Administrators who are responsible for the initial setup and operational management of HENNGE Email DLP are the subject of the content of this article.
This section describes how to create rules for the HENNGE Email DLP.
1. The contents of this article are based on the product specifications as of May 2022 and are subject to change without notice.
2. Administrator privileges for HENNGE Email DLP are required to view the actual screen and change settings.
Please refer to the following article for instructions on how to set up an administrator（JP）.
3. The URL for the HENNGE Email DLP administration page will vary depending on your tenant.
URL e.g. : https://console.mo.hdems.com/#/admin/[ main domain ]
4. The rule group must be created in advance.
The settings related to the rules can be found in the HENNGE Email DLP by logging in with the administrator account, then in the left menu under [ Filter ] - [ Define Rule Groups ].
1. How to create individual rules
1.1. Select the target rule group.
1.2. Select the [ + Create new rule ].
1.3. Enter each item and select [ + Create ].
2. How to create rules in batches
Filters can be created in batches by using YAML files.
YAML file example :
- name: rules for external mail
- priority: 100
name: if all files were password protected, hold for 5 minutes
- target: attachment
- priority: 110
name: if a ZIP is attached, delete it
- type: notify_sender
- target: attachment
- priority: 120
name: hold for 5 minutes + HENNGE Secure Download
Please refer to the following page for information on creating data in YAML files and creating and overwriting new data.
3. Rule Setting Items
3.1. Group Name
The rule group name is automatically entered.
The rule group name cannot be changed in this procedure.
To edit the rule group name, please refer to the following article.
3.2. Rule Name
Enter any name.
This will be applied to the insert tag ((%RULE-NAME%)) available in the Notification for Filter .
※ Rule names must be no longer than 256 characters.
Enter an optional description. This field is not required.
This information will be applied to the insert tag ((%RULE-DESCRIPTION%)) available in the Notification for Filter.
※ The rule description must be no longer than 1024 characters.
Sets the priority of the rules to be created.
Rules will be filtered in order of decreasing priority, and if any of the rules apply to one of them, subsequent rules will not be filtered.
The priority can be specified in the range of 1 to 99999.
3.5.1. Select one of the following actions.
・Send : The email is sent immediately, without being put on hold.
・Suspend :You can set the time between 1 minute and 999 minutes or [ Do not release the suspension automatically ].
If [ Do not release the suspension automatically ] is selected and 10 days pass without any pending or deletion, the email will be deleted automatically.
If you check [ Visible to people in From Address Group ], other users who belong to the same address group as the sender can process (view, send, and delete) the email.
・Request approval : Sent e-mails are held until they are approved by an approver who is predetermined in the address group.
If 10 days pass without approval by the approver, the email is automatically deleted.
For more information on setting up request approval, please refer to the following article.
・Discard : Sent emails are deleted on the HENNGE Email DLP.
3.5.2. The following subactions can be configured in combination with Send / Suspend / Request Approval
・Additional Bcc recipients : Can be configured in combination with Send / Suspend / Request Approval.
The pre-defined address will be added to Bcc and sent.
Up to 5 addresses can be set. When setting multiple addresses, enter a new line for each address.
・Attachments : In this menu, the option [Send with HENNGE Secure Download (HSD) ] is only available to customers who have enabled the HENNGE Secure Download function.
Can be configured in combination with Send / Suspend / Request Approval .
Choose one of the following.
・Send with HENNGE Secure Download (HSD) : Attachments are sent via HENNGE Secure Download.
・Send with ZIP encryption : Attachments are sent ZIP encrypted.
If [Send with ZIP encryption] is chosen, the file name and encryption method after encryption must be set in the encryption method definition.
・Send unmodified : Attachments are sent as is.
Also, if you check the [ Test Mode ] checkbox, you can verify that the rule is applied under the expected conditions without changing the current rule configuration.
Please refer to the following article for more information on test mode.
If checked, a notification will be sent to the sender that the action (Send / Suspend / Request Approval / Discard) has been applied.
Please refer to the following article for instructions on how to create a notification.
通知 (フィルター) を作成する
3.7. Rule Conditions
Set the conditions under which the actions (Send / Suspend / Request Approval / Discard) and sub-actions (Send with ZIP encryption / Send with HENNGE Secure Download (HSD), etc.) set in the previous steps will be applied.
3.7.1. Rule Conditions
Choose one of the following.
・Match all of the following (AND) : The rule applies only if all of the defined conditions are met.
・Match any of the following (OR) : If any one of the defined conditions is met, this rule applies.
・Match all messages : Select this option to apply to all emails without setting conditions.
If you select [Match all of the following (AND)] or [Match any of the following(OR)], add a condition.
The targets can be set in combination from the following.
・To : To header.
・Cc : Cc header.
・To / Cc : To or Cc header.
※If you select「To 」、「Cc」、「To / Cc」, a radio button will appear asking whether you want to target the 「email address」or the 「domain part」.
・Bcc : Bcc header.
※ The Bcc header only detect emails addressed to Bcc.
・Subject : Subject header.
・Optional Header : You can specify which headers to search. A space for entering a header will appear, so enter the target header, e.g.「Content-type」.
・Envelope To : Envelope To address, which is the RCPT TO: address for SMTP communication.
・Envelope From : Envelope From address, which is the MAIL FROM: address for SMTP communication.
・Message Body (include attachment(s)) : The search targets the body of the email and attachments. For more information on search targets for attachments, see the following article.
・Attachment : Only attachments are covered.
Conditions can be one of the following.
・exists : The action is performed if any value exists for the specified target.
・does not exist :The action is performed if no value exists for the specified target.
・matches regular expression : An action is executed if the value of the specified target matches a regular expression a certain number of times or more.
・does not matches regular expression: The action is executed if the value of the specified target does not match a regular expression more than a certain number of times.
3.7.5. Target options
If you select「To」,「Cc」or「To/Cc」,set the following options.
・exists in address group : The action is performed if an email address or domain part in the specified target exists in a specific address group. The specific address group can be selected from 「Pattern」.
If you select 「Attachment」 as the target, the following options are displayed.
・exists : The action is performed if the attachment exists.
・does not exists : The action is performed if the attachment does not exist.
・with filename : The action is performed if the search string is found in the filename of the attachment.
・with Content-Type : The action is performed if the search string is found within the attachment content type.
・are all password-protected data : The action is performed if all attachments are password protected.
※ HENNGE Email DLP can detect password protection of common business documents. Typical file formats include.
MS-Office Word / Excel / Power Point、PDF、ZIP
・contains password-protected data : The action is performed if one or more attachments are password-protected.
Sets a pattern for the specified condition.
Enter a search string for the pattern.
If you set 「matches regular expression」or 「does not matches regular expression」 in 「Predicate」, you can search using the regular expressions defined on this site .
If 「exists in address group」 is selected under 「Predicate」, an address group can be selected. Enter a search string.
Enter the number of times the 「Pattern」 is matched or not matched (depending on the 「Predicate」).
If the 「Predicate」 is met more than the specified number of times, the action will be executed.
3.8. Message Size (KB)
Specify the size of the email message to which you want to apply the rule.
The rule is applied when the message is larger than the specified size. (The size of the entire email is judged, not just the attachment).
※ 「Rule condition」and「message size」 are compound conditions, and actions are executed if both are matched.