Hello All,
I'm wondering if it's possible to tell DLP to do not look for more DCM rules inside the same policy if it finds a match in the first rule or compound rule. For instance there is a policy that looks for keyword QWERTY or XZY and if a document contains both keywords the incident would generate just the incident based on the first rule.
The idea is to have more efficient policies and also to avoid more data extraction (better agent performance, etc...)
I've been doing some research on it lately but I haven't found anything relevant.
Is it possible to do something like that? Do you think it could bring considerable gains?
Best regards,
Morgado