Video Screencast Help

DLP Time based policies

Created: 29 Jul 2013 • Updated: 29 Jul 2013 | 4 comments
Atif's picture
This issue has been solved. See solution.

Guys,

I am wondering if we can have time based policies on DLP so that we can enforce a policy for a certain period of time on daily basis.

 

Operating Systems:

Comments 4 CommentsJump to latest comment

pete_4u2002's picture

:-), no.

you can create a policy group and apply it for the time required and suspend it when not required.

stephane.fichet's picture

Hi atif,

 It depends on what you wanna control, i did it once for email using a regexp which match on Date available in email header which allow me to have this policy "active" only on some specific time.

Of course if your DLP infrastructure is deployed on a worldwide basis take care of time shift as this date is the one from email router and not the one of the enforce server.

 regards.

Atif's picture

Thanks guys for feedbacks. I need to configure a policy to allow certain group of users to be able to access and transfer sensitive information during office hours. After hours, they should not be able to do so the same.

 

stephane.fichet's picture

Atif,

 You can add an exception like that in your DLP policy in order to allow people to send sensitive information during following hours 8,9,10,11,15,16,17

Date\:\s\w+\,\s\d{1,2}\s\w+\s\d{4}\s(08|09|10|11|15|16|17)\:\d{2}\:\d{2}\s\+\d{4}

(based on the fact that email format is

Date: Mon, 1 Oct 2012 06:55:15 +0200

)

 be sure to match it only in email enveloppe.

It should be possible to have a more efficient regexp for sure but this one works and you are sure not to exclude other emails (there could be lot of timestamp in email headers)

 regards.

 

please mark this as a solution if it solves your problem.

SOLUTION