Data Loss Prevention

 View Only
Back to discussions
Expand all | Collapse all

DLP User Groups based policies do not work properly on EMail Prevent

  • 1.  DLP User Groups based policies do not work properly on EMail Prevent

    Posted Jun 17, 2013 03:25 AM

    Hello,

    I need to create a policy that, on Email Prevent, triggers when a user belonging in a certain AD Group sends out an email containing PAN numbers.

    I put the rule "Sender/User based on a Directory Server Group" in my policy, but the behaviour is unpredictable, sometimes it works, sometimes it does not.

    I checked LDAP attributes, in both cases, the "email" field is set correctly.

    Has anyone had the same problem?

    Thanks,

    Giovanni golino

     



  • 2.  RE: DLP User Groups based policies do not work properly on EMail Prevent

    Posted Jun 17, 2013 09:06 AM

    Dear gg, Please review your policies as per your detection requirement.

    • Please check below setting in Groups tab in Policy and 

     

    Match Counting: All recipients must match (Email Only)
    At least recipients must match (Email Only)

    Check for existence (don't count multiple matches)
    Count all matches
    Match On:
    • and check below

     

    Match Conditions: On whole words only
    Check for existence (don't count multiple matches)
    Count all matches and only report incidents with at least matches
    Match On:
    • Envelope
    • Subject
    • Body
    • Attachments
      Same Component Any Component