Data Loss Prevention

 View Only

  • 1.  Unique Match Count for Email Addresses

    Posted Mar 11, 2013 08:03 PM

    Hello,

    With 11.6.x DLP has capability to do unique match count on policies which uses Data identifiers and is working fairly well. We have a different policy which is based on REGEX to detect email addresses being sent out via attachments. Our current policy is designed to detect more than 100 email ids, but unfortunately it detects even if the email id is only one and is repeated 100 times. There is no unique match count option available.

    Has anyone experienced this or found a solution?

    thanks in advance..

     



  • 2.  RE: Unique Match Count for Email Addresses

    Trusted Advisor
    Posted Mar 13, 2013 10:35 PM

    S,

    There is a way to do this and it is by creating a Custom Data Identifier that looks for email addresses. This will then give you capability of doing a unique match count.

    Just take the REGEX you have and create a NEW custom DI for emails. Then you can modify the policy to look for that new custom DI.

    **** Keep in mind that the DI uses a different variat of REGEX and you will most probably need to change the REGEX you use in the custom DI.

    Try this.. I have not tested it in the DI section:

    \b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b

     

    Please call solved if possible..

    Ronak

     

     



  • 3.  RE: Unique Match Count for Email Addresses

    Posted Apr 15, 2013 06:46 AM

    Hi Savijayan,

    Please refre below

    http://www.regular-expressions.info/email.html


    Regards
    Kishorilal



  • 4.  RE: Unique Match Count for Email Addresses

    Posted Apr 15, 2013 12:26 PM

    Thanks Kishorilal. Since the problem is around unique match counting which only DI uses, i was trying to create one new data identifier for email addresses. I already have an existing regex for email, but it doesnt do unique match counts.

    I tried a few but doesnt help, so was looking to the community to see if anyone solved that puzzle.



  • 5.  RE: Unique Match Count for Email Addresses

    Posted Apr 15, 2013 11:43 PM

    Dear,

    I think u need the hash table of unique email address and need to use EDM technology for your requirement still refer below as it can aslo help you.

    There us on esetting called as Match counting :mark-check for existence

    Please refrer below and also I thi

    https://www-secure.symantec.com/connect/ideas/enhanced-match-list-word-count-ability

    https://www-secure.symantec.com/connect/forums/dlp-incident-only-one-recipient



  • 6.  RE: Unique Match Count for Email Addresses

    Posted Apr 16, 2013 01:12 PM

    Yes, EDM is the only was to go now unless someone can create a data identifier for email addresses.

    Both those threads doesnt have a resolution for the problem.

    Unique match count is only a feature for data identifiers today



  • 7.  RE: Unique Match Count for Email Addresses

    Posted Apr 16, 2013 01:51 PM

    Dear SaVijayan,

    You can get only the related answer and not exactly the resolution of problem, Above thraed have enough resolution understanding and u just need to get idea from it