Data Loss Prevention

I am using the Credit Card Number data identifier, but it matches on some "repeating 4 digit numbers" like 4692469246924692.

I would like to add a regex exception like the following:  !(\d{4})\1{3}

Can anyone tell me where/how to add this?

Thanks in advance

Bob.

Exception would be the wrong way to go about that.  You'd essentially except any message where that pattern was found (the entire message, not just the matched element), which could result in false negatives.  What you need is a script validator on the CCN policy.  That string you show looks like one of those Double-Click ID numbers, right?  I have a script validator to eliminate those.

$l1 = datalength($normalizedMatch);

if ($l1 == 17)
{
$s1 = getIntegerAt($normalizedMatch, 0x0, 4);
$s2 = getIntegerAt($normalizedMatch, 0x4, 4);
$s3 = getIntegerAt($normalizedMatch, 0x8, 4);
$s4 = getIntegerAt($normalizedMatch, 0xC, 4);

if ($s1 == $s2)
{
if ($s2 == $s3)
{
if ($s3 == $s4)
{
assertTrue(0 != 0);
}
}
}
}

~Keith

Thanks! 

Yes Keith - you must be a prophet.  They are the Double Click numbers.   I am looking for more documentation on the scripting language... until then, I can probably figure it out from your example.  Why is the initial length 17 though?  We are seeing 16 digit numbers...

Are you ever in Minneapolis?

Keith's example above may work as expected. I just wanted to outline that the place you would do this is under the Data Identifier section. You could add in an "exception" to each of the data breadths for the CCN Data Identifier, which would ignore that number as opposed to ignore any incident where that pattern is found. Using a script as Keith outlined is generally a better way to do it as long as you understand what to do with the scripts.

Hi BOb,

Try to use inbuilt data indentifier for your requirement and dont try script modification for each exception. Symnatec DLP having already predefined CCN i.e credit card no data identifier which will reduce the above errror.

Regards

Kishorilal