Create the HENNGE Email DLP rule

Target

Administrators who are responsible for the initial setup and operational management of HENNGE Email DLP are the subject of the content of this article.

Objective

This section describes how to create rules for the HENNGE Email DLP.

Cautions

1. The contents of this article are based on the product specifications as of May 2022 and are subject to change without notice.

2. Administrator privileges for HENNGE Email DLP are required to view the actual screen and change settings.
Please refer to the following article for instructions on how to set up an administrator(JP).

 管理者を設定 / 変更する

3. The URL for the HENNGE Email DLP administration page will vary depending on your tenant.

URL e.g. : https://console.mo.hdems.com/#/admin/[ main domain ]

4. The rule group must be created in advance.

ルール グループを作成する

Procedure

The settings related to the rules can be found in the HENNGE Email DLP by logging in with the administrator account, then in the left menu under [ Filter ] - [ Define Rule Groups ].

1.png

Contents

1. How to create individual rules

2. How to create rules in batches

3. Rule Setting Items

3.1. Group Name

3.2. Rule Name

3.3. Description

3.4. Priority

3.5. Action

3.6. Notification

3.7. Rule Conditions

3.8. Message Size (KB)

1. How to create individual rules

1.1. Select the target rule group.

2.png

1.2. Select the [ + Create new rule ].

3.png

1.3. Enter each item and select [ + Create ].

4.png

2. How to create rules in batches

Filters can be created in batches by using YAML files.

YAML file example : 

version: 1
rule_groups:
- name: rules for external mail
 rules:
  - priority: 100
   name: if all files were password protected, hold for 5 minutes
   action:
     type: suspend
     attribute:
       auto_release: true
       duration: 5m
   predicate: and
   predicates:
   - target: attachment
     predicate: all-password-protected-data
     pattern: ""
     count: 0
 - priority: 110
   name: if a ZIP is attached, delete it
   action:
     type: delete
     attribute: {}
     notifies:
     - type: notify_sender
   predicate: and
   predicates:
   - target: attachment
     predicate: filename-match
     pattern: \.zip$
     count: 1
 - priority: 120
   name: hold for 5 minutes + HENNGE Secure Download
   action:
     type: suspend
     attribute:
       auto_release: true
       duration: 5m
     secure_transfer: true
   predicate: all

Please refer to the following page for information on creating data in YAML files and creating and overwriting new data.

Email DLP のインポートデータ(YAML ファイル)作成について

インポート方式の「上書き」と「新規作成」の違い

3. Rule Setting Items

3.1. Group Name

The rule group name is automatically entered.
The rule group name cannot be changed in this procedure.
To edit the rule group name, please refer to the following article.
ルールグループを編集する

3.2. Rule Name

Enter any name.
This will be applied to the insert tag ((%RULE-NAME%)) available in the Notification for Filter .

※ Rule names must be no longer than 256 characters.

3.3. Description

Enter an optional description. This field is not required.
This information will be applied to the insert tag ((%RULE-DESCRIPTION%)) available in the Notification for Filter.

※ The rule description must be no longer than 1024 characters.

3.4. Priority

Sets the priority of the rules to be created.

Rules will be filtered in order of decreasing priority, and if any of the rules apply to one of them, subsequent rules will not be filtered.

The priority can be specified in the range of 1 to 99999.

3.5. Action

3.5.1. Select one of the following actions.

Send : The email is sent immediately, without being put on hold.

5.png

Suspend :You can set the time between 1 minute and 999 minutes or [ Do not release the suspension automatically ].
If [ Do not release the suspension automatically ] is selected and 10 days pass without any pending or deletion, the email will be deleted automatically.

If you check [ Visible to people in From Address Group ], other users who belong to the same address group as the sender can process (view, send, and delete) the email.

6.png

Request approval : Sent e-mails are held until they are approved by an approver who is predetermined in the address group.
If 10 days pass without approval by the approver, the email is automatically deleted.
For more information on setting up request approval, please refer to the following article.
承認要求の設定

7.png

Discard : Sent emails are deleted on the HENNGE Email DLP.

8.png

 

3.5.2. The following subactions can be configured in combination with Send / Suspend / Request Approval 

Additional Bcc recipients : Can be configured in combination with Send / Suspend / Request Approval.
The pre-defined address will be added to Bcc and sent.
Up to 5 addresses can be set. When setting multiple addresses, enter a new line for each address.

9.png

Attachments : In this menu, the option [Send with HENNGE Secure Download (HSD) ] is only available to customers who have enabled the HENNGE Secure Download function.

Can be configured in combination with Send / Suspend / Request Approval . 
Choose one of the following. 

Send with HENNGE Secure Download (HSD) : Attachments are sent via HENNGE Secure Download.

・Send with ZIP encryption : Attachments are sent ZIP encrypted.
If [Send with ZIP encryption] is chosen, the file name and encryption method after encryption must be set in the encryption method definition.
暗号化タイプ定義を作成する

・Send unmodified : Attachments are sent as is.

10.png

Also, if you check the [ Test Mode ] checkbox, you can verify that the rule is applied under the expected conditions without changing the current rule configuration.
Please refer to the following article for more information on test mode.
新しいルールを事前に検証したい(テストモードの利用方法)

11.png

3.6. Notification

If checked, a notification will be sent to the sender that the action (Send / Suspend / Request Approval / Discard) has been applied.
Please refer to the following article for instructions on how to create a notification.
通知 (フィルター) を作成する

3.7. Rule Conditions

Set the conditions under which the actions (Send / Suspend / Request Approval / Discard) and sub-actions (Send with ZIP encryption / Send with HENNGE Secure Download (HSD), etc.) set in the previous steps will be applied.

3.7.1. Rule Conditions

Choose one of the following. 

12.png

 

Match all of the following (AND) : The rule applies only if all of the defined conditions are met.

Match any of the following  (OR) : If any one of the defined conditions is met, this rule applies.

Match all messages : Select this option to apply to all emails without setting conditions.

 

3.7.2. Add

If you select [Match all of the following (AND)] or [Match any of the following(OR)],  add a condition.

13.png

 

3.7.3. Target

The targets can be set in combination from the following.

14.png

To : To header.

Cc : Cc header.

To / Cc : To or Cc header.
※If you select「To 」、「Cc」、「To / Cc」, a radio button will appear asking whether you want to target the 「email address」or the 「domain part」.

Bcc : Bcc header.
※ The Bcc header only detect emails addressed to Bcc.

Subject : Subject header.

Optional Header : You can specify which headers to search. A space for entering a header will appear, so enter the target header, e.g.「Content-type」.

Envelope To : Envelope To address, which is the RCPT TO: address for SMTP communication.

Envelope From : Envelope From address, which is the MAIL FROM: address for SMTP communication.

Message Body (include attachment(s)) : The search targets the body of the email and attachments. For more information on search targets for attachments, see the following article.
フィルタールール「本文(添付を含む)」条件の検索対象

Attachment : Only attachments are covered.

 

3.7.4. Predicate

Conditions can be one of the following.

exists : The action is performed if any value exists for the specified target.

does not exist :The action is performed if no value exists for the specified target.

matches regular expression : An action is executed if the value of the specified target matches a regular expression a certain number of times or more.

does not matches regular expression: The action is executed if the value of the specified target does not match a regular expression more than a certain number of times.

 

3.7.5. Target options

If you select「To」,「Cc」or「To/Cc」,set the following options.

exists in address group : The action is performed if an email address or domain part in the specified target exists in a specific address group. The specific address group can be selected from 「Pattern」.

If you select 「Attachment」 as the target, the following options are displayed.

exists : The action is performed if the attachment exists.

does not exists : The action is performed if the attachment does not exist.

with filename : The action is performed if the search string is found in the filename of the attachment.

with Content-Type : The action is performed if the search string is found within the attachment content type.

are all password-protected data : The action is performed if all attachments are password protected.
※ HENNGE Email DLP can detect password protection of common business documents. Typical file formats include.
MS-Office Word / Excel / Power Point、PDF、ZIP

contains password-protected data : The action is performed if one or more attachments are password-protected.

 

3.7.6. Pattern

Sets a pattern for the specified condition.

Enter a search string for the pattern.

If you set 「matches regular expression」or 「does not matches regular expression」 in 「Predicate」, you can search using the regular expressions defined on this site .
If 「exists in address group」 is selected under 「Predicate」, an address group can be selected. Enter a search string.

3.7.7. Count

Enter the number of times the 「Pattern」 is matched or not matched (depending on the 「Predicate」).
If the 「Predicate」 is met more than the specified number of times, the action will be executed.

 

3.8. Message Size (KB)

Specify the size of the email message to which you want to apply the rule.
The rule is applied when the message is larger than the specified size. (The size of the entire email is judged, not just the attachment).
※ 「Rule condition」and「message size」 are compound conditions, and actions are executed if both are matched.

          
Was this article helpful?

Frequently Asked Questions (FAQs)