(New) Email DLP Admin Console Guide

This article consists of instructions on how to properly configure and customize the Filter settings in Email DLP Admin Console in order to best suit the environment of your organization.

This guide is consists of three parts:

1) Define Address Groups
2) Define Rule Groups
3) Define Filters

1) Define Address Groups

a) Create Address Group
b) Edit Address Group
c) Delete Address Group
d) Synchronize email group from G-Suite/Office365

a) Create Address Group

☆ 1 - Go to "Define Address Groups" under "Account" menu in the left pane and click "+ Create".
Untitled.png

☆ 2 - Enter "Group Name" and list of email addresses in the "Addresses" field. After input all the addresses, click "+ Create" to create the Address Group.

Untitled.png

*Notes:
- Email addresses must be in lower case.
- Please input Envelope-To or Envelope-From addresses in mail groups.
- Address Group will be used in "Define Filter" and "Define Encryption Policy" menu.

b) Edit Address Group

You can add or edit email addresses in the Address Group by clicking on the pencil icon on the right side as shown in the image below.

Untitled.png

c) Delete Address Group 

You can delete the Address Group by clicking on the trash bin icon on the right side as shown in the image below. The confirmation dialog will appear. Click "Delete" again to confirm deleting Address Group

Untitled.png

*Note - If you delete the Address Group that is in Use, the Filters and Encryption policies that use this Address Group will also be deleted.

2) Define Rule Groups

a) Create Rule Group
b) Add New Rule
c) Edit/Delete Rule

a) Create Rule Group

☆ 1 - Go to "Define Rule Groups" under "Filter" menu in the left pane => Click "+ Create" to create a new Rule Group.

Untitled.png

☆ 2 - Enter the Group Name => Click "+ Create"

Untitled.png 

b) Add New Rule

☆ 1 - Go to the Rule Group that you have just created => Click on the Arrow icon => Click on the Plus sign to add Rule to the Group : 

Untitled.png

Untitled.png

1) Rule Name: Enter the Rule name.
2) 
PriorityThe priority must be between 1 and 9999999999. A lower value corresponds to a higher priority. 
3) Action: Select the action such as:

Untitled.png

 

  • SendSend directly right away.
  • SuspendSuspend email for a period of time before releasing out the email. 
  • DiscardDiscard the email right away. 

4) Additional Information: When Action is selected, the Additional Information field will be displayed differently depending on the Action selected.

Untitled.png

Untitled.png

  • Additional Bcc recipientsYou can specify the additional Bcc: header. Multiple email addresses can be specified one address per line. The maximum number of addresses allowed is 5.
  • Encrypt attachments: You can specify whether the attachment file should be encrypted or not.
  • Suspension Time (Minutes): If "Suspend" is selected, you are required to specify the period of time the email shall be suspended before being released automatically.
    • Do not release the suspension automatically: You can determine whether the email shall remain suspended even if the Suspension Time has passed. If the checkbox is checked, the Suspension Time will be disabled. Note that the email can remain in the suspension period for up to 10 days before being deleted.
    • Visible to people in From Address Group: If this option is selected, when the email matched the rule, the email will be shown in the Suspension mailbox (Group) of other members who are of the same Address Group as the sender. Other members can "Send", "Discard", and "Stop" the email on behalf of the sender. (Reference: HDE Email DLP User Console Guide)

Untitled.png

Note: If "Discard" is selected, the Additional Information will not be displayed.

  2 - Below the Additional Information, there are a number of configurations as shown below: 

Untitled.png

1) Notification: Set notification email to be sent to the sender.
2) Rule Conditions

Untitled.png

  • Match all the following (AND)Select this option to apply all the conditions you define for the filtering rule.
  • Match any of the following (OR)Select this option to apply any one of the conditions you define for the filtering rule.
  • Match all messagesSelect this option to apply the conditions to all emails.

3) Target: Select one option below to specify the email that shall be filtered by:

Untitled.png

  • To: Email addresses in the To: field
  • Cc: Email addresses in the CC: field
  • To/CC: Email addresses in the To: or Cc: field
  • SubjectSubject of the email
  • Optional HeaderSpecify by which header to search the keyword from.
  • Envelope-To: Email addresses in Envelope-TO header. Note that it is the RCPT TO part of the SMTP communication.
  • Envelope FromEmail addresses in Envelope-FROM header.
  • Message Body(include attachment(s))Select this option to inspect for the keywords contained in message body and attachments.   
  • AttachmentSelect this option to check if the attachment exists or not. 

If one of the followings (To:) or (Cc:) or (To/Cc:) is selected, the two options for specifying the type of Pattern will be displayed as shown above.

  • Email Address: Specify by email address (example of value in Pattern field: "aaa@example.com")
  • Domain Part: Specify by domain address (example of value in Pattern field: "@example.com")

Untitled.png

If "Optional Header" is selected, the field for specifying the Header will appear as shown above. You can refer to this article for how to set Optional Header: What is Optional Header for?

Untitled.png

 4) Predicate: Select the option as a predicate between the Target and Pattern fields:

Untitled.png

  • exists: Apply the rule if the value in the Pattern field "exists" in the Target selected.
  • does not exist: Apply the rule if the value in the Pattern field "does not exist" in the Target selected.
  • matches regular expression: Apply the rule if the Target "matches the regular expression" value specified in the Pattern field.
  • does not match regular expression: Apply the rule if the Target "does not match the regular expression" value specified in the Pattern field.
  • exists in address groupApply the rule if the Target exists in the address group.

Note that if "exists in address group" option is selected, the Pattern field will be shown below for selecting the Address Group.

Untitled.png

If "Attachment" is selected in the Target field, the following options will appear in Predicate.

Untitled.png

  • with filenameApply the rule if the value set in Pattern field is found in the filename of the attachment.
  • with Content-Type: Apply the rule if the value set in Pattern field is found in the Content-Type of the attachment.
  • are all password-protected data: Apply the rule if all attachments are password-protected data.
  • contains password-protected data: Apply the rule if one or more attachments are password-protected data.

5) Pattern: Enter the email address, domain address, keyword or regular expression you wish to apply as a rule condition.

The following separators and regular expressions can be used in this field:

  • (|) Vertical bar separator: this acts as a logical OR. (Ex. "aaa@example.com|bbb@example.com")
  • Regular expression: can be used to substitute for any other character or specific characters in the string.

                *   The preceding item will be matched zero or more times.
               ?   The preceding item is optional and matched at most once.
              [...]   A bracket expression: It matches any single character in the list.
         [...,...,...]   A set expression: It matches any set of character in the list.

*Notes
- It may take a longer time for HDE Email DLP system to inspect an email if you use a regular expression that matches with most characters and numbers such as ".*"
- If the Predicate is selected as "matches regular expression" or "does not match regular expression", it allows a query to search by using the regular expression as defined in POSIX 1003.2.

6) CountSpecify the frequency of the value you have input in the Pattern field. For instance, if the keyword "Confidential" is set in Target field and the Count is set as "3", the email that contains the word "Confidential" more than 3 times will be applied to this rule.

*Note - You can set the "Count" when the "Target" is NOT "Attachment" and the "Predicate" is one of the following: "exists", "matches regular expression" or "does not match regular expression".

☆ 3 - If you want to add another "Rule Conditions", click "+ Add" button on the right side. 

Untitled.png

1) Message Size(KB): You can specify the size of the email messages you want to apply the rule to. The rule will be applied when the message is larger than the specified size.

After specifying all the conditions, click "+ Add" to create the Rule.

Untitled.png

☆ 4If you want to add a new Rule to the Rule Group, click the Plus sign on the right bottom of the Rule Group.

Untitled.png

c) Edit/Delete Rule

 - You can Edit the Rule by clicking on the Gear icon, and Delete by clicking on the trash bin icon as shown below.

Untitled.png

 

3) Define Filters

a) Create Filter
b) Edit/Delete Filter

a) Create Filter

☆ 1 - Go to "Define Filter" under "Filter" menu in the left pane. Click "+ Create" to create a new Filter.

Untitled.png

 ☆ 2 -In the "Create Filter" window, you can specify the followings: 

Untitled.png

1) Priority: The priority must be between 1 and 9999999999. A lower value corresponds to a higher priority.
2) Sender: Select the Address Group for the filter. You can select "All" if you wish for the rule to be applied to all senders.
3) Recipient: Select the Address Group for the filter. You can select "All" if you wish for the rule to be applied to all recipients.
4) Rule GroupSelect the Rule Group.

b) Edit/Delete Filter

☆ - You can Edit theFilter by clicking on the Gear icon, and Delete by clicking on the trash bin icon as shown below.

Untitled.png

          
Was this article helpful?

Frequently Asked Questions (FAQs)

Powered by Zendesk