I've been trying every possible way I can think of to exclude the false positives caused by tracking cookie field names that contain 9 digit time codes that are being interpreted by DLP as SSNs. Here's a sample of what the matches look like:
__utmc= 131643161 ; __utmz= 131643161.1406127371.164.4.utmcsr=Newsletter%207%...isp
Does anyone have an idea of how I can exclude the 9 digit numbers following the utm* codes from being seen as SSNs, without ignoring the rest of the body, too?