Becoming more efficient
I'm new to Symantec's DLP and DLP in general and am looking for advice on how to assist in making a policy more accurate. Currently I am reviewing the DLP Admin Guide to learn the in's and out's but would like some better advice at the moment. The policy essentially monitors SMTP traffic for illegal drug words and is completely littered with false-positives. Is there a way that I can create maybe a validator that ensures a word isn't used before the "curse" word? Such as having the word "pot" always hit and it's people discussing "crock pots". Can I set a option that if the word "crock" is prior to it then ignore that word?