Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Exact Data Match Exclusion for Known Items

Created: 17 Apr 2014 | 3 comments

I know the Symantec DLP can idenify incidents from exact data matching for data in motion.  However, I do not know a way to  exclude incidents that match an EDM listing.  

Specifially I have a list of 1000 numerical items that look like credit card numbers but should not trigger an incident with DLP.

Has anyone found a way to do something like this?

Operating Systems:

Comments 3 CommentsJump to latest comment

stephane.fichet's picture

hello

 unfortunately you are right, you cant use EDM in exception rule.

So the simplest way to do it, it is to do an exception rule with keywords..(but it is harder to manage it later if you have to update or delete some). if you find a specific pattern, you can try to use regexp (just be sure you are not excluding too much number). For both solution there, your issue after that will be that you still want to raise an incident if you find a real CC number, and using an exclusion wont allow you to do that as you will exclude completely your component or your message.

So i think the best way to do it is using a data identifier (existing one or a new one) for credit card number in which you will add a  "exclude exact match" validator which will contains your list (you can have a look at the one which already exist in DLP, it is done excatly like that plus some other validators like Luhn check...)

 regards

yang_zhang's picture

Actually, I cannot catch up with your exact requirements?

The EDM profile can be added into a policy, and, can be added into a exception at the same time.

So, what do you really want to do with the EDM profile?

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Lion Shaikh's picture

At the Manage > Policies > Policy List > Configure Policy - Add Exception screen you add one or more exceptions to a policy. If the policy matches an exception, the detection engine does not trigger an incident.

To add an exception to a policy

Add an exception to a policy.
To add a detection rule exception, select the Detection tab and click Add Exception.

To add a group rule exception, select the Groups tab and click Add Exception.

Select the policy exception to implement.
The Add Detection Exception screen lists all available detection exceptions that you can add to a policy.

The Add Group Exception screen lists all available group exceptions that you can add to a policy.

If necessary, choose the profile, data identifier, or user group.
Click Next to configure the exception.