Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Network Monitor recognize SMTP messages but NOT a partner address

Created: 11 Dec 2012 | 2 comments
KevinSomers's picture

I have created a Policy that is correctly triggered by Network Monitor on SMTP messages.  I need to modify the Policy so it is not triggered when the recipient is an email address of a partner organization.  The problem is I still want an incident if there are multiple recipients and any of them are NOT the partner organization.

If I use an exclusion for the partner organization, then no incident is generated even if there are multiple recipients where an incident should be generated.

How can I create an inclusion characteristic of some sort that says

  1. If the confidential material is included
  2. AND any of the recipients are NOT "partner.com"

Thanks in advance.

Comments 2 CommentsJump to latest comment

stephane.fichet's picture

hello

 

 you can use the exception but you need to check "All recipients must match".  In this case, all email recipient (TO, CC, BCC) must be included in your list.

So may be you will also need to include your company email domain in the list so if there is someone from your company in copy or as recipient it wont match.

 

 regards

kishorilal1986's picture

Hi ,

In policy, u need to add exception to partner mails and there is one setting called as match single recipeint or more like. I am not exactly recall but u will see there.