group Name" and "Comment" accordingly to the mail group that you desired to create and click "Register Email Address"

☆ 3 - Enter "Email Address List" and "Existing Email Address". Click the "Register" button.

1) Copy and paste email addresses to registerEnter email addresses separated by a new line in the blank input area.

2) Upload a file containing email addresses to registerChoose text file that contains Email addresses separated by a new line.

3) Remove the registered email addressIf you check this option, the existing registered email addresses will be entirely replaced by the email addresses written in "Email Address List" in the blank input space.

*Notes:
- Email addresses must be in lower case.
- Write Envelope-To or Envelope-From addresses in mail groups.
- A mail group is available in "Define Filters" and "Define Encryption Policy".
- A mail group that covers all email addresses is registered in advance. 

☆ 4 - Click "Register" button, Mail Group will be registered in the system.

b) Add email address to exist Mail Groups 

You can add additional email addresses to mail groups that had been already created. Click "Register Email Address".

 *Note - Setting contents is same as previous step.

c) Delete Mail Groups 

You can delete the mail groups. Check the mail groups you want to delete at the setting top page, and press the "Delete" button (The confirmation dialog will open).

*Note - If you delete the mail group, Filters and Encryption policies that uses the mail group will also be deleted.

2) Define Rule Groups

The Define Rule Groups itself are consists of three components:

a) Create Rule Groups
b) Define Rule
c) Other Settings

a) Create Rule Groups

☆ 1 - Click "Filter" - "Define Rule Groups" in the left pane, you can create/edit rule groups. Press "Create Rule Group" button.

☆ 2 - Enter "Rule Group Name" and "Comment". Click "Create Rule".
 

b) Define Rule

☆ 1 - In the "Action Related Settings" interface, there are a number of configurations such as : 

1) Rule Name : Enter the Rule name.
2) Comment : Enter the comment. 
3) 
Rule PriorityIt must be between 1 and 9999999999. A lower value corresponds to a higher priority. 
4) Action : Select the action such as:

  • Send : Send a email that matches the conditions.
  • Discard Discard a email that matches the conditions.
  • Request for Approval Suspend a email that matches the conditions and send a request for approval to the approver.
  • Suspend Temporarily : Suspend a email that matches the conditions and send it after the specified interval automatically. 

5) Notification : If you check the box, a notification will be sent "To Sender" or "To approver" or "To administrator". 

6) Additional Information :  Specify Additional Information such as:

  • Additional Bcc recipientsYou can specify the additional Bcc: header. Multiple email addresses can be specified, one per line. The maximum number of the addresses is 5.
  • Encrypt attachments : You can determine whether an attachment is encrypted.

  • Delay Time : You must specify a delay time for the temporary suspension.
  • Do not release the suspension automatically : You can determine whether the message remains suspended even if the delay time has passed. If the checkbox is checked, the delay time is disabled. It is used for self-approval.

  2 - In the "Rule Related Settings" interface, there are a number of configurations such as : 

1) Rule Conditions : Select the option as below:

  • Match all the following (AND)Select this option to apply all the conditions you define for a filter.
  • Match any of the following (OR)Select this option to apply any one of the conditions you define for a filter.
  • Match all messagesSelect this option to apply the conditions to all email.
  • Match messages that cannot be analyzedSelect this option to apply the conditions to all the unanalyzable email.

2) FieldSelect the option as below:

  • From:This is the From: header rather than the Envelope-FROM header.
  • To:This is the To: header rather than the Envelope-TO header.
  • Cc:This is the Cc: header.
  • Bcc:This is the envelope recipient except the email addresses that are found in "From:" and "Cc:" headers.
  • Subject:This is the Subject: header.
  • X-Mailer:This is the X-Mailer: header.
  • Optional HeaderYou can specify which header to search in.
  • Envelope ToThis is the Envelope-TO header, which is the RCPT TO parts of the SMTP conversation.
  • Message Body(include attachment(s))Select this option to inspect the message body and contents of attachments.   
  • AttachmentSelect this option to check if the attachment exists. 

 3) OperatorSelect the option as below:

  • is equal toThe action is executed when the search string is found in the field of a filtered message over specified number of times.
  • is not equal toThe action is executed when the search string is NOT found in the field of a filtered email
  • existsThe action is executed when the specified fields exist in a filtered message over specified number of times.
  • does not existThe action is executed when the specified field does NOT exist in a filtered email.
  • matches regular expressionThe action is executed when the field of a filtered email matches a regular expression to search for over specified number of times.
  • does not match regular expressionThe action is executed when the field of a filtered email does NOT match a regular expression to search for.
  • exists(if the Attachment is selected in the Field)The action is executed when the attachment exists.
  • does not exist(if the Attachment is selected in the Field)The action is executed when the attachment does NOT exist.

If the Attachment is selected in the Field, the following options appear.

  • with Content-TypeThe action is executed when the search string is found in the Content-Type of the attachment.
  • with filenameThe action is executed when the search string is found in the filename of the attachment.
  • contains password-protected dataThe action is executed when one or more attachments contain password-protected data.
  • is not supportedThe action is executed when the attachment is not supported or extracted.

4) ValueEnter your search string. If the "Operator" is "is equal to" or "is not equal to", it allows a query to search for a partial match of a word.

It supports following separators and regular expressions:

  • A vertical-bar (|) separator : allows query expressions to be logically OR.  
  • A regular expression : can be used to substitute for any other character or characters in a string.

                *   The preceding item will be matched zero or more times.
               ?   The preceding item is optional and matched at most once.
              [...]   A bracket expression: It matches any single character in the list.
         [...,...,...]   A set expression: It matches any set of character in the list.

*Notes
- It may take a long time to inspect a email if you specify the regular expression such as ".*" that matches lots of words.
- If the "Operator" is "matches regular expression" or "does not match regular expression", it allows a query to search by using regular expression as defined in POSIX 1003.2.

5) FrequencyEnter the count of search string("Value"). If it appears more than the number of matching the value, this condition is applied.   

*Note - You can set the "Frequency" when the "Field" is NOT "Attachment" but "Operator" is "is equal to", "exists", "matches regular expression" or "does not match regular expression".

☆ 3 - If you want to add another "Rule Conditions", click "Add" button. Or enter "File Size" and click "Register".

1) File SizeSpecify the size of the email messages you want to apply the rule to.The rule will be applied when the message is larger than the specified size.

☆ 4 - If you want to add a new Rule, click "Create Rule". Or if you finish editing "Rule Groups" click "Register" button.

d) Other Settings

☆ 1 - You can copy the "Rule Group" using the "Copy" button at the top page of "Define Rule Group".

The copied Rule Group (shown as ) is NOT a valid Rule Group until you click the "Edit" button and the group is generated by clicking the "Register" button.

☆ 2 - You can delete the Rule groups. At top page "Define Rule Group", check the rule groups you want to delete, and press the "Delete" button (The confirmation dialog will open).

*Note - If you delete the rule groups, Filters and Encryption Policies that uses the mail group will also be deleted. 

3) Define Filters

The Define Filters itself are consists of two components:

a) Define Filters
b) Other Settings

a) Define Filters

☆ 1 - At first, click "Filter" - "Define Filters" in the left pane, you can create/edit Filters. Press "Create Filter" button.

 ☆ 2 -In the "Create Filter" interface, there are a number of configurations such as : 

1) Priority : It must be between 1 and 9999999999. A lower value corresponds to a higher priority.
2) Sender : Sender is Envelope-From header rather than the FROM header. Select the Mail Group. If you select "All", you can specify all senders.
3) Recipient : Recipient is Envelope-To header rather than the TO header. Select the Mail Group. If you select "All", you can specify all senders.
4) Rule GroupSelect the Rule Group.

b) Other Settings 

☆ - You can delete the Filters. At top page "Define Filters", check the Filter you want to delete, and press the "Delete" button (The confirmation dialog will open).

          
Was this article helpful?

Frequently Asked Questions (FAQs)

Powered by Zendesk